libstrongswan: Encode RSA-PSS algorithmIdentifier variant

Some third party IKEv2 products expect an RSA-PSS ASN.1
algorithmIdentifier with an explicit trailerField value (CONTEXT3)
instead of the DEFAULT value if the trailerField is missing.

The setting charon.rsa_pss_trailerfield = yes enables the explicit
encoding.

diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 7d00e1a8cc3a654c4d43a76343f4b3d0522af957..3ed84a1f9ac6ec9b98143b5b86b1c80d11d6e72b 100644 (file)
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -408,6 +408,10 @@ charon.routing_table_prio
 charon.rsa_pss = no
        Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
 
+charon.rsa_pss_trailerfield = no
+       Whether to encode an explicit trailerField value of 0x01 in the RSA-PSS
+       algorithmIdentifier (CONTEXT3) or using the DEFAULT value by omitting it.
+
 charon.send_delay = 0
        Delay in ms for sending packets, to simulate larger RTT.
 

diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c
index 5a73d30cf03bfd81f8fb2d820114acb61daa0277..5a391df89304eb3088a421ae900eddd1de0c161e 100644 (file)
--- a/src/libstrongswan/credentials/keys/signature_params.c
+++ b/src/libstrongswan/credentials/keys/signature_params.c
@@ -360,6 +360,7 @@ end:
 bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1)
 {
        chunk_t hash = chunk_empty, mgf = chunk_empty, slen = chunk_empty;
+       chunk_t trfd = chunk_empty;
        int alg;
 
        if (params->hash != HASH_SHA1)
@@ -370,6 +371,13 @@ bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1)
                        return FALSE;
                }
                hash = asn1_algorithmIdentifier(alg);
+
+               /* set explicit trailerField with default value of 0x01 */
+               if (lib->settings->get_bool(lib->settings, "%s.rsa_pss_trailerfield",
+                                                               FALSE, lib->ns))
+               {
+                       trfd = asn1_integer("m", asn1_integer_from_uint64(0x01));
+               }
        }
        if (params->mgf1_hash != HASH_SHA1)
        {       /* with MGF1-SHA1 we MUST omit the field */
@@ -392,9 +400,10 @@ bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1)
        {
                slen = asn1_integer("m", asn1_integer_from_uint64(params->salt_len));
        }
-       *asn1 = asn1_wrap(ASN1_SEQUENCE, "mmm",
+       *asn1 = asn1_wrap(ASN1_SEQUENCE, "mmmm",
                                hash.len ? asn1_wrap(ASN1_CONTEXT_C_0, "m", hash) : chunk_empty,
-                               mgf.len ? asn1_wrap(ASN1_CONTEXT_C_1, "m", mgf) : chunk_empty,
-                               slen.len ? asn1_wrap(ASN1_CONTEXT_C_2, "m", slen) : chunk_empty);
+                               mgf.len  ? asn1_wrap(ASN1_CONTEXT_C_1, "m", mgf)  : chunk_empty,
+                               slen.len ? asn1_wrap(ASN1_CONTEXT_C_2, "m", slen) : chunk_empty,
+                               trfd.len ? asn1_wrap(ASN1_CONTEXT_C_3, "m", trfd) : chunk_empty);
        return TRUE;
 }