From 7f343eedfc0ef1b3eab8ded1d60e2abc82324a5e Mon Sep 17 00:00:00 2001 From: Thomas Pornin Date: Wed, 21 Jun 2017 15:19:32 +0200 Subject: [PATCH] Added encoded OID for hash functions (for use with PKCS#1 v1.5 signatures) into the public API. --- inc/bearssl_rsa.h | 30 ++++++++++++++++++++++++++++++ src/ssl/ssl_hs_client.c | 30 +++++------------------------- src/ssl/ssl_hs_client.t0 | 30 +++++------------------------- 3 files changed, 40 insertions(+), 50 deletions(-) diff --git a/inc/bearssl_rsa.h b/inc/bearssl_rsa.h index fc6cd00..3d5c26a 100644 --- a/inc/bearssl_rsa.h +++ b/inc/bearssl_rsa.h @@ -332,6 +332,36 @@ typedef uint32_t (*br_rsa_pkcs1_sign)(const unsigned char *hash_oid, const unsigned char *hash, size_t hash_len, const br_rsa_private_key *sk, unsigned char *x); +/** + * \brief Encoded OID for SHA-1 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA1 \ + ((const unsigned char *)"\x05\x2B\x0E\x03\x02\x1A") + +/** + * \brief Encoded OID for SHA-224 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA224 \ + ((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x04") + +/** + * \brief Encoded OID for SHA-256 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA256 \ + ((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x01") + +/** + * \brief Encoded OID for SHA-384 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA384 \ + ((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02") + +/** + * \brief Encoded OID for SHA-512 (in RSA PKCS#1 signatures). + */ +#define BR_HASH_OID_SHA512 \ + ((const unsigned char *)"\x09\x60\x86\x48\x01\x65\x03\x04\x02\x03") + /* * RSA "i32" engine. Integers are internally represented as arrays of * 32-bit integers, and the core multiplication primitive is the diff --git a/src/ssl/ssl_hs_client.c b/src/ssl/ssl_hs_client.c index 4338fc4..e3864c2 100644 --- a/src/ssl/ssl_hs_client.c +++ b/src/ssl/ssl_hs_client.c @@ -170,32 +170,12 @@ make_pms_rsa(br_ssl_client_context *ctx, int prf_id) /* * OID for hash functions in RSA signatures. */ -static const unsigned char HASH_OID_SHA1[] = { - 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A -}; - -static const unsigned char HASH_OID_SHA224[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04 -}; - -static const unsigned char HASH_OID_SHA256[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 -}; - -static const unsigned char HASH_OID_SHA384[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 -}; - -static const unsigned char HASH_OID_SHA512[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 -}; - static const unsigned char *HASH_OID[] = { - HASH_OID_SHA1, - HASH_OID_SHA224, - HASH_OID_SHA256, - HASH_OID_SHA384, - HASH_OID_SHA512 + BR_HASH_OID_SHA1, + BR_HASH_OID_SHA224, + BR_HASH_OID_SHA256, + BR_HASH_OID_SHA384, + BR_HASH_OID_SHA512 }; /* diff --git a/src/ssl/ssl_hs_client.t0 b/src/ssl/ssl_hs_client.t0 index 89da775..cfe5f78 100644 --- a/src/ssl/ssl_hs_client.t0 +++ b/src/ssl/ssl_hs_client.t0 @@ -115,32 +115,12 @@ make_pms_rsa(br_ssl_client_context *ctx, int prf_id) /* * OID for hash functions in RSA signatures. */ -static const unsigned char HASH_OID_SHA1[] = { - 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A -}; - -static const unsigned char HASH_OID_SHA224[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04 -}; - -static const unsigned char HASH_OID_SHA256[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 -}; - -static const unsigned char HASH_OID_SHA384[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 -}; - -static const unsigned char HASH_OID_SHA512[] = { - 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 -}; - static const unsigned char *HASH_OID[] = { - HASH_OID_SHA1, - HASH_OID_SHA224, - HASH_OID_SHA256, - HASH_OID_SHA384, - HASH_OID_SHA512 + BR_HASH_OID_SHA1, + BR_HASH_OID_SHA224, + BR_HASH_OID_SHA256, + BR_HASH_OID_SHA384, + BR_HASH_OID_SHA512 }; /* -- 2.17.1