use get_proposal_token() for algorithm selection
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 20 Jun 2009 10:09:36 +0000 (12:09 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 20 Jun 2009 10:09:36 +0000 (12:09 +0200)
src/scepclient/scepclient.8
src/scepclient/scepclient.c

index d9bf8e4..4b5234d 100644 (file)
@@ -149,16 +149,22 @@ Change symmetric algorithm to use for encryption of certificate Request.
 The default is \fB3des\-cbc\fP.
 .PP 
 Supported values for \fIalgo\fP:
-.IP "\fBdes\-cbc\fP" 12
-DES CBC encryption (key size = 56 bit).
-.IP "\fB3des\-cbc\fP" 12
+.IP "\fBdes\fP" 12
+DES-CBC encryption (key size = 56 bit).
+.IP "\fB3des\fP" 12
 Triple DES-EDE-CBC encryption (key size = 168 bit).
-.IP "\fBaes128\-cbc\fP" 12
+.IP "\fBaes128\fP" 12
 AES-CBC encryption (key size = 128 bit).
-.IP "\fBaes192\-cbc\fP" 12
+.IP "\fBaes192\fP" 12
 AES-CBC encryption (key size = 192 bit).
-.IP "\fBaes256\-cbc\fP" 12
+.IP "\fBaes256\fP" 12
 AES-CBC encryption (key size = 256 bit).
+.IP "\fBcamellia128\fP" 12
+Camellia-CBC encryption (key size = 128 bit).
+.IP "\fBcamellia192\fP" 12
+Camelllia-CBC encryption (key size = 192 bit).
+.IP "\fBcamellia256\fP" 12
+Camellia-CBC encryption (key size = 256 bit).
 .RE
 .PP 
 .B \-o, \-\-out \fItype\fP[=\fIfilename\fP]
index 0e7ae3e..1139cc2 100644 (file)
@@ -41,6 +41,8 @@
 #include <asn1/oid.h>
 #include <utils/optionsfrom.h>
 #include <utils/enumerator.h>
+#include <crypto/crypters/crypter.h>
+#include <crypto/proposal/proposal_keywords.h>
 #include <credentials/keys/private_key.h>
 #include <credentials/keys/public_key.h>
 
@@ -246,9 +248,8 @@ usage(const char *message)
                " --password (-p) <pw>              challenge password\n"
                "                                   - if pw is '%%prompt', password gets prompted for\n"
                " --algorithm (-a) <algo>           use specified algorithm for PKCS#7 encryption\n"
-               "                                   <algo> = des-cbc | 3des-cbc (default) | \n"
-        "                                   aes128-cbc | aes192-cbc | aes256-cbc | \n"
-        "                                   camellia128-cbc | camellia192-cbc | camellia256-cbc\n"
+               "                                   <algo> = des | 3des (default) | aes128| aes192 | \n"
+               "                                   aes256 | camellia128 | camellia192 | camellia256\n"
                "\n"
                "Options for enrollment (cert):\n"
                " --url (-u) <url>                  url of the SCEP server\n"
@@ -698,43 +699,22 @@ int main(int argc, char **argv)
                        continue;
 
                case 'a':       /*--algorithm */
-                       if (strcaseeq("des-cbc", optarg))
-                       {
-                               pkcs7_symmetric_cipher = OID_DES_CBC;
-                       }
-                       else if (strcaseeq("3des-cbc", optarg))
-                       {
-                               pkcs7_symmetric_cipher = OID_3DES_EDE_CBC;
-                       }
-                       else if (strcaseeq("aes128-cbc", optarg))
-                       {
-                               pkcs7_symmetric_cipher = OID_AES128_CBC;
-                       }
-                       else if (strcaseeq("aes192-cbc", optarg))
-                       {
-                               pkcs7_symmetric_cipher = OID_AES192_CBC;
-                       }
-                       else if (strcaseeq("aes256-cbc", optarg))
-                       {
-                               pkcs7_symmetric_cipher = OID_AES256_CBC;
-                       }
-                       else if (strcaseeq("camellia128-cbc", optarg))
-                       {
-                               pkcs7_symmetric_cipher = OID_CAMELLIA128_CBC;
-                       }
-                       else if (strcaseeq("camellia192-cbc", optarg))
-                       {
-                               pkcs7_symmetric_cipher = OID_CAMELLIA192_CBC;
-                       }
-                       else if (strcaseeq("camellia256-cbc", optarg))
+               {
+                       const proposal_token_t *token;
+
+                       token = proposal_get_token(optarg, strlen(optarg));
+                       if (token == NULL || token->type != ENCRYPTION_ALGORITHM)
                        {
-                               pkcs7_symmetric_cipher = OID_CAMELLIA256_CBC;
+                               usage("invalid algorithm specified");
                        }
-                       else
+                       pkcs7_symmetric_cipher = encryption_algorithm_to_oid(
+                                                                               token->algorithm, token->keysize);
+                       if (pkcs7_symmetric_cipher == OID_UNKNOWN)
                        {
-                               usage("invalid encryption algorithm specified");
+                               usage("unsupported encryption algorithm specified");
                        }
                        continue;
+               }
 #ifdef DEBUG
                case 'A':       /* --debug-all */
                        base_debugging |= DBG_ALL;