Add support for certificates with SHA2 family digest algorithms.

svn path=/trunk/kdesupport/qca/; revision=992617
2025-05-05 07:29:32 +00:00 · 2009-07-07 12:24:51 +00:00 · 2009-07-07 12:24:51 +00:00 · 5af426b83a
commit 5af426b83a
parent 0ce797a909
5 changed files with 75 additions and 2 deletions
--- a/include/QtCrypto/qca_publickey.h
+++ b/include/QtCrypto/qca_publickey.h
@ -68,7 +68,11 @@ enum SignatureAlgorithm
 	EMSA3_MD5,        ///< MD5, with EMSA3 (ie PKCS#1 Version 1.5) encoding (this is the usual RSA algorithm)
 	EMSA3_MD2,        ///< MD2, with EMSA3 (ie PKCS#1 Version 1.5) encoding
 	EMSA3_RIPEMD160,  ///< RIPEMD160, with EMSA3 (ie PKCS#1 Version 1.5) encoding
-	EMSA3_Raw         ///< EMSA3 without computing a message digest or a DigestInfo encoding (identical to PKCS#11's CKM_RSA_PKCS mechanism)
+	EMSA3_Raw,        ///< EMSA3 without computing a message digest or a DigestInfo encoding (identical to PKCS#11's CKM_RSA_PKCS mechanism)
+	EMSA3_SHA224,     ///< SHA224, with EMSA3 (ie PKCS#1 Version 1.5) encoding
+	EMSA3_SHA256,     ///< SHA256, with EMSA3 (ie PKCS#1 Version 1.5) encoding
+	EMSA3_SHA384,     ///< SHA384, with EMSA3 (ie PKCS#1 Version 1.5) encoding
+	EMSA3_SHA512      ///< SHA512, with EMSA3 (ie PKCS#1 Version 1.5) encoding
 };

 /**
--- a/plugins/qca-ossl/qca-ossl.cpp
+++ b/plugins/qca-ossl/qca-ossl.cpp
@ -1784,6 +1784,14 @@ public:
 			md = EVP_md2();
 		else if(alg == EMSA3_RIPEMD160)
 			md = EVP_ripemd160();
+		else if(alg == EMSA3_SHA224)
+			md = EVP_sha224();
+		else if(alg == EMSA3_SHA256)
+			md = EVP_sha256();
+		else if(alg == EMSA3_SHA384)
+			md = EVP_sha384();
+		else if(alg == EMSA3_SHA512)
+			md = EVP_sha512();
 		else if(alg == EMSA3_Raw)
 		{
 			// md = 0
@ -1802,6 +1810,14 @@ public:
 			md = EVP_md2();
 		else if(alg == EMSA3_RIPEMD160)
 			md = EVP_ripemd160();
+		else if(alg == EMSA3_SHA224)
+			md = EVP_sha224();
+		else if(alg == EMSA3_SHA256)
+			md = EVP_sha256();
+		else if(alg == EMSA3_SHA384)
+			md = EVP_sha384();
+		else if(alg == EMSA3_SHA512)
+			md = EVP_sha512();
 		else if(alg == EMSA3_Raw)
 		{
 			// md = 0
@ -3403,6 +3419,18 @@ public:
 		case NID_dsaWithSHA1:
 		    p.sigalgo = QCA::EMSA1_SHA1;
 		    break;
+		case NID_sha224WithRSAEncryption:
+		    p.sigalgo = QCA::EMSA3_SHA224;
+		    break;
+		case NID_sha256WithRSAEncryption:
+		    p.sigalgo = QCA::EMSA3_SHA256;
+		    break;
+		case NID_sha384WithRSAEncryption:
+		    p.sigalgo = QCA::EMSA3_SHA384;
+		    break;
+		case NID_sha512WithRSAEncryption:
+		    p.sigalgo = QCA::EMSA3_SHA512;
+		    break;
 		default:
 		    qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm);
 		    p.sigalgo = QCA::SignatureUnknown;
--- a/unittest/certunittest/CMakeLists.txt
+++ b/unittest/certunittest/CMakeLists.txt
@ -11,7 +11,8 @@ target_link_libraries( certunittest qca ${QT_QTTEST_LIBRARY})
 FOREACH( testFileName RootCAcert.pem 76.pem altname.pem csr1.pem 
 	 GoodCACRL.pem ov-root-ca-cert.crt User.pem QcaTestClientCert.pem xmppcert.pem 
 	 Server.pem QcaTestServerCert.pem xmppcert.pem newreq.pem
-	 QualitySSLIntermediateCA.crt QcaTestRootCert.pem Test_CRL.crl )
+	 QualitySSLIntermediateCA.crt QcaTestRootCert.pem Test_CRL.crl
+	 RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt )
   CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/certs/${testFileName} ${CMAKE_CURRENT_BINARY_DIR}/certs/${testFileName} COPYONLY)
 ENDFOREACH( testFileName )

--- a/unittest/certunittest/certs/RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt
+++ b/unittest/certunittest/certs/RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt
--- a/unittest/certunittest/certunittest.cpp
+++ b/unittest/certunittest/certunittest.cpp
@ -45,6 +45,7 @@ private slots:
    void checkExpiredServerCerts();
    void checkServerCerts();
    void altNames76();
+    void sha256cert();
    void crl();
    void crl2();
    void csr();
@ -709,6 +710,45 @@ void CertUnitTest::altNames76()
    }
 }

+void CertUnitTest::sha256cert()
+{
+    QStringList providersToTest;
+    providersToTest.append("qca-ossl");
+    // providersToTest.append("qca-botan");
+
+    foreach(const QString provider, providersToTest) {
+        if( !QCA::isSupported( "cert", provider ) )
+            QWARN( QString( "Certificate handling not supported for "+provider).toLocal8Bit() );
+        else {
+            QFile f("certs/RAIZ2007_CERTIFICATE_AND_CRL_SIGNING_SHA256.crt");
+            QVERIFY(f.open(QFile::ReadOnly));
+            QByteArray der = f.readAll();
+            QCA::ConvertResult resultcert;
+            QCA::Certificate cert = QCA::Certificate::fromDER(der,
+                                                              &resultcert,
+                                                              provider);
+
+            QCOMPARE( resultcert, QCA::ConvertGood );
+            QCOMPARE( cert.isNull(), false );
+            QCOMPARE( cert.isCA(), true );
+            QCOMPARE( cert.isSelfSigned(), true );
+
+            QCA::PublicKey pubkey = cert.subjectPublicKey();
+            QCOMPARE( pubkey.isNull(), false );
+            QCOMPARE( pubkey.isRSA(), true );
+            QCOMPARE( pubkey.isDSA(), false );
+            QCOMPARE( pubkey.isDH(), false );
+            QCOMPARE( pubkey.isPublic(), true );
+            QCOMPARE( pubkey.isPrivate(), false );
+            QCOMPARE( pubkey.bitSize(), 4096 );
+
+            QCOMPARE( cert.pathLimit(), 0 );
+
+            QCOMPARE( cert.signatureAlgorithm(), QCA::EMSA3_SHA256 );
+        }
+    }
+}
+
 void CertUnitTest::checkExpiredServerCerts()
 {
    QStringList providersToTest;