Re: SHA-256 support
On 11/18/2013 07:00 AM, Gervase Markham wrote: Hi everyone, Following Microsoft's announcement re: SHA-1, some CAs are asking browser and OS vendors about the ubiquity of SHA-256 support. It would be a help to them if we could say: - Which version of NSS first supported SHA-256 Gerv, SHA-256 isn't the only algorithm of interest here. The latest Windows Root Certificate Program requirements [1] permit CAs to use SHA-256, SHA-384 and SHA-512. Unsurprisingly, these 3 functions from the SHA-2 family are what the Windows CryptoAPI actually supports (since XP SP3). On 19/11/13 02:20, Robert Relyea wrote: I think it's safe to say if your NSS ap is newer than a decade old, you have SHA-2 support. The one caveat is that SHA-224 support was added much later, but SHA-256, SHA-384, and SHA-512 have all been supported for a while. SHA-224 isn't supported by CryptoAPI, and CAs aren't permitted (by [1]) to use it anyway. Ditto for the SHA-512/224, SHA-512/256 and SHA-512/t functions that were added to the SHA-2 specification [2] last year. [1] http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx [2] http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf -- Rob Stradling Senior Research Development Scientist COMODO - Creating Trust Online -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: SHA-256 support
On 11/19/2013 02:50 AM, Rob Stradling wrote: On 11/18/2013 07:00 AM, Gervase Markham wrote: Hi everyone, Following Microsoft's announcement re: SHA-1, some CAs are asking browser and OS vendors about the ubiquity of SHA-256 support. It would be a help to them if we could say: - Which version of NSS first supported SHA-256 Gerv, SHA-256 isn't the only algorithm of interest here. The latest Windows Root Certificate Program requirements [1] permit CAs to use SHA-256, SHA-384 and SHA-512. Unsurprisingly, these 3 functions from the SHA-2 family are what the Windows CryptoAPI actually supports (since XP SP3). My evaluation on when we supported SHA-2 covers all 3 hash functions. On 19/11/13 02:20, Robert Relyea wrote: I think it's safe to say if your NSS ap is newer than a decade old, you have SHA-2 support. The one caveat is that SHA-224 support was added much later, but SHA-256, SHA-384, and SHA-512 have all been supported for a while. SHA-224 isn't supported by CryptoAPI, and CAs aren't permitted (by [1]) to use it anyway. Ditto for the SHA-512/224, SHA-512/256 and SHA-512/t functions that were added to the SHA-2 specification [2] last year. We don't support the truncated* SHA-512 functions (other than SHA-384). SHA-224 is a truncated* SHA-256. * truncated hashes also have their own initialization vector, so SHA-224(x) != trunc(SHA-256(x)) even though SHA-224 uses the same base algorithm. [1] http://social.technet.microsoft.com/wiki/contents/articles/1760.windows-root-certificate-program-technical-requirements-version-2-0.aspx [2] http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf smime.p7s Description: S/MIME Cryptographic Signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: SHA-256 support
On 11/19/2013 10:40 AM, Wan-Teh Chang wrote: Bob's answer is accurate. Note that CAs are more interested in SHA-2 based signature support rather than plain SHA-2 support. So another way to track down the NSS version is to look at the CVS history of the secvfy.c file: http://bonsai.mozilla.org/cvslog.cgi?file=mozilla/security/nss/lib/cryptohi/secvfy.crev=HEADmark=1.30 The relevant revisions are: 1.7 nelsonb%netscape.com2002-12-11 22:05 Support SHA256, SHA384, and SHA512 hashes in NSS. 1.14 wtchang%redhat.com2005-08-12 16:50 Bugzilla Bug 296410: enlarge the buffer size for message digest so that we can generate and verify signatures that use SHA-512. 1.17 rrelyea%redhat.com2006-02-07 22:14 Bug 320583 Support for SHA256/384/512 with ECC signing So it is safe to say that by mid 2006 (NSS 3.11.1, released on 2006-05-05) the support of SHA-2 based signatures in NSS was already stable and complete, covering both RSA and ECDSA signatures. This would map to*: Firefox 2.0.0.1 Thunderbird 1.5.0.10 Mozilla 1.9a1 Seamonkey 1.0.8 Another evidence of mature support is the FIPS 140-2 validation of NSS 3.11.4 (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#814). A very conservative response would be NSS 3.11.4 (http://www-archive.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-release-notes.html) and later. This yields the same list (it looks like mozilla picked up 3.11.5 as the first nss 3.11 build it shipped). * Source, the cvs log for nss.h, the one file known to change for every release (because it has the NSS version numbers). Wan-Teh smime.p7s Description: S/MIME Cryptographic Signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
SHA-256 support
Hi everyone, Following Microsoft's announcement re: SHA-1, some CAs are asking browser and OS vendors about the ubiquity of SHA-256 support. It would be a help to them if we could say: - Which version of NSS first supported SHA-256 - Which versions of Mozilla/Firefox/SeaMonkey/Thunderbird that translates to They can use the NSS version number info to work out the answer for other NSS-using applications. Is anyone from the NSS team able to easily provide that info? I could go repo and Bugzilla-mining, but I'd be worried about making a mistake. Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: SHA-256 support
SHA-256 was added in NSS 3.8 , according to : http://www-archive.mozilla.org/projects/security/pki/nss/ On 11/18/2013 07:00, Gervase Markham wrote: Hi everyone, Following Microsoft's announcement re: SHA-1, some CAs are asking browser and OS vendors about the ubiquity of SHA-256 support. It would be a help to them if we could say: - Which version of NSS first supported SHA-256 - Which versions of Mozilla/Firefox/SeaMonkey/Thunderbird that translates to They can use the NSS version number info to work out the answer for other NSS-using applications. Is anyone from the NSS team able to easily provide that info? I could go repo and Bugzilla-mining, but I'd be worried about making a mistake. Gerv -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: SHA-256 support
On 11/18/2013 07:00 AM, Gervase Markham wrote: Hi everyone, Following Microsoft's announcement re: SHA-1, some CAs are asking browser and OS vendors about the ubiquity of SHA-256 support. It would be a help to them if we could say: - Which version of NSS first supported SHA-256 I quick look at the cvs logs shows that it was supported at least by nss 3.7. (There's an NSS_3_7_RTM tag for revision 1.4 for sha512.c, which has sha512, sha384, and sha256 support). - Which versions of Mozilla/Firefox/SeaMonkey/Thunderbird that translates to The cvs logs include tags for various Mozilla/Firefox/Thunderbird/Seamonkey releases (the code predates mozilla's move to hg). The earliest mozilla release was Mozilla 1.3. The earliest thunderbird release was 0.2 (essentially every thunderbird release). The earliest firefox release was 0.8 (essentially every release of firefox). The earliest seamonkey was 1.0 (again, essentially every release of seamonkey). They can use the NSS version number info to work out the answer for other NSS-using applications. Yes, though the upshot is if your nss-based ap isn't Netscape or AOL branded, it almost certainly has SHA-2 support. (heck even AOL branded things like photon has the SHA-2 support). Is anyone from the NSS team able to easily provide that info? I could go repo and Bugzilla-mining, but I'd be worried about making a mistake. SHA-256/SHA-512 code has been in for a very long time. Nelson checked in the initial revision around Nov 2002, and the first NSS release (3.7) was sometime between Nov 2002 and Mar 2003. The change predates the mass tri-license work done in 2004 (I see gerv's tri-license changes in the logs). I think it's safe to say if your NSS ap is newer than a decade old, you have SHA-2 support. The one caveat is that SHA-224 support was added much later, but SHA-256, SHA-384, and SHA-512 have all been supported for a while. Gerv smime.p7s Description: S/MIME Cryptographic Signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto