]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
added gnutls_privkey_sign_hash2()
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 13 Dec 2010 21:01:51 +0000 (22:01 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 13 Dec 2010 21:03:29 +0000 (22:03 +0100)
lib/includes/gnutls/pkcs11.h
lib/pkcs11_privkey.c

index c5a14660ea49f990289b88eec504f2f2058f0be3..937193fd48b990154d2d6379c66f0882581f2fcd 100644 (file)
@@ -201,6 +201,13 @@ int gnutls_pkcs11_privkey_sign_data (gnutls_pkcs11_privkey_t signer,
                                     const gnutls_datum_t * data,
                                     gnutls_datum_t * signature);
 int
+gnutls_pkcs11_privkey_sign_hash2 (gnutls_pkcs11_privkey_t signer,
+                               gnutls_digest_algorithm_t hash_algo,
+                               unsigned int flags,
+                               const gnutls_datum_t * hash_data,
+                               gnutls_datum_t * signature);
+
+int
 gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
                                    unsigned int flags,
                                    const gnutls_datum_t * ciphertext,
index a72488014a75cc80b01c5ad98c493ff08b2529c6..208e6e7be0823771a91a9f5da9995a4ed27737f2 100644 (file)
@@ -257,6 +257,64 @@ cleanup:
   return ret;
 }
 
+/**
+ * gnutls_pkcs11_privkey_sign_hash2:
+ * @signer: Holds the signer's key
+ * @hash_algo: The hash algorithm used
+ * @flags: zero for now
+ * @hash_data: holds the data to be signed
+ * @signature: will contain newly allocated signature
+ *
+ * This function will sign the given hashed data using a signature algorithm
+ * supported by the private key. Signature algorithms are always used
+ * together with a hash functions.  Different hash functions may be
+ * used for the RSA algorithm, but only SHA-XXX for the DSA keys.
+ *
+ * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
+ * the hash algorithm.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ *   negative error value.
+ **/
+int
+gnutls_pkcs11_privkey_sign_hash2 (gnutls_pkcs11_privkey_t signer,
+                               gnutls_digest_algorithm_t hash_algo,
+                               unsigned int flags,
+                               const gnutls_datum_t * hash_data,
+                               gnutls_datum_t * signature)
+{
+  int ret;
+  gnutls_datum_t digest;
+
+  digest.data = gnutls_malloc(hash_data->size);
+  if (digest.data == NULL)
+    {
+      gnutls_assert();
+      return GNUTLS_E_MEMORY_ERROR;
+    }
+  digest.size = hash_data->size;
+  memcpy(digest.data, hash_data->data, digest.size);
+
+  ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
+  if (ret < 0)
+    {
+      gnutls_assert ();
+      goto cleanup;
+    }
+
+  ret = _gnutls_pkcs11_privkey_sign_hash (signer, &digest, signature);
+  if (ret < 0)
+    {
+      gnutls_assert ();
+      goto cleanup;
+    }
+
+  ret = 0;
+
+cleanup:
+  _gnutls_free_datum(&digest);
+  return ret;
+}
 
 /**
  * gnutls_pkcs11_privkey_import_url: