}
ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key,
- ¶ms);
+ ¶ms, ¶ms.spki);
gnutls_pk_params_release(¶ms);
/* Encrypt premaster secret */
if ((ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &premaster_secret,
- ¶ms)) < 0) {
+ ¶ms, ¶ms.spki)) < 0) {
gnutls_assert();
return ret;
}
* parameters, depending on the operation */
int (*encrypt)(gnutls_pk_algorithm_t, gnutls_datum_t *ciphertext,
const gnutls_datum_t *plaintext,
- const gnutls_pk_params_st *pub);
+ const gnutls_pk_params_st *pub,
+ const gnutls_x509_spki_st *encrypt);
int (*decrypt)(gnutls_pk_algorithm_t, gnutls_datum_t *plaintext,
const gnutls_datum_t *ciphertext,
- const gnutls_pk_params_st *priv);
+ const gnutls_pk_params_st *priv,
+ const gnutls_x509_spki_st *encrypt);
int (*decrypt2)(gnutls_pk_algorithm_t, const gnutls_datum_t *ciphertext,
unsigned char *plaintext, size_t paintext_size,
- const gnutls_pk_params_st *priv);
+ const gnutls_pk_params_st *priv,
+ const gnutls_x509_spki_st *encrypt);
int (*sign)(gnutls_pk_algorithm_t, gnutls_datum_t *signature,
const gnutls_datum_t *data, const gnutls_pk_params_st *priv,
const gnutls_x509_spki_st *sign);
static int _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t *ciphertext,
const gnutls_datum_t *plaintext,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret;
bool not_approved = false;
goto cleanup;
}
- ret = _rsa_oaep_encrypt(pk_params->spki.rsa_oaep_dig, &pub,
+ ret = _rsa_oaep_encrypt(encrypt_params->rsa_oaep_dig, &pub,
NULL, random_func,
- pk_params->spki.rsa_oaep_label.size,
- pk_params->spki.rsa_oaep_label.data,
+ encrypt_params->rsa_oaep_label.size,
+ encrypt_params->rsa_oaep_label.data,
plaintext->size, plaintext->data, buf);
if (ret == 0 || HAVE_LIB_ERROR()) {
ret = gnutls_assert_val(GNUTLS_E_ENCRYPTION_FAILED);
static int _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t *plaintext,
const gnutls_datum_t *ciphertext,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret;
bool not_approved = false;
FAIL_IF_LIB_ERROR;
- if (algo == GNUTLS_PK_RSA && pk_params->spki.pk == GNUTLS_PK_RSA_OAEP) {
+ if (algo == GNUTLS_PK_RSA && encrypt_params->pk == GNUTLS_PK_RSA_OAEP) {
algo = GNUTLS_PK_RSA_OAEP;
}
random_func = rnd_nonce_func_fallback;
else
random_func = rnd_nonce_func;
- ret = _rsa_oaep_decrypt(pk_params->spki.rsa_oaep_dig, &pub,
+ ret = _rsa_oaep_decrypt(encrypt_params->rsa_oaep_dig, &pub,
&priv, NULL, random_func,
- pk_params->spki.rsa_oaep_label.size,
- pk_params->spki.rsa_oaep_label.data,
+ encrypt_params->rsa_oaep_label.size,
+ encrypt_params->rsa_oaep_label.data,
&length, buf, ciphertext->data);
if (ret == 0 || HAVE_LIB_ERROR()) {
const gnutls_datum_t *ciphertext,
unsigned char *plaintext,
size_t plaintext_size,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
struct rsa_private_key priv;
struct rsa_public_key pub;
goto fail;
}
- if (pk_params->spki.pk == GNUTLS_PK_RSA_OAEP) {
+ if (encrypt_params->pk == GNUTLS_PK_RSA_OAEP) {
algo = GNUTLS_PK_RSA_OAEP;
}
ciphertext->data);
break;
case GNUTLS_PK_RSA_OAEP:
- ret = _rsa_oaep_decrypt(pk_params->spki.rsa_oaep_dig, &pub,
+ ret = _rsa_oaep_decrypt(encrypt_params->rsa_oaep_dig, &pub,
&priv, NULL, random_func,
- pk_params->spki.rsa_oaep_label.size,
- pk_params->spki.rsa_oaep_label.data,
+ encrypt_params->rsa_oaep_label.size,
+ encrypt_params->rsa_oaep_label.data,
&plaintext_size, plaintext,
ciphertext->data);
break;
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
goto cleanup;
}
+ } else if (algo == GNUTLS_PK_RSA_OAEP) {
+ if (spki.rsa_oaep_dig == GNUTLS_DIG_UNKNOWN)
+ spki.rsa_oaep_dig = GNUTLS_DIG_SHA256;
+ ddata.data = (void *)const_data;
+ ddata.size = sizeof(const_data);
} else {
ddata.data = (void *)const_data;
ddata.size = sizeof(const_data);
}
}
- ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params);
+ ret = _gnutls_pk_encrypt(algo, &sig, &ddata, params, &spki);
if (ret < 0) {
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
}
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
}
if (ret == 0 &&
- _gnutls_pk_decrypt(algo, &tmp, &sig, params) < 0) {
+ _gnutls_pk_decrypt(algo, &tmp, &sig, params, &spki) < 0) {
