Is SHA3 supported with RSASSA signature?

[Prinz Valium II]

Hello everybody,

I hope this question wasn't asked before. Haven't found anything. I must calculate the RSASSA-PSS signature of a SHA3 hash. Is this supported by CryptoPP? I only found MD5, SHA1 abd SHA2 / RSASSA-PSS.

Thanks in advance for your support,
Rolf

[Jeffrey Walton]

On Wednesday, October 4, 2017 at 3:17:34 AM UTC-4, Prinz Valium II wrote:

Hello everybody,

I hope this question wasn't asked before. Haven't found anything. I must calculate the RSASSA-PSS signature of a SHA3 hash. Is this supported by CryptoPP? I only found MD5, SHA1 abd SHA2 / RSASSA-PSS.

Crypto++ does support SHA3. I believe Wei added it to the library at 5.6.2. However, we are missing OIDs for the hash when used in the signature scheme. It compiles fine, but link fails.

It looks like NIST has some OIDs for the SHA-3 family at https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration . Give us a few hours to cut them in. Then, this will work for you:

    $ cat test.cxx
    #include "rsa.h"
    #include "sha3.h"

    using namespace CryptoPP;
    typedef RSASS<PKCS1v15, SHA3_256>::Signer RSASSA_PKCS1v15_SHA3_Signer;
    typedef RSASS<PKCS1v15, SHA3_256>::Verifier RSASSA_PKCS1v15_SHA3_Verifier;

    int main()
    {
        RSASSA_PKCS1v15_SHA3_Signer signer;
   
        return 0;
    }

Jeff

[Jeffrey Walton]

On Wednesday, October 4, 2017 at 8:26:55 AM UTC-4, Jeffrey Walton wrote:

On Wednesday, October 4, 2017 at 3:17:34 AM UTC-4, Prinz Valium II wrote:

Hello everybody,

I hope this question wasn't asked before. Haven't found anything. I must calculate the RSASSA-PSS signature of a SHA3 hash. Is this supported by CryptoPP? I only found MD5, SHA1 abd SHA2 / RSASSA-PSS.

Crypto++ does support SHA3. I believe Wei added it to the library at 5.6.2. However, we are missing OIDs for the hash when used in the signature scheme. It compiles fine, but link fails.

It looks like NIST has some OIDs for the SHA-3 family at https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration . Give us a few hours to cut them in. Then, this will work for you:

We are tracking this at https://github.com/weidai11/cryptopp/issues/517.

Jeff

[Jeffrey Walton]

OK, I found a reference to the SHA3 prefixes I was looking for at https://www.ietf.org/mail-archive/web/openpgp/current/msg08215.html. We should have something checked-in shortly.

Jeff

[Jeffrey Walton]

I hope this question wasn't asked before. Haven't found anything. I must calculate the RSASSA-PSS signature of a SHA3 hash. Is this supported by CryptoPP? I only found MD5, SHA1 abd SHA2 / RSASSA-PSS.

Crypto++ does support SHA3. I believe Wei added it to the library at 5.6.2. However, we are missing OIDs for the hash when used in the signature scheme. It compiles fine, but link fails.

It looks like NIST has some OIDs for the SHA-3 family at https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration . Give us a few hours to cut them in. Then, this will work for you:

We are tracking this at https://github.com/weidai11/cryptopp/issues/517.

OK, I found a reference to the SHA3 prefixes I was looking for at https://www.ietf.org/mail-archive/web/openpgp/current/msg08215.html. We should have something checked-in shortly.

It looks like we need this change to support the forward declarations of SHA3 on some OS X machines. I'm going to check it in along with the other changes.

If anyone has a problem, then please let me know or add a comment to Issue 517. The OIDs and the specializations have been a mild painpoint on OS X for some time.

