From b0bd12beda30ad1e1cc411236514f8b927ecfe49 Mon Sep 17 00:00:00 2001 From: cameronrich Date: Tue, 10 Mar 2015 03:08:16 +0000 Subject: [PATCH] * Added SHA384 and SHA512 digests. git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@245 9a5d90b5-6617-0410-8a86-bb477d3ed2e3 --- crypto/Makefile | 4 +- crypto/crypto.h | 41 ++++++- crypto/os_int.h | 1 + crypto/sha256.c | 4 +- crypto/sha384.c | 76 +++++++++++++ crypto/sha512.c | 220 +++++++++++++++++++++++++++++++++++++ ssl/Makefile | 4 +- ssl/asn1.c | 43 +++++++- ssl/crypto_misc.h | 5 +- ssl/test/Makefile | 5 +- ssl/test/comodo.sha384.cer | 32 ++++++ ssl/test/ssltest.c | 135 ++++++++++++++++++++++- ssl/tls1.c | 4 +- ssl/x509.c | 90 ++++++++++----- 14 files changed, 619 insertions(+), 45 deletions(-) create mode 100644 crypto/sha384.c create mode 100644 crypto/sha512.c create mode 100644 ssl/test/comodo.sha384.cer diff --git a/crypto/Makefile b/crypto/Makefile index 360843d3c..126ae78a4 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -42,7 +42,9 @@ OBJ=\ rc4.o \ rsa.o \ sha1.o \ - sha256.o + sha256.o \ + sha384.o \ + sha512.o include ../config/makefile.post diff --git a/crypto/crypto.h b/crypto/crypto.h index 43e6cec79..17ce8ad72 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2014, Cameron Rich + * Copyright (c) 2007-2015, Cameron Rich * * All rights reserved. * @@ -137,7 +137,44 @@ typedef struct void SHA256_Init(SHA256_CTX *c); void SHA256_Update(SHA256_CTX *, const uint8_t *input, int len); -void SHA256_Final(uint8_t digest[32], SHA256_CTX *); +void SHA256_Final(uint8_t *digest, SHA256_CTX *); + +/************************************************************************** + * SHA512 declarations + **************************************************************************/ + +#define SHA512_SIZE 64 + +typedef struct +{ + union + { + uint64_t h[8]; + uint8_t digest[64]; + }; + union + { + uint64_t w[80]; + uint8_t buffer[128]; + }; + size_t size; + uint64_t totalSize; +} SHA512_CTX; + +void SHA512_Init(SHA512_CTX *c); +void SHA512_Update(SHA512_CTX *, const uint8_t *input, int len); +void SHA512_Final(uint8_t *digest, SHA512_CTX *); + +/************************************************************************** + * SHA384 declarations + **************************************************************************/ + +#define SHA384_SIZE 48 + +typedef SHA512_CTX SHA384_CTX; +void SHA384_Init(SHA384_CTX *c); +void SHA384_Update(SHA384_CTX *, const uint8_t *input, int len); +void SHA384_Final(uint8_t *digest, SHA384_CTX *); /************************************************************************** * MD5 declarations diff --git a/crypto/os_int.h b/crypto/os_int.h index 878856723..69e06c50e 100644 --- a/crypto/os_int.h +++ b/crypto/os_int.h @@ -56,6 +56,7 @@ typedef INT64 int64_t; #include #else #include +#include #endif /* Not Solaris */ #endif /* Not Win32 */ diff --git a/crypto/sha256.c b/crypto/sha256.c index 7d6af4d86..50f5f8cef 100644 --- a/crypto/sha256.c +++ b/crypto/sha256.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001-2003 Christophe Devine + * Copyright (c) 2015, Cameron Rich * * All rights reserved. * @@ -74,7 +74,7 @@ void SHA256_Init(SHA256_CTX *ctx) ctx->state[7] = 0x5BE0CD19; } -void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx) +static void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx) { uint32_t temp1, temp2, W[64]; uint32_t A, B, C, D, E, F, G, H; diff --git a/crypto/sha384.c b/crypto/sha384.c new file mode 100644 index 000000000..58ed6965c --- /dev/null +++ b/crypto/sha384.