On Tue, Mar 09, 2010, Martin Kaiser via RT wrote:
> Hello Steve,
>
> Thus wrote Stephen Henson via RT (r...@openssl.org):
>
> > I'll look into PSS signing at some point too.
>
> Any chance I can contribute to this, based on your approach for
> verification?
>
> A while ago, I extended my patch to support basic PSS signing. For this,
> I added a -pss command line parameter to x509 which uses the default PSS
> parameters and does not explicitly encode them. Instead, an empty
> sequence is used to indicate default parameters.
>
I'll have to think about that a bit more. I really want a general solution
where you can use all sorts of different algorithm types and parameters, both
at an application level and on the command line. There isn't currently an
actual framework to do that and some new APIs will be needed.
I'm divided between something which uses ASN1 pre-setup to obtain the
parameters (which measn you need a generalised API to setup the ASN1 in the
first place) or something which takes an EVP_PKEY_CTX and uses that to setup
the ASN1. The latter is cleaner and already has application and command line
APIs but needs some way to transparently extract the data from an
EVP_PKEY_CTX: which is opaque at an application level. Some ctrls to get md's,
padding modes, salt lengths etc would work.
> > Let me know of any problems.
>
> It runs ok against the sample certificates that I have here.
>
> Do you think it makes sense to check the trailerField in
> rsa_item_verify() to make sure that it is the default value?
>
> Index: crypto/rsa/rsa_ameth.c
> ===================================================================
> RCS file: /v/openssl/cvs/openssl/crypto/rsa/rsa_ameth.c,v
> retrieving revision 1.24
> diff -u -r1.24 rsa_ameth.c
> --- crypto/rsa/rsa_ameth.c 8 Mar 2010 18:10:35 -0000 1.24
> +++ crypto/rsa/rsa_ameth.c 9 Mar 2010 21:55:22 -0000
> @@ -530,6 +530,13 @@
> else
> saltlen = 20;
>
> + /* low-level routines support only trailer field 0xbc (value 1) */
> + if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1)
> + {
> + RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
> + goto err;
> + }
> +
> /* We have all parameters now set up context */
>
> if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
>
>
Yes thanks, I'll add that.
BTW is anyone has or knows of any samples of CMS messages signed with PSS let
me know. Also anyone with samples using PSS only keys: those definitely wont
work at present.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
