oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

signing alg selection based on private key type.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24664 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-02-09 17:17:27 +00:00
parent 6017ed211c
commit 76b621899b
1 changed files with 29 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
lib/hx509/crypto.c
View File

@@ -347,13 +347,12 @@ ecdsa_create_signature(hx509_context context,
sig->data, &siglen, signer->private_key.ecdsa); sig->data, &siglen, signer->private_key.ecdsa);
der_free_octet_string(&indata); der_free_octet_string(&indata);
if (ret != 1) { if (ret != 1) {
ret = HX509_CMS_FAILED_CREATE_SIGATURE; hx509_set_error_string(context, 0, HX509_CMS_FAILED_CREATE_SIGATURE,
hx509_set_error_string(context, 0, ret, "ECDSA sign failed: %d", ret);
"RSA private decrypt failed: %d", ret); return HX509_CMS_FAILED_CREATE_SIGATURE;
return ret;
} }
if (siglen > sig->length) if (siglen > sig->length)
_hx509_abort("RSA signature prelen longer the output len"); _hx509_abort("ECDSA signature prelen longer the output len");
sig->length = ret; sig->length = ret;
@@ -1310,6 +1309,26 @@ find_sig_alg(const heim_oid *oid)
return NULL; return NULL;
} }
static struct key2sigalg {
const heim_oid *(*keytype)(void);
const AlgorithmIdentifier *(*sigalg)(void);
} key2sigalgs[] = {
{ oid_id_pkcs1_rsaEncryption, hx509_signature_rsa_with_sha256 },
{ oid_id_ecPublicKey, hx509_signature_ecdsa_with_sha256 }
};
static const AlgorithmIdentifier *
def_sigalg_for_keytype(const heim_oid *oid)
{
size_t i;
for (i = 0; i < sizeof(key2sigalgs)/sizeof(key2sigalgs[0]); i++) {
if (der_heim_oid_cmp((key2sigalgs[i].keytype)(), oid) == 0)
return (key2sigalgs[i].sigalg)();
}
return NULL;
}
/* /*
* *
*/ */
@@ -2890,7 +2909,6 @@ find_keytype(const hx509_private_key key)
return (*md->key_oid)(); return (*md->key_oid)();
} }
int int
hx509_crypto_select(const hx509_context context, hx509_crypto_select(const hx509_context context,
int type, int type,
@@ -2898,7 +2916,7 @@ hx509_crypto_select(const hx509_context context,
hx509_peer_info peer, hx509_peer_info peer,
AlgorithmIdentifier *selected) AlgorithmIdentifier *selected)
{ {
const AlgorithmIdentifier *def; const AlgorithmIdentifier *def = NULL;
size_t i, j; size_t i, j;
int ret, bits; int ret, bits;
@@ -2910,7 +2928,10 @@ hx509_crypto_select(const hx509_context context,
} else if (type == HX509_SELECT_PUBLIC_SIG) { } else if (type == HX509_SELECT_PUBLIC_SIG) {
bits = SIG_PUBLIC_SIG; bits = SIG_PUBLIC_SIG;
/* XXX depend on `source´ and `peer´ */ /* XXX depend on `source´ and `peer´ */
def = _hx509_crypto_default_sig_alg; if (source)
def = def_sigalg_for_keytype((source->ops->key_oid)());
if (def == NULL)
def = _hx509_crypto_default_sig_alg;
} else if (type == HX509_SELECT_SECRET_ENC) { } else if (type == HX509_SELECT_SECRET_ENC) {
bits = SIG_SECRET; bits = SIG_SECRET;
def = _hx509_crypto_default_secret_alg; def = _hx509_crypto_default_secret_alg;