JSS RSA-PSS support first cut.

Provide support for the various SHAxxxwithRSAPSS algorithms. Supprt for 256, 384, and 512 variants included. Included test case for SHA256withRSA/PSS. This fix also requires a corresponding fix to the pki server in order to exercise this functionality in the context of a pki ca server. Add some review suggestions. More reivew suggestions.
cipherboy · Mar 28, 2020 · e1ee07a · e1ee07a
1 parent 522f6ce
commit e1ee07a
Show file tree

Hide file tree

Showing 16 changed files with 908 additions and 57 deletions.
diff --git a/org/mozilla/jss/JSSProvider.java b/org/mozilla/jss/JSSProvider.java
@@ -59,6 +59,28 @@ public JSSProvider() {
         put("Alg.Alias.Signature.SHA256/RSA", "SHA-256/RSA");
         put("Alg.Alias.Signature.SHA256withRSA", "SHA-256/RSA");
 
+        put("Signature.RSASSA-PSS",
+            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$RSAPSSSignature");
+
+        put("Alg.Alias.Signature.1.2.840.113549.1.1.10",     "RSASSA-PSS");
+        put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+        put("Signature.SHA-256/RSA/PSS",
+            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256RSAPSS");
+
+        put("Alg.Alias.Signature.SHA256withRSA/PSS","SHA-256/RSA/PSS");
+
+        put("Signature.SHA-384/RSA/PSS",
+            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384RSAPSS");
+
+        put("Alg.Alias.Signature.SHA384withRSA/PSS","SHA-384/RSA/PSS");
+
+        put("Signature.SHA-512/RSA/PSS",
+            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512RSAPSS");
+
+        put("Alg.Alias.Signature.SHA512withRSA/PSS","SHA-512/RSA/PSS");
+
+
         put("Signature.SHA-384/RSA",
             "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384RSA");
         put("Alg.Alias.Signature.SHA384/RSA", "SHA-384/RSA");
@@ -156,6 +178,9 @@ public JSSProvider() {
         put("AlgorithmParameters.RC2AlgorithmParameters",
             "org.mozilla.jss.provider.java.security.RC2AlgorithmParameters");
 
+        put("AlgorithmParameters.RSAPSSAlgorithmParameters",
+            "org.mozilla.jss.provider.java.security.RSAPSSAlgorithmParameters");
+
         /////////////////////////////////////////////////////////////
         // Cipher
         /////////////////////////////////////////////////////////////

diff --git a/org/mozilla/jss/crypto/Algorithm.c b/org/mozilla/jss/crypto/Algorithm.c
@@ -95,7 +95,8 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
 /* 64 */    {SEC_OID_AES_256_CBC, SEC_OID_TAG},
 /* the CKM_AES_KEY_WRAP_* have different defs than CKM_NSS_AES_KEY_WRAP_*  */
 /* 65 */    {CKM_AES_KEY_WRAP, PK11_MECH},
-/* 66 */    {CKM_AES_KEY_WRAP_PAD, PK11_MECH}
+/* 66 */    {CKM_AES_KEY_WRAP_PAD, PK11_MECH},
+/* 67 */    {SEC_OID_PKCS1_RSA_PSS_SIGNATURE, SEC_OID_TAG}
 /* REMEMBER TO UPDATE NUM_ALGS!!! */
 };
 

diff --git a/org/mozilla/jss/crypto/Algorithm.h b/org/mozilla/jss/crypto/Algorithm.h
@@ -24,7 +24,7 @@ typedef struct JSS_AlgInfoStr {
     JSS_AlgType type;
 } JSS_AlgInfo;
 
-#define NUM_ALGS 67
+#define NUM_ALGS 68
 
 extern JSS_AlgInfo JSS_AlgTable[];
 extern CK_ULONG JSS_symkeyUsage[];

diff --git a/org/mozilla/jss/crypto/Algorithm.java b/org/mozilla/jss/crypto/Algorithm.java
@@ -227,4 +227,7 @@ public boolean isValidParameterObject(Object o) {
     // These underlying defs are currently different from the NSS AES KeyWrap
     protected static final short CKM_AES_KEY_WRAP=65;
     protected static final short CKM_AES_KEY_WRAP_PAD=66;
+    // RSA-PSS
+    protected static final short SEC_OID_PKCS1_RSA_PSS_SIGNATURE = 67;
+
 }
diff --git a/org/mozilla/jss/crypto/SignatureAlgorithm.java b/org/mozilla/jss/crypto/SignatureAlgorithm.java
@@ -65,12 +65,45 @@ public DigestAlgorithm getDigestAlg() throws NoSuchAlgorithmException {
         }
         return digestAlg;
     }
+
+    public DigestAlgorithm setDigestAlg(DigestAlgorithm alg) throws NoSuchAlgorithmException {
+        if( alg == null ) {
+            throw new NoSuchAlgorithmException();
+        }
+        return digestAlg = alg;
+    }
+
     private DigestAlgorithm digestAlg;
 
     //////////////////////////////////////////////////////////////////////
     // Signature Algorithms
     //////////////////////////////////////////////////////////////////////
 
+    /**********************************************************************
+     * PSS Versions of RSA for different digests.
+     *
+     */
+
+    // PSS Signature with not yet specified Digest
+    //
+
+    //Version with no digest set. Must call setDigestAlg() after initialization
+    //to choose the proper variant
+    public static final SignatureAlgorithm
+    RSAPSSSignature = new SignatureAlgorithm(SEC_OID_PKCS1_RSA_PSS_SIGNATURE, "RSAPSSSignature",
+            null, null, OBJECT_IDENTIFIER.PKCS1.subBranch(10) );
+    public static final SignatureAlgorithm
+    RSAPSSSignatureWithSHA256Digest = new SignatureAlgorithm(SEC_OID_PKCS1_RSA_PSS_SIGNATURE, "RSAPSSSignatureWithSHA256Digest",
+            null, DigestAlgorithm.SHA256, OBJECT_IDENTIFIER.PKCS1.subBranch(10) );
+
+    public static final SignatureAlgorithm
+    RSAPSSSignatureWithSHA384Digest = new SignatureAlgorithm(SEC_OID_PKCS1_RSA_PSS_SIGNATURE, "RSAPSSSignatureWithSHA384Digest",
+            null, DigestAlgorithm.SHA384, OBJECT_IDENTIFIER.PKCS1.subBranch(10) );
+
+    public static final SignatureAlgorithm
+    RSAPSSSignatureWithSHA512Digest = new SignatureAlgorithm(SEC_OID_PKCS1_RSA_PSS_SIGNATURE, "RSAPSSSignatureWithSHA512Digest",
+            null, DigestAlgorithm.SHA384, OBJECT_IDENTIFIER.PKCS1.subBranch(10) );
+
     /**********************************************************************
      * Raw RSA signing. This algorithm does not do any hashing, it merely
      * encrypts its input, which should be a hash.