arduino/esp8266
1
0
Fork 0
mirror of https://github.com/esp8266/Arduino.git synced 2025-04-27 21:16:50 +03:00
Code

* Added SHA384 and SHA512 digests.

Browse Source 
git-svn-id: svn://svn.code.sf.net/p/axtls/code/trunk@245 9a5d90b5-6617-0410-8a86-bb477d3ed2e3
This commit is contained in:
cameronrich 2015-03-10 03:08:16 +00:00
parent 0d334d81c2
commit b0bd12beda
14 changed files with 619 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/Makefile
View File

@ -42,7 +42,9 @@ OBJ=\
rc4.o \
rsa.o \
sha1.o \
sha256.o
sha256.o \
sha384.o \
sha512.o
include ../config/makefile.post

41
crypto/crypto.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2014, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -137,7 +137,44 @@ typedef struct
void SHA256_Init(SHA256_CTX *c);
void SHA256_Update(SHA256_CTX *, const uint8_t *input, int len);
void SHA256_Final(uint8_t digest[32], SHA256_CTX *);
void SHA256_Final(uint8_t *digest, SHA256_CTX *);
/**************************************************************************
* SHA512 declarations
**************************************************************************/
#define SHA512_SIZE 64
typedef struct
{
union
{
uint64_t h[8];
uint8_t digest[64];
};
union
{
uint64_t w[80];
uint8_t buffer[128];
};
size_t size;
uint64_t totalSize;
} SHA512_CTX;
void SHA512_Init(SHA512_CTX *c);
void SHA512_Update(SHA512_CTX *, const uint8_t *input, int len);
void SHA512_Final(uint8_t *digest, SHA512_CTX *);
/**************************************************************************
* SHA384 declarations
**************************************************************************/
#define SHA384_SIZE 48
typedef SHA512_CTX SHA384_CTX;
void SHA384_Init(SHA384_CTX *c);
void SHA384_Update(SHA384_CTX *, const uint8_t *input, int len);
void SHA384_Final(uint8_t *digest, SHA384_CTX *);
/**************************************************************************
* MD5 declarations

1
crypto/os_int.h
View File

@ -56,6 +56,7 @@ typedef INT64 int64_t;
#include <inttypes.h>
#else
#include <stdint.h>
#include <endian.h>
#endif /* Not Solaris */
#endif /* Not Win32 */

4
crypto/sha256.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (C) 2001-2003 Christophe Devine
* Copyright (c) 2015, Cameron Rich
*
* All rights reserved.
*
@ -74,7 +74,7 @@ void SHA256_Init(SHA256_CTX *ctx)
ctx->state[7] = 0x5BE0CD19;
}
void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx)
static void SHA256_Process(const uint8_t digest[64], SHA256_CTX *ctx)
{
uint32_t temp1, temp2, W[64];
uint32_t A, B, C, D, E, F, G, H;

76
crypto/sha384.c Normal file
View File

@ -0,0 +1,76 @@
/*
* Copyright (c) 2015, Cameron Rich
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the axTLS project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "os_port.h"
#include "crypto.h"
/**
* Initialize the SHA384 context
*/
void SHA384_Init(SHA384_CTX *ctx)
{
//Set initial hash value
ctx->h[0] = 0xCBBB9D5DC1059ED8;
ctx->h[1] = 0x629A292A367CD507;
ctx->h[2] = 0x9159015A3070DD17;
ctx->h[3] = 0x152FECD8F70E5939;
ctx->h[4] = 0x67332667FFC00B31;
ctx->h[5] = 0x8EB44A8768581511;
ctx->h[6] = 0xDB0C2E0D64F98FA7;
ctx->h[7] = 0x47B5481DBEFA4FA4;
// Number of bytes in the buffer
ctx->size = 0;
// Total length of the message
ctx->totalSize = 0;
}
/**
* Accepts an array of octets as the next portion of the message.
*/
void SHA384_Update(SHA384_CTX *ctx, const uint8_t * msg, int len)
{
// The function is defined in the exact same manner as SHA-512
SHA512_Update(ctx, msg, len);
}
/**
* Return the 384-bit message digest into the user's array
*/
void SHA384_Final(uint8_t *digest, SHA384_CTX *ctx)
{
// The function is defined in the exact same manner as SHA-512
SHA512_Final(NULL, ctx);
// Copy the resulting digest
if (digest != NULL)
memcpy(digest, ctx->digest, SHA384_SIZE);
}

220
crypto/sha512.c Normal file
View File

@ -0,0 +1,220 @@
/*
* Copyright (c) 2015, Cameron Rich
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* * Neither the name of the axTLS project nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <string.h>
#include "os_port.h"
#include "crypto.h"
#define SHR64(a, n) ((a) >> (n))
#define ROR64(a, n) (((a) >> (n)) | ((a) << (64 - (n))))
#define CH(x, y, z) (((x) & (y)) | (~(x) & (z)))
#define MAJ(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
#define SIGMA1(x) (ROR64(x, 28) ^ ROR64(x, 34) ^ ROR64(x, 39))
#define SIGMA2(x) (ROR64(x, 14) ^ ROR64(x, 18) ^ ROR64(x, 41))
#define SIGMA3(x) (ROR64(x, 1) ^ ROR64(x, 8) ^ SHR64(x, 7))
#define SIGMA4(x) (ROR64(x, 19) ^ ROR64(x, 61) ^ SHR64(x, 6))
#define MIN(x, y) ((x) < (y) ? x : y)
static const uint8_t padding[128] =
{
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
static const uint64_t k[80] =
{
0x428A2F98D728AE22, 0x7137449123EF65CD, 0xB5C0FBCFEC4D3B2F, 0xE9B5DBA58189DBBC,
0x3956C25BF348B538, 0x59F111F1B605D019, 0x923F82A4AF194F9B, 0xAB1C5ED5DA6D8118,
0xD807AA98A3030242, 0x12835B0145706FBE, 0x243185BE4EE4B28C, 0x550C7DC3D5FFB4E2,
0x72BE5D74F27B896F, 0x80DEB1FE3B1696B1, 0x9BDC06A725C71235, 0xC19BF174CF692694,
0xE49B69C19EF14AD2, 0xEFBE4786384F25E3, 0x0FC19DC68B8CD5B5, 0x240CA1CC77AC9C65,
0x2DE92C6F592B0275, 0x4A7484AA6EA6E483, 0x5CB0A9DCBD41FBD4, 0x76F988DA831153B5,
0x983E5152EE66DFAB, 0xA831C66D2DB43210, 0xB00327C898FB213F, 0xBF597FC7BEEF0EE4,
0xC6E00BF33DA88FC2, 0xD5A79147930AA725, 0x06CA6351E003826F, 0x142929670A0E6E70,
0x27B70A8546D22FFC, 0x2E1B21385C26C926, 0x4D2C6DFC5AC42AED, 0x53380D139D95B3DF,
0x650A73548BAF63DE, 0x766A0ABB3C77B2A8, 0x81C2C92E47EDAEE6, 0x92722C851482353B,
0xA2BFE8A14CF10364, 0xA81A664BBC423001, 0xC24B8B70D0F89791, 0xC76C51A30654BE30,
0xD192E819D6EF5218, 0xD69906245565A910, 0xF40E35855771202A, 0x106AA07032BBD1B8,
0x19A4C116B8D2D0C8, 0x1E376C085141AB53, 0x2748774CDF8EEB99, 0x34B0BCB5E19B48A8,
0x391C0CB3C5C95A63, 0x4ED8AA4AE3418ACB, 0x5B9CCA4F7763E373, 0x682E6FF3D6B2B8A3,
0x748F82EE5DEFB2FC, 0x78A5636F43172F60, 0x84C87814A1F0AB72, 0x8CC702081A6439EC,
0x90BEFFFA23631E28, 0xA4506CEBDE82BDE9, 0xBEF9A3F7B2C67915, 0xC67178F2E372532B,
0xCA273ECEEA26619C, 0xD186B8C721C0C207, 0xEADA7DD6CDE0EB1E, 0xF57D4F7FEE6ED178,
0x06F067AA72176FBA, 0x0A637DC5A2C898A6, 0x113F9804BEF90DAE, 0x1B710B35131C471B,
0x28DB77F523047D84, 0x32CAAB7B40C72493, 0x3C9EBE0A15C9BEBC, 0x431D67C49C100D4C,
0x4CC5D4BECB3E42B6, 0x597F299CFC657E2A, 0x5FCB6FAB3AD6FAEC, 0x6C44198C4A475817
};
/**
* Initialize the SHA512 context
*/
void SHA512_Init(SHA512_CTX *ctx)
{
ctx->h[0] = 0x6A09E667F3BCC908;
ctx->h[1] = 0xBB67AE8584CAA73B;
ctx->h[2] = 0x3C6EF372FE94F82B;
ctx->h[3] = 0xA54FF53A5F1D36F1;
ctx->h[4] = 0x510E527FADE682D1;
ctx->h[5] = 0x9B05688C2B3E6C1F;
ctx->h[6] = 0x1F83D9ABFB41BD6B;
ctx->h[7] = 0x5BE0CD19137E2179;
ctx->size = 0;
ctx->totalSize = 0;
}
static void SHA512_Process(SHA512_CTX *ctx)
{
int t;
uint64_t temp1;
uint64_t temp2;
// Initialize the 8 working registers
uint64_t a = ctx->h[0];
uint64_t b = ctx->h[1];
uint64_t c = ctx->h[2];
uint64_t d = ctx->h[3];
uint64_t e = ctx->h[4];
uint64_t f = ctx->h[5];
uint64_t g = ctx->h[6];
uint64_t h = ctx->h[7];
// Process message in 16-word blocks
uint64_t *w = ctx->w;
// Convert from big-endian byte order to host byte order
for (t = 0; t < 16; t++)
w[t] = be64toh(w[t]);
// Prepare the message schedule
for (t = 16; t < 80; t++)
w[t] = SIGMA4(w[t - 2]) + w[t - 7] + SIGMA3(w[t - 15]) + w[t - 16];
// SHA-512 hash computation
for (t = 0; t < 80; t++)
{
// Calculate T1 and T2
temp1 = h + SIGMA2(e) + CH(e, f, g) + k[t] + w[t];
temp2 = SIGMA1(a) + MAJ(a, b, c);
// Update the working registers
h = g;
g = f;
f = e;
e = d + temp1;
d = c;
c = b;
b = a;
a = temp1 + temp2;
}
// Update the hash value
ctx->h[0] += a;
ctx->h[1] += b;
ctx->h[2] += c;
ctx->h[3] += d;
ctx->h[4] += e;
ctx->h[5] += f;
ctx->h[6] += g;
ctx->h[7] += h;
}
/**
* Accepts an array of octets as the next portion of the message.
*/
void SHA512_Update(SHA512_CTX *ctx, const uint8_t * msg, int len)
{
// Process the incoming data
while (len > 0)
{
// The buffer can hold at most 128 bytes
size_t n = MIN(len, 128 - ctx->size);
// Copy the data to the buffer
memcpy(ctx->buffer + ctx->size, msg, n);
// Update the SHA-512 ctx
ctx->size += n;
ctx->totalSize += n;
// Advance the data pointer
msg = (uint8_t *) msg + n;
// Remaining bytes to process
len -= n;
// Process message in 16-word blocks
if (ctx->size == 128)
{
// Transform the 16-word block
SHA512_Process(ctx);
// Empty the buffer
ctx->size = 0;
}
}
}
/**
* Return the 512-bit message digest into the user's array
*/
void SHA512_Final(uint8_t *digest, SHA512_CTX *ctx)
{
int i;
size_t paddingSize;
uint64_t totalSize;
// Length of the original message (before padding)
totalSize = ctx->totalSize * 8;
// Pad the message so that its length is congruent to 112 modulo 128
paddingSize = (ctx->size < 112) ? (112 - ctx->size) :
(128 + 112 - ctx->size);
// Append padding
SHA512_Update(ctx, padding, paddingSize);
// Append the length of the original message
ctx->w[14] = 0;
ctx->w[15] = be64toh(totalSize);
// Calculate the message digest
SHA512_Process(ctx);
// Convert from host byte order to big-endian byte order
for (i = 0; i < 8; i++)
ctx->h[i] = be64toh(ctx->h[i]);
// Copy the resulting digest
if (digest != NULL)
memcpy(digest, ctx->digest, SHA512_SIZE);
}

4
ssl/Makefile
View File

@ -73,7 +73,9 @@ CRYPTO_OBJ=\
$(CRYPTO_PATH)rc4.o \
$(CRYPTO_PATH)rsa.o \
$(CRYPTO_PATH)sha1.o \
$(CRYPTO_PATH)sha256.o
$(CRYPTO_PATH)sha256.o \
$(CRYPTO_PATH)sha384.o \
$(CRYPTO_PATH)sha512.o
OBJ=\
asn1.o \

43
ssl/asn1.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2014, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -40,22 +40,41 @@
#include "crypto.h"
#include "crypto_misc.h"
/* Must be an RSA algorithm with either SHA1/SHA256/MD5 for verifying to work */
/* 1.2.840.113549.1.1 OID prefix - handle the following */
/* md5WithRSAEncryption(4) */
/* sha1WithRSAEncryption(5) */
/* sha256WithRSAEncryption (11) */
/* sha384WithRSAEncryption (12) */
/* sha512WithRSAEncryption (13) */
static const uint8_t sig_oid_prefix[] =
{
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01
};
/* 1.3.14.3.2.29 SHA1 with RSA signature */
static const uint8_t sig_sha1WithRSAEncrypt[] =
{
0x2b, 0x0e, 0x03, 0x02, 0x1d
};
static const uint8_t sig_sha256WithRSAEncrypt[] =
/* 2.16.840.1.101.3.4.2.1 SHA-256 */
static const uint8_t sig_sha256[] =
{
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
};
/* 2.16.840.1.101.3.4.2.2 SHA-384 */
static const uint8_t sig_sha384[] =
{
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
};
/* 2.16.840.1.101.3.4.2.3 SHA-512 */
static const uint8_t sig_sha512[] =
{
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
};
static const uint8_t sig_subject_alt_name[] =
{
0x55, 0x1d, 0x11
@ -588,12 +607,24 @@ int asn1_signature_type(const uint8_t *cert,
{
x509_ctx->sig_type = SIG_TYPE_SHA1;
}
else if (len == sizeof(sig_sha256WithRSAEncrypt) &&
memcmp(sig_sha256WithRSAEncrypt, &cert[*offset],
sizeof(sig_sha256WithRSAEncrypt)) == 0)
else if (len == sizeof(sig_sha256) &&
memcmp(sig_sha256, &cert[*offset],
sizeof(sig_sha256)) == 0)
{
x509_ctx->sig_type = SIG_TYPE_SHA256;
}
else if (len == sizeof(sig_sha384) &&
memcmp(sig_sha384, &cert[*offset],
sizeof(sig_sha384)) == 0)
{
x509_ctx->sig_type = SIG_TYPE_SHA384;
}
else if (len == sizeof(sig_sha512) &&
memcmp(sig_sha512, &cert[*offset],
sizeof(sig_sha512)) == 0)
{
x509_ctx->sig_type = SIG_TYPE_SHA512;
}
else
{
if (memcmp(sig_oid_prefix, &cert[*offset], sizeof(sig_oid_prefix)))

5
ssl/crypto_misc.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -55,6 +55,7 @@ extern "C" {
#define X509_VFY_ERROR_INVALID_CHAIN -7
#define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8
#define X509_INVALID_PRIV_KEY -9
#define X509_MAX_CERTS -10
/*
* The Distinguished Name
@ -127,6 +128,8 @@ const char * x509_display_error(int error);
#define SIG_TYPE_MD5 0x04
#define SIG_TYPE_SHA1 0x05
#define SIG_TYPE_SHA256 0x0b
#define SIG_TYPE_SHA384 0x0c
#define SIG_TYPE_SHA512 0x0d
uint32_t get_asn1_length(const uint8_t *buf, int *offset);
int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);

5
ssl/test/Makefile
View File

@ -71,7 +71,10 @@ CRYPTO_OBJ=\
$(CRYPTO_PATH)md5.obj \
$(CRYPTO_PATH)rc4.obj \
$(CRYPTO_PATH)rsa.obj \
$(CRYPTO_PATH)sha1.obj
$(CRYPTO_PATH)sha1.obj \
$(CRYPTO_PATH)sha256.obj \
$(CRYPTO_PATH)sha384.obj \
$(CRYPTO_PATH)sha512.obj
OBJ=\
$(AXTLS_SSL_PATH)asn1.obj \

32
ssl/test/comodo.sha384.cer Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
m1y9TBsoilwie7SrmNnu4FGDwwlGTm0+mfqVF9p8M1dBPI1R7Qu2XK8sYxrfV8g/
vOldxJuvRZnio1oktLqpVj3Pb6r/SVi+8Kj/9Lit6Tf7urj0Czr56ENCHonYhMsT
8dm74YlguIwoVqwUHZwK53Hrzw7dPamWoUi9PPevtQ0iTMARgexWO/bTouJbt7IE
IlKVgJNp6I5MZfGRAy1wdALqi2cVKWlSArvX31BqVUa/oKMoYX9w0MOiqiwhqkfO
KJwGRXa/ghgntNWutMtQ5mv0TIZxMOmm3xaG4Nj/QN370EKIf6MzOi5cHkERgWPO
GHFrK+ymircxXDpqR+DDeVnWIBqv8mqYqnK8V0rSS527EPywTEHl7R09XiidnMy/
s1Hap0flhFMCAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTvA73g
JMtUGjAdBgNVHQ4EFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQD
AgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1UdHwQ9
MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVy
bmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAGS/g/FfmoXQ
zbihKVcN6Fr30ek+8nYEbvFScLsePP9NDXRqzIGCJdPDoCpdTPW6i6FtxFQJdcfj
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
pu/xO28QOG8=
-----END CERTIFICATE-----

