commit 8a5ef24bc66793321568bd7400a027d0be7b4a67
parent b4f2e956b6b8e335f56d7e5f80dffc03bd84ff36
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 17 Nov 2008 08:28:54 +0000
dce
Diffstat:
2 files changed, 0 insertions(+), 284 deletions(-)
diff --git a/src/daemon/https/tls/gnutls_pk.c b/src/daemon/https/tls/gnutls_pk.c
@@ -44,8 +44,6 @@ static int MHD__gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data,
mpi_t * pkey, int pkey_len);
static int MHD__gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash,
mpi_t * pkey, int);
-static int MHD__gnutls_pk_verify (int algo, mpi_t hash, mpi_t * data,
- mpi_t * pkey, int);
static int MHD__gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data,
mpi_t * pkey, int);
@@ -381,201 +379,6 @@ MHD_gtls_rsa_verify (const MHD_gnutls_datum_t * vdata,
return 0; /* ok */
}
-/* encodes the Dss-Sig-Value structure
- */
-static int
-encode_ber_rs (MHD_gnutls_datum_t * sig_value, mpi_t r, mpi_t s)
-{
- ASN1_TYPE sig;
- int result, tot_len;
-
- if ((result =
- MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_write_int (sig, "r", r, 1);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&sig);
- return result;
- }
-
- result = MHD__gnutls_x509_write_int (sig, "s", s, 1);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&sig);
- return result;
- }
-
- tot_len = 0;
-
- result = MHD__gnutls_x509_der_encode (sig, "", sig_value, 0);
-
- MHD__asn1_delete_structure (&sig);
-
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-
-/* Do DSA signature calculation. params is p, q, g, y, x in that order.
- */
-int
-MHD_gtls_dsa_sign (MHD_gnutls_datum_t * signature,
- const MHD_gnutls_datum_t * hash, mpi_t * params,
- unsigned params_len)
-{
- mpi_t rs[2], mdata;
- int ret;
- size_t k;
-
- k = hash->size;
- if (k < 20)
- { /* SHA1 or better only */
- MHD_gnutls_assert ();
- return GNUTLS_E_PK_SIGN_FAILED;
- }
-
- if (MHD_gtls_mpi_scan_nz (&mdata, hash->data, &k) != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- ret = MHD__gnutls_pk_sign (GCRY_PK_DSA, rs, mdata, params, params_len);
- /* rs[0], rs[1] now hold r,s */
- MHD_gtls_mpi_release (&mdata);
-
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- ret = encode_ber_rs (signature, rs[0], rs[1]);
-
- /* free r,s */
- MHD_gtls_mpi_release (&rs[0]);
- MHD_gtls_mpi_release (&rs[1]);
-
- if (ret != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- return 0;
-}
-
-/* decodes the Dss-Sig-Value structure
- */
-static int
-decode_ber_rs (const MHD_gnutls_datum_t * sig_value, mpi_t * r, mpi_t * s)
-{
- ASN1_TYPE sig;
- int result;
-
- if ((result =
- MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- return MHD_gtls_asn2err (result);
- }
-
- result =
- MHD__asn1_der_decoding (&sig, sig_value->data, sig_value->size, NULL);
- if (result != ASN1_SUCCESS)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&sig);
- return MHD_gtls_asn2err (result);
- }
-
- result = MHD__gnutls_x509_read_int (sig, "r", r);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD__asn1_delete_structure (&sig);
- return result;
- }
-
- result = MHD__gnutls_x509_read_int (sig, "s", s);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- MHD_gtls_mpi_release (s);
- MHD__asn1_delete_structure (&sig);
- return result;
- }
-
- MHD__asn1_delete_structure (&sig);
-
- return 0;
-}
-
-/* params is p, q, g, y in that order
- */
-int
-MHD_gtls_dsa_verify (const MHD_gnutls_datum_t * vdata,
- const MHD_gnutls_datum_t * sig_value, mpi_t * params,
- int params_len)
-{
-
- mpi_t mdata;
- int ret;
- size_t k;
- mpi_t rs[2];
-
- if (vdata->size != 20)
- { /* sha-1 only */
- MHD_gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- if (decode_ber_rs (sig_value, &rs[0], &rs[1]) != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- k = vdata->size;
- if (MHD_gtls_mpi_scan_nz (&mdata, vdata->data, &k) != 0)
- {
- MHD_gnutls_assert ();
- MHD_gtls_mpi_release (&rs[0]);
- MHD_gtls_mpi_release (&rs[1]);
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
-
- /* decrypt signature */
- ret = MHD__gnutls_pk_verify (GCRY_PK_DSA, mdata, rs, params, params_len);
- MHD_gtls_mpi_release (&mdata);
- MHD_gtls_mpi_release (&rs[0]);
- MHD_gtls_mpi_release (&rs[1]);
-
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- return 0; /* ok */
-}
-
/* this is taken from gnupg
*/
@@ -833,84 +636,3 @@ MHD__gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash, mpi_t * pkey,
}
-static int
-MHD__gnutls_pk_verify (int algo, mpi_t hash, mpi_t * data,
- mpi_t * pkey, int pkey_len)
-{
- gcry_sexp_t s_sig, s_hash, s_pkey;
- int rc = -1;
-
- /* make a sexp from pkey */
- switch (algo)
- {
- case GCRY_PK_DSA:
- if (pkey_len >= 4)
- rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
- pkey[0], pkey[1], pkey[2], pkey[3]);
- break;
- case GCRY_PK_RSA:
- if (pkey_len >= 2)
- rc = gcry_sexp_build (&s_pkey, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- pkey[0], pkey[1]);
- break;
-
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (rc != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* put the data into a simple list */
- if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (s_pkey);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- switch (algo)
- {
- case GCRY_PK_DSA:
- rc = gcry_sexp_build (&s_sig, NULL,
- "(sig-val(dsa(r%m)(s%m)))", data[0], data[1]);
- break;
- case GCRY_PK_RSA:
- rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", data[0]);
- break;
-
- default:
- MHD_gnutls_assert ();
- gcry_sexp_release (s_pkey);
- gcry_sexp_release (s_hash);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- if (rc != 0)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (s_pkey);
- gcry_sexp_release (s_hash);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
-
- gcry_sexp_release (s_sig);
- gcry_sexp_release (s_hash);
- gcry_sexp_release (s_pkey);
-
- if (rc != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- }
-
- return 0;
-}
diff --git a/src/daemon/https/tls/gnutls_pk.h b/src/daemon/https/tls/gnutls_pk.h
@@ -29,9 +29,6 @@ int MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext,
const MHD_gnutls_datum_t * plaintext,
mpi_t * params, unsigned params_len,
unsigned btype);
-int MHD_gtls_dsa_sign (MHD_gnutls_datum_t * signature,
- const MHD_gnutls_datum_t * plaintext, mpi_t * params,
- unsigned params_len);
int MHD_gtls_pkcs1_rsa_decrypt (MHD_gnutls_datum_t * plaintext,
const MHD_gnutls_datum_t * ciphertext,
mpi_t * params, unsigned params_len,
@@ -39,8 +36,5 @@ int MHD_gtls_pkcs1_rsa_decrypt (MHD_gnutls_datum_t * plaintext,
int MHD_gtls_rsa_verify (const MHD_gnutls_datum_t * vdata,
const MHD_gnutls_datum_t * ciphertext,
mpi_t * params, int params_len, int btype);
-int MHD_gtls_dsa_verify (const MHD_gnutls_datum_t * vdata,
- const MHD_gnutls_datum_t * sig_value, mpi_t * params,
- int params_len);
#endif /* GNUTLS_PK_H */