ret = gnutls_assert_val(GNUTLS_E_PK_GENERATION_ERROR);
}
if (ret == 0 &&
extern int crypto_pk_prio;
-#define _gnutls_pk_encrypt(algo, ciphertext, plaintext, params) \
- _gnutls_pk_backend()->encrypt(algo, ciphertext, plaintext, params)
-#define _gnutls_pk_decrypt(algo, ciphertext, plaintext, params) \
- _gnutls_pk_backend()->decrypt(algo, ciphertext, plaintext, params)
-#define _gnutls_pk_decrypt2(algo, ciphertext, plaintext, size, params) \
+#define _gnutls_pk_encrypt(algo, ciphertext, plaintext, params, \
+ encrypt_params) \
+ _gnutls_pk_backend()->encrypt(algo, ciphertext, plaintext, params, \
+ encrypt_params)
+#define _gnutls_pk_decrypt(algo, ciphertext, plaintext, params, \
+ encrypt_params) \
+ _gnutls_pk_backend()->decrypt(algo, ciphertext, plaintext, params, \
+ encrypt_params)
+#define _gnutls_pk_decrypt2(algo, ciphertext, plaintext, size, params, \
+ encrypt_params) \
_gnutls_pk_backend()->decrypt2(algo, ciphertext, plaintext, size, \
- params)
+ params, encrypt_params)
#define _gnutls_pk_sign(algo, sig, data, params, sign_params) \
_gnutls_pk_backend()->sign(algo, sig, data, params, sign_params)
#define _gnutls_pk_verify(algo, data, sig, params, sign_params) \
}
static bool init_rsa_oaep_param(CK_RSA_PKCS_OAEP_PARAMS *param,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_x509_spki_st *encrypt_params)
{
- switch (pk_params->spki.rsa_oaep_dig) {
+ switch (encrypt_params->rsa_oaep_dig) {
case GNUTLS_DIG_SHA256:
param->hashAlg = CKM_SHA256;
param->mgf = CKG_MGF1_SHA256;
return false;
}
param->source = CKZ_DATA_SPECIFIED;
- param->pSourceData = pk_params->spki.rsa_oaep_label.data;
- param->ulSourceDataLen = pk_params->spki.rsa_oaep_label.size;
+ param->pSourceData = encrypt_params->rsa_oaep_label.data;
+ param->ulSourceDataLen = encrypt_params->rsa_oaep_label.size;
return true;
}
static int _wrap_p11_pk_encrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t *ciphertext,
const gnutls_datum_t *plaintext,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret = 0;
CK_RV rv;
mech.pParameter = ¶m_rsa_oaep;
mech.ulParameterLen = sizeof(param_rsa_oaep);
- if (!init_rsa_oaep_param(¶m_rsa_oaep, pk_params)) {
+ if (!init_rsa_oaep_param(¶m_rsa_oaep, encrypt_params)) {
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
goto cleanup;
}
static int _wrap_p11_pk_decrypt(gnutls_pk_algorithm_t algo,
gnutls_datum_t *plaintext,
const gnutls_datum_t *ciphertext,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret = 0;
CK_RV rv;
mech.pParameter = ¶m_rsa_oaep;
mech.ulParameterLen = sizeof(param_rsa_oaep);
- if (!init_rsa_oaep_param(¶m_rsa_oaep, pk_params)) {
+ if (!init_rsa_oaep_param(¶m_rsa_oaep, encrypt_params)) {
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
goto cleanup;
}
const gnutls_datum_t *ciphertext,
unsigned char *plaintext,
size_t plaintext_size,
- const gnutls_pk_params_st *pk_params)
+ const gnutls_pk_params_st *pk_params,
+ const gnutls_x509_spki_st *encrypt_params)
{
int ret = 0;
uint32_t is_err;
mech.pParameter = ¶m_rsa_oaep;
mech.ulParameterLen = sizeof(param_rsa_oaep);
- if (!init_rsa_oaep_param(¶m_rsa_oaep, pk_params)) {
+ if (!init_rsa_oaep_param(¶m_rsa_oaep, encrypt_params)) {
ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
goto cleanup;
}
switch (key->type) {
case GNUTLS_PRIVKEY_X509:
return _gnutls_pk_decrypt(key->pk_algorithm, plaintext,
- ciphertext, &key->key.x509->params);
+ ciphertext, &key->key.x509->params,
+ &key->key.x509->params.spki);
#ifdef ENABLE_PKCS11
case GNUTLS_PRIVKEY_PKCS11:
return _gnutls_pkcs11_privkey_decrypt_data(
case GNUTLS_PRIVKEY_X509:
return _gnutls_pk_decrypt2(key->pk_algorithm, ciphertext,
plaintext, plaintext_size,
- &key->key.x509->params);
+ &key->key.x509->params,
+ &key->key.x509->params.spki);
#ifdef ENABLE_PKCS11
case GNUTLS_PRIVKEY_PKCS11:
return _gnutls_pkcs11_privkey_decrypt_data2(key->key.pkcs11,
}
return _gnutls_pk_encrypt(key->params.algo, ciphertext, plaintext,
- &key->params);
+ &key->params, &key->params.spki);
}
static int pubkey_supports_sig(gnutls_pubkey_t pubkey,
projects / thirdparty / gnutls.git / commitdiff
