Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(ext/crypto): decode id-RSASSA-PSS with default params #12147

Merged
merged 5 commits into from
Oct 1, 2021
Merged

fix(ext/crypto): decode id-RSASSA-PSS with default params #12147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
5214ccc
fix(ext/crypto): decode id-RSASSA-PSS with default params
littledivy Sep 20, 2021
451d84b
custom saltLength test
littledivy Sep 20, 2021
50a4b20
Merge branch 'main' into rsa_pss_params
littledivy Sep 30, 2021
30ebec6
rerun CI
littledivy Sep 30, 2021
4adb9d7
Merge branch 'main' into rsa_pss_params
bartlomieju Sep 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions cli/tests/testdata/webcrypto/id_rsassaPss_default.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEwwIBADASBgkqhkiG9w0BAQowBaIDAgEABIIEqDCCBKQCAQACggEBAMPqex5m
1JO1SOxN6F+yNN9AV1bhoGHpx7rqvOAjIadTSmK9g17GA8r5vYk/J/wVdPLOnVG2
ARAzk9T554rYd4fAN3uL9CzsK2eBb7CD/OAbq1a3RLGhFrNILot7rK2QnTPuDbAh
HUWGwsW+PQYhPW1JzdnOvfRD4DEZfzz5in6SZWmHvXCMdpewgWdjzQ9O1+MxNVe4
diw43q3fvDEZSGGgnV3eVp+adQxIq0pfNq6jB71CE82vZYMXAJ+MeypX6+xn9OG0
NzXXUsYTQjchNUALZTG4YM5ErGJCB/cikEwqscktirmU3l1lAN193wgykYUDGV8a
JdlMUwRe68vsoI8CAwEAAQKCAQABnH0Uu+3FpTkLUHy3xMRwjZvqSALEq2KMJAAX
q9JMCQBUnZBmCCTh13n6lf1jMl363T4n/OI3WuU9XCzOVIdvI2KRbo48jFizCjp7
7in3QeL/3JQBDf0czlwro4HBD65rTero5uzRtJEHhVAFK+LQcknyH6QqTSCb5sTI
IJlF/zSMc596zLsSdo/CdNBSvdlOXLoypJ7APW/dKs0nQ58dJ2yhNVkFfqnsckg1
i1M12WMVUlwQDyqb7OlodLr45SN9CM4EVXES6/D1I4WTHQQgVK+nyVv/1UgGWn8w
ZJv7z5WbA+fdCPRXNf9VRkVpL2TDF32Aouu9Ck729U/KesghAoGBAOl2SBiyeK+Y
z5G/XXNOUWvVoLKv70Fy8pevvv9uyIOvxriADLRFRxcObG0rgLrCYQhjsWzhXBss
5lY8Cnm4dBFxZsAMHYBB5C99bT/OX+D4Gh7JG302wehp/2nrl9Wqs5NV6p9r0nyH
PQdPzGTBRnHG2uzor9pawU6Sb7FoIfxfAoGBANbUS4zLRqiBqjXw5TVkxGetm6St
GM+gA0JuYDqXM53a6p6/brwTO2u2hQPIphTGc+ZQzjaimUQeX4cRRm7cs7Nzvb0U
iiwYCf4zDEKzhGvdKsA/SOyGR3a5yyV1jWZdRvNra1kL08bsUYMpMOomPlDoTtZv
kJaOMblGlRskWcnRAoGBAMOeqraXBO0N/A9B7Anr++mBbU+Mf8u1h3R2fHIH39gH
91ktYnfC/Nhi65NmOk1DBo9DCa4T/1t9+dsUICrx1b+v58rP3ABWNd9dF6e5Qzl8
alaVaIU41q3p82xLTkRo7mNsQFYowIw7vXVc9gUOtfosB9Eu//rUxNkTdqeOe7u9
AoGBAMEW9YTp3GtuiCeNiubP2Hx7nU6JSqirYOKfxJxE9N7oOkNPOt+OxbTNy4aY
HTbFHL0hWgffY7THPANxsoXIlzgvSpYdVQfG34x8I4P8SISOuHMtLoVxN+BtpDra
Cqq8Ih5+KXFS4RmFpMooBtAeaZpdAydYBXRdADJQT4qixJVRAoGAOIF7KIGi0TBs
nr/u4Hqyj+wc0DkQFJa9ILvLV7r+k33KYjiVZeBfbDKDLMSXCHMyTSfLjmDI9ZVd
HCo6+cUw4dwXsquKn3i+nmjMc4G82o48EQYfGoRlNb7fnyBVdULIV0lwRRsXn29A
dfNGr0wbasKwbrjL6XZerA0saoNdEOw=
-----END PRIVATE KEY-----
28 changes: 28 additions & 0 deletions cli/tests/testdata/webcrypto/id_rsassaPss_saltLen_30.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEwQIBADASBgkqhkiG9w0BAQowBaIDAgEeBIIEpjCCBKICAQACggEBAMEWS3x9
