static void build_encoding(private_x509_t *this, hash_algorithm_t alg,
rsa_private_key_t *private_key)
{
- chunk_t tbs_cert, rawSignature, signature;
- u_char *pos;
-
- this->signatureAlgorithm = OID_SHA1_WITH_RSA;
- tbs_cert = x509_build_tbs(this);
- private_key->build_emsa_pkcs1_signature(private_key, alg, tbs_cert,
- &rawSignature);
+ switch (alg)
+ {
+ case HASH_MD5:
+ this->signatureAlgorithm = OID_MD5_WITH_RSA;
+ break;
+ case HASH_SHA1:
+ default:
+ this->signatureAlgorithm = OID_SHA1_WITH_RSA;
+ break;
+ case HASH_SHA256:
+ this->signatureAlgorithm = OID_SHA256_WITH_RSA;
+ break;
+ case HASH_SHA384:
+ this->signatureAlgorithm = OID_SHA384_WITH_RSA;
+ break;
+ case HASH_SHA512:
+ this->signatureAlgorithm = OID_SHA512_WITH_RSA;
+ }
+ this->tbsCertificate = x509_build_tbs(this);
+ {
+ chunk_t rawSignature;
+ u_char *pos;
- pos = build_asn1_object(&signature, ASN1_BIT_STRING, 1 + rawSignature.len);
- *pos++ = 0x00;
- memcpy(pos, rawSignature.ptr, rawSignature.len);
- free(rawSignature.ptr);
+ private_key->build_emsa_pkcs1_signature(private_key, alg,
+ this->tbsCertificate, &rawSignature);
+ pos = build_asn1_object(&this->signature, ASN1_BIT_STRING,
+ 1 + rawSignature.len);
+ *pos++ = 0x00;
+ memcpy(pos, rawSignature.ptr, rawSignature.len);
+ free(rawSignature.ptr);
+ }
this->certificate = asn1_wrap(ASN1_SEQUENCE, "mcm",
- tbs_cert,
+ this->tbsCertificate,
asn1_algorithmIdentifier(this->signatureAlgorithm),
- signature);
+ this->signature);
}