ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 6541] New: RSASSA-PSS support for X.509 certificates

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 3 Nov 2011 16:44:44 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6541

           Summary: RSASSA-PSS support for X.509 certificates
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxxxx


Created an attachment (id=7366)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7366)
add support for RSASSA-PSS to asn1/pcks1

Build Information:
TShark 1.7.0 (SVN Rev 39729 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.24.2, with libpcap 0.9.8, with libz 1.2.3.3,
without POSIX capabilities, with threads support, without SMI, without c-ares,
without ADNS, without Lua, with Python 2.5.2, with GnuTLS 2.4.2, with Gcrypt
1.4.1, with MIT Kerberos, without GeoIP.

Running on Linux 2.6.29.1, with locale en_US, with libpcap version 0.9.8, with
libz 1.2.3.3.

Built using gcc 4.3.2.

--
Dear all,

I would like to add support for RSASSA-PSS signatures. They're defined in the
PKCS1 standard, the ASN.1 module is in RFC 4055 / RFC 5912.

Please find attached my first attempt to add PSS support and recognize the
default parameters. I set the request_for_checkin flag although this might be a
bit premature.

Could you have a look and give me some feedback?

Should all of this go into asn1/pkcs1? I guess so as other definitions from
RFC5912 are in the same file.

Basically, the key part is

    RSASSA-PSS-params  ::=  SEQUENCE  {
       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
       saltLength        [2] INTEGER DEFAULT 20,
       trailerField      [3] INTEGER DEFAULT 1
    }

It looks like the default values are ignored. There's no errors from asn2wrs
but the defaults never show up anywhere, e.g. when a field is absent. It this
the expected behaviour or is something going wrong?

I can't get the following definition to compile

    sha1Identifier AlgorithmIdentifier ::= {
       algorithmId id-sha1,
       parameters NULL
    }

asn2wrs complains about the comma after id-sha1 (removing it doesn't help). I
commented this out as it's used for defining a default value which in turn
seems to be ignored.

I'll attach two sample X.509 certificates that use RSASSA-PSS signatures. One
of them has all parameters set explicitly, the second uses an empty structure
for the parameters.

Thanks in advance for your comments. 

Best regards,

   Martin

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube