diff options
| author | Andreas Steffen <andreas@strongswan.org> | 2009-09-13 21:41:51 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas@strongswan.org> | 2009-09-13 21:41:51 +0200 |
| commit | 210d287368be96d7af60d99dba50b0b4d3a909d0 (patch) | |
| tree | 0cb5319bf3a06bad766878a0a22bca8458787066 | |
| parent | ba274c23432f13c6b48fe054bbd0fc7a52bc1935 (diff) | |
| download | strongswan-210d287368be96d7af60d99dba50b0b4d3a909d0.tar.bz2 strongswan-210d287368be96d7af60d99dba50b0b4d3a909d0.tar.xz | |
extended hasher_signature_algorithm_to_oid() function
| -rw-r--r-- | src/libstrongswan/credentials/keys/public_key.h | 1 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/hashers/hasher.c | 64 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/hashers/hasher.h | 4 | ||||
| -rw-r--r-- | src/libstrongswan/crypto/pkcs7.c | 3 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 51 |
5 files changed, 47 insertions, 76 deletions
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index f490d1324..9ec3eb40c 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -28,6 +28,7 @@ typedef enum signature_scheme_t signature_scheme_t; #include <library.h> #include <utils/identification.h> +#include <credentials/keys/key_encoding.h> /** * Type of a key pair, the used crypto system diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index 4d6904e47..81750a519 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -104,36 +104,46 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg) /* * Described in header. */ -int hasher_signature_algorithm_to_oid(hash_algorithm_t alg) +int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) { - int oid; - - switch (alg) + switch (key) { - case HASH_MD2: - oid = OID_MD2_WITH_RSA; - break; - case HASH_MD5: - oid = OID_MD5_WITH_RSA; - break; - case HASH_SHA1: - oid = OID_SHA1_WITH_RSA; - break; - case HASH_SHA224: - oid = OID_SHA224_WITH_RSA; - break; - case HASH_SHA256: - oid = OID_SHA256_WITH_RSA; - break; - case HASH_SHA384: - oid = OID_SHA384_WITH_RSA; - break; - case HASH_SHA512: - oid = OID_SHA512_WITH_RSA; - break; + case KEY_RSA: + switch (alg) + { + case HASH_MD2: + return OID_MD2_WITH_RSA; + case HASH_MD5: + return OID_MD5_WITH_RSA; + case HASH_SHA1: + return OID_SHA1_WITH_RSA; + case HASH_SHA224: + return OID_SHA224_WITH_RSA; + case HASH_SHA256: + return OID_SHA256_WITH_RSA; + case HASH_SHA384: + return OID_SHA384_WITH_RSA; + case HASH_SHA512: + return OID_SHA512_WITH_RSA; + default: + return OID_UNKNOWN; + } + case KEY_ECDSA: + switch (alg) + { + case HASH_SHA1: + return OID_ECDSA_WITH_SHA1; + case HASH_SHA256: + return OID_ECDSA_WITH_SHA256; + case HASH_SHA384: + return OID_ECDSA_WITH_SHA384; + case HASH_SHA512: + return OID_ECDSA_WITH_SHA512; + default: + return OID_UNKNOWN; + } default: - oid = OID_UNKNOWN; + return OID_UNKNOWN; } - return oid; } diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 7bc67a577..1449f9792 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -27,6 +27,7 @@ typedef enum hash_algorithm_t hash_algorithm_t; typedef struct hasher_t hasher_t; #include <library.h> +#include <credentials/keys/public_key.h> /** * Algorithms to use for hashing. @@ -129,8 +130,9 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg); * Conversion of hash signature algorithm into ASN.1 OID. * * @param alg hash algorithm + * @param alg public key type * @return ASN.1 OID if, or OID_UNKNOW */ -int hasher_signature_algorithm_to_oid(hash_algorithm_t alg); +int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key); #endif /** HASHER_H_ @}*/ diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c index 52adbc851..2fcdf1c2c 100644 --- a/src/libstrongswan/crypto/pkcs7.c +++ b/src/libstrongswan/crypto/pkcs7.c @@ -825,7 +825,8 @@ bool build_envelopedData(private_pkcs7_t *this, x509_t *cert, bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key, hash_algorithm_t alg) { - int signature_oid = hasher_signature_algorithm_to_oid(alg); + int signature_oid = hasher_signature_algorithm_to_oid(alg, + private_key->get_type(private_key)); chunk_t authenticatedAttributes = chunk_empty; chunk_t encryptedDigest = chunk_empty; chunk_t signerInfo; diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 108d7b29f..58ee3c061 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1220,54 +1220,11 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, } /* select signature scheme */ - switch (sign_key->get_type(sign_key)) + cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg, + sign_key->get_type(sign_key)); + if (cert->algorithm == OID_UNKNOWN) { - case KEY_RSA: - switch (digest_alg) - { - case HASH_MD5: - cert->algorithm = OID_MD5_WITH_RSA; - break; - case HASH_SHA1: - cert->algorithm = OID_SHA1_WITH_RSA; - break; - case HASH_SHA224: - cert->algorithm = OID_SHA224_WITH_RSA; - break; - case HASH_SHA256: - cert->algorithm = OID_SHA256_WITH_RSA; - break; - case HASH_SHA384: - cert->algorithm = OID_SHA384_WITH_RSA; - break; - case HASH_SHA512: - cert->algorithm = OID_SHA512_WITH_RSA; - break; - default: - return FALSE; - } - break; - case KEY_ECDSA: - switch (digest_alg) - { - case HASH_SHA1: - cert->algorithm = OID_ECDSA_WITH_SHA1; - break; - case HASH_SHA256: - cert->algorithm = OID_ECDSA_WITH_SHA256; - break; - case HASH_SHA384: - cert->algorithm = OID_ECDSA_WITH_SHA384; - break; - case HASH_SHA512: - cert->algorithm = OID_ECDSA_WITH_SHA512; - break; - default: - return FALSE; - } - break; - default: - return FALSE; + return FALSE; } scheme = signature_scheme_from_oid(cert->algorithm); |