diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-06 21:48:34 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2001-08-06 21:48:34 +0000 |
| commit | 7d3467a82b43b090ba977691950555cd62e09f26 (patch) | |
| tree | ea00c9050f885b98a62b0f3e69b9ab136cdb3f1d | |
| parent | 5188c5006acaec18ef7a4755e0aab7116b81506d (diff) | |
| download | gnutls-7d3467a82b43b090ba977691950555cd62e09f26.tar.gz | |
cleanups in the signature generating functions
| -rw-r--r-- | lib/gnutls_int.h | 4 | ||||
| -rw-r--r-- | lib/gnutls_sig.c | 92 | ||||
| -rw-r--r-- | lib/gnutls_sig.h | 2 | ||||
| -rw-r--r-- | lib/x509_sig_check.c | 98 |
4 files changed, 103 insertions, 93 deletions
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 861cc7f7b4..ef7b03a94a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -29,10 +29,10 @@ #define WRITE_DEBUG #define BUFFERS_DEBUG #define HARD_DEBUG -#define RECORD_DEBUG +#define RECORD_DEBUG*/ #define HANDSHAKE_DEBUG #define DEBUG -*/ + #define SOCKET int #define LIST ... diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index f98c8be1b6..ee206008d0 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -75,7 +75,7 @@ int ret; data.data = digest; data.size = 20+16; /* md5 + sha */ - ret = _gnutls_pkcs1_rsa_generate_sig( GNUTLS_MAC_MD5, pkey, &data, signature); + ret = _gnutls_pkcs1_rsa_generate_sig( pkey, &data, signature); break; default: @@ -88,94 +88,9 @@ int ret; } -#ifdef NO_SSL_SIGS -/* This is not used in SSL signatures - */ -static int _gnutls_digestinfo_encode( opaque* data, int data_size, char* OID, gnutls_datum* der) { -node_asn *di; -int result; - - if (asn1_create_structure( _gnutls_get_pkcs(), - "PKCS-1.DigestInfo", &di, "di") != ASN_OK) { - gnutls_assert(); - return GNUTLS_E_ASN1_ERROR; - } - - result = asn1_write_value( di, "di.digestAlgorithm.algorithm", OID, 1); - if (result!=ASN_OK) { - gnutls_assert(); - asn1_delete_structure( di); - return GNUTLS_E_ASN1_ERROR; - } - - result = asn1_write_value( di, "di.digestAlgorithm.parameters", NULL, 0); - if (result!=ASN_OK) { - gnutls_assert(); - asn1_delete_structure( di); - return GNUTLS_E_ASN1_ERROR; - } - result = asn1_write_value( di, "di.digest", data, data_size); - if (result!=ASN_OK) { - gnutls_assert(); - asn1_delete_structure( di); - return GNUTLS_E_ASN1_ERROR; - } - - der->size = data_size + 200; - der->data = gnutls_malloc( der->size); - if (der->data==NULL) { - gnutls_assert(); - asn1_delete_structure( di); - return GNUTLS_E_MEMORY_ERROR; - } - - result = asn1_create_der( di, "di", der->data, &der->size); - if (result!=ASN_OK) { - gnutls_assert(); - asn1_delete_structure( di); - gnutls_free_datum( der); - return GNUTLS_E_ASN1_ERROR; - } - asn1_delete_structure( di); - - return 0; -} -#endif - -int _gnutls_pkcs1_rsa_generate_sig( MACAlgorithm hash_algo, gnutls_private_key *pkey, const gnutls_datum *data, gnutls_datum *signature) { +int _gnutls_pkcs1_rsa_generate_sig( gnutls_private_key *pkey, const gnutls_datum *data, gnutls_datum *signature) { int ret; -#ifdef NO_SSL_SIGS - GNUTLS_HASH_HANDLE hd; - opaque digest[MAX_HASH_SIZE]; - char OID[40]; - int digest_size = gnutls_hash_get_algo_len( hash_algo); - gnutls_datum der; - - if (hash_algo==GNUTLS_MAC_MD5) - strcpy(OID, "1 2 840 113549 2 5"); - else if (hash_algo==GNUTLS_MAC_SHA) - strcpy(OID, "1 3 14 3 2 26"); - else { - gnutls_assert(); - return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; - } - - /* hash data */ - hd = gnutls_hash_init( hash_algo); - if (hd==NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - gnutls_hash( hd, data->data, data->size); - gnutls_hash_deinit( hd, digest); - - /* encode digest to DigestInfo (der) */ - if ( (ret=_gnutls_digestinfo_encode( digest, digest_size, OID, &der)) < 