|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* Copyright (C) 2001-2014 Free Software Foundation, Inc.
|
|
Packit Service |
4684c1 |
* Copyright (C) 2017 Red Hat, Inc.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Author: Nikos Mavrogiannopoulos
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This file is part of GnuTLS.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit Service |
4684c1 |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit Service |
4684c1 |
* the License, or (at your option) any later version.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This library is distributed in the hope that it will be useful, but
|
|
Packit Service |
4684c1 |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
4684c1 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit Service |
4684c1 |
* Lesser General Public License for more details.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit Service |
4684c1 |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* This file contains the functions needed for RSA/DSA public key
|
|
Packit Service |
4684c1 |
* encryption and signatures.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
#include "gnutls_int.h"
|
|
Packit Service |
4684c1 |
#include <mpi.h>
|
|
Packit Service |
4684c1 |
#include <pk.h>
|
|
Packit Service |
4684c1 |
#include "errors.h"
|
|
Packit Service |
4684c1 |
#include <datum.h>
|
|
Packit Service |
4684c1 |
#include <global.h>
|
|
Packit Service |
4684c1 |
#include <num.h>
|
|
Packit Service |
4684c1 |
#include "debug.h"
|
|
Packit Service |
4684c1 |
#include <x509/x509_int.h>
|
|
Packit Service |
4684c1 |
#include <x509/common.h>
|
|
Packit Service |
4684c1 |
#include <random.h>
|
|
Packit Service |
4684c1 |
#include <gnutls/crypto.h>
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_encode_rs_value:
|
|
Packit Service |
4684c1 |
* @sig_value: will hold a Dss-Sig-Value DER encoded structure
|
|
Packit Service |
4684c1 |
* @r: must contain the r value
|
|
Packit Service |
4684c1 |
* @s: must contain the s value
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will encode the provided r and s values,
|
|
Packit Service |
4684c1 |
* into a Dss-Sig-Value structure, used for DSA and ECDSA
|
|
Packit Service |
4684c1 |
* signatures.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The output value should be deallocated using gnutls_free().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
|
|
Packit Service |
4684c1 |
* an error code is returned.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.6.0
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
gnutls_encode_rs_value(gnutls_datum_t * sig_value,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * r,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * s)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return _gnutls_encode_ber_rs_raw(sig_value, r, s);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* same as gnutls_encode_rs_value(), but kept since it used
|
|
Packit Service |
4684c1 |
* to be exported for FIPS140 CAVS testing.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * r,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * s)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
ASN1_TYPE sig;
|
|
Packit Service |
4684c1 |
int result, ret;
|
|
Packit Service |
4684c1 |
uint8_t *tmp = NULL;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result =
|
|
Packit Service |
4684c1 |
asn1_create_element(_gnutls_get_gnutls_asn(),
|
|
Packit Service |
4684c1 |
"GNUTLS.DSASignatureValue",
|
|
Packit Service |
4684c1 |
&sig)) != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (s->data[0] >= 0x80 || r->data[0] >= 0x80) {
|
|
Packit Service |
4684c1 |
tmp = gnutls_malloc(MAX(r->size, s->size)+1);
|
|
Packit Service |
4684c1 |
if (tmp == NULL) {
|
|
Packit Service |
4684c1 |
ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (r->data[0] >= 0x80) {
|
|
Packit Service |
4684c1 |
tmp[0] = 0;
|
|
Packit Service |
4684c1 |
memcpy(&tmp[1], r->data, r->size);
|
|
Packit Service |
4684c1 |
result = asn1_write_value(sig, "r", tmp, 1+r->size);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
result = asn1_write_value(sig, "r", r->data, r->size);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
ret = _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (s->data[0] >= 0x80) {
|
|
Packit Service |
4684c1 |
tmp[0] = 0;
|
|
Packit Service |
4684c1 |
memcpy(&tmp[1], s->data, s->size);
|
|
Packit Service |
4684c1 |
result = asn1_write_value(sig, "s", tmp, 1+s->size);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
result = asn1_write_value(sig, "s", s->data, s->size);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
ret = _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_x509_der_encode(sig, "", sig_value, 0);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = 0;