dCE5KWAoh5UAXeq2E0uPWBJ2UrtX7asgrOX1Sj4Boak/zxpsgPGQeA3kQPlcD9xi
wxnlBMFqrMwoY1Trb5quX1ZU8NVE/w3kWkF2EhHKgbWt9LyoNsNkj7liw5Aez4fN
O2v+IIsqeVJslXa6+6jfe1xWSEcRLOpfjCQ76bA9I5i9wls/ThvPnlEuYD7jFaXb
EJiKcaYxQ+L+Ys0CC5lPLGnLb3NRgeQhtBjmaTOMh2PrXoaZ9RuuzpDHJ7Iw3Inl
qh9AbH5um2TEh0ZpIhPaC5grwlbMpoTLW46MAYynme2+FsD20paszPQL9afiuUll
9PjLO3Lr3JNWxyECAwEAAQKCAQAhdReHbsWcrCb7Poqfyvx7GymkwiXkrRQQ2l+Y
c4UCI8rFi8rTZPciAQMm2H21CoQnsUgeTA66gfCdAzsF9UmhAVrJVsW2U+mXSulX
IuZwyWDALHLlZEswFYXHvbkZyn9QjcYwJePSBqrk8msrWR1dAXFyBad+jIThq5w4
0G2cKWh1sHKTcIa3UZ6jnAB0WC/Fkv3hjybVn601Axq9YdVTbKAxfBPdfTmBXqc5
P98ghRqPrjnFkDET8LZsDJjAuwSL9S79QAQmPmOlKuNCWB2gQ7/4aIcgtiyGOTvK
3sD4f3aL+E8caTpJQQDQanQO7DRghci+grb2bVDAkhg7/cdBAoGBAOQRDc3KSQlT
Jl8W2pa8PvtTYcK+QQ0GCKMDeFyAMqvtFo216NjgTh92WZArTTQVFMzorXNSWUbq
tAqMa9lc6f7CtM/hhuxkKL1o93Hbb69pk4eohzhk5uAleQ9jhOi4ABTwONV9HDt6
xl8CDoZiBpqjR1hlHFSfVLDGKtG+8I/NAoGBANi8eHWMvYicyND21Kf9s4RZuVVT
sf2xj1wCv8M3Or72PRtINOGdH2ASELpyyU9nLwzPaEnQ9nwmAI3YUs9j7lqkyFv0
aHK/F9JZ8IZi7paRsIl2lXkXBAWICG5eoBVvpl3KWzh50n0rEDaXhTJuToBVQ0BV
MiX1or6pcZUEanilAoGASg2/jbLBRGXbb8Tb9VXqnXDVrYZZWQE8jLHzwxVdXrX9
PMZ0dPdgZpbnPgjRaLfvqRlkOK3kj0Jmc4Zk/o9M64wNafKw/NEI6XfL4Qx/l1WQ
sdvnDEi3LtD8HiMSZP5aCHJ4Ado98JJNF0xzqu7pdgzOfcVXDaMuvLeb778wHYEC
gYA0bjN9zFQ1biguVOfQ09DPnZz2BU8znfaePZQCN6QgehUCOo+AXLAwX25ojEgi
y0VYhfwmj0RxeAf+SGyP+w64ItDNXey+hXfPzS4gdGJfTlM0jdlO98BjTisr9/wl
82J9oew7V00SNo6vhiwUrRaUeQvRzkpZYHjEQt1VPUI8eQKBgFkjt/rEEgpojPIR
iC4qR35yRoTvFjOLj5WQPZmgEjeqWoE/xXMg58UXo74ViSavEP+8xQH+uSXXAG4q
G4298Uc9jNF0jTekEKI8yyi2MBThDOtQOTNZb/exAgrXkff/g1RG+XIbgHgx8qRR
XII4DFaG+/+toV/27x4mfuddXWNu
-----END PRIVATE KEY-----
31 changes: 22 additions & 9 deletions cli/tests/unit/webcrypto_test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -379,19 +379,32 @@ unitTest(async function generateImportHmacJwk() {
// 2048-bits publicExponent=65537
const pkcs8TestVectors = [
// rsaEncryption
"cli/tests/testdata/webcrypto/id_rsaEncryption.pem",
// id-RSASSA-PSS
"cli/tests/testdata/webcrypto/id_rsassaPss.pem",
{ pem: "cli/tests/testdata/webcrypto/id_rsaEncryption.pem", hash: "SHA-256" },
// id-RSASSA-PSS (sha256)
// `openssl genpkey -algorithm rsa-pss -pkeyopt rsa_pss_keygen_md:sha256 -out id_rsassaPss.pem`
{ pem: "cli/tests/testdata/webcrypto/id_rsassaPss.pem", hash: "SHA-256" },
// id-RSASSA-PSS (default parameters)
// `openssl genpkey -algorithm rsa-pss -out id_rsassaPss.pem`
{
pem: "cli/tests/testdata/webcrypto/id_rsassaPss_default.pem",
hash: "SHA-1",
},
// id-RSASSA-PSS (default hash)
// `openssl genpkey -algorithm rsa-pss -pkeyopt rsa_pss_keygen_saltlen:30 -out rsaPss_saltLen_30.pem`
{
pem: "cli/tests/testdata/webcrypto/id_rsassaPss_saltLen_30.pem",
hash: "SHA-1",
},
];

