diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-22 11:55:33 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-05-22 13:37:59 +0200 |
| commit | f099342688710138ba8cd94e47846bda5c331faf (patch) | |
| tree | 5782228c5fa01060673e3273c583e22b70b25202 /lib/gnutls_pk.c | |
| parent | 8dcf7e8299fed143c2e61500da55b5e5910eb54c (diff) | |
| download | gnutls-f099342688710138ba8cd94e47846bda5c331faf.tar.gz | |
gnutls_pk_params_st is used internally to transfer public key parameters. This replaces the raw bigint_t arrays.
Diffstat (limited to 'lib/gnutls_pk.c')
| -rw-r--r-- | lib/gnutls_pk.c | 140 |
1 files changed, 37 insertions, 103 deletions
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index 5fc3aa216f..358cef40ec 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -45,7 +45,7 @@ int _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, const gnutls_datum_t * plaintext, - bigint_t * params, unsigned params_len, + gnutls_pk_params_st * params, unsigned btype) { unsigned int i, pad; @@ -53,14 +53,9 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, opaque *edata, *ps; size_t k, psize; size_t mod_bits; - gnutls_pk_params_st pk_params; gnutls_datum_t to_encrypt, encrypted; - for (i = 0; i < params_len; i++) - pk_params.params[i] = params[i]; - pk_params.params_nr = params_len; - - mod_bits = _gnutls_mpi_get_nbits (params[0]); + mod_bits = _gnutls_mpi_get_nbits (params->params[0]); k = mod_bits / 8; if (mod_bits % 8 != 0) k++; @@ -91,7 +86,7 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, { case 2: /* using public key */ - if (params_len < RSA_PUBLIC_PARAMS) + if (params->params_nr < RSA_PUBLIC_PARAMS) { gnutls_assert (); gnutls_free (edata); @@ -120,7 +115,7 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, case 1: /* using private key */ - if (params_len < RSA_PRIVATE_PARAMS) + if (params->params_nr < RSA_PRIVATE_PARAMS) { gnutls_assert (); gnutls_free (edata); @@ -144,10 +139,10 @@ _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, if (btype == 2) /* encrypt */ ret = - _gnutls_pk_encrypt (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params); + _gnutls_pk_encrypt (GNUTLS_PK_RSA, &encrypted, &to_encrypt, params); else /* sign */ ret = - _gnutls_pk_sign (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params); + _gnutls_pk_sign (GNUTLS_PK_RSA, &encrypted, &to_encrypt, params); gnutls_free (edata); @@ -211,19 +206,14 @@ cleanup: int _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, const gnutls_datum_t * ciphertext, - bigint_t * params, unsigned params_len, + gnutls_pk_params_st* params, unsigned btype) { unsigned int k, i; int ret; size_t esize, mod_bits; - gnutls_pk_params_st pk_params; - - for (i = 0; i < params_len; i++) - pk_params.params[i] = params[i]; - pk_params.params_nr = params_len; - mod_bits = _gnutls_mpi_get_nbits (params[0]); + mod_bits = _gnutls_mpi_get_nbits (params->params[0]); k = mod_bits / 8; if (mod_bits % 8 != 0) k++; @@ -242,12 +232,12 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, if (btype == 2) { ret = - _gnutls_pk_decrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params); + _gnutls_pk_decrypt (GNUTLS_PK_RSA, plaintext, ciphertext, params); } else { ret = - _gnutls_pk_encrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params); + _gnutls_pk_encrypt (GNUTLS_PK_RSA, plaintext, ciphertext, params); } if (ret < 0) @@ -324,8 +314,9 @@ _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, int _gnutls_rsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * ciphertext, bigint_t * params, - int params_len, int btype) + const gnutls_datum_t * ciphertext, + gnutls_pk_params_st * params, + int btype) { gnutls_datum_t plain; @@ -333,7 +324,7 @@ _gnutls_rsa_verify (const gnutls_datum_t * vdata, /* decrypt signature */ if ((ret = - _gnutls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len, + _gnutls_pkcs1_rsa_decrypt (&plain, ciphertext, params, btype)) < 0) { gnutls_assert (); @@ -410,17 +401,11 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s) */ int _gnutls_dsa_sign (gnutls_datum_t * signature, - const gnutls_datum_t * hash, bigint_t * params, - unsigned int params_len) + const gnutls_datum_t * hash, + gnutls_pk_params_st * params) { int ret; - size_t i; size_t k; - gnutls_pk_params_st pk_params; - - for (i = 0; i < params_len; i++) - pk_params.params[i] = params[i]; - pk_params.params_nr = params_len; k = hash->size; if (k < 