Bug 158750: Add OIDs from PKCS #1 (RFC 4055) for RSA PSS and OAEP and
authorwtc%google.com
Fri, 28 May 2010 01:26:07 +0000
changeset 9662 e48e90405313f18719946321e819837d998ab36c
parent 9661 e51caeaceada3ac35ea09096d5b0411bc2f50544
child 9664 c74050d27020bcc469eb1e3cb343d18917af914f
push idunknown
push userunknown
push dateunknown
bugs158750
Bug 158750: Add OIDs from PKCS #1 (RFC 4055) for RSA PSS and OAEP and SHA-224 with RSA encryption. The patch is contributed by Hanno Boeck <hanno@hboeck.de>. r=wtc. Modified Files: secoid.c secoidt.h
security/nss/lib/util/secoid.c
security/nss/lib/util/secoidt.h
--- a/security/nss/lib/util/secoid.c
+++ b/security/nss/lib/util/secoid.c
@@ -229,19 +229,24 @@ CONST_OID sha1[]                        
 CONST_OID bogusDSASignaturewithSHA1Digest[]  = { ALGORITHM, 0x1b };
 CONST_OID isoSHA1WithRSASignature[]          = { ALGORITHM, 0x1d };
 
 CONST_OID pkcs1RSAEncryption[]         		= { PKCS1, 0x01 };
 CONST_OID pkcs1MD2WithRSAEncryption[]  		= { PKCS1, 0x02 };
 CONST_OID pkcs1MD4WithRSAEncryption[]  		= { PKCS1, 0x03 };
 CONST_OID pkcs1MD5WithRSAEncryption[]  		= { PKCS1, 0x04 };
 CONST_OID pkcs1SHA1WithRSAEncryption[] 		= { PKCS1, 0x05 };
+CONST_OID pkcs1RSAOAEPEncryption[]		= { PKCS1, 0x07 };
+CONST_OID pkcs1MGF1[]				= { PKCS1, 0x08 };
+CONST_OID pkcs1PSpecified[]			= { PKCS1, 0x09 };
+CONST_OID pkcs1RSAPSSSignature[]		= { PKCS1, 10 };
 CONST_OID pkcs1SHA256WithRSAEncryption[] 	= { PKCS1, 11 };
 CONST_OID pkcs1SHA384WithRSAEncryption[] 	= { PKCS1, 12 };
 CONST_OID pkcs1SHA512WithRSAEncryption[] 	= { PKCS1, 13 };
+CONST_OID pkcs1SHA224WithRSAEncryption[] 	= { PKCS1, 14 };
 
 CONST_OID pkcs5PbeWithMD2AndDEScbc[]  		= { PKCS5, 0x01 };
 CONST_OID pkcs5PbeWithMD5AndDEScbc[]  		= { PKCS5, 0x03 };
 CONST_OID pkcs5PbeWithSha1AndDEScbc[] 		= { PKCS5, 0x0a };
 CONST_OID pkcs5Pbkdf2[]  			= { PKCS5, 12 };
 CONST_OID pkcs5Pbes2[]  			= { PKCS5, 13 };
 CONST_OID pkcs5Pbmac1[]				= { PKCS5, 14 };
 
@@ -1606,16 +1611,36 @@ const static SECOidData oids[SEC_OID_TOT
 
     /* SEED algorithm OIDs */
     OD( seed_CBC, SEC_OID_SEED_CBC,
 	"SEED-CBC", CKM_SEED_CBC, INVALID_CERT_EXTENSION),
 
     OD( x509CertificatePoliciesAnyPolicy, SEC_OID_X509_ANY_POLICY,
  	"Certificate Policies AnyPolicy",
         CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
+
+    OD( pkcs1RSAOAEPEncryption, SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION,
+	"PKCS #1 RSA-OAEP Encryption", CKM_RSA_PKCS_OAEP,
+	INVALID_CERT_EXTENSION ),
+
+    OD( pkcs1MGF1, SEC_OID_PKCS1_MGF1,
+	"PKCS #1 MGF1 Mask Generation Function", CKM_INVALID_MECHANISM,
+	INVALID_CERT_EXTENSION ),
+
+    OD( pkcs1PSpecified, SEC_OID_PKCS1_PSPECIFIED,
+	"PKCS #1 RSA-OAEP Explicitly Specified Encoding Parameters",
+	CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+    OD( pkcs1RSAPSSSignature, SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
+	"PKCS #1 RSASSA-PSS Signature", CKM_RSA_PKCS_PSS,
+	INVALID_CERT_EXTENSION ),
+
+    OD( pkcs1SHA224WithRSAEncryption, SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION,
+	"PKCS #1 SHA-224 With RSA Encryption", CKM_SHA224_RSA_PKCS,
+	INVALID_CERT_EXTENSION ),
 };
 
 /* PRIVATE EXTENDED SECOID Table
  * This table is private. Its structure is opaque to the outside.
  * It is indexed by the same SECOidTag as the oids table above.
  * Every member of this struct must have accessor functions (set, get)
  * and those functions must operate by value, not by reference.
  * The addresses of the contents of this table must not be exposed 
--- a/security/nss/lib/util/secoidt.h
+++ b/security/nss/lib/util/secoidt.h
@@ -445,16 +445,22 @@ typedef enum {
     SEC_OID_PKIX_CA_REPOSITORY              = 300,
 
     SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE     = 301,
 
     SEC_OID_SEED_CBC			    = 302,
 
     SEC_OID_X509_ANY_POLICY                 = 303,
 
+    SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION       = 304,
+    SEC_OID_PKCS1_MGF1                      = 305,
+    SEC_OID_PKCS1_PSPECIFIED                = 306,
+    SEC_OID_PKCS1_RSA_PSS_SIGNATURE         = 307,
+    SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION = 308,
+
     SEC_OID_TOTAL
 } SECOidTag;
 
 #define SEC_OID_SECG_EC_SECP192R1 SEC_OID_ANSIX962_EC_PRIME192V1
 #define SEC_OID_SECG_EC_SECP256R1 SEC_OID_ANSIX962_EC_PRIME256V1
 #define SEC_OID_PKCS12_KEY_USAGE  SEC_OID_X509_KEY_USAGE
 
 /* fake OID for DSS sign/verify */