Remove MGF1 from needing to be explicitly specified (especially since it was
authorRyan Sleevi <sleevi@google.com>
Sun, 27 Jan 2013 20:58:39 -0800
changeset 26 5a80f9413855
parent 25 4be87d65cee0
child 27 b67eda58e695
Remove MGF1 from needing to be explicitly specified (especially since it was
never defined as an algorithm identifier), and leave that to be intrinsic to
the definition of RSA-OAEP and RSA-PSS.

This also means that applications cannot inadvertantly create signatures where
SHA-1 is the hash alg, but the MGF alg uses SHA-256 (or vice versa). Instead,
a single algorithm is specified and it's used as both the hash alg and as the
mgf1-[hash] alg.
spec/Overview-WebCryptoAPI.xml
spec/Overview.html
--- a/spec/Overview-WebCryptoAPI.xml	Sun Jan 27 20:58:23 2013 -0800
+++ b/spec/Overview-WebCryptoAPI.xml	Sun Jan 27 20:58:39 2013 -0800
@@ -2590,7 +2590,8 @@
             <p>
               The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
               and verification using the RSASSA-PSS algorithm specified in
-              [<cite><a href="#RFC3447">RFC3447</a></cite>].
+              [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask generation
+              formula MGF-1.
             </p>
           </div>
           <div id="rsa-pss-registration" class="section">
@@ -2632,8 +2633,6 @@
 dictionary <dfn id="dfn-RsaPssParams">RsaPssParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
   <span class="comment">// The hash function to apply to the message</span>
   AlgorithmIdentifier hash;
-  <span class="comment">// The mask generation function</span>
-  AlgorithmIdentifier mgf;
   <span class="comment">// The desired length of the random salt</span>
   unsigned long saltLength;
 };
@@ -2656,7 +2655,8 @@
             <p>
               The <code>"RSA-OAEP"</code> algorithm identifier is used to perform encryption
               and decryption ordering to the RSAES-OAEP algorithm specified in
-              [<cite><a href="#RFC3447">RFC3447</a></cite>].
+              [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask
+              generation function MGF-1.
             </p>
           </div>
           <div id="rsa-oaep-registration" class="section">
@@ -2699,8 +2699,6 @@
 dictionary <dfn id="dfn-RsaOaepParams">RsaOaepParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
   <span class="comment">// The hash function to apply to the message</span>
   AlgorithmIdentifier hash;
-  <span class="comment">// The mask generation function</span>
-  AlgorithmIdentifier mgf;
   <span class="comment">// The optional label/application data to associate with the message</span>
   ArrayBufferView? label;
 };
--- a/spec/Overview.html	Sun Jan 27 20:58:23 2013 -0800
+++ b/spec/Overview.html	Sun Jan 27 20:58:39 2013 -0800
@@ -2599,7 +2599,8 @@
             <p>
               The <code>"RSA-PSS"</code> algorithm identifier is used to perform signing
               and verification using the RSASSA-PSS algorithm specified in
-              [<cite><a href="#RFC3447">RFC3447</a></cite>].
+              [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask generation
+              formula MGF-1.
             </p>
           </div>
           <div id="rsa-pss-registration" class="section">
@@ -2641,8 +2642,6 @@
 dictionary <dfn id="dfn-RsaPssParams">RsaPssParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
   <span class="comment">// The hash function to apply to the message</span>
   AlgorithmIdentifier hash;
-  <span class="comment">// The mask generation function</span>
-  AlgorithmIdentifier mgf;
   <span class="comment">// The desired length of the random salt</span>
   unsigned long saltLength;
 };
@@ -2665,7 +2664,8 @@
             <p>
               The <code>"RSA-OAEP"</code> algorithm identifier is used to perform encryption
               and decryption ordering to the RSAES-OAEP algorithm specified in
-              [<cite><a href="#RFC3447">RFC3447</a></cite>].
+              [<cite><a href="#RFC3447">RFC3447</a></cite>], using the mask
+              generation function MGF-1.
             </p>
           </div>
           <div id="rsa-oaep-registration" class="section">
@@ -2708,8 +2708,6 @@
 dictionary <dfn id="dfn-RsaOaepParams">RsaOaepParams</dfn> : <a href="#dfn-AlgorithmParameters">AlgorithmParameters</a> {
   <span class="comment">// The hash function to apply to the message</span>
   AlgorithmIdentifier hash;
-  <span class="comment">// The mask generation function</span>
-  AlgorithmIdentifier mgf;
   <span class="comment">// The optional label/application data to associate with the message</span>
   ArrayBufferView? label;
 };