... | ... |
@@ -104,6 +104,12 @@ |
104 | 104 |
#define OID_2_16_840_1_101_3_4_2_1 "\x60\x86\x48\x01\x65\x03\x04\x02\x01" |
105 | 105 |
#define OID_sha256 OID_2_16_840_1_101_3_4_2_1 |
106 | 106 |
|
107 |
+#define OID_2_16_840_1_101_3_4_2_2 "\x60\x86\x48\x01\x65\x03\x04\x02\x02" |
|
108 |
+#define OID_sha384 OID_2_16_840_1_101_3_4_2_2 |
|
109 |
+ |
|
110 |
+#define OID_2_16_840_1_101_3_4_2_3 "\x60\x86\x48\x01\x65\x03\x04\x02\x03" |
|
111 |
+#define OID_sha512 OID_2_16_840_1_101_3_4_2_3 |
|
112 |
+ |
|
107 | 113 |
/* --------------------------------------------------------------------------- OIDS */ |
108 | 114 |
#define lenof(x) (sizeof((x))-1) |
109 | 115 |
|
... | ... |
@@ -360,6 +366,10 @@ static int asn1_expect_hash_algo(fmap_t *map, const void **asn1data, unsigned in |
360 | 360 |
* - OID_sha1WithRSAEncryption |
361 | 361 |
* - OID_md5WithRSAEncryption |
362 | 362 |
* - OID_sha256WithRSAEncryption |
363 |
+ * - OID_sha384 |
|
364 |
+ * - OID_sha384WithRSAEncryption |
|
365 |
+ * - OID_sha512 |
|
366 |
+ * - OID_sha512WithRSAEncryption |
|
363 | 367 |
*/ |
364 | 368 |
if(obj.size != lenof(OID_sha1) && obj.size != lenof(OID_md5) && obj.size != lenof(OID_sha256)) { |
365 | 369 |
cli_dbgmsg("asn1_expect_hash_algo: unsupported algorithm OID size for AlgorithmIdentifier\n"); |
... | ... |
@@ -381,6 +391,14 @@ static int asn1_expect_hash_algo(fmap_t *map, const void **asn1data, unsigned in |
381 | 381 |
(obj.size == lenof(OID_sha256WithRSAEncryption) && !memcmp(obj.content, OID_sha256WithRSAEncryption, lenof(OID_sha256WithRSAEncryption)))) { |
382 | 382 |
*hashtype = CLI_SHA256RSA; |
383 | 383 |
*hashsize = SHA256_HASH_SIZE; |
384 |
+ } else if((obj.size == lenof(OID_sha384) && !memcmp(obj.content, OID_sha384, lenof(OID_sha384))) || |
|
385 |
+ (obj.size == lenof(OID_sha384WithRSAEncryption) && !memcmp(obj.content, OID_sha384WithRSAEncryption, lenof(OID_sha384WithRSAEncryption)))) { |
|
386 |
+ *hashtype = CLI_SHA384RSA; |
|
387 |
+ *hashsize = SHA384_HASH_SIZE; |
|
388 |
+ } else if((obj.size == lenof(OID_sha512) && !memcmp(obj.content, OID_sha512, lenof(OID_sha512))) || |
|
389 |
+ (obj.size == lenof(OID_sha512WithRSAEncryption) && !memcmp(obj.content, OID_sha512WithRSAEncryption, lenof(OID_sha512WithRSAEncryption)))) { |
|
390 |
+ *hashtype = CLI_SHA512RSA; |
|
391 |
+ *hashsize = SHA512_HASH_SIZE; |
|
384 | 392 |
} else { |
385 | 393 |
cli_dbgmsg("asn1_expect_hash_algo: unknown digest OID in AlgorithmIdentifier\n"); |
386 | 394 |
return 1; |
... | ... |
@@ -39,6 +39,10 @@ |
39 | 39 |
#define OID_2_16_840_1_101_3_4_2_2 "\x60\x86\x48\x01\x65\x03\x04\x02\x02" |
40 | 40 |
#define OID_sha384 OID_2_16_840_1_101_3_4_2_2 |
41 | 41 |
|
42 |
+#define OID_2_16_840_1_101_3_4_2_3 "\x60\x86\x48\x01\x65\x03\x04\x02\x03" |
|
43 |
+#define OID_sha512 OID_2_16_840_1_101_3_4_2_3 |
|
44 |
+ |
|
45 |
+ |
|
42 | 46 |
int cli_crt_init(cli_crt *x509) { |
43 | 47 |
int ret; |
44 | 48 |
if((ret = mp_init_multi(&x509->n, &x509->e, &x509->sig, NULL))) { |
... | ... |
@@ -210,6 +214,8 @@ static int crtmgr_rsa_verify(cli_crt *x509, mp_int *sig, cli_crt_hashtype hashty |
210 | 210 |
hashlen = SHA256_HASH_SIZE; |
211 | 211 |
} else if (hashtype == CLI_SHA384RSA) { |
212 | 212 |
hashlen = SHA384_HASH_SIZE; |
213 |
+ } else if (hashtype == CLI_SHA512RSA) { |
|
214 |
+ hashlen = SHA512_HASH_SIZE; |
|
213 | 215 |
} else { |
214 | 216 |
cli_errmsg("crtmgr_rsa_verify: Unsupported hashtype: %d\n", hashtype); |
215 | 217 |
return 1; |
... | ... |
@@ -316,6 +322,13 @@ static int crtmgr_rsa_verify(cli_crt *x509, mp_int *sig, cli_crt_hashtype hashty |
316 | 316 |
break; |
317 | 317 |
} |
318 | 318 |
|
319 |
+ } else if (hashtype == CLI_SHA512RSA) { |
|
320 |
+ // Check for OID type indicating a length of 9, OID_sha512, and the NULL type/value |
|
321 |
+ if (0 != memcmp(&d[j], "\x06\x09" OID_sha512 "\x05\x00", 13)) { |
|
322 |
+ cli_dbgmsg("crtmgr_rsa_verify: invalid AlgorithmIdentifier block for SHA512 hash\n"); |
|
323 |
+ break; |
|
324 |
+ } |
|
325 |
+ |
|
319 | 326 |
} else { |
320 | 327 |
cli_errmsg("crtmgr_rsa_verify: FIXME ACAB - CRYPTO MISSING?\n"); |
321 | 328 |
break; |