diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-06-06 16:24:49 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-06-06 16:24:49 +0000 |
commit | c80e4f4bdba5a4c5b70c817662b3478e57d74f91 (patch) | |
tree | 0279b035a1d70919a461abc01dc48d4a43cc5455 | |
parent | b47cfda584ab752608d9ffbc6aa88b1150649686 (diff) | |
download | gnutls-c80e4f4bdba5a4c5b70c817662b3478e57d74f91.tar.gz |
Added the functions gnutls_x509_crt_get_pk_rsa_raw() and
gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | doc/tex/cover.tex.in | 2 | ||||
-rw-r--r-- | includes/gnutls/x509.h | 6 | ||||
-rw-r--r-- | lib/gnutls_int.h | 10 | ||||
-rw-r--r-- | lib/gnutls_mpi.c | 26 | ||||
-rw-r--r-- | lib/gnutls_mpi.h | 3 | ||||
-rw-r--r-- | lib/x509/x509.c | 132 |
7 files changed, 175 insertions, 6 deletions
@@ -8,6 +8,8 @@ Version 1.0.14 - Corrected a serious bug in the included libtasn1 library. - Corrected session resuming in SRP ciphersuites. - Updated to conform to the latest srp draft (draft-ietf-tls-srp-07) +- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and + gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates. Version 1.0.13 (29/04/2004) - Some complilation fixes. diff --git a/doc/tex/cover.tex.in b/doc/tex/cover.tex.in index 48207ae20b..300ea355e5 100644 --- a/doc/tex/cover.tex.in +++ b/doc/tex/cover.tex.in @@ -53,7 +53,7 @@ Applies to GnuTLS @VERSION@ \begin{center} \par -Copyright \copyright\ 2001,2002,2003 Nikos Mavroyanopoulos\\ +Copyright \copyright\ 2001,2002,2003,2004 Nikos Mavroyanopoulos\\ \setlength{\parskip}{4mm} \par Permission is granted to copy, distribute and/or modify this document diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index c97832508a..0d8cfbd5c5 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -132,6 +132,12 @@ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt cert); int gnutls_x509_crt_get_serial(gnutls_x509_crt cert, void* result, size_t* result_size); int gnutls_x509_crt_get_pk_algorithm( gnutls_x509_crt cert, unsigned int* bits); +int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt crt, + gnutls_datum * m, gnutls_datum *e); +int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt crt, + gnutls_datum * p, gnutls_datum *q, + gnutls_datum *g, gnutls_datum *y); + int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert, unsigned int seq, void *ret, size_t *ret_size, unsigned int* critical); int gnutls_x509_crt_get_ca_status(gnutls_x509_crt cert, unsigned int* critical); diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 3646f5b555..f14d7e5ced 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -102,6 +102,11 @@ typedef void * gnutls_transport_ptr; typedef unsigned char opaque; typedef struct { opaque pint[3]; } uint24; +typedef struct { + opaque * data; + unsigned int size; +} gnutls_datum; + #include <gnutls_mpi.h> typedef enum ChangeCipherSpecType { GNUTLS_TYPE_CHANGE_CIPHER_SPEC=1 } ChangeCipherSpecType; @@ -141,11 +146,6 @@ typedef enum HandshakeType { GNUTLS_HELLO_REQUEST, GNUTLS_CLIENT_HELLO, GNUTLS_S typedef HandshakeType gnutls_handshake_description; -typedef struct { - opaque * data; - unsigned int size; -} gnutls_datum; - #include <gnutls_buffer.h> /* This is the maximum number of algorithms (ciphers or macs etc). diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index 31d3173744..3deb33e1c7 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -97,6 +97,32 @@ int ret; return GNUTLS_E_MPI_PRINT_FAILED; } +/* Always has the first bit zero */ +int _gnutls_mpi_dprint_lz( gnutls_datum* dest, const GNUTLS_MPI a ) +{ +int ret; +opaque* buf = NULL; +size_t bytes = 0; + + if (dest == NULL || a == NULL) return GNUTLS_E_INVALID_REQUEST; + + gcry_mpi_print( GCRYMPI_FMT_STD, NULL, 0, &bytes, a); + + if (bytes != 0) + buf = gnutls_malloc( bytes); + if (buf == NULL) + return GNUTLS_E_MEMORY_ERROR; + + ret = gcry_mpi_print( GCRYMPI_FMT_STD, buf, bytes, &bytes, a); + if (!ret) { + dest->data = buf; + dest->size = bytes; + return 0; + } + + gnutls_free(buf); + return GNUTLS_E_MPI_PRINT_FAILED; +} /* this function reads an integer * from asn1 structs. Combines the read and mpi_scan diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h index 48bb78b7b4..80857fb4b7 100644 --- a/lib/gnutls_mpi.h +++ b/lib/gnutls_mpi.h @@ -3,6 +3,7 @@ # include <gcrypt.h> # include <libtasn1.h> +# include <gnutls_int.h> #define GNUTLS_MPI gcry_mpi_t @@ -40,5 +41,7 @@ int _gnutls_mpi_scan_pgp( GNUTLS_MPI *ret_mpi, const opaque *buffer, size_t *nby int _gnutls_mpi_print( void *buffer, size_t *nbytes, const GNUTLS_MPI a ); int _gnutls_mpi_print_lz( void *buffer, size_t *nbytes, const GNUTLS_MPI a ); +int _gnutls_mpi_dprint_lz( gnutls_datum* dest, const GNUTLS_MPI a ); +#define _gnutls_mpi_dprint _gnutls_mpi_dprint_lz #endif diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 097f5e38f5..ed3d0945e9 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1682,4 +1682,136 @@ int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt cert, } +/** + * gnutls_x509_crt_get_pk_rsa_raw - This function will export the RSA public key + * @crt: Holds the certificate + * @m: will hold the modulus + * @e: will hold the public exponent + * + * This function will export the RSA private key's parameters found in the given + * structure. The new parameters will be allocated using + * gnutls_malloc() and will be stored in the appropriate datum. + * + **/ +int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt crt, + gnutls_datum * m, gnutls_datum *e) +{ +int ret; +GNUTLS_MPI params[MAX_PUBLIC_PARAMS_SIZE]; +int params_size = MAX_PUBLIC_PARAMS_SIZE; +int i; + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_x509_crt_get_mpis( crt, params, ¶ms_size); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = _gnutls_mpi_dprint(m, params[0]); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_mpi_dprint(e, params[1]); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(m); + goto cleanup; + } + + ret = 0; + +cleanup: + for (i = 0; i < params_size; i++) { + _gnutls_mpi_release( ¶ms[i]); + } + return ret; +} + +/** + * gnutls_x509_crt_get_pk_dsa_raw - This function will export the DSA private key + * @crt: Holds the certificate + * @p: will hold the p + * @q: will hold the q + * @g: will hold the g + * @y: will hold the y + * + * This function will export the DSA private key's parameters found in the given + * certificate. The new parameters will be allocated using + * gnutls_malloc() and will be stored in the appropriate datum. + * + **/ +int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt crt, + gnutls_datum * p, gnutls_datum *q, + gnutls_datum *g, gnutls_datum *y) +{ +int ret; +GNUTLS_MPI params[MAX_PUBLIC_PARAMS_SIZE]; +int params_size = MAX_PUBLIC_PARAMS_SIZE; +int i; + + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_x509_crt_get_mpis( crt, params, ¶ms_size); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + + /* P */ + ret = _gnutls_mpi_dprint(p, params[0]); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + /* Q */ + ret = _gnutls_mpi_dprint(q, params[1]); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + goto cleanup; + } + + + /* G */ + ret = _gnutls_mpi_dprint(g, params[2]); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(q); + goto cleanup; + } + + + /* Y */ + ret = _gnutls_mpi_dprint(y, params[3]); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(g); + _gnutls_free_datum(q); + goto cleanup; + } + + ret = 0; + +cleanup: + for (i = 0; i < params_size; i++) { + _gnutls_mpi_release( ¶ms[i]); + } + return ret; + +} + #endif |