pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:56: Inside #if constant(Crypto.SHA512)
  #endif   #if constant(Crypto.SHA512)    Identifiers.rsa_sha512_id->get_der() : Crypto.SHA512,   #endif       Identifiers.dsa_sha_id->get_der() : Crypto.SHA1,   #if constant(Crypto.SHA224)    Identifiers.dsa_sha224_id->get_der() : Crypto.SHA224,   #endif    Identifiers.dsa_sha256_id->get_der() : Crypto.SHA256, +  + #if constant(Crypto.SHA224) +  Identifiers.ecdsa_sha224_id->get_der() : Crypto.SHA224, + #endif +  Identifiers.ecdsa_sha256_id->get_der() : Crypto.SHA256, + #if constant(Crypto.SHA384) +  Identifiers.ecdsa_sha384_id->get_der() : Crypto.SHA384, + #endif + #if constant(Crypto.SHA512) +  Identifiers.ecdsa_sha512_id->get_der() : Crypto.SHA512, + #endif    ]);   }      //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, validity is calculated based on time and @[ttl], and   //! @[extensions] is optionally added to the sequence. issuerUniqueID   //! and subjectUniqueID are not supported.   Sequence make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,
pike.git/lib/modules/Standards.pmod/X509.pmod:174:    void|Crypto.Hash h, void|int serial)   {    if(!serial)    serial = (int)Gmp.mpz(Standards.UUID.make_version1(-1)->encode(), 256);    Sequence dn = Certificate.build_distinguished_name(name);    return sign_key(dn, c, h||Crypto.SHA256, dn, serial, ttl, extensions);   }      class Verifier {    constant type = "none"; -  Crypto.RSA|Crypto.DSA pkc; +  Crypto.Sign pkc;    optional Crypto.RSA rsa;    optional Crypto.DSA dsa; -  + #if constant(Crypto.ECC.Curve) +  optional Crypto.ECC.SECP_521R1.ECDSA ecdsa; + #endif       //! Verifies the @[signature] of the certificate @[msg] using the    //! indicated hash @[algorithm].    int(0..1) verify(Sequence algorithm, string msg, string signature)    {    Crypto.Hash hash = algorithms[algorithm[0]->get_der()];    if (!hash) return 0;    return pkc && pkc->pkcs_verify(msg, hash, signature);    }   }
pike.git/lib/modules/Standards.pmod/X509.pmod:213:    constant type = "dsa";       protected void create(string key, Gmp.mpz p, Gmp.mpz q, Gmp.mpz g)    {    pkc = DSA.parse_public_key(key, p, q, g);    }       Crypto.DSA `dsa() { return [object(Crypto.DSA)]pkc; }   }    + #if constant(Crypto.ECC.Curve) + protected class ECDSAVerifier + { +  inherit Verifier; +  constant type = "ecdsa"; +  +  protected void create(string(8bit) key, string(8bit) curve_der) +  { +  Crypto.ECC.Curve curve; +  foreach(values(Crypto.ECC), mixed c) { +  if (objectp(c) && c->pkcs_named_curve_id && +  (c->pkcs_named_curve_id()->get_der() == curve_der)) { +  curve = [object(Crypto.ECC.Curve)]c; +  break; +  } +  } +  DBG("ECC Curve: %O (DER: %O)\n", curve, curve_der); +  pkc = curve->ECDSA()->set_public_key(key); +  } +  +  Crypto.ECC.SECP_521R1.ECDSA `ecdsa() +  { +  return [object(Crypto.ECC.SECP_521R1.ECDSA)]pkc; +  } + } + #endif +    protected Verifier make_verifier(Object _keyinfo)   {    if( _keyinfo->type_name != "SEQUENCE" )    return 0;    Sequence keyinfo = [object(Sequence)]_keyinfo;       if ( (keyinfo->type_name != "SEQUENCE")    || (sizeof(keyinfo) != 2)    || (keyinfo[0]->type_name != "SEQUENCE")    || !sizeof( [object(Sequence)]keyinfo[0] )
pike.git/lib/modules/Standards.pmod/X509.pmod:251:    {    if( sizeof(seq)!=2 || seq[1]->type_name!="SEQUENCE" ||    sizeof(seq[1])!=3 || seq[1][0]->type_name!="INTEGER" ||    seq[1][1]->type_name!="INTEGER" || seq[1][2]->type_name!="INTEGER" )    return 0;       Sequence params = seq[1];    return DSAVerifier(str->value, params[0]->value,    params[1]->value, params[2]->value);    } +  + #if constant(Crypto.ECC.Curve) +  if(seq[0]->get_der() == Identifiers.ec_id->get_der()) +  { +  if( sizeof(seq)!=2 || seq[1]->type_name!="SEQUENCE" || +  sizeof(seq[1])!=1 || seq[1][0]->type_name!="OBJECT IDENTIFIER" ) +  return 0; +  +  Sequence params = seq[1]; +  return ECDSAVerifier(str->value, params[0]->get_der());    } -  + #endif    -  +  DBG("make_verifier: Unknown algorithm identifier: %O\n", seq[0]); + } +    //! Represents a TBSCertificate.   class TBSCertificate   {    //!    string der;       //!    int version;       //!