Commit c9093085 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard
Browse files

Revert "Merged RSA-PSS support in Certificate, CSR and CRL"

This reverts commit ab50d8d3, reversing
changes made to e31b1d99.
parent 6df09578
PolarSSL ChangeLog (Sorted per branch, date)
TODO: bump SOVERSION
(internal-but-not-static function x509_get_sig_alg() changed prototype)
= PolarSSL 1.3 branch
Features
* HMAC-DRBG as a separate module
* Option to set the Curve preference order
* Support for RSASSA-PSS keys and signatures in certificates, CSRs
and CRLs
* Single Platform compatilibity layer (for memory / printf / fprintf)
* Ability to provide alternate timing implementation
* Ability to force the entropy module to use SHA-256 as its basis
......
......@@ -93,13 +93,9 @@
/** Returns the size of the binary string, without the trailing \\0 */
#define OID_SIZE(x) (sizeof(x) - 1)
/**
* Compares an asn1_buf structure to a reference OID.
*
* Only works for 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a
* 'unsigned char *oid' here!
*
* Warning: returns true when the OIDs are equal (unlike memcmp)!
/** Compares two asn1_buf structures for the same OID. Only works for
* 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a 'unsigned
* char *oid' here!
*/
#define OID_CMP(oid_str, oid_buf) \
( ( OID_SIZE(oid_str) == (oid_buf)->len ) && \
......
......@@ -202,22 +202,6 @@
//#define POLARSSL_SHA256_ALT
//#define POLARSSL_SHA512_ALT
/**
* \def POLARSSL_RSASSA_PSS_CERTIFICATES
*
* Enable parsing and verification of X.509 certificates and CRLs signed with
* RSASSA-PSS.
*
* This is disabled by default since it breaks binary compatibility with the
* 1.3.x line. If you choose to enable it, you will need to rebuild your
* application against the new header files, relinking will not be enough.
*
* TODO: actually disable it when done working on this branch ,)
*
* Uncomment this macro to allow using RSASSA-PSS in certificates.
*/
#define POLARSSL_RSASSA_PSS_CERTIFICATES
/**
* \def POLARSSL_AES_ROM_TABLES
*
......@@ -2224,11 +2208,6 @@
#error "POLARSSL_RSA_C defined, but not all prerequisites"
#endif
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES) && \
( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_PKCS1_V21) )
#error "POLARSSL_RSASSA_PSS_CERTIFICATES defined, but not all prerequisites"
#endif
#if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) || \
!defined(POLARSSL_SHA1_C) )
#error "POLARSSL_SSL_PROTO_SSL3 defined, but not all prerequisites"
......
......@@ -193,10 +193,6 @@
#define OID_PKCS9_EMAIL OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
/* RFC 4055 */
#define OID_RSASSA_PSS OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
#define OID_MGF1 OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
/*
* Digest algorithms
*/
......
......@@ -94,7 +94,6 @@ typedef enum {
POLARSSL_PK_ECKEY_DH,
POLARSSL_PK_ECDSA,
POLARSSL_PK_RSA_ALT,
POLARSSL_PK_RSASSA_PSS,
} pk_type_t;
/**
......
......@@ -254,16 +254,9 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
x509_name *cur );
int x509_get_alg_null( unsigned char **p, const unsigned char *end,
x509_buf *alg );
int x509_get_alg( unsigned char **p, const unsigned char *end,
x509_buf *alg, x509_buf *params );
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
int x509_get_rsassa_pss_params( const x509_buf *params,
md_type_t *md_alg, md_type_t *mgf_md,
int *salt_len, int *trailer_field );
#endif
int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig );
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
md_type_t *md_alg, pk_type_t *pk_alg );
int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
pk_type_t *pk_alg );
int x509_get_time( unsigned char **p, const unsigned char *end,
x509_time *time );
int x509_get_serial( unsigned char **p, const unsigned char *end,
......@@ -271,8 +264,6 @@ int x509_get_serial( unsigned char **p, const unsigned char *end,
int x509_get_ext( unsigned char **p, const unsigned char *end,
x509_buf *ext, int tag );
int x509_load_file( const char *path, unsigned char **buf, size_t *n );
int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
pk_type_t pk_alg, const x509_buf *sig_params );
int x509_key_size_helper( char *buf, size_t size, const char *name );
int x509_string_to_names( asn1_named_data **head, const char *name );
int x509_set_extension( asn1_named_data **head, const char *oid, size_t oid_len, int critical, const unsigned char *val, size_t val_len );
......
......@@ -89,9 +89,6 @@ typedef struct _x509_crl
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif
struct _x509_crl *next;
}
......
......@@ -89,9 +89,6 @@ typedef struct _x509_crt
x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif
struct _x509_crt *next; /**< Next certificate in the CA-chain. */
}
......
......@@ -63,9 +63,6 @@ typedef struct _x509_csr
x509_buf sig;
md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. POLARSSL_MD_SHA256 */
pk_type_t sig_pk /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. POLARSSL_PK_RSA */;
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
x509_buf sig_params; /**< Parameters for the signature algorithm */
#endif
}
x509_csr;
......
......@@ -327,10 +327,6 @@ static const oid_sig_alg_t oid_sig_alg[] =
{ ADD_LEN( OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" },
POLARSSL_MD_SHA512, POLARSSL_PK_ECDSA,
},
{
{ ADD_LEN( OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" },
POLARSSL_MD_NONE, POLARSSL_PK_RSASSA_PSS,
},
{
{ NULL, 0, NULL, NULL },
0, 0,
......
......@@ -119,215 +119,6 @@ int x509_get_alg_null( unsigned char **p, const unsigned char *end,
return( 0 );
}
/*
* Parse an algorithm identifier with (optional) paramaters
*/
int x509_get_alg( unsigned char **p, const unsigned char *end,
x509_buf *alg, x509_buf *params )
{
int ret;
if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
return( 0 );
}
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
/*
* HashAlgorithm ::= AlgorithmIdentifier
*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
*
* For HashAlgorithm, parameters MUST be NULL or absent.
*/
static int x509_get_hash_alg( const x509_buf *alg, md_type_t *md_alg )
{
int ret;
unsigned char *p;
const unsigned char *end;
x509_buf md_oid;
size_t len;
/* Make sure we got a SEQUENCE and setup bounds */
if( alg->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
p = (unsigned char *) alg->p;
end = p + alg->len;
if( p >= end )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_OUT_OF_DATA );
/* Parse md_oid */
md_oid.tag = *p;
if( ( ret = asn1_get_tag( &p, end, &md_oid.len, ASN1_OID ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
md_oid.p = p;
p += md_oid.len;
/* Get md_alg from md_oid */
if( ( ret = oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
/* Make sure params is absent of NULL */
if( p == end )
return( 0 );
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 || len != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
/*
* RSASSA-PSS-params ::= SEQUENCE {
* hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
* maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
* saltLength [2] INTEGER DEFAULT 20,
* trailerField [3] INTEGER DEFAULT 1 }
* -- Note that the tags in this Sequence are explicit.
*/
int x509_get_rsassa_pss_params( const x509_buf *params,
md_type_t *md_alg, md_type_t *mgf_md,
int *salt_len, int *trailer_field )
{
int ret;
unsigned char *p;
const unsigned char *end, *end2;
size_t len;
x509_buf alg_id, alg_params;
/* First set everything to defaults */
*md_alg = POLARSSL_MD_SHA1;
*mgf_md = POLARSSL_MD_SHA1;
*salt_len = 20;
*trailer_field = 1;
/* Make sure params is a SEQUENCE and setup bounds */
if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
p = (unsigned char *) params->p;
end = p + params->len;
if( p == end )
return( 0 );
/*
* HashAlgorithm
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
{
end2 = p + len;
/* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
return( ret );
if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* MaskGenAlgorithm
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
{
end2 = p + len;
/* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
return( ret );
/* Only MFG1 is recognised for now */
if( ! OID_CMP( OID_MGF1, &alg_id ) )
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
POLARSSL_ERR_OID_NOT_FOUND );
/* Parse HashAlgorithm */
if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
return( ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* salt_len
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2 ) ) == 0 )
{
end2 = p + len;
if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p == end )
return( 0 );
/*
* trailer_field
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) == 0 )
{
end2 = p + len;
if( ( ret = asn1_get_int( &p, end2, trailer_field ) ) != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end2 )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
return( POLARSSL_ERR_X509_INVALID_ALG + ret );
if( p != end )
return( POLARSSL_ERR_X509_INVALID_ALG +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
/*
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
......@@ -543,39 +334,14 @@ int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
return( 0 );
}
/*
* Get signature algorithm from alg OID and optional parameters
*/
int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
md_type_t *md_alg, pk_type_t *pk_alg )
int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
pk_type_t *pk_alg )
{
int ret;
int ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg );
if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
if( ret != 0 )
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
