Object Identifiers

From Crypto++ Wiki
Jump to: navigation, search

Object Identifiers are used extensively in cryptography and Crypto++ to identify common types of objects and parameters. The patch below adds OID and parameter support for ANSI X9.62 and WTLS curves. The patch also provides an output operator for the OID class, and adds the unknown OID to the UnknownOID class.

By default, only ANSI X9.62 from the 2005 standard and WTLS are included. If you want curves from the 1998 standard, then you must define CRYPTOPP_INCLUDE_X9_62_1998_CURVES. The define is already present in config.h, and you only need to uncomment it.

If you don't apply the patch and try to consume an ANSI X9.62 or WTLS curve, then you will receive a BER decode error: unknown object identifier.

Note well: this modification is not part of the Crypto++ library. You must download and apply the patch below.

Additional OIDs

The patch adds support for the following OID and named curve pairs:

  • ECP
    • 2.23.43.1.4.6, wtls6
    • 2.23.43.1.4.7, wtls7
    • 2.23.43.1.4.8, wtls8
    • 2.23.43.1.4.9, wtls9
    • 2.23.43.1.4.12, wtls12
  • EC2N
    • 1.2.840.10045.3.0.1, c2pnb163v1 (CRYPTOPP_INCLUDE_X9_62_1998_CURVES)
    • 1.2.840.10045.3.0.2, c2pnb163v2 (CRYPTOPP_INCLUDE_X9_62_1998_CURVES)
    • 1.2.840.10045.3.0.3, c2pnb163v3 (CRYPTOPP_INCLUDE_X9_62_1998_CURVES)
    • 1.2.840.10045.3.0.4, c2pnb176w1 (CRYPTOPP_INCLUDE_X9_62_1998_CURVES)
    • 1.2.840.10045.3.0.5, c2tnb191v1
    • 1.2.840.10045.3.0.6, c2tnb191v2
    • 1.2.840.10045.3.0.7, c2tnb191v3
    • 1.2.840.10045.3.0.10, c2pnb208w1 (CRYPTOPP_INCLUDE_X9_62_1998_CURVES)
    • 1.2.840.10045.3.0.11, c2tnb239v1
    • 1.2.840.10045.3.0.12, c2tnb239v2
    • 1.2.840.10045.3.0.13, c2tnb239v3
    • 1.2.840.10045.3.0.16, c2pnb272w1 (CRYPTOPP_INCLUDE_X9_62_1998_CURVES)
    • 1.2.840.10045.3.0.17, c2pnb304w1 (CRYPTOPP_INCLUDE_X9_62_1998_CURVES)
    • 1.2.840.10045.3.0.18, c2tnb359v1
    • 1.2.840.10045.3.0.19, c2pnb368w1 (CRYPTOPP_INCLUDE_X9_62_1998_CURVES)
    • 1.2.840.10045.3.0.20, c2tnb431r1
    • 2.23.43.1.4.1, wtls1
    • 2.23.43.1.4.3, wtls3
    • 2.23.43.1.4.4, wtls4
    • 2.23.43.1.4.5, wtls5
    • 2.23.43.1.4.10, wtls10
    • 2.23.43.1.4.11, wtls11

Patch Modifications

The patch modifies the following files. The changes can be found in the file oid.diff:

  • config.h - adds the CRYPTOPP_INCLUDE_X9_62_1998_CURVES define. Only curves from ANSI X9.62 2005 standard are included by default.
  • oid.h - declares the ANSI X9.62 and WTLS OIDs.
  • eccrypto.h and eccrypto.cpp - adds the ANSI X9.62 and WTLS OIDs and parameters.
  • validate.h, validat1.cpp and validat2.cpp - adds test cases to sanity check the mapping between OIDs and curve parameters. Use cryptest.exe v to execute them.

If you want to include ANSI X9.62 curves from the 1998 standard, then open config.h and uncomment CRYPTOPP_INCLUDE_X9_62_1998_CURVES.

The tests added for the ANSI X9.62 and WTLS curves also test the mapping of existing ANSI, NIST and Brainpool curve OIDs.

Using the OIDs

You can test the new OIDs with the following. First, create a WTLS Curve 8-based key with the following OpenSSL commands:

$ openssl ecparam -name wap-wsg-idm-ecid-wtls8 -genkey -noout \
    -out wtls8-priv.der -outform DER -conv_form compressed \
    -param_enc named_curve
$ openssl ec -in wtls8-priv.der -inform DER -outform DER \
    -conv_form compressed -out wtls8-pub.der -pubout
read EC key
writing EC key

Next, use the following to test the handling of the keys:

try
{
    AutoSeededRandomPool prng;

    ECDSA<ECP, SHA1>::Signer signer;
    ECDSA<ECP, SHA1>::Verifier verifier;

    cout << "Loading verifier key..." << endl;
    FileSource fs2("wtls8-pub.der", true);
    verifier.AccessKey().BERDecode(fs2);

    verifier.GetKey().Validate(prng, 3);
    cout << "Validated verifier key..." << endl;

    cout << "Loading signer key..." << endl;
    FileSource fs1("wtls8-priv.der", true);
    signer.AccessKey().BERDecodePrivateKey(fs1, false, (size_t)fs1.MaxRetrievable());

    signer.GetKey().Validate(prng, 3);
    cout << "Validated signer key..." << endl;
}
catch(const Exception& ex)
{
    cerr << ex.what() << endl;
}

If you have the PEM Pack installed, then you can create and test PEM encoded keys with:

$ openssl ecparam -name wap-wsg-idm-ecid-wtls8 -genkey -noout \
    -out wtls8-priv.pem -outform PEM -conv_form compressed \
    -param_enc named_curve
$ openssl ec -in wtls8-priv.pem -inform PEM -outform PEM \
    -conv_form compressed -out wtls8-pub.pem -pubout
read EC key
writing EC key

And:

try
{
    AutoSeededRandomPool prng;

    ECDSA<ECP, SHA1>::Signer signer;
    ECDSA<ECP, SHA1>::Verifier verifier;

    FileSource fs1("wtls8-priv.pem", true);
    FileSource fs2("wtls8-pub.pem", true);

    PEM_Load(fs1, signer.AccessKey());
    verifier.GetKey().Validate(prng, 3);
    cout << "Validated verifier key..." << endl;

    PEM_Load(fs2, verifier.AccessKey());
    signer.GetKey().Validate(prng, 3);
    cout << "Validated signer key..." << endl;
}
catch(const Exception& ex)
{
    cerr << ex.what() << endl;
}

Download

oids.zip - Updated Crypto++ files to add OID and parameter support for ANSI X9.62 and WTLS curves.