x509write_csr() now fully using PK internally
diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h
index 4ff4747..3bf68f3 100644
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -365,6 +365,15 @@
*/
const char * pk_get_name( const pk_context *ctx );
+/**
+ * \brief Get the key typee
+ *
+ * \param ctx Context to use
+ *
+ * \return Type on success, or POLARSSL_PK_NONE
+ */
+pk_type_t pk_get_type( const pk_context *ctx );
+
#ifdef __cplusplus
}
#endif
diff --git a/library/pk.c b/library/pk.c
index 77f5034..80eccc9 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -273,4 +273,15 @@
return( ctx->pk_info->name );
}
+/*
+ * Access the PK type
+ */
+pk_type_t pk_get_type( const pk_context *ctx )
+{
+ if( ctx == NULL || ctx->pk_info == NULL )
+ return( POLARSSL_PK_NONE );
+
+ return( ctx->pk_info->type );
+}
+
#endif /* POLARSSL_PK_C */
diff --git a/library/x509write.c b/library/x509write.c
index 5c96841..7c4ca33 100644
--- a/library/x509write.c
+++ b/library/x509write.c
@@ -707,9 +707,12 @@
unsigned char hash[64];
unsigned char sig[POLARSSL_MPI_MAX_SIZE];
unsigned char tmp_buf[2048];
- size_t pub_len = 0, sig_len = 0;
+ size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
+ /*
+ * Prepare data to be signed in tmp_buf
+ */
c = tmp_buf + sizeof( tmp_buf );
ASN1_CHK_ADD( len, x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
@@ -732,6 +735,8 @@
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_CONTEXT_SPECIFIC ) );
+ if( !pk_can_do( ctx->key, POLARSSL_PK_RSA ) )
+ return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
ASN1_CHK_ADD( pub_len, x509write_pubkey_der( pk_rsa( *ctx->key ),
tmp_buf, c - tmp_buf ) );
c -= pub_len;
@@ -750,29 +755,30 @@
ASN1_CHK_ADD( len, asn1_write_len( &c, tmp_buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c, tmp_buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
+ /*
+ * Prepare signature
+ */
md( md_info_from_type( ctx->md_alg ), c, len, hash );
- if( !pk_can_do( ctx->key, POLARSSL_PK_RSA ) )
- return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
+ if( ( ret = pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
+ NULL, NULL ) ) != 0 ||
+ ( ret = oid_get_oid_by_sig_alg( pk_get_type( ctx->key ), ctx->md_alg,
+ &sig_oid, &sig_oid_len ) ) != 0 )
+ {
+ return( ret );
+ }
- // TODO: use pk_sign()
- rsa_pkcs1_sign( pk_rsa( *ctx->key ), NULL, NULL, RSA_PRIVATE, ctx->md_alg, 0, hash, sig );
-
- // Generate correct OID
- //
- // TODO: use pk_info->type
- ret = oid_get_oid_by_sig_alg( POLARSSL_PK_RSA, ctx->md_alg, &sig_oid,
- &sig_oid_len );
-
- // TODO: use pk_get_len()
+ /*
+ * Write data to output buffer
+ */
c2 = buf + size;
- ASN1_CHK_ADD( sig_len, x509_write_sig( &c2, buf, sig_oid, sig_oid_len,
- sig, pk_rsa( *ctx->key )->len ) );
+ ASN1_CHK_ADD( sig_and_oid_len, x509_write_sig( &c2, buf,
+ sig_oid, sig_oid_len, sig, sig_len ) );
c2 -= len;
memcpy( c2, c, len );
- len += sig_len;
+ len += sig_and_oid_len;
ASN1_CHK_ADD( len, asn1_write_len( &c2, buf, len ) );
ASN1_CHK_ADD( len, asn1_write_tag( &c2, buf, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) );
