Hi Sahana, the 2nd and 15th octets are ASN.1 length fields which are incorrect if your algorithmIdentifier comprises 67 octets as well (see ASN.1 decoded attachments). Your length values are too large by 5 octets.
Regards Andreas On 05.02.2018 06:45, Sahana Prasad wrote:
Hello, I am trying to interop rsa-pss-sha256 with stronswan as per RFC 7427. Question 1 : Difference in OID bytes : The 67 bytes ASN.1 OID that should be sent as per the errata from 7427 (https://www.rfc-editor.org/errata_search.php?rfc=7427) and the 67 bytes that I receive from strongswan are different. errata specifies : Length = 67 0000: 3046 0609 2a86 4886 f70d 0101 0a30 39a0 0010: 0f30 0d06 0960 8648 0165 0304 0201 0500 0020: a11c 301a 0609 2a86 4886 f70d 0101 0830 0030: 0d06 0960 8648 0165 0304 0201 0500 a203 | 0040: 0201 20 However, strongswan sends : 30 41 06 09 2a 86 48 86 f7 0d 01 01 0a 30 34 a0 0f 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 a1 1c 30 1a 06 09 2a 86 48 86 f7 0d 01 01 08 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 a2 03 02 01 20 Is there a reason for this behaviour/difference? 2nd byte and 15th byte are different. Although both decode to the same parameters when converted from ASN.1 to text. To enable rsa-pss-sha256, I have added the charon option in strongswan.conf : rsa_pss = yes and leftauth=rsa/pss-sha256 in ipsec.conf Question 2 : Calculation of RSA signature To calculate the 128 byte signature, the 67 bytes OID plus the 32 bytes hash (sha256) is considered right? Is there a way to see the hash that is generated? I have all logs enabled, but do not see the hash value. I can only see the 128 byte rss-signature that gets added to the 204 byte long auth payload Thank you. Regards, Sahana Prasad
-- ====================================================================== Andreas Steffen [email protected] strongSwan - the Open Source VPN Solution! www.strongswan.org Institute for Networked Solutions University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[INS-HSR]==
strongSwan algorithmIdentifier
30 41 # len = 65
06 09 # len = 9
2a 86 48 86 f7 0d 01 01 0a
30 34 # len = 52
a0 0f # len = 15
30 0d # len = 13
06 09 # len = 9
60 86 48 01 65 03 04 02 01
05 00 # len = 0
a1 1c # len = 28
30 1a # len = 26
06 09 # len = 9
2a 86 48 86 f7 0d 01 01 08
30 0d # len = 13
06 09 # len = 9
60 86 48 01 65 03 04 02 01
05 00 # len = 0
a2 03 # len = 3
02 01 # len = 1
20
--------------------------------------------
your algorithmIdentifier
30 46 # len = 70
06 09 # len = 9
2a 86 48 86 f7 0d 01 01 0a
30 39 # len = 57
a0 0f # len = 15
30 0d # len = 13
06 09 # len = 9
60 86 48 01 65 03 04 02 01
05 00 # len = 0
a1 1c # len = 28
30 1a # len = 26
06 09 # len = 9
2a 86 48 86 f7 0d 01 01 08
30 0d # len = 13
06 09 # len = 9
60 86 48 01 65 03 04 02 01
05 00 # len = 0
a2 03 # len = 3
02 01 # len = 1
20
smime.p7s
Description: S/MIME Cryptographic Signature
