]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
deprecated x509/sign.h and moved functionality of it in gnutls_sig.h.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 12 Dec 2010 08:40:29 +0000 (09:40 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Sun, 12 Dec 2010 08:40:29 +0000 (09:40 +0100)
12 files changed:
lib/gnutls_privkey.c
lib/gnutls_pubkey.c
lib/gnutls_sig.c
lib/gnutls_sig.h
lib/openpgp/gnutls_openpgp.h
lib/openpgp/privkey.c
lib/pkcs11_int.h
lib/pkcs11_privkey.c
lib/x509/Makefile.am
lib/x509/privkey.c
lib/x509/sign.c
lib/x509/sign.h [deleted file]

index 4ba21d4e8d907f36cb01c2de85d0fe31d1232a7c..4e3b6402059cccc2a080d0250d12b432511f6f75 100644 (file)
 #include <gnutls_datum.h>
 #include <pkcs11_int.h>
 #include <gnutls/abstract.h>
-#include <sign.h>
 #include <gnutls_pk.h>
 #include <x509_int.h>
 #include <openpgp/openpgp_int.h>
+#include <openpgp/gnutls_openpgp.h>
+#include <gnutls_sig.h>
 
 struct gnutls_privkey_st
 {
@@ -385,7 +386,7 @@ _gnutls_privkey_sign_hash (gnutls_privkey_t key,
                                               hash, signature);
 #endif
     case GNUTLS_PRIVKEY_PKCS11:
-      return gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
+      return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
                                              hash, signature);
     case GNUTLS_PRIVKEY_X509:
       return _gnutls_soft_sign (key->key.x509->pk_algorithm, key->key.x509->params,
index bce1334398eadab50efd0397117632ae9870ef58..7169aecb80481d70456bd7d39dc77fe1b800e852 100644 (file)
@@ -30,7 +30,6 @@
 #include <gnutls_datum.h>
 #include <pkcs11_int.h>
 #include <gnutls/abstract.h>
-#include <sign.h>
 #include <gnutls_pk.h>
 #include <x509_int.h>
 #include <openpgp/openpgp_int.h>
index 165a6dc03a93b4a8b88751531cd6f9b274d22d17..714cf3540956e4044e5111526acddb87750a921d 100644 (file)
@@ -304,7 +304,7 @@ _gnutls_tls_sign (gnutls_session_t session,
        }
     }
 
-  return gnutls_privkey_sign_hash (pkey, hash_concat, signature);
+  return _gnutls_privkey_sign_hash (pkey, hash_concat, signature);
 }
 
 static int
@@ -796,3 +796,165 @@ _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session,
 