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2015, Cameron Rich + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the axTLS project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include "os_port.h" +#include "crypto.h" + +/** +* Initialize the SHA384 context +*/ + void SHA384_Init(SHA384_CTX *ctx) + { + //Set initial hash value + ctx->h[0] = 0xCBBB9D5DC1059ED8; + ctx->h[1] = 0x629A292A367CD507; + ctx->h[2] = 0x9159015A3070DD17; + ctx->h[3] = 0x152FECD8F70E5939; + ctx->h[4] = 0x67332667FFC00B31; + ctx->h[5] = 0x8EB44A8768581511; + ctx->h[6] = 0xDB0C2E0D64F98FA7; + ctx->h[7] = 0x47B5481DBEFA4FA4; + + // Number of bytes in the buffer + ctx->size = 0; + // Total length of the message + ctx->totalSize = 0; + } + +/** +* Accepts an array of octets as the next portion of the message. +*/ +void SHA384_Update(SHA384_CTX *ctx, const uint8_t * msg, int len) +{ + // The function is defined in the exact same manner as SHA-512 + SHA512_Update(ctx, msg, len); +} + +/** +* Return the 384-bit message digest into the user's array +*/ +void SHA384_Final(uint8_t *digest, SHA384_CTX *ctx) +{ + // The function is defined in the exact same manner as SHA-512 + SHA512_Final(NULL, ctx); + + // Copy the resulting digest + if (digest != NULL) + memcpy(digest, ctx->digest, SHA384_SIZE); +} + diff --git a/crypto/sha512.c b/crypto/sha512.c new file mode 100644 index 000000000..36abb096b --- /dev/null +++ b/crypto/sha512.c @@ -0,0 +1,220 @@ +/* + * Copyright (c) 2015, Cameron Rich + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the axTLS project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include "os_port.h" +#include "crypto.h" + +#define SHR64(a, n) ((a) >> (n)) +#define ROR64(a, n) (((a) >> (n)) | ((a) << (64 - (n)))) +#define CH(x, y, z) (((x) & (y)) | (~(x) & (z))) +#define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) +#define SIGMA1(x) (ROR64(x, 28) ^ ROR64(x, 34) ^ ROR64(x, 39)) +#define SIGMA2(x) (ROR64(x, 14) ^ ROR64(x, 18) ^ ROR64(x, 41)) +#define SIGMA3(x) (ROR64(x, 1) ^ ROR64(x, 8) ^ SHR64(x, 7)) +#define SIGMA4(x) (ROR64(x, 19) ^ ROR64(x, 61) ^ SHR64(x, 6)) +#define MIN(x, y) ((x) < (y) ? x : y) + +static const uint8_t padding[128] = +{ + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +static const uint64_t k[80] = +{ + 0x428A2F98D728AE22, 0x7137449123EF65CD, 0xB5C0FBCFEC4D3B2F, 0xE9B5DBA58189DBBC, + 0x3956C25BF348B538, 0x59F111F1B605D019, 0x923F82A4AF194F9B, 0xAB1C5ED5DA6D8118, + 0xD807AA98A3030242, 0x12835B0145706FBE, 0x243185BE4EE4B28C, 0x550C7DC3D5FFB4E2, + 0x72BE5D74F27B896F, 0x80DEB1FE3B1696B1, 0x9BDC06A725C71235, 0xC19BF174CF692694, + 0xE49B69C19EF14AD2, 0xEFBE4786384F25E3, 0x0FC19DC68B8CD5B5, 0x240CA1CC77AC9C65, + 0x2DE92C6F592B0275, 0x4A7484AA6EA6E483, 0x5CB0A9DCBD41FBD4, 0x76F988DA831153B5, + 0x983E5152EE66DFAB, 0xA831C66D2DB43210, 0xB00327C898FB213F, 0xBF597FC7BEEF0EE4, + 0xC6E00BF33DA88FC2, 0xD5A79147930AA725, 0x06CA6351E003826F, 0x142929670A0E6E70, + 0x27B70A8546D22FFC, 0x2E1B21385C26C926, 0x4D2C6DFC5AC42AED, 0x53380D139D95B3DF, + 0x650A73548BAF63DE, 0x766A0ABB3C77B2A8, 0x81C2C92E47EDAEE6, 0x92722C851482353B, + 0xA2BFE8A14CF10364, 0xA81A664BBC423001, 0xC24B8B70D0F89791, 0xC76C51A30654BE30, + 0xD192E819D6EF5218, 0xD69906245565A910, 0xF40E35855771202A, 0x106AA07032BBD1B8, + 0x19A4C116B8D2D0C8, 0x1E376C085141AB53, 0x2748774CDF8EEB99, 0x34B0BCB5E19B48A8, + 0x391C0CB3C5C95A63, 