feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

sha256 rsa signed certs

Browse Source
This commit is contained in:
Todd A Ouska
2011-04-08 11:00:38 -07:00
parent 8a31288c95
commit 214d2cfad7
2 changed files with 65 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ctaocrypt/include/asn.h
View File

@@ -102,7 +102,7 @@ enum Misc_ASN {
MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */ MAX_SEQ_SZ = 5, /* enum(seq | con) + length(4) */
MAX_SET_SZ = 5, /* enum(set | con) + length(4) */ MAX_SET_SZ = 5, /* enum(set | con) + length(4) */
MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/ MAX_VERSION_SZ = 5, /* enum + id + version(byte) + (header(2))*/
MAX_ENCODED_DIG_SZ = 25, /* sha + enum(bit or octet) + legnth(4) */ MAX_ENCODED_DIG_SZ = 73, /* sha512 + enum(bit or octet) + legnth(4) */
MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */
MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */
MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */
@@ -125,13 +125,15 @@ enum Sig_Sum {
MD2wRSA = 646, MD2wRSA = 646,
MD5wRSA = 648, MD5wRSA = 648,
SHAwRSA = 649, SHAwRSA = 649,
SHAwECDSA = 520 SHAwECDSA = 520,
SHA256wRSA = 655
}; };
enum Hash_Sum { enum Hash_Sum {
MD2h = 646, MD2h = 646,
MD5h = 649, MD5h = 649,
SHAh = 88 SHAh = 88,
SHA256h = 414
}; };
enum Key_Sum { enum Key_Sum {

49
ctaocrypt/src/asn.c
View File

@@ -31,6 +31,7 @@
#include "error.h" #include "error.h"
#include "pwdbased.h" #include "pwdbased.h"
#include "des3.h" #include "des3.h"
#include "sha256.h"
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
#include "crypto_ntru.h" #include "crypto_ntru.h"
@@ -1470,6 +1471,8 @@ static word32 SetAlgoID(int algoOID, byte* output, int type)
/* hashTypes */ /* hashTypes */
static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a, static const byte shaAlgoID[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a,
0x05, 0x00 }; 0x05, 0x00 };
static const byte sha256AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00 };
static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x02, 0x05, 0x05, 0x00 }; 0x02, 0x05, 0x05, 0x00 };
static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
@@ -1496,6 +1499,11 @@ static word32 SetAlgoID(int algoOID, byte* output, int type)
algoName = shaAlgoID; algoName = shaAlgoID;
break; break;
case SHA256h:
algoSz = sizeof(sha256AlgoID);
algoName = sha256AlgoID;
break;
case MD2h: case MD2h:
algoSz = sizeof(md2AlgoID); algoSz = sizeof(md2AlgoID);
algoName = md2AlgoID; algoName = md2AlgoID;
@@ -1572,7 +1580,11 @@ word32 EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID)
static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz,
word32 keyOID) word32 keyOID)
{ {
#ifndef NO_SHA256
byte digest[SHA256_DIGEST_SIZE]; /* max size */
#else
byte digest[SHA_DIGEST_SIZE]; /* max size */ byte digest[SHA_DIGEST_SIZE]; /* max size */
#endif
int hashType, digestSz, ret; int hashType, digestSz, ret;
if (cert->signatureOID == MD5wRSA) { if (cert->signatureOID == MD5wRSA) {
@@ -1594,6 +1606,17 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz,
hashType = SHAh; hashType = SHAh;
digestSz = SHA_DIGEST_SIZE; digestSz = SHA_DIGEST_SIZE;
} }
#ifndef NO_SHA256
else if (cert->signatureOID == SHA256wRSA) {
Sha256 sha256;
InitSha256(&sha256);
Sha256Update(&sha256, cert->source + cert->certBegin,
cert->sigIndex - cert->certBegin);
Sha256Final(&sha256, digest);
hashType = SHA256h;
digestSz = SHA256_DIGEST_SIZE;
}
#endif
else else
return 0; /* ASN_SIG_HASH_E; */ return 0; /* ASN_SIG_HASH_E; */
@@ -1615,8 +1638,9 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz,
else { else {
XMEMCPY(plain, cert->signature, cert->sigLength); XMEMCPY(plain, cert->signature, cert->sigLength);
if ( (verifySz = RsaSSL_VerifyInline(plain, cert->sigLength, &out, if ( (verifySz = RsaSSL_VerifyInline(plain, cert->sigLength, &out,
&pubKey)) < 0) &pubKey)) < 0) {
ret = 0; /* ASN_VERIFY_E; */ ret = 0; /* ASN_VERIFY_E; */
}
else { else {
/* make sure we're right justified */ /* make sure we're right justified */
sigSz = EncodeSignature(encodedSig, digest, digestSz, hashType); sigSz = EncodeSignature(encodedSig, digest, digestSz, hashType);
@@ -1624,6 +1648,26 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz,
ret = 0; /* ASN_VERIFY_MATCH_E; */ ret = 0; /* ASN_VERIFY_MATCH_E; */
else else
ret = 1; /* match */ ret = 1; /* match */
#ifdef CYASSL_DEBUG_ENCODING
{
int x;
printf("cyassl encodedSig:\n");
for (x = 0; x < sigSz; x++) {
printf("%02x ", encodedSig[x]);
if ( (x % 16) == 15)
printf("\n");
}
printf("\n");
printf("actual digest:\n");
for (x = 0; x < verifySz; x++) {
printf("%02x ", out[x]);
if ( (x % 16) == 15)
printf("\n");
}
printf("\n");
}
#endif /* CYASSL_DEBUG_ENCODING */
} }
} }
FreeRsaKey(&pubKey); FreeRsaKey(&pubKey);
@@ -1646,8 +1690,9 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz,
return 0; /* ASN_VERIFY_E */ return 0; /* ASN_VERIFY_E */
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
else else {
return 0; /* ASN_SIG_KEY_E; */ return 0; /* ASN_SIG_KEY_E; */
}
} }