add support for ecdsa-with-sha256 etc.
authorNils Larsch <nils@openssl.org>
Wed, 20 Dec 2006 08:58:54 +0000 (08:58 +0000)
committerNils Larsch <nils@openssl.org>
Wed, 20 Dec 2006 08:58:54 +0000 (08:58 +0000)
CHANGES
crypto/ec/ec_ameth.c
crypto/ec/ec_pmeth.c
crypto/evp/m_sha1.c
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/obj_xref.txt
crypto/objects/objects.txt

diff --git a/CHANGES b/CHANGES
index 4eba78a..d6739a2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.8e and 0.9.9  [xx XXX xxxx]
 
+  *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
+     [Nils Larsch]
+
   *) Initial incomplete changes to avoid need for function casts in OpenSSL
      when OPENSSL_NO_FCAST is set: some compilers (gcc 4.2 and later) reject
      their use. Safestack is reimplemented using inline functions: tests show
index e52a347..6c46afb 100644 (file)
@@ -577,12 +577,17 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
                case ASN1_PKEY_CTRL_PKCS7_SIGN:
                if (arg1 == 0)
                        {
+                       int snid, hnid;
                        X509_ALGOR *alg1, *alg2;
                        PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
-                       X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_sha1),
-                                                       V_ASN1_NULL, 0);
-                       X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ecdsa_with_SHA1),
-                                                       V_ASN1_NULL, 0);
+                       if (alg1 == NULL || alg1->algorithm == NULL)
+                               return -1;
+                       hnid = OBJ_obj2nid(alg1->algorithm);
+                       if (hnid == NID_undef)
+                               return -1;
+                       if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                               return -1; 
+                       X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
                        }
                return 1;
 
index 4621e76..3f137b8 100644 (file)
@@ -220,7 +220,11 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                return 1;
 
                case EVP_PKEY_CTRL_MD:
-               if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1)
+               if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
                        {
                        ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
                        return 0;
index 41c8d3d..cbb44ab 100644 (file)
@@ -119,7 +119,7 @@ static const EVP_MD sha224_md=
        NID_sha224,
        NID_sha224WithRSAEncryption,
        SHA224_DIGEST_LENGTH,
-       0,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
        init224,
        update256,
        final256,
@@ -138,7 +138,7 @@ static const EVP_MD sha256_md=
        NID_sha256,
        NID_sha256WithRSAEncryption,
        SHA256_DIGEST_LENGTH,
-       0,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
        init256,
        update256,
        final256,
@@ -169,7 +169,7 @@ static const EVP_MD sha384_md=
        NID_sha384,
        NID_sha384WithRSAEncryption,
        SHA384_DIGEST_LENGTH,
-       0,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
        init384,
        update512,
        final512,
@@ -188,7 +188,7 @@ static const EVP_MD sha512_md=
        NID_sha512,
        NID_sha512WithRSAEncryption,
        SHA512_DIGEST_LENGTH,
-       0,
+       EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
        init512,
        update512,
        final512,
index 78a91f3..7e0a63c 100644 (file)
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 827
-#define NUM_SN 823
-#define NUM_LN 823
-#define NUM_OBJ 779
+#define NUM_NID 833
+#define NUM_SN 829
+#define NUM_LN 829
+#define NUM_OBJ 785
 
-static unsigned char lvalues[5496]={
+static unsigned char lvalues[5542]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -847,6 +847,12 @@ static unsigned char lvalues[5496]={
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,     /* [5471] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5479] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5487] OBJ_id_GostR3410_2001_ParamSet_cc */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,          /* [5495] OBJ_ecdsa_with_Recommended */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,          /* [5502] OBJ_ecdsa_with_Specified */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,     /* [5509] OBJ_ecdsa_with_SHA224 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,     /* [5517] OBJ_ecdsa_with_SHA256 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,     /* [5525] OBJ_ecdsa_with_SHA384 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,     /* [5533] OBJ_ecdsa_with_SHA512 */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2184,6 +2190,18 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"id-GostR3410-2001-ParamSet-cc",
        "GOST R 3410-2001 Parameter Set Cryptocom",
        NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5487]),0},
+{"ecdsa-with-Recommended","ecdsa-with-Recommended",
+       NID_ecdsa_with_Recommended,7,&(lvalues[5495]),0},
+{"ecdsa-with-Specified","ecdsa-with-Specified",
+       NID_ecdsa_with_Specified,7,&(lvalues[5502]),0},
+{"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8,
+       &(lvalues[5509]),0},
+{"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8,
+       &(lvalues[5517]),0},
+{"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8,
+       &(lvalues[5525]),0},
+{"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8,
+       &(lvalues[5533]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -2434,7 +2452,13 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[470]),/* "documentVersion" */
 &(nid_objs[392]),/* "domain" */
 &(nid_objs[452]),/* "domainRelatedObject" */
+&(nid_objs[827]),/* "ecdsa-with-Recommended" */
 &(nid_objs[416]),/* "ecdsa-with-SHA1" */
+&(nid_objs[829]),/* "ecdsa-with-SHA224" */
+&(nid_objs[830]),/* "ecdsa-with-SHA256" */
+&(nid_objs[831]),/* "ecdsa-with-SHA384" */
+&(nid_objs[832]),/* "ecdsa-with-SHA512" */
+&(nid_objs[828]),/* "ecdsa-with-Specified" */
 &(nid_objs[48]),/* "emailAddress" */
 &(nid_objs[132]),/* "emailProtection" */
 &(nid_objs[389]),/* "enterprises" */
@@ -3281,7 +3305,13 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[113]),/* "dsaWithSHA1" */
 &(nid_objs[70]),/* "dsaWithSHA1-old" */
 &(nid_objs[297]),/* "dvcs" */
+&(nid_objs[827]),/* "ecdsa-with-Recommended" */
 &(nid_objs[416]),/* "ecdsa-with-SHA1" */
+&(nid_objs[829]),/* "ecdsa-with-SHA224" */
+&(nid_objs[830]),/* "ecdsa-with-SHA256" */
+&(nid_objs[831]),/* "ecdsa-with-SHA384" */
+&(nid_objs[832]),/* "ecdsa-with-SHA512" */
+&(nid_objs[828]),/* "ecdsa-with-Specified" */
 &(nid_objs[48]),/* "emailAddress" */
 &(nid_objs[632]),/* "encrypted track 2" */
 &(nid_objs[56]),/* "extendedCertificateAttributes" */
@@ -4175,6 +4205,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
 &(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
 &(nid_objs[416]),/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
+&(nid_objs[827]),/* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
+&(nid_objs[828]),/* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
 &(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
 &(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
 &(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
@@ -4256,6 +4288,10 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[413]),/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
 &(nid_objs[414]),/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
 &(nid_objs[415]),/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
+&(nid_objs[829]),/* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
+&(nid_objs[830]),/* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
+&(nid_objs[831]),/* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
+&(nid_objs[832]),/* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
 &(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
 &(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
 &(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
index 6766c28..c471c2f 100644 (file)
 #define NID_ecdsa_with_SHA1            416
 #define OBJ_ecdsa_with_SHA1            OBJ_X9_62_id_ecSigType,1L
 
+#define SN_ecdsa_with_Recommended              "ecdsa-with-Recommended"
+#define NID_ecdsa_with_Recommended             827
+#define OBJ_ecdsa_with_Recommended             OBJ_X9_62_id_ecSigType,2L
+
+#define SN_ecdsa_with_Specified                "ecdsa-with-Specified"
+#define NID_ecdsa_with_Specified               828
+#define OBJ_ecdsa_with_Specified               OBJ_X9_62_id_ecSigType,3L
+
+#define SN_ecdsa_with_SHA224           "ecdsa-with-SHA224"
+#define NID_ecdsa_with_SHA224          829
+#define OBJ_ecdsa_with_SHA224          OBJ_ecdsa_with_Specified,1L
+
+#define SN_ecdsa_with_SHA256           "ecdsa-with-SHA256"
+#define NID_ecdsa_with_SHA256          830
+#define OBJ_ecdsa_with_SHA256          OBJ_ecdsa_with_Specified,2L
+
+#define SN_ecdsa_with_SHA384           "ecdsa-with-SHA384"
+#define NID_ecdsa_with_SHA384          831
+#define OBJ_ecdsa_with_SHA384          OBJ_ecdsa_with_Specified,3L
+
+#define SN_ecdsa_with_SHA512           "ecdsa-with-SHA512"
+#define NID_ecdsa_with_SHA512          832
+#define OBJ_ecdsa_with_SHA512          OBJ_ecdsa_with_Specified,4L
+
 #define OBJ_secg_ellipticCurve         OBJ_certicom_arc,0L
 
 #define SN_secp112r1           "secp112r1"
index 57917a7..147bfc1 100644 (file)
@@ -824,3 +824,9 @@ id_GostR3410_2001_cc                823
 id_GostR3411_94_with_GostR3410_94_cc           824
 id_GostR3411_94_with_GostR3410_2001_cc         825
 id_GostR3410_2001_ParamSet_cc          826
+ecdsa_with_Recommended         827
+ecdsa_with_Specified           828
+ecdsa_with_SHA224              829
+ecdsa_with_SHA256              830
+ecdsa_with_SHA384              831
+ecdsa_with_SHA512              832
index a90e0c5..01a0adb 100644 (file)
@@ -26,6 +26,12 @@ dsaWithSHA1          sha1    dsa
 dsaWithSHA1_2          sha1    dsa_2
 
 ecdsa_with_SHA1                sha1    X9_62_id_ecPublicKey
+ecdsa_with_SHA224      sha224  X9_62_id_ecPublicKey
+ecdsa_with_SHA256      sha256  X9_62_id_ecPublicKey
+ecdsa_with_SHA384      sha384  X9_62_id_ecPublicKey
+ecdsa_with_SHA512      sha512  X9_62_id_ecPublicKey
+ecdsa_with_Recommended undef   X9_62_id_ecPublicKey
+ecdsa_with_Specified   undef   X9_62_id_ecPublicKey
 
 id_GostR3411_94_with_GostR3410_2001    id_GostR3411_94 id_GostR3410_2001
 id_GostR3411_94_with_GostR3410_94      id_GostR3411_94 id_GostR3410_94
index aea67eb..7425196 100644 (file)
@@ -75,6 +75,12 @@ X9-62_primeCurve 7           : prime256v1
 !Alias id-ecSigType ansi-X9-62 4
 !global
 X9-62_id-ecSigType 1           : ecdsa-with-SHA1
+X9-62_id-ecSigType 2           : ecdsa-with-Recommended
+X9-62_id-ecSigType 3           : ecdsa-with-Specified
+ecdsa-with-Specified 1         : ecdsa-with-SHA224
+ecdsa-with-Specified 2         : ecdsa-with-SHA256
+ecdsa-with-Specified 3         : ecdsa-with-SHA384
+ecdsa-with-Specified 4         : ecdsa-with-SHA512
 
 # SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
 # (http://www.secg.org/)