Merge pull request #138 from space88man/rsassa_pss

keys.py: add RSASSA_PSS OIDs from RFC4055

8 files changed, 159 insertions, 0 deletions

diff --git a/asn1crypto/keys.py b/asn1crypto/keys.py
index 91cf7c6..3d447e3 100644
--- a/asn1crypto/keys.py
+++ b/asn1crypto/keys.py
@@ -40,6 +40,7 @@ from .core import (
     SetOf,
 )
 from .util import int_from_bytes, int_to_bytes
+from asn1crypto.algos import RSASSAPSSParams
 
 
 class OtherPrimeInfo(Sequence):
@@ -593,6 +594,8 @@ class PrivateKeyAlgorithmId(ObjectIdentifier):
     _map = {
         # https://tools.ietf.org/html/rfc3279#page-19
         '1.2.840.113549.1.1.1': 'rsa',
+        # https://tools.ietf.org/html/rfc4055#page-8
+        '1.2.840.113549.1.1.10': 'rsassa_pss',
         # https://tools.ietf.org/html/rfc3279#page-18
         '1.2.840.10040.4.1': 'dsa',
         # https://tools.ietf.org/html/rfc3279#page-13
@@ -615,6 +618,7 @@ class PrivateKeyAlgorithm(_ForceNullParameters, Sequence):
     _oid_specs = {
         'dsa': DSAParams,
         'ec': ECDomainParameters,
+        'rsassa_pss': RSASSAPSSParams,
     }
 
 
@@ -634,6 +638,7 @@ class PrivateKeyInfo(Sequence):
         algorithm = self['private_key_algorithm']['algorithm'].native
         return {
             'rsa': RSAPrivateKey,
+            'rsassa_pss': RSAPrivateKey,
             'dsa': Integer,
             'ec': ECPrivateKey,
         }[algorithm]
@@ -938,6 +943,8 @@ class PublicKeyAlgorithmId(ObjectIdentifier):
         '1.2.840.113549.1.1.1': 'rsa',
         # https://tools.ietf.org/html/rfc3447#page-47
         '1.2.840.113549.1.1.7': 'rsaes_oaep',
+        # https://tools.ietf.org/html/rfc4055#page-8
+        '1.2.840.113549.1.1.10': 'rsassa_pss',
         # https://tools.ietf.org/html/rfc3279#page-18
         '1.2.840.10040.4.1': 'dsa',
         # https://tools.ietf.org/html/rfc3279#page-13
@@ -964,6 +971,7 @@ class PublicKeyAlgorithm(_ForceNullParameters, Sequence):
         'ec': ECDomainParameters,
         'dh': DomainParameters,
         'rsaes_oaep': RSAESOAEPParams,
+        'rsassa_pss': RSASSAPSSParams,
     }
 
