From: Nikos Mavrogiannopoulos Date: Mon, 23 May 2011 20:42:35 +0000 (+0200) Subject: Several updates to allow generation and signing of an ECC certificate. X-Git-Tag: gnutls_2_99_2~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc2b813d1a6034e45906ed014c6a1babe8555bd5;p=thirdparty%2Fgnutls.git Several updates to allow generation and signing of an ECC certificate. --- diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index e7cd6f92e1..38632f96a9 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -397,35 +397,6 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s) } -/* Do DSA signature calculation. params is p, q, g, y, x in that order. - */ -int -_gnutls_dsa_sign (gnutls_datum_t * signature, - const gnutls_datum_t * hash, - gnutls_pk_params_st * params) -{ - int ret; - size_t k; - - k = hash->size; - if (k < 20) - { /* SHA1 or better only */ - gnutls_assert (); - return GNUTLS_E_PK_SIGN_FAILED; - } - - ret = _gnutls_pk_sign (GNUTLS_PK_DSA, signature, hash, params); - /* rs[0], rs[1] now hold r,s */ - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return 0; -} - /* decodes the Dss-Sig-Value structure */ int diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h index 8b6359e17c..452a05258e 100644 --- a/lib/gnutls_pk.h +++ b/lib/gnutls_pk.h @@ -52,8 +52,6 @@ int _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext, const gnutls_datum_t * plaintext, gnutls_pk_params_st * params, unsigned btype); -int _gnutls_dsa_sign (gnutls_datum_t * signature, - const gnutls_datum_t * plaintext, gnutls_pk_params_st*); int _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext, const gnutls_datum_t * ciphertext, gnutls_pk_params_st* params, diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index b71e04a224..f1737c0754 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -143,6 +143,29 @@ privkey_to_pubkey (gnutls_pk_algorithm_t pk, goto cleanup; } + break; + case GNUTLS_PK_ECC: + pub->params[0] = _gnutls_mpi_copy (priv->params[0]); + pub->params[1] = _gnutls_mpi_copy (priv->params[1]); + pub->params[2] = _gnutls_mpi_copy (priv->params[2]); + pub->params[3] = _gnutls_mpi_copy (priv->params[3]); + pub->params[4] = _gnutls_mpi_copy (priv->params[4]); + pub->params[5] = _gnutls_mpi_copy (priv->params[5]); + pub->params[6] = _gnutls_mpi_copy (priv->params[6]); + + pub->params_nr = ECC_PUBLIC_PARAMS; + pub->flags = priv->flags; + + if (pub->params[0] == NULL || pub->params[1] == NULL || + pub->params[2] == NULL || pub->params[3] == NULL || + pub->params[4] == NULL || pub->params[5] == NULL || + pub->params[6] == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + break; default: gnutls_assert (); diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c index 6e7cb10899..4331165998 100644 --- a/lib/gnutls_sig.c +++ b/lib/gnutls_sig.c @@ -183,18 +183,14 @@ _gnutls_soft_sign (gnutls_pk_algorithm_t algo, gnutls_pk_params_st * params, } break; - case GNUTLS_PK_DSA: - /* sign */ - if ((ret = _gnutls_dsa_sign (signature, data, params)) < 0) + default: + ret = _gnutls_pk_sign( algo, signature, data, params); + if (ret < 0) { gnutls_assert (); return ret; } break; - default: - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - break; } return 0; @@ -752,22 +748,6 @@ pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, { int ret; - switch (pk) - { - case GNUTLS_PK_RSA: - break; - case GNUTLS_PK_DSA: - if (params && hash != _gnutls_dsa_q_to_hash (pk, params)) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - break; - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - digest->size = _gnutls_hash_get_algo_len (hash); digest->data = gnutls_malloc (digest->size); if (digest->data == NULL) @@ -903,6 +883,7 @@ pk_prepare_hash (gnutls_pk_algorithm_t pk, _gnutls_free_datum (&old_digest); break; case GNUTLS_PK_DSA: + case GNUTLS_PK_ECC: break; default: gnutls_assert (); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index d2653c5ef2..76fe41a350 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -960,9 +960,10 @@ _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash, switch (pk) { case GNUTLS_PK_DSA: + case GNUTLS_PK_ECC: if (hash) - *hash = _gnutls_dsa_q_to_hash (GNUTLS_PK_DSA, issuer_params); + *hash = _gnutls_dsa_q_to_hash (pk, issuer_params); ret = 0; break;