- Added support for RFC4055 SHA2 and SHA4 signature algorithms for

use with PKCS#1 v1.5 signing and verification. - Added extra certificates to test-ca and test code to further test functionality of SHA2 and SHA4 signing and verification. - Updated other program files accordingly
2025-08-01 10:06:53 +03:00 · 2009-02-09 22:32:35 +00:00
parent b29e23c586
commit 4593aeadaf
42 changed files with 1627 additions and 663 deletions
--- a/library/rsa.c
+++ b/library/rsa.c
@ -404,13 +404,13 @@ int rsa_pkcs1_sign( rsa_context *ctx,
                    nb_pad = olen - 3 - hashlen;
                    break;

-                case RSA_MD2:
-                case RSA_MD4:
-                case RSA_MD5:
+                case SIG_RSA_MD2:
+                case SIG_RSA_MD4:
+                case SIG_RSA_MD5:
                    nb_pad = olen - 3 - 34;
                    break;

-                case RSA_SHA1:
+                case SIG_RSA_SHA1:
                    nb_pad = olen - 3 - 35;
                    break;

@ -439,26 +439,46 @@ int rsa_pkcs1_sign( rsa_context *ctx,
            memcpy( p, hash, hashlen );
            break;

-        case RSA_MD2:
+        case SIG_RSA_MD2:
            memcpy( p, ASN1_HASH_MDX, 18 );
            memcpy( p + 18, hash, 16 );
            p[13] = 2; break;

-        case RSA_MD4:
+        case SIG_RSA_MD4:
            memcpy( p, ASN1_HASH_MDX, 18 );
            memcpy( p + 18, hash, 16 );
            p[13] = 4; break;

-        case RSA_MD5:
+        case SIG_RSA_MD5:
            memcpy( p, ASN1_HASH_MDX, 18 );
            memcpy( p + 18, hash, 16 );
            p[13] = 5; break;

-        case RSA_SHA1:
+        case SIG_RSA_SHA1:
            memcpy( p, ASN1_HASH_SHA1, 15 );
            memcpy( p + 15, hash, 20 );
            break;

+        case SIG_RSA_SHA224:
+            memcpy( p, ASN1_HASH_SHA2X, 19 );
+            memcpy( p + 19, hash, 28 );
+            p[1] += 28; p[14] = 4; p[18] += 28; break;
+
+        case SIG_RSA_SHA256:
+            memcpy( p, ASN1_HASH_SHA2X, 19 );
+            memcpy( p + 19, hash, 32 );
+            p[1] += 32; p[14] = 1; p[18] += 32; break;
+
+        case SIG_RSA_SHA384:
+            memcpy( p, ASN1_HASH_SHA2X, 19 );
+            memcpy( p + 19, hash, 48 );
+            p[1] += 48; p[14] = 2; p[18] += 48; break;
+
+        case SIG_RSA_SHA512:
+            memcpy( p, ASN1_HASH_SHA2X, 19 );
+            memcpy( p + 19, hash, 64 );
+            p[1] += 64; p[14] = 3; p[18] += 64; break;
+
        default:
            return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
    }
@ -527,9 +547,9 @@ int rsa_pkcs1_verify( rsa_context *ctx,
        if( memcmp( p, ASN1_HASH_MDX, 18 ) != 0 )
            return( POLARSSL_ERR_RSA_VERIFY_FAILED );

-        if( ( c == 2 && hash_id == RSA_MD2 ) ||
-            ( c == 4 && hash_id == RSA_MD4 ) ||
-            ( c == 5 && hash_id == RSA_MD5 ) )
+        if( ( c == 2 && hash_id == SIG_RSA_MD2 ) ||
+            ( c == 4 && hash_id == SIG_RSA_MD4 ) ||
+            ( c == 5 && hash_id == SIG_RSA_MD5 ) )
        {
            if( memcmp( p + 18, hash, 16 ) == 0 ) 
                return( 0 );
@ -538,7 +558,7 @@ int rsa_pkcs1_verify( rsa_context *ctx,
        }
    }

-    if( len == 35 && hash_id == RSA_SHA1 )
+    if( len == 35 && hash_id == SIG_RSA_SHA1 )
    {
        if( memcmp( p, ASN1_HASH_SHA1, 15 ) == 0 &&
            memcmp( p + 15, hash, 20 ) == 0 )
@ -546,6 +566,22 @@ int rsa_pkcs1_verify( rsa_context *ctx,
        else
            return( POLARSSL_ERR_RSA_VERIFY_FAILED );
    }
+    if( ( len == 19 + 28 && p[14] == 4 && hash_id == SIG_RSA_SHA224 ) ||
+        ( len == 19 + 32 && p[14] == 1 && hash_id == SIG_RSA_SHA256 ) ||
+        ( len == 19 + 48 && p[14] == 2 && hash_id == SIG_RSA_SHA384 ) ||
+        ( len == 19 + 64 && p[14] == 3 && hash_id == SIG_RSA_SHA512 ) )
+    {
+    	c = p[1] - 17;
+	p[1] = 17;
+	p[14] = 0;
+
+        if( p[18] == c &&
+	    memcmp( p, ASN1_HASH_SHA2X, 18 ) == 0 &&
+	    memcmp( p + 19, hash, c ) == 0 )
+	    return( 0 );
+	else
+	    return( POLARSSL_ERR_RSA_VERIFY_FAILED );
+    }

    if( len == hashlen && hash_id == RSA_RAW )
    {
@ -703,7 +739,7 @@ int rsa_self_test( int verbose )

    sha1( rsa_plaintext, PT_LEN, sha1sum );

