diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-10-12 20:52:17 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-10-12 20:52:17 +0000 |
commit | e30a3a0a1c7423b435e6cb0a2a065c0ed3ac25be (patch) | |
tree | 96c2370b63a5ad7ac151706bd48edd6e67d10e2e | |
parent | 137077f15081248b401c93dcaf3a380ee7b91e30 (diff) | |
download | libmicrohttpd-e30a3a0a1c7423b435e6cb0a2a065c0ed3ac25be.tar.gz libmicrohttpd-e30a3a0a1c7423b435e6cb0a2a065c0ed3ac25be.zip |
dce
-rw-r--r-- | src/daemon/https/gnutls.h | 5 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_handshake.c | 136 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_handshake.h | 23 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_rsa_export.c | 163 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_rsa_export.h | 2 | ||||
-rw-r--r-- | src/daemon/https/x509/common.h | 2 | ||||
-rw-r--r-- | src/daemon/https/x509/privkey.h | 2 | ||||
-rw-r--r-- | src/daemon/https/x509/privkey_pkcs8.c | 2 | ||||
-rw-r--r-- | src/daemon/https/x509/x509.h | 18 | ||||
-rw-r--r-- | src/daemon/https/x509/x509_privkey.c | 337 |
10 files changed, 56 insertions, 634 deletions
diff --git a/src/daemon/https/gnutls.h b/src/daemon/https/gnutls.h index fb1b280f..8df7dc4f 100644 --- a/src/daemon/https/gnutls.h +++ b/src/daemon/https/gnutls.h | |||
@@ -288,11 +288,6 @@ extern "C" | |||
288 | 288 | ||
289 | void MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session, | 289 | void MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session, |
290 | int allow); | 290 | int allow); |
291 | MHD_gnutls_handshake_description_t | ||
292 | MHD_gtls_handshake_get_last_out (MHD_gtls_session_t session); | ||
293 | MHD_gnutls_handshake_description_t | ||
294 | MHD_gtls_handshake_get_last_in (MHD_gtls_session_t session); | ||
295 | |||
296 | /* | 291 | /* |
297 | * Record layer functions. | 292 | * Record layer functions. |
298 | */ | 293 | */ |
diff --git a/src/daemon/https/tls/gnutls_handshake.c b/src/daemon/https/tls/gnutls_handshake.c index 31826448..7833b3db 100644 --- a/src/daemon/https/tls/gnutls_handshake.c +++ b/src/daemon/https/tls/gnutls_handshake.c | |||
@@ -59,13 +59,39 @@ | |||
59 | #define TRUE 1 | 59 | #define TRUE 1 |
60 | #define FALSE 0 | 60 | #define FALSE 0 |
61 | 61 | ||
62 | |||
63 | /* This should be sufficient by now. It should hold all the extensions | ||
64 | * plus the headers in a hello message. | ||
65 | */ | ||
66 | #define MAX_EXT_DATA_LENGTH 1024 | ||
67 | |||
68 | |||
69 | static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | ||
70 | cipher_suite_st ** cipherSuites, | ||
71 | int numCipherSuites, | ||
72 | enum | ||
73 | MHD_GNUTLS_PublicKeyAlgorithm); | ||
74 | static int MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, | ||
75 | int datalen); | ||
76 | |||
77 | static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len); | ||
78 | |||
79 | static int MHD_gtls_handshake_common (MHD_gtls_session_t session); | ||
80 | |||
81 | static int MHD_gtls_handshake_server (MHD_gtls_session_t session); | ||
82 | |||
83 | #if MHD_DEBUG_TLS | ||
84 | static int MHD_gtls_handshake_client (MHD_gtls_session_t session); | ||
85 | #endif | ||
86 | |||
87 | |||
62 | static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, | 88 | static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session, |
63 | opaque * data, int datalen); | 89 | opaque * data, int datalen); |
64 | 90 | ||
65 | 91 | ||
66 | /* Clears the handshake hash buffers and handles. | 92 | /* Clears the handshake hash buffers and handles. |
67 | */ | 93 | */ |
68 | inline static void | 94 | static void |
69 | MHD__gnutls_handshake_hash_buffers_clear (MHD_gtls_session_t session) | 95 | MHD__gnutls_handshake_hash_buffers_clear (MHD_gtls_session_t session) |
70 | { | 96 | { |
71 | MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL); | 97 | MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL); |
@@ -119,13 +145,13 @@ resume_copy_required_values (MHD_gtls_session_t session) | |||
119 | session->internals.resumed_security_parameters.session_id_size; | 145 | session->internals.resumed_security_parameters.session_id_size; |
120 | } | 146 | } |
121 | 147 | ||
122 | void | 148 | static void |
123 | MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd) | 149 | MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd) |
124 | { | 150 | { |
125 | memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE); | 151 | memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE); |
126 | } | 152 | } |
127 | 153 | ||
128 | void | 154 | static void |
129 | MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd) | 155 | MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd) |
130 | { | 156 | { |
131 | memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); | 157 | memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE); |
@@ -243,7 +269,7 @@ MHD__gnutls_finished (MHD_gtls_session_t session, int type, void *ret) | |||
243 | /* this function will produce TLS_RANDOM_SIZE==32 bytes of random data | 269 | /* this function will produce TLS_RANDOM_SIZE==32 bytes of random data |
244 | * and put it to dst. | 270 | * and put it to dst. |
245 | */ | 271 | */ |
246 | int | 272 | static int |
247 | MHD_gtls_tls_create_random (opaque * dst) | 273 | MHD_gtls_tls_create_random (opaque * dst) |
248 | { | 274 | { |
249 | uint32_t tim; | 275 | uint32_t tim; |
@@ -257,7 +283,7 @@ MHD_gtls_tls_create_random (opaque * dst) | |||
257 | /* generate server random value */ | 283 | /* generate server random value */ |
258 | MHD_gtls_write_uint32 (tim, dst); | 284