diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 076323c53..c89f4e172 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #ifdef HAVE_NTRU @@ -1710,6 +1711,10 @@ static word32 SetAlgoID(int algoOID, byte* output, int type) 0x05, 0x00 }; static const byte sha256AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00 }; + static const byte sha384AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x02, 0x05, 0x00 }; + static const byte sha512AlgoID[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x03, 0x05, 0x00 }; static const byte md5AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00 }; static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, @@ -1721,6 +1726,10 @@ static word32 SetAlgoID(int algoOID, byte* output, int type) 0x01, 0x01, 0x05, 0x05, 0x00}; static const byte sha256wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00}; + static const byte sha384wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0c, 0x05, 0x00}; + static const byte sha512wRSA_AlgoID[] = {0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0d, 0x05, 0x00}; /* keyTypes */ static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00}; @@ -1742,6 +1751,16 @@ static word32 SetAlgoID(int algoOID, byte* output, int type) algoName = sha256AlgoID; break; + case SHA384h: + algoSz = sizeof(sha384AlgoID); + algoName = sha384AlgoID; + break; + + case SHA512h: + algoSz = sizeof(sha512AlgoID); + algoName = sha512AlgoID; + break; + case MD2h: algoSz = sizeof(md2AlgoID); algoName = md2AlgoID; @@ -1774,6 +1793,16 @@ static word32 SetAlgoID(int algoOID, byte* output, int type) algoName = sha256wRSA_AlgoID; break; + case CTC_SHA384wRSA: + algoSz = sizeof(sha384wRSA_AlgoID); + algoName = sha384wRSA_AlgoID; + break; + + case CTC_SHA512wRSA: + algoSz = sizeof(sha512wRSA_AlgoID); + algoName = sha512wRSA_AlgoID; + break; + default: CYASSL_MSG("Unknown Signature Algo"); return 0; @@ -1832,7 +1861,9 @@ word32 EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID) static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, word32 keyOID) { -#ifndef NO_SHA256 +#ifdef CYASSL_SHA512 + byte digest[SHA512_DIGEST_SIZE]; /* max size */ +#elif !defined(NO_SHA256) byte digest[SHA256_DIGEST_SIZE]; /* max size */ #else byte digest[SHA_DIGEST_SIZE]; /* max size */ @@ -1870,6 +1901,30 @@ static int ConfirmSignature(DecodedCert* cert, const byte* key, word32 keySz, typeH = SHA256h; digestSz = SHA256_DIGEST_SIZE; } +#endif +#ifdef CYASSL_SHA512 + else if (cert->signatureOID == CTC_SHA512wRSA || + cert->signatureOID == CTC_SHA512wECDSA) { + Sha512 sha512; + InitSha512(&sha512); + Sha512Update(&sha512, cert->source + cert->certBegin, + cert->sigIndex - cert->certBegin); + Sha512Final(&sha512, digest); + typeH = SHA512h; + digestSz = SHA512_DIGEST_SIZE; + } +#endif +#ifdef CYASSL_SHA384 + else if (cert->signatureOID == CTC_SHA384wRSA || + cert->signatureOID == CTC_SHA384wECDSA) { + Sha384 sha384; + InitSha384(&sha384); + Sha384Update(&sha384, cert->source + cert->certBegin, + cert->sigIndex - cert->certBegin); + Sha384Final(&sha384, digest); + typeH = SHA384h; + digestSz = SHA384_DIGEST_SIZE; + } #endif else { CYASSL_MSG("Verify Signautre has unsupported type"); diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index cbb84c4e3..930ac7662 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -151,7 +151,9 @@ enum Hash_Sum { MD2h = 646, MD5h = 649, SHAh = 88, - SHA256h = 414 + SHA256h = 414, + SHA384h = 415, + SHA512h = 416 }; diff --git a/cyassl/ctaocrypt/asn_public.h b/cyassl/ctaocrypt/asn_public.h index 200470e21..8a16b5ef2 100644 --- a/cyassl/ctaocrypt/asn_public.h +++ b/cyassl/ctaocrypt/asn_public.h @@ -51,7 +51,11 @@ enum Ctc_SigType { CTC_SHAwRSA = 649, CTC_SHAwECDSA = 520, CTC_SHA256wRSA = 655, - CTC_SHA256wECDSA = 524 + CTC_SHA256wECDSA = 524, + CTC_SHA384wRSA = 656, + CTC_SHA384wECDSA = 525, + CTC_SHA512wRSA = 657, + CTC_SHA512wECDSA = 526 }; diff --git a/tests/hash.c b/tests/hash.c index cc4dc5fe5..70dd00f4e 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -47,6 +47,7 @@ int md5_test(void); int sha_test(void); int sha256_test(void); int sha512_test(void); +int sha384_test(void); int ripemd_test(void); int hmac_test(void); @@ -90,6 +91,14 @@ int HashTest(void) printf( " SHA-512 test passed!\n"); #endif +#ifdef CYASSL_SHA384 + if ( (ret = sha384_test()) ) { + printf( " SHA-384 test failed!\n"); + return ret; + } else + printf( " SHA-384 test passed!\n"); +#endif + #ifdef CYASSL_RIPEMD if ( (ret = ripemd_test()) ) { printf( " RIPEMD test failed!\n"); @@ -388,6 +397,50 @@ int sha512_test(void) } #endif +#ifdef CYASSL_SHA384 +int sha384_test() +{ + Sha384 sha; + byte hash[SHA384_DIGEST_SIZE]; + + testVector a, b; + testVector test_sha[2]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = "abc"; + a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" + "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" + "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" + "\xc8\x25\xa7"; + a.inLen = strlen(a.input); + a.outLen = strlen(a.output); + + b.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + b.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" + "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" + "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" + "\x74\x60\x39"; + b.inLen = strlen(b.input); + b.outLen = strlen(b.output); + + test_sha[0] = a; + test_sha[1] = b; + + InitSha384(&sha); + + for (i = 0; i < times; ++i) { + Sha384Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); + Sha384Final(&sha, hash); + + if (memcmp(hash, test_sha[i].output, SHA384_DIGEST_SIZE) != 0) + return -10 - i; + } + + return 0; +} +#endif + #ifdef CYASSL_RIPEMD int ripemd_test(void) {