#include <library.h>
#include <utils/identification.h>
+#include <credentials/keys/key_encoding.h>
/**
* Type of a key pair, the used crypto system
/*
* Described in header.
*/
-int hasher_signature_algorithm_to_oid(hash_algorithm_t alg)
+int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
{
- int oid;
-
- switch (alg)
+ switch (key)
{
- case HASH_MD2:
- oid = OID_MD2_WITH_RSA;
- break;
- case HASH_MD5:
- oid = OID_MD5_WITH_RSA;
- break;
- case HASH_SHA1:
- oid = OID_SHA1_WITH_RSA;
- break;
- case HASH_SHA224:
- oid = OID_SHA224_WITH_RSA;
- break;
- case HASH_SHA256:
- oid = OID_SHA256_WITH_RSA;
- break;
- case HASH_SHA384:
- oid = OID_SHA384_WITH_RSA;
- break;
- case HASH_SHA512:
- oid = OID_SHA512_WITH_RSA;
- break;
+ case KEY_RSA:
+ switch (alg)
+ {
+ case HASH_MD2:
+ return OID_MD2_WITH_RSA;
+ case HASH_MD5:
+ return OID_MD5_WITH_RSA;
+ case HASH_SHA1:
+ return OID_SHA1_WITH_RSA;
+ case HASH_SHA224:
+ return OID_SHA224_WITH_RSA;
+ case HASH_SHA256:
+ return OID_SHA256_WITH_RSA;
+ case HASH_SHA384:
+ return OID_SHA384_WITH_RSA;
+ case HASH_SHA512:
+ return OID_SHA512_WITH_RSA;
+ default:
+ return OID_UNKNOWN;
+ }
+ case KEY_ECDSA:
+ switch (alg)
+ {
+ case HASH_SHA1:
+ return OID_ECDSA_WITH_SHA1;
+ case HASH_SHA256:
+ return OID_ECDSA_WITH_SHA256;
+ case HASH_SHA384:
+ return OID_ECDSA_WITH_SHA384;
+ case HASH_SHA512:
+ return OID_ECDSA_WITH_SHA512;
+ default:
+ return OID_UNKNOWN;
+ }
default:
- oid = OID_UNKNOWN;
+ return OID_UNKNOWN;
}
- return oid;
}
typedef struct hasher_t hasher_t;
#include <library.h>
+#include <credentials/keys/public_key.h>
/**
* Algorithms to use for hashing.
* Conversion of hash signature algorithm into ASN.1 OID.
*
* @param alg hash algorithm
+ * @param alg public key type
* @return ASN.1 OID if, or OID_UNKNOW
*/
-int hasher_signature_algorithm_to_oid(hash_algorithm_t alg);
+int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key);
#endif /** HASHER_H_ @}*/
bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
hash_algorithm_t alg)
{
- int signature_oid = hasher_signature_algorithm_to_oid(alg);
+ int signature_oid = hasher_signature_algorithm_to_oid(alg,
+ private_key->get_type(private_key));
chunk_t authenticatedAttributes = chunk_empty;
chunk_t encryptedDigest = chunk_empty;
chunk_t signerInfo;
}
/* select signature scheme */
- switch (sign_key->get_type(sign_key))
+ cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg,
+ sign_key->get_type(sign_key));
+ if (cert->algorithm == OID_UNKNOWN)
{
- case KEY_RSA:
- switch (digest_alg)
- {
- case HASH_MD5:
- cert->algorithm = OID_MD5_WITH_RSA;
- break;
- case HASH_SHA1:
- cert->algorithm = OID_SHA1_WITH_RSA;
- break;
- case HASH_SHA224:
- cert->algorithm = OID_SHA224_WITH_RSA;
- break;
- case HASH_SHA256:
- cert->algorithm = OID_SHA256_WITH_RSA;
- break;
- case HASH_SHA384:
- cert->algorithm = OID_SHA384_WITH_RSA;
- break;
- case HASH_SHA512:
- cert->algorithm = OID_SHA512_WITH_RSA;
- break;
- default:
- return FALSE;
- }
- break;
- case KEY_ECDSA:
- switch (digest_alg)
- {
- case HASH_SHA1:
- cert->algorithm = OID_ECDSA_WITH_SHA1;
- break;
- case HASH_SHA256:
- cert->algorithm = OID_ECDSA_WITH_SHA256;
- break;
- case HASH_SHA384:
- cert->algorithm = OID_ECDSA_WITH_SHA384;
- break;
- case HASH_SHA512:
- cert->algorithm = OID_ECDSA_WITH_SHA512;
- break;
- default:
- return FALSE;
- }
- break;
- default:
- return FALSE;
+ return FALSE;
}
scheme = signature_scheme_from_oid(cert->algorithm);