start_timing(&timing);
for (round = 0; round < rounds; round++)
{
- if (!private->sign(private, scheme, data, &sigs[round]))
+ if (!private->sign(private, scheme, NULL, data, &sigs[round]))
{
printf("creating signature failed\n");
exit(1);
}
METHOD(private_key_t, sign, bool,
- private_tkm_private_key_t *this, signature_scheme_t scheme,
+ private_tkm_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
signature_type sig;
private->destroy(private);
return FALSE;
}
- if (!private->sign(private, scheme, octets, &auth_data))
+ if (!private->sign(private, scheme, NULL, octets, &auth_data))
{
chunk_free(&octets);
private->destroy(private);
id->destroy(id);
return FALSE;
}
- if (!private->sign(private, scheme, octets, &auth_data))
+ if (!private->sign(private, scheme, NULL, octets, &auth_data))
{
chunk_free(&octets);
private->destroy(private);
};
METHOD(private_key_t, sign, bool,
- private_private_key_t *this, signature_scheme_t scheme,
+ private_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
JNIEnv *env;
}
free(dh.ptr);
- if (private->sign(private, scheme, hash, &sig))
+ if (private->sign(private, scheme, NULL, hash, &sig))
{
sig_payload = hash_payload_create(PLV1_SIGNATURE);
sig_payload->set_hash(sig_payload, sig);
while (enumerator->enumerate(enumerator, &schemep))
{
scheme = *schemep;
- if (private->sign(private, scheme, octets, auth_data) &&
+ if (private->sign(private, scheme, NULL, octets, auth_data) &&
build_signature_auth_data(auth_data, scheme))
{
status = SUCCESS;
}
if (get_auth_octets_scheme(this, FALSE, id, &octets, &scheme) &&
- private->sign(private, scheme, octets, auth_data))
+ private->sign(private, scheme, NULL, octets, auth_data))
{
status = SUCCESS;
}
/*
+ * Copyright (C) 2017 Tobias Brunner
* Copyright (C) 2007 Martin Willi
- * Hochschule fuer Technik Rapperswil
+ * HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Create a signature over a chunk of data.
*
* @param scheme signature scheme to use
+ * @param params optional parameters required by the specified scheme
* @param data chunk of data to sign
* @param signature where to allocate created signature
* @return TRUE if signature created
*/
- bool (*sign)(private_key_t *this, signature_scheme_t scheme,
+ bool (*sign)(private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature);
/**
* Decrypt a chunk of data.
}
METHOD(private_key_t, sign, bool,
- private_agent_private_key_t *this, signature_scheme_t scheme,
+ private_agent_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
uint32_t len, flags;
}
METHOD(private_key_t, sign, bool,
- private_bliss_private_key_t *this, signature_scheme_t scheme,
+ private_bliss_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
switch (scheme)
/* generate and verify 1000 BLISS signatures */
while (verify_count--)
{
- ck_assert(privkey->sign(privkey, signature_scheme, msg,
+ ck_assert(privkey->sign(privkey, signature_scheme, NULL, msg,
&signature));
ck_assert(pubkey->verify(pubkey, signature_scheme, NULL, msg,
signature));
ck_assert(!privkey->decrypt(privkey, ENCRYPT_UNKNOWN, chunk_empty, NULL));
/* sign with invalid signature scheme */
- ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, msg, &signature));
+ ck_assert(!privkey->sign(privkey, SIGN_UNKNOWN, NULL, msg, &signature));
/* generate valid signature */
msg = chunk_from_str("Hello Dolly!");
- ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature));
+ ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, NULL, msg, &signature));
/* verify with invalid signature scheme */
ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, NULL, msg, signature));
METHOD(private_key_t, sign, bool,
private_curve25519_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+ void *params, chunk_t data, chunk_t *signature)
{
uint8_t r[HASH_SIZE_SHA512], k[HASH_SIZE_SHA512], sig[HASH_SIZE_SHA512];
hasher_t *hasher;
METHOD(private_key_t, sign, bool,
private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *sig)
+ void *params, chunk_t data, chunk_t *sig)
{
switch (scheme)
{
METHOD(private_key_t, sign, bool,
private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+ void *params, chunk_t data, chunk_t *signature)
{
switch (scheme)
{
METHOD(private_key_t, sign, bool,
private_openssl_ec_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+ void *params, chunk_t data, chunk_t *signature)
{
switch (scheme)
{
METHOD(private_key_t, sign, bool,
private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+ void *params, chunk_t data, chunk_t *signature)
{
switch (scheme)
{
BUILD_END);
}
-/**
- * Implementation of private_key_t.sign for encryption-only keys
- */
-static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign_not_allowed, bool,
+ private_key_t *this, signature_scheme_t scheme, void *params,
+ chunk_t data, chunk_t *signature)
{
DBG1(DBG_LIB, "signing failed - decryption only key");
return FALSE;
}
-/**
- * Implementation of private_key_t.decrypt for signature-only keys
- */