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_free(tmp);
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_encode_ber_rs(gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
ASN1_TYPE sig;
|
|
Packit Service |
4684c1 |
int result;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result =
|
|
Packit Service |
4684c1 |
asn1_create_element(_gnutls_get_gnutls_asn(),
|
|
Packit Service |
4684c1 |
"GNUTLS.DSASignatureValue",
|
|
Packit Service |
4684c1 |
&sig)) != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result = _gnutls_x509_write_int(sig, "r", r, 1);
|
|
Packit Service |
4684c1 |
if (result < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
return result;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result = _gnutls_x509_write_int(sig, "s", s, 1);
|
|
Packit Service |
4684c1 |
if (result < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
return result;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result = _gnutls_x509_der_encode(sig, "", sig_value, 0);
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (result < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(result);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* decodes the Dss-Sig-Value structure
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_decode_ber_rs(const gnutls_datum_t * sig_value, bigint_t * r,
|
|
Packit Service |
4684c1 |
bigint_t * s)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
ASN1_TYPE sig;
|
|
Packit Service |
4684c1 |
int result;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result =
|
|
Packit Service |
4684c1 |
asn1_create_element(_gnutls_get_gnutls_asn(),
|
|
Packit Service |
4684c1 |
"GNUTLS.DSASignatureValue",
|
|
Packit Service |
4684c1 |
&sig)) != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* rfc3279 doesn't specify whether Dss-Sig-Value is encoded
|
|
Packit Service |
4684c1 |
* as DER or BER. As such we do not restrict to the DER subset. */
|
|
Packit Service |
4684c1 |
result =
|
|
Packit Service |
4684c1 |
asn1_der_decoding(&sig, sig_value->data, sig_value->size,
|
|
Packit Service |
4684c1 |
NULL);
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result = _gnutls_x509_read_int(sig, "r", r);
|
|
Packit Service |
4684c1 |
if (result < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
return result;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result = _gnutls_x509_read_int(sig, "s", s);
|
|
Packit Service |
4684c1 |
if (result < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_mpi_release(r);
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
return result;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_decode_rs_value:
|
|
Packit Service |
4684c1 |
* @sig_value: holds a Dss-Sig-Value DER or BER encoded structure
|
|
Packit Service |
4684c1 |
* @r: will contain the r value
|
|
Packit Service |
4684c1 |
* @s: will contain the s value
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will decode the provided @sig_value,
|
|
Packit Service |
4684c1 |
* into @r and @s elements. The Dss-Sig-Value is used for DSA and ECDSA
|
|
Packit Service |
4684c1 |
* signatures.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The output values may be padded with a zero byte to prevent them
|
|
Packit Service |
4684c1 |
* from being interpreted as negative values. The value
|
|
Packit Service |
4684c1 |
* should be deallocated using gnutls_free().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
|
|
Packit Service |
4684c1 |
* an error code is returned.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.6.0
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int gnutls_decode_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t *r,
|
|
Packit Service |
4684c1 |
gnutls_datum_t *s)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
return _gnutls_decode_ber_rs_raw(sig_value, r, s);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* same as gnutls_decode_rs_value(), but kept since it used
|
|
Packit Service |
4684c1 |
* to be exported for FIPS140 CAVS testing.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_decode_ber_rs_raw(const gnutls_datum_t * sig_value, gnutls_datum_t *r,
|
|
Packit Service |
4684c1 |
gnutls_datum_t *s)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
ASN1_TYPE sig;
|
|
Packit Service |
4684c1 |
int result;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result =
|
|
Packit Service |
4684c1 |
asn1_create_element(_gnutls_get_gnutls_asn(),
|
|
Packit Service |
4684c1 |
"GNUTLS.DSASignatureValue",
|
|
Packit Service |
4684c1 |
&sig)) != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* rfc3279 doesn't specify whether Dss-Sig-Value is encoded
|
|
Packit Service |
4684c1 |
* as DER or BER. As such we do not restrict to the DER subset. */
|
|
Packit Service |
4684c1 |
result =
|
|
Packit Service |
4684c1 |
asn1_der_decoding(&sig, sig_value->data, sig_value->size,
|
|
Packit Service |
4684c1 |
NULL);
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result = _gnutls_x509_read_value(sig, "r", r);
|
|
Packit Service |
4684c1 |
if (result < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
return result;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result = _gnutls_x509_read_value(sig, "s", s);
|
|
Packit Service |
4684c1 |
if (result < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
gnutls_free(r->data);
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
return result;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&sig);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_encode_gost_rs(gnutls_datum_t * sig_value, bigint_t r, bigint_t s,
|
|
Packit Service |
4684c1 |
size_t intsize)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
uint8_t *data;
|
|
Packit Service |
4684c1 |
int result;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
data = gnutls_malloc(intsize * 2);
|
|
Packit Service |
4684c1 |
if (data == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result = _gnutls_mpi_bprint_size(s, data, intsize)) < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
gnutls_free(data);
|
|
Packit Service |
4684c1 |
return result;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result = _gnutls_mpi_bprint_size(r, data + intsize, intsize)) < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
gnutls_free(data);
|
|
Packit Service |
4684c1 |
return result;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
sig_value->data = data;
|
|
Packit Service |
4684c1 |
sig_value->size = intsize * 2;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_decode_gost_rs(const gnutls_datum_t * sig_value, bigint_t * r,
|
|
Packit Service |
4684c1 |
bigint_t * s)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
unsigned halfsize = sig_value->size >> 1;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (sig_value->size % 2 != 0) {
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_mpi_init_scan(s, sig_value->data, halfsize);
|
|
Packit Service |
4684c1 |
if (ret < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_mpi_init_scan(r, sig_value->data + halfsize, halfsize);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
_gnutls_mpi_release(s);
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_encode_gost_rs_value:
|
|
Packit Service |
4684c1 |
* @sig_value: will hold a GOST signature according to RFC 4491 section 2.2.2
|
|
Packit Service |
4684c1 |
* @r: must contain the r value
|
|
Packit Service |
4684c1 |
* @s: must contain the s value
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will encode the provided r and s values, into binary
|
|
Packit Service |
4684c1 |
* representation according to RFC 4491 section 2.2.2, used for GOST R
|
|
Packit Service |
4684c1 |
* 34.10-2001 (and thus also for GOST R 34.10-2012) signatures.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The output value should be deallocated using gnutls_free().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
|
|
Packit Service |
4684c1 |
* an error code is returned.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.6.0
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int gnutls_encode_gost_rs_value(gnutls_datum_t * sig_value, const gnutls_datum_t * r, const gnutls_datum_t *s)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
uint8_t *data;
|
|
Packit Service |
4684c1 |
size_t intsize = r->size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (s->size != intsize) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_ILLEGAL_PARAMETER;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
data = gnutls_malloc(intsize * 2);
|
|
Packit Service |
4684c1 |
if (data == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memcpy(data, s->data, intsize);
|
|
Packit Service |
4684c1 |
memcpy(data + intsize, r->data, intsize);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
sig_value->data = data;
|
|
Packit Service |
4684c1 |
sig_value->size = intsize * 2;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_decode_gost_rs_value:
|
|
Packit Service |
4684c1 |
* @sig_value: will holds a GOST signature according to RFC 4491 section 2.2.2
|
|
Packit Service |
4684c1 |
* @r: will contain the r value
|
|
Packit Service |
4684c1 |
* @s: will contain the s value
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will decode the provided @sig_value, into @r and @s elements.
|
|
Packit Service |
4684c1 |
* See RFC 4491 section 2.2.2 for the format of signature value.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* The output values may be padded with a zero byte to prevent them
|
|
Packit Service |
4684c1 |
* from being interpreted as negative values. The value
|
|
Packit Service |
4684c1 |
* should be deallocated using gnutls_free().
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
|
|
Packit Service |
4684c1 |
* an error code is returned.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.6.0
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int gnutls_decode_gost_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t * r, gnutls_datum_t * s)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
unsigned halfsize = sig_value->size >> 1;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (sig_value->size % 2 != 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_PARSING_ERROR);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_set_datum(s, sig_value->data, halfsize);
|
|
Packit Service |
4684c1 |
if (ret != 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret = _gnutls_set_datum(r, sig_value->data + halfsize, halfsize);
|
|
Packit Service |
4684c1 |
if (ret != 0) {
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(s);
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_digest_algorithm_t _gnutls_gost_digest(gnutls_pk_algorithm_t pk)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_GOST_01)
|
|
Packit Service |
4684c1 |
return GNUTLS_DIG_GOSTR_94;
|
|
Packit Service |
4684c1 |
else if (pk == GNUTLS_PK_GOST_12_256)
|
|
Packit Service |
4684c1 |
return GNUTLS_DIG_STREEBOG_256;
|
|
Packit Service |
4684c1 |
else if (pk == GNUTLS_PK_GOST_12_512)
|
|
Packit Service |
4684c1 |
return GNUTLS_DIG_STREEBOG_512;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return GNUTLS_DIG_UNKNOWN;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_pk_algorithm_t _gnutls_digest_gost(gnutls_digest_algorithm_t digest)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (digest == GNUTLS_DIG_GOSTR_94)
|
|
Packit Service |
4684c1 |
return GNUTLS_PK_GOST_01;
|
|
Packit Service |
4684c1 |
else if (digest == GNUTLS_DIG_STREEBOG_256)
|
|
Packit Service |
4684c1 |
return GNUTLS_PK_GOST_12_256;
|
|
Packit Service |
4684c1 |
else if (digest == GNUTLS_DIG_STREEBOG_512)
|
|
Packit Service |
4684c1 |
return GNUTLS_PK_GOST_12_512;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return GNUTLS_PK_UNKNOWN;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_gost_paramset_t _gnutls_gost_paramset_default(gnutls_pk_algorithm_t pk)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
if (pk == GNUTLS_PK_GOST_01)
|
|
Packit Service |
4684c1 |
return GNUTLS_GOST_PARAMSET_CP_A;
|
|
Packit Service |
4684c1 |
else if (pk == GNUTLS_PK_GOST_12_256 ||
|
|
Packit Service |
4684c1 |
pk == GNUTLS_PK_GOST_12_512)
|
|
Packit Service |
4684c1 |
return GNUTLS_GOST_PARAMSET_TC26_Z;
|
|
Packit Service |
4684c1 |
else
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_GOST_PARAMSET_UNKNOWN);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* some generic pk functions */
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_pk_params_copy(gnutls_pk_params_st * dst,
|
|
Packit Service |
4684c1 |
const gnutls_pk_params_st * src)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned int i, j;
|
|
Packit Service |
4684c1 |
dst->params_nr = 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (src == NULL || (src->params_nr == 0 && src->raw_pub.size == 0)) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dst->pkflags = src->pkflags;
|
|
Packit Service |
4684c1 |
dst->curve = src->curve;
|
|
Packit Service |
4684c1 |
dst->gost_params = src->gost_params;
|
|
Packit Service |
4684c1 |
dst->qbits = src->qbits;
|
|
Packit Service |
4684c1 |
dst->algo = src->algo;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
for (i = 0; i < src->params_nr; i++) {
|
|
Packit Service |
4684c1 |
dst->params[i] = _gnutls_mpi_copy(src->params[i]);
|
|
Packit Service |
4684c1 |
if (dst->params[i] == NULL) {
|
|
Packit Service |
4684c1 |
goto fail;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
dst->params_nr++;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (_gnutls_set_datum(&dst->raw_priv, src->raw_priv.data, src->raw_priv.size) < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto fail;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (_gnutls_set_datum(&dst->raw_pub, src->raw_pub.data, src->raw_pub.size) < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto fail;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (src->seed_size) {
|
|
Packit Service |
4684c1 |
dst->seed_size = src->seed_size;
|
|
Packit Service |
4684c1 |
memcpy(dst->seed, src->seed, src->seed_size);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
dst->palgo = src->palgo;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
memcpy(&dst->spki, &src->spki, sizeof(gnutls_x509_spki_st));
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
fail:
|
|
Packit Service |
4684c1 |
for (j = 0; j < i; j++)
|
|
Packit Service |
4684c1 |
_gnutls_mpi_release(&dst->params[j]);
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
void gnutls_pk_params_init(gnutls_pk_params_st * p)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
memset(p, 0, sizeof(gnutls_pk_params_st));
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
void gnutls_pk_params_release(gnutls_pk_params_st * p)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned int i;
|
|
Packit Service |
4684c1 |
for (i = 0; i < p->params_nr; i++) {
|
|
Packit Service |
4684c1 |
_gnutls_mpi_release(&p->params[i]);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
gnutls_free(p->raw_priv.data);
|
|
Packit Service |
4684c1 |
gnutls_free(p->raw_pub.data);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
p->params_nr = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
void gnutls_pk_params_clear(gnutls_pk_params_st * p)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned int i;
|
|
Packit Service |
4684c1 |
for (i = 0; i < p->params_nr; i++) {
|
|
Packit Service |
4684c1 |
if (p->params[i] != NULL)
|
|
Packit Service |
4684c1 |
_gnutls_mpi_clear(p->params[i]);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
gnutls_memset(p->seed, 0, p->seed_size);
|
|
Packit Service |
4684c1 |
p->seed_size = 0;
|
|
Packit Service |
4684c1 |
if (p->raw_priv.data != NULL) {
|
|
Packit Service |
4684c1 |
gnutls_memset(p->raw_priv.data, 0, p->raw_priv.size);
|
|
Packit Service |
4684c1 |
p->raw_priv.size = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_find_rsa_pss_salt_size(unsigned bits, const mac_entry_st *me,
|
|
Packit Service |
4684c1 |
unsigned salt_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
unsigned digest_size;
|
|
Packit Service |
4684c1 |
int max_salt_size;
|
|
Packit Service |
4684c1 |
unsigned key_size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
digest_size = _gnutls_hash_get_algo_len(me);
|
|
Packit Service |
4684c1 |
key_size = (bits + 7) / 8;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (key_size == 0) {
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_PK_INVALID_PUBKEY);
|
|
Packit Service |
4684c1 |
} else {
|
|
Packit Service |
4684c1 |
max_salt_size = key_size - digest_size - 2;
|
|
Packit Service |
4684c1 |
if (max_salt_size < 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (salt_size < digest_size)
|
|
Packit Service |
4684c1 |
salt_size = digest_size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (salt_size > (unsigned)max_salt_size)
|
|
Packit Service |
4684c1 |
salt_size = max_salt_size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return salt_size;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Writes the digest information and the digest in a DER encoded
|
|
Packit Service |
4684c1 |
* structure. The digest info is allocated and stored into the info structure.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
encode_ber_digest_info(const mac_entry_st * e,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * digest,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * output)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
|
|
Packit Service |
4684c1 |
int result;
|
|
Packit Service |
4684c1 |
const char *algo;
|
|
Packit Service |
4684c1 |
uint8_t *tmp_output;
|
|
Packit Service |
4684c1 |
int tmp_output_size;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* prevent asn1_write_value() treating input as string */
|
|
Packit Service |
4684c1 |
if (digest->size == 0)
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
algo = _gnutls_x509_mac_to_oid(e);
|
|
Packit Service |
4684c1 |
if (algo == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_debug_log("Hash algorithm: %d has no OID\n",
|
|
Packit Service |
4684c1 |
e->id);
|
|
Packit Service |
4684c1 |
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
|
|
Packit Service |
4684c1 |
"GNUTLS.DigestInfo",
|
|
Packit Service |
4684c1 |
&dinfo)) != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result =
|
|
Packit Service |
4684c1 |
asn1_write_value(dinfo, "digestAlgorithm.algorithm", algo, 1);
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Write an ASN.1 NULL in the parameters field. This matches RFC
|
|
Packit Service |
4684c1 |
3279 and RFC 4055, although is arguable incorrect from a historic
|
|
Packit Service |
4684c1 |
perspective (see those documents for more information).
|
|
Packit Service |
4684c1 |
Regardless of what is correct, this appears to be what most
|
|
Packit Service |
4684c1 |
implementations do. */
|
|
Packit Service |
4684c1 |
result = asn1_write_value(dinfo, "digestAlgorithm.parameters",
|
|
Packit Service |
4684c1 |
ASN1_NULL, ASN1_NULL_SIZE);
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result =
|
|
Packit Service |
4684c1 |
asn1_write_value(dinfo, "digest", digest->data, digest->size);
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
tmp_output_size = 0;
|
|
Packit Service |
4684c1 |
result = asn1_der_coding(dinfo, "", NULL, &tmp_output_size, NULL);
|
|
Packit Service |
4684c1 |
if (result != ASN1_MEM_ERROR) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
tmp_output = gnutls_malloc(tmp_output_size);
|
|
Packit Service |
4684c1 |
if (tmp_output == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
result =
|
|
Packit Service |
4684c1 |
asn1_der_coding(dinfo, "", tmp_output, &tmp_output_size, NULL);
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
output->size = tmp_output_size;
|
|
Packit Service |
4684c1 |
output->data = tmp_output;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_encode_ber_digest_info:
|
|
Packit Service |
4684c1 |
* @info: an RSA BER encoded DigestInfo structure
|
|
Packit Service |
4684c1 |
* @hash: the hash algorithm that was used to get the digest
|
|
Packit Service |
4684c1 |
* @digest: must contain the digest data
|
|
Packit Service |
4684c1 |
* @output: will contain the allocated DigestInfo BER encoded data
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will encode the provided digest data, and its
|
|
Packit Service |
4684c1 |
* algorithm into an RSA PKCS#1 1.5 DigestInfo structure.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
|
|
Packit Service |
4684c1 |
* an error code is returned.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.5.0
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
gnutls_encode_ber_digest_info(gnutls_digest_algorithm_t hash,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * digest,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * output)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
const mac_entry_st *e = hash_to_entry(hash);
|
|
Packit Service |
4684c1 |
if (unlikely(e == NULL))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return encode_ber_digest_info(e , digest, output);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/**
|
|
Packit Service |
4684c1 |
* gnutls_decode_ber_digest_info:
|
|
Packit Service |
4684c1 |
* @info: an RSA BER encoded DigestInfo structure
|
|
Packit Service |
4684c1 |
* @hash: will contain the hash algorithm of the structure
|
|
Packit Service |
4684c1 |
* @digest: will contain the hash output of the structure
|
|
Packit Service |
4684c1 |
* @digest_size: will contain the hash size of the structure; initially must hold the maximum size of @digest
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* This function will parse an RSA PKCS#1 1.5 DigestInfo structure
|
|
Packit Service |
4684c1 |
* and report the hash algorithm used as well as the digest data.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
|
|
Packit Service |
4684c1 |
* an error code is returned.
