android: Add support for signature schemes used by EAP-TLS
authorTobias Brunner <tobias@strongswan.org>
Tue, 21 Oct 2014 16:03:49 +0000 (18:03 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 6 Nov 2014 15:28:40 +0000 (16:28 +0100)
src/frontends/android/jni/libandroidbridge/backend/android_private_key.c

index 1985f0e..769ea3f 100644 (file)
@@ -68,6 +68,9 @@ METHOD(private_key_t, sign, bool,
                case KEY_RSA:
                        switch (scheme)
                        {
+                               case SIGN_RSA_EMSA_PKCS1_NULL:
+                                       method = "NONEwithRSA";
+                                       break;
                                case SIGN_RSA_EMSA_PKCS1_MD5:
                                        method = "MD5withRSA";
                                        break;
@@ -93,12 +96,18 @@ METHOD(private_key_t, sign, bool,
                case KEY_ECDSA:
                        switch (scheme)
                        {
+                               case SIGN_ECDSA_WITH_SHA1_DER:
+                                       method = "SHA1withECDSA";
+                                       break;
+                               case SIGN_ECDSA_WITH_SHA256_DER:
                                case SIGN_ECDSA_256:
                                        method = "SHA256withECDSA";
                                        break;
+                               case SIGN_ECDSA_WITH_SHA384_DER:
                                case SIGN_ECDSA_384:
                                        method = "SHA384withECDSA";
                                        break;
+                               case SIGN_ECDSA_WITH_SHA512_DER:
                                case SIGN_ECDSA_521:
                                        method = "SHA512withECDSA";
                                        break;
@@ -189,30 +198,36 @@ METHOD(private_key_t, sign, bool,
                        default:
                                break;
                }
-
-               /* we get an ASN.1 encoded sequence of integers r and s */
-               parse = encoded = chunk_from_byte_array(env, jsigarray);
-               if (asn1_unwrap(&parse, &parse) != ASN1_SEQUENCE ||
-                       asn1_unwrap(&parse, &r) != ASN1_INTEGER ||
-                       asn1_unwrap(&parse, &s) != ASN1_INTEGER)
+               if (len)
                {
+                       /* we get an ASN.1 encoded sequence of integers r and s */
+                       parse = encoded = chunk_from_byte_array(env, jsigarray);
+                       if (asn1_unwrap(&parse, &parse) != ASN1_SEQUENCE ||
+                               asn1_unwrap(&parse, &r) != ASN1_INTEGER ||
+                               asn1_unwrap(&parse, &s) != ASN1_INTEGER)
+                       {
+                               chunk_free(&encoded);
+                               goto failed;
+                       }
+                       r = chunk_skip_zero(r);
+                       s = chunk_skip_zero(s);
+                       if (r.len > len || s.len > len)
+                       {
+                               chunk_free(&encoded);
+                               goto failed;
+                       }
+
+                       /* concatenate r and s (forced to the defined length) */
+                       *signature = chunk_alloc(2*len);
+                       memset(signature->ptr, 0, signature->len);
+                       memcpy(signature->ptr + (len - r.len), r.ptr, r.len);
+                       memcpy(signature->ptr + len + (len - s.len), s.ptr, s.len);
                        chunk_free(&encoded);
-                       goto failed;
                }
-               r = chunk_skip_zero(r);
-               s = chunk_skip_zero(s);
-               if (r.len > len || s.len > len)
+               else
                {
-                       chunk_free(&encoded);
-                       goto failed;
+                       *signature = chunk_from_byte_array(env, jsigarray);
                }
-
-               /* concatenate r and s (forced to the defined length) */
-               *signature = chunk_alloc(2*len);
-               memset(signature->ptr, 0, signature->len);
-               memcpy(signature->ptr + (len - r.len), r.ptr, r.len);
-               memcpy(signature->ptr + len + (len - s.len), s.ptr, s.len);
-               chunk_free(&encoded);
        }
        else
        {