diff options
| -rw-r--r-- | includes/gnutls/x509.h | 8 | ||||
| -rw-r--r-- | lib/auth_rsa_export.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 8 | ||||
| -rw-r--r-- | lib/gnutls_rsa_export.c | 201 | ||||
| -rw-r--r-- | lib/gnutls_rsa_export.h | 4 | ||||
| -rw-r--r-- | lib/x509/privkey.c | 200 | ||||
| -rw-r--r-- | lib/x509/x509.h | 13 |
7 files changed, 240 insertions, 196 deletions
diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index 712bfe302b..edeb31233e 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -198,6 +198,10 @@ int gnutls_x509_privkey_init(gnutls_x509_privkey * key); void gnutls_x509_privkey_deinit(gnutls_x509_privkey key); int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * data, gnutls_x509_crt_fmt format); +int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey privkey, + const gnutls_datum *m, const gnutls_datum *e, + const gnutls_datum *d, const gnutls_datum *p, const gnutls_datum *q, + const gnutls_datum *u); int gnutls_x509_privkey_get_pk_algorithm( gnutls_x509_privkey key); int gnutls_x509_privkey_generate( gnutls_x509_privkey key, gnutls_pk_algorithm algo, @@ -205,6 +209,10 @@ int gnutls_x509_privkey_generate( gnutls_x509_privkey key, gnutls_pk_algorithm a int gnutls_x509_privkey_export( gnutls_x509_privkey key, gnutls_x509_crt_fmt format, unsigned char* output_data, int* output_data_size); +int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey key, + gnutls_datum * m, gnutls_datum *e, + gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, + gnutls_datum* u); #ifdef __cplusplus diff --git a/lib/auth_rsa_export.c b/lib/auth_rsa_export.c index 3c49e72170..6445fd844f 100644 --- a/lib/auth_rsa_export.c +++ b/lib/auth_rsa_export.c @@ -102,7 +102,7 @@ static int gen_rsa_export_server_kx(gnutls_session session, opaque ** data) return GNUTLS_E_INT_RET_0; } - rsa_params = _gnutls_get_rsa_params( cred->rsa_params, 512); + rsa_params = _gnutls_get_rsa_params( cred->rsa_params); if (rsa_params == NULL) { gnutls_assert(); return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS; diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 1d568dcd9b..b82ebd630d 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -620,13 +620,7 @@ typedef struct { #define gnutls_dh_params _gnutls_dh_params* - -typedef struct { - int bits; - MPI params[RSA_PRIVATE_PARAMS]; -} _gnutls_rsa_params; - -#define gnutls_rsa_params _gnutls_rsa_params* +#define gnutls_rsa_params gnutls_x509_privkey /* functions */ diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c index ecf03e6c6e..a5226786d6 100644 --- a/lib/gnutls_rsa_export.c +++ b/lib/gnutls_rsa_export.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2002,2003 Nikos Mavroyanopoulos + * Copyright (C) 2002,2003 Nikos Mavroyanopoulos * - * This file is part of GNUTLS. + * This file is part of GNUTLS. * * The GNUTLS library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -27,6 +27,7 @@ #include <gnutls_errors.h> #include <gnutls_datum.h> #include <gnutls_rsa_export.h> +#include "x509/x509.h" #include "debug.h" /* This function takes a number of bits and returns a supported @@ -36,27 +37,16 @@ #define MAX_SUPPORTED_BITS 512 -static int normalize_bits(int bits) -{ - if (bits >= MAX_SUPPORTED_BITS) - bits = MAX_SUPPORTED_BITS; - - return bits; -} - - /* returns e and m, depends on the requested bits. * We only support limited key sizes. */ -const GNUTLS_MPI* _gnutls_get_rsa_params(gnutls_rsa_params rsa_params, int bits) +const GNUTLS_MPI* _gnutls_get_rsa_params(gnutls_rsa_params rsa_params) { if (rsa_params == NULL) { gnutls_assert(); return NULL; } - bits = normalize_bits(bits); - return rsa_params->params; } @@ -153,9 +143,6 @@ int _gnutls_rsa_generate_params(GNUTLS_MPI* resarr, int bits) } -#define FREE_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \ - _gnutls_mpi_release(&rsa_params->params[i]) - /** * gnutls_rsa_params_import_raw - This function will replace the old RSA parameters @@ -172,60 +159,12 @@ int _gnutls_rsa_generate_params(GNUTLS_MPI* resarr, int bits) * **/ int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params, - gnutls_datum