{
int salt_len, trailer_field;
md_type_t mgf_md;
/* Make sure params are valid */
ret = x509_get_rsassa_pss_params( sig_params,
md_alg, &mgf_md, &salt_len, &trailer_field );
if( ret != 0 )
return( ret );
}
else
#endif
{
/* Make sure parameters are absent or NULL */
if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) ||
sig_params->len != 0 )
return( POLARSSL_ERR_X509_INVALID_ALG );
}
return( 0 );
}
......@@ -811,52 +577,6 @@ int x509_serial_gets( char *buf, size_t size, const x509_buf *serial )
return( (int) ( size - n ) );
}
/*
* Helper for writing signature alrogithms
*/
int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
pk_type_t pk_alg, const x509_buf *sig_params )
{
int ret;
char *p = buf;
size_t n = size;
const char *desc = NULL;
ret = oid_get_sig_alg_desc( sig_oid, &desc );
if( ret != 0 )
ret = snprintf( p, n, "???" );
else
ret = snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
if( pk_alg == POLARSSL_PK_RSASSA_PSS )
{
md_type_t md_alg, mgf_md;
const md_info_t *md_info, *mgf_md_info;
int salt_len, trailer_field;
if( ( ret = x509_get_rsassa_pss_params( sig_params,
&md_alg, &mgf_md, &salt_len, &trailer_field ) ) != 0 )
return( ret );
md_info = md_info_from_type( md_alg );
mgf_md_info = md_info_from_type( mgf_md );
ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X, %d)",
md_info ? md_info->name : "???",
mgf_md_info ? mgf_md_info->name : "???",
salt_len, trailer_field );
SAFE_SNPRINTF();
}
#else
((void) pk_alg);
((void) sig_params);
#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
return( (int) size - n );
}
/*
* Helper for writing "RSA key size", "EC key size", etc
*/
......
......@@ -250,15 +250,11 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
size_t len;
unsigned char *p, *end;
x509_crl *crl;
x509_buf sig_params;
#if defined(POLARSSL_PEM_PARSE_C)
size_t use_len;
pem_context pem;
#endif
memset( &sig_params, 0, sizeof( x509_buf ) );
crl = chain;
/*
......@@ -377,7 +373,7 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
* signature AlgorithmIdentifier
*/
if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params ) ) != 0 )
( ret = x509_get_alg_null( &p, end, &crl->sig_oid1 ) ) != 0 )
{
x509_crl_free( crl );
return( ret );
......@@ -391,17 +387,13 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
}
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params,
&crl->sig_md, &crl->sig_pk ) ) != 0 )
if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md,
&crl->sig_pk ) ) != 0 )
{
x509_crl_free( crl );
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
}
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
memcpy( &crl->sig_params, &sig_params, sizeof( x509_buf ) );
#endif
/*
* issuer Name
*/
......@@ -486,20 +478,14 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params ) ) != 0 )
if( ( ret = x509_get_alg_null( &p, end, &crl->sig_oid2 ) ) != 0 )
{
x509_crl_free( crl );
return( ret );
}
if( crl->sig_oid1.len != crl->sig_oid2.len ||
memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
||
crl->sig_params.len != sig_params.len ||
memcmp( crl->sig_params.p, sig_params.p, sig_params.len ) != 0
#endif
)
memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
{
x509_crl_free( crl );
return( POLARSSL_ERR_X509_SIG_MISMATCH );
......@@ -625,12 +611,8 @@ int x509_crl_info( char *buf, size_t size, const char *prefix,
int ret;
size_t n;
char *p;
const char *desc;
const x509_crl_entry *entry;
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
const x509_buf *sig_params = &crl->sig_params;
#else
const x509_buf *sig_params = NULL;
#endif
p = buf;
n = size;
......@@ -686,7 +668,11 @@ int x509_crl_info( char *buf, size_t size, const char *prefix,
ret = snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, sig_params );
ret = oid_get_sig_alg_desc( &crl->sig_oid1, &desc );
if( ret != 0 )
ret = snprintf( p, n, "???" );
else
ret = snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
ret = snprintf( p, n, "\n" );
......
......@@ -529,9 +529,6 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
int ret;
size_t len;
unsigned char *p, *end, *crt_end;
x509_buf sig_params;
memset( &sig_params, 0, sizeof( x509_buf ) );
/*
* Check for valid input
......@@ -595,8 +592,7 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
*/
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
( ret = x509_get_alg( &p, end, &crt->sig_oid1,
&sig_params ) ) != 0 )
( ret = x509_get_alg_null( &p, end, &crt->sig_oid1 ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
......@@ -610,17 +606,13 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
}
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params,
&crt->sig_md, &crt->sig_pk ) ) != 0 )
if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_md,
&crt->sig_pk ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
}
#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
memcpy( &crt->sig_params, &sig_params, sizeof( x509_buf ) );
#endif
/*
* issuer Name
*/
......@@ -741,20 +733,14 @@ static int x509_crt_parse_der_core( x509_crt *crt, const unsigned char *buf,
* signatureAlgori