Correct the SHA-3 PKCSv1.5 IDs

Thanks to @noloader for pointing me at draft-jivsov-openpgp-sha3-01 which has the correct values. Adds a test so this can't happen again.
author: Jack Lloyd <[email protected]> 2017-10-05 11:27:28 -0400
committer: Jack Lloyd <[email protected]> 2017-10-05 11:27:28 -0400
commit: 91430f402a1ccd23f5c8fea6ee25b12628dc3700 (patch)
tree: 99132818cba51729d517700e126261997afab716 /src
parent: 0cf2e5491e8f7297face6d011752969100e725ab (diff)
4 files changed, 109 insertions, 5 deletions
diff --git a/src/build-data/oids.txt b/src/build-data/oids.txt
index c4b367226..4ac586240 100644
--- a/src/build-data/oids.txt
+++ b/src/build-data/oids.txt
@@ -68,6 +68,8 @@
 
 1.3.14.3.2.26 = SHA-160
 
+1.3.36.3.2.1 = RIPEMD-160
+
 # From NIST:
 2.16.840.1.101.3.4.2.1 = SHA-256
 2.16.840.1.101.3.4.2.2 = SHA-384
diff --git a/src/lib/asn1/oids.cpp b/src/lib/asn1/oids.cpp
index 396670ede..ae9b2eb36 100644
--- a/src/lib/asn1/oids.cpp
+++ b/src/lib/asn1/oids.cpp
@@ -1,7 +1,7 @@
 /*
 * OID maps
 *
-* This file was automatically generated by ./src/scripts/oids.py on 2017-07-05
+* This file was automatically generated by ./src/scripts/oids.py on 2017-10-05
 *
 * All manual edits to this file will be lost. Edit the script
 * then regenerate this source file.
@@ -93,6 +93,7 @@ std::string lookup(const OID& oid)
    if(oid_str == "1.3.132.1.12") return "ECDH";
    if(oid_str == "1.3.14.3.2.26") return "SHA-160";
    if(oid_str == "1.3.14.3.2.7") return "DES/CBC";
+   if(oid_str == "1.3.36.3.2.1") return "RIPEMD-160";
    if(oid_str == "1.3.36.3.3.1.2") return "RSA/EMSA3(RIPEMD-160)";
    if(oid_str == "1.3.36.3.3.2.5.2.1") return "ECGDSA";
    if(oid_str == "1.3.36.3.3.2.5.4.1") return "ECGDSA/EMSA1(RIPEMD-160)";
@@ -308,6 +309,7 @@ OID lookup(const std::string& name)
    if(name == "PKIX.TimeStamping") return OID("1.3.6.1.5.5.7.3.8");
    if(name == "PKIX.XMPPAddr") return OID("1.3.6.1.5.5.7.8.5");
    if(name == "RC2/CBC") return OID("1.2.840.113549.3.2");
+   if(name == "RIPEMD-160") return OID("1.3.36.3.2.1");
    if(name == "RSA") return OID("1.2.840.113549.1.1.1");
    if(name == "RSA/EMSA3(MD5)") return OID("1.2.840.113549.1.1.4");
    if(name == "RSA/EMSA3(RIPEMD-160)") return OID("1.3.36.3.3.1.2");
diff --git a/src/lib/pk_pad/hash_id/hash_id.cpp b/src/lib/pk_pad/hash_id/hash_id.cpp
index ce92ad5e9..ec317f969 100644
--- a/src/lib/pk_pad/hash_id/hash_id.cpp
+++ b/src/lib/pk_pad/hash_id/hash_id.cpp
@@ -45,16 +45,20 @@ const uint8_t SHA_512_256_PKCS_ID[] = {
 0x65, 0x03, 0x04, 0x02, 0x06, 0x05, 0x00, 0x04, 0x20 };
 
 const uint8_t SHA3_224_PKCS_ID[] = {
-0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0D };
+0x30, 0x2D, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+0x03, 0x04, 0x02, 0x07, 0x05, 0x00, 0x04, 0x1C };
 
 const uint8_t SHA3_256_PKCS_ID[] = {
-0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0E };
+0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+0x03, 0x04, 0x02, 0x08, 0x05, 0x00, 0x04, 0x20 };
 
 const uint8_t SHA3_384_PKCS_ID[] = {
-0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x0F };
+0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+0x03, 0x04, 0x02, 0x09, 0x05, 0x00, 0x04, 0x30 };
 
 const uint8_t SHA3_512_PKCS_ID[] = {
-0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x10 };
+0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65,
+0x03, 0x04, 0x02, 0x0A, 0x05, 0x00, 0x04, 0x40 };
 
 const uint8_t SM3_PKCS_ID[] = {
 0x30, 0x30, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF,
@@ -76,6 +80,8 @@ std::vector<uint8_t> pkcs_hash_id(const std::string& name)
    if(name == "Parallel(MD5,SHA-160)")
       return std::vector<uint8_t>();
 
