From 006f45a738a6612958381b2fcbf48586c008d911 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 26 Feb 2013 15:52:18 +0100 Subject: public_key & ssl: Add support for ISO oids 1.3.14.3.2.29 and 1.3.14.3.2.27 Some certificates may use these OIDs instead of the ones defined by PKIX/PKCS standard. Refactor code so that all handling of the "duplicate" oids is done by public_key. Update algorithm information in documentation. --- lib/public_key/asn1/OTP-PKIX.asn1 | 22 +++++++++++++++------- lib/public_key/asn1/PKCS-1.asn1 | 4 +++- lib/public_key/asn1/PKIX1Algorithms88.asn1 | 3 +++ 3 files changed, 21 insertions(+), 8 deletions(-) (limited to 'lib/public_key/asn1') diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1 index 4f20208bce..a90fe2840c 100644 --- a/lib/public_key/asn1/OTP-PKIX.asn1 +++ b/lib/public_key/asn1/OTP-PKIX.asn1 @@ -97,9 +97,9 @@ IMPORTS id-pkix1-implicit(19) } --Keys and Signatures - id-dsa, Dss-Parms, DSAPublicKey, - id-dsa-with-sha1, - md2WithRSAEncryption, + id-dsa, Dss-Parms, DSAPublicKey, + id-dsa-with-sha1, id-dsaWithSHA1, + md2WithRSAEncryption, md5WithRSAEncryption, sha1WithRSAEncryption, rsaEncryption, RSAPublicKey, @@ -115,7 +115,6 @@ IMPORTS FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-algorithms(17) } - md2WithRSAEncryption, md5WithRSAEncryption, sha1WithRSAEncryption, @@ -316,8 +315,8 @@ PublicKeyAlgorithm ::= SEQUENCE { OPTIONAL } SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { - dsa-with-sha1 | md2-with-rsa-encryption | - md5-with-rsa-encryption | sha1-with-rsa-encryption | + dsa-with-sha1 | dsaWithSHA1 | md2-with-rsa-encryption | + md5-with-rsa-encryption | sha1-with-rsa-encryption | sha-1with-rsa-encryption | sha224-with-rsa-encryption | sha256-with-rsa-encryption | sha384-with-rsa-encryption | @@ -325,7 +324,7 @@ SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { ecdsa-with-sha1 } SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { - dsa | rsa-encryption | dh | kea | ec-public-key } + dsa | rsa-encryption | dh | kea | ec-public-key } -- DSA Keys and Signatures @@ -347,6 +346,11 @@ SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { dsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { ID id-dsa-with-sha1 + TYPE DSAParams } + + + dsaWithSHA1 SIGNATURE-ALGORITHM-CLASS ::= { + ID id-dsaWithSHA1 TYPE DSAParams } -- @@ -367,6 +371,10 @@ SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { ID sha1WithRSAEncryption TYPE NULL } + sha-1with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID sha-1WithRSAEncryption + TYPE NULL } + sha224-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { ID sha224WithRSAEncryption TYPE NULL } diff --git a/lib/public_key/asn1/PKCS-1.asn1 b/lib/public_key/asn1/PKCS-1.asn1 index c83289e779..b5754790e7 100644 --- a/lib/public_key/asn1/PKCS-1.asn1 +++ b/lib/public_key/asn1/PKCS-1.asn1 @@ -35,7 +35,9 @@ sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 } - +-- ISO oid - equvivalent to sha1WithRSAEncryption +sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) sha-1WithRSAEncryption(29)} id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) diff --git a/lib/public_key/asn1/PKIX1Algorithms88.asn1 b/lib/public_key/asn1/PKIX1Algorithms88.asn1 index f895b6d0cd..74225747d3 100644 --- a/lib/public_key/asn1/PKIX1Algorithms88.asn1 +++ b/lib/public_key/asn1/PKIX1Algorithms88.asn1 @@ -35,6 +35,9 @@ id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } + id-dsaWithSHA1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) dsaWithSHA1(27) + } -- encoding for DSA signature generated with SHA-1 hash Dss-Sig-Value ::= SEQUENCE { -- cgit v1.2.3