0) { - gnutls_assert(); - return ret; - } -#endif /* encrypt der */ if ( (ret=_gnutls_pkcs1_rsa_encrypt( signature, *data, pkey->params[0], pkey->params[1], 1)) < 0) { @@ -183,8 +98,5 @@ int _gnutls_pkcs1_rsa_generate_sig( MACAlgorithm hash_algo, gnutls_private_key * return ret; } -#ifdef NO_SSL_SIGS - gnutls_free_datum( &der); -#endif return 0; } diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h index 6253060a31..03ee658cda 100644 --- a/lib/gnutls_sig.h +++ b/lib/gnutls_sig.h @@ -1,4 +1,4 @@ int _gnutls_pkcs1_rsa_verify_sig( gnutls_datum* signature, gnutls_datum *text, MPI m, MPI e); CertificateStatus gnutls_verify_signature(gnutls_cert* cert, gnutls_cert* issuer); -int _gnutls_pkcs1_rsa_generate_sig( MACAlgorithm hash_algo, gnutls_private_key *pkey, const gnutls_datum *data, gnutls_datum *signature); +int _gnutls_pkcs1_rsa_generate_sig( gnutls_private_key *pkey, const gnutls_datum *data, gnutls_datum *signature); int _gnutls_generate_sig( GNUTLS_STATE state, gnutls_private_key *pkey, gnutls_datum *signature); diff --git a/lib/x509_sig_check.c b/lib/x509_sig_check.c index 9b3273624d..bd3f09fbf4 100644 --- a/lib/x509_sig_check.c +++ b/lib/x509_sig_check.c @@ -216,3 +216,101 @@ gnutls_datum* tbs; gnutls_assert(); return GNUTLS_CERT_INVALID; } + + +#if 0 +/* Signature generation - not tested */ +static int _gnutls_digestinfo_encode( opaque* data, int data_size, char* OID, gnutls_datum* der) { +node_asn *di; +int result; + + if (asn1_create_structure( _gnutls_get_pkcs(), + "PKCS-1.DigestInfo", &di, "di") != ASN_OK) { + gnutls_assert(); + return GNUTLS_E_ASN1_ERROR; + } + + result = asn1_write_value( di, "di.digestAlgorithm.algorithm", OID, 1); + if (result!=ASN_OK) { + gnutls_assert(); + asn1_delete_structure( di); + return GNUTLS_E_ASN1_ERROR; + } + + result = asn1_write_value( di, "di.digestAlgorithm.parameters", NULL, 0); + if (result!=ASN_OK) { + gnutls_assert(); + asn1_delete_structure( di); + return GNUTLS_E_ASN1_ERROR; + } + + result = asn1_write_value( di, "di.digest", data, data_size); + if (result!=ASN_OK) { + gnutls_assert(); + asn1_delete_structure( di); + return GNUTLS_E_ASN1_ERROR; + } + + der->size = data_size + 200; + der->data = gnutls_malloc( der->size); + if (der->data==NULL) { + gnutls_assert(); + asn1_delete_structure( di); + return GNUTLS_E_MEMORY_ERROR; + } + + result = asn1_create_der( di, "di", der->data, &der->size); + if (result!=ASN_OK) { + gnutls_assert(); + asn1_delete_structure( di); + gnutls_free_datum( der); + return GNUTLS_E_ASN1_ERROR; + } + asn1_delete_structure( di); + + return 0; +} + +int _pkcs1_rsa_generate_sig( MACAlgorithm hash_algo, gnutls_private_key *pkey, const gnutls_datum *data, gnutls_datum *signature) { + int ret; + GNUTLS_HASH_HANDLE hd; + opaque digest[MAX_HASH_SIZE]; + char OID[40]; + int digest_size = gnutls_hash_get_algo_len( hash_algo); + gnutls_datum der; + + if (hash_algo==GNUTLS_MAC_MD5) + strcpy(OID, "1 2 840 113549 2 5"); + else if (hash_algo==GNUTLS_MAC_SHA) + strcpy(OID, "1 3 14 3 2 26"); + else { + gnutls_assert(); + return GNUTLS_E_UNKNOWN_MAC_ALGORITHM; + } + + /* hash data */ + hd = gnutls_hash_init( hash_algo); + if (hd==NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + gnutls_hash( hd, data->data, data->size); + gnutls_hash_deinit( hd, digest); + + /* encode digest to DigestInfo (der) */ + if ( (ret=_gnutls_digestinfo_encode( digest, digest_size, OID, &der)) < 0) { + gnutls_assert(); + return ret; + } + + der.data = digest; + der.size = digest_size; + /* encrypt der */ + if ( (ret=_gnutls_pkcs1_rsa_encrypt( signature, der, pkey->params[0], pkey->params[1], 1)) < 0) { + gnutls_assert(); + return ret; + } + + return 0; +} +#endif |