deprecated x509/sign.h and moved functionality of it in gnutls_sig.h.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-12-12 09:40:29 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2010-12-12 09:40:29 +0100
commit: 1c297951ba962c0922f7e8b60f91d32b0d2e901f (patch)
tree: 56b770947bcbb98320390dac10a5ef3f39b69035
parent: 535596a4e2f857e6373b28142295bf8d6d1b6654 (diff)
download: gnutls-1c297951ba962c0922f7e8b60f91d32b0d2e901f.tar.gz
12 files changed, 193 insertions, 184 deletions
diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c
index 4ba21d4e8d..4e3b640205 100644
--- a/lib/gnutls_privkey.c
+++ b/lib/gnutls_privkey.c
@@ -30,10 +30,11 @@
 #include <gnutls_datum.h>
 #include <pkcs11_int.h>
 #include <gnutls/abstract.h>
-#include <sign.h>
 #include <gnutls_pk.h>
 #include <x509_int.h>
 #include <openpgp/openpgp_int.h>
+#include <openpgp/gnutls_openpgp.h>
+#include <gnutls_sig.h>
 
 struct gnutls_privkey_st
 {
@@ -385,7 +386,7 @@ _gnutls_privkey_sign_hash (gnutls_privkey_t key,
 					       hash, signature);
 #endif
     case GNUTLS_PRIVKEY_PKCS11:
-      return gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
+      return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
 					      hash, signature);
     case GNUTLS_PRIVKEY_X509:
       return _gnutls_soft_sign (key->key.x509->pk_algorithm, key->key.x509->params,
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index bce1334398..7169aecb80 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -30,7 +30,6 @@
 #include <gnutls_datum.h>
 #include <pkcs11_int.h>
 #include <gnutls/abstract.h>
-#include <sign.h>
 #include <gnutls_pk.h>
 #include <x509_int.h>
 #include <openpgp/openpgp_int.h>
diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
index 165a6dc03a..714cf35409 100644
--- a/lib/gnutls_sig.c
+++ b/lib/gnutls_sig.c
@@ -304,7 +304,7 @@ _gnutls_tls_sign (gnutls_session_t session,
 	}
     }
 
-  return gnutls_privkey_sign_hash (pkey, hash_concat, signature);
+  return _gnutls_privkey_sign_hash (pkey, hash_concat, signature);
 }
 
 static int
@@ -796,3 +796,165 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session,
 
   return ret;
 }
+
+int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+  bigint_t * params,
+  const gnutls_datum_t * data, gnutls_datum_t * digest)
+{
+  int ret;
+
+  switch (pk)
+    {
+    case GNUTLS_PK_RSA:
+      if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA224 &&
+        hash != GNUTLS_DIG_SHA256)
+        {
+          gnutls_assert ();
+          return GNUTLS_E_INVALID_REQUEST;
+        }
+      break;
+    case GNUTLS_PK_DSA:
+      if (params && hash != _gnutls_dsa_q_to_hash (params[1]))
+        {
+          gnutls_assert ();
+          return GNUTLS_E_INVALID_REQUEST;
+        }
+      break;
+    default:
+      gnutls_assert();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  digest->size = _gnutls_hash_get_algo_len (hash);
+  digest->data = gnutls_malloc (digest->size);
+  if (digest->data == NULL)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_MEMORY_ERROR;
+    }
+
+  ret = _gnutls_hash_fast(hash, data->data, data->size, digest->data);
+  if (ret < 0)
+    {
+      gnutls_assert();
+      goto cleanup;
+    }
+
+  return 0;
+
+cleanup:
+  gnutls_free(digest->data);
+  return ret;
+}
+
+/* Writes the digest information and the digest in a DER encoded
+ * structure. The digest info is allocated and stored into the info structure.
+ */
+static int
+encode_ber_digest_info (gnutls_digest_algorithm_t hash,
+			const gnutls_datum_t * digest,
+			gnutls_datum_t * output)
+{
+  ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+  int result;
+  const char *algo;
+  opaque* tmp_output;
+  int tmp_output_size;
+
+  algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash);
+  if (algo == NULL)
+    {
+      gnutls_assert ();
+      _gnutls_x509_log ("Hash algorithm: %d\n", hash);
+      return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+    }
+
+  if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
+				     "GNUTLS.DigestInfo",
+				     &dinfo)) != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      return _gnutls_asn2err (result);
+    }
+
+  result = asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1);
+  if (result != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return _gnutls_asn2err (result);
+    }
+
+  /* Write an ASN.1 NULL in the parameters field.  This matches RFC
+     3279 and RFC 4055, although is arguable incorrect from a historic
+     perspective (see those documents for more information).
+     Regardless of what is correct, this appears to be what most
+     implementations do.  */
+  result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
+			     ASN1_NULL, ASN1_NULL_SIZE);
+  if (result != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return _gnutls_asn2err (result);
+    }
+
+  result = asn1_write_value (dinfo, "digest", digest->data, digest->size);
+  if (result != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return _gnutls_asn2err (result);
+    }
+
+  tmp_output_size = 0;
+  asn1_der_coding (dinfo, "", NULL, &tmp_output_size, NULL);
+
+  tmp_output = gnutls_malloc (tmp_output_size);
+  if (output->data == NULL)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return GNUTLS_E_MEMORY_ERROR;
+    }
+
+  result = asn1_der_coding (dinfo, "", tmp_output, &tmp_output_size, NULL);
+  if (result != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return _gnutls_asn2err (result);
+    }
+
+  asn1_delete_structure (&dinfo);
+  
+  output->size = tmp_output_size;
+  output->data = tmp_output;
+
+  return 0;
+}
+
+/* if hash==MD5 then we do RSA-MD5
+ * if hash==SHA then we do RSA-SHA
+ * params[0] is modulus
+ * params[1] is public key
+ */
+int
+pk_prepare_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
+		   gnutls_datum_t * digest)
+{
+  int ret;
+  gnutls_datum old_digest = { digest->data, digest->size };
+
+  /* Encode the digest as a DigestInfo
+   */
+  if ((ret = encode_ber_digest_info (hash, digest, digest)) != 0)
+    {
+      gnutls_assert ();
+      return ret;
+    }
+
+  _gnutls_free_datum(&old_digest);
+
+  return 0;
+}
diff --git a/lib/gnutls_sig.h b/lib/gnutls_sig.h
index 77a97afa4d..3d85f03e4c 100644
--- a/lib/gnutls_sig.h
+++ b/lib/gnutls_sig.h
@@ -56,4 +56,14 @@ int _gnutls_soft_sign (gnutls_pk_algorithm_t algo,
 		       const gnutls_datum_t * data,
 		       gnutls_datum_t * signature);
 
