]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Several updates to allow generation and signing of an ECC certificate.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 23 May 2011 20:42:35 +0000 (22:42 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 23 May 2011 20:42:35 +0000 (22:42 +0200)
lib/gnutls_pk.c
lib/gnutls_pk.h
lib/gnutls_privkey.c
lib/gnutls_sig.c
lib/x509/verify.c

index e7cd6f92e136a065a3ef7cc8e33a635fb44ed5c5..38632f96a9957e37fadcf855c95d02e7ab25fe77 100644 (file)
@@ -397,35 +397,6 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
 }
 
 
-/* Do DSA signature calculation. params is p, q, g, y, x in that order.
- */
-int
-_gnutls_dsa_sign (gnutls_datum_t * signature,
-                  const gnutls_datum_t * hash, 
-                  gnutls_pk_params_st * params)
-{
-  int ret;
-  size_t k;
-
-  k = hash->size;
-  if (k < 20)
-    { /* SHA1 or better only */
-      gnutls_assert ();
-      return GNUTLS_E_PK_SIGN_FAILED;
-    }
-
-  ret = _gnutls_pk_sign (GNUTLS_PK_DSA, signature, hash, params);
-  /* rs[0], rs[1] now hold r,s */
-
-  if (ret < 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  return 0;
-}
-
 /* decodes the Dss-Sig-Value structure
  */
 int
index 8b6359e17ca2160b91ad03ca950d9de69243a50f..452a05258ead4dcead4943c0760cdc2b2c275bbb 100644 (file)
@@ -52,8 +52,6 @@ int _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
                                const gnutls_datum_t * plaintext,
                                gnutls_pk_params_st * params,
                                unsigned btype);
-int _gnutls_dsa_sign (gnutls_datum_t * signature,
-                      const gnutls_datum_t * plaintext, gnutls_pk_params_st*);
 int _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
                                const gnutls_datum_t * ciphertext,
                                gnutls_pk_params_st* params,
index b71e04a2243cb5d270c0d574e18efce42d3d1fcb..f1737c07544825453c4e1983a5f2a90aa6ed4f13 100644 (file)
@@ -143,6 +143,29 @@ privkey_to_pubkey (gnutls_pk_algorithm_t pk,
           goto cleanup;
         }
 
+      break;
+    case GNUTLS_PK_ECC:
+      pub->params[0] = _gnutls_mpi_copy (priv->params[0]);
+      pub->params[1] = _gnutls_mpi_copy (priv->params[1]);
+      pub->params[2] = _gnutls_mpi_copy (priv->params[2]);
+      pub->params[3] = _gnutls_mpi_copy (priv->params[3]);
+      pub->params[4] = _gnutls_mpi_copy (priv->params[4]);
+      pub->params[5] = _gnutls_mpi_copy (priv->params[5]);
+      pub->params[6] = _gnutls_mpi_copy (priv->params[6]);
+
+      pub->params_nr = ECC_PUBLIC_PARAMS;
+      pub->flags = priv->flags;
+
+      if (pub->params[0] == NULL || pub->params[1] == NULL ||
+          pub->params[2] == NULL || pub->params[3] == NULL ||
+          pub->params[4] == NULL || pub->params[5] == NULL ||
+          pub->params[6] == NULL)
+        {
+          gnutls_assert ();
+          ret = GNUTLS_E_MEMORY_ERROR;
+          goto cleanup;
+        }
+
       break;
     default:
       gnutls_assert ();
index 6e7cb1089919c5b9f332a7b8f602e4828ec39a64..433116599846272e6ce39f0511b5d1c2b736827c 100644 (file)
@@ -183,18 +183,14 @@ _gnutls_soft_sign (gnutls_pk_algorithm_t algo, gnutls_pk_params_st * params,
         }
 
       break;
-    case GNUTLS_PK_DSA:
-      /* sign */
-      if ((ret = _gnutls_dsa_sign (signature, data, params)) < 0)
+    default:
+      ret = _gnutls_pk_sign( algo, signature, data, params);
+      if (ret < 0)
         {
           gnutls_assert ();
           return ret;
         }
       break;
-    default:
-      gnutls_assert ();
-      return GNUTLS_E_INTERNAL_ERROR;
-      break;
     }
 
   return 0;
@@ -752,22 +748,6 @@ pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
 {
   int ret;
 
-  switch (pk)
-    {
-    case GNUTLS_PK_RSA:
-      break;
-    case GNUTLS_PK_DSA:
-      if (params && hash != _gnutls_dsa_q_to_hash (pk, params))
-        {
-          gnutls_assert ();
-          return GNUTLS_E_INVALID_REQUEST;
-        }
-      break;
-    default:
-      gnutls_assert ();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
   digest->size = _gnutls_hash_get_algo_len (hash);
   digest->data = gnutls_malloc (digest->size);
   if (digest->data == NULL)
@@ -903,6 +883,7 @@ pk_prepare_hash (gnutls_pk_algorithm_t pk,
       _gnutls_free_datum (&old_digest);
       break;
     case GNUTLS_PK_DSA:
+    case GNUTLS_PK_ECC:
       break;
     default:
       gnutls_assert ();
index d2653c5ef250b7bd9d6ae0f4942d54511ba1e289..76fe41a3507d0af7196d64cc5d8b323be1d99b35 100644 (file)
@@ -960,9 +960,10 @@ _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
   switch (pk)
     {
     case GNUTLS_PK_DSA:
+    case GNUTLS_PK_ECC:
 
       if (hash)
-        *hash = _gnutls_dsa_q_to_hash (GNUTLS_PK_DSA, issuer_params);
+        *hash = _gnutls_dsa_q_to_hash (pk, issuer_params);
 
       ret = 0;
       break;