diff options
author | Tobias Brunner <tobias@strongswan.org> | 2017-10-24 13:49:14 +0200 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2017-11-08 16:48:10 +0100 |
commit | 3fc66e574358f7a6e8529e3cbeab28beae6d8fc9 (patch) | |
tree | 28a5afe718e9914f1deb8f22ba852430638532f3 | |
parent | eae80fdedc9b71f0a5a9619110e5fa8769c3112c (diff) | |
download | strongswan-3fc66e574358f7a6e8529e3cbeab28beae6d8fc9.tar.bz2 strongswan-3fc66e574358f7a6e8529e3cbeab28beae6d8fc9.tar.xz |
ikev2: Use helpers to build signature auth data
-rw-r--r-- | src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c | 44 |
1 files changed, 4 insertions, 40 deletions
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index b34b5085f..578a32902 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -63,9 +63,7 @@ struct private_pubkey_authenticator_t { static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type, signature_params_t *params) { - chunk_t parameters = chunk_empty; uint8_t len; - int oid; if (!auth_data->len) { @@ -73,27 +71,9 @@ static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type, } len = auth_data->ptr[0]; *auth_data = chunk_skip(*auth_data, 1); - oid = asn1_parse_algorithmIdentifier(*auth_data, 1, ¶meters); - params->scheme = signature_scheme_from_oid(oid); - switch (params->scheme) + if (!signature_params_parse(*auth_data, 1, params)) { - case SIGN_UNKNOWN: - return FALSE; - case SIGN_RSA_EMSA_PSS: - { - rsa_pss_params_t *pss = malloc_thing(rsa_pss_params_t); - - if (!rsa_pss_params_parse(parameters, 0, pss)) - { - DBG1(DBG_IKE, "failed parsing RSASSA-PSS parameters"); - free(pss); - return FALSE; - } - params->params = pss; - break; - } - default: - break; + return FALSE; } *key_type = key_type_from_signature_scheme(params->scheme); *auth_data = chunk_skip(*auth_data, len); @@ -106,30 +86,14 @@ static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type, static bool build_signature_auth_data(chunk_t *auth_data, signature_params_t *params) { - chunk_t data, parameters = chunk_empty; + chunk_t data; uint8_t len; - int oid; - oid = signature_scheme_to_oid(params->scheme); - if (oid == OID_UNKNOWN) + if (!signature_params_build(params, &data)) { chunk_free(auth_data); return FALSE; } - if (params->scheme == SIGN_RSA_EMSA_PSS && - !rsa_pss_params_build(params->params, ¶meters)) - { - chunk_free(auth_data); - return FALSE; - } - if (parameters.len) - { - data = asn1_algorithmIdentifier_params(oid, parameters); - } - else - { - data = asn1_algorithmIdentifier(oid); - } len = data.len; *auth_data = chunk_cat("cmm", chunk_from_thing(len), data, *auth_data); return TRUE; |