The MS CRYPTOAPI 2.0 users guide ( Base Provider Algorithms and SSL3 Client Authentication Algorithm in the MSDN library ) writes about an SSL3_SHAMD5 hash algorithms based on the combination of SHA and MD5 with a 36 bytes value used by the Microsoft schannel.dll when performing client authentication with SSL3 in the Microsoft Internet Explorer. MS Cryptographic Service Providers users guide ( interoperabillity with RSA CSPs and Digital Signature Mechanics ) writes Signature Sample and PKCS Hash Algorithm Encodings but nothing about the SSL3_SHAMD5 hash ASN1 encoding.
Here is what happens when try to connect to an https page on a server
site secured by APACHE SSL with the IE4 calling my CSP.
When IE4 connect to the https server SCHANNEL call my CSP's functions
in the following order:
1) CPAquireContext: with the CRYPT_VERIFYCONTEXT flag and current user name (no problem)
2) CPImportKey: with a PUBLICKEYBLOB type BLOB, I think that this is the https server's public key.
3) CPCreateHash: with ALG_ID equal to CALG_SSL3_SHAMD5
4) CPSetHashParam: with HP_HASHVAL param and a 36 byte Hash value (20
SHA +
16 MD5), here is the first strange thing, Microsoft in the SSL
Client Authentication Algorithm writes that to build an SSL3_SHAMD5
Hash value we need to create two hash object, one MD5 and one SHA, then
append the MD5 value to the SHA value and set the SSL3_SHAMD5 hash value
to the resulting 36 bytes, the strange is that this is not the IE4 procedure
infact SSL3_SHAMD5 value is set without the previous creation and setting
of an MD5 and SHA hash object and value.
So the first question is from where it comes and how is built this
36 bytes hash value?
5) CPVerifySignature: with the above SSL3_SHAMD5 Hash and Server's public
key, and with a signature
encrypted with the corresponding private key, here my first
problem is that i don't have an hash type to pass to the RSA_verify function
(this is not big problem if I use the RSA_public_decrypt), after the public
decryption and strip of the padding data, the result is not an ASN1
DER DigestInfo object encoding but the 36 bytes of the SSL3_SHAMD5 hash
value (the asn1_GetSequence function fail). My brother Remo sustains that
this signature data doesn't come from the Apache SSL server but I think
that this is impossible because the signature is encrypted with the private
key corresponding with the previous imported public key. I don't
know exactly all the SSL3 protocol but in the SSLeay lib i didn't find
any reference to the SSL3_SHAMD5 algorithm.
The second question is: From where comes and how is built the
passed signature?
Is the SSL3_SHAMD5 implemented in the SSLeay lib and if yes how it works?
Maybe is possible that I did not understand or forgot something about
the PKCS1 and SSL standard but everything in this signature and hash algorithm
looks quite strange.
Thanks to anyone with answers, comments or sougestions and excuse me
for the too long message.
Sergio Tabanelli
[EMAIL PROTECTED]
