MatrixSSL 4.0.1

2018-11-15 10:12:51 +02:00
parent d0a51a7e43
commit 5a72845b65
95 changed files with 6521 additions and 4845 deletions
--- a/crypto/common/alg_info.c
+++ b/crypto/common/alg_info.c
@@ -95,6 +95,22 @@ psResSize_t psSigAlgToHashLen(int32_t sigAlg)
    case OID_SHA512_RSA_SIG:
    case OID_SHA512_ECDSA_SIG:
        return SHA512_HASH_SIZE;
+# ifdef USE_PKCS1_PSS
+    /*
+      The PSS IDs are not part of the same range as the above OIDs,
+      but they do not conflict with the OIDs either. Support them here
+      for convenience. Now one can always map e.g. cert->sigAlgorithm
+      to hash length.
+    */
+    case PKCS1_SHA1_ID:
+        return SHA1_HASH_SIZE;
+    case PKCS1_SHA256_ID:
+        return SHA256_HASH_SIZE;
+    case PKCS1_SHA384_ID:
+        return SHA384_HASH_SIZE;
+    case PKCS1_SHA512_ID:
+        return SHA512_HASH_SIZE;
+# endif
    default:
        return PS_UNSUPPORTED_FAIL;
    }
@@ -218,7 +234,10 @@ int32_t psHashLenToSigAlg(psSize_t hash_len,
 /** Return PS_TRUE if sigAlg is deemed insecure.
    Return PS_FALSE otherwise.
 */
-psBool_t psIsInsecureSigAlg(int32_t sigAlg, int keyAlgorithm, psSize_t keySize, psSize_t hashSize)
+psBool_t psIsInsecureSigAlg(int32_t sigAlg,
+        int keyAlgorithm,
+        psSize_t keySize,
+        psSize_t hashSize)
 {
    if (sigAlg == OID_MD2_RSA_SIG
            || sigAlg == OID_MD5_RSA_SIG
@@ -236,6 +255,69 @@ psBool_t psIsInsecureSigAlg(int32_t sigAlg, int keyAlgorithm, psSize_t keySize,
    return PS_FALSE;
 }

+/* Return PS_TRUE if hashLen is valid for sigAlg,
+   e.g. OID_SHA256_RSA_SIG requires hashLen == 32. */
+psBool_t psIsValidHashLenSigAlgCombination(psSize_t hashLen,
+    int32_t sigAlg)
+{
+    switch (sigAlg)
+    {
+#  ifdef USE_MD2
+    case OID_MD2_RSA_SIG:
+        if (hashLen != MD2_HASH_SIZE)
+        {
+            return PS_FALSE;
+        }
+        break;
+#  endif /* USE_MD2 */
+#  ifdef USE_MD5
+    case OID_MD5_RSA_SIG:
+        if (hashLen != MD5_HASH_SIZE)
+        {
+            return PS_FALSE;
+        }
+        break;
+#  endif /* USE_MD5 */
+    case OID_SHA1_RSA_SIG:
+        if (hashLen != SHA1_HASH_SIZE)
+        {
+            return PS_FALSE;
+        }
+        break;
+#ifdef USE_SHA224
+    case OID_SHA224_RSA_SIG:
+        if (hashLen != SHA224_HASH_SIZE)
+        {
+            return PS_FALSE;
+        }
+        break;
+#endif /* USE_SHA224 */
+    case OID_SHA256_RSA_SIG:
+        if (hashLen != SHA256_HASH_SIZE)
+        {
+            return PS_FALSE;
+        }
+        break;
+    case OID_SHA384_RSA_SIG:
+        if (hashLen != SHA384_HASH_SIZE)
+        {
+            return PS_FALSE;
+        }
+        break;
+    case OID_SHA512_RSA_SIG:
+        if (hashLen != SHA512_HASH_SIZE)
+        {
+            return PS_FALSE;
+        }
+        break;
+    default:
+        psTraceIntCrypto("Unsupported RSA signature alg: %d\n", sigAlg);
+        return PS_FALSE;
+    }
+
+    return PS_TRUE;
+}
+
 /** Given the name of a signature algorithm (section 4.3.2 in TLS 1.3
    draft #28), return its two-byte SignatureScheme identifier. */
 uint16_t psGetNamedSigAlgId(const char *name)
--- a/crypto/common/digest_info.c
+++ b/crypto/common/digest_info.c
@@ -0,0 +1,237 @@
+/**
+ *      @file    digest_info.c
+ *      @version $Format:%h%d$
+ *
+ *      Static DigestInfo prefixes and querying functions for PKCS #1.5.