 
@@ -983,6 +991,7 @@ class PublicKeyInfo(Sequence):
         return {
             'rsa': RSAPublicKey,
             'rsaes_oaep': RSAPublicKey,
+            'rsassa_pss': RSAPublicKey,
             'dsa': Integer,
             # We override the field spec with ECPoint so that users can easily
             # decompose the byte string into the constituent X and Y coords
diff --git a/tests/fixtures/keys/test-public-rsapss-der.key b/tests/fixtures/keys/test-public-rsapss-der.key
new file mode 100644
index 0000000..c7937be
--- /dev/null
+++ b/tests/fixtures/keys/test-public-rsapss-der.key
diff --git a/tests/fixtures/keys/test-public-rsapss.key b/tests/fixtures/keys/test-public-rsapss.key
new file mode 100644
index 0000000..8e9a068
--- /dev/null
+++ b/tests/fixtures/keys/test-public-rsapss.key
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIDALBgkqhkiG9w0BAQoDggEPADCCAQoCggEBAKEVLWOTtyNDiAZXb8NqFwmB
+PWVmm9mDMTNaptwozSd6OQXPJcXzu8zpwCwWdk3QehrWca3nN0qXN6Hq+pEVjD6/
+QQRMxBQwJeHfTuh8Ci4nz8Xw7gMxR2k36kK01pN/6pdW2S4c4a1Zut7g9zbYIH9U
+U1jHMPcqP3I6zBrW5WO5n4XoH5ME+xpIlMJLWCd4X8/xSY2IhY0/ssYCnPLvMqGj
+Opw6nwurdPH9zwQvzE8K++8OtfmTQDBUyf4w861qiYjCCdBnj7sjCnTWFggKg9Tt
+ot5xPF7bStKEyC3N5HXz3Y8H5jBY8rIYqs2WE+wIBM4s7LxqJ5pyxCmE82dJ+fUC
+AwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/tests/fixtures/keys/test-rsapss-der.key b/tests/fixtures/keys/test-rsapss-der.key
new file mode 100644
index 0000000..4449d65
--- /dev/null
+++ b/tests/fixtures/keys/test-rsapss-der.key
diff --git a/tests/fixtures/keys/test-rsapss.crt b/tests/fixtures/keys/test-rsapss.crt
new file mode 100644
index 0000000..4fc9b3f
--- /dev/null
+++ b/tests/fixtures/keys/test-rsapss.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAhKgAwIBAgIURizKkLO5lJkypU9NL3yhfR8mUY0wPgYJKoZIhvcNAQEK
+MDGgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQC
+AgDeMA0xCzAJBgNVBAMMAkNBMB4XDTE5MDkyMTEwMjcyNFoXDTI5MDkxODEwMjcy
+NFowDTELMAkGA1UEAwwCQ0EwggEgMAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKCAQEA
+oRUtY5O3I0OIBldvw2oXCYE9ZWab2YMxM1qm3CjNJ3o5Bc8lxfO7zOnALBZ2TdB6
+GtZxrec3Spc3oer6kRWMPr9BBEzEFDAl4d9O6HwKLifPxfDuAzFHaTfqQrTWk3/q
+l1bZLhzhrVm63uD3Ntggf1RTWMcw9yo/cjrMGtblY7mfhegfkwT7GkiUwktYJ3hf
+z/FJjYiFjT+yxgKc8u8yoaM6nDqfC6t08f3PBC/MTwr77w61+ZNAMFTJ/jDzrWqJ
+iMIJ0GePuyMKdNYWCAqD1O2i3nE8XttK0oTILc3kdfPdjwfmMFjyshiqzZYT7AgE
+zizsvGonmnLEKYTzZ0n59QIDAQABo1MwUTAdBgNVHQ4EFgQUR55Wi9L1KUAfez/M
+O/5Z+sDOmn8wHwYDVR0jBBgwFoAUR55Wi9L1KUAfez/MO/5Z+sDOmn8wDwYDVR0T
+AQH/BAUwAwEB/zA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBABz2Sub4E5RWr0VVSu/l1gLR