20) @@ -429,7 +414,7 @@ _gnutls_dsa_sign (gnutls_datum_t * signature, return GNUTLS_E_PK_SIGN_FAILED; } - ret = _gnutls_pk_sign (GNUTLS_PK_DSA, signature, hash, &pk_params); + ret = _gnutls_pk_sign (GNUTLS_PK_DSA, signature, hash, params); /* rs[0], rs[1] now hold r,s */ if (ret < 0) @@ -493,16 +478,11 @@ _gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r, */ int _gnutls_dsa_verify (const gnutls_datum_t * vdata, - const gnutls_datum_t * sig_value, bigint_t * params, - int params_len) + const gnutls_datum_t * sig_value, + gnutls_pk_params_st* params) { - int ret, i; - gnutls_pk_params_st pk_params; - - for (i = 0; i < params_len; i++) - pk_params.params[i] = params[i]; - pk_params.params_nr = params_len; + int ret; if (vdata->size < 20) { /* SHA1 or better only */ @@ -511,7 +491,7 @@ _gnutls_dsa_verify (const gnutls_datum_t * vdata, } /* decrypt signature */ - ret = _gnutls_pk_verify (GNUTLS_PK_DSA, vdata, sig_value, &pk_params); + ret = _gnutls_pk_verify (GNUTLS_PK_DSA, vdata, sig_value, params); if (ret < 0) { @@ -523,68 +503,21 @@ _gnutls_dsa_verify (const gnutls_datum_t * vdata, } /* some generic pk functions */ -static int -_generate_params (int algo, bigint_t * resarr, unsigned int *resarr_len, - int bits) -{ - gnutls_pk_params_st params; - int ret; - unsigned int i; - - ret = _gnutls_pk_generate (algo, bits, ¶ms); - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - if (resarr && resarr_len && *resarr_len >= params.params_nr) - { - *resarr_len = params.params_nr; - for (i = 0; i < params.params_nr; i++) - resarr[i] = params.params[i]; - } - else - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - return 0; -} - - -int -_gnutls_rsa_generate_params (bigint_t * resarr, unsigned int *resarr_len, - int bits) -{ - return _generate_params (GNUTLS_PK_RSA, resarr, resarr_len, bits); -} - -int -_gnutls_dsa_generate_params (bigint_t * resarr, unsigned int *resarr_len, - int bits) -{ - return _generate_params (GNUTLS_PK_DSA, resarr, resarr_len, bits); -} - -int -_gnutls_pk_params_copy (gnutls_pk_params_st * dst, bigint_t * params, - int params_len) +int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, const gnutls_pk_params_st * src) { int i, j; dst->params_nr = 0; - if (params_len == 0 || params == NULL) + if (src == NULL || src->params_nr == 0) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } - for (i = 0; i < params_len; i++) + for (i = 0; i < src->params_nr; i++) { - dst->params[i] = _gnutls_mpi_set (NULL, params[i]); + dst->params[i] = _gnutls_mpi_set (NULL, src->params[i]); if (dst->params[i] == NULL) { for (j = 0; j < i; j++) @@ -611,14 +544,15 @@ gnutls_pk_params_release (gnutls_pk_params_st * p) { _gnutls_mpi_release (&p->params[i]); } + p->params_nr = 0; } int -_gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size) +_gnutls_calc_rsa_exp (gnutls_pk_params_st* params) { - bigint_t tmp = _gnutls_mpi_alloc_like (params[0]); + bigint_t tmp = _gnutls_mpi_alloc_like (params->params[0]); - if (params_size < RSA_PRIVATE_PARAMS - 2) + if (params->params_nr < RSA_PRIVATE_PARAMS - 2) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; @@ -631,15 +565,15 @@ _gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size) } /* [6] = d % p-1, [7] = d % q-1 */ - _gnutls_mpi_sub_ui (tmp, params[3], 1); - params[6] = _gnutls_mpi_mod (params[2] /*d */ , tmp); + _gnutls_mpi_sub_ui (tmp, params->params[3], 1); + params->params[6] = _gnutls_mpi_mod (params->params[2] /*d */ , tmp); - _gnutls_mpi_sub_ui (tmp, params[4], 1); - params[7] = _gnutls_mpi_mod (params[2] /*d */ , tmp); + _gnutls_mpi_sub_ui (tmp, params->params[4], 1); + params->params[7] = _gnutls_mpi_mod (params->params[2] /*d */ , tmp); _gnutls_mpi_release (&tmp); - if (params[7] == NULL || params[6] == NULL) + if (params->params[7] == NULL || params->params[6] == NULL) { gnutls_assert (); return GNUTLS_E_MEMORY_ERROR; @@ -649,8 +583,8 @@ _gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size) } int -_gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, bigint_t * params, - int params_size, +_gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, + gnutls_pk_params_st* params, gnutls_digest_algorithm_t * dig, unsigned int *mand) { @@ -663,6 +597,6 @@ _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, bigint_t * params, } return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) dig, - NULL, pk, params, params_size); + NULL, pk, params); } |