+ */
+/*
+ *      Copyright (c) 2018 INSIDE Secure Corporation
+ *      Copyright (c) PeerSec Networks, 2002-2011
+ *      All Rights Reserved
+ *
+ *      The latest version of this code is available at http://www.matrixssl.org
+ *
+ *      This software is open source; you can redistribute it and/or modify
+ *      it under the terms of the GNU General Public License as published by
+ *      the Free Software Foundation; either version 2 of the License, or
+ *      (at your option) any later version.
+ *
+ *      This General Public License does NOT permit incorporating this software
+ *      into proprietary programs.  If you are unable to comply with the GPL, a
+ *      commercial license for this software may be purchased from INSIDE at
+ *      http://www.insidesecure.com/
+ *
+ *      This program is distributed in WITHOUT ANY WARRANTY; without even the
+ *      implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *      See the GNU General Public License for more details.
+ *
+ *      You should have received a copy of the GNU General Public License
+ *      along with this program; if not, write to the Free Software
+ *      Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ *      http://www.gnu.org/copyleft/gpl.html
+ */
+
+#include "../cryptoImpl.h"
+
+# ifdef USE_RSA
+
+/*
+  ASN.1 DER encoded DigestInfos.
+  In RSA signature verification, the prefix of the RSA-decrypted message
+  should be compared against one of these. The correct one can be fetched
+  with psGetDigestInfoPrefix, which takes in as arguments the sig alg ID
+  and the length of the decrypted message. Each DigestInfo has two variants:
+  one with optional NULL parameters in the AlgorithmIdentifier, the other
+  without.
+*/
+
+#  ifdef USE_MD2
+static const unsigned char PKCS1Dig_MD2[] =
+{
+    0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x02, 0x02, 0x05, 0x00, 0x04, 0x10
+};
+static const unsigned char PKCS1Dig_MD2_ALT[] =
+{
+    0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x02, 0x02, 0x04, 0x10
+};
+#  endif /* USE_MD2 */
+
+#  ifdef USE_MD5
+static const unsigned char PKCS1Dig_MD5[] =
+{
+    0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10
+};
+static const unsigned char PKCS1Dig_MD5_ALT[] =
+{
+    0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86,
+    0xf7, 0x0d, 0x02, 0x05, 0x04, 0x10
+};
+#  endif /* USE_MD5 */
+
+#  ifdef USE_SHA1
+static const unsigned char PKCS1Dig_SHA1[] =
+{
+    0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+    0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
+};
+static const unsigned char PKCS1Dig_SHA1_ALT[] =
+{
+    0x30, 0x1f, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+    0x02, 0x1a, 0x04, 0x14
+};
+#  endif /* USE_SHA1 */
+
+#ifdef USE_SHA224
+static const unsigned char PKCS1Dig_SHA224[] =
+{
+    0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+    0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1c
+};
+static const unsigned char PKCS1Dig_SHA224_ALT[] =
+{
+    0x30, 0x2b, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48,
+    0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x04, 0x1c
+};
+#  endif /* USE_SHA224 */
+
+#  ifdef USE_SHA256
+static const unsigned char PKCS1Dig_SHA256[] =
+{
+    0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+    0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
+};
+static const unsigned char PKCS1Dig_SHA256_ALT[] =
+{
+    0x30, 0x2f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48,
+    0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x04, 0x20