+/XmT13AJDqjJ6dyfjMWV8bxVHZAXXBhJk7OMxTkEpHINbcoBEsQdtbQ2lkX7S5fI
+7Oyz+Du1ux5uCVRHVjeqEjVkmxuODxPVu4y57Ix6UDL2zDoqCeQcT3V4kw3SqyJn
+znv/1OaQ5+20QbHqWEQtjUYv2VyDBE3QqXylKWy1V5YxJJ8g3yBHQxN/+c7o8mti
+leTw6Nw2hyunVUmIE07uUwgbwrhck5DQGWqpmsI9D2HugJH0whlCvHjpQUVPEAkL
+aNYaelnJ56t6tnIXZEVrtPh7oOyEZWnnj6q3moR/annXkdox5NbQlGLRQDR3+EA=
+-----END CERTIFICATE-----
diff --git a/tests/fixtures/keys/test-rsapss.key b/tests/fixtures/keys/test-rsapss.key
new file mode 100644
index 0000000..2ae4c5b
--- /dev/null
+++ b/tests/fixtures/keys/test-rsapss.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAoRUtY5O3I0OIBldv
+w2oXCYE9ZWab2YMxM1qm3CjNJ3o5Bc8lxfO7zOnALBZ2TdB6GtZxrec3Spc3oer6
+kRWMPr9BBEzEFDAl4d9O6HwKLifPxfDuAzFHaTfqQrTWk3/ql1bZLhzhrVm63uD3
+Ntggf1RTWMcw9yo/cjrMGtblY7mfhegfkwT7GkiUwktYJ3hfz/FJjYiFjT+yxgKc
+8u8yoaM6nDqfC6t08f3PBC/MTwr77w61+ZNAMFTJ/jDzrWqJiMIJ0GePuyMKdNYW
+CAqD1O2i3nE8XttK0oTILc3kdfPdjwfmMFjyshiqzZYT7AgEzizsvGonmnLEKYTz
+Z0n59QIDAQABAoIBAQCc76769u1UM/UQiJtgvbmYDwwsAJ4Sepiyub0bfbzym0d2
++2yHwYDUkWAjE/dKtLRh9U9n6H6b81vGKtLYCzBJ6beEYu4d5RLjTtbn9gFNGoh5
+BtQ81AQI5Osc9maf6d46d+i73nOYmnVPs8nm6wYuR4+0TMzN4aFSvyofdAKk9qZP
+FWY1Vexi4diiChE+HytJ1jtQZIVmTd55oK5HG7tD1seYR7J2F91+KNg3CVC1/y3/
+JhoTDtDeeWtwTnOKafdOqmI4xQu0mZgo0nt/w+PoFGo7pmUv7RWY70qHBO63txCs
+c7pX+tn9PERbCcOncAg5yNdC31TKMCSZT6vKz945AoGBAM6TThUqoB5UlrgfPL+1
+6xqMomU4L5OA1M1N3PctiLfe9CmMO/8gh8j0uWsCJp9I6nlg4tIJAYyvd+sa/UzF
+Vmf5cyyDEEMuxFYo7UAz7AbcCho4QxSDYvrmp3muFKYRtF/tD69TWrGfq+/QCKXX
+7CUElZDjlScqREhQioFJ/Xe7AoGBAMefdL103NlF15mqGD62ZkkZkoB08TDvxPPK
+/A3voqCDwpxYPSDSS7o04EphX4gCB6K90ZgHd53Ihox2osDDgcPht+xTICC4ETEL
+EST7KkDIhKVpjDRr5Tej7q1wsMbklvVMkVywZ2WQrfsis/tI4b9N10fI/hdj0iTr
+AvD2OYIPAoGBAKhc+pjZwuK1gpnSK8r8U/+xe3IP1wbbS5WAzoVOwU1LE6kBOKz5
+MHIiszR57kyIO0JuKq+Q04h8QrqFpsj5VTEs6CfxMkHvTeoDNUrMhqQYlstD67g+
+VV+0ue68aOvpJh/AsLXus85tGs87uLCiST7qe5Q5SIlBM6HUsu4pBcKdAoGAUP+C
+ft1MP1z3foJmFAwutLqLl1PcCd9AKyvR2lXBxx+vd4DWTNsHnyaVW5jnCmjIcGBV
+Czr8bilPbu80WsL5hGGyH1IbVytYzm2PJ1JCcsbqC7QoD504BLufvQBculdGaYIH
++XQagDuUXLJYFT4dW2JaV+ZWM2dtfU1ehCdkbkECgYAhcAkEP8F5W7uW9hgx/gAg
+9gKA/YleJv0gwP+wxKMBkX1OlRuZViN04LcdiVh1uyqtnSa1EwNZn69OHq0bLTXa
+F986zj/zUuj4yFNKxnSq3FDISglMo5Ua6HDHT57Dn5vbUnln+Tiq0En5k/8neOJT
+TEIWZO5wFQeL1N0l4Nai0g==
+-----END PRIVATE KEY-----
diff --git a/tests/test_keys.py b/tests/test_keys.py
index 2585bbf..2f2856e 100644
--- a/tests/test_keys.py
+++ b/tests/test_keys.py
@@ -299,6 +299,94 @@ class KeysTests(unittest.TestCase):
             key_info['attributes'].native
         )
 
