Wireshark-bugs: [Wireshark-bugs] [Bug 6541] New: RSASSA-PSS support for X.509 certificates
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6541
Summary: RSASSA-PSS support for X.509 certificates
Product: Wireshark
Version: SVN
Platform: Other
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Low
Component: Wireshark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: wireshark@xxxxxxxxx
Created an attachment (id=7366)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7366)
add support for RSASSA-PSS to asn1/pcks1
Build Information:
TShark 1.7.0 (SVN Rev 39729 from /trunk)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.24.2, with libpcap 0.9.8, with libz 1.2.3.3,
without POSIX capabilities, with threads support, without SMI, without c-ares,
without ADNS, without Lua, with Python 2.5.2, with GnuTLS 2.4.2, with Gcrypt
1.4.1, with MIT Kerberos, without GeoIP.
Running on Linux 2.6.29.1, with locale en_US, with libpcap version 0.9.8, with
libz 1.2.3.3.
Built using gcc 4.3.2.
--
Dear all,
I would like to add support for RSASSA-PSS signatures. They're defined in the
PKCS1 standard, the ASN.1 module is in RFC 4055 / RFC 5912.
Please find attached my first attempt to add PSS support and recognize the
default parameters. I set the request_for_checkin flag although this might be a
bit premature.
Could you have a look and give me some feedback?
Should all of this go into asn1/pkcs1? I guess so as other definitions from
RFC5912 are in the same file.
Basically, the key part is
RSASSA-PSS-params ::= SEQUENCE {
hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
saltLength [2] INTEGER DEFAULT 20,
trailerField [3] INTEGER DEFAULT 1
}
It looks like the default values are ignored. There's no errors from asn2wrs
but the defaults never show up anywhere, e.g. when a field is absent. It this
the expected behaviour or is something going wrong?
I can't get the following definition to compile
sha1Identifier AlgorithmIdentifier ::= {
algorithmId id-sha1,
parameters NULL
}
asn2wrs complains about the comma after id-sha1 (removing it doesn't help). I
commented this out as it's used for defining a default value which in turn
seems to be ignored.
I'll attach two sample X.509 certificates that use RSASSA-PSS signatures. One
of them has all parameters set explicitly, the second uses an empty structure
for the parameters.
Thanks in advance for your comments.
Best regards,
Martin
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.