Wireshark-bugs: [Wireshark-bugs] [Bug 6541] New: RSASSA-PSS support for X.509	certificates
      
      
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6541
           Summary: RSASSA-PSS support for X.509 certificates
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: wireshark@xxxxxxxxx
Created an attachment (id=7366)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7366)
add support for RSASSA-PSS to asn1/pcks1
Build Information:
TShark 1.7.0 (SVN Rev 39729 from /trunk)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.24.2, with libpcap 0.9.8, with libz 1.2.3.3,
without POSIX capabilities, with threads support, without SMI, without c-ares,
without ADNS, without Lua, with Python 2.5.2, with GnuTLS 2.4.2, with Gcrypt
1.4.1, with MIT Kerberos, without GeoIP.
Running on Linux 2.6.29.1, with locale en_US, with libpcap version 0.9.8, with
libz 1.2.3.3.
Built using gcc 4.3.2.
--
Dear all,
I would like to add support for RSASSA-PSS signatures. They're defined in the
PKCS1 standard, the ASN.1 module is in RFC 4055 / RFC 5912.
Please find attached my first attempt to add PSS support and recognize the
default parameters. I set the request_for_checkin flag although this might be a
bit premature.
Could you have a look and give me some feedback?
Should all of this go into asn1/pkcs1? I guess so as other definitions from
RFC5912 are in the same file.
Basically, the key part is
    RSASSA-PSS-params  ::=  SEQUENCE  {
       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier,
       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
       saltLength        [2] INTEGER DEFAULT 20,
       trailerField      [3] INTEGER DEFAULT 1
    }
It looks like the default values are ignored. There's no errors from asn2wrs
but the defaults never show up anywhere, e.g. when a field is absent. It this
the expected behaviour or is something going wrong?
I can't get the following definition to compile
    sha1Identifier AlgorithmIdentifier ::= {
       algorithmId id-sha1,
       parameters NULL
    }
asn2wrs complains about the comma after id-sha1 (removing it doesn't help). I
commented this out as it's used for defining a default value which in turn
seems to be ignored.
I'll attach two sample X.509 certificates that use RSASSA-PSS signatures. One
of them has all parameters set explicitly, the second uses an empty structure
for the parameters.
Thanks in advance for your comments. 
Best regards,
   Martin
-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.