diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-02-21 13:08:45 +0000 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2007-02-21 13:08:45 +0000 |
| commit | 9f6a17a444425efb631a994da1802fdac6bb9d27 (patch) | |
| tree | 878374d2403a2b1120e8e01446c3269e9e1fb06e | |
| parent | cd3958f86a7a531c4deea0ec4cc8c554f572e30a (diff) | |
| download | strongswan-9f6a17a444425efb631a994da1802fdac6bb9d27.tar.bz2 strongswan-9f6a17a444425efb631a994da1802fdac6bb9d27.tar.xz | |
handle strong SHA-2 signatures in X.509 certificates
| -rw-r--r-- | src/pluto/oid.txt | 6 | ||||
| -rw-r--r-- | src/pluto/pkcs1.c | 59 |
2 files changed, 52 insertions, 13 deletions
diff --git a/src/pluto/oid.txt b/src/pluto/oid.txt index eed46d59d..e8750024e 100644 --- a/src/pluto/oid.txt +++ b/src/pluto/oid.txt @@ -155,9 +155,9 @@ 0x03 "csor" 0x04 "nistalgorithm" 0x02 "hashalgs" - 0x01 "id-SHA-256" - 0x02 "id-SHA-384" - 0x03 "id-SHA-512" + 0x01 "id-SHA-256" OID_SHA256 + 0x02 "id-SHA-384" OID_SHA384 + 0x03 "id-SHA-512" OID_SHA512 0x86 "" 0xf8 "" 0x42 "netscape" diff --git a/src/pluto/pkcs1.c b/src/pluto/pkcs1.c index 413938976..ade5fdd94 100644 --- a/src/pluto/pkcs1.c +++ b/src/pluto/pkcs1.c @@ -21,6 +21,7 @@ #include <string.h> #include <freeswan.h> +#include <libsha2/sha2.h> #include "constants.h" #include "defs.h" @@ -290,29 +291,31 @@ compute_digest(chunk_t tbs, int alg, chunk_t *digest) { switch (alg) { - case OID_MD2: - case OID_MD2_WITH_RSA: + case OID_MD2: + case OID_MD2_WITH_RSA: { MD2_CTX context; + MD2Init(&context); MD2Update(&context, tbs.ptr, tbs.len); MD2Final(digest->ptr, &context); digest->len = MD2_DIGEST_SIZE; return TRUE; } - case OID_MD5: - case OID_MD5_WITH_RSA: + case OID_MD5: + case OID_MD5_WITH_RSA: { MD5_CTX context; + MD5Init(&context); MD5Update(&context, tbs.ptr, tbs.len); MD5Final(digest->ptr, &context); digest->len = MD5_DIGEST_SIZE; return TRUE; } - case OID_SHA1: - case OID_SHA1_WITH_RSA: - case OID_SHA1_WITH_RSA_OIW: + case OID_SHA1: + case OID_SHA1_WITH_RSA: + case OID_SHA1_WITH_RSA_OIW: { SHA1_CTX context; @@ -322,9 +325,45 @@ compute_digest(chunk_t tbs, int alg, chunk_t *digest) digest->len = SHA1_DIGEST_SIZE; return TRUE; } - default: - digest->len = 0; - return FALSE; + case OID_SHA256: + case OID_SHA256_WITH_RSA: + { + sha256_context context; + + sha256_init(&context); + sha256_write(&context, tbs.ptr, tbs.len); + sha256_final(&context); + memcpy(digest->ptr, context.sha_out, SHA2_256_DIGEST_SIZE); + digest->len = SHA2_256_DIGEST_SIZE; + return TRUE; + } + case OID_SHA384: + case OID_SHA384_WITH_RSA: + { + sha512_context context; + + sha384_init(&context); + sha512_write(&context, tbs.ptr, tbs.len); + sha512_final(&context); + memcpy(digest->ptr, context.sha_out, SHA2_384_DIGEST_SIZE); + digest->len = SHA2_384_DIGEST_SIZE; + return TRUE; + } + case OID_SHA512: + case OID_SHA512_WITH_RSA: + { + sha512_context context; + + sha512_init(&context); + sha512_write(&context, tbs.ptr, tbs.len); + sha512_final(&context); + memcpy(digest->ptr, context.sha_out, SHA2_512_DIGEST_SIZE); + digest->len = SHA2_512_DIGEST_SIZE; + return TRUE; + } + default: + digest->len = 0; + return FALSE; } } |