Rsapss csr

lib/x509.js

@@ -683,12 +683,39 @@ var _readSignatureParameters = function(oid, obj, fillDefaults) {
   }
 
   if(capture.saltLength !== undefined) {
-    params.saltLength = capture.saltLength.charCodeAt(0);
+    params.saltLength = asn1.derToInteger(capture.saltLength);
   }
 
   return params;
 };
 
+/**
+ * Creates an empty parameter object to be used for signing operation with PSS padding.
+ *
+ * Note: per default SHA-256 with salt length of digest output size
+ *
+ * return the PSS signature parameter structure
+ */
+pki.createPSSParameters = function(mdName, saltLen) {
+  mdName  = mdName  || 'sha256';
+  saltLen = saltLen ||  32;
+
+  var params = {
+    hash: {
+      algorithmOid: oids[mdName]
+    },
+    mgf: {
+      algorithmOid: oids['mgf1'],
+      hash: {
+        algorithmOid: oids[mdName]
+      }
+    },
+    saltLength: saltLen
+  };
+
+  return params;
+};
+
 /**
  * Create signature digest for OID.
  *
@@ -1788,8 +1815,9 @@ pki.createCertificationRequest = function() {
    *
    * @param key the private key to sign with.
    * @param md the message digest object to use (defaults to forge.md.sha1).
+   * @param pss the optional PSS padding options, see above
    */
-  csr.sign = function(key, md) {
+  csr.sign = function(key, md, pssParams) {
     // TODO: get signature OID from private key
     csr.md = md || forge.md.sha1.create();
     var algorithmOid = oids[csr.md.algorithm + 'WithRSAEncryption'];
@@ -1799,6 +1827,24 @@ pki.createCertificationRequest = function() {
       error.algorithm = csr.md.algorithm;
       throw error;
     }
+
+    let scheme;
+    if (pssParams !== undefined) {
+      algorithmOid = oids['RSASSA-PSS'];
+      csr.siginfo.hashOid = oids[md.algorithm];
+
+      // for PSS padding the parameter block has been defined before signing
+
+      let maxSaltLen = key.n.bitLength()/8-csr.md.digestLength-2;
+      if (maxSaltLen < pssParams.saltLength) {
+        pssParams.saltLength = maxSaltLen;
+      }
+
+      scheme = forge.pss.create(md, forge.mgf.mgf1.create(csr.md), pssParams.saltLength);
+
+      csr.signatureParameters = pssParams;
+    }
+
     csr.signatureOid = csr.siginfo.algorithmOid = algorithmOid;
 
     // get CertificationRequestInfo, convert to DER
@@ -1807,7 +1853,15 @@ pki.createCertificationRequest = function() {
 
     // digest and sign
     csr.md.update(bytes.getBytes());
-    csr.signature = key.sign(csr.md);
+
+    if (pssParams !== undefined) {
+      csr.signature = key.sign(csr.md, scheme);
+      // md reset due to reuse if verify function is called up immediately
+      csr.md = null;
+    }
+    else {
+      csr.signature = key.sign(csr.md);
+    }
   };
 
   /**