m, gnutls_datum e, - gnutls_datum d, gnutls_datum p, gnutls_datum q, gnutls_datum u) + const gnutls_datum *m, const gnutls_datum *e, + const gnutls_datum *d, const gnutls_datum *p, + const gnutls_datum *q, const gnutls_datum *u) { - int i = 0; - size_t siz = 0; - - for (i=0;i<RSA_PRIVATE_PARAMS;i++) { - _gnutls_mpi_release(&rsa_params->params[i]); - } - - siz = m.size; - if (_gnutls_mpi_scan(&rsa_params->params[0], m.data, &siz)) { - gnutls_assert(); - FREE_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = e.size; - if (_gnutls_mpi_scan(&rsa_params->params[1], e.data, &siz)) { - gnutls_assert(); - FREE_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = d.size; - if (_gnutls_mpi_scan(&rsa_params->params[2], d.data, &siz)) { - gnutls_assert(); - FREE_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = p.size; - if (_gnutls_mpi_scan(&rsa_params->params[3], p.data, &siz)) { - gnutls_assert(); - FREE_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = q.size; - if (_gnutls_mpi_scan(&rsa_params->params[4], q.data, &siz)) { - gnutls_assert(); - FREE_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = u.size; - if (_gnutls_mpi_scan(&rsa_params->params[5], u.data, &siz)) { - gnutls_assert(); - FREE_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - return 0; - + return gnutls_x509_privkey_import_rsa_raw( rsa_params, + m, e, d, p, q, u); } /** @@ -238,14 +177,7 @@ int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params, int gnutls_rsa_params_init(gnutls_rsa_params * rsa_params) { - *rsa_params = gnutls_calloc( 1, sizeof(_gnutls_rsa_params)); - if (*rsa_params==NULL) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - return 0; - + return gnutls_x509_privkey_init( rsa_params); } /** @@ -257,16 +189,7 @@ int gnutls_rsa_params_init(gnutls_rsa_params * rsa_params) **/ void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params) { -int i; - - if (rsa_params == NULL) - return; - - for (i=0; i< RSA_PRIVATE_PARAMS;i++) - _gnutls_mpi_release( &rsa_params->params[i]); - - gnutls_free(rsa_params); - + gnutls_x509_privkey_deinit(rsa_params); } /** @@ -286,17 +209,7 @@ int i; **/ int gnutls_rsa_params_generate2(gnutls_rsa_params params, int bits) { - - int ret; - - ret = _gnutls_rsa_generate_params( params->params, bits); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - return 0; - + return gnutls_x509_privkey_generate( params, GNUTLS_PK_RSA, bits, 0); } /** @@ -320,94 +233,14 @@ int gnutls_rsa_params_export_raw(gnutls_rsa_params params, gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, gnutls_datum* u, int *bits) { - size_t siz; - - siz = 0; - _gnutls_mpi_print(NULL, &siz, params->params[0]); - - m->data = gnutls_malloc(siz); - if (m->data == NULL) { - return GNUTLS_E_MEMORY_ERROR; - } - - m->size = siz; - _gnutls_mpi_print( m->data, &siz, params->params[0]); +int ret; - /* E */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, params->params[1]); - - e->data = gnutls_malloc(siz); - if (e->data == NULL) { - _gnutls_free_datum( m); - return GNUTLS_E_MEMORY_ERROR; - } - - e->size = siz; - _gnutls_mpi_print( e->data, &siz, params->params[1]); - - /* D */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, params->params[2]); - - d->data = gnutls_malloc(siz); - if (d->data == NULL) { - _gnutls_free_datum( m); - _gnutls_free_datum( e); - return GNUTLS_E_MEMORY_ERROR; - } - - d->size = siz; - _gnutls_mpi_print( d->data, &siz, params->params[2]); - - /* P */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, params->params[3]); - - p->data = gnutls_malloc(siz); - if (p->data == NULL) { - _gnutls_free_datum( m); - _gnutls_free_datum( e); - _gnutls_free_datum( d); - return GNUTLS_E_MEMORY_ERROR; - } - - p->size = siz; - _gnutls_mpi_print(p->data, &siz, params->params[3]); - - /* Q */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, params->params[4]); - - q->data = gnutls_malloc(siz); - if (q->data == NULL) { - _gnutls_free_datum( m); - _gnutls_free_datum( e); - _gnutls_free_datum( d); - _gnutls_free_datum( p); - return GNUTLS_E_MEMORY_ERROR; - } - - q->size = siz; - _gnutls_mpi_print(q->data, &siz, params->params[4]); - - /* U */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, params->params[5]); - - u->data = gnutls_malloc(siz); - if (u->data == NULL) { - _gnutls_free_datum( m); - _gnutls_free_datum( e); - _gnutls_free_datum( d); - _gnutls_free_datum( p); - _gnutls_free_datum( q); - return GNUTLS_E_MEMORY_ERROR; + ret = gnutls_x509_privkey_export_rsa_raw( params, m, e, d, p, q, u); + if ( ret < 0) { + gnutls_assert(); + return ret; } - u->size = siz; - _gnutls_mpi_print(u->data, &siz, params->params[5]); - if (bits) *bits = _gnutls_mpi_get_nbits(params->params[3]); diff --git a/lib/gnutls_rsa_export.h b/lib/gnutls_rsa_export.h index 71126d425d..49fec266b9 100644 --- a/lib/gnutls_rsa_export.h +++ b/lib/gnutls_rsa_export.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000,2002 Nikos Mavroyanopoulos + * Copyright (C) 2000,2002,2003 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * @@ -18,7 +18,7 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA */ -const GNUTLS_MPI* _gnutls_get_rsa_params(gnutls_rsa_params, int bits); +const GNUTLS_MPI* _gnutls_get_rsa_params(gnutls_rsa_params); int _gnutls_peers_cert_less_512( gnutls_session session); int _gnutls_rsa_generate_params(GNUTLS_MPI* resarr, int bits); diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index b66d23d4c9..2e6f6880c1 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -31,6 +31,8 @@ #include <dn.h> #include <extensions.h> +static int _encode_rsa( ASN1_TYPE* c2, MPI* params); + /** * gnutls_x509_privkey_init - This function initializes a gnutls_crl structure * @key: The structure to be initialized @@ -262,7 +264,7 @@ static ASN1_TYPE decode_dsa_key( const gnutls_datum* raw_key, * @data: The DER or PEM encoded certificate. * @format: One of DER or PEM * - * This function will convert the given DER or PEM encoded Certificate + * This function will convert the given DER or PEM encoded key * to the native gnutls_x509_privkey format. The output will be stored in 'key'. * * If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or @@ -353,6 +355,86 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * dat return result; } +#define FREE_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \ + _gnutls_mpi_release(&key->params[i]) + +/** + * gnutls_x509_privkey_import_rsa_raw - This function will import a raw RSA key + * @key: The structure to store the parsed key + * @m: holds the modulus + * @e: holds the public exponent + * @d: holds the private exponent + * @p: holds the first prime (p) + * @q: holds the second prime (q) + * @u: holds the coefficient + * + * This function will convert the given RSA raw parameters + * to the native gnutls_x509_privkey format. The output will be stored in 'key'. + * + **/ +int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey key, + const gnutls_datum* m, const gnutls_datum* e, + const gnutls_datum* d, const gnutls_datum* p, + const gnutls_datum* q, const gnutls_datum* u) +{ + int i = 0, ret; + size_t siz = 0; + + siz = m->size; + if (_gnutls_mpi_scan(&key->params[0], m->data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = e->size; + if (_gnutls_mpi_scan(&key->params[1], e->data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = d->size; + if (_gnutls_mpi_scan(&key->params[2], d->data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = p->size; + if (_gnutls_mpi_scan(&key->params[3], p->data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = q->size; + if (_gnutls_mpi_scan(&key->params[4], q->data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = u->size; + if (_gnutls_mpi_scan(&key->params[5], u->data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + ret = _encode_rsa( &key->key, key->params); + if (ret < 0) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return ret; + } + + key->params_size = RSA_PRIVATE_PARAMS; + key->pk_algorithm = GNUTLS_PK_RSA; + + return 0; + +} /** @@ -459,6 +541,120 @@ int gnutls_x509_privkey_export( gnutls_x509_privkey key, return 0; } +/** + * gnutls_x509_privkey_export_rsa_raw - This function will export the RSA private key + * @params: a