gnutls_x509_trust_list_add_trust_file: Added
gnutls_x509_trust_list_add_trust_mem: Added
gnutls_pk_to_sign: Added
+gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2)
+gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)
* Version 3.0.19 (unreleased)
FUNCS += functions/gnutls_pubkey_encrypt_data
FUNCS += functions/gnutls_x509_crt_set_pubkey
FUNCS += functions/gnutls_x509_crq_set_pubkey
-FUNCS += functions/gnutls_pubkey_verify_hash
FUNCS += functions/gnutls_pubkey_verify_hash2
FUNCS += functions/gnutls_pubkey_get_verify_algorithm
-FUNCS += functions/gnutls_pubkey_verify_data
FUNCS += functions/gnutls_pubkey_verify_data2
FUNCS += functions/gnutls_privkey_init
FUNCS += functions/gnutls_privkey_deinit
FUNCS += functions/gnutls_pcert_deinit
FUNCS += functions/gnutls_certificate_set_retrieve_function2
FUNCS += functions/gnutls_certificate_set_key
+FUNCS += functions/gnutls_pubkey_verify_data
+FUNCS += functions/gnutls_pubkey_verify_hash
FUNCS += functions/gnutls_sign_callback_set
FUNCS += functions/gnutls_sign_callback_get
FUNCS += functions/gnutls_x509_privkey_sign_hash
* parameters from the certificate.
*
* Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
- * is returned, and zero or positive code on success. Use gnutls_pubkey_verify_data2()
- * instead of this function.
+ * is returned, and zero or positive code on success.
+ *
+ * Deprecated. Use gnutls_pubkey_verify_data2() instead of this function.
*
* Since: 2.12.0
**/
* @signature: contains the signature
*
* This function will verify the given signed digest, using the
- * parameters from the public key. Use gnutls_pubkey_verify_hash2()
- * instead of this function.
+ * parameters from the public key.
+ *
+ * Deprecated. Use gnutls_pubkey_verify_hash2() instead of this function.
*
* Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
* is returned, and zero or positive code on success.
#define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA 1
int
-gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature);
-int
gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key,
gnutls_sign_algorithm_t algo,
unsigned int flags,
const gnutls_datum_t * signature,
gnutls_digest_algorithm_t * hash);
-int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature);
int
gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
gnutls_sign_algorithm_t algo,
int pcert_list_size,
gnutls_privkey_t key);
+#include <gnutls/compat.h>
+
+int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
+
#ifdef __cplusplus
}
#endif
_rsa_params_to_privkey (pk_params, &priv);
mpz_init(s);
-// XXX change with _tr
+
+/* XXX update when _tr is available */
ret = rsa_pkcs1_sign(&priv, vdata->size, vdata->data, s);
if (ret == 0)
{
return 0;
}
+static int
+extract_digest_info(const struct rsa_public_key *key,
+ unsigned *length, uint8_t *digest_info,
+ const mpz_t signature)
+{
+ unsigned i;
+ int ret;
+ mpz_t m;
+ uint8_t *em;
+
+ if (key->size == 0 || *length < key->size)
+ return 0;
+
+ em = gnutls_malloc(key->size);
+ if (em == NULL)
+ return 0;
+
+ mpz_init (m);
+
+ mpz_powm(m, signature, key->e, key->n);
+
+ nettle_mpz_get_str_256(key->size, em, m);
+ mpz_clear(m);
+
+ if (em[0] != 0 || em[1] != 1)
+ {
+ ret = 0;
+ goto cleanup;
+ }
+
+ for (i = 2; i < key->size; i++)
+ {
+ if (em[i] == 0 && i > 2)
+ break;
+
+ if (em[i] != 0xff)
+ {
+ ret = 0;
+ goto cleanup;
+ }
+ }
+
+ i++;
+ memcpy(digest_info, &em[i], key->size-i);
+ *length = key->size-i;
+
+ ret = 1;
+cleanup:
+ gnutls_free(em);
+
+ return ret;
+}
+
static int wrap_nettle_hash_algorithm (gnutls_pk_algorithm_t pk,
const gnutls_datum_t * sig, gnutls_pk_params_st * issuer_params,
gnutls_digest_algorithm_t* hash_algo)
nettle_mpz_set_str_256_u(s, sig->size, sig->data);
digest_size = sizeof (digest_info);
- ret = rsa_pkcs1_sign_extract_digest_info( &pub, &digest_size, digest_info, s);
+ ret = extract_digest_info( &pub, &digest_size, digest_info, s);
if (ret == 0)
{
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;