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
* Since: 3.5.0
|
|
Packit Service |
4684c1 |
*
|
|
Packit Service |
4684c1 |
**/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
gnutls_decode_ber_digest_info(const gnutls_datum_t * info,
|
|
Packit Service |
4684c1 |
gnutls_digest_algorithm_t * hash,
|
|
Packit Service |
4684c1 |
unsigned char * digest, unsigned int *digest_size)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
|
|
Packit Service |
4684c1 |
int result;
|
|
Packit Service |
4684c1 |
char str[MAX(MAX_OID_SIZE, MAX_HASH_SIZE)];
|
|
Packit Service |
4684c1 |
int len;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if ((result = asn1_create_element(_gnutls_get_gnutls_asn(),
|
|
Packit Service |
4684c1 |
"GNUTLS.DigestInfo",
|
|
Packit Service |
4684c1 |
&dinfo)) != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* rfc2313 required BER encoding of that field, thus
|
|
Packit Service |
4684c1 |
* we don't restrict libtasn1 to DER subset */
|
|
Packit Service |
4684c1 |
result = asn1_der_decoding(&dinfo, info->data, info->size, NULL);
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
len = sizeof(str) - 1;
|
|
Packit Service |
4684c1 |
result =
|
|
Packit Service |
4684c1 |
asn1_read_value(dinfo, "digestAlgorithm.algorithm", str, &len;;
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*hash = gnutls_oid_to_digest(str);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (*hash == GNUTLS_DIG_UNKNOWN) {
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_debug_log("verify.c: HASH OID: %s\n", str);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return GNUTLS_E_UNKNOWN_HASH_ALGORITHM;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
len = sizeof(str) - 1;
|
|
Packit Service |
4684c1 |
result =
|
|
Packit Service |
4684c1 |
asn1_read_value(dinfo, "digestAlgorithm.parameters", str,
|
|
Packit Service |
4684c1 |
&len;;
|
|
Packit Service |
4684c1 |
/* To avoid permitting garbage in the parameters field, either the
|
|
Packit Service |
4684c1 |
parameters field is not present, or it contains 0x05 0x00. */
|
|
Packit Service |
4684c1 |
if (!(result == ASN1_ELEMENT_NOT_FOUND ||
|
|
Packit Service |
4684c1 |
(result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
|
|
Packit Service |
4684c1 |
memcmp(str, ASN1_NULL, ASN1_NULL_SIZE) == 0))) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return GNUTLS_E_ASN1_GENERIC_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
len = *digest_size;
|
|
Packit Service |
4684c1 |
result = asn1_read_value(dinfo, "digest", digest, &len;;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (result != ASN1_SUCCESS) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
*digest_size = len;
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
return _gnutls_asn2err(result);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
*digest_size = len;
|
|
Packit Service |
4684c1 |
asn1_delete_structure(&dinfo);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_params_get_rsa_raw(const gnutls_pk_params_st* params,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * m, gnutls_datum_t * e,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * d, gnutls_datum_t * p,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * q, gnutls_datum_t * u,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * e1,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * e2,
|
|
Packit Service |
4684c1 |
unsigned int flags)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
mpi_dprint_func dprint = _gnutls_mpi_dprint_lz;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (flags & GNUTLS_EXPORT_FLAG_NO_LZ)
|
|
Packit Service |
4684c1 |
dprint = _gnutls_mpi_dprint;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (params == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (!GNUTLS_PK_IS_RSA(params->algo)) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (m) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[0], m);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto error;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* E */
|
|
Packit Service |
4684c1 |
if (e) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[1], e);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto error;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* D */
|
|
Packit Service |
4684c1 |
if (d && params->params[2]) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[2], d);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto error;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else if (d) {
|
|
Packit Service |
4684c1 |
d->data = NULL;
|
|
Packit Service |
4684c1 |
d->size = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* P */
|
|
Packit Service |
4684c1 |
if (p && params->params[3]) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[3], p);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto error;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else if (p) {
|
|
Packit Service |
4684c1 |
p->data = NULL;
|
|
Packit Service |
4684c1 |
p->size = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Q */
|
|
Packit Service |
4684c1 |
if (q && params->params[4]) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[4], q);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto error;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else if (q) {
|
|
Packit Service |
4684c1 |
q->data = NULL;
|
|
Packit Service |
4684c1 |
q->size = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* U */
|
|
Packit Service |
4684c1 |
