From: Nikos Mavrogiannopoulos Date: Tue, 8 Nov 2011 21:06:26 +0000 (+0100) Subject: No need to distribute the libgcrypt backend (which cannot even be compiled). X-Git-Tag: gnutls_3_0_8~51 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8116cdc8f131edd586dad3128ae35dd744cfc32f;p=thirdparty%2Fgnutls.git No need to distribute the libgcrypt backend (which cannot even be compiled). --- diff --git a/configure.ac b/configure.ac index 2e7e57992d..70554cfe81 100644 --- a/configure.ac +++ b/configure.ac @@ -487,7 +487,6 @@ AC_CONFIG_FILES([ lib/openpgp/Makefile po/Makefile.in lib/x509/Makefile - lib/gcrypt/Makefile lib/nettle/Makefile tests/suite/Makefile lib/accelerated/Makefile diff --git a/lib/Makefile.am b/lib/Makefile.am index 1edaa5e61f..90c336922f 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -81,8 +81,6 @@ endif if ENABLE_NETTLE SUBDIRS += nettle -else -SUBDIRS += gcrypt endif HFILES = abstract_int.h debug.h gnutls_compress.h gnutls_cipher.h \ @@ -138,9 +136,6 @@ endif if ENABLE_NETTLE libgnutls_la_LDFLAGS += $(LTLIBNETTLE) libgnutls_la_LIBADD += nettle/libcrypto.la -else -libgnutls_la_LDFLAGS += $(LTLIBGCRYPT) -libgnutls_la_LIBADD += gcrypt/libcrypto.la endif if HAVE_LD_OUTPUT_DEF diff --git a/lib/gcrypt/Makefile.am b/lib/gcrypt/Makefile.am deleted file mode 100644 index e2d7fc4abf..0000000000 --- a/lib/gcrypt/Makefile.am +++ /dev/null @@ -1,34 +0,0 @@ -## Process this file with automake to produce Makefile.in -# Copyright (C) 2004-2011 Free Software Foundation, Inc. -# -# Author: Nikos Mavroyanopoulos -# -# This file is part of GNUTLS. -# -# The GNUTLS library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public License -# as published by the Free Software Foundation; either version 3 of -# the License, or (at your option) any later version. -# -# The GNUTLS library is distributed in the hope that it will be -# useful, but WITHOUT ANY WARRANTY; without even the implied warranty -# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public License -# along with this program. If not, see - -AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS) -AM_CPPFLAGS = \ - -I$(srcdir)/../../gl \ - -I$(srcdir)/../includes \ - -I$(builddir)/../includes \ - -I$(srcdir)/.. - -if ENABLE_MINITASN1 -AM_CPPFLAGS += -I$(srcdir)/../minitasn1 -endif - -noinst_LTLIBRARIES = libcrypto.la - -libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c diff --git a/lib/gcrypt/cipher.c b/lib/gcrypt/cipher.c deleted file mode 100644 index e5427c6811..0000000000 --- a/lib/gcrypt/cipher.c +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright (C) 2008, 2010, 2011 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -/* Here lie everything that has to do with large numbers, libgcrypt and - * other stuff that didn't fit anywhere else. - */ - -#include -#include -#include -#include - -/* Functions that refer to the libgcrypt library. - */ - -#error GCM is missing - -static int -wrap_gcry_cipher_init (gnutls_cipher_algorithm_t algo, void **ctx) -{ - int err; - - switch (algo) - { - case GNUTLS_CIPHER_AES_128_CBC: - err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES128, - GCRY_CIPHER_MODE_CBC, 0); - break; - - case GNUTLS_CIPHER_AES_192_CBC: - err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES192, - GCRY_CIPHER_MODE_CBC, 0); - break; - - case GNUTLS_CIPHER_AES_256_CBC: - err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES256, - GCRY_CIPHER_MODE_CBC, 0); - break; - - case GNUTLS_CIPHER_3DES_CBC: - err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_3DES, - GCRY_CIPHER_MODE_CBC, 0); - break; - - case GNUTLS_CIPHER_DES_CBC: - err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_DES, - GCRY_CIPHER_MODE_CBC, 0); - break; - - case GNUTLS_CIPHER_ARCFOUR_128: - case GNUTLS_CIPHER_ARCFOUR_40: - err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_ARCFOUR, - GCRY_CIPHER_MODE_STREAM, 0); - break; - - case GNUTLS_CIPHER_RC2_40_CBC: - err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_RFC2268_40, - GCRY_CIPHER_MODE_CBC, 0); - break; - - case GNUTLS_CIPHER_CAMELLIA_128_CBC: - err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128, - GCRY_CIPHER_MODE_CBC, 0); - break; - - case GNUTLS_CIPHER_CAMELLIA_256_CBC: - err = - gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256, - GCRY_CIPHER_MODE_CBC, 0); - break; - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (err == 0) - return 0; - - gnutls_assert (); - return GNUTLS_E_ENCRYPTION_FAILED; -} - -static int -wrap_gcry_cipher_setkey (void *ctx, const void *key, size_t keysize) -{ - gcry_cipher_setkey (ctx, key, keysize); - return 0; -} - -static int -wrap_gcry_cipher_setiv (void *ctx, const void *iv, size_t ivsize) -{ - gcry_cipher_setiv (ctx, iv, ivsize); - return 0; -} - -static int -wrap_gcry_cipher_decrypt (void *ctx, const void *encr, size_t encrsize, - void *plain, size_t plainsize) -{ - int err; - - err = gcry_cipher_decrypt (ctx, plain, plainsize, encr, encrsize); - if (err == 0) - return 0; - - gnutls_assert (); - return GNUTLS_E_ENCRYPTION_FAILED; -} - -static int -wrap_gcry_cipher_encrypt (void *ctx, const void *plain, size_t plainsize, - void *encr, size_t encrsize) -{ - int err; - - err = gcry_cipher_encrypt (ctx, encr, encrsize, plain, plainsize); - if (err == 0) - return 0; - - gnutls_assert (); - return GNUTLS_E_ENCRYPTION_FAILED; -} - -static void -wrap_gcry_cipher_close (void *h) -{ - gcry_cipher_close (h); -} - - -gnutls_crypto_cipher_st _gnutls_cipher_ops = { - .init = wrap_gcry_cipher_init, - .setkey = wrap_gcry_cipher_setkey, - .setiv = wrap_gcry_cipher_setiv, - .encrypt = wrap_gcry_cipher_encrypt, - .decrypt = wrap_gcry_cipher_decrypt, - .deinit = wrap_gcry_cipher_close, -}; diff --git a/lib/gcrypt/init.c b/lib/gcrypt/init.c deleted file mode 100644 index 3d69f4496b..0000000000 --- a/lib/gcrypt/init.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (C) 2010-2011 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -#include -#include -#include -#include - -#define GNUTLS_MIN_LIBGCRYPT_VERSION "1.2.4" - -/* Functions that refer to the initialization of the libgcrypt library. - */ - -static struct gcry_thread_cbs gct = { - .option = (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)), - .init = NULL, - .select = NULL, - .waitpid = NULL, - .accept = NULL, - .connect = NULL, - .sendmsg = NULL, - .recvmsg = NULL, -}; - -int -gnutls_crypto_init (void) -{ - /* Initialize libgcrypt if it hasn't already been initialized. */ - if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0) - { - const char *p; - - if (gnutls_mutex_init != NULL) - { - gct.mutex_init = gnutls_mutex_init; - gct.mutex_destroy = gnutls_mutex_deinit; - gct.mutex_lock = gnutls_mutex_lock; - gct.mutex_unlock = gnutls_mutex_unlock; - - gcry_control (GCRYCTL_SET_THREAD_CBS, &gct); - } - - p = gcry_check_version (GNUTLS_MIN_LIBGCRYPT_VERSION); - - if (p == NULL) - { - gnutls_assert (); - _gnutls_debug_log ("Checking for libgcrypt failed: %s < %s\n", - gcry_check_version (NULL), - GNUTLS_MIN_LIBGCRYPT_VERSION); - return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY; - } - - /* for gcrypt in order to be able to allocate memory */ - gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0); - - gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0); - - gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0); - } - - return 0; -} diff --git a/lib/gcrypt/mac.c b/lib/gcrypt/mac.c deleted file mode 100644 index a72e65b54c..0000000000 --- a/lib/gcrypt/mac.c +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright (C) 2008-2011 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -/* This file provides is the backend hash/mac API for libgcrypt. - */ - -#include -#include -#include -#include - -static int -wrap_gcry_mac_init (gnutls_mac_algorithm_t algo, void **ctx) -{ - int err; - unsigned int flags = GCRY_MD_FLAG_HMAC; - - switch (algo) - { - case GNUTLS_MAC_MD5: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD5, flags); - break; - case GNUTLS_MAC_SHA1: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA1, flags); - break; - case GNUTLS_MAC_RMD160: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_RMD160, flags); - break; - case GNUTLS_MAC_MD2: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD2, flags); - break; - case GNUTLS_MAC_SHA256: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA256, flags); - break; - case GNUTLS_MAC_SHA384: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA384, flags); - break; - case GNUTLS_MAC_SHA512: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA512, flags); - break; - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (err == 0) - return 0; - - gnutls_assert (); - return GNUTLS_E_ENCRYPTION_FAILED; -} - -static int -wrap_gcry_md_setkey (void *ctx, const void *key, size_t keylen) -{ - return gcry_md_setkey ((gcry_md_hd_t) ctx, key, keylen); -} - -static int -wrap_gcry_md_write (void *ctx, const void *text, size_t textsize) -{ - gcry_md_write (ctx, text, textsize); - return GNUTLS_E_SUCCESS; -} - -static int -wrap_gcry_md_copy (void **bhd, void *ahd) -{ - return gcry_md_copy ((gcry_md_hd_t *) bhd, (gcry_md_hd_t) ahd); -} - -static void -wrap_gcry_md_close (void *hd) -{ - gcry_md_close (hd); -} - -static void -wrap_gcry_md_reset (void *hd) -{ - gcry_md_reset (hd); -} - -static int -wrap_gcry_hash_init (gnutls_mac_algorithm_t algo, void **ctx) -{ - int err; - unsigned int flags = 0; - - switch (algo) - { - case GNUTLS_DIG_MD5: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD5, flags); - break; - case GNUTLS_DIG_SHA1: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA1, flags); - break; - case GNUTLS_DIG_RMD160: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_RMD160, flags); - break; - case GNUTLS_DIG_MD2: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD2, flags); - break; - case GNUTLS_DIG_SHA256: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA256, flags); - break; - case GNUTLS_DIG_SHA224: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA224, flags); - break; - case GNUTLS_DIG_SHA384: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA384, flags); - break; - case GNUTLS_DIG_SHA512: - err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA512, flags); - break; - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (err == 0) - return 0; - - gnutls_assert (); - return GNUTLS_E_ENCRYPTION_FAILED; -} - -static int -wrap_gcry_mac_output (void *src_ctx, void *digest, size_t digestsize) -{ - opaque *_digest = gcry_md_read (src_ctx, 0); - - if (_digest != NULL) - { - unsigned int len = gcry_md_get_algo_dlen (gcry_md_get_algo (src_ctx)); - - if (len <= digestsize && digest != NULL) - memcpy (digest, _digest, len); - - return 0; - } - - gnutls_assert (); - return GNUTLS_E_HASH_FAILED; -} - - -gnutls_crypto_mac_st _gnutls_mac_ops = { - .init = wrap_gcry_mac_init, - .setkey = wrap_gcry_md_setkey, - .hash = wrap_gcry_md_write, - .reset = wrap_gcry_md_reset, - .output = wrap_gcry_mac_output, - .deinit = wrap_gcry_md_close, -}; - -gnutls_crypto_digest_st _gnutls_digest_ops = { - .init = wrap_gcry_hash_init, - .hash = wrap_gcry_md_write, - .copy = wrap_gcry_md_copy, - .reset = wrap_gcry_md_reset, - .output = wrap_gcry_mac_output, - .deinit = wrap_gcry_md_close, -}; diff --git a/lib/gcrypt/mpi.c b/lib/gcrypt/mpi.c deleted file mode 100644 index 5239d7ca3b..0000000000 --- a/lib/gcrypt/mpi.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - * Copyright (C) 2001-2011 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -/* Here lie everything that has to do with large numbers, libgcrypt and - * other stuff that didn't fit anywhere else. - */ - -#include -#include -#include -#include -#include - -/* Functions that refer to the libgcrypt library. - */ - -static inline int -_format_conv (gnutls_bigint_format_t format) -{ - if (format == GNUTLS_MPI_FORMAT_USG) - return GCRYMPI_FMT_USG; - else if (format == GNUTLS_MPI_FORMAT_STD) - return GCRYMPI_FMT_STD; - else - return GCRYMPI_FMT_PGP; -} - -/* returns (0) on success - */ -static bigint_t -wrap_gcry_mpi_scan (const void *buffer, size_t nbytes, - gnutls_bigint_format_t format) -{ - gcry_mpi_t ret_mpi = NULL; - int ret; - - ret = gcry_mpi_scan (&ret_mpi, _format_conv (format), buffer, nbytes, NULL); - if (ret != 0) - return NULL; - - return ret_mpi; -} - -static int -wrap_gcry_mpi_print (const bigint_t a, void *buffer, size_t * nbytes, - gnutls_bigint_format_t format) -{ - int ret; - size_t init_bytes = *nbytes; - - format = _format_conv (format); - - if (nbytes == NULL || a == NULL) - return GNUTLS_E_INVALID_REQUEST; - - ret = gcry_mpi_print (format, buffer, *nbytes, nbytes, a); - if (!ret) - { - if (buffer == NULL || init_bytes < *nbytes) - { - - /* in STD format we may want to include - * an extra byte for (0). Sometimes the gcry_ - * function doesn't add it. - */ - if (format == GNUTLS_MPI_FORMAT_STD) - (*nbytes)++; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - return 0; - } - - return GNUTLS_E_MPI_PRINT_FAILED; -} - -static bigint_t -wrap_gcry_mpi_new (int nbits) -{ - return gcry_mpi_new (nbits); -} - -static int -wrap_gcry_mpi_cmp (const