+int pk_prepare_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
+		       gnutls_datum_t * output);
+int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+  bigint_t * params, const gnutls_datum_t * data, gnutls_datum_t * digest);
+
+int
+_gnutls_privkey_sign_hash (gnutls_privkey_t key,
+			  const gnutls_datum_t * hash,
+			  gnutls_datum_t * signature);
+
 #endif
diff --git a/lib/openpgp/gnutls_openpgp.h b/lib/openpgp/gnutls_openpgp.h
index b5f67d40fe..c89b867f1c 100644
--- a/lib/openpgp/gnutls_openpgp.h
+++ b/lib/openpgp/gnutls_openpgp.h
@@ -49,6 +49,11 @@ time_t _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t *
 time_t _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t *
 						    cert);
 
+int
+_gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
+				  const gnutls_datum_t * hash,
+				  gnutls_datum_t * signature);
+
 
 #endif /*GNUTLS_OPENPGP_LOCAL_H */
 
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index ab888a7f58..0199cd3ade 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -34,6 +34,7 @@
 #include <openpgp_int.h>
 #include <gnutls_openpgp.h>
 #include <gnutls_cert.h>
+#include <gnutls_sig.h>
 
 /**
  * gnutls_openpgp_privkey_init:
diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 23aeb1ba96..4725d1ef54 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -97,4 +97,9 @@ int pkcs11_find_object (pakchois_session_t ** _pks,
 
 unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
 
+int
+_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
+				 const gnutls_datum_t * hash,
+				 gnutls_datum_t * signature);
+
 #endif
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index efc5e6de2e..547db4d5ac 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -29,7 +29,7 @@
 #include <gnutls_errors.h>
 #include <gnutls_datum.h>
 #include <pkcs11_int.h>
-#include <sign.h>
+#include <gnutls_sig.h>
 
 struct gnutls_pkcs11_privkey_st
 {
@@ -165,7 +165,7 @@ gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer,
       goto cleanup;
     }
 
-  ret = gnutls_pkcs11_privkey_sign_hash (signer, &digest, signature);
+  ret = _gnutls_pkcs11_privkey_sign_hash (signer, &digest, signature);
   _gnutls_free_datum (&digest);
 
   if (ret < 0)
@@ -195,8 +195,8 @@ cleanup:
 		} \
 	} while (ret < 0);
 
-/**
- * gnutls_pkcs11_privkey_sign_hash:
+/*-
+ * _gnutls_pkcs11_privkey_sign_hash:
  * @key: Holds the key
  * @hash: holds the data to be signed (should be output of a hash)
  * @signature: will contain the signature allocated with gnutls_malloc()
@@ -207,9 +207,9 @@ cleanup:
  *
  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
  *   negative error value.
- **/
+ -*/
 int
-gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
+_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
 				 const gnutls_datum_t * hash,
 				 gnutls_datum_t * signature)
 {
diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am
index 042f7ebb51..0081521fc5 100644
--- a/lib/x509/Makefile.am
+++ b/lib/x509/Makefile.am
@@ -37,7 +37,6 @@ noinst_LTLIBRARIES = libgnutls_x509.la
 libgnutls_x509_la_SOURCES =	\
 	common.c		\
 	common.h		\
-	sign.h			\
 	crl.c			\
 	crl_write.c		\
 	crq.c			\
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index eeac8090aa..32560a5d6d 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -34,7 +34,6 @@
 #include <x509_b64.h>
 #include <x509_int.h>
 #include <gnutls_pk.h>
-#include <sign.h>
 #include <gnutls_mpi.h>
 
 static int _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params);
diff --git a/lib/x509/sign.c b/lib/x509/sign.c
index 29dbc6656f..07f7ef6c60 100644
--- a/lib/x509/sign.c
+++ b/lib/x509/sign.c
@@ -41,171 +41,8 @@
 #include <gnutls_datum.h>
 #include <x509_int.h>
 #include <common.h>
-#include <sign.h>
 #include <gnutls/abstract.h>
 
-/* Writes the digest information and the digest in a DER encoded
- * structure. The digest info is allocated and stored into the info structure.
- */
-static int
-encode_ber_digest_info (gnutls_digest_algorithm_t hash,
-			const gnutls_datum_t * digest,
-			gnutls_datum_t * output)
-{
-  ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
-  int result;
-  const char *algo;
-  opaque* tmp_output;
-  int tmp_output_size;
-
-  algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash);
-  if (algo == NULL)
-    {
-      gnutls_assert ();
-      _gnutls_x509_log ("Hash algorithm: %d\n", hash);
-      return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
-    }
-
-  if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
-				     "GNUTLS.DigestInfo",
-				     &dinfo)) != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      return _gnutls_asn2err (result);
-    }
-
-  result = asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
-    }
-
-  /* Write an ASN.1 NULL in the parameters field.  This matches RFC
-     3279 and RFC 4055, although is arguable incorrect from a historic
-     perspective (see those documents for more information).
-     Regardless of what is correct, this appears to be what most
-     implementations do.  */
-  result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
-			     ASN1_NULL, ASN1_NULL_SIZE);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
-    }
-
-  result = asn1_write_value (dinfo, "digest", digest->data, digest->size);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
-    }
-
-  tmp_output_size = 0;
-  asn1_der_coding (dinfo, "", NULL, &tmp_output_size, NULL);
-
-  tmp_output = gnutls_malloc (tmp_output_size);
-  if (output->data == NULL)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  result = asn1_der_coding (dinfo, "", tmp_output, &tmp_output_size, NULL);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
-    }
-
-  asn1_delete_structure (&dinfo);
-  
-  output->size = tmp_output_size;
-  output->data = tmp_output;
-
-  return 0;
-}
-
-int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
-  bigint_t * params,
-  const gnutls_datum_t * data, gnutls_datum_t * digest)
-{
-  int ret;
-
-  switch (pk)
-    {
-    case GNUTLS_PK_RSA:
-      if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA224 &&
-        hash != GNUTLS_DIG_SHA256)
-        {
-          gnutls_assert ();
-          return GNUTLS_E_INVALID_REQUEST;
-        }
-      break;
-    case GNUTLS_PK_DSA:
-      if (params && hash != _gnutls_dsa_q_to_hash (params[1]))
-        {
-          gnutls_assert ();
-          return GNUTLS_E_INVALID_REQUEST;
-        }
-      break;
-    default:
-      gnutls_assert();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  digest->size = _gnutls_hash_get_algo_len (hash);
-  digest->data = gnutls_malloc (digest->size);
-  if (digest->data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  ret = _gnutls_hash_fast(hash, data->data, data->size, digest->data);
-  if (ret < 0)
-    {
-      gnutls_assert();
-      goto cleanup;
-    }
-
-  return 0;
-
-cleanup:
-  gnutls_free(digest->data);
-  return ret;
-}
-
-/* if hash==MD5 then we do RSA-MD5
- * if hash==SHA then we do RSA-SHA
- * params[0] is modulus
- * params[1] is public key
- */
-int
-pk_prepare_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
-		   gnutls_datum_t * digest)
-{
-  int ret;
-  gnutls_datum old_digest = { digest->data, digest->size };
-
-  /* Encode the digest as a DigestInfo
-   */
-  if ((ret = encode_ber_digest_info (hash, digest, digest)) != 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  _gnutls_free_datum(&old_digest);
-
-  return 0;
-}
-
 /* This is the same as the _gnutls_x509_sign, but this one will decode
  * the ASN1_TYPE given, and sign the DER data. Actually used to get the DER
  * of the TBS and sign it on the fly.
diff --git a/lib/x509/sign.h b/lib/x509/sign.h
deleted file mode 100644
index 5992bbd3bf..0000000000
--- a/lib/x509/sign.h
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef GNUTLS_SIGN_H
-#define GNUTLS_SIGN_H
-
-int pk_prepare_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
-		       gnutls_datum_t * output);
-int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
-  bigint_t * params, const gnutls_datum_t * data, gnutls_datum_t * digest);
-
-#endif
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-12-12 09:40:29 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2010-12-12 09:40:29 +0100
commit	1c297951ba962c0922f7e8b60f91d32b0d2e901f (patch)
tree	56b770947bcbb98320390dac10a5ef3f39b69035
parent	535596a4e2f857e6373b28142295bf8d6d1b6654 (diff)
download	gnutls-1c297951ba962c0922f7e8b60f91d32b0d2e901f.tar.gz