-static bool decrypt_not_allowed(private_key_t *this, encryption_scheme_t scheme,
- chunk_t crypto, chunk_t *plain)
+METHOD(private_key_t, decrypt_not_allowed, bool,
+ private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "decryption failed - signature only key");
return FALSE;
BUILD_BLOB_PGP, packet, BUILD_END);
if (key)
{
- key->sign = sign_not_allowed;
+ key->sign = _sign_not_allowed;
}
return key;
case PGP_PUBKEY_ALG_RSA_SIGN_ONLY:
BUILD_BLOB_PGP, packet, BUILD_END);
if (key)
{
- key->decrypt = decrypt_not_allowed;
+ key->decrypt = _decrypt_not_allowed;
}
return key;
case PGP_PUBKEY_ALG_ECDSA:
}
METHOD(private_key_t, sign, bool,
- private_pkcs11_private_key_t *this, signature_scheme_t scheme,
+ private_pkcs11_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
CK_MECHANISM_PTR mechanism;
attributes = pkcs9->get_encoding(pkcs9);
- if (!key->sign(key, scheme, attributes, &encryptedDigest))
+ if (!key->sign(key, scheme, NULL, attributes, &encryptedDigest))
{
free(data.ptr);
return FALSE;
chunk_t signatureValue, attributeCertificateInfo;
attributeCertificateInfo = build_attr_cert_info(this);
- if (!this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1,
+ if (!this->signerKey->sign(this->signerKey, SIGN_RSA_EMSA_PKCS1_SHA1, NULL,
attributeCertificateInfo, &signatureValue))
{
free(attributeCertificateInfo.ptr);
subject->get_encoding(subject),
key_info, extensions);
- if (!sign_key->sign(sign_key, scheme, cert->tbsCertificate, &cert->signature))
+ if (!sign_key->sign(sign_key, scheme, NULL, cert->tbsCertificate,
+ &cert->signature))
{
return FALSE;
}
asn1_wrap(ASN1_SEQUENCE, "m", certList),
extensions);
- if (!key->sign(key, signature_scheme_from_oid(this->algorithm),
+ if (!key->sign(key, signature_scheme_from_oid(this->algorithm), NULL,
this->tbsCertList, &this->signature))
{
return FALSE;
return chunk_empty;
}
- if (!this->key->sign(this->key, scheme, tbsRequest, &signature))
+ if (!this->key->sign(this->key, scheme, NULL, tbsRequest, &signature))
{
DBG1(DBG_LIB, "creating OCSP signature failed, skipped");
return chunk_empty;
key_info,
attributes);
- if (!sign_key->sign(sign_key, scheme, cert->certificationRequestInfo,
+ if (!sign_key->sign(sign_key, scheme, NULL, cert->certificationRequestInfo,
&cert->signature))
{
return FALSE;
{
continue;
}
- fail_unless(privkey->sign(privkey, schemes[i].scheme, data, &sig),
+ fail_unless(privkey->sign(privkey, schemes[i].scheme, NULL, data, &sig),
"sign %N", signature_scheme_names, schemes[i].scheme);
fail_unless(pubkey->verify(pubkey, schemes[i].scheme, NULL, data, sig),
"verify %N", signature_scheme_names, schemes[i].scheme);
ck_assert(public->equals(public, pubkey));
/* sign */
- ck_assert(key->sign(key, SIGN_ED25519, sig_tests[_i].msg, &sig));
+ ck_assert(key->sign(key, SIGN_ED25519, NULL, sig_tests[_i].msg, &sig));
ck_assert(sig.len == 64);
ck_assert(chunk_equals(sig, sig_tests[_i].sig));
ck_assert(!key->decrypt(key, ENCRYPT_UNKNOWN, msg, NULL));
/* wrong signature scheme */
- ck_assert(!key->sign(key, SIGN_ED448, msg, &sig));
+ ck_assert(!key->sign(key, SIGN_ED448, NULL, msg, &sig));
/* correct signature scheme*/
- ck_assert(key->sign(key, SIGN_ED25519, msg, &sig));
+ ck_assert(key->sign(key, SIGN_ED25519, NULL, msg, &sig));
/* export public key */
pubkey = key->get_public_key(key);
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ED25519,
BUILD_KEY_SIZE, 256, BUILD_END);
ck_assert(key != NULL);
- ck_assert(key->sign(key, SIGN_ED25519, msg, &sig));
+ ck_assert(key->sign(key, SIGN_ED25519, NULL, msg, &sig));
pubkey = key->get_public_key(key);
ck_assert(pubkey != NULL);
ck_assert(pubkey->verify(pubkey, SIGN_ED25519, NULL, msg, sig));
{
continue;
}
- fail_unless(privkey->sign(privkey, schemes[i], data, &sig),
+ fail_unless(privkey->sign(privkey, schemes[i], NULL, data, &sig),
"sign %N", signature_scheme_names, schemes[i]);
fail_unless(pubkey->verify(pubkey, schemes[i], NULL, data, sig),
"verify %N", signature_scheme_names, schemes[i]);
{
scheme = hashsig_to_scheme(key->get_type(key), hash, alg);
if (scheme != SIGN_UNKNOWN &&
- key->sign(key, scheme, data, &sig))
+ key->sign(key, scheme, NULL, data, &sig))
{
done = TRUE;
break;
{
return FALSE;
}
- done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, hash, &sig);
+ done = key->sign(key, SIGN_RSA_EMSA_PKCS1_NULL, NULL, hash,
+ &sig);
free(hash.ptr);
if (!done)
{
DBG2(DBG_TLS, "created signature with MD5+SHA1/RSA");
break;
case KEY_ECDSA:
- if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, data, &sig))
+ if (!key->sign(key, SIGN_ECDSA_WITH_SHA1_DER, NULL, data, &sig))
{
return FALSE;
}
}
METHOD(private_key_t, sign, bool,
- private_tpm_private_key_t *this, signature_scheme_t scheme,
+ private_tpm_private_key_t *this, signature_scheme_t scheme, void *params,
chunk_t data, chunk_t *signature)
{
chunk_t pin = chunk_empty;
if (!tpm)
{
DBG1(DBG_LIB, "no TPM 2.0 found");
- return NULL;
+ return NULL;
}
INIT(this,
projects / thirdparty / strongswan.git / commitdiff