bigint_t u, const bigint_t v) -{ - return gcry_mpi_cmp (u, v); -} - -static int -wrap_gcry_mpi_cmp_ui (const bigint_t u, unsigned long v) -{ - return gcry_mpi_cmp_ui (u, v); -} - -static bigint_t -wrap_gcry_mpi_set (bigint_t w, const bigint_t u) -{ - return gcry_mpi_set (w, u); -} - -static bigint_t -wrap_gcry_mpi_set_ui (bigint_t w, unsigned long u) -{ - return gcry_mpi_set_ui (w, u); -} - -static unsigned int -wrap_gcry_mpi_get_nbits (bigint_t a) -{ - return gcry_mpi_get_nbits (a); -} - -static void -wrap_gcry_mpi_release (bigint_t a) -{ - gcry_mpi_release (a); -} - -#undef _gnutls_mpi_alloc_like -#define _gnutls_mpi_alloc_like(x) gcry_mpi_new(gcry_mpi_get_nbits(x)) - -static bigint_t -wrap_gcry_mpi_mod (const bigint_t a, const bigint_t b) -{ - bigint_t r = _gnutls_mpi_alloc_like (b); - - if (r == NULL) - return NULL; - - gcry_mpi_mod (r, a, b); - - return r; -} - -static bigint_t -wrap_gcry_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e, - const bigint_t m) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (m); - - if (w == NULL) - return NULL; - - gcry_mpi_powm (w, b, e, m); - - return w; -} - -static bigint_t -wrap_gcry_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (m); - - if (w == NULL) - return NULL; - - gcry_mpi_addm (w, a, b, m); - - return w; -} - -static bigint_t -wrap_gcry_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (m); - - if (w == NULL) - return NULL; - - gcry_mpi_subm (w, a, b, m); - - return w; -} - -static bigint_t -wrap_gcry_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b, - const bigint_t m) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (m); - - if (w == NULL) - return NULL; - - gcry_mpi_mulm (w, a, b, m); - - return w; -} - -static bigint_t -wrap_gcry_mpi_add (bigint_t w, const bigint_t a, const bigint_t b) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (b); - - if (w == NULL) - return NULL; - - gcry_mpi_add (w, a, b); - - return w; -} - -static bigint_t -wrap_gcry_mpi_sub (bigint_t w, const bigint_t a, const bigint_t b) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (b); - - if (w == NULL) - return NULL; - - gcry_mpi_sub (w, a, b); - - return w; -} - -static bigint_t -wrap_gcry_mpi_mul (bigint_t w, const bigint_t a, const bigint_t b) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (b); - - if (w == NULL) - return NULL; - - gcry_mpi_mul (w, a, b); - - return w; -} - -/* q = a / b */ -static bigint_t -wrap_gcry_mpi_div (bigint_t q, const bigint_t a, const bigint_t b) -{ - if (q == NULL) - q = _gnutls_mpi_alloc_like (a); - - if (q == NULL) - return NULL; - - gcry_mpi_div (q, NULL, a, b, 0); - - return q; -} - -static bigint_t -wrap_gcry_mpi_add_ui (bigint_t w, const bigint_t a, unsigned long b) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (a); - - if (w == NULL) - return NULL; - - gcry_mpi_add_ui (w, a, b); - - return w; -} - -static bigint_t -wrap_gcry_mpi_sub_ui (bigint_t w, const bigint_t a, unsigned long b) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (a); - - if (w == NULL) - return NULL; - - gcry_mpi_sub_ui (w, a, b); - - return w; -} - -static bigint_t -wrap_gcry_mpi_mul_ui (bigint_t w, const bigint_t a, unsigned long b) -{ - if (w == NULL) - w = _gnutls_mpi_alloc_like (a); - - if (w == NULL) - return NULL; - - gcry_mpi_mul_ui (w, a, b); - - return w; -} - -static int -wrap_gcry_prime_check (bigint_t pp) -{ - return gcry_prime_check (pp, 0); -} - -static int -wrap_gcry_generate_group (gnutls_group_st * group, unsigned int bits) -{ - gcry_mpi_t g = NULL, prime = NULL; - gcry_error_t err; - int times = 0, qbits; - gcry_mpi_t *factors = NULL; - - /* Calculate the size of a prime factor of (prime-1)/2. - * This is an emulation of the values in "Selecting Cryptographic Key Sizes" paper. - */ - if (bits < 256) - qbits = bits / 2; - else - { - qbits = (bits / 40) + 105; - } - - if (qbits & 1) /* better have an even number */ - qbits++; - - /* find a prime number of size bits. - */ - do - { - if (times) - { - gcry_mpi_release (prime); - gcry_prime_release_factors (factors); - } - - err = gcry_prime_generate (&prime, bits, qbits, &factors, - NULL, NULL, GCRY_STRONG_RANDOM, - GCRY_PRIME_FLAG_SPECIAL_FACTOR); - if (err != 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - err = gcry_prime_check (prime, 0); - - times++; - } - while (err != 0 && times < 10); - - if (err != 0) - { - gnutls_assert (); - gcry_mpi_release (prime); - gcry_prime_release_factors (factors); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* generate the group generator. - */ - err = gcry_prime_group_generator (&g, prime, factors, NULL); - gcry_prime_release_factors (factors); - if (err != 0) - { - gnutls_assert (); - gcry_mpi_release (prime); - return GNUTLS_E_INTERNAL_ERROR; - } - - group->g = g; - group->p = prime; - - return 0; -} - -int crypto_bigint_prio = INT_MAX; - -gnutls_crypto_bigint_st _gnutls_mpi_ops = { - .bigint_new = wrap_gcry_mpi_new, - .bigint_cmp = wrap_gcry_mpi_cmp, - .bigint_cmp_ui = wrap_gcry_mpi_cmp_ui, - .bigint_mod = wrap_gcry_mpi_mod, - .bigint_set = wrap_gcry_mpi_set, - .bigint_set_ui = wrap_gcry_mpi_set_ui, - .bigint_get_nbits = wrap_gcry_mpi_get_nbits, - .bigint_powm = wrap_gcry_mpi_powm, - .bigint_addm = wrap_gcry_mpi_addm, - .bigint_subm = wrap_gcry_mpi_subm, - .bigint_add = wrap_gcry_mpi_add, - .bigint_sub = wrap_gcry_mpi_sub, - .bigint_add_ui = wrap_gcry_mpi_add_ui, - .bigint_sub_ui = wrap_gcry_mpi_sub_ui, - .bigint_mul = wrap_gcry_mpi_mul, - .bigint_mulm = wrap_gcry_mpi_mulm, - .bigint_mul_ui = wrap_gcry_mpi_mul_ui, - .bigint_div = wrap_gcry_mpi_div, - .bigint_prime_check = wrap_gcry_prime_check, - .bigint_release = wrap_gcry_mpi_release, - .bigint_print = wrap_gcry_mpi_print, - .bigint_scan = wrap_gcry_mpi_scan, - .bigint_generate_group = wrap_gcry_generate_group -}; diff --git a/lib/gcrypt/pk.c b/lib/gcrypt/pk.c deleted file mode 100644 index 11ff8b68ff..0000000000 --- a/lib/gcrypt/pk.c +++ /dev/null @@ -1,859 +0,0 @@ -/* - * Copyright (C) 2001-2011 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -/* This file contains the functions needed for RSA/DSA public key - * encryption and signatures. - */ - -#error NO ECC SUPPORT - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* this is based on code from old versions of libgcrypt (centuries ago) - */ - -int (*generate) (gnutls_pk_algorithm_t, unsigned int level /*bits */ , - gnutls_pk_params_st *); - -static int -_wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo, - gnutls_datum_t * ciphertext, - const gnutls_datum_t * plaintext, - const gnutls_pk_params_st * pk_params) -{ - gcry_sexp_t s_ciph = NULL, s_data = NULL, s_pkey = NULL; - int rc = -1; - int ret; - bigint_t data, res; - gcry_sexp_t list; - - if (_gnutls_mpi_scan_nz (&data, plaintext->data, plaintext->size) != 0) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - /* make a sexp from pkey */ - switch (algo) - { - case GNUTLS_PK_RSA: - if (pk_params->params_nr >= 2) - rc = gcry_sexp_build (&s_pkey, NULL, - "(public-key(rsa(n%m)(e%m)))", - pk_params->params[0], pk_params->params[1]); - break; - - default: - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - if (rc != 0) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - /* put the data into a simple list */ - if (gcry_sexp_build (&s_data, NULL, "%m", data)) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - /* pass it to libgcrypt */ - rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey); - if (rc != 0) - { - gnutls_assert (); - ret = GNUTLS_E_PK_ENCRYPTION_FAILED; - goto cleanup; - } - - list = gcry_sexp_find_token (s_ciph, "a", 0); - if (list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - res = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - if (res == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - ret = _gnutls_mpi_dprint_size (res, ciphertext, plaintext->size); - _gnutls_mpi_release (&res); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = 0; - -cleanup: - _gnutls_mpi_release (&data); - if (s_ciph) - gcry_sexp_release (s_ciph); - if (s_data) - gcry_sexp_release (s_data); - if (s_pkey) - gcry_sexp_release (s_pkey); - - return ret; -} - -static int -_wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo, - gnutls_datum_t * plaintext, - const gnutls_datum_t * ciphertext, - const gnutls_pk_params_st * pk_params) -{ - gcry_sexp_t s_plain = NULL, s_data = NULL, s_pkey = NULL; - int rc = -1; - int ret; - bigint_t data, res; - - if (_gnutls_mpi_scan_nz (&data, ciphertext->data, ciphertext->size) != 0) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - /* make a sexp from pkey */ - switch (algo) - { - case GNUTLS_PK_RSA: - if (pk_params->params_nr >= 6) - rc = gcry_sexp_build (&s_pkey, NULL, - "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", - pk_params->params[0], pk_params->params[1], - pk_params->params[2], pk_params->params[3], - pk_params->params[4], pk_params->params[5]); - break; - - default: - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - if (rc != 0) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - /* put the data into a simple list */ - if (gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data)) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - /* pass it to libgcrypt */ - rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey); - if (rc != 0) - { - gnutls_assert (); - ret = GNUTLS_E_PK_DECRYPTION_FAILED; - goto cleanup; - } - - res = gcry_sexp_nth_mpi (s_plain, 0, 0); - if (res == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - ret = _gnutls_mpi_dprint_size (res, plaintext, ciphertext->size); - _gnutls_mpi_release (&res); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = 0; - -cleanup: - _gnutls_mpi_release (&data); - if (s_plain) - gcry_sexp_release (s_plain); - if (s_data) - gcry_sexp_release (s_data); - if (s_pkey) - gcry_sexp_release (s_pkey); - - return ret; - -} - - -/* in case of DSA puts into data, r,s - */ -static int -_wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature, - const gnutls_datum_t * vdata, - const gnutls_pk_params_st * pk_params) -{ - gcry_sexp_t s_hash = NULL, s_key = NULL, s_sig = NULL; - gcry_sexp_t list = NULL; - int rc = -1, ret; - bigint_t hash; - bigint_t res[2] = { NULL, NULL }; - - if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - /* make a sexp from pkey */ - switch (algo) - { - case GNUTLS_PK_DSA: - if (pk_params->params_nr >= 5) - rc = gcry_sexp_build (&s_key, NULL, - "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", - pk_params->params[0], pk_params->params[1], - pk_params->params[2], pk_params->params[3], - pk_params->params[4]); - else - { - gnutls_assert (); - } - - break; - case GNUTLS_PK_RSA: - if (pk_params->params_nr >= 6) - rc = gcry_sexp_build (&s_key, NULL, - "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", - pk_params->params[0], pk_params->params[1], - pk_params->params[2], pk_params->params[3], - pk_params->params[4], pk_params->params[5]); - else - { - gnutls_assert (); - } - break; - - default: - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - if (rc != 0) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - /* put the data into a simple list */ - if (gcry_sexp_build (&s_hash, NULL, "%m", hash)) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - - /* pass it to libgcrypt */ - rc = gcry_pk_sign (&s_sig, s_hash, s_key); - if (rc != 0) - { - gnutls_assert (); - ret = GNUTLS_E_PK_SIGN_FAILED; - goto cleanup; - } - - ret = GNUTLS_E_INTERNAL_ERROR; - - switch (algo) - { - case GNUTLS_PK_DSA: - { - list = gcry_sexp_find_token (s_sig, "r", 0); - if (list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - res[0] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - list = gcry_sexp_find_token (s_sig, "s", 0); - if (list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - res[1] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - ret = _gnutls_encode_ber_rs (signature, res[0], res[1]); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - } - break; - - case GNUTLS_PK_RSA: - { - list = gcry_sexp_find_token (s_sig, "s", 0); - if (list == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - res[0] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - ret = _gnutls_mpi_dprint (res[0], signature); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - } - break; - - default: - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - ret = 0; - -cleanup: - _gnutls_mpi_release (&hash); - if (res[0]) - _gnutls_mpi_release (&res[0]); - if (res[1]) - _gnutls_mpi_release (&res[1]); - if (s_sig) - gcry_sexp_release (s_sig); - if (s_hash) - gcry_sexp_release (s_hash); - if (s_key) - gcry_sexp_release (s_key); - - return ret; -} - -static int -_wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo, - const gnutls_datum_t * vdata, - const gnutls_datum_t * signature, - const gnutls_pk_params_st * pk_params) -{ - gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL; - int rc = -1, ret; - bigint_t hash; - bigint_t tmp[2] = { NULL, NULL }; - - if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - /* make a sexp from pkey */ - switch (algo) - { - case GNUTLS_PK_DSA: - if (pk_params->params_nr >= 4) - rc = gcry_sexp_build (&s_pkey, NULL, - "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", - pk_params->params[0], pk_params->params[1], - pk_params->params[2], pk_params->params[3]); - break; - case GNUTLS_PK_RSA: - if (pk_params->params_nr >= 2) - rc = gcry_sexp_build (&s_pkey, NULL, - "(public-key(rsa(n%m)(e%m)))", - pk_params->params[0], pk_params->params[1]); - break; - - default: - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - if (rc != 0) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - /* put the data into a simple list */ - if (gcry_sexp_build (&s_hash, NULL, "%m", hash)) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - switch (algo) - { - case GNUTLS_PK_DSA: - ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - rc = gcry_sexp_build (&s_sig, NULL, - "(sig-val(dsa(r%m)(s%m)))", tmp[0], tmp[1]); - _gnutls_mpi_release (&tmp[0]); - _gnutls_mpi_release (&tmp[1]); - break; - - case GNUTLS_PK_RSA: - ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", tmp[0]); - _gnutls_mpi_release (&tmp[0]); - break; - - default: - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - if (rc != 0) - { - gnutls_assert (); - ret = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; - } - - rc = gcry_pk_verify (s_sig, s_hash, s_pkey); - - if (rc != 0) - { - gnutls_assert (); - ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; - goto cleanup; - } - - ret = 0; - -cleanup: - _gnutls_mpi_release (&hash); - if (s_sig) - gcry_sexp_release (s_sig); - if (s_hash) - gcry_sexp_release (s_hash); - if (s_pkey) - gcry_sexp_release (s_pkey); - - return ret; -} - -static int -_dsa_generate_params (bigint_t * resarr, int *resarr_len, int bits) -{ - - int ret; - gcry_sexp_t parms, key, list; - - /* FIXME: Remove me once we depend on 1.3.1 */ - if (bits > 1024 && gcry_check_version ("1.3.1") == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (bits < 512) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = gcry_sexp_build (&parms, NULL, "(genkey(dsa(nbits %d)))", bits); - if (ret != 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* generate the DSA key - */ - ret = gcry_pk_genkey (&key, parms); - gcry_sexp_release (parms); - - if (ret != 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - list = gcry_sexp_find_token (key, "p", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[0] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - list = gcry_sexp_find_token (key, "q", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[1] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - list = gcry_sexp_find_token (key, "g", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[2] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - list = gcry_sexp_find_token (key, "y", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[3] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - - list = gcry_sexp_find_token (key, "x", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[4] = gcry_sexp_nth_mpi (list, 1, 0); - - gcry_sexp_release (list); - gcry_sexp_release (key); - - _gnutls_mpi_log ("p: ", resarr[0]); - _gnutls_mpi_log ("q: ", resarr[1]); - _gnutls_mpi_log ("g: ", resarr[2]); - _gnutls_mpi_log ("y: ", resarr[3]); - _gnutls_mpi_log ("x: ", resarr[4]); - - *resarr_len = 5; - - return 0; - -} - -static int -_rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits) -{ - - int ret, i; - gcry_sexp_t parms, key, list; - bigint_t tmp; - - if (*resarr_len < RSA_PRIVATE_PARAMS) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - ret = gcry_sexp_build (&parms, NULL, "(genkey(rsa(nbits %d)))", bits); - if (ret != 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - /* generate the RSA key */ - ret = gcry_pk_genkey (&key, parms); - gcry_sexp_release (parms); - - if (ret != 0) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - - list = gcry_sexp_find_token (key, "n", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[0] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - list = gcry_sexp_find_token (key, "e", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[1] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - list = gcry_sexp_find_token (key, "d", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[2] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - list = gcry_sexp_find_token (key, "p", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[3] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - - list = gcry_sexp_find_token (key, "q", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[4] = gcry_sexp_nth_mpi (list, 1, 0); - gcry_sexp_release (list); - - - list = gcry_sexp_find_token (key, "u", 0); - if (list == NULL) - { - gnutls_assert (); - gcry_sexp_release (key); - return GNUTLS_E_INTERNAL_ERROR; - } - - resarr[5] = gcry_sexp_nth_mpi (list, 1, 0); - - gcry_sexp_release (list); - gcry_sexp_release (key); - - _gnutls_mpi_log ("n: ", resarr[0]); - _gnutls_mpi_log ("e: ", resarr[1]); - _gnutls_mpi_log ("d: ", resarr[2]); - _gnutls_mpi_log ("p: ", resarr[3]); - _gnutls_mpi_log ("q: ", resarr[4]); - _gnutls_mpi_log ("u: ", resarr[5]); - - /* generate e1 and e2 */ - - *resarr_len = 6; - - tmp = _gnutls_mpi_alloc_like (resarr[0]); - if (tmp == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - ret = _gnutls_calc_rsa_exp (resarr, 2 + *resarr_len); - if (ret < 0) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - (*resarr_len) += 2; - - return 0; - -cleanup: - for (i = 0; i < *resarr_len; i++) - _gnutls_mpi_release (&resarr[i]); - - return ret; -} - - -static int -wrap_gcry_pk_generate_params (gnutls_pk_algorithm_t algo, - unsigned int level /*bits */ , - gnutls_pk_params_st * params) -{ - - switch (algo) - { - - case GNUTLS_PK_DSA: - params->params_nr = DSA_PRIVATE_PARAMS; - if (params->params_nr > GNUTLS_MAX_PK_PARAMS) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - return _dsa_generate_params (params->params, ¶ms->params_nr, level); - - case GNUTLS_PK_RSA: - params->params_nr = RSA_PRIVATE_PARAMS; - if (params->params_nr > GNUTLS_MAX_PK_PARAMS) - { - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - } - return _rsa_generate_params (params->params, ¶ms->params_nr, level); - - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } -} - - -static int -wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo, - gnutls_direction_t direction, - gnutls_pk_params_st * params) -{ - int ret, result; - - /* only for RSA we invert the coefficient --pgp type */ - - if (algo != GNUTLS_PK_RSA) - return 0; - - if (params->params[5] == NULL) - params->params[5] = - _gnutls_mpi_new (_gnutls_mpi_get_nbits (params->params[0])); - - if (params->params[5] == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - ret = 1; - if (direction == GNUTLS_IMPORT) - { - /* calculate exp1 [6] and exp2 [7] */ - _gnutls_mpi_release (¶ms->params[6]); - _gnutls_mpi_release (¶ms->params[7]); - result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS); - if (result < 0) - { - gnutls_assert (); - return result; - } - - ret = - gcry_mpi_invm (params->params[5], params->params[3], - params->params[4]); - - params->params_nr = RSA_PRIVATE_PARAMS; - } - else if (direction == GNUTLS_EXPORT) - ret = - gcry_mpi_invm (params->params[5], params->params[4], params->params[3]); - if (ret == 0) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - return 0; -} - -int crypto_pk_prio = INT_MAX; - -gnutls_crypto_pk_st _gnutls_pk_ops = { - .encrypt = _wrap_gcry_pk_encrypt, - .decrypt = _wrap_gcry_pk_decrypt, - .sign = _wrap_gcry_pk_sign, - .verify = _wrap_gcry_pk_verify, - .generate = wrap_gcry_pk_generate_params, - .pk_fixup_private_params = wrap_gcry_pk_fixup, -}; diff --git a/lib/gcrypt/rnd.c b/lib/gcrypt/rnd.c deleted file mode 100644 index 842b09eb30..0000000000 --- a/lib/gcrypt/rnd.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (C) 2008-2011 Free Software Foundation, Inc. - * - * Author: Nikos Mavrogiannopoulos - * - * This file is part of GnuTLS. - * - * The GnuTLS is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 3 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public License - * along with this program. If not, see - * - */ - -/* Here is the libgcrypt random generator layer. - */ - -#include -#include -#include -#include -#include - -static int -wrap_gcry_rnd_init (void **ctx) -{ - char c; - - gcry_create_nonce (&c, 1); - gcry_randomize (&c, 1, GCRY_STRONG_RANDOM); - - return 0; -} - -static int -wrap_gcry_rnd (void *ctx, int level, void *data, size_t datasize) -{ - if (level == GNUTLS_RND_NONCE) - gcry_create_nonce (data, datasize); - else - gcry_randomize (data, datasize, level); - - return 0; -} - -int crypto_rnd_prio = INT_MAX; - -gnutls_crypto_rnd_st _gnutls_rnd_ops = { - .init = wrap_gcry_rnd_init, - .deinit = NULL, - .rnd = wrap_gcry_rnd, -};