feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

added sha384 and sha512 to certificate checking

Browse Source
This commit is contained in:
John Safranek
2012-04-27 13:49:35 -07:00
parent 81be167ee2
commit 3fdca1f714
4 changed files with 117 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
ctaocrypt/src/asn.c
View File

@ -36,6 +36,7 @@
#include <cyassl/ctaocrypt/pwdbased.h> #include <cyassl/ctaocrypt/pwdbased.h>
#include <cyassl/ctaocrypt/des3.h> #include <cyassl/ctaocrypt/des3.h>
#include <cyassl/ctaocrypt/sha256.h> #include <cyassl/ctaocrypt/sha256.h>
#include <cyassl/ctaocrypt/sha512.h>
#include <cyassl/ctaocrypt/logging.h> #include <cyassl/ctaocrypt/logging.h>
#ifdef HAVE_NTRU #ifdef HAVE_NTRU
@ -1710,6 +1711,10 @@ static word32 SetAlgoID(int algoOID, byte* output, int type)
0x05, 0x00 }; 0x05, 0x00 };
static const byte sha256AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, static const byte sha256AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x01, 0x05, 0x00 }; 0x04, 0x02, 0x01, 0x05, 0x00 };
static const byte sha384AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x02, 0x05, 0x00 };
static const byte sha512AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
0x04, 0x02, 0x03, 0x05, 0x00 };
static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x02, 0x05, 0x05, 0x00 }; 0x02, 0x05, 0x05, 0x00 };
static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
@ -1721,6 +1726,10 @@ static word32 SetAlgoID(int algoOID, byte* output, int type)
0x01, 0x01, 0x05, 0x05, 0x00}; 0x01, 0x01, 0x05, 0x05, 0x00};
static const byte sha256wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, static const byte sha256wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00}; 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00};
static const byte sha384wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00};
static const byte sha512wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00};
/* keyTypes */ /* keyTypes */
static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d,
0x01, 0x01, 0x01, 0x05, 0x00}; 0x01, 0x01, 0x01, 0x05, 0x00};
@ -1742,6 +1751,16 @@ static word32 SetAlgoID(int algoOID, byte* output, int type)
algoName = sha256AlgoID; algoName = sha256AlgoID;
break; break;
case SHA384h:
algoSz = sizeof(sha384AlgoID);
algoName = sha384AlgoID;
break;
case SHA512h:
algoSz = sizeof(sha512AlgoID);
algoName = sha512AlgoID;
break;
case MD2h: case MD2h:
algoSz = sizeof(md2AlgoID); algoSz = sizeof(md2AlgoID);
algoName = md2AlgoID; algoName = md2AlgoID;
@ -1774,6 +1793,16 @@ static word32 SetAlgoID(int algoOID, byte* output, int type)
algoName = sha256wRSA_AlgoID; algoName = sha256wRSA_AlgoID;
break; break;
case CTC_SHA384wRSA:
algoSz = sizeof(sha384wRSA_AlgoID);
algoName = sha384wRSA_AlgoID;
break;
case CTC_SHA512wRSA:
algoSz = sizeof(sha512wRSA_AlgoID);
algoName = sha512wRSA_AlgoID;
break;
default: default:
CYASSL_MSG("Unknown Signature Algo"); CYASSL_MSG("Unknown Signature Algo");
return 0; return 0;
@ -1832,7 +1861,9 @@ word32 EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID)
static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz,
word32 keyOID) word32 keyOID)
{ {
#ifndef NO_SHA256 #ifdef CYASSL_SHA512
byte digest[SHA512_DIGEST_SIZE]; /* max size */
#elif !defined(NO_SHA256)
byte digest[SHA256_DIGEST_SIZE]; /* max size */ byte digest[SHA256_DIGEST_SIZE]; /* max size */
#else #else
byte digest[SHA_DIGEST_SIZE]; /* max size */ byte digest[SHA_DIGEST_SIZE]; /* max size */
@ -1870,6 +1901,30 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz,
typeH = SHA256h; typeH = SHA256h;
digestSz = SHA256_DIGEST_SIZE; digestSz = SHA256_DIGEST_SIZE;
} }
#endif
#ifdef CYASSL_SHA512
else if (cert->signatureOID == CTC_SHA512wRSA ||
cert->signatureOID == CTC_SHA512wECDSA) {
Sha512 sha512;
InitSha512(&sha512);
Sha512Update(&sha512, cert->source + cert->certBegin,
cert->sigIndex - cert->certBegin);
Sha512Final(&sha512, digest);
typeH = SHA512h;
digestSz = SHA512_DIGEST_SIZE;
}
#endif
#ifdef CYASSL_SHA384
else if (cert->signatureOID == CTC_SHA384wRSA ||
cert->signatureOID == CTC_SHA384wECDSA) {
Sha384 sha384;
InitSha384(&sha384);
Sha384Update(&sha384, cert->source + cert->certBegin,
cert->sigIndex - cert->certBegin);
Sha384Final(&sha384, digest);
typeH = SHA384h;
digestSz = SHA384_DIGEST_SIZE;
}
#endif #endif
else { else {
CYASSL_MSG("Verify Signautre has unsupported type"); CYASSL_MSG("Verify Signautre has unsupported type");

4
cyassl/ctaocrypt/asn.h
View File

@ -150,7 +150,9 @@ enum Hash_Sum {
MD2h = 646, MD2h = 646,
MD5h = 649, MD5h = 649,
SHAh = 88, SHAh = 88,
SHA256h = 414 SHA256h = 414,
SHA384h = 415,
SHA512h = 416
}; };

6
cyassl/ctaocrypt/asn_public.h
View File

@ -51,7 +51,11 @@ enum Ctc_SigType {
CTC_SHAwRSA = 649, CTC_SHAwRSA = 649,
CTC_SHAwECDSA = 520, CTC_SHAwECDSA = 520,
CTC_SHA256wRSA = 655, CTC_SHA256wRSA = 655,
CTC_SHA256wECDSA = 524 CTC_SHA256wECDSA = 524,
CTC_SHA384wRSA = 656,
CTC_SHA384wECDSA = 525,
CTC_SHA512wRSA = 657,
CTC_SHA512wECDSA = 526
}; };

53
tests/hash.c
View File

@ -47,6 +47,7 @@ int md5_test(void);
int sha_test(void); int sha_test(void);
int sha256_test(void); int sha256_test(void);
int sha512_test(void); int sha512_test(void);
int sha384_test(void);
int ripemd_test(void); int ripemd_test(void);
int hmac_test(void); int hmac_test(void);
@ -90,6 +91,14 @@ int HashTest(void)
printf( " SHA-512 test passed!\n"); printf( " SHA-512 test passed!\n");
#endif #endif
#ifdef CYASSL_SHA384
if ( (ret = sha384_test()) ) {
printf( " SHA-384 test failed!\n");
return ret;
} else
printf( " SHA-384 test passed!\n");
#endif
#ifdef CYASSL_RIPEMD #ifdef CYASSL_RIPEMD
if ( (ret = ripemd_test()) ) { if ( (ret = ripemd_test()) ) {
printf( " RIPEMD test failed!\n"); printf( " RIPEMD test failed!\n");
@ -388,6 +397,50 @@ int sha512_test(void)
} }
#endif #endif
#ifdef CYASSL_SHA384
int sha384_test()
{
Sha384 sha;
byte hash[SHA384_DIGEST_SIZE];
testVector a, b;
testVector test_sha[2];
int times = sizeof(test_sha) / sizeof(struct testVector), i;
a.input = "abc";
a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
"\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
"\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
"\xc8\x25\xa7";
a.inLen = strlen(a.input);
a.outLen = strlen(a.output);
b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
"jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
b.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
"\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
"\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
"\x74\x60\x39";
b.inLen = strlen(b.input);
b.outLen = strlen(b.output);
test_sha[0] = a;
test_sha[1] = b;
InitSha384(&sha);
for (i = 0; i < times; ++i) {
Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen);
Sha384Final(&sha, hash);
if (memcmp(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0)
return -10 - i;
}
return 0;
}
#endif
#ifdef CYASSL_RIPEMD #ifdef CYASSL_RIPEMD
int ripemd_test(void) int ripemd_test(void)
{ {