}
switch (openssl_asn1_known_oid(oid))
{
+ case OID_RSASSA_PSS:
+ /* TODO: we should treat such keys special and use the params as
+ * restrictions regarding the use of this key (or rather the
+ * associated private key) */
case OID_RSA_ENCRYPTION:
this->pubkey = lib->creds->create(lib->creds,
CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER,
int oid = asn1_parse_algorithmIdentifier(object,
parser->get_level(parser)+1, NULL);
- if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP)
+ if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP ||
+ oid == OID_RSASSA_PSS)
{
+ /* TODO: we should parse parameters for PSS and pass them
+ * (and the type), or the complete subjectPublicKeyInfo,
+ * along so we can treat these as restrictions when
+ * generating signatures with the associated private key */
type = KEY_RSA;
}
else if (oid == OID_EC_PUBLICKEY)
switch (oid)
{
+ case OID_RSASSA_PSS:
+ /* TODO: parameters associated with such keys should be
+ * treated as restrictions later when signing (the type
+ * itself is already a restriction). However, the
+ * builders currently don't expect any parameters for
+ * RSA keys (we also only pass along the params, not the
+ * exact type, so we'd have to guess that params
+ * indicate RSA/PSS, but they are optional so that won't
+ * work for keys without specific restrictions) */
+ params = chunk_empty;
case OID_RSA_ENCRYPTION:
type = KEY_RSA;
break;
projects / thirdparty / strongswan.git / commitdiff
