forked from wolfSSL/wolfssl
change default cert gen to SHAwRSA, add SHA256wRSA gen
This commit is contained in:
toddouska
@@ -1636,15 +1636,16 @@ static word32 SetAlgoID(int algoOID, byte* output, int type)
|
|||||||
0x02, 0x05, 0x05, 0x00 };
|
0x02, 0x05, 0x05, 0x00 };
|
||||||
static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
||||||
0x02, 0x02, 0x05, 0x00};
|
0x02, 0x02, 0x05, 0x00};
|
||||||
|
|
||||||
/* sigTypes */
|
/* sigTypes */
|
||||||
static const byte md5wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
static const byte md5wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
||||||
0x01, 0x01, 0x04, 0x05, 0x00};
|
0x01, 0x01, 0x04, 0x05, 0x00};
|
||||||
|
static const byte shawRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
||||||
|
0x01, 0x01, 0x05, 0x05, 0x00};
|
||||||
|
static const byte sha256wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
|
||||||
|
0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00};
|
||||||
/* keyTypes */
|
/* keyTypes */
|
||||||
static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
|
||||||
0x01, 0x01, 0x01, 0x05, 0x00};
|
0x01, 0x01, 0x01, 0x05, 0x00};
|
||||||
|
|
||||||
int algoSz = 0;
|
int algoSz = 0;
|
||||||
word32 idSz, seqSz;
|
word32 idSz, seqSz;
|
||||||
const byte* algoName = 0;
|
const byte* algoName = 0;
|
||||||
@@ -1685,6 +1686,16 @@ static word32 SetAlgoID(int algoOID, byte* output, int type)
|
|||||||
algoName = md5wRSA_AlgoID;
|
algoName = md5wRSA_AlgoID;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case SHAwRSA:
|
||||||
|
algoSz = sizeof(shawRSA_AlgoID);
|
||||||
|
algoName = shawRSA_AlgoID;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SHA256wRSA:
|
||||||
|
algoSz = sizeof(sha256wRSA_AlgoID);
|
||||||
|
algoName = sha256wRSA_AlgoID;
|
||||||
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
CYASSL_MSG("Unknown Signature Algo");
|
CYASSL_MSG("Unknown Signature Algo");
|
||||||
return 0;
|
return 0;
|
||||||
@@ -2410,7 +2421,7 @@ int RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
|
|||||||
/* Initialize and Set Certficate defaults:
|
/* Initialize and Set Certficate defaults:
|
||||||
version = 3 (0x2)
|
version = 3 (0x2)
|
||||||
serial = 0
|
serial = 0
|
||||||
sigType = MD5_WITH_RSA
|
sigType = SHA_WITH_RSA
|
||||||
issuer = blank
|
issuer = blank
|
||||||
daysValid = 500
|
daysValid = 500
|
||||||
selfSigned = 1 (true) use subject as issuer
|
selfSigned = 1 (true) use subject as issuer
|
||||||
@@ -2419,7 +2430,7 @@ int RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
|
|||||||
void InitCert(Cert* cert)
|
void InitCert(Cert* cert)
|
||||||
{
|
{
|
||||||
cert->version = 2; /* version 3 is hex 2 */
|
cert->version = 2; /* version 3 is hex 2 */
|
||||||
cert->sigType = MD5wRSA;
|
cert->sigType = SHAwRSA;
|
||||||
cert->daysValid = 500;
|
cert->daysValid = 500;
|
||||||
cert->selfSigned = 1;
|
cert->selfSigned = 1;
|
||||||
cert->isCA = 0;
|
cert->isCA = 0;
|
||||||
@@ -3021,20 +3032,40 @@ static int WriteCertBody(DerCert* der, byte* buffer)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Make MD5wRSA signature from buffer (sz), write to sig (sigSz) */
|
/* Make RSA signature from buffer (sz), write to sig (sigSz) */
|
||||||
static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
|
static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
|
||||||
RsaKey* key, RNG* rng)
|
RsaKey* key, RNG* rng, int sigAlgoType)
|
||||||
{
|
{
|
||||||
byte digest[SHA_DIGEST_SIZE]; /* max size */
|
byte digest[SHA256_DIGEST_SIZE]; /* max size */
|
||||||
byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ];
|
byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ];
|
||||||
int encSigSz, digestSz, typeH;
|
int encSigSz, digestSz, typeH;
|
||||||
Md5 md5; /* md5 for now */
|
|
||||||
|
|
||||||
|
if (sigAlgoType == MD5wRSA) {
|
||||||
|
Md5 md5;
|
||||||
InitMd5(&md5);
|
InitMd5(&md5);
|
||||||
Md5Update(&md5, buffer, sz);
|
Md5Update(&md5, buffer, sz);
|
||||||
Md5Final(&md5, digest);
|
Md5Final(&md5, digest);
|
||||||
digestSz = MD5_DIGEST_SIZE;
|
digestSz = MD5_DIGEST_SIZE;
|
||||||
typeH = MD5h;
|
typeH = MD5h;
|
||||||
|
}
|
||||||
|
else if (sigAlgoType == SHAwRSA) {
|
||||||
|
Sha sha;
|
||||||
|
InitSha(&sha);
|
||||||
|
ShaUpdate(&sha, buffer, sz);
|
||||||
|
ShaFinal(&sha, digest);
|
||||||
|
digestSz = SHA_DIGEST_SIZE;
|
||||||
|
typeH = SHAh;
|
||||||
|
}
|
||||||
|
else if (sigAlgoType == SHA256wRSA) {
|
||||||
|
Sha256 sha256;
|
||||||
|
InitSha256(&sha256);
|
||||||
|
Sha256Update(&sha256, buffer, sz);
|
||||||
|
Sha256Final(&sha256, digest);
|
||||||
|
digestSz = SHA256_DIGEST_SIZE;
|
||||||
|
typeH = SHA256h;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
return ALGO_ID_E;
|
||||||
|
|
||||||
/* signature */
|
/* signature */
|
||||||
encSigSz = EncodeSignature(encSig, digest, digestSz, typeH);
|
encSigSz = EncodeSignature(encSig, digest, digestSz, typeH);
|
||||||
@@ -3044,13 +3075,14 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz,
|
|||||||
|
|
||||||
/* add signature to end of buffer, size of buffer assumed checked, return
|
/* add signature to end of buffer, size of buffer assumed checked, return
|
||||||
new length */
|
new length */
|
||||||
static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz)
|
static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz,
|
||||||
|
int sigAlgoType)
|
||||||
{
|
{
|
||||||
byte seq[MAX_SEQ_SZ];
|
byte seq[MAX_SEQ_SZ];
|
||||||
int idx = bodySz, seqSz;
|
int idx = bodySz, seqSz;
|
||||||
|
|
||||||
/* algo */
|
/* algo */
|
||||||
idx += SetAlgoID(MD5wRSA, buffer + idx, sigType);
|
idx += SetAlgoID(sigAlgoType, buffer + idx, sigType);
|
||||||
/* bit string */
|
/* bit string */
|
||||||
buffer[idx++] = ASN_BIT_STRING;
|
buffer[idx++] = ASN_BIT_STRING;
|
||||||
/* length */
|
/* length */
|
||||||
@@ -3115,14 +3147,15 @@ int SignCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng)
|
|||||||
if (bodySz < 0)
|
if (bodySz < 0)
|
||||||
return bodySz;
|
return bodySz;
|
||||||
|
|
||||||
sigSz = MakeSignature(buffer, bodySz, sig, sizeof(sig), key, rng);
|
sigSz = MakeSignature(buffer, bodySz, sig, sizeof(sig), key, rng,
|
||||||
|
cert->sigType);
|
||||||
if (sigSz < 0)
|
if (sigSz < 0)
|
||||||
return sigSz;
|
return sigSz;
|
||||||
|
|
||||||
if (bodySz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz)
|
if (bodySz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz)
|
||||||
return BUFFER_E;
|
return BUFFER_E;
|
||||||
|
|
||||||
return AddSignature(buffer, bodySz, sig, sigSz);
|
return AddSignature(buffer, bodySz, sig, sigSz, cert->sigType);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -196,7 +196,7 @@ static INLINE void showPeer(SSL* ssl)
|
|||||||
printf("SSL cipher suite is %s\n", SSL_CIPHER_get_name(cipher));
|
printf("SSL cipher suite is %s\n", SSL_CIPHER_get_name(cipher));
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef SESSION_CERTS
|
#if defined(SESSION_CERTS) && defined(SHOW_CERTS)
|
||||||
{
|
{
|
||||||
X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
|
X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl);
|
||||||
int count = CyaSSL_get_chain_count(chain);
|
int count = CyaSSL_get_chain_count(chain);
|
||||||
|
|||||||
Reference in New Issue
Block a user