Add support for RSA3072 and RSA4096. #114
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi, I've noticed that your PR does not take into account the change of the ASN.1 type in bundle_signature(). The type offset in the DER encoded signature depends on the size of the signature. I propose the following patch: --- a/src/efikeygen.c
+++ b/src/efikeygen.c
@@ -141,7 +141,8 @@ bundle_signature(cms_context *cms, SECItem *sigder, SECItem *data,
errx(1, "could not encode certificate: %s",
PORT_ErrorToString(PORT_GetError()));
- sigder->data[sigder->len - 261] = DER_BIT_STRING;
+ //Note: offset is signature size + 5 bytes for DER encoding
+ sigder->data[sigder->len - (signature->len + 5)] = DER_BIT_STRING;
return 0;
}Other than that this PR look good to me, is there any reason not to merge it yet? |
|
Well, it wasn't actually working when I tried it, possibly due to this exact issue. Hopefully I'll get back to it in a week or two and figure out why. |
We need to be able to generate keys other than just RSA2048 now. As a result, we need to have the key generation data determined outside of generate_keys() itself. This makes those parameters part of the generate_keys() call, and moves the default values into efikeygen itself. Signed-off-by: Peter Jones <[email protected]>
This adds a "--algorithm" flag to which you can pass rsa2048, rsa3072, and rsa4096. Signed-off-by: Peter Jones <[email protected]>
In ea7a2c4, when bundling the signature, the bitstring type field is being set manually with a hacky offset. That offset is only valid with specific signature types, and so with any signature of a different size, this is just corrupting data either in the signature or after it. This change from Egor fixes the egregious hack to manually set the type so that it computes the location based on the signature length, rather than hard-coding a value. Signed-off-by: Peter Jones <[email protected]>
|
Yep, that change gets me from: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.