pki: Query private key for supported signature schemes
This commit is contained in:
parent
b88f2b3815
commit
dd4bd21c5a
|
@ -228,6 +228,11 @@ static int acert()
|
|||
goto end;
|
||||
}
|
||||
scheme = get_signature_scheme(private, digest, pss);
|
||||
if (!scheme)
|
||||
{
|
||||
error = "no signature scheme found";
|
||||
goto end;
|
||||
}
|
||||
|
||||
ac = lib->creds->create(lib->creds,
|
||||
CRED_CERTIFICATE, CERT_X509_AC,
|
||||
|
|
|
@ -536,6 +536,11 @@ static int issue()
|
|||
chunk_from_chars(ASN1_SEQUENCE, 0));
|
||||
}
|
||||
scheme = get_signature_scheme(private, digest, pss);
|
||||
if (!scheme)
|
||||
{
|
||||
error = "no signature scheme found";
|
||||
goto end;
|
||||
}
|
||||
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
||||
BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca,
|
||||
|
|
|
@ -168,6 +168,11 @@ static int req()
|
|||
goto end;
|
||||
}
|
||||
scheme = get_signature_scheme(private, digest, pss);
|
||||
if (!scheme)
|
||||
{
|
||||
error = "no signature scheme found";
|
||||
goto end;
|
||||
}
|
||||
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
|
||||
BUILD_SIGNING_KEY, private,
|
||||
|
|
|
@ -378,6 +378,11 @@ static int self()
|
|||
rng->destroy(rng);
|
||||
}
|
||||
scheme = get_signature_scheme(private, digest, pss);
|
||||
if (!scheme)
|
||||
{
|
||||
error = "no signature scheme found";
|
||||
goto end;
|
||||
}
|
||||
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
||||
BUILD_SIGNING_KEY, private, BUILD_PUBLIC_KEY, public,
|
||||
|
|
|
@ -399,6 +399,12 @@ static int sign_crl()
|
|||
chunk_increment(crl_serial);
|
||||
|
||||
scheme = get_signature_scheme(private, digest, pss);
|
||||
if (!scheme)
|
||||
{
|
||||
error = "no signature scheme found";
|
||||
goto error;
|
||||
}
|
||||
|
||||
enumerator = enumerator_create_filter(list->create_enumerator(list),
|
||||
filter, NULL, NULL);
|
||||
crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2012-2017 Tobias Brunner
|
||||
* Copyright (C) 2012-2018 Tobias Brunner
|
||||
* Copyright (C) 2009 Martin Willi
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
|
@ -264,7 +264,30 @@ static hash_algorithm_t get_default_digest(private_key_t *private)
|
|||
signature_params_t *get_signature_scheme(private_key_t *private,
|
||||
hash_algorithm_t digest, bool pss)
|
||||
{
|
||||
signature_params_t *scheme;
|
||||
signature_params_t *scheme, *selected = NULL;
|
||||
enumerator_t *enumerator;
|
||||
|
||||
if (private->supported_signature_schemes)
|
||||
{
|
||||
enumerator = private->supported_signature_schemes(private);
|
||||
while (enumerator->enumerate(enumerator, &scheme))
|
||||
{
|
||||
if (private->get_type(private) == KEY_RSA &&
|
||||
pss != (scheme->scheme == SIGN_RSA_EMSA_PSS))
|
||||
{
|
||||
continue;
|
||||
}
|
||||
if (digest == HASH_UNKNOWN ||
|
||||
digest == hasher_from_signature_scheme(scheme->scheme,
|
||||
scheme->params))
|
||||
{
|
||||
selected = signature_params_clone(scheme);
|
||||
break;
|
||||
}
|
||||
}
|
||||
enumerator->destroy(enumerator);
|
||||
return selected;
|
||||
}
|
||||
|
||||
if (digest == HASH_UNKNOWN)
|
||||
{
|
||||
|
|
|
@ -65,7 +65,8 @@ void set_file_mode(FILE *stream, cred_encoding_type_t enc);
|
|||
* @param digest hash algorithm (if HASH_UNKNOWN a default is determined
|
||||
* based on the key)
|
||||
* @param pss use PSS padding for RSA keys
|
||||
* @return allocated signature scheme and parameters
|
||||
* @return allocated signature scheme and parameters (NULL if none
|
||||
* found)
|
||||
*/
|
||||
signature_params_t *get_signature_scheme(private_key_t *private,
|
||||
hash_algorithm_t digest, bool pss);
|
||||
|
|
Loading…
Reference in New Issue