From 133b38caa6fe0511e475419c39605d2c800c2230 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 21 Oct 2011 10:45:04 -0700 Subject: [PATCH] change default cert gen to SHAwRSA, add SHA256wRSA gen --- ctaocrypt/src/asn.c | 71 +++++++++++++++++++++++++++++++++------------ cyassl/test.h | 2 +- 2 files changed, 53 insertions(+), 20 deletions(-) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 92a421cb1..fd5f2eec0 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1636,15 +1636,16 @@ static word32 SetAlgoID(int algoOID, byte* output, int type) 0x02, 0x05, 0x05, 0x00 }; static const byte md2AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02, 0x05, 0x00}; - /* sigTypes */ static const byte md5wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x04, 0x05, 0x00}; - + 0x01, 0x01, 0x04, 0x05, 0x00}; + static const byte shawRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x05, 0x05, 0x00}; + static const byte sha256wRSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00}; /* keyTypes */ static const byte RSA_AlgoID[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00}; - int algoSz = 0; word32 idSz, seqSz; const byte* algoName = 0; @@ -1685,6 +1686,16 @@ static word32 SetAlgoID(int algoOID, byte* output, int type) algoName = md5wRSA_AlgoID; break; + case SHAwRSA: + algoSz = sizeof(shawRSA_AlgoID); + algoName = shawRSA_AlgoID; + break; + + case SHA256wRSA: + algoSz = sizeof(sha256wRSA_AlgoID); + algoName = sha256wRSA_AlgoID; + break; + default: CYASSL_MSG("Unknown Signature Algo"); return 0; @@ -2410,7 +2421,7 @@ int RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) /* Initialize and Set Certficate defaults: version = 3 (0x2) serial = 0 - sigType = MD5_WITH_RSA + sigType = SHA_WITH_RSA issuer = blank daysValid = 500 selfSigned = 1 (true) use subject as issuer @@ -2419,7 +2430,7 @@ int RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) void InitCert(Cert* cert) { cert->version = 2; /* version 3 is hex 2 */ - cert->sigType = MD5wRSA; + cert->sigType = SHAwRSA; cert->daysValid = 500; cert->selfSigned = 1; cert->isCA = 0; @@ -3021,20 +3032,40 @@ static int WriteCertBody(DerCert* der, byte* buffer) } -/* Make MD5wRSA signature from buffer (sz), write to sig (sigSz) */ +/* Make RSA signature from buffer (sz), write to sig (sigSz) */ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, - RsaKey* key, RNG* rng) + RsaKey* key, RNG* rng, int sigAlgoType) { - byte digest[SHA_DIGEST_SIZE]; /* max size */ + byte digest[SHA256_DIGEST_SIZE]; /* max size */ byte encSig[MAX_ENCODED_DIG_SZ + MAX_ALGO_SZ + MAX_SEQ_SZ]; int encSigSz, digestSz, typeH; - Md5 md5; /* md5 for now */ - InitMd5(&md5); - Md5Update(&md5, buffer, sz); - Md5Final(&md5, digest); - digestSz = MD5_DIGEST_SIZE; - typeH = MD5h; + if (sigAlgoType == MD5wRSA) { + Md5 md5; + InitMd5(&md5); + Md5Update(&md5, buffer, sz); + Md5Final(&md5, digest); + digestSz = MD5_DIGEST_SIZE; + typeH = MD5h; + } + else if (sigAlgoType == SHAwRSA) { + Sha sha; + InitSha(&sha); + ShaUpdate(&sha, buffer, sz); + ShaFinal(&sha, digest); + digestSz = SHA_DIGEST_SIZE; + typeH = SHAh; + } + else if (sigAlgoType == SHA256wRSA) { + Sha256 sha256; + InitSha256(&sha256); + Sha256Update(&sha256, buffer, sz); + Sha256Final(&sha256, digest); + digestSz = SHA256_DIGEST_SIZE; + typeH = SHA256h; + } + else + return ALGO_ID_E; /* signature */ encSigSz = EncodeSignature(encSig, digest, digestSz, typeH); @@ -3044,13 +3075,14 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, /* add signature to end of buffer, size of buffer assumed checked, return new length */ -static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz) +static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz, + int sigAlgoType) { byte seq[MAX_SEQ_SZ]; int idx = bodySz, seqSz; /* algo */ - idx += SetAlgoID(MD5wRSA, buffer + idx, sigType); + idx += SetAlgoID(sigAlgoType, buffer + idx, sigType); /* bit string */ buffer[idx++] = ASN_BIT_STRING; /* length */ @@ -3115,14 +3147,15 @@ int SignCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng) if (bodySz < 0) return bodySz; - sigSz = MakeSignature(buffer, bodySz, sig, sizeof(sig), key, rng); + sigSz = MakeSignature(buffer, bodySz, sig, sizeof(sig), key, rng, + cert->sigType); if (sigSz < 0) return sigSz; if (bodySz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz) return BUFFER_E; - return AddSignature(buffer, bodySz, sig, sigSz); + return AddSignature(buffer, bodySz, sig, sigSz, cert->sigType); } diff --git a/cyassl/test.h b/cyassl/test.h index d7f3db348..519bf4284 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -196,7 +196,7 @@ static INLINE void showPeer(SSL* ssl) printf("SSL cipher suite is %s\n", SSL_CIPHER_get_name(cipher)); #endif -#ifdef SESSION_CERTS +#if defined(SESSION_CERTS) && defined(SHOW_CERTS) { X509_CHAIN* chain = CyaSSL_get_peer_chain(ssl); int count = CyaSSL_get_chain_count(chain);