Last Comment Bug 167605 - RFE: Implement SHA-256, SHA-384, SHA-512 and related algorithms
: RFE: Implement SHA-256, SHA-384, SHA-512 and related algorithms
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: unspecified
: All All
: P1 enhancement (vote)
: 3.8
Assigned To: Nelson Bolyard (seldom reads bugmail)
: Bishakha Banerjee
:
Mentors:
: 86106 (view as bug list)
Depends on:
Blocks: 181540
  Show dependency treegraph
 
Reported: 2002-09-09 15:53 PDT by Terry Hayes
Modified: 2003-01-21 19:09 PST (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Terry Hayes 2002-09-09 15:53:53 PDT
User-Agent:       Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
Build Identifier: 

FIPS 180-2 has been publised by NIST and will be effective in February 2003. It 
defines three new SHA-like secure hash functions that have longer output 
blocks. In particular, SHA-256 has a 256 bit output, which matches the security 
of 128-bit encryption algorithms.

The three algorithms and provisional OIDs are:

    SHA-256:    2.16.840.1.101.3.4.2.1
    SHA-384:    2.16.840.1.101.3.4.2.2
    SHA-512:    2.16.840.1.101.3.4.2.3

In addition, a signature algorithm based on SHA-256 with RSA encryption should 
be implemented.  The OID for this is not yet known.

These four algorithms (three SHA and one new signature algorithm) will need to 
have PKCS #11 mechanism types assigned for them as well.


Reproducible: Always

Steps to Reproduce:
Comment 1 Terry Hayes 2002-09-09 17:06:35 PDT
The OIDs for RSA signatures using the new hash algorithms are:

sha256WithRSAEncryption    OBJECT IDENTIFIER ::= { pkcs-1 11 }
sha384WithRSAEncryption    OBJECT IDENTIFIER ::= { pkcs-1 12 }
sha512WithRSAEncryption    OBJECT IDENTIFIER ::= { pkcs-1 13 }

These are from the new PKCS-1 v2.1 (published June 14, 2002)
Comment 2 Terry Hayes 2002-09-10 10:31:26 PDT
nelsonb@netscape.com is interested in implementing the new SHS algorithms.  
Adding him to the CC list.
Comment 3 Wan-Teh Chang 2002-09-10 11:13:21 PDT
*** Bug 86106 has been marked as a duplicate of this bug. ***
Comment 4 Wan-Teh Chang 2002-09-10 11:15:12 PDT
Assigned the bug to Nelson.  Tentatively target NSS 3.7.
Comment 5 Wan-Teh Chang 2002-12-06 11:08:51 PST
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Comment 6 Nelson Bolyard (seldom reads bugmail) 2003-01-21 19:09:48 PST
This work was checked in some time ago.

Note You need to log in before you can comment on or make changes to this bug.