+    def test_parse_rsapss_private_key(self):
+        with open(os.path.join(fixtures_dir, 'keys/test-rsapss-der.key'), 'rb') as f:
+            key_info = keys.PrivateKeyInfo.load(f.read())
+
+        key = key_info['private_key'].parsed
+
+        self.assertEqual(
+            0,
+            key_info['version'].native
+        )
+        self.assertEqual(
+            'rsassa_pss',
+            key_info['private_key_algorithm']['algorithm'].native
+        )
+        self.assertEqual(
+            None,
+            key_info['private_key_algorithm']['parameters'].native
+        )
+
+        self.assertEqual(
+            'two-prime',
+            key['version'].native
+        )
+        self.assertEqual(
+            20334810015710919160110203472269180092101382951468058535601491502957196266577250503666807938732810152931665713052098820680792829137564325868564844098687045650387144565108903086036194735310494097581552241575174798917880615962200904076841064384200149608953782976948109759991080721261141139715447415148530436086884795768009560076896590825433136132086023781159444716805738553676228393667377624295683128237093827752550284339271476658714835879903906034493875531632793284572104031230158276531850092876884395075794398068537347947800593962574809516836581297669594643468201529164877789603529698620577572178907861813134904392181,  # noqa
+            key['modulus'].native
+        )
+        self.assertEqual(
+            65537,
+            key['public_exponent'].native
+        )
+        self.assertEqual(
+            19811367921985171557639752989981035886303512541789150212828710994763522615025976847568941008714007785902419332260807020468874408966438534060269241736746690644631569655037665166904359886012100769497873119376457740069070560586943676477505866318738720913860857882999478282122015106772111353446622784949473859714808146533832277397219231218258638918521475883551912394494264506377559745603922894963456171825545032908365582944199734667178542763963194351614183530759037228600105514522819433425764227915014375970397879315537366008672232442295229043876987446583754589361036423305704619726617664187630589314612553217357586095673,  # noqa
+            key['private_exponent'].native
+        )
+        self.assertEqual(
+            145062186227663059634108314593892541355080853648164075820395373006330022883408993468365984286369578851636705799765757665015182142763055043654284213839887910732213256250809510746337738407165996181392718941356683486810092456676083857188565619344293262177288309348259896401807590237461717880393098789423620650939,  # noqa
+            key['prime1'].native
+        )
+        self.assertEqual(
+            140179950023620372289001596962713930540779028054089057618536399863850868080064249195053602322991362108187576825895413419966213531630187432159266399149913629896819277637422106295703267471029328291865017941552279870382011332512626586060449095917164740367589115287472025339179557750935025294415109144213020312079,  # noqa
+            key['prime2'].native
+        )
+        self.assertEqual(
+            118228658851708114001194157738654137417646348120344781510758784408198602961600439097293142570946864897406396441532083859790972106955549111215800799518497533665722246507785513633594518505277393228754912332478232018012333162654627815552589285314495327920681107702945726939074883271186966123919571825659906212509,  # noqa
+            key['exponent1'].native
+        )
+        self.assertEqual(
+            56878789554421364113540907677075374840783006759759162308194149033058002105452927576710337564627405910873614034121348759689054278241450542380322750296695046251983127560528078041645807537568272852545501885984378691627606471980343411760066258123338644976958508227786686876412756148631524064712858116223089798721,  # noqa
+            key['exponent2'].native
+        )
+        self.assertEqual(
+            23480707628058872067473220975854826046220552607063059593257976510053338333806071359463231176605785818753563067398907246278690942690250152695883594601176151883590956534074071491193074275985805378044282321604348476199853682247297755042167691612551582210509658456585074900583647465600111554502893125233815233234,  # noqa
+            key['coefficient'].native
+        )
+        self.assertEqual(
+            None,
+            key['other_prime_infos'].native
+        )
+
+        self.assertEqual(
+            None,
+            key_info['attributes'].native
+        )
+
+    def test_parse_rsapss_public_key_info(self):
+        with open(os.path.join(fixtures_dir, 'keys/test-public-rsapss-der.key'), 'rb') as f:
+            key = keys.PublicKeyInfo.load(f.read())
+
+        public_key = key['public_key'].parsed
+
+        self.assertEqual(
+            'rsassa_pss',
+            key['algorithm']['algorithm'].native
+        )
+        self.assertEqual(
+            None,
+            key['algorithm']['parameters'].native
+        )
+        self.assertEqual(
+            20334810015710919160110203472269180092101382951468058535601491502957196266577250503666807938732810152931665713052098820680792829137564325868564844098687045650387144565108903086036194735310494097581552241575174798917880615962200904076841064384200149608953782976948109759991080721261141139715447415148530436086884795768009560076896590825433136132086023781159444716805738553676228393667377624295683128237093827752550284339271476658714835879903906034493875531632793284572104031230158276531850092876884395075794398068537347947800593962574809516836581297669594643468201529164877789603529698620577572178907861813134904392181,  # noqa
+            public_key['modulus'].native
+        )
+        self.assertEqual(
+            65537,
+            public_key['public_exponent'].native
+        )
+
     @staticmethod
     def key_sha1_hashes():
         return (
diff --git a/tests/test_x509.py b/tests/test_x509.py
index 273cf12..4763ab9 100644
--- a/tests/test_x509.py
+++ b/tests/test_x509.py
@@ -544,6 +544,11 @@ class X509Tests(unittest.TestCase):
                 'ecdsa',
                 'sha256'
             ),
+            (
+                'keys/test-rsapss.crt',
+                'rsassa_pss',
+                'sha256'
+            ),
         )
 
     @data('signature_algo_info')