RSA: MGF1 other than SHA1

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RSA: MGF1 other than SHA1

c.holper@ades.at
Hello!

I am working with XML-SEC and try to have RSA-encryption/decryption with
RSA-OAEP.

As far I can see Santuario (I use version 1.7.3 with Linux/C++) does it
with MGF1P SHA1.
I found constants for other MGF-digests but it seems the are not in use.

Can anyone give me short feedback, if it is possibe to get other digests
than SHA1?
Thanks!

Christoph
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: MGF1 other than SHA1

Cantor, Scott
> As far I can see Santuario (I use version 1.7.3 with Linux/C++) does it
> with MGF1P SHA1.

That's the default.

> Can anyone give me short feedback, if it is possibe to get other digests
> than SHA1?

Yes, it's possible. It will decrypt with whatever is in the message. Producing it is possible, I don't recall all the details.

There's also a separate layer of freedom with the MGF itself in the 1.1 variant of OAEP but that's less common.

--Scott

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: MGF1 other than SHA1

c.holper@ades.at
Thanks for your quick feedback!

Can you please give some more information?
I just found OAEP-MGF-constants in the code but they were never used.
I also found the different digests in the EncKey for OpenSSL but I did
not figure out how to make it work with others than SHA1.

Thanks!
Christoph


On 2016-07-07 21:31, Cantor, Scott wrote:

>> As far I can see Santuario (I use version 1.7.3 with Linux/C++) does it
>> with MGF1P SHA1.
> That's the default.
>
>> Can anyone give me short feedback, if it is possibe to get other digests
>> than SHA1?
> Yes, it's possible. It will decrypt with whatever is in the message. Producing it is possible, I don't recall all the details.
>
> There's also a separate layer of freedom with the MGF itself in the 1.1 variant of OAEP but that's less common.
>
> --Scott
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: MGF1 other than SHA1

Cantor, Scott
> I just found OAEP-MGF-constants in the code but they were never used.

The MGF stuff is not the same as the general digest stuff, and I don't know whether the alternative MGFs are supported or not, but I thought they were.

You're talking about these constants from the 1.1 spec?

    MGF1 with SHA1: http://www.w3.org/2009/xmlenc11#mgf1sha1
    MGF1 with SHA224: http://www.w3.org/2009/xmlenc11#mgf1sha224
    MGF1 with SHA256: http://www.w3.org/2009/xmlenc11#mgf1sha256
    MGF1 with SHA384: http://www.w3.org/2009/xmlenc11#mgf1sha384
    MGF1 with SHA512: http://www.w3.org/2009/xmlenc11#mgf1sha512

-- Scott


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: MGF1 other than SHA1

Cantor, Scott
In reply to this post by c.holper@ades.at
> I just found OAEP-MGF-constants in the code but they were never used.

Pretty sure that's wrong.

I see this code in the algorithm handler code for RSA-OAEP:

        const XMLCh* mgfalg = encryptionMethod->getMGF();
        if (mgfalg && *mgfalg) {
            maskGenerationFunc mgf;
            if (!XSECmapURIToMaskGenerationFunc(mgfalg, mgf)) {
                // error
            }
            rsa->setMGF(mgf);
        }

That should be mapping from the constants to the right MGF implementation, and those are in an enum in the constants header.

-- Scott

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: MGF1 other than SHA1

c.holper@ades.at
Thank you!
I found it and I think is works now.

Christoph

On 2016-07-07 22:16, Cantor, Scott wrote:

>> I just found OAEP-MGF-constants in the code but they were never used.
> Pretty sure that's wrong.
>
> I see this code in the algorithm handler code for RSA-OAEP:
>
>          const XMLCh* mgfalg = encryptionMethod->getMGF();
>          if (mgfalg && *mgfalg) {
>              maskGenerationFunc mgf;
>              if (!XSECmapURIToMaskGenerationFunc(mgfalg, mgf)) {
> // error
>              }
>              rsa->setMGF(mgf);
>          }
>
> That should be mapping from the constants to the right MGF implementation, and those are in an enum in the constants header.
>
> -- Scott
>

Loading...