135
ssl/test/ssltest.c
View File

@ -326,7 +326,7 @@ static int SHA256_test(BI_CTX *bi_ctx)
if (memcmp(digest, ct, sizeof(ct)))
{
printf("Error: SHA256 # failed\n");
printf("Error: SHA256 #1 failed\n");
goto end;
}
}
@ -356,6 +356,112 @@ end:
return res;
}
/**************************************************************************
* SHA384 tests
*
* Run through a couple of the SHA-2 tests to verify that SHA384 is correct.
**************************************************************************/
static int SHA384_test(BI_CTX *bi_ctx)
{
SHA384_CTX ctx;
uint8_t ct[SHA384_SIZE];
uint8_t digest[SHA384_SIZE];
int res = 1;
{
const char *in_str = "abc";
bigint *ct_bi = bi_str_import(bi_ctx,
"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7");
bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
SHA384_Init(&ctx);
SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA384_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct)))
{
printf("Error: SHA384 #1 failed\n");
goto end;
}
}
{
const char *in_str =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
bigint *ct_bi = bi_str_import(bi_ctx,
"3391FDDDFC8DC7393707A65B1B4709397CF8B1D162AF05ABFE8F450DE5F36BC6B0455A8520BC4E6F5FE95B1FE3C8452B");
bi_export(bi_ctx, ct_bi, ct, SHA384_SIZE);
SHA384_Init(&ctx);
SHA384_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA384_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct)))
{
printf("Error: SHA384 #2 failed\n");
goto end;
}
}
res = 0;
printf("All SHA384 tests passed\n");
end:
return res;
}
/**************************************************************************
* SHA512 tests
*
* Run through a couple of the SHA-2 tests to verify that SHA512 is correct.
**************************************************************************/
static int SHA512_test(BI_CTX *bi_ctx)
{
SHA512_CTX ctx;
uint8_t ct[SHA512_SIZE];
uint8_t digest[SHA512_SIZE];
int res = 1;
{
const char *in_str = "abc";
bigint *ct_bi = bi_str_import(bi_ctx,
"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F");
bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
SHA512_Init(&ctx);
SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA512_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct)))
{
printf("Error: SHA512 #1 failed\n");
goto end;
}
}
{
const char *in_str =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
bigint *ct_bi = bi_str_import(bi_ctx,
"204A8FC6DDA82F0A0CED7BEB8E08A41657C16EF468B228A8279BE331A703C33596FD15C13B1B07F9AA1D3BEA57789CA031AD85C7A71DD70354EC631238CA3445");
bi_export(bi_ctx, ct_bi, ct, SHA512_SIZE);
SHA512_Init(&ctx);
SHA512_Update(&ctx, (const uint8_t *)in_str, strlen(in_str));
SHA512_Final(digest, &ctx);
if (memcmp(digest, ct, sizeof(ct)))
{
printf("Error: SHA512 #2 failed\n");
goto end;
}
}
res = 0;
printf("All SHA512 tests passed\n");
end:
return res;
}
/**************************************************************************
* MD5 tests
*
@ -720,6 +826,17 @@ static int cert_tests(void)
ssl_ctx_free(ssl_ctx);
ssl_ctx = ssl_ctx_new(0, 0);
if ((res = ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CERT,
"../ssl/test/comodo.sha384.cer", NULL)) != SSL_OK)
{
printf("Cert #8\n");
ssl_display_error(res);
goto bad_cert;
}
ssl_ctx_free(ssl_ctx);
ssl_ctx = ssl_ctx_new(0, 0);
if ((res = ssl_obj_load(ssl_ctx,
SSL_OBJ_X509_CERT, "../ssl/test/ms_iis.cer", NULL)) != SSL_OK)
@ -748,11 +865,11 @@ static int cert_tests(void)
x509_free(x509_ctx);
free(buf);
// this bundle has two DSA (1.2.840.10040.4.3 invalid) certificates
ssl_ctx = ssl_ctx_new(0, 0);
if (ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT,
"../ssl/test/ca-bundle.crt", NULL))
{
printf("Cert #12\n");
goto bad_cert;
}
@ -2236,6 +2353,20 @@ int main(int argc, char *argv[])
}
TTY_FLUSH();
if (SHA384_test(bi_ctx))
{
printf("SHA384 tests failed\n");
goto cleanup;
}
TTY_FLUSH();
if (SHA512_test(bi_ctx))
{
printf("SHA512 tests failed\n");
goto cleanup;
}
TTY_FLUSH();
if (HMAC_test(bi_ctx))
{
printf("HMAC tests failed\n");

4
ssl/tls1.c
View File

@ -388,7 +388,7 @@ error:
*/
int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
{
int ret = SSL_OK; /* ignore errors for now */
int ret = X509_OK; /* ignore errors for now */
int i = 0;
CA_CERT_CTX *ca_cert_ctx;
@ -410,10 +410,10 @@ int add_cert_auth(SSL_CTX *ssl_ctx, const uint8_t *buf, int len)
"compile-time configuration required\n",
CONFIG_X509_MAX_CA_CERTS);
#endif
ret = X509_MAX_CERTS;
break;
}
/* ignore the return code */
if (x509_new(buf, &offset, &ca_cert_ctx->cert[i]) == X509_OK)
{

