Support RSA-PSS Signature scheme

Provide support for the various SHAxxxwithRSAPSS algorithms, including
SHA-256, SHA-384, and SHA-512 variants.

Authored by Jack Magne; revised patch forwarded ported from v4.4.x by
Alexander Scheel.

Signed-off-by: Alexander Scheel <ascheel@redhat.com>

org/mozilla/jss/JSSProvider.java

@@ -106,6 +106,28 @@ protected void initializeProvider() {
         put("Alg.Alias.Signature.SHA256/RSA", "SHA-256/RSA");
         put("Alg.Alias.Signature.SHA256withRSA", "SHA-256/RSA");
 
+        put("Signature.RSASSA-PSS",
+            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$RSAPSSSignature");
+
+        put("Alg.Alias.Signature.1.2.840.113549.1.1.10",     "RSASSA-PSS");
+        put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS");
+
+        put("Signature.SHA-256/RSA/PSS",
+            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA256RSAPSS");
+
+        put("Alg.Alias.Signature.SHA256withRSA/PSS","SHA-256/RSA/PSS");
+
+        put("Signature.SHA-384/RSA/PSS",
+            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384RSAPSS");
+
+        put("Alg.Alias.Signature.SHA384withRSA/PSS","SHA-384/RSA/PSS");
+
+        put("Signature.SHA-512/RSA/PSS",
+            "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA512RSAPSS");
+
+        put("Alg.Alias.Signature.SHA512withRSA/PSS","SHA-512/RSA/PSS");
+
+
         put("Signature.SHA-384/RSA",
             "org.mozilla.jss.provider.java.security.JSSSignatureSpi$SHA384RSA");
         put("Alg.Alias.Signature.SHA384/RSA", "SHA-384/RSA");
@@ -209,6 +231,9 @@ protected void initializeProvider() {
         put("AlgorithmParameters.RC2AlgorithmParameters",
             "org.mozilla.jss.provider.java.security.RC2AlgorithmParameters");
 
+        put("AlgorithmParameters.RSAPSSAlgorithmParameters",
+            "org.mozilla.jss.provider.java.security.RSAPSSAlgorithmParameters");
+
         /////////////////////////////////////////////////////////////
         // Cipher
         /////////////////////////////////////////////////////////////

org/mozilla/jss/crypto/Algorithm.c

@@ -128,6 +128,7 @@ JSS_AlgInfo JSS_AlgTable[NUM_ALGS] = {
 /* 75 */    {CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, PK11_MECH},
 /* 76 */    {CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, PK11_MECH},
 /* 77 */    {CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, PK11_MECH},
+/* 78 */    {SEC_OID_PKCS1_RSA_PSS_SIGNATURE, SEC_OID_TAG},
 
 /* REMEMBER TO UPDATE NUM_ALGS!!! (in Algorithm.h) */
 };

org/mozilla/jss/crypto/Algorithm.h

@@ -24,7 +24,7 @@ typedef struct JSS_AlgInfoStr {
     JSS_AlgType type;
 } JSS_AlgInfo;
 
-#define NUM_ALGS 78
+#define NUM_ALGS 79
 
 extern JSS_AlgInfo JSS_AlgTable[];
 extern CK_ULONG JSS_symkeyUsage[];

org/mozilla/jss/crypto/Algorithm.java

@@ -255,4 +255,7 @@ public PKCS11Algorithm getEnum() {
     protected static final int CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA=75;
     protected static final int CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA=76;
     protected static final int CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA=77;
+
+    // RSA-PSS
+    protected static final short SEC_OID_PKCS1_RSA_PSS_SIGNATURE = 78;
 }

org/mozilla/jss/crypto/SignatureAlgorithm.java

@@ -60,13 +60,23 @@ public SignatureAlgorithm getRawAlg() {
     /**
      * The digest portion of the signature algorithm.
      */
+    private DigestAlgorithm digestAlg;
+
     public DigestAlgorithm getDigestAlg() throws NoSuchAlgorithmException {
-        if( digestAlg == null ) {
+        if (digestAlg == null) {
             throw new NoSuchAlgorithmException();
         }
+
         return digestAlg;
     }
-    private DigestAlgorithm digestAlg;
+
+    public DigestAlgorithm setDigestAlg(DigestAlgorithm alg) throws NoSuchAlgorithmException {
+        if (alg == null) {
+            throw new NoSuchAlgorithmException();
+        }
+
+        return digestAlg = alg;
+    }
 
     //////////////////////////////////////////////////////////////////////
     // Signature Algorithms
@@ -174,4 +184,32 @@ public DigestAlgorithm getDigestAlg() throws NoSuchAlgorithmException {
             "RSASignatureWithSHA512Digest", RSASignature, DigestAlgorithm.SHA512,
             OBJECT_IDENTIFIER.PKCS1.subBranch(13));
 
+    //////////////////////////////////////////////////////////////////////
+
+    /**
+     * Version with no digest set: must call setDigestAlg() after initialization
+     * to choose the proper variant.
+     */
+    public static final SignatureAlgorithm
+    RSAPSSSignature =
+        new SignatureAlgorithm(SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
+            "RSAPSSSignature", null, null,
+            OBJECT_IDENTIFIER.PKCS1.subBranch(10));
+    public static final SignatureAlgorithm
+    RSAPSSSignatureWithSHA256Digest =
+        new SignatureAlgorithm(SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
+            "RSAPSSSignatureWithSHA256Digest", null, DigestAlgorithm.SHA256,
+            OBJECT_IDENTIFIER.PKCS1.subBranch(10));
+
+    public static final SignatureAlgorithm
+    RSAPSSSignatureWithSHA384Digest =
+        new SignatureAlgorithm(SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
+            "RSAPSSSignatureWithSHA384Digest", null, DigestAlgorithm.SHA384,
+            OBJECT_IDENTIFIER.PKCS1.subBranch(10));
+
+    public static final SignatureAlgorithm
+    RSAPSSSignatureWithSHA512Digest =
+        new SignatureAlgorithm(SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
+            "RSAPSSSignatureWithSHA512Digest", null, DigestAlgorithm.SHA384,
+            OBJECT_IDENTIFIER.PKCS1.subBranch(10));
 }