structure that holds the rsa parameters + * @m: will hold the modulus + * @e: will hold the public exponent + * @d: will hold the private exponent + * @p: will hold the first prime (p) + * @q: will hold the second prime (q) + * @u: will hold the coefficient + * + * This function will export the RSA private key's parameters found in the given + * structure. The new parameters will be allocated using + * gnutls_malloc() and will be stored in the appropriate datum. + * + **/ +int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey key, + gnutls_datum * m, gnutls_datum *e, + gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, + gnutls_datum* u) +{ + size_t siz; + + siz = 0; + _gnutls_mpi_print(NULL, &siz, key->params[0]); + + m->data = gnutls_malloc(siz); + if (m->data == NULL) { + return GNUTLS_E_MEMORY_ERROR; + } + + m->size = siz; + _gnutls_mpi_print( m->data, &siz, key->params[0]); + + /* E */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, key->params[1]); + + e->data = gnutls_malloc(siz); + if (e->data == NULL) { + _gnutls_free_datum( m); + return GNUTLS_E_MEMORY_ERROR; + } + + e->size = siz; + _gnutls_mpi_print( e->data, &siz, key->params[1]); + + /* D */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, key->params[2]); + + d->data = gnutls_malloc(siz); + if (d->data == NULL) { + _gnutls_free_datum( m); + _gnutls_free_datum( e); + return GNUTLS_E_MEMORY_ERROR; + } + + d->size = siz; + _gnutls_mpi_print( d->data, &siz, key->params[2]); + + /* P */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, key->params[3]); + + p->data = gnutls_malloc(siz); + if (p->data == NULL) { + _gnutls_free_datum( m); + _gnutls_free_datum( e); + _gnutls_free_datum( d); + return GNUTLS_E_MEMORY_ERROR; + } + + p->size = siz; + _gnutls_mpi_print(p->data, &siz, key->params[3]); + + /* Q */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, key->params[4]); + + q->data = gnutls_malloc(siz); + if (q->data == NULL) { + _gnutls_free_datum( m); + _gnutls_free_datum( e); + _gnutls_free_datum( d); + _gnutls_free_datum( p); + return GNUTLS_E_MEMORY_ERROR; + } + + q->size = siz; + _gnutls_mpi_print(q->data, &siz, key->params[4]); + + /* U */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, key->params[5]); + + u->data = gnutls_malloc(siz); + if (u->data == NULL) { + _gnutls_free_datum( m); + _gnutls_free_datum( e); + _gnutls_free_datum( d); + _gnutls_free_datum( p); + _gnutls_free_datum( q); + return GNUTLS_E_MEMORY_ERROR; + } + + u->size = siz; + _gnutls_mpi_print(u->data, &siz, key->params[5]); + + return 0; + +} + +/* Encodes the RSA parameters into an ASN.1 RSA private key structure. + */ static int _encode_rsa( ASN1_TYPE* c2, MPI* params) { int result, i; @@ -660,7 +856,7 @@ static int _encode_rsa( ASN1_TYPE* c2, MPI* params) * @key: should contain a gnutls_x509_privkey structure * @algo: is one of RSA or DSA. * @bits: the size of the modulus - * @flags: unused for now + * @flags: unused for now. Must be 0. * * This function will generate a random private key. Note that * this function must be called on an empty private key. diff --git a/lib/x509/x509.h b/lib/x509/x509.h index 2aa3601355..4a2fc7818f 100644 --- a/lib/x509/x509.h +++ b/lib/x509/x509.h @@ -110,8 +110,21 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt cert); int gnutls_x509_privkey_init(gnutls_x509_privkey * key); void gnutls_x509_privkey_deinit(gnutls_x509_privkey key); + +int gnutls_x509_privkey_generate( gnutls_x509_privkey key, gnutls_pk_algorithm algo, + int bits, unsigned int flags); + int gnutls_x509_privkey_import(gnutls_x509_privkey key, const gnutls_datum * data, gnutls_x509_crt_fmt format); int gnutls_x509_privkey_get_pk_algorithm( gnutls_x509_privkey key); +int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey key, + const gnutls_datum* m, const gnutls_datum* e, + const gnutls_datum* d, const gnutls_datum* p, + const gnutls_datum* q, const gnutls_datum* u); +int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey key, + gnutls_datum * m, gnutls_datum *e, + gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, + gnutls_datum* u); + #endif |