From 06e2dd037e29f82b92e1d1b9454f1595e602fb94 Mon Sep 17 00:00:00 2001 From: Nils Larsch Date: Wed, 20 Dec 2006 08:58:54 +0000 Subject: [PATCH] add support for ecdsa-with-sha256 etc. --- CHANGES | 3 +++ crypto/ec/ec_ameth.c | 13 +++++++---- crypto/ec/ec_pmeth.c | 6 ++++- crypto/evp/m_sha1.c | 8 +++---- crypto/objects/obj_dat.h | 46 +++++++++++++++++++++++++++++++++---- crypto/objects/obj_mac.h | 24 +++++++++++++++++++ crypto/objects/obj_mac.num | 6 +++++ crypto/objects/obj_xref.txt | 6 +++++ crypto/objects/objects.txt | 6 +++++ 9 files changed, 104 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 4eba78a60d..d6739a20f3 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.8e and 0.9.9 [xx XXX xxxx] + *) Add support for the ecdsa-with-SHA224/256/384/512 signature types. + [Nils Larsch] + *) Initial incomplete changes to avoid need for function casts in OpenSSL when OPENSSL_NO_FCAST is set: some compilers (gcc 4.2 and later) reject their use. Safestack is reimplemented using inline functions: tests show diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index e52a347c86..6c46afb503 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -577,12 +577,17 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) case ASN1_PKEY_CTRL_PKCS7_SIGN: if (arg1 == 0) { + int snid, hnid; X509_ALGOR *alg1, *alg2; PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); - X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_sha1), - V_ASN1_NULL, 0); - X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ecdsa_with_SHA1), - V_ASN1_NULL, 0); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); } return 1; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 4621e765ff..3f137b892a 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -220,7 +220,11 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_MD: - if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1) + if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && + EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE); return 0; diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 41c8d3dfe2..cbb44ab250 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -119,7 +119,7 @@ static const EVP_MD sha224_md= NID_sha224, NID_sha224WithRSAEncryption, SHA224_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, init224, update256, final256, @@ -138,7 +138,7 @@ static const EVP_MD sha256_md= NID_sha256, NID_sha256WithRSAEncryption, SHA256_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, init256, update256, final256, @@ -169,7 +169,7 @@ static const EVP_MD sha384_md= NID_sha384, NID_sha384WithRSAEncryption, SHA384_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, init384, update512, final512, @@ -188,7 +188,7 @@ static const EVP_MD sha512_md= NID_sha512, NID_sha512WithRSAEncryption, SHA512_DIGEST_LENGTH, - 0, + EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, init512, update512, final512, diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 78a91f370f..7e0a63c265 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 827 -#define NUM_SN 823 -#define NUM_LN 823 -#define NUM_OBJ 779 +#define NUM_NID 833 +#define NUM_SN 829 +#define NUM_LN 829 +#define NUM_OBJ 785 -static unsigned char lvalues[5496]={ +static unsigned char lvalues[5542]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -847,6 +847,12 @@ static unsigned char lvalues[5496]={ 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5471] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5479] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5487] OBJ_id_GostR3410_2001_ParamSet_cc */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5495] OBJ_ecdsa_with_Recommended */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5502] OBJ_ecdsa_with_Specified */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5509] OBJ_ecdsa_with_SHA224 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5517] OBJ_ecdsa_with_SHA256 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5525] OBJ_ecdsa_with_SHA384 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5533] OBJ_ecdsa_with_SHA512 */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2184,6 +2190,18 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5487]),0}, +{"ecdsa-with-Recommended","ecdsa-with-Recommended", + NID_ecdsa_with_Recommended,7,&(lvalues[5495]),0}, +{"ecdsa-with-Specified","ecdsa-with-Specified", + NID_ecdsa_with_Specified,7,&(lvalues[5502]),0}, +{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8, + &(lvalues[5509]),0}, +{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8, + &(lvalues[5517]),0}, +{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8, + &(lvalues[5525]),0}, +{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8, + &(lvalues[5533]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2434,7 +2452,13 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[470]),/* "documentVersion" */ &(nid_objs[392]),/* "domain" */ &(nid_objs[452]),/* "domainRelatedObject" */ +&(nid_objs[827]),/* "ecdsa-with-Recommended" */ &(nid_objs[416]),/* "ecdsa-with-SHA1" */ +&(nid_objs[829]),/* "ecdsa-with-SHA224" */ +&(nid_objs[830]),/* "ecdsa-with-SHA256" */ +&(nid_objs[831]),/* "ecdsa-with-SHA384" */ +&(nid_objs[832]),/* "ecdsa-with-SHA512" */ +&(nid_objs[828]),/* "ecdsa-with-Specified" */ &(nid_objs[48]),/* "emailAddress" */ &(nid_objs[132]),/* "emailProtection" */ &(nid_objs[389]),/* "enterprises" */ @@ -3281,7 +3305,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[113]),/* "dsaWithSHA1" */ &(nid_objs[70]),/* "dsaWithSHA1-old" */ &(nid_objs[297]),/* "dvcs" */ +&(nid_objs[827]),/* "ecdsa-with-Recommended" */ &(nid_objs[416]),/* "ecdsa-with-SHA1" */ +&(nid_objs[829]),/* "ecdsa-with-SHA224" */ +&(nid_objs[830]),/* "ecdsa-with-SHA256" */ +&(nid_objs[831]),/* "ecdsa-with-SHA384" */ +&(nid_objs[832]),/* "ecdsa-with-SHA512" */ +&(nid_objs[828]),/* "ecdsa-with-Specified" */ &(nid_objs[48]),/* "emailAddress" */ &(nid_objs[632]),/* "encrypted track 2" */ &(nid_objs[56]),/* "extendedCertificateAttributes" */ @@ -4175,6 +4205,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */ &(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey 1 2 840 10045 2 1 */ &(nid_objs[416]),/* OBJ_ecdsa_with_SHA1 1 2 840 10045 4 1 */ +&(nid_objs[827]),/* OBJ_ecdsa_with_Recommended 1 2 840 10045 4 2 */ +&(nid_objs[828]),/* OBJ_ecdsa_with_Specified 1 2 840 10045 4 3 */ &(nid_objs[258]),/* OBJ_id_pkix_mod 1 3 6 1 5 5 7 0 */ &(nid_objs[175]),/* OBJ_id_pe 1 3 6 1 5 5 7 1 */ &(nid_objs[259]),/* OBJ_id_qt 1 3 6 1 5 5 7 2 */ @@ -4256,6 +4288,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[413]),/* OBJ_X9_62_prime239v2 1 2 840 10045 3 1 5 */ &(nid_objs[414]),/* OBJ_X9_62_prime239v3 1 2 840 10045 3 1 6 */ &(nid_objs[415]),/* OBJ_X9_62_prime256v1 1 2 840 10045 3 1 7 */ +&(nid_objs[829]),/* OBJ_ecdsa_with_SHA224 1 2 840 10045 4 3 1 */ +&(nid_objs[830]),/* OBJ_ecdsa_with_SHA256 1 2 840 10045 4 3 2 */ +&(nid_objs[831]),/* OBJ_ecdsa_with_SHA384 1 2 840 10045 4 3 3 */ +&(nid_objs[832]),/* OBJ_ecdsa_with_SHA512 1 2 840 10045 4 3 4 */ &(nid_objs[269]),/* OBJ_id_pkix1_explicit_88 1 3 6 1 5 5 7 0 1 */ &(nid_objs[270]),/* OBJ_id_pkix1_implicit_88 1 3 6 1 5 5 7 0 2 */ &(nid_objs[271]),/* OBJ_id_pkix1_explicit_93 1 3 6 1 5 5 7 0 3 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 6766c280c5..c471c2faeb 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -305,6 +305,30 @@ #define NID_ecdsa_with_SHA1 416 #define OBJ_ecdsa_with_SHA1 OBJ_X9_62_id_ecSigType,1L +#define SN_ecdsa_with_Recommended "ecdsa-with-Recommended" +#define NID_ecdsa_with_Recommended 827 +#define OBJ_ecdsa_with_Recommended OBJ_X9_62_id_ecSigType,2L + +#define SN_ecdsa_with_Specified "ecdsa-with-Specified" +#define NID_ecdsa_with_Specified 828 +#define OBJ_ecdsa_with_Specified OBJ_X9_62_id_ecSigType,3L + +#define SN_ecdsa_with_SHA224 "ecdsa-with-SHA224" +#define NID_ecdsa_with_SHA224 829 +#define OBJ_ecdsa_with_SHA224 OBJ_ecdsa_with_Specified,1L + +#define SN_ecdsa_with_SHA256 "ecdsa-with-SHA256" +#define NID_ecdsa_with_SHA256 830 +#define OBJ_ecdsa_with_SHA256 OBJ_ecdsa_with_Specified,2L + +#define SN_ecdsa_with_SHA384 "ecdsa-with-SHA384" +#define NID_ecdsa_with_SHA384 831 +#define OBJ_ecdsa_with_SHA384 OBJ_ecdsa_with_Specified,3L + +#define SN_ecdsa_with_SHA512 "ecdsa-with-SHA512" +#define NID_ecdsa_with_SHA512 832 +#define OBJ_ecdsa_with_SHA512 OBJ_ecdsa_with_Specified,4L + #define OBJ_secg_ellipticCurve OBJ_certicom_arc,0L #define SN_secp112r1 "secp112r1" diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 57917a788c..147bfc1d2a 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -824,3 +824,9 @@ id_GostR3410_2001_cc 823 id_GostR3411_94_with_GostR3410_94_cc 824 id_GostR3411_94_with_GostR3410_2001_cc 825 id_GostR3410_2001_ParamSet_cc 826 +ecdsa_with_Recommended 827 +ecdsa_with_Specified 828 +ecdsa_with_SHA224 829 +ecdsa_with_SHA256 830 +ecdsa_with_SHA384 831 +ecdsa_with_SHA512 832 diff --git a/crypto/objects/obj_xref.txt b/crypto/objects/obj_xref.txt index a90e0c51c8..01a0adbb59 100644 --- a/crypto/objects/obj_xref.txt +++ b/crypto/objects/obj_xref.txt @@ -26,6 +26,12 @@ dsaWithSHA1 sha1 dsa dsaWithSHA1_2 sha1 dsa_2 ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey +ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey +ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey +ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey +ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey +ecdsa_with_Recommended undef X9_62_id_ecPublicKey +ecdsa_with_Specified undef X9_62_id_ecPublicKey id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001 id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index aea67ebe84..7425196b99 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -75,6 +75,12 @@ X9-62_primeCurve 7 : prime256v1 !Alias id-ecSigType ansi-X9-62 4 !global X9-62_id-ecSigType 1 : ecdsa-with-SHA1 +X9-62_id-ecSigType 2 : ecdsa-with-Recommended +X9-62_id-ecSigType 3 : ecdsa-with-Specified +ecdsa-with-Specified 1 : ecdsa-with-SHA224 +ecdsa-with-Specified 2 : ecdsa-with-SHA256 +ecdsa-with-Specified 3 : ecdsa-with-SHA384 +ecdsa-with-Specified 4 : ecdsa-with-SHA512 # SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" # (http://www.secg.org/) -- 2.25.1