0x4ED8AA4AE3418ACB, 0x5B9CCA4F7763E373, 0x682E6FF3D6B2B8A3, + 0x748F82EE5DEFB2FC, 0x78A5636F43172F60, 0x84C87814A1F0AB72, 0x8CC702081A6439EC, + 0x90BEFFFA23631E28, 0xA4506CEBDE82BDE9, 0xBEF9A3F7B2C67915, 0xC67178F2E372532B, + 0xCA273ECEEA26619C, 0xD186B8C721C0C207, 0xEADA7DD6CDE0EB1E, 0xF57D4F7FEE6ED178, + 0x06F067AA72176FBA, 0x0A637DC5A2C898A6, 0x113F9804BEF90DAE, 0x1B710B35131C471B, + 0x28DB77F523047D84, 0x32CAAB7B40C72493, 0x3C9EBE0A15C9BEBC, 0x431D67C49C100D4C, + 0x4CC5D4BECB3E42B6, 0x597F299CFC657E2A, 0x5FCB6FAB3AD6FAEC, 0x6C44198C4A475817 +}; + +/** +* Initialize the SHA512 context +*/ +void SHA512_Init(SHA512_CTX *ctx) +{ + ctx->h[0] = 0x6A09E667F3BCC908; + ctx->h[1] = 0xBB67AE8584CAA73B; + ctx->h[2] = 0x3C6EF372FE94F82B; + ctx->h[3] = 0xA54FF53A5F1D36F1; + ctx->h[4] = 0x510E527FADE682D1; + ctx->h[5] = 0x9B05688C2B3E6C1F; + ctx->h[6] = 0x1F83D9ABFB41BD6B; + ctx->h[7] = 0x5BE0CD19137E2179; + ctx->size = 0; + ctx->totalSize = 0; +} + +static void SHA512_Process(SHA512_CTX *ctx) +{ + int t; + uint64_t temp1; + uint64_t temp2; + + // Initialize the 8 working registers + uint64_t a = ctx->h[0]; + uint64_t b = ctx->h[1]; + uint64_t c = ctx->h[2]; + uint64_t d = ctx->h[3]; + uint64_t e = ctx->h[4]; + uint64_t f = ctx->h[5]; + uint64_t g = ctx->h[6]; + uint64_t h = ctx->h[7]; + + // Process message in 16-word blocks + uint64_t *w = ctx->w; + + // Convert from big-endian byte order to host byte order + for (t = 0; t < 16; t++) + w[t] = be64toh(w[t]); + + // Prepare the message schedule + for (t = 16; t < 80; t++) + w[t] = SIGMA4(w[t - 2]) + w[t - 7] + SIGMA3(w[t - 15]) + w[t - 16]; + + // SHA-512 hash computation + for (t = 0; t < 80; t++) + { + // Calculate T1 and T2 + temp1 = h + SIGMA2(e) + CH(e, f, g) + k[t] + w[t]; + temp2 = SIGMA1(a) + MAJ(a, b, c); + + // Update the working registers + h = g; + g = f; + f = e; + e = d + temp1; + d = c; + c = b; + b = a; + a = temp1 + temp2; + } + + // Update the hash value + ctx->h[0] += a; + ctx->h[1] += b; + ctx->h[2] += c; + ctx->h[3] += d; + ctx->h[4] += e; + ctx->h[5] += f; + ctx->h[6] += g; + ctx->h[7] += h; + } + +/** +* Accepts an array of octets as the next portion of the message. +*/ +void SHA512_Update(SHA512_CTX *ctx, const uint8_t * msg, int len) +{ + // Process the incoming data + while (len > 0) + { + // The buffer can hold at most 128 bytes + size_t n = MIN(len, 128 - ctx->size); + + // Copy the data to the buffer + memcpy(ctx->buffer + ctx->size, msg, n); + + // Update the SHA-512 ctx + ctx->size += n; + ctx->totalSize += n; + // Advance the data pointer + msg = (uint8_t *) msg + n; + // Remaining bytes to process + len -= n; + + // Process message in 16-word blocks + if (ctx->size == 128) + { + // Transform the 16-word block + SHA512_Process(ctx); + // Empty the buffer + ctx->size = 0; + } + } +} + +/** +* Return the 512-bit message digest into the user's array +*/ +void SHA512_Final(uint8_t *digest, SHA512_CTX *ctx) +{ + int i; + size_t paddingSize; + uint64_t totalSize; + + // Length of the original message (before padding) + totalSize = ctx->totalSize * 8; + + // Pad the message so that its length is congruent to 112 modulo 128 + paddingSize = (ctx->size < 112) ? (112 - ctx->size) : + (128 + 112 - ctx->size); + // Append padding + SHA512_Update(ctx, padding, paddingSize); + + // Append the length of the original message + ctx->w[14] = 0; + ctx->w[15] = be64toh(totalSize); + + // Calculate the message digest + SHA512_Process(ctx); + + // Convert