if (u && params->params[5]) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[5], u);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto error;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else if (u) {
|
|
Packit Service |
4684c1 |
u->data = NULL;
|
|
Packit Service |
4684c1 |
u->size = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* E1 */
|
|
Packit Service |
4684c1 |
if (e1 && params->params[6]) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[6], e1);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto error;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else if (e1) {
|
|
Packit Service |
4684c1 |
e1->data = NULL;
|
|
Packit Service |
4684c1 |
e1->size = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* E2 */
|
|
Packit Service |
4684c1 |
if (e2 && params->params[7]) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[7], e2);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto error;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
} else if (e2) {
|
|
Packit Service |
4684c1 |
e2->data = NULL;
|
|
Packit Service |
4684c1 |
e2->size = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
error:
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(m);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(d);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(e);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(e1);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(e2);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(p);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(q);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
_gnutls_params_get_dsa_raw(const gnutls_pk_params_st* params,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * p, gnutls_datum_t * q,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * g, gnutls_datum_t * y,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * x, unsigned int flags)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
mpi_dprint_func dprint = _gnutls_mpi_dprint_lz;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (flags & GNUTLS_EXPORT_FLAG_NO_LZ)
|
|
Packit Service |
4684c1 |
dprint = _gnutls_mpi_dprint;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (params == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (params->algo != GNUTLS_PK_DSA) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* P */
|
|
Packit Service |
4684c1 |
if (p) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[0], p);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Q */
|
|
Packit Service |
4684c1 |
if (q) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[1], q);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(p);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* G */
|
|
Packit Service |
4684c1 |
if (g) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[2], g);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(p);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(q);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Y */
|
|
Packit Service |
4684c1 |
if (y) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[3], y);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(p);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(g);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(q);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* X */
|
|
Packit Service |
4684c1 |
if (x) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[4], x);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(y);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(p);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(g);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(q);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params,
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t * curve,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * x,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * y,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * k,
|
|
Packit Service |
4684c1 |
unsigned int flags)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
mpi_dprint_func dprint = _gnutls_mpi_dprint_lz;
|
|
Packit Service |
4684c1 |
const gnutls_ecc_curve_entry_st *e;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (flags & GNUTLS_EXPORT_FLAG_NO_LZ)
|
|
Packit Service |
4684c1 |
dprint = _gnutls_mpi_dprint;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (params == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (curve)
|
|
Packit Service |
4684c1 |
*curve = params->curve;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
e = _gnutls_ecc_curve_get_params(params->curve);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (_curve_is_eddsa(e)) {
|
|
Packit Service |
4684c1 |
if (x) {
|
|
Packit Service |
4684c1 |
ret = _gnutls_set_datum(x, params->raw_pub.data, params->raw_pub.size);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (y) {
|
|
Packit Service |
4684c1 |
y->data = NULL;
|
|
Packit Service |
4684c1 |
y->size = 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (k) {
|
|
Packit Service |
4684c1 |
ret = _gnutls_set_datum(k, params->raw_priv.data, params->raw_priv.size);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(x);
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(ret);
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (unlikely(e == NULL || e->pk != GNUTLS_PK_ECDSA))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* X */
|
|
Packit Service |
4684c1 |
if (x) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[ECC_X], x);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Y */
