From 210d287368be96d7af60d99dba50b0b4d3a909d0 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Sun, 13 Sep 2009 21:41:51 +0200 Subject: [PATCH] extended hasher_signature_algorithm_to_oid() function --- src/libstrongswan/credentials/keys/public_key.h | 1 + src/libstrongswan/crypto/hashers/hasher.c | 64 ++++++++++++++----------- src/libstrongswan/crypto/hashers/hasher.h | 4 +- src/libstrongswan/crypto/pkcs7.c | 3 +- src/libstrongswan/plugins/x509/x509_cert.c | 51 ++------------------ 5 files changed, 47 insertions(+), 76 deletions(-) diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index f490d13..9ec3eb4 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -28,6 +28,7 @@ typedef enum signature_scheme_t signature_scheme_t; #include #include +#include /** * Type of a key pair, the used crypto system diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index 4d6904e..81750a5 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -104,36 +104,46 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg) /* * Described in header. */ -int hasher_signature_algorithm_to_oid(hash_algorithm_t alg) +int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) { - int oid; - - switch (alg) + switch (key) { - case HASH_MD2: - oid = OID_MD2_WITH_RSA; - break; - case HASH_MD5: - oid = OID_MD5_WITH_RSA; - break; - case HASH_SHA1: - oid = OID_SHA1_WITH_RSA; - break; - case HASH_SHA224: - oid = OID_SHA224_WITH_RSA; - break; - case HASH_SHA256: - oid = OID_SHA256_WITH_RSA; - break; - case HASH_SHA384: - oid = OID_SHA384_WITH_RSA; - break; - case HASH_SHA512: - oid = OID_SHA512_WITH_RSA; - break; + case KEY_RSA: + switch (alg) + { + case HASH_MD2: + return OID_MD2_WITH_RSA; + case HASH_MD5: + return OID_MD5_WITH_RSA; + case HASH_SHA1: + return OID_SHA1_WITH_RSA; + case HASH_SHA224: + return OID_SHA224_WITH_RSA; + case HASH_SHA256: + return OID_SHA256_WITH_RSA; + case HASH_SHA384: + return OID_SHA384_WITH_RSA; + case HASH_SHA512: + return OID_SHA512_WITH_RSA; + default: + return OID_UNKNOWN; + } + case KEY_ECDSA: + switch (alg) + { + case HASH_SHA1: + return OID_ECDSA_WITH_SHA1; + case HASH_SHA256: + return OID_ECDSA_WITH_SHA256; + case HASH_SHA384: + return OID_ECDSA_WITH_SHA384; + case HASH_SHA512: + return OID_ECDSA_WITH_SHA512; + default: + return OID_UNKNOWN; + } default: - oid = OID_UNKNOWN; + return OID_UNKNOWN; } - return oid; } diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 7bc67a5..1449f97 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -27,6 +27,7 @@ typedef enum hash_algorithm_t hash_algorithm_t; typedef struct hasher_t hasher_t; #include +#include /** * Algorithms to use for hashing. @@ -129,8 +130,9 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg); * Conversion of hash signature algorithm into ASN.1 OID. * * @param alg hash algorithm + * @param alg public key type * @return ASN.1 OID if, or OID_UNKNOW */ -int hasher_signature_algorithm_to_oid(hash_algorithm_t alg); +int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key); #endif /** HASHER_H_ @}*/ diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c index 52adbc8..2fcdf1c 100644 --- a/src/libstrongswan/crypto/pkcs7.c +++ b/src/libstrongswan/crypto/pkcs7.c @@ -825,7 +825,8 @@ bool build_envelopedData(private_pkcs7_t *this, x509_t *cert, bool build_signedData(private_pkcs7_t *this, rsa_private_key_t *private_key, hash_algorithm_t alg) { - int signature_oid = hasher_signature_algorithm_to_oid(alg); + int signature_oid = hasher_signature_algorithm_to_oid(alg, + private_key->get_type(private_key)); chunk_t authenticatedAttributes = chunk_empty; chunk_t encryptedDigest = chunk_empty; chunk_t signerInfo; diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 108d7b2..58ee3c0 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -1220,54 +1220,11 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, } /* select signature scheme */ - switch (sign_key->get_type(sign_key)) + cert->algorithm = hasher_signature_algorithm_to_oid(digest_alg, + sign_key->get_type(sign_key)); + if (cert->algorithm == OID_UNKNOWN) { - case KEY_RSA: - switch (digest_alg) - { - case HASH_MD5: - cert->algorithm = OID_MD5_WITH_RSA; - break; - case HASH_SHA1: - cert->algorithm = OID_SHA1_WITH_RSA; - break; - case HASH_SHA224: - cert->algorithm = OID_SHA224_WITH_RSA; - break; - case HASH_SHA256: - cert->algorithm = OID_SHA256_WITH_RSA; - break; - case HASH_SHA384: - cert->algorithm = OID_SHA384_WITH_RSA; - break; - case HASH_SHA512: - cert->algorithm = OID_SHA512_WITH_RSA; - break; - default: - return FALSE; - } - break; - case KEY_ECDSA: - switch (digest_alg) - { - case HASH_SHA1: - cert->algorithm = OID_ECDSA_WITH_SHA1; - break; - case HASH_SHA256: - cert->algorithm = OID_ECDSA_WITH_SHA256; - break; - case HASH_SHA384: - cert->algorithm = OID_ECDSA_WITH_SHA384; - break; - case HASH_SHA512: - cert->algorithm = OID_ECDSA_WITH_SHA512; - break; - default: - return FALSE; - } - break; - default: - return FALSE; + return FALSE; } scheme = signature_scheme_from_oid(cert->algorithm); -- 2.7.4