pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:114:    return -1;    else if (t1[name] > t2[name])    return 1;    return 0;   }      protected {    MetaExplicit extension_sequence = MetaExplicit(2, 3);    MetaExplicit version_integer = MetaExplicit(2, 0);    +  // FIXME: These should probably move into PKCS.    Sequence rsa_md2_algorithm = Sequence( ({ Identifiers.rsa_md2_id, Null() }) );       Sequence rsa_md5_algorithm = Sequence( ({ Identifiers.rsa_md5_id, Null() }) );       Sequence rsa_sha1_algorithm = Sequence( ({ Identifiers.rsa_sha1_id,    Null() }) );    -  +  Sequence rsa_sha256_algorithm = Sequence( ({ Identifiers.rsa_sha256_id, +  Null() }) ); +  +  Sequence rsa_sha384_algorithm = Sequence( ({ Identifiers.rsa_sha384_id, +  Null() }) ); +  +  Sequence rsa_sha512_algorithm = Sequence( ({ Identifiers.rsa_sha512_id, +  Null() }) ); +     Sequence dsa_sha1_algorithm = Sequence( ({ Identifiers.dsa_sha_id }) );   }      //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, validity is calculated based on time and @[ttl], and   //! @[extensions] is optionally added to the sequence. issuerUniqueID   //! and subjectUniqueID are not supported.   Sequence make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,
pike.git/lib/modules/Standards.pmod/X509.pmod:291:    int(0..1) verify(Sequence algorithm, string msg, string signature)    {    if (algorithm->get_der() == rsa_md5_algorithm->get_der())    return rsa_verify_digest(rsa, Identifiers.md5_id,    Crypto.MD5.hash(msg),    signature);    if (algorithm->get_der() == rsa_sha1_algorithm->get_der())    return rsa_verify_digest(rsa, Identifiers.sha1_id,    Crypto.SHA1.hash(msg),    signature); +  if (algorithm->get_der() == rsa_sha256_algorithm->get_der()) +  return rsa_verify_digest(rsa, Identifiers.sha256_id, +  Crypto.SHA256.hash(msg), +  signature); +  if (algorithm->get_der() == rsa_sha384_algorithm->get_der()) +  return rsa_verify_digest(rsa, Identifiers.sha384_id, +  Crypto.SHA384.hash(msg), +  signature); +  if (algorithm->get_der() == rsa_sha512_algorithm->get_der()) +  return rsa_verify_digest(rsa, Identifiers.sha512_id, +  Crypto.SHA512.hash(msg), +  signature);   #if constant(Crypto.MD2.hash)    if (algorithm->get_der() == rsa_md2_algorithm->get_der())    return rsa_verify_digest(rsa, Identifiers.md2_id,    Crypto.MD2.hash(msg),    signature);   #endif    return 0;    }   }   
pike.git/lib/modules/Standards.pmod/X509.pmod:594:    TBSCertificate tbs = TBSCertificate()->init(cert[0]);       if (!tbs || (cert[1]->get_der() != tbs->algorithm->get_der()))    return 0;       return tbs;   }      //! Decodes a certificate, checks the signature. Returns the   //! TBSCertificate structure, or 0 if decoding or verification failes. + //! The valid time range for the certificate is not checked.   //!   //! Authorities is a mapping from (DER-encoded) names to a verifiers.   //!   //! @note   //! This function allows self-signed certificates, and it doesn't   //! check that names or extensions make sense.   TBSCertificate verify_certificate(string s, mapping authorities)   {    object cert = Standards.ASN1.Decode.simple_der_decode(s);