From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Wed, 21 Feb 2007 13:08:45 +0000 (-0000)
Subject: handle strong SHA-2 signatures in X.509 certificates
X-Git-Tag: 4.0.7~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f6a17a444425efb631a994da1802fdac6bb9d27;p=thirdparty%2Fstrongswan.git

handle strong SHA-2 signatures in X.509 certificates
---

diff --git a/src/pluto/oid.txt b/src/pluto/oid.txt
index eed46d59dd..e8750024e4 100644
--- a/src/pluto/oid.txt
+++ b/src/pluto/oid.txt
@@ -155,9 +155,9 @@
           0x03               "csor"
             0x04             "nistalgorithm"
               0x02           "hashalgs"
-                0x01         "id-SHA-256"
-                0x02         "id-SHA-384"
-                0x03         "id-SHA-512"
+                0x01         "id-SHA-256"		OID_SHA256
+                0x02         "id-SHA-384"		OID_SHA384
+                0x03         "id-SHA-512"		OID_SHA512
         0x86                 ""
           0xf8               ""
             0x42             "netscape"
diff --git a/src/pluto/pkcs1.c b/src/pluto/pkcs1.c
index 413938976c..ade5fdd94d 100644
--- a/src/pluto/pkcs1.c
+++ b/src/pluto/pkcs1.c
@@ -21,6 +21,7 @@
 #include <string.h>
 
 #include <freeswan.h>
+#include <libsha2/sha2.h>
 
 #include "constants.h"
 #include "defs.h"
@@ -290,29 +291,31 @@ compute_digest(chunk_t tbs, int alg, chunk_t *digest)
 {
     switch (alg)
     {
-	case OID_MD2:
-	case OID_MD2_WITH_RSA:
+    case OID_MD2:
+    case OID_MD2_WITH_RSA:
 	{
 	    MD2_CTX context;
+
 	    MD2Init(&context);
 	    MD2Update(&context, tbs.ptr, tbs.len);
 	    MD2Final(digest->ptr, &context);
 	    digest->len = MD2_DIGEST_SIZE;
 	    return TRUE;
 	}
-	case OID_MD5:
-	case OID_MD5_WITH_RSA:
+     case OID_MD5:
+     case OID_MD5_WITH_RSA:
 	{
 	    MD5_CTX context;
+
 	    MD5Init(&context);
 	    MD5Update(&context, tbs.ptr, tbs.len);
 	    MD5Final(digest->ptr, &context);
 	    digest->len = MD5_DIGEST_SIZE;
 	    return TRUE;
 	}
-	case OID_SHA1:
-	case OID_SHA1_WITH_RSA:
-	case OID_SHA1_WITH_RSA_OIW:
+     case OID_SHA1:
+     case OID_SHA1_WITH_RSA:
+     case OID_SHA1_WITH_RSA_OIW:
 	{
 	    SHA1_CTX context;
 
@@ -322,9 +325,45 @@ compute_digest(chunk_t tbs, int alg, chunk_t *digest)
 	    digest->len = SHA1_DIGEST_SIZE;
 	    return TRUE;
 	}
-	default:
-	    digest->len = 0;
-	    return FALSE;
+     case OID_SHA256:
+     case OID_SHA256_WITH_RSA:
+	{
+	    sha256_context context;
+
+	    sha256_init(&context);
+	    sha256_write(&context, tbs.ptr, tbs.len);
+	    sha256_final(&context);
+	    memcpy(digest->ptr, context.sha_out, SHA2_256_DIGEST_SIZE);
+	    digest->len = SHA2_256_DIGEST_SIZE;
+	    return TRUE;
+	}
+     case OID_SHA384:
+     case OID_SHA384_WITH_RSA:
+	{
+	    sha512_context context;
+
+	    sha384_init(&context);
+	    sha512_write(&context, tbs.ptr, tbs.len);
+	    sha512_final(&context);
+	    memcpy(digest->ptr, context.sha_out, SHA2_384_DIGEST_SIZE);
+	    digest->len = SHA2_384_DIGEST_SIZE;
+	    return TRUE;
+	}
+     case OID_SHA512:
+     case OID_SHA512_WITH_RSA:
+	{
+	    sha512_context context;
+
+	    sha512_init(&context);
+	    sha512_write(&context, tbs.ptr, tbs.len);
+	    sha512_final(&context);
+	    memcpy(digest->ptr, context.sha_out, SHA2_512_DIGEST_SIZE);
+	    digest->len = SHA2_512_DIGEST_SIZE;
+	    return TRUE;
+	}
+     default:
+	digest->len = 0;
+	return FALSE;
     }
 }