|
|
Packit Service |
4684c1 |
if (y) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[ECC_Y], y);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(x);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* K */
|
|
Packit Service |
4684c1 |
if (k) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[ECC_K], k);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(x);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(y);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int _gnutls_params_get_gost_raw(const gnutls_pk_params_st* params,
|
|
Packit Service |
4684c1 |
gnutls_ecc_curve_t * curve,
|
|
Packit Service |
4684c1 |
gnutls_digest_algorithm_t * digest,
|
|
Packit Service |
4684c1 |
gnutls_gost_paramset_t * paramset,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * x,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * y,
|
|
Packit Service |
4684c1 |
gnutls_datum_t * k,
|
|
Packit Service |
4684c1 |
unsigned int flags)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
mpi_dprint_func dprint = _gnutls_mpi_dprint_le;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (params == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_INVALID_REQUEST;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (curve)
|
|
Packit Service |
4684c1 |
*curve = params->curve;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (digest)
|
|
Packit Service |
4684c1 |
*digest = _gnutls_gost_digest(params->algo);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
if (paramset)
|
|
Packit Service |
4684c1 |
*paramset = params->gost_params;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* X */
|
|
Packit Service |
4684c1 |
if (x) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[GOST_X], x);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* Y */
|
|
Packit Service |
4684c1 |
if (y) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[GOST_Y], y);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(x);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/* K */
|
|
Packit Service |
4684c1 |
if (k) {
|
|
Packit Service |
4684c1 |
ret = dprint(params->params[GOST_K], k);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(x);
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(y);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
pk_hash_data(gnutls_pk_algorithm_t pk, const mac_entry_st * hash,
|
|
Packit Service |
4684c1 |
gnutls_pk_params_st * params,
|
|
Packit Service |
4684c1 |
const gnutls_datum_t * data, gnutls_datum_t * digest)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
digest->size = _gnutls_hash_get_algo_len(hash);
|
|
Packit Service |
4684c1 |
digest->data = gnutls_malloc(digest->size);
|
|
Packit Service |
4684c1 |
if (digest->data == NULL) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_MEMORY_ERROR;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
ret =
|
|
Packit Service |
4684c1 |
_gnutls_hash_fast((gnutls_digest_algorithm_t)hash->id, data->data, data->size,
|
|
Packit Service |
4684c1 |
digest->data);
|
|
Packit Service |
4684c1 |
if (ret < 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
goto cleanup;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
cleanup:
|
|
Packit Service |
4684c1 |
gnutls_free(digest->data);
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
/*
|
|
Packit Service |
4684c1 |
* This function will do RSA PKCS #1 1.5 encoding
|
|
Packit Service |
4684c1 |
* on the given digest. The given digest must be allocated
|
|
Packit Service |
4684c1 |
* and will be freed if replacement is required.
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
int
|
|
Packit Service |
4684c1 |
pk_prepare_hash(gnutls_pk_algorithm_t pk,
|
|
Packit Service |
4684c1 |
const mac_entry_st * hash, gnutls_datum_t * digest)
|
|
Packit Service |
4684c1 |
{
|
|
Packit Service |
4684c1 |
int ret;
|
|
Packit Service |
4684c1 |
gnutls_datum_t old_digest = { digest->data, digest->size };
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
switch (pk) {
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_RSA:
|
|
Packit Service |
4684c1 |
if (unlikely(hash == NULL))
|
|
Packit Service |
4684c1 |
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
|
|
Packit Service |
4684c1 |
/* Encode the digest as a DigestInfo
|
|
Packit Service |
4684c1 |
*/
|
|
Packit Service |
4684c1 |
if ((ret =
|
|
Packit Service |
4684c1 |
encode_ber_digest_info(hash, &old_digest,
|
|
Packit Service |
4684c1 |
digest)) != 0) {
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return ret;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
_gnutls_free_datum(&old_digest);
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_RSA_PSS:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_DSA:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_ECDSA:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_EDDSA_ED25519:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_EDDSA_ED448:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_GOST_01:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_GOST_12_256:
|
|
Packit Service |
4684c1 |
case GNUTLS_PK_GOST_12_512:
|
|
Packit Service |
4684c1 |
break;
|
|
Packit Service |
4684c1 |
default:
|
|
Packit Service |
4684c1 |
gnutls_assert();
|
|
Packit Service |
4684c1 |
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
|
|
Packit Service |
4684c1 |
}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
return 0;
|
|
Packit Service |
4684c1 |
}
|