pike.git / lib / modules / Standards.pmod / X509.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/X509.pmod:114:    return -1;    else if (t1[name] > t2[name])    return 1;    return 0;   }      protected {    MetaExplicit extension_sequence = MetaExplicit(2, 3);    MetaExplicit version_integer = MetaExplicit(2, 0);    -  // FIXME: These should probably move into PKCS. -  Sequence rsa_md2_algorithm = Sequence( ({ Identifiers.rsa_md2_id, Null() }) ); -  -  Sequence rsa_md5_algorithm = Sequence( ({ Identifiers.rsa_md5_id, Null() }) ); -  -  Sequence rsa_sha1_algorithm = Sequence( ({ Identifiers.rsa_sha1_id, -  Null() }) ); -  -  Sequence rsa_sha256_algorithm = Sequence( ({ Identifiers.rsa_sha256_id, -  Null() }) ); -  -  Sequence rsa_sha384_algorithm = Sequence( ({ Identifiers.rsa_sha384_id, -  Null() }) ); -  -  Sequence rsa_sha512_algorithm = Sequence( ({ Identifiers.rsa_sha512_id, -  Null() }) ); -  -  Sequence dsa_sha1_algorithm = Sequence( ({ Identifiers.dsa_sha_id }) ); -  Sequence dsa_sha224_algorithm = Sequence( ({ Identifiers.dsa_sha224_id }) ); -  Sequence dsa_sha256_algorithm = Sequence( ({ Identifiers.dsa_sha256_id }) ); -  +     mapping algorithms = ([   #if constant(Crypto.MD2) -  rsa_md2_algorithm->get_der() : Crypto.MD2, +  Identifiers.rsa_md2_id->get_der() : Crypto.MD2,   #endif -  rsa_md5_algorithm->get_der() : Crypto.MD5, -  rsa_sha1_algorithm->get_der() : Crypto.SHA1, -  rsa_sha256_algorithm->get_der() : Crypto.SHA256, +  Identifiers.rsa_md5_id->get_der() : Crypto.MD5, +  Identifiers.rsa_sha1_id->get_der() : Crypto.SHA1, +  Identifiers.rsa_sha256_id->get_der() : Crypto.SHA256,   #if constant(Crypto.SHA384) -  rsa_sha384_algorithm->get_der() : Crypto.SHA384, +  Identifiers.rsa_sha384_id->get_der() : Crypto.SHA384,   #endif   #if constant(Crypto.SHA512) -  rsa_sha512_algorithm->get_der() : Crypto.SHA512, +  Identifiers.rsa_sha512_id->get_der() : Crypto.SHA512,   #endif    -  dsa_sha1_algorithm->get_der() : Crypto.SHA1, -  dsa_sha224_algorithm->get_der() : Crypto.SHA224, -  dsa_sha256_algorithm->get_der() : Crypto.SHA256, +  Identifiers.dsa_sha_id->get_der() : Crypto.SHA1, + #if constant(Crypto.SHA224) +  Identifiers.dsa_sha224_id->get_der() : Crypto.SHA224, + #endif + #if constant(Crypto.SHA256) +  Identifiers.dsa_sha256_id->get_der() : Crypto.SHA256, + #endif    ]);   }      //! Creates the ASN.1 TBSCertificate sequence (see RFC2459 section   //! 4.1) to be signed (TBS) by the CA. version is explicitly set to   //! v3, validity is calculated based on time and @[ttl], and   //! @[extensions] is optionally added to the sequence. issuerUniqueID   //! and subjectUniqueID are not supported.   Sequence make_tbs(Sequence issuer, Sequence algorithm,    Sequence subject, Sequence keyinfo,
pike.git/lib/modules/Standards.pmod/X509.pmod:265:    serial = (int)Gmp.mpz(Standards.UUID.make_version1(-1)->encode(), 256);    Sequence dn = Certificate.build_distinguished_name(name);    return sign_key(dn, c, dn, serial, ttl, extensions);   }      class Verifier {    constant type = "none";    int(0..1) verify(object,string,string);    optional Crypto.RSA rsa;    optional Crypto.DSA dsa; +  +  extern protected int(0..1) pkcs_verify(string, Crypto.Hash, string); +  +  //! Verifies the @[signature] of the certificate @[msg] using the +  //! indicated hash @[algorithm]. The signature is the DER-encoded +  //! ASN.1 sequence Dss-Sig-Value with the two integers r and s. See +  //! RFC 3279 section 2.2.2. +  int(0..1) verify(Sequence algorithm, string msg, string signature) +  { +  Crypto.Hash hash = algorithms[algorithm[0]->get_der()]; +  if (!hash) return 0; +  return pkcs_verify(msg, hash, signature);    } -  + }      protected class RSAVerifier   {    inherit Verifier;    Crypto.RSA rsa;       constant type = "rsa";       protected void create(string key) {    rsa = RSA.parse_public_key(key);    }    -  //! -  int(0..1) verify(Sequence algorithm, string msg, string signature) +  protected int(0..1) pkcs_verify(string msg, Crypto.Hash h, string sign)    { -  if (!rsa) return 0; -  Crypto.Hash hash = algorithms[algorithm->get_der()]; -  if (!hash) return 0; -  return rsa->pkcs_verify(msg, hash, signature); +  return rsa && rsa->pkcs_verify(msg, h, sign);    }   }      protected class DSAVerifier   {    inherit Verifier;    Crypto.DSA dsa;       constant type = "dsa";       protected void create(string key, Gmp.mpz p, Gmp.mpz q, Gmp.mpz g)    {    dsa = DSA.parse_public_key(key, p, q, g);    }    -  //! Verifies the @[signature] of the certificate @[msg] using the -  //! indicated hash @[algorithm]. The signature is the DER-encoded -  //! ASN.1 sequence Dss-Sig-Value with the two integers r and s. See -  //! RFC 3279 section 2.2.2. -  int(0..1) verify(Sequence algorithm, string msg, string signature) +  protected int(0..1) pkcs_verify(string msg, Crypto.Hash h, string sign)    { -  if (!dsa) return 0; -  Crypto.Hash hash = algorithms[algorithm->get_der()]; -  if (!hash) return 0; -  return dsa->pkcs_verify(msg, hash, signature); +  return dsa && dsa->pkcs_verify(msg, h, sign);    }   }      protected Verifier make_verifier(Object _keyinfo)   {    if( _keyinfo->type_name != "SEQUENCE" )    return 0;    Sequence keyinfo = [object(Sequence)]_keyinfo;       if ( (keyinfo->type_name != "SEQUENCE")