from host byte order to big-endian byte order + for (i = 0; i < 8; i++) + ctx->h[i] = be64toh(ctx->h[i]); + + // Copy the resulting digest + if (digest != NULL) + memcpy(digest, ctx->digest, SHA512_SIZE); + } + diff --git a/ssl/Makefile b/ssl/Makefile index b8dd55a92..a9e872c14 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -73,7 +73,9 @@ CRYPTO_OBJ=\ $(CRYPTO_PATH)rc4.o \ $(CRYPTO_PATH)rsa.o \ $(CRYPTO_PATH)sha1.o \ - $(CRYPTO_PATH)sha256.o + $(CRYPTO_PATH)sha256.o \ + $(CRYPTO_PATH)sha384.o \ + $(CRYPTO_PATH)sha512.o OBJ=\ asn1.o \ diff --git a/ssl/asn1.c b/ssl/asn1.c index f2d0c0232..0a139bb51 100644 --- a/ssl/asn1.c +++ b/ssl/asn1.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2014, Cameron Rich + * Copyright (c) 2007-2015, Cameron Rich * * All rights reserved. * @@ -40,22 +40,41 @@ #include "crypto.h" #include "crypto_misc.h" -/* Must be an RSA algorithm with either SHA1/SHA256/MD5 for verifying to work */ +/* 1.2.840.113549.1.1 OID prefix - handle the following */ +/* md5WithRSAEncryption(4) */ +/* sha1WithRSAEncryption(5) */ +/* sha256WithRSAEncryption (11) */ +/* sha384WithRSAEncryption (12) */ +/* sha512WithRSAEncryption (13) */ static const uint8_t sig_oid_prefix[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01 }; +/* 1.3.14.3.2.29 SHA1 with RSA signature */ static const uint8_t sig_sha1WithRSAEncrypt[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1d }; -static const uint8_t sig_sha256WithRSAEncrypt[] = +/* 2.16.840.1.101.3.4.2.1 SHA-256 */ +static const uint8_t sig_sha256[] = { 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 }; +/* 2.16.840.1.101.3.4.2.2 SHA-384 */ +static const uint8_t sig_sha384[] = +{ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 +}; + +/* 2.16.840.1.101.3.4.2.3 SHA-512 */ +static const uint8_t sig_sha512[] = +{ + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 +}; + static const uint8_t sig_subject_alt_name[] = { 0x55, 0x1d, 0x11 @@ -588,12 +607,24 @@ int asn1_signature_type(const uint8_t *cert, { x509_ctx->sig_type = SIG_TYPE_SHA1; } - else if (len == sizeof(sig_sha256WithRSAEncrypt) && - memcmp(sig_sha256WithRSAEncrypt, &cert[*offset], - sizeof(sig_sha256WithRSAEncrypt)) == 0) + else if (len == sizeof(sig_sha256) && + memcmp(sig_sha256, &cert[*offset], + sizeof(sig_sha256)) == 0) { x509_ctx->sig_type = SIG_TYPE_SHA256; } + else if (len == sizeof(sig_sha384) && + memcmp(sig_sha384, &cert[*offset], + sizeof(sig_sha384)) == 0) + { + x509_ctx->sig_type = SIG_TYPE_SHA384; + } + else if (len == sizeof(sig_sha512) && + memcmp(sig_sha512, &cert[*offset], + sizeof(sig_sha512)) == 0) + { + x509_ctx->sig_type = SIG_TYPE_SHA512; + } else { if (memcmp(sig_oid_prefix, &cert[*offset], sizeof(sig_oid_prefix))) diff --git a/ssl/crypto_misc.h b/ssl/crypto_misc.h index be7607941..7aba4a409 100644 --- a/ssl/crypto_misc.h +++ b/ssl/crypto_misc.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, Cameron Rich + * Copyright (c) 2007-2015, Cameron Rich * * All rights reserved. * @@ -55,6 +55,7 @@ extern "C" { #define X509_VFY_ERROR_INVALID_CHAIN -7 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8 #define X509_INVALID_PRIV_KEY -9 +#define X509_MAX_CERTS -10 /* * The Distinguished Name @@ -127,6 +128,8 @@ const char * x509_display_error(int error); #define SIG_TYPE_MD5 0x04 #define SIG_TYPE_SHA1 0x05 #define SIG_TYPE_SHA256 0x0b +#define SIG_TYPE_SHA384 0x0c +#define SIG_TYPE_SHA512 0x0d uint32_t get_asn1_length(const uint8_t *buf, int *offset); int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx); diff --git a/ssl/test/Makefile b/ssl/test/Makefile index 181f9aca4..b1d75384a 100644 --- a/ssl/test/Makefile +++ b/ssl/test/Makefile @@ -71,7 +71,10 @@ CRYPTO_OBJ=\ $(CRYPTO_PATH)md5.obj \ $(CRYPTO_PATH)rc4.obj \ $(CRYPTO_PATH)rsa.obj \ - $(CRYPTO_PATH)sha1.obj + $(CRYPTO_PATH)sha1.obj \ + $(CRYPTO_PATH)sha256.obj \ + $(CRYPTO_PATH)sha384.obj \ + $(CRYPTO_PATH)sha512.obj OBJ=\ $(AXTLS_SSL_PATH)asn1.obj \ diff --git a/ssl/test/comodo.sha384.cer b/ssl/test/comodo.sha384.cer new file mode 100644 index 000000000..b52ea610d --- /dev/null +++ b/ssl/test/comodo.sha384.cer @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv +MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk +ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF +eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow +gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO +BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD +VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw +AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6 +2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr +ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt +4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq +m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/ +vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT +8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE +IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO +KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO +GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/ +s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g +JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD +AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9 +MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy +bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6 +Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ +zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj +Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY +Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5 +B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx +PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR +pu/xO28QOG8= +-----END CERTIFICATE----- diff --git a/ssl/test/ssltest.c b/ssl/test/ssltest.c index b36f0f996..707213c78 100644 --- a/ssl/test/ssltest.c +++ b/ssl/test/ssltest.c @@ -326,7 +326,7 @@ static int SHA256_test(BI_CTX *bi_ctx) if (memcmp(digest, ct, sizeof(ct))) { - printf("Error: SHA256 # failed\n"); + printf("Error: SHA256 #1 failed\n"); goto end; } } @@ -356,6 +356,112 @@ end: return res; } +/************************************************************************** + * SHA384 tests + * + * Run through a couple of the SHA-2 tests to verify that SHA384 is correct. + **************************************************************************/ +static int SHA384_test(BI_CTX *bi_ctx) +{ + SHA384_CTX ctx; + uint8_t ct[SHA384_SIZE]; + uint8_t digest[SHA384_SIZE]; + int res = 1; + + { + const char *in_str = "abc"; + bigint *ct_bi = bi_str_import(bi_ctx, + "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7"); + bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE); + + SHA384_Init(&ctx); + SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); + SHA384_Final(digest, &ctx); + + if (memcmp(digest, ct, sizeof(ct))) + { + printf("Error: SHA384 #1 failed\n"); + goto end; + } + } + + { + const