From 1a95a5f921be3e6b3f0bcc18f69106a8f369a009 Mon Sep 17 00:00:00 2001 From: Jack Grigg Date: Sun, 15 Dec 2019 16:38:51 +0000 Subject: [PATCH] Fix PKCS#1 v1.5 signature generation --- Cargo.lock | 6 +++--- Cargo.toml | 2 +- src/certificate.rs | 30 +++++++++++++++++++++++++++++- 3 files changed, 33 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5e582c3..c9fb0d7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -791,7 +791,7 @@ dependencies = [ [[package]] name = "x509" -version = "0.1.0" +version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" dependencies = [ "chrono 0.4.10 (registry+https://github.com/rust-lang/crates.io-index)", @@ -847,7 +847,7 @@ dependencies = [ "sha2 0.8.0 (registry+https://github.com/rust-lang/crates.io-index)", "subtle 2.2.2 (registry+https://github.com/rust-lang/crates.io-index)", "subtle-encoding 0.5.0 (registry+https://github.com/rust-lang/crates.io-index)", - "x509 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", + "x509 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", "x509-parser 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)", "zeroize 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -972,7 +972,7 @@ dependencies = [ "checksum winapi-util 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7168bab6e1daee33b4557efd0e95d5ca70a03706d39fa5f3fe7a236f584b03c9" "checksum winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" "checksum wincolor 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "96f5016b18804d24db43cebf3c77269e7569b8954a8464501c216cc5e070eaa9" -"checksum x509 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ea9d91eac9f9a39e79cbe4eb4f899a15aec4886cc069dc665fd086362e9fa908" +"checksum x509 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "eddce2e179aee785295bff6e72e6f36cc7dc3011e01231100270b6b25de9ec60" "checksum x509-parser 0.6.0 (registry+https://github.com/rust-lang/crates.io-index)" = "9b86b92815858495482b74dab17c0b2b2399f7582b6e7ca621b87aebf8fd00e9" "checksum zeroize 1.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "3cbac2ed2ba24cc90f5e06485ac8c7c1e5449fe8911aef4d8877218af021a5b8" "checksum zeroize_derive 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "de251eec69fc7c1bc3923403d18ececb929380e016afe103da75f396704f8ca2" diff --git a/Cargo.toml b/Cargo.toml index 90e839b..8f174c3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -40,7 +40,7 @@ sha-1 = "0.8" sha2 = "0.8" subtle = "2" subtle-encoding = "0.5" -x509 = "0.1" +x509 = "0.1.1" x509-parser = "0.6" zeroize = "1" diff --git a/src/certificate.rs b/src/certificate.rs index e15d159..f9ba298 100644 --- a/src/certificate.rs +++ b/src/certificate.rs @@ -216,6 +216,34 @@ impl x509::SubjectPublicKeyInfo for PublicKeyInfo { } } +/// Digest algorithms. +/// +/// See RFC 4055 and RFC 8017. +enum DigestId { + /// Secure Hash Algorithm 256 (SHA256) + Sha256, +} + +impl x509::AlgorithmIdentifier for DigestId { + type AlgorithmOid = &'static [u64]; + + fn algorithm(&self) -> Self::AlgorithmOid { + match self { + // See https://tools.ietf.org/html/rfc4055#section-2.1 + DigestId::Sha256 => &[2, 16, 840, 1, 101, 3, 4, 2, 1], + } + } + + fn parameters( + &self, + w: cookie_factory::WriteContext, + ) -> cookie_factory::GenResult { + // Parameters are an explicit NULL + // See https://tools.ietf.org/html/rfc8017#appendix-A.2.4 + x509::der::write::der_null()(w) + } +} + enum SignatureId { /// Public-Key Cryptography Standards (PKCS) #1 version 1.5 signature algorithm with /// Secure Hash Algorithm 256 (SHA256) and Rivest, Shamir and Adleman (RSA) encryption @@ -320,7 +348,7 @@ impl Certificate { let t = cookie_factory::gen_simple( der_sequence(( - algorithm_identifier(&signature_algorithm), + algorithm_identifier(&DigestId::Sha256), der_octet_string(&h), )), vec![],