-    if( rsa_pkcs1_sign( &rsa, RSA_PRIVATE, RSA_SHA1, 20,
+    if( rsa_pkcs1_sign( &rsa, RSA_PRIVATE, SIG_RSA_SHA1, 20,
                        sha1sum, rsa_ciphertext ) != 0 )
    {
        if( verbose != 0 )
@ -715,7 +751,7 @@ int rsa_self_test( int verbose )
    if( verbose != 0 )
        printf( "passed\n  PKCS#1 sig. verify: " );

-    if( rsa_pkcs1_verify( &rsa, RSA_PUBLIC, RSA_SHA1, 20,
+    if( rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1, 20,
                          sha1sum, rsa_ciphertext ) != 0 )
    {
        if( verbose != 0 )
--- a/library/x509parse.c
+++ b/library/x509parse.c
@ -795,7 +795,8 @@ int x509parse_crt( x509_cert *chain, unsigned char *buf, int buflen )
    }

    if( crt->sig_oid1.p[8] < 2 ||
-        crt->sig_oid1.p[8] > 5 )
+        ( crt->sig_oid1.p[8] > 5 && crt->sig_oid1.p[8] < 11 ) ||
+	crt->sig_oid1.p[8] > 14 )
    {
          x509_free( crt );
        return( POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG );
@ -1441,10 +1442,14 @@ char *x509parse_cert_info( char *prefix, x509_cert *crt )

    switch( crt->sig_oid1.p[8] )
    {
-        case RSA_MD2 : p += snprintf( p, end - p, "MD2"  ); break;
-        case RSA_MD4 : p += snprintf( p, end - p, "MD4"  ); break;
-        case RSA_MD5 : p += snprintf( p, end - p, "MD5"  ); break;
-        case RSA_SHA1: p += snprintf( p, end - p, "SHA1" ); break;
+        case SIG_RSA_MD2    : p += snprintf( p, end - p, "MD2"    ); break;
+        case SIG_RSA_MD4    : p += snprintf( p, end - p, "MD4"    ); break;
+        case SIG_RSA_MD5    : p += snprintf( p, end - p, "MD5"    ); break;
+        case SIG_RSA_SHA1   : p += snprintf( p, end - p, "SHA1"   ); break;
+        case SIG_RSA_SHA224 : p += snprintf( p, end - p, "SHA224" ); break;
+        case SIG_RSA_SHA256 : p += snprintf( p, end - p, "SHA256" ); break;
+        case SIG_RSA_SHA384 : p += snprintf( p, end - p, "SHA384" ); break;
+        case SIG_RSA_SHA512 : p += snprintf( p, end - p, "SHA512" ); break;
        default: p += snprintf( p, end - p, "???"  ); break;
    }

@ -1486,13 +1491,21 @@ static void x509_hash( unsigned char *in, int len, int alg,
    switch( alg )
    {
 #if defined(POLARSSL_MD2_C)
-        case RSA_MD2  :  md2( in, len, out ); break;
+        case SIG_RSA_MD2    :  md2( in, len, out ); break;
 #endif
 #if defined(POLARSSL_MD4_C)
-        case RSA_MD4  :  md4( in, len, out ); break;
+        case SIG_RSA_MD4    :  md4( in, len, out ); break;
+#endif
+        case SIG_RSA_MD5    :  md5( in, len, out ); break;
+        case SIG_RSA_SHA1   : sha1( in, len, out ); break;
+#if defined(POLARSSL_SHA2_C)
+        case SIG_RSA_SHA224 : sha2( in, len, out, 1 ); break;
+        case SIG_RSA_SHA256 : sha2( in, len, out, 0 ); break;
+#endif
+#if defined(POLARSSL_SHA2_C)
+        case SIG_RSA_SHA384 : sha4( in, len, out, 1 ); break;
+        case SIG_RSA_SHA512 : sha4( in, len, out, 0 ); break;
 #endif
-        case RSA_MD5  :  md5( in, len, out ); break;
-        case RSA_SHA1 : sha1( in, len, out ); break;
        default:
            memset( out, '\xFF', len );
            break;
@ -1511,7 +1524,7 @@ int x509parse_verify( x509_cert *crt,
    int pathlen;
    x509_cert *cur;
    x509_name *name;
-    unsigned char hash[20];
+    unsigned char hash[64];

    *flags = x509parse_expired( crt );