Jeff

$ git diff sha3.h
diff --git a/sha3.h b/sha3.h
index abf11f4..ca08716 100644
--- a/sha3.h
+++ b/sha3.h
...
@@ -75,19 +75,31 @@ private:

 //! \brief SHA3-224 message digest
 //! \since Crypto++ 5.6.2
-typedef SHA3_Final<28> SHA3_224;
+// typedef SHA3_Final<28> SHA3_224;
+struct SHA3_224 : public SHA3_Final<28>
+{
+};

 //! \brief SHA3-256 message digest
 //! \since Crypto++ 5.6.2
-typedef SHA3_Final<32> SHA3_256;
diff --git a/sha3.h b/sha3.h
index abf11f4..ca08716 100644
--- a/sha3.h
+++ b/sha3.h
@@ -52,9 +52,9 @@ protected:
 };

 //! \class SHA3_224
-//! \tparam T_DigestSize controls the digest size as a template parameter inste
ad of a per-class constant
-//! \brief SHA3-X message digest, template for more fine-grained typedefs
-//! \since Crypto++ 6.0.0
+//! \brief SHA3 message digest template
+//! \tparam T_DigestSize the size of the digest, in bytes
+//! \since Crypto++ 5.6.2
 template<unsigned int T_DigestSize>
 class SHA3_Final : public SHA3
 {
@@ -75,19 +75,31 @@ private:

 //! \brief SHA3-224 message digest
 //! \since Crypto++ 5.6.2
-typedef SHA3_Final<28> SHA3_224;
+// typedef SHA3_Final<28> SHA3_224;
+struct SHA3_224 : public SHA3_Final<28>
+{
+};

 //! \brief SHA3-256 message digest
 //! \since Crypto++ 5.6.2
-typedef SHA3_Final<32> SHA3_256;
+// typedef SHA3_Final<32> SHA3_256;
+struct SHA3_256 : public SHA3_Final<32>
+{
+};

 //! \brief SHA3-384 message digest
 //! \since Crypto++ 5.6.2
-typedef SHA3_Final<48> SHA3_384;
+// typedef SHA3_Final<48> SHA3_384;
+struct SHA3_384 : public SHA3_Final<48>
+{
+};

 //! \brief SHA3-512 message digest
 //! \since Crypto++ 5.6.2
-typedef SHA3_Final<64> SHA3_512;
+// typedef SHA3_Final<64> SHA3_512;
+struct SHA3_512 : public SHA3_Final<64>
+{
+};

 NAMESPACE_END

[Jeffrey Walton]

I hope this question wasn't asked before. Haven't found anything. I must calculate the RSASSA-PSS signature of a SHA3 hash. Is this supported by CryptoPP? I only found MD5, SHA1 abd SHA2 / RSASSA-PSS.

I think we cleared what we could at Commit https://github.com/weidai11/cryptopp/commit/1d0df34ae830. The limitation is, I could only find OIDs for some of PKCS #1 and SHA3-256, SHA3-384 and SHA3-512.

We might be missing some support. At the moment I am not sure what needs to be done for https://github.com/weidai11/cryptopp/blob/master/pkcspad.cpp#L56.

    ...
    template<> const byte EMSA2HashId<SHA256>::id = 0x34;
    template<> const byte EMSA2HashId<SHA384>::id = 0x36;
    template<> const byte EMSA2HashId<SHA512>::id = 0x35;

I checked Botan and I did not see support for SHA3 in its OID registry. Jack is usually very good about these sorts of things, so I'm guessing there's nothing in the standards right now.

If you can dig up the additional OIDs, then we would be happy to add them. Someone on the IETF's SAAG list may be able to help. Also see https://www.ietf.org/mailman/listinfo/saag.

Jeff

[Jeffrey Walton]

On Wednesday, October 4, 2017 at 3:17:34 AM UTC-4, Prinz Valium II wrote:

Hello everybody,

I hope this question wasn't asked before. Haven't found anything. I must calculate the RSASSA-PSS signature of a SHA3 hash. Is this supported by CryptoPP? I only found MD5, SHA1 abd SHA2 / RSASSA-PSS.

By the way, Botan also has support for SHA3-based signatures. Also see https://botan.randombit.net/.

Jeff