90
ssl/x509.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007-2014, Cameron Rich
* Copyright (c) 2007-2015, Cameron Rich
*
* All rights reserved.
*
@ -120,33 +120,63 @@ int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx)
bi_ctx = x509_ctx->rsa_ctx->bi_ctx;
#ifdef CONFIG_SSL_CERT_VERIFICATION /* only care if doing verification */
/* use the appropriate signature algorithm (SHA1/MD5/SHA256) */
if (x509_ctx->sig_type == SIG_TYPE_MD5)
/* use the appropriate signature algorithm */
switch (x509_ctx->sig_type)
{
MD5_CTX md5_ctx;
uint8_t md5_dgst[MD5_SIZE];
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
MD5_Final(md5_dgst, &md5_ctx);
x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
}
else if (x509_ctx->sig_type == SIG_TYPE_SHA1)
{
SHA1_CTX sha_ctx;
uint8_t sha_dgst[SHA1_SIZE];
SHA1_Init(&sha_ctx);
SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA1_Final(sha_dgst, &sha_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
}
else if (x509_ctx->sig_type == SIG_TYPE_SHA256)
{
SHA256_CTX sha256_ctx;
uint8_t sha256_dgst[SHA256_SIZE];
SHA256_Init(&sha256_ctx);
SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA256_Final(sha256_dgst, &sha256_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
case SIG_TYPE_MD5:
{
MD5_CTX md5_ctx;
uint8_t md5_dgst[MD5_SIZE];
MD5_Init(&md5_ctx);
MD5_Update(&md5_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
MD5_Final(md5_dgst, &md5_ctx);
x509_ctx->digest = bi_import(bi_ctx, md5_dgst, MD5_SIZE);
}
break;
case SIG_TYPE_SHA1:
{
SHA1_CTX sha_ctx;
uint8_t sha_dgst[SHA1_SIZE];
SHA1_Init(&sha_ctx);
SHA1_Update(&sha_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA1_Final(sha_dgst, &sha_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha_dgst, SHA1_SIZE);
}
break;
case SIG_TYPE_SHA256:
{
SHA256_CTX sha256_ctx;
uint8_t sha256_dgst[SHA256_SIZE];
SHA256_Init(&sha256_ctx);
SHA256_Update(&sha256_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA256_Final(sha256_dgst, &sha256_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha256_dgst, SHA256_SIZE);
}
break;
case SIG_TYPE_SHA384:
{
SHA384_CTX sha384_ctx;
uint8_t sha384_dgst[SHA384_SIZE];
SHA384_Init(&sha384_ctx);
SHA384_Update(&sha384_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA384_Final(sha384_dgst, &sha384_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha384_dgst, SHA384_SIZE);
}
break;
case SIG_TYPE_SHA512:
{
SHA512_CTX sha512_ctx;
uint8_t sha512_dgst[SHA512_SIZE];
SHA512_Init(&sha512_ctx);
SHA512_Update(&sha512_ctx, &cert[begin_tbs], end_tbs-begin_tbs);
SHA512_Final(sha512_dgst, &sha512_ctx);
x509_ctx->digest = bi_import(bi_ctx, sha512_dgst, SHA512_SIZE);
}
break;
}
if (cert[offset] == ASN1_V3_DATA)
@ -495,6 +525,12 @@ void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx)
case SIG_TYPE_SHA256:
printf("SHA256\n");
break;
case SIG_TYPE_SHA384:
printf("SHA384\n");
break;
case SIG_TYPE_SHA512:
printf("SHA512\n");
break;
default:
printf("Unrecognized: %d\n", cert->sig_type);
break;