extended hasher_signature_algorithm_to_oid() function
authorAndreas Steffen <andreas@strongswan.org>
Sun, 13 Sep 2009 19:41:51 +0000 (21:41 +0200)
committerAndreas Steffen <andreas@strongswan.org>
Sun, 13 Sep 2009 19:41:51 +0000 (21:41 +0200)
src/libstrongswan/credentials/keys/public_key.h
src/libstrongswan/crypto/hashers/hasher.c
src/libstrongswan/crypto/hashers/hasher.h
src/libstrongswan/crypto/pkcs7.c
src/libstrongswan/plugins/x509/x509_cert.c

index f490d13..9ec3eb4 100644 (file)
@@ -28,6 +28,7 @@ typedef enum signature_scheme_t signature_scheme_t;
 
 #include <library.h>
 #include <utils/identification.h>
+#include <credentials/keys/key_encoding.h>
 
 /**
  * Type of a key pair, the used crypto system
index 4d6904e..81750a5 100644 (file)
@@ -104,36 +104,46 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg)
 /*
  * Described in header.
  */
-int hasher_signature_algorithm_to_oid(hash_algorithm_t alg)
+int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key)
 {
-       int oid;
-
-       switch (alg)
+       switch (key)
        {
-               case HASH_MD2:
-                       oid = OID_MD2_WITH_RSA;
-                       break;
-               case HASH_MD5:
-                       oid = OID_MD5_WITH_RSA;
-                       break;
-               case HASH_SHA1:
-                       oid = OID_SHA1_WITH_RSA;
-                       break;
-               case HASH_SHA224:
-                       oid = OID_SHA224_WITH_RSA;
-                       break;
-               case HASH_SHA256:
-                       oid = OID_SHA256_WITH_RSA;
-                       break;
-               case HASH_SHA384:
-                       oid = OID_SHA384_WITH_RSA;
-                       break;
-               case HASH_SHA512:
-                       oid = OID_SHA512_WITH_RSA;
-                       break;
+               case KEY_RSA:
+                       switch (alg)
+                       {
+                               case HASH_MD2:
+                                       return OID_MD2_WITH_RSA;
+                               case HASH_MD5:
+                                       return OID_MD5_WITH_RSA;
+                               case HASH_SHA1:
+                                       return OID_SHA1_WITH_RSA;
+                               case HASH_SHA224:
+                                       return OID_SHA224_WITH_RSA;
+                               case HASH_SHA256:
+                                       return OID_SHA256_WITH_RSA;
+                               case HASH_SHA384:
+                                       return OID_SHA384_WITH_RSA;
+                               case HASH_SHA512:
+                                       return OID_SHA512_WITH_RSA;
+                               default:
+                                       return OID_UNKNOWN;
+                       }
+               case KEY_ECDSA:
+                       switch (alg)
+                       {
+                               case HASH_SHA1:
+                                       return OID_ECDSA_WITH_SHA1;
+                               case HASH_SHA256:
+                                       return OID_ECDSA_WITH_SHA256;
+                               case HASH_SHA384:
+                                       return OID_ECDSA_WITH_SHA384;
+                               case HASH_SHA512:
+                                       return OID_ECDSA_WITH_SHA512;
+                               default:
+                                       return OID_UNKNOWN;
+                       }
                default:
-                       oid = OID_UNKNOWN;
+                       return OID_UNKNOWN;
        }
-       return oid;
 }
 
index 7bc67a5..1449f97 100644 (file)
@@ -27,6 +27,7 @@ typedef enum hash_algorithm_t hash_algorithm_t;
 typedef struct hasher_t hasher_t;
 
 #include <library.h>
+#include <credentials/keys/public_key.h>
 
 /**
  * Algorithms to use for hashing.
@@ -129,8 +130,9 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg);
  * Conversion of hash signature algorithm into ASN.1 OID.
  *
  * @param alg                  hash algorithm
+ * @param alg                  public key type
  * @return                             ASN.1 OID if, or OID_UNKNOW
  */
-int hasher_signature_algorithm_to_oid(hash_algorithm_t alg);
+int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key);
 
 #endif /** HASHER_H_ @}*/
index 52adbc8..2fcdf1c 100644 (file)
@@ -825,7 +825,8 @@ bool build_envelopedData(private_pkcs7_t *this, x509_t *cert,
 bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key,
                                          hash_algorithm_t alg)
 {
-       int signature_oid = hasher_signature_algorithm_to_oid(alg);
+       int signature_oid = hasher_signature_algorithm_to_oid(alg,
+                                                       private_key->get_type(private_key));
        chunk_t authenticatedAttributes = chunk_empty;
        chunk_t encryptedDigest = chunk_empty;
        chunk_t signerInfo;
index 108d7b2..58ee3c0 100644 (file)
@@ -1220,54 +1220,11 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
        }
 
        /* select signature scheme */
-       switch (sign_key->get_type(sign_key))
+       cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg,
+                                                               sign_key->get_type(sign_key));
+       if (cert->algorithm == OID_UNKNOWN)
        {
-               case KEY_RSA:
-                       switch (digest_alg)
-                       {
-                               case HASH_MD5:
-                                       cert->algorithm = OID_MD5_WITH_RSA;
-                                       break;
-                               case HASH_SHA1:
-                                       cert->algorithm = OID_SHA1_WITH_RSA;
-                                       break;
-                               case HASH_SHA224:
-                                       cert->algorithm = OID_SHA224_WITH_RSA;
-                                       break;
-                               case HASH_SHA256:
-                                       cert->algorithm = OID_SHA256_WITH_RSA;
-                                       break;
-                               case HASH_SHA384:
-                                       cert->algorithm = OID_SHA384_WITH_RSA;
-                                       break;
-                               case HASH_SHA512:
-                                       cert->algorithm = OID_SHA512_WITH_RSA;
-                                       break;
-                               default:
-                                       return FALSE;
-                       }
-                       break;
-               case KEY_ECDSA:
-                       switch (digest_alg)
-                       {
-                               case HASH_SHA1:
-                                       cert->algorithm = OID_ECDSA_WITH_SHA1;
-                                       break;
-                               case HASH_SHA256:
-                                       cert->algorithm = OID_ECDSA_WITH_SHA256;
-                                       break;
-                               case HASH_SHA384:
-                                       cert->algorithm = OID_ECDSA_WITH_SHA384;
-                                       break;
-                               case HASH_SHA512:
-                                       cert->algorithm = OID_ECDSA_WITH_SHA512;
-                                       break;
-                               default:
-                                       return FALSE;
-                       }
-                       break;
-               default:
-                       return FALSE;
+               return FALSE;
        }
        scheme = signature_scheme_from_oid(cert->algorithm);