diff --git a/TrustKit/Pinning/TSKSPKIHashCache.m b/TrustKit/Pinning/TSKSPKIHashCache.m index 3a08061..9e56c7a 100644 --- a/TrustKit/Pinning/TSKSPKIHashCache.m +++ b/TrustKit/Pinning/TSKSPKIHashCache.m @@ -24,6 +24,12 @@ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00 }; +static const unsigned char rsa3072Asn1Header[] = +{ + 0x30, 0x82, 0x01, 0xA2, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x8F, 0x00 +}; + static const unsigned char rsa4096Asn1Header[] = { 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, @@ -50,6 +56,10 @@ static BOOL isKeySupported(NSString *publicKeyType, NSNumber *publicKeySize) { return YES; } + else if (([publicKeyType isEqualToString:(NSString *)kSecAttrKeyTypeRSA]) && ([publicKeySize integerValue] == 3072)) + { + return YES; + } else if (([publicKeyType isEqualToString:(NSString *)kSecAttrKeyTypeRSA]) && ([publicKeySize integerValue] == 4096)) { return YES; @@ -72,6 +82,10 @@ static BOOL isKeySupported(NSString *publicKeyType, NSNumber *publicKeySize) { return (char *)rsa2048Asn1Header; } + else if (([publicKeyType isEqualToString:(NSString *)kSecAttrKeyTypeRSA]) && ([publicKeySize integerValue] == 3072)) + { + return (char *)rsa3072Asn1Header; + } else if (([publicKeyType isEqualToString:(NSString *)kSecAttrKeyTypeRSA]) && ([publicKeySize integerValue] == 4096)) { return (char *)rsa4096Asn1Header; @@ -94,6 +108,10 @@ static unsigned int getAsn1HeaderSize(NSString *publicKeyType, NSNumber *publicK { return sizeof(rsa2048Asn1Header); } + else if (([publicKeyType isEqualToString:(NSString *)kSecAttrKeyTypeRSA]) && ([publicKeySize integerValue] == 3072)) + { + return sizeof(rsa3072Asn1Header); + } else if (([publicKeyType isEqualToString:(NSString *)kSecAttrKeyTypeRSA]) && ([publicKeySize integerValue] == 4096)) { return sizeof(rsa4096Asn1Header);