pki: Query private key for supported signature schemes
This commit is contained in:
parent
b88f2b3815
commit
dd4bd21c5a
|
@ -228,6 +228,11 @@ static int acert()
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
scheme = get_signature_scheme(private, digest, pss);
|
scheme = get_signature_scheme(private, digest, pss);
|
||||||
|
if (!scheme)
|
||||||
|
{
|
||||||
|
error = "no signature scheme found";
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
ac = lib->creds->create(lib->creds,
|
ac = lib->creds->create(lib->creds,
|
||||||
CRED_CERTIFICATE, CERT_X509_AC,
|
CRED_CERTIFICATE, CERT_X509_AC,
|
||||||
|
|
|
@ -536,6 +536,11 @@ static int issue()
|
||||||
chunk_from_chars(ASN1_SEQUENCE, 0));
|
chunk_from_chars(ASN1_SEQUENCE, 0));
|
||||||
}
|
}
|
||||||
scheme = get_signature_scheme(private, digest, pss);
|
scheme = get_signature_scheme(private, digest, pss);
|
||||||
|
if (!scheme)
|
||||||
|
{
|
||||||
|
error = "no signature scheme found";
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
||||||
BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca,
|
BUILD_SIGNING_KEY, private, BUILD_SIGNING_CERT, ca,
|
||||||
|
|
|
@ -168,6 +168,11 @@ static int req()
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
scheme = get_signature_scheme(private, digest, pss);
|
scheme = get_signature_scheme(private, digest, pss);
|
||||||
|
if (!scheme)
|
||||||
|
{
|
||||||
|
error = "no signature scheme found";
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
|
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
|
||||||
BUILD_SIGNING_KEY, private,
|
BUILD_SIGNING_KEY, private,
|
||||||
|
|
|
@ -378,6 +378,11 @@ static int self()
|
||||||
rng->destroy(rng);
|
rng->destroy(rng);
|
||||||
}
|
}
|
||||||
scheme = get_signature_scheme(private, digest, pss);
|
scheme = get_signature_scheme(private, digest, pss);
|
||||||
|
if (!scheme)
|
||||||
|
{
|
||||||
|
error = "no signature scheme found";
|
||||||
|
goto end;
|
||||||
|
}
|
||||||
|
|
||||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
||||||
BUILD_SIGNING_KEY, private, BUILD_PUBLIC_KEY, public,
|
BUILD_SIGNING_KEY, private, BUILD_PUBLIC_KEY, public,
|
||||||
|
|
|
@ -399,6 +399,12 @@ static int sign_crl()
|
||||||
chunk_increment(crl_serial);
|
chunk_increment(crl_serial);
|
||||||
|
|
||||||
scheme = get_signature_scheme(private, digest, pss);
|
scheme = get_signature_scheme(private, digest, pss);
|
||||||
|
if (!scheme)
|
||||||
|
{
|
||||||
|
error = "no signature scheme found";
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
enumerator = enumerator_create_filter(list->create_enumerator(list),
|
enumerator = enumerator_create_filter(list->create_enumerator(list),
|
||||||
filter, NULL, NULL);
|
filter, NULL, NULL);
|
||||||
crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
|
crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright (C) 2012-2017 Tobias Brunner
|
* Copyright (C) 2012-2018 Tobias Brunner
|
||||||
* Copyright (C) 2009 Martin Willi
|
* Copyright (C) 2009 Martin Willi
|
||||||
* HSR Hochschule fuer Technik Rapperswil
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
*
|
*
|
||||||
|
@ -264,7 +264,30 @@ static hash_algorithm_t get_default_digest(private_key_t *private)
|
||||||
signature_params_t *get_signature_scheme(private_key_t *private,
|
signature_params_t *get_signature_scheme(private_key_t *private,
|
||||||
hash_algorithm_t digest, bool pss)
|
hash_algorithm_t digest, bool pss)
|
||||||
{
|
{
|
||||||
signature_params_t *scheme;
|
signature_params_t *scheme, *selected = NULL;
|
||||||
|
enumerator_t *enumerator;
|
||||||
|
|
||||||
|
if (private->supported_signature_schemes)
|
||||||
|
{
|
||||||
|
enumerator = private->supported_signature_schemes(private);
|
||||||
|
while (enumerator->enumerate(enumerator, &scheme))
|
||||||
|
{
|
||||||
|
if (private->get_type(private) == KEY_RSA &&
|
||||||
|
pss != (scheme->scheme == SIGN_RSA_EMSA_PSS))
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (digest == HASH_UNKNOWN ||
|
||||||
|
digest == hasher_from_signature_scheme(scheme->scheme,
|
||||||
|
scheme->params))
|
||||||
|
{
|
||||||
|
selected = signature_params_clone(scheme);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
enumerator->destroy(enumerator);
|
||||||
|
return selected;
|
||||||
|
}
|
||||||
|
|
||||||
if (digest == HASH_UNKNOWN)
|
if (digest == HASH_UNKNOWN)
|
||||||
{
|
{
|
||||||
|
|
|
@ -65,7 +65,8 @@ void set_file_mode(FILE *stream, cred_encoding_type_t enc);
|
||||||
* @param digest hash algorithm (if HASH_UNKNOWN a default is determined
|
* @param digest hash algorithm (if HASH_UNKNOWN a default is determined
|
||||||
* based on the key)
|
* based on the key)
|
||||||
* @param pss use PSS padding for RSA keys
|
* @param pss use PSS padding for RSA keys
|
||||||
* @return allocated signature scheme and parameters
|
* @return allocated signature scheme and parameters (NULL if none
|
||||||
|
* found)
|
||||||
*/
|
*/
|
||||||
signature_params_t *get_signature_scheme(private_key_t *private,
|
signature_params_t *get_signature_scheme(private_key_t *private,
|
||||||
hash_algorithm_t digest, bool pss);
|
hash_algorithm_t digest, bool pss);
|
||||||
|
|
Loading…
Reference in New Issue