unitTest({ permissions: { read: true } }, async function importRsaPkcs8() {
const pemHeader = "-----BEGIN PRIVATE KEY-----";
const pemFooter = "-----END PRIVATE KEY-----";
for (const keyFile of pkcs8TestVectors) {
const pem = await Deno.readTextFile(keyFile);
const pemContents = pem.substring(
for (const { pem, hash } of pkcs8TestVectors) {
const keyFile = await Deno.readTextFile(pem);
const pemContents = keyFile.substring(
pemHeader.length,
pem.length - pemFooter.length,
keyFile.length - pemFooter.length,
);
const binaryDerString = atob(pemContents);
const binaryDer = new Uint8Array(binaryDerString.length);
Expand All @@ -402,7 +415,7 @@ unitTest({ permissions: { read: true } }, async function importRsaPkcs8() {
const key = await crypto.subtle.importKey(
"pkcs8",
binaryDer,
{ name: "RSA-PSS", hash: "SHA-256" },
{ name: "RSA-PSS", hash },
true,
["sign"],
);
Expand All @@ -413,7 +426,7 @@ unitTest({ permissions: { read: true } }, async function importRsaPkcs8() {
assertEquals(key.usages, ["sign"]);
const algorithm = key.algorithm as RsaHashedKeyAlgorithm;
assertEquals(algorithm.name, "RSA-PSS");
assertEquals(algorithm.hash.name, "SHA-256");
assertEquals(algorithm.hash.name, hash);
assertEquals(algorithm.modulusLength, 2048);
assertEquals(algorithm.publicExponent, new Uint8Array([1, 0, 1]));
}
Expand Down
36 changes: 34 additions & 2 deletions ext/crypto/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -874,6 +874,38 @@ const MASK_GEN_ALGORITHM_TAG: rsa::pkcs8::der::TagNumber =
const SALT_LENGTH_TAG: rsa::pkcs8::der::TagNumber =
rsa::pkcs8::der::TagNumber::new(2);

lazy_static! {
// Default HashAlgorithm for RSASSA-PSS-params (sha1)
//
// sha1 HashAlgorithm ::= {
// algorithm id-sha1,
// parameters SHA1Parameters : NULL
// }
//
// SHA1Parameters ::= NULL
static ref SHA1_HASH_ALGORITHM: rsa::pkcs8::AlgorithmIdentifier<'static> = rsa::pkcs8::AlgorithmIdentifier {
// id-sha1
oid: ID_SHA1_OID,
// NULL
parameters: Some(asn1::Any::from(asn1::Null)),
};

// TODO(@littledivy): `pkcs8` should provide AlgorithmIdentifier to Any conversion.
static ref ENCODED_SHA1_HASH_ALGORITHM: Vec<u8> = SHA1_HASH_ALGORITHM.to_vec().unwrap();
// Default MaskGenAlgrithm for RSASSA-PSS-params (mgf1SHA1)
//
// mgf1SHA1 MaskGenAlgorithm ::= {
// algorithm id-mgf1,
// parameters HashAlgorithm : sha1
// }
static ref MGF1_SHA1_MASK_ALGORITHM: rsa::pkcs8::AlgorithmIdentifier<'static> = rsa::pkcs8::AlgorithmIdentifier {
// id-mgf1
oid: ID_MFG1,
// sha1
parameters: Some(asn1::Any::from_der(&ENCODED_SHA1_HASH_ALGORITHM).unwrap()),
};
}

impl<'a> TryFrom<rsa::pkcs8::der::asn1::Any<'a>>
for PssPrivateKeyParameters<'a>
{
Expand All @@ -887,13 +919,13 @@ impl<'a> TryFrom<rsa::pkcs8::der::asn1::Any<'a>>
.context_specific(HASH_ALGORITHM_TAG)?
.map(TryInto::try_into)
.transpose()?
.unwrap();
.unwrap_or(*SHA1_HASH_ALGORITHM);

let mask_gen_algorithm = decoder
.context_specific(MASK_GEN_ALGORITHM_TAG)?
.map(TryInto::try_into)
.transpose()?
.unwrap();
.unwrap_or(*MGF1_SHA1_MASK_ALGORITHM);

let salt_length = decoder
.context_specific(SALT_LENGTH_TAG)?
Expand Down