   return ret;
 }
+
+int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+  bigint_t * params,
+  const gnutls_datum_t * data, gnutls_datum_t * digest)
+{
+  int ret;
+
+  switch (pk)
+    {
+    case GNUTLS_PK_RSA:
+      if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA224 &&
+        hash != GNUTLS_DIG_SHA256)
+        {
+          gnutls_assert ();
+          return GNUTLS_E_INVALID_REQUEST;
+        }
+      break;
+    case GNUTLS_PK_DSA:
+      if (params && hash != _gnutls_dsa_q_to_hash (params[1]))
+        {
+          gnutls_assert ();
+          return GNUTLS_E_INVALID_REQUEST;
+        }
+      break;
+    default:
+      gnutls_assert();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  digest->size = _gnutls_hash_get_algo_len (hash);
+  digest->data = gnutls_malloc (digest->size);
+  if (digest->data == NULL)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_MEMORY_ERROR;
+    }
+
+  ret = _gnutls_hash_fast(hash, data->data, data->size, digest->data);
+  if (ret < 0)
+    {
+      gnutls_assert();
+      goto cleanup;
+    }
+
+  return 0;
+
+cleanup:
+  gnutls_free(digest->data);
+  return ret;
+}
+
+/* Writes the digest information and the digest in a DER encoded
+ * structure. The digest info is allocated and stored into the info structure.
+ */
+static int
+encode_ber_digest_info (gnutls_digest_algorithm_t hash,
+                       const gnutls_datum_t * digest,
+                       gnutls_datum_t * output)
+{
+  ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+  int result;
+  const char *algo;
+  opaque* tmp_output;
+  int tmp_output_size;
+
+  algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash);
+  if (algo == NULL)
+    {
+      gnutls_assert ();
+      _gnutls_x509_log ("Hash algorithm: %d\n", hash);
+      return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+    }
+
+  if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
+                                    "GNUTLS.DigestInfo",
+                                    &dinfo)) != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      return _gnutls_asn2err (result);
+    }
+
+  result = asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1);
+  if (result != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return _gnutls_asn2err (result);
+    }
+
+  /* Write an ASN.1 NULL in the parameters field.  This matches RFC
+     3279 and RFC 4055, although is arguable incorrect from a historic
+     perspective (see those documents for more information).
+     Regardless of what is correct, this appears to be what most
+     implementations do.  */
+  result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
+                            ASN1_NULL, ASN1_NULL_SIZE);
+  if (result != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return _gnutls_asn2err (result);
+    }
+
+  result = asn1_write_value (dinfo, "digest", digest->data, digest->size);
+  if (result != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return _gnutls_asn2err (result);
+    }
+
+  tmp_output_size = 0;
+  asn1_der_coding (dinfo, "", NULL, &tmp_output_size, NULL);
+
+  tmp_output = gnutls_malloc (tmp_output_size);
+  if (output->data == NULL)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return GNUTLS_E_MEMORY_ERROR;
+    }
+
+  result = asn1_der_coding (dinfo, "", tmp_output, &tmp_output_size, NULL);
+  if (result != ASN1_SUCCESS)
+    {
+      gnutls_assert ();
+      asn1_delete_structure (&dinfo);
+      return _gnutls_asn2err (result);
+    }
+
+  asn1_delete_structure (&dinfo);
+  
+  output->size = tmp_output_size;
+  output->data = tmp_output;
+
+  return 0;
+}
+
+/* if hash==MD5 then we do RSA-MD5
+ * if hash==SHA then we do RSA-SHA
+ * params[0] is modulus
+ * params[1] is public key
+ */
+int
+pk_prepare_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
+                  gnutls_datum_t * digest)
+{
+  int ret;
+  gnutls_datum old_digest = { digest->data, digest->size };
+
+  /* Encode the digest as a DigestInfo
+   */
+  if ((ret = encode_ber_digest_info (hash, digest, digest)) != 0)
+    {
+      gnutls_assert ();
+      return ret;
+    }
+
+  _gnutls_free_datum(&old_digest);
+
+  return 0;
+}
index 77a97afa4d90c326861d35b553d0d9d5264ceba6..3d85f03e4c1701de1f60e4e71b437545e845e2e2 100644 (file)
@@ -56,4 +56,14 @@ int _gnutls_soft_sign (gnutls_pk_algorithm_t algo,
                       const gnutls_datum_t * data,
                       gnutls_datum_t * signature);
 
+int pk_prepare_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
+                      gnutls_datum_t * output);
+int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+  bigint_t * params, const gnutls_datum_t * data, gnutls_datum_t * digest);
+
+int
+_gnutls_privkey_sign_hash (gnutls_privkey_t key,
+                         const gnutls_datum_t * hash,
+                         gnutls_datum_t * signature);
+
 #endif
index b5f67d40fe32806c370f230f609584729a5e2e67..c89b867f1c0f67fe494f4ab923e202306ea6aa1f 100644 (file)
@@ -49,6 +49,11 @@ time_t _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t *
 time_t _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t *
                                                    cert);
 
+int
+_gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
+                                 const gnutls_datum_t * hash,
+                                 gnutls_datum_t * signature);
+
 
 #endif /*GNUTLS_OPENPGP_LOCAL_H */
 
index ab888a7f581e8b955027d610b94feaa90b957d26..0199cd3adea16b4b320afa11bb4bb1e62693572e 100644 (file)
@@ -34,6 +34,7 @@
 #include <openpgp_int.h>
 #include <gnutls_openpgp.h>
 #include <gnutls_cert.h>
+#include <gnutls_sig.h>
 
 /**
  * gnutls_openpgp_privkey_init:
index 23aeb1ba96ca1320196dfe18b0c9119e5ebf1682..4725d1ef54c9b87747f6e3c6249b45e9bc010799 100644 (file)
@@ -97,4 +97,9 @@ int pkcs11_find_object (pakchois_session_t ** _pks,
 
 unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
 
+int
+_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
+                                const gnutls_datum_t * hash,
+                                gnutls_datum_t * signature);
+
 #endif
index efc5e6de2e8fd111142d8ac93ed659eaa86e52ed..547db4d5ac23c1b71b8aa9f34f4a877d75bcbced 100644 (file)
@@ -29,7 +29,7 @@
 #include <gnutls_errors.h>
 #include <gnutls_datum.h>
 #include <pkcs11_int.h>
-#include <sign.h>
+#include <gnutls_sig.h>
 
 struct gnutls_pkcs11_privkey_st
 {
@@ -165,7 +165,7 @@ gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer,
       goto cleanup;
     }
 
-  ret = gnutls_pkcs11_privkey_sign_hash (signer, &digest, signature);
+  ret = _gnutls_pkcs11_privkey_sign_hash (signer, &digest, signature);
   _gnutls_free_datum (&digest);
 
   if (ret < 0)
@@ -195,8 +195,8 @@ cleanup:
                } \
        } while (ret < 0);
 
-/**
- * gnutls_pkcs11_privkey_sign_hash:
+/*-
+ * _gnutls_pkcs11_privkey_sign_hash:
  * @key: Holds the key
  * @hash: holds the data to be signed (should be output of a hash)
  * @signature: will contain the signature allocated with gnutls_malloc()
@@ -207,9 +207,9 @@ cleanup:
  *
  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
  *   negative error value.
**/
-*/
 int
-gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
+_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
                                 const gnutls_datum_t * hash,
                                 gnutls_datum_t * signature)
 {
index 042f7ebb51460333532ae083d56b4d908bec6223..0081521fc5264091e07ba6263fc2f9be864fcd78 100644 (file)
@@ -37,7 +37,6 @@ noinst_LTLIBRARIES = libgnutls_x509.la
 libgnutls_x509_la_SOURCES =    \
        common.c                \
        common.h                \
-       sign.h                  \
        crl.c                   \
        crl_write.c             \
        crq.c                   \
index eeac8090aa87c6db2c9089f352a94e1981ed5aaa..32560a5d6d69c7d3b0a5fa5db9d52959c5b39b26 100644 (file)
@@ -34,7 +34,6 @@
 #include <x509_b64.h>
 #include <x509_int.h>
 #include <gnutls_pk.h>
-#include <sign.h>
 #include <gnutls_mpi.h>
 
 static int _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params);
index 29dbc6656f7178c596a12f13ac162236700a5100..07f7ef6c6085bc0a507742d28e6fb54c93d01bbd 100644 (file)
 #include <gnutls_datum.h>
 #include <x509_int.h>
 #include <common.h>
-#include <sign.h>
 #include <gnutls/abstract.h>
 
-/* Writes the digest information and the digest in a DER encoded
- * structure. The digest info is allocated and stored into the info structure.
- */
-static int
-encode_ber_digest_info (gnutls_digest_algorithm_t hash,
-                       const gnutls_datum_t * digest,
-                       gnutls_datum_t * output)
-{
-  ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
-  int result;
-  const char *algo;
-  opaque* tmp_output;
-  int tmp_output_size;
-
-  algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash);
-  if (algo == NULL)
-    {
-      gnutls_assert ();
-      _gnutls_x509_log ("Hash algorithm: %d\n", hash);
-      return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
-    }
-
-  if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
-                                    "GNUTLS.DigestInfo",
-                                    &dinfo)) != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      return _gnutls_asn2err (result);
-    }
-
-  result = asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
-    }
-
-  /* Write an ASN.1 NULL in the parameters field.  This matches RFC
-     3279 and RFC 4055, although is arguable incorrect from a historic
-     perspective (see those documents for more information).
-     Regardless of what is correct, this appears to be what most
-     implementations do.  */
-  result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
-                            ASN1_NULL, ASN1_NULL_SIZE);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
-    }
-
-  result = asn1_write_value (dinfo, "digest", digest->data, digest->size);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
-    }
-
-  tmp_output_size = 0;
-  asn1_der_coding (dinfo, "", NULL, &tmp_output_size, NULL);
-
-  tmp_output = gnutls_malloc (tmp_output_size);
-  if (output->data == NULL)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  result = asn1_der_coding (dinfo, "", tmp_output, &tmp_output_size, NULL);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&dinfo);
-      return _gnutls_asn2err (result);
-    }
-
-  asn1_delete_structure (&dinfo);
-  
-  output->size = tmp_output_size;
-  output->data = tmp_output;
-
-  return 0;
-}
-
-int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
-  bigint_t * params,
-  const gnutls_datum_t * data, gnutls_datum_t * digest)
-{
-  int ret;
-
-  switch (pk)
-    {
-    case GNUTLS_PK_RSA:
-      if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA224 &&
-        hash != GNUTLS_DIG_SHA256)
-        {
-          gnutls_assert ();
-          return GNUTLS_E_INVALID_REQUEST;
-        }
-      break;
-    case GNUTLS_PK_DSA:
-      if (params && hash != _gnutls_dsa_q_to_hash (params[1]))
-        {
-          gnutls_assert ();
-          return GNUTLS_E_INVALID_REQUEST;
-        }
-      break;
-    default:
-      gnutls_assert();
-      return GNUTLS_E_INVALID_REQUEST;
-    }
-
-  digest->size = _gnutls_hash_get_algo_len (hash);
-  digest->data = gnutls_malloc (digest->size);
-  if (digest->data == NULL)
-    {
-      gnutls_assert ();
-      return GNUTLS_E_MEMORY_ERROR;
-    }
-
-  ret = _gnutls_hash_fast(hash, data->data, data->size, digest->data);
-  if (ret < 0)
-    {
-      gnutls_assert();
-      goto cleanup;
-    }
-
-  return 0;
-
-cleanup:
-  gnutls_free(digest->data);
-  return ret;
-}
-
-/* if hash==MD5 then we do RSA-MD5
- * if hash==SHA then we do RSA-SHA
- * params[0] is modulus
- * params[1] is public key
- */
-int
-pk_prepare_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
-                  gnutls_datum_t * digest)
-{
-  int ret;
-  gnutls_datum old_digest = { digest->data, digest->size };
-
-  /* Encode the digest as a DigestInfo
-   */
-  if ((ret = encode_ber_digest_info (hash, digest, digest)) != 0)
-    {
-      gnutls_assert ();
-      return ret;
-    }
-
-  _gnutls_free_datum(&old_digest);
-
-  return 0;
-}
-
 /* This is the same as the _gnutls_x509_sign, but this one will decode
  * the ASN1_TYPE given, and sign the DER data. Actually used to get the DER
  * of the TBS and sign it on the fly.
diff --git a/lib/x509/sign.h b/lib/x509/sign.h
deleted file mode 100644 (file)
index 5992bbd..0000000
+++ /dev/null
@@ -1,9 +0,0 @@
-#ifndef GNUTLS_SIGN_H
-#define GNUTLS_SIGN_H
-
-int pk_prepare_pkcs1_rsa_hash (gnutls_digest_algorithm_t hash,
-                      gnutls_datum_t * output);
-int pk_hash_data(gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
-  bigint_t * params, const gnutls_datum_t * data, gnutls_datum_t * digest);
-
-#endif