char *in_str = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + bigint *ct_bi = bi_str_import(bi_ctx, + "3391FDDDFC8DC7393707A65B1B4709397CF8B1D162AF05ABFE8F450DE5F36BC6B0455A8520BC4E6F5FE95B1FE3C8452B"); + bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE); + + SHA384_Init(&ctx); + SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); + SHA384_Final(digest, &ctx); + + if (memcmp(digest, ct, sizeof(ct))) + { + printf("Error: SHA384 #2 failed\n"); + goto end; + } + } + + res = 0; + printf("All SHA384 tests passed\n"); + +end: + return res; +} +/************************************************************************** + * SHA512 tests + * + * Run through a couple of the SHA-2 tests to verify that SHA512 is correct. + **************************************************************************/ +static int SHA512_test(BI_CTX *bi_ctx) +{ + SHA512_CTX ctx; + uint8_t ct[SHA512_SIZE]; + uint8_t digest[SHA512_SIZE]; + int res = 1; + + { + const char *in_str = "abc"; + bigint *ct_bi = bi_str_import(bi_ctx, + "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F"); + bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE); + + SHA512_Init(&ctx); + SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); + SHA512_Final(digest, &ctx); + + if (memcmp(digest, ct, sizeof(ct))) + { + printf("Error: SHA512 #1 failed\n"); + goto end; + } + } + + { + const char *in_str = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + bigint *ct_bi = bi_str_import(bi_ctx, + "204A8FC6DDA82F0A0CED7BEB8E08A41657C16EF468B228A8279BE331A703C33596FD15C13B1B07F9AA1D3BEA57789CA031AD85C7A71DD70354EC631238CA3445"); + bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE); + + SHA512_Init(&ctx); + SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str)); + SHA512_Final(digest, &ctx); + + if (memcmp(digest, ct, sizeof(ct))) + { + printf("Error: SHA512 #2 failed\n"); + goto end; + } + } + + res = 0; + printf("All SHA512 tests passed\n"); + +end: + return res; +} /************************************************************************** * MD5 tests * @@ -720,6 +826,17 @@ static int cert_tests(void) ssl_ctx_free(ssl_ctx); + ssl_ctx = ssl_ctx_new(0, 0); + if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, + "../ssl/test/comodo.sha384.cer", NULL)) != SSL_OK) + { + printf("Cert #8\n"); + ssl_display_error(res); + goto bad_cert; + } + + ssl_ctx_free(ssl_ctx); + ssl_ctx = ssl_ctx_new(0, 0); if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK) @@ -748,11 +865,11 @@ static int cert_tests(void) x509_free(x509_ctx); free(buf); + // this bundle has two DSA (1.2.840.10040.4.3 invalid) certificates ssl_ctx = ssl_ctx_new(0, 0); if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, "../ssl/test/ca-bundle.crt", NULL)) { - printf("Cert #12\n"); goto bad_cert; } @@ -2236,6 +2353,20 @@ int main(int argc, char *argv[]) } TTY_FLUSH(); + if (SHA384_test(bi_ctx)) + { + printf("SHA384 tests failed\n"); + goto cleanup; + } + TTY_FLUSH(); + + if (SHA512_test(bi_ctx)) + { + printf("SHA512 tests failed\n"); + goto cleanup; + } + TTY_FLUSH(); + if (HMAC_test(bi_ctx)) { printf("HMAC tests failed\n"); diff --git a/ssl/tls1.c b/ssl/tls1.c index b2a7d57b9..d38904b1a 100755 --- a/ssl/tls1.c +++ b/ssl/tls1.c @@ -388,7 +388,7 @@ error: */ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len) { - int ret = SSL_OK; /* ignore errors for now */ + int ret = X509_OK; /* ignore errors for now */ int i = 0; CA_CERT_CTX *ca_cert_ctx; @@ -410,10 +410,10 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len) "compile-time configuration required\n", CONFIG_X509_MAX_CA_CERTS); #endif + ret = X509_MAX_CERTS; break; } - /* ignore the return code */ if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK) { diff --git a/ssl/x509.c b/ssl/x509.c index 63af7653f..3526e60ab 100644 --- a/ssl/x509.c +++ b/ssl/x509.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007-2014, Cameron Rich + * Copyright (c) 2007-2015, Cameron Rich * * All rights reserved. * @@ -120,33 +120,63 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx) bi_ctx = x509_ctx->rsa_ctx->bi_ctx; #ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */ - /* use the appropriate signature algorithm (SHA1/MD5/SHA256) */ - if (x509_ctx->sig_type == SIG_TYPE_MD5) + /* use the appropriate signature algorithm */ + switch (x509_ctx->sig_type) { - MD5_CTX md5_ctx; - uint8_t md5_dgst[MD5_SIZE]; - MD5_Init(&md5_ctx); - MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs); - MD5_Final(md5_dgst, &md5_ctx); - x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE); - } - else if (x509_ctx->sig_type == SIG_TYPE_SHA1) - { - SHA1_CTX sha_ctx; - uint8_t sha_dgst[SHA1_SIZE]; - SHA1_Init(&sha_ctx); - SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs); - SHA1_Final(sha_dgst, &sha_ctx); - x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE); - } - else if (x509_ctx->sig_type == SIG_TYPE_SHA256) - { - SHA256_CTX sha256_ctx; - uint8_t sha256_dgst[SHA256_SIZE]; - SHA256_Init(&sha256_ctx); - SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs); - SHA256_Final(sha256_dgst, &sha256_ctx); - x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE); + case SIG_TYPE_MD5: + { + MD5_CTX md5_ctx; + uint8_t md5_dgst[MD5_SIZE]; + MD5_Init(&md5_ctx); + MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs); + MD5_Final(md5_dgst, &md5_ctx); + x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE); + } + break; + + case SIG_TYPE_SHA1: + { + SHA1_CTX sha_ctx; + uint8_t sha_dgst[SHA1_SIZE]; + SHA1_Init(&sha_ctx); + SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs); + SHA1_Final(sha_dgst, &sha_ctx); + x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE); + } + break; + + case SIG_TYPE_SHA256: + { + SHA256_CTX sha256_ctx; + uint8_t sha256_dgst[SHA256_SIZE]; + SHA256_Init(&sha256_ctx); + SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs); + SHA256_Final(sha256_dgst, &sha256_ctx); + x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE); + } + break; + + case SIG_TYPE_SHA384: + { + SHA384_CTX sha384_ctx; + uint8_t sha384_dgst[SHA384_SIZE]; + SHA384_Init(&sha384_ctx); + SHA384_Update(&sha384_ctx, &cert[begin_tbs], end_tbs-begin_tbs); + SHA384_Final(sha384_dgst, &sha384_ctx); + x509_ctx->digest = bi_import(bi_ctx, sha384_dgst, SHA384_SIZE); + } + break; + + case SIG_TYPE_SHA512: + { + SHA512_CTX sha512_ctx; + uint8_t sha512_dgst[SHA512_SIZE]; + SHA512_Init(&sha512_ctx); + SHA512_Update(&sha512_ctx, &cert[begin_tbs], end_tbs-begin_tbs); + SHA512_Final(sha512_dgst, &sha512_ctx); + x509_ctx->digest = bi_import(bi_ctx, sha512_dgst, SHA512_SIZE); + } + break; } if (cert[offset] == ASN1_V3_DATA) @@ -495,6 +525,12 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx) case SIG_TYPE_SHA256: printf("SHA256\n"); break; + case SIG_TYPE_SHA384: + printf("SHA384\n"); + break; + case SIG_TYPE_SHA512: + printf("SHA512\n"); + break; default: printf("Unrecognized: %d\n", cert->sig_type); break;