+   // If you add a value to this function, also update test_hash_id.cpp
+
    if(name == "MD5")
       return std::vector<uint8_t>(MD5_PKCS_ID,
                                MD5_PKCS_ID + sizeof(MD5_PKCS_ID));
diff --git a/src/tests/test_hash_id.cpp b/src/tests/test_hash_id.cpp
new file mode 100644
index 000000000..9a8565a16
--- /dev/null
+++ b/src/tests/test_hash_id.cpp
@@ -0,0 +1,94 @@
+/*
+* (C) 2017 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#if defined(BOTAN_HAS_HASH_ID) && defined(BOTAN_HAS_ASN1)
+  #include <botan/hash_id.h>
+  #include <botan/der_enc.h>
+  #include <botan/alg_id.h>
+  #include <botan/oids.h>
+#endif
+
+namespace Botan_Tests {
+
+#if defined(BOTAN_HAS_HASH_ID) && defined(BOTAN_HAS_ASN1)
+
+class PKCS_HashID_Test : public Test
+   {
+   public:
+      std::vector<Test::Result> run() override
+         {
+         const std::vector<std::pair<std::string,size_t>> hash_id_fns = {
+            {"MD5", 16},
+            {"RIPEMD-160", 20},
+            {"SHA-160", 20},
+            {"SHA-224", 28},
+            {"SHA-256", 32},
+            {"SHA-384", 48},
+            {"SHA-512", 64},
+            {"SHA-512-256", 32},
+            {"SHA-3(224)", 28},
+            {"SHA-3(256)", 32},
+            {"SHA-3(384)", 48},
+            {"SHA-3(512)", 64},
+            {"SM3", 32},
+            {"Tiger(24,3)", 24}
+         };
+
+         std::vector<Test::Result> results;
+
+         for(auto hash_info : hash_id_fns)
+            {
+            const std::string hash_fn = hash_info.first;
+            const size_t hash_len = hash_info.second;
+
+            Test::Result result("PKCS hash id for " + hash_fn);
+
+            try
+               {
+               const std::vector<uint8_t> pkcs_id = Botan::pkcs_hash_id(hash_fn);
+
+               const Botan::OID oid = Botan::OIDS::lookup(hash_fn);
+               const Botan::AlgorithmIdentifier alg(oid, Botan::AlgorithmIdentifier::USE_NULL_PARAM);
+               const std::vector<uint8_t> dummy_hash(hash_len);
+
+               Botan::DER_Encoder der;
+               der.start_cons(Botan::SEQUENCE).encode(alg).encode(dummy_hash, Botan::OCTET_STRING).end_cons();
+               const std::vector<uint8_t> bits = der.get_contents_unlocked();
+
+               result.test_eq("Dummy hash is expected size", bits.size() - pkcs_id.size(), dummy_hash.size());
+
+               for(size_t i = pkcs_id.size(); i != bits.size(); ++i)
+                  {
+                  if(bits[i] != 0)
+                     {
+                     result.test_failure("Dummy hash had nonzero value");
+                     break;
+                     }
+                  }
+
+               std::vector<uint8_t> encoded_id(bits.begin(), bits.begin() + pkcs_id.size());
+
+               result.test_eq("Encoded ID matches hardcoded", encoded_id, pkcs_id);
+
+               }
+            catch(Botan::Exception& e)
+               {
+               result.test_failure(e.what());
+               }
+
+            results.push_back(result);
+            }
+
+         return results;
+         }
+   };
+
+BOTAN_REGISTER_TEST("pkcs_hash_id", PKCS_HashID_Test);
+#endif
+
+}
author	Jack Lloyd <[email protected]>	2017-10-05 11:27:28 -0400
committer	Jack Lloyd <[email protected]>	2017-10-05 11:27:28 -0400
commit	91430f402a1ccd23f5c8fea6ee25b12628dc3700 (patch)
tree	99132818cba51729d517700e126261997afab716 /src
parent	0cf2e5491e8f7297face6d011752969100e725ab (diff)