pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:132:    Sequence rsa_sha256_algorithm = Sequence( ({ Identifiers.rsa_sha256_id,    Null() }) );       Sequence rsa_sha384_algorithm = Sequence( ({ Identifiers.rsa_sha384_id,    Null() }) );       Sequence rsa_sha512_algorithm = Sequence( ({ Identifiers.rsa_sha512_id,    Null() }) );       Sequence dsa_sha1_algorithm = Sequence( ({ Identifiers.dsa_sha_id }) ); +  +  mapping algorithms = ([ + #if constant(Crypto.MD2) +  rsa_md2_algorithm->get_der() : Crypto.MD2, + #endif +  rsa_md5_algorithm->get_der() : Crypto.MD5, +  rsa_sha1_algorithm->get_der() : Crypto.SHA1, +  rsa_sha256_algorithm->get_der() : Crypto.SHA256, +  rsa_sha384_algorithm->get_der() : Crypto.SHA384, +  rsa_sha512_algorithm->get_der() : Crypto.SHA512, +  ]);   }      //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, validity is calculated based on time and @[ttl], and   //! @[extensions] is optionally added to the sequence. issuerUniqueID   //! and subjectUniqueID are not supported.   Sequence make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,    Integer serial, int ttl,
pike.git/lib/modules/Standards.pmod/X509.pmod:173:      //!   string rsa_sign_digest(Crypto.RSA rsa, object digest_id, string digest)   {    Sequence digest_info = Sequence( ({ Sequence( ({ digest_id, Null() }) ),    OctetString(digest) }) );    return rsa->raw_sign(digest_info->get_der())->digits(256);   }      //! - int(0..1) rsa_verify_digest(Crypto.RSA rsa, object digest_id, -  string digest, string s) + int(0..1) rsa_verify_digest(Crypto.RSA rsa, Crypto.Hash hash, +  string msg, string s)   { -  Sequence digest_info = Sequence( ({ Sequence( ({ digest_id, Null() }) ), -  OctetString(digest) }) ); +  Sequence digest_info = Sequence( ({ Sequence( ({ hash->asn1_id(), +  Null() }) ), +  OctetString(hash->hash(msg)) }) );    return rsa->raw_verify(digest_info->get_der(), Gmp.mpz(s, 256));   }      //!   //! @param issuer   //! Distinguished name for the issuer.   //! See @[Standards.PKCS.Certificate.build_distinguished_name].   //!   //! @param c   //! RSA or DSA parameters for the issuer.
pike.git/lib/modules/Standards.pmod/X509.pmod:291:    constant type = "rsa";       protected void create(string key) {    rsa = RSA.parse_public_key(key);    }       //!    int(0..1) verify(Sequence algorithm, string msg, string signature)    {    if (!rsa) return 0; -  if (algorithm->get_der() == rsa_md5_algorithm->get_der()) -  return rsa_verify_digest(rsa, Identifiers.md5_id, -  Crypto.MD5.hash(msg), -  signature); -  if (algorithm->get_der() == rsa_sha1_algorithm->get_der()) -  return rsa_verify_digest(rsa, Identifiers.sha1_id, -  Crypto.SHA1.hash(msg), -  signature); -  if (algorithm->get_der() == rsa_sha256_algorithm->get_der()) -  return rsa_verify_digest(rsa, Identifiers.sha256_id, -  Crypto.SHA256.hash(msg), -  signature); -  if (algorithm->get_der() == rsa_sha384_algorithm->get_der()) -  return rsa_verify_digest(rsa, Identifiers.sha384_id, -  Crypto.SHA384.hash(msg), -  signature); -  if (algorithm->get_der() == rsa_sha512_algorithm->get_der()) -  return rsa_verify_digest(rsa, Identifiers.sha512_id, -  Crypto.SHA512.hash(msg), -  signature); - #if constant(Crypto.MD2.hash) -  if (algorithm->get_der() == rsa_md2_algorithm->get_der()) -  return rsa_verify_digest(rsa, Identifiers.md2_id, -  Crypto.MD2.hash(msg), -  signature); - #endif -  return 0; +  Crypto.Hash hash = algorithms[algorithm->get_der()]; +  if (!hash) return 0; +  return rsa_verify_digest(rsa, hash, msg, signature);    }   }      protected class DSAVerifier   {    inherit Verifier;    Crypto.DSA dsa;       constant type = "dsa";