Fix PKCS#1 v1.5 signature generation

This commit is contained in:
Jack Grigg
2019-12-15 16:38:51 +00:00
parent 620f2bcc74
commit 1a95a5f921
3 changed files with 33 additions and 5 deletions
+29 -1
View File
@@ -216,6 +216,34 @@ impl x509::SubjectPublicKeyInfo for PublicKeyInfo {
}
}
/// Digest algorithms.
///
/// See RFC 4055 and RFC 8017.
enum DigestId {
/// Secure Hash Algorithm 256 (SHA256)
Sha256,
}
impl x509::AlgorithmIdentifier for DigestId {
type AlgorithmOid = &'static [u64];
fn algorithm(&self) -> Self::AlgorithmOid {
match self {
// See https://tools.ietf.org/html/rfc4055#section-2.1
DigestId::Sha256 => &[2, 16, 840, 1, 101, 3, 4, 2, 1],
}
}
fn parameters<W: std::io::Write>(
&self,
w: cookie_factory::WriteContext<W>,
) -> cookie_factory::GenResult<W> {
// Parameters are an explicit NULL
// See https://tools.ietf.org/html/rfc8017#appendix-A.2.4
x509::der::write::der_null()(w)
}
}
enum SignatureId {
/// Public-Key Cryptography Standards (PKCS) #1 version 1.5 signature algorithm with
/// Secure Hash Algorithm 256 (SHA256) and Rivest, Shamir and Adleman (RSA) encryption
@@ -320,7 +348,7 @@ impl Certificate {
let t = cookie_factory::gen_simple(
der_sequence((
algorithm_identifier(&signature_algorithm),
algorithm_identifier(&DigestId::Sha256),
der_octet_string(&h),
)),
vec![],