|
 |
9264c1 |
From a8e371e54b009159e9e3a0d198bd5eb3ed68ac22 Mon Sep 17 00:00:00 2001
|
|
|
9264c1 |
From: Christina Fu <cfu@redhat.com>
|
|
|
9264c1 |
Date: Tue, 15 May 2018 14:58:07 -0700
|
|
|
9264c1 |
Subject: [PATCH] Ticket 3 JSS has wrong encoding for ecdsa with sha*
|
|
|
9264c1 |
AlgorithmIdentifier This ticket addresses the issue to meet RFC 5758 where
|
|
|
9264c1 |
param field must be omitted in the ECDSA Signature algorithm'
|
|
|
9264c1 |
AlgorithmIdentifier for ecdsa-withSHA224, ecdsa-with-SHA256,
|
|
|
9264c1 |
ecdsa-with-SHA384, or ecdsa-with-SHA512.
|
|
|
9264c1 |
|
|
|
9264c1 |
fixes https://pagure.io/jss/issue/3
|
|
|
9264c1 |
---
|
|
|
9264c1 |
.../jss/pkix/primitive/AlgorithmIdentifier.java | 29 +++++++++++++++++++---
|
|
|
9264c1 |
1 file changed, 25 insertions(+), 4 deletions(-)
|
|
|
9264c1 |
|
|
|
9264c1 |
diff --git a/org/mozilla/jss/pkix/primitive/AlgorithmIdentifier.java b/org/mozilla/jss/pkix/primitive/AlgorithmIdentifier.java
|
|
|
9264c1 |
index 76e4718..0662f76 100644
|
|
|
9264c1 |
--- a/org/mozilla/jss/pkix/primitive/AlgorithmIdentifier.java
|
|
|
9264c1 |
+++ b/org/mozilla/jss/pkix/primitive/AlgorithmIdentifier.java
|
|
|
9264c1 |
@@ -4,10 +4,12 @@
|
|
|
9264c1 |
package org.mozilla.jss.pkix.primitive;
|
|
|
9264c1 |
|
|
|
9264c1 |
import org.mozilla.jss.asn1.*;
|
|
|
9264c1 |
+import org.mozilla.jss.crypto.SignatureAlgorithm;
|
|
|
9264c1 |
import org.mozilla.jss.util.Assert;
|
|
|
9264c1 |
import java.io.InputStream;
|
|
|
9264c1 |
import java.io.OutputStream;
|
|
|
9264c1 |
import java.io.IOException;
|
|
|
9264c1 |
+import java.security.NoSuchAlgorithmException;
|
|
|
9264c1 |
|
|
|
9264c1 |
public class AlgorithmIdentifier implements ASN1Value {
|
|
|
9264c1 |
|
|
|
9264c1 |
@@ -100,10 +102,29 @@ public static class Template implements ASN1Template {
|
|
|
9264c1 |
// the template should have enforced this
|
|
|
9264c1 |
Assert._assert( seq.size() == 2 );
|
|
|
9264c1 |
|
|
|
9264c1 |
- return new AlgorithmIdentifier(
|
|
|
9264c1 |
- (OBJECT_IDENTIFIER)seq.elementAt(0), // OID
|
|
|
9264c1 |
- seq.elementAt(1) // parameters
|
|
|
9264c1 |
- );
|
|
|
9264c1 |
+ OBJECT_IDENTIFIER algOID = (OBJECT_IDENTIFIER)seq.elementAt(0);
|
|
|
9264c1 |
+ boolean allowParams = true;
|
|
|
9264c1 |
+ try {
|
|
|
9264c1 |
+ if (algOID.equals(SignatureAlgorithm.ECSignatureWithSHA256Digest.toOID()) ||
|
|
|
9264c1 |
+ algOID.equals(SignatureAlgorithm.ECSignatureWithSHA384Digest.toOID()) ||
|
|
|
9264c1 |
+ algOID.equals(SignatureAlgorithm.ECSignatureWithSHA512Digest.toOID())) {
|
|
|
9264c1 |
+ allowParams = false;
|
|
|
9264c1 |
+ }
|
|
|
9264c1 |
+ } catch (NoSuchAlgorithmException e) {
|
|
|
9264c1 |
+ // System.out.println("JSS: AlgorithmIdentifier:decode: " + e.toString());
|
|
|
9264c1 |
+ // unlikely to happen; swallow it. treat it as allowParams;
|
|
|
9264c1 |
+ }
|
|
|
9264c1 |
+
|
|
|
9264c1 |
+ if (!allowParams) {
|
|
|
9264c1 |
+ return new AlgorithmIdentifier(
|
|
|
9264c1 |
+ algOID // OID
|
|
|
9264c1 |
+ );
|
|
|
9264c1 |
+ } else {
|
|
|
9264c1 |
+ return new AlgorithmIdentifier(
|
|
|
9264c1 |
+ (OBJECT_IDENTIFIER)seq.elementAt(0), // OID
|
|
|
9264c1 |
+ seq.elementAt(1) // parameters
|
|
|
9264c1 |
+ );
|
|
|
9264c1 |
+ }
|
|
|
9264c1 |
}
|
|
|
9264c1 |
} // end of Template
|
|
|
9264c1 |
|
|
|
9264c1 |
--
|
|
|
9264c1 |
2.14.3
|
|
|
9264c1 |
|