+};
+#  endif /* USE_SHA256 */
+
+#  ifdef USE_SHA384
+static const unsigned char PKCS1Dig_SHA384[] =
+{
+    0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+    0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30
+};
+static const unsigned char PKCS1Dig_SHA384_ALT[] =
+{
+    0x30, 0x3f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48,
+    0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x04, 0x30
+};
+#  endif /* USE_SHA384 */
+
+#  ifdef USE_SHA512
+static const unsigned char PKCS1Dig_SHA512[] =
+{
+    0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+    0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40
+};
+static const unsigned char PKCS1Dig_SHA512_ALT[] =
+{
+    0x30, 0x4f, 0x30, 0x0b, 0x06, 0x09, 0x60, 0x86, 0x48,
+    0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x04, 0x40
+};
+#  endif /* USE_SHA512 */
+
+const
+unsigned char *psGetDigestInfoPrefix(int32_t len,
+    int32_t sigAlg)
+{
+    switch (sigAlg)
+    {
+#  ifdef USE_MD2
+    case OID_MD2_RSA_SIG:
+        if (len == sizeof(PKCS1Dig_MD2) + MD2_HASH_SIZE)
+        {
+            return PKCS1Dig_MD2;
+        }
+        else if (len == sizeof(PKCS1Dig_MD2_ALT) + MD2_HASH_SIZE)
+        {
+            return PKCS1Dig_MD2_ALT;
+        }
+        break;
+#  endif /* USE_MD2 */
+#  ifdef USE_MD5
+    case OID_MD5_RSA_SIG:
+        if (len == sizeof(PKCS1Dig_MD5) + MD5_HASH_SIZE)
+        {
+            return PKCS1Dig_MD5;
+        }
+        else if (len == sizeof(PKCS1Dig_MD5_ALT) + MD5_HASH_SIZE)
+        {
+            return PKCS1Dig_MD5_ALT;
+        }
+        break;
+#  endif /* USE_MD5 */
+#  ifdef USE_SHA1
+    case OID_SHA1_RSA_SIG:
+        if (len == sizeof(PKCS1Dig_SHA1) + SHA1_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA1;
+        }
+        else if (len == sizeof(PKCS1Dig_SHA1_ALT) + SHA1_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA1_ALT;
+        }
+        break;
+#  endif /* USE_SHA1 */
+#  ifdef USE_SHA224
+    case OID_SHA224_RSA_SIG:
+        if (len == sizeof(PKCS1Dig_SHA224) + SHA224_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA224;
+        }
+        else if (len == sizeof(PKCS1Dig_SHA224_ALT) + SHA224_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA224_ALT;
+        }
+        break;
+#  endif /* USE_SHA224 */
+#  ifdef USE_SHA256
+    case OID_SHA256_RSA_SIG:
+        if (len == sizeof(PKCS1Dig_SHA256) + SHA256_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA256;
+        }
+        else if (len == sizeof(PKCS1Dig_SHA256_ALT) + SHA256_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA256_ALT;
+        }
+        break;
+#  endif /* USE_SHA256 */
+#  ifdef USE_SHA384
+    case OID_SHA384_RSA_SIG:
+        if (len == sizeof(PKCS1Dig_SHA384) + SHA384_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA384;
+        }
+        else if (len == sizeof(PKCS1Dig_SHA384_ALT) + SHA384_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA384_ALT;
+        }
+        break;
+#  endif /* USE_SHA384 */
+#  ifdef USE_SHA512
+    case OID_SHA512_RSA_SIG:
+        if (len == sizeof(PKCS1Dig_SHA512) + SHA512_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA512;
+        }
+        else if (len == sizeof(PKCS1Dig_SHA512_ALT) + SHA512_HASH_SIZE)
+        {
+            return PKCS1Dig_SHA512_ALT;
+        }
+        break;
+#  endif /* USE_SHA512 */
+    default:
+        psTraceCrypto("Unsupported RSA signature algorithm\n");
+        return NULL;
+    }
+
+    return NULL;
+}
+
+# endif /* USE_RSA */