]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
updates
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 9 May 2012 18:32:42 +0000 (20:32 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 22 May 2012 07:20:26 +0000 (09:20 +0200)
NEWS
doc/Makefile.am
lib/gnutls_pubkey.c
lib/includes/gnutls/abstract.h
lib/nettle/pk.c

diff --git a/NEWS b/NEWS
index 81e46e01ae5cb9e98ae69ce0f00ee7e88e02dcfe..b8384db6aa9ffa4fa4ef5a16fca7e010efef936d 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,8 @@ gnutls_x509_trust_list_add_system_trust: Added
 gnutls_x509_trust_list_add_trust_file: Added
 gnutls_x509_trust_list_add_trust_mem: Added
 gnutls_pk_to_sign: Added
+gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2)
+gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)
 
 
 * Version 3.0.19 (unreleased)
index e922ed9d21fe12fa9ce470d1eb2b37dbefa9cdf9..f6a29b3e821bbce95cdf5acbfe3c1ee98ee61ec7 100644 (file)
@@ -502,10 +502,8 @@ FUNCS += functions/gnutls_pubkey_import_ecc_raw
 FUNCS += functions/gnutls_pubkey_encrypt_data
 FUNCS += functions/gnutls_x509_crt_set_pubkey
 FUNCS += functions/gnutls_x509_crq_set_pubkey
-FUNCS += functions/gnutls_pubkey_verify_hash
 FUNCS += functions/gnutls_pubkey_verify_hash2
 FUNCS += functions/gnutls_pubkey_get_verify_algorithm
-FUNCS += functions/gnutls_pubkey_verify_data
 FUNCS += functions/gnutls_pubkey_verify_data2
 FUNCS += functions/gnutls_privkey_init
 FUNCS += functions/gnutls_privkey_deinit
@@ -529,6 +527,8 @@ FUNCS += functions/gnutls_pcert_import_openpgp
 FUNCS += functions/gnutls_pcert_deinit
 FUNCS += functions/gnutls_certificate_set_retrieve_function2
 FUNCS += functions/gnutls_certificate_set_key
+FUNCS += functions/gnutls_pubkey_verify_data
+FUNCS += functions/gnutls_pubkey_verify_hash
 FUNCS += functions/gnutls_sign_callback_set
 FUNCS += functions/gnutls_sign_callback_get
 FUNCS += functions/gnutls_x509_privkey_sign_hash
index ab7a6672648a9ebc98be91f9e8cd25537f99caf7..aaae7024f990c41b163a23b8b220a4e8a366295b 100644 (file)
@@ -1305,8 +1305,9 @@ gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
  * parameters from the certificate.
  *
  * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED 
- * is returned, and zero or positive code on success. Use gnutls_pubkey_verify_data2()
- * instead of this function.
+ * is returned, and zero or positive code on success. 
+ *
+ * Deprecated. Use gnutls_pubkey_verify_data2() instead of this function.
  *
  * Since: 2.12.0
  **/
@@ -1383,8 +1384,9 @@ gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
  * @signature: contains the signature
  *
  * This function will verify the given signed digest, using the
- * parameters from the public key. Use gnutls_pubkey_verify_hash2()
- * instead of this function.
+ * parameters from the public key. 
+ *
+ * Deprecated. Use gnutls_pubkey_verify_hash2() instead of this function.
  *
  * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED 
  * is returned, and zero or positive code on success.
index a99c92cb660cfa34dd70368079d30e7113992bd4..f12e9ac3deeff11c72b7d1e82193243ebee573f8 100644 (file)
@@ -137,10 +137,6 @@ int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key);
 
 #define GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA 1
 int
-gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
-                           const gnutls_datum_t * hash,
-                           const gnutls_datum_t * signature);
-int
 gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key, 
                             gnutls_sign_algorithm_t algo,
                             unsigned int flags,
@@ -152,10 +148,6 @@ gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
                                     const gnutls_datum_t * signature,
                                     gnutls_digest_algorithm_t * hash);
 
-int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
-                                   unsigned int flags,
-                                   const gnutls_datum_t * data,
-                                   const gnutls_datum_t * signature);
 int
 gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey, 
                            gnutls_sign_algorithm_t algo,
@@ -297,6 +289,17 @@ gnutls_certificate_set_key (gnutls_certificate_credentials_t res,
                             int pcert_list_size,
                             gnutls_privkey_t key);
 
+#include <gnutls/compat.h>
+
+int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
+                               unsigned int flags,
+                               const gnutls_datum_t * data,
+                               const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+int gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
+                           const gnutls_datum_t * hash,
+                           const gnutls_datum_t * signature) _GNUTLS_GCC_ATTR_DEPRECATED;
+
 #ifdef __cplusplus
 }
 #endif
index 5932188c6d6c3ec0d7030d8f17992fc25ded102e..431765679a51c62fc8162ece8555070b328d61d9 100644 (file)
@@ -415,7 +415,8 @@ _wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
         _rsa_params_to_privkey (pk_params, &priv);
         
         mpz_init(s);
-// XXX change with _tr
+
+/* XXX update when _tr is available */
         ret = rsa_pkcs1_sign(&priv, vdata->size, vdata->data, s);
         if (ret == 0)
           {
@@ -983,6 +984,59 @@ wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo,
   return 0;
 }
 
+static int
+extract_digest_info(const struct rsa_public_key *key,
+                unsigned *length, uint8_t *digest_info,
+                const mpz_t signature)
+{
+  unsigned i;
+  int ret;
+  mpz_t m;
+  uint8_t *em;
+
+  if (key->size == 0 || *length < key->size)
+    return 0;
+
+  em = gnutls_malloc(key->size);
+  if (em == NULL)
+    return 0;
+
+  mpz_init (m);
+
+  mpz_powm(m, signature, key->e, key->n);
+
+  nettle_mpz_get_str_256(key->size, em, m);
+  mpz_clear(m);
+  
+  if (em[0] != 0 || em[1] != 1)
+    {
+      ret = 0;
+      goto cleanup;
+    }
+  
+  for (i = 2; i < key->size; i++)
+    {
+      if (em[i] == 0 && i > 2)
+        break;
+      
+      if (em[i] != 0xff)
+        {
+          ret = 0;
+          goto cleanup;
+        }
+    }
+
+  i++;
+  memcpy(digest_info, &em[i], key->size-i);
+  *length = key->size-i;
+  
+  ret = 1;
+cleanup:
+  gnutls_free(em);
+
+  return ret;
+}
+
 static int wrap_nettle_hash_algorithm (gnutls_pk_algorithm_t pk, 
     const gnutls_datum_t * sig, gnutls_pk_params_st * issuer_params,
     gnutls_digest_algorithm_t* hash_algo)
@@ -1022,7 +1076,7 @@ static int wrap_nettle_hash_algorithm (gnutls_pk_algorithm_t pk,
       nettle_mpz_set_str_256_u(s, sig->size, sig->data);
       
       digest_size = sizeof (digest_info);
-      ret = rsa_pkcs1_sign_extract_digest_info( &pub, &digest_size, digest_info, s);
+      ret = extract_digest_info( &pub, &digest_size, digest_info, s);
       if (ret == 0)
         {
           ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;