const gnutls_datum_t * data,
gnutls_datum_t * signature);
int
+gnutls_pkcs11_privkey_sign_hash2 (gnutls_pkcs11_privkey_t signer,
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature);
+
+int
gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
unsigned int flags,
const gnutls_datum_t * ciphertext,
return ret;
}
+/**
+ * gnutls_pkcs11_privkey_sign_hash2:
+ * @signer: Holds the signer's key
+ * @hash_algo: The hash algorithm used
+ * @flags: zero for now
+ * @hash_data: holds the data to be signed
+ * @signature: will contain newly allocated signature
+ *
+ * This function will sign the given hashed data using a signature algorithm
+ * supported by the private key. Signature algorithms are always used
+ * together with a hash functions. Different hash functions may be
+ * used for the RSA algorithm, but only SHA-XXX for the DSA keys.
+ *
+ * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
+ * the hash algorithm.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_privkey_sign_hash2 (gnutls_pkcs11_privkey_t signer,
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
+{
+ int ret;
+ gnutls_datum_t digest;
+
+ digest.data = gnutls_malloc(hash_data->size);
+ if (digest.data == NULL)
+ {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ digest.size = hash_data->size;
+ memcpy(digest.data, hash_data->data, digest.size);
+
+ ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_pkcs11_privkey_sign_hash (signer, &digest, signature);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ _gnutls_free_datum(&digest);
+ return ret;
+}
/**
* gnutls_pkcs11_privkey_import_url: