x509_t.build_encoding() now supports any hash algorithm
authorAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 22 Jan 2008 01:32:12 +0000 (01:32 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Tue, 22 Jan 2008 01:32:12 +0000 (01:32 -0000)
src/libstrongswan/crypto/x509.c

index 60ab53d..022f15c 100755 (executable)
@@ -1381,23 +1381,42 @@ static chunk_t x509_build_tbs(private_x509_t *this)
 static void build_encoding(private_x509_t *this, hash_algorithm_t alg,
                                                   rsa_private_key_t *private_key)
 {
-       chunk_t tbs_cert, rawSignature, signature;
-       u_char *pos;
-
-       this->signatureAlgorithm = OID_SHA1_WITH_RSA;
-       tbs_cert = x509_build_tbs(this);
-       private_key->build_emsa_pkcs1_signature(private_key, alg, tbs_cert,
-                                                                                       &rawSignature);
+       switch (alg)
+       {
+               case HASH_MD5:
+                       this->signatureAlgorithm = OID_MD5_WITH_RSA;
+                       break;
+               case HASH_SHA1:
+               default:
+                       this->signatureAlgorithm = OID_SHA1_WITH_RSA;
+                       break;
+               case HASH_SHA256:
+                       this->signatureAlgorithm = OID_SHA256_WITH_RSA;
+                       break;
+               case HASH_SHA384:
+                       this->signatureAlgorithm = OID_SHA384_WITH_RSA;
+                       break;
+               case HASH_SHA512:
+                       this->signatureAlgorithm = OID_SHA512_WITH_RSA;
+       }
+       this->tbsCertificate = x509_build_tbs(this);
+       {
+               chunk_t rawSignature;
+               u_char *pos;
 
-       pos = build_asn1_object(&signature, ASN1_BIT_STRING, 1 + rawSignature.len);
-       *pos++ = 0x00;
-       memcpy(pos, rawSignature.ptr, rawSignature.len);
-       free(rawSignature.ptr);
+               private_key->build_emsa_pkcs1_signature(private_key, alg,
+                                               this->tbsCertificate,   &rawSignature);
 
+               pos = build_asn1_object(&this->signature, ASN1_BIT_STRING,
+                                                1 + rawSignature.len);
+               *pos++ = 0x00;
+               memcpy(pos, rawSignature.ptr, rawSignature.len);
+               free(rawSignature.ptr);
+       }
     this->certificate = asn1_wrap(ASN1_SEQUENCE, "mcm",
-                               tbs_cert,
+                               this->tbsCertificate,
                                asn1_algorithmIdentifier(this->signatureAlgorithm),
-                               signature);
+                               this->signature);
 
 }