diff options
| author | Martin Willi <martin@strongswan.org> | 2009-06-15 14:47:39 +0200 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2009-06-15 14:47:39 +0200 |
| commit | 04b348f61aba752678eb98bf10c53359f601cb5e (patch) | |
| tree | c1c2b49d759ee0bba3afdc0bd87fe99bfb85dbcf /src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c | |
| parent | 3176e4421fef0e75efe824b4103cfd8774f775d6 (diff) | |
| download | strongswan-04b348f61aba752678eb98bf10c53359f601cb5e.tar.bz2 strongswan-04b348f61aba752678eb98bf10c53359f601cb5e.tar.xz | |
implemented IKEv1 specific SIGN_RSA_EMSA_PKCS1_NULL scheme in gcrypt
Diffstat (limited to 'src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c')
| -rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index d622a1fe1..b9b7d8bf7 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -83,7 +83,54 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name) } /** - * Implementation of gcrypt_rsa_private_key_t.build_emsa_pkcs1_signature. + * Sign a chunk of data with direct PKCS#1 encoding, no hash OID + */ +static bool sign_raw(private_gcrypt_rsa_private_key_t *this, + chunk_t data, chunk_t *signature) +{ + gcry_sexp_t in, out; + gcry_error_t err; + chunk_t em; + size_t k; + + /* EM = 0x00 || 0x01 || PS || 0x00 || T + * PS = 0xFF padding, with length to fill em + * T = data + */ + k = gcry_pk_get_nbits(this->key) / 8; + if (data.len > k - 3) + { + return FALSE; + } + em = chunk_alloc(k); + memset(em.ptr, 0xFF, em.len); + em.ptr[0] = 0x00; + em.ptr[1] = 0x01; + em.ptr[em.len - data.len - 1] = 0x00; + memcpy(em.ptr + em.len - data.len, data.ptr, data.len); + + err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))", + em.len, em.ptr); + chunk_free(&em); + if (err) + { + DBG1("building signature S-expression failed: %s", gpg_strerror(err)); + return FALSE; + } + err = gcry_pk_sign(&out, in, this->key); + gcry_sexp_release(in); + if (err) + { + DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err)); + return FALSE; + } + *signature = gcrypt_rsa_find_token(out, "s"); + gcry_sexp_release(out); + return !!signature->len; +} + +/** + * Sign a chunk of data using hashing and PKCS#1 encoding */ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, char *hash_name, @@ -144,6 +191,8 @@ static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t sche { switch (scheme) { + case SIGN_RSA_EMSA_PKCS1_NULL: + return sign_raw(this, data, sig); case SIGN_RSA_EMSA_PKCS1_SHA1: return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig); case SIGN_RSA_EMSA_PKCS1_SHA256: |