From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Tue, 6 Sep 2022 19:10:36 +0000 (+0200)
Subject: libstrongswan: Encode RSA-PSS algorithmIdentifier variant
X-Git-Tag: 5.9.8dr3~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=747e840912ad3fff51d042df11343e19dc4e84a0;p=thirdparty%2Fstrongswan.git

libstrongswan: Encode RSA-PSS algorithmIdentifier variant

Some third party IKEv2 products expect an RSA-PSS ASN.1
algorithmIdentifier with an explicit trailerField value (CONTEXT3)
instead of the DEFAULT value if the trailerField is missing.

The setting charon.rsa_pss_trailerfield = yes enables the explicit
encoding.
---

diff --git a/conf/options/charon.opt b/conf/options/charon.opt
index 7d00e1a8cc..3ed84a1f9a 100644
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@@ -408,6 +408,10 @@ charon.routing_table_prio
 charon.rsa_pss = no
 	Whether to use RSA with PSS padding instead of PKCS#1 padding by default.
 
+charon.rsa_pss_trailerfield = no
+	Whether to encode an explicit trailerField value of 0x01 in the RSA-PSS
+	algorithmIdentifier (CONTEXT3) or using the DEFAULT value by omitting it.
+
 charon.send_delay = 0
 	Delay in ms for sending packets, to simulate larger RTT.
 
diff --git a/src/libstrongswan/credentials/keys/signature_params.c b/src/libstrongswan/credentials/keys/signature_params.c
index 5a73d30cf0..5a391df893 100644
--- a/src/libstrongswan/credentials/keys/signature_params.c
+++ b/src/libstrongswan/credentials/keys/signature_params.c
@@ -360,6 +360,7 @@ end:
 bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1)
 {
 	chunk_t hash = chunk_empty, mgf = chunk_empty, slen = chunk_empty;
+	chunk_t trfd = chunk_empty;
 	int alg;
 
 	if (params->hash != HASH_SHA1)
@@ -370,6 +371,13 @@ bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1)
 			return FALSE;
 		}
 		hash = asn1_algorithmIdentifier(alg);
+
+		/* set explicit trailerField with default value of 0x01 */
+		if (lib->settings->get_bool(lib->settings, "%s.rsa_pss_trailerfield",
+								FALSE, lib->ns))
+		{
+			trfd = asn1_integer("m", asn1_integer_from_uint64(0x01));
+		}
 	}
 	if (params->mgf1_hash != HASH_SHA1)
 	{	/* with MGF1-SHA1 we MUST omit the field */
@@ -392,9 +400,10 @@ bool rsa_pss_params_build(rsa_pss_params_t *params, chunk_t *asn1)
 	{
 		slen = asn1_integer("m", asn1_integer_from_uint64(params->salt_len));
 	}
-	*asn1 = asn1_wrap(ASN1_SEQUENCE, "mmm",
+	*asn1 = asn1_wrap(ASN1_SEQUENCE, "mmmm",
 				hash.len ? asn1_wrap(ASN1_CONTEXT_C_0, "m", hash) : chunk_empty,
-				mgf.len ? asn1_wrap(ASN1_CONTEXT_C_1, "m", mgf) : chunk_empty,
-				slen.len ? asn1_wrap(ASN1_CONTEXT_C_2, "m", slen) : chunk_empty);
+				mgf.len  ? asn1_wrap(ASN1_CONTEXT_C_1, "m", mgf)  : chunk_empty,
+				slen.len ? asn1_wrap(ASN1_CONTEXT_C_2, "m", slen) : chunk_empty,
+				trfd.len ? asn1_wrap(ASN1_CONTEXT_C_3, "m", trfd) : chunk_empty);
 	return TRUE;
 }