sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-11-22 00:01:45 -05:00
Code Issues Projects Releases Wiki Activity

ikev2: Use helpers to build signature auth data

Browse Source
This commit is contained in:
Tobias Brunner 2017-10-24 13:49:14 +02:00
parent eae80fdedc
commit 3fc66e5743
1 changed files with 4 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
View File

@ -63,9 +63,7 @@ struct private_pubkey_authenticator_t {
static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type, static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type,
signature_params_t *params) signature_params_t *params)
{ {
chunk_t parameters = chunk_empty;
uint8_t len; uint8_t len;
int oid;
if (!auth_data->len) if (!auth_data->len)
{ {
@ -73,27 +71,9 @@ static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type,
} }
len = auth_data->ptr[0]; len = auth_data->ptr[0];
*auth_data = chunk_skip(*auth_data, 1); *auth_data = chunk_skip(*auth_data, 1);
oid = asn1_parse_algorithmIdentifier(*auth_data, 1, &parameters); if (!signature_params_parse(*auth_data, 1, params))
params->scheme = signature_scheme_from_oid(oid);
switch (params->scheme)
{ {
case SIGN_UNKNOWN: return FALSE;
return FALSE;
case SIGN_RSA_EMSA_PSS:
{
rsa_pss_params_t *pss = malloc_thing(rsa_pss_params_t);
if (!rsa_pss_params_parse(parameters, 0, pss))
{
DBG1(DBG_IKE, "failed parsing RSASSA-PSS parameters");
free(pss);
return FALSE;
}
params->params = pss;
break;
}
default:
break;
} }
*key_type = key_type_from_signature_scheme(params->scheme); *key_type = key_type_from_signature_scheme(params->scheme);
*auth_data = chunk_skip(*auth_data, len); *auth_data = chunk_skip(*auth_data, len);
@ -106,30 +86,14 @@ static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type,
static bool build_signature_auth_data(chunk_t *auth_data, static bool build_signature_auth_data(chunk_t *auth_data,
signature_params_t *params) signature_params_t *params)
{ {
chunk_t data, parameters = chunk_empty; chunk_t data;
uint8_t len; uint8_t len;
int oid;
oid = signature_scheme_to_oid(params->scheme); if (!signature_params_build(params, &data))
if (oid == OID_UNKNOWN)
{ {
chunk_free(auth_data); chunk_free(auth_data);
return FALSE; return FALSE;
} }
if (params->scheme == SIGN_RSA_EMSA_PSS &&
!rsa_pss_params_build(params->params, &parameters))
{
chunk_free(auth_data);
return FALSE;
}
if (parameters.len)
{
data = asn1_algorithmIdentifier_params(oid, parameters);
}
else
{
data = asn1_algorithmIdentifier(oid);
}
len = data.len; len = data.len;
*auth_data = chunk_cat("cmm", chunk_from_thing(len), data, *auth_data); *auth_data = chunk_cat("cmm", chunk_from_thing(len), data, *auth_data);
return TRUE; return TRUE;