Hi, Just recently, the templates for decoding the RSA-PSS ASN1 parameters got added to cvs head (in cryptohi/seckey.c).
Currently I'm working on implementing the creation of PSS signatures, so I need them also to encode. My naive thought was that SEC_ASN1EncodeItem is used pretty much the same as QuickDERDecodeItem, just the other way round. For testing, I tested with a stripped-down version of the template containing only the first entry. Though what I get is: Assertion failure: theTemplate->sub != NULL, at secasn1u.c:93 From the error, I assume it has something to do with the subtemplate. If that helps, by some try and error I found out that when removing SEC_ASN1_EXPLICIT, no assertion appears (thouhg it'll obviously produce a wrong DER struct). Is there something special I need to care about when doing encoding vs. decoding ASN1? The code looks like this: SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate) const SEC_ASN1Template MY_RSAPSSParamsTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYRSAPSSParams) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | SEC_ASN1_POINTER | SEC_ASN1_CONTEXT_SPECIFIC | 0, offsetof(SECKEYRSAPSSParams, hashAlg), SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }, { 0 } }; SECStatus PSSU_EncodeDER(SECItem *dest, CK_RSA_PKCS_PSS_PARAMS *in) { SECKEYRSAPSSParams *pss_params; PRArenaPool *arena; SECItem *ret; unsigned int i; arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); pss_params = PORT_ZAlloc(sizeof(pss_params)); pss_params->hashAlg = PORT_ZAlloc(sizeof(SECAlgorithmID)); SECOID_SetAlgorithmID(arena, pss_params->hashAlg, SEC_OID_SHA256, NULL); ret = SEC_ASN1EncodeItem(arena, NULL, pss_params, MY_RSAPSSParamsTemplate); PORT_FreeArena(arena, PR_FALSE); return SECSuccess; } -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: ha...@hboeck.de http://schokokeks.org - professional webhosting
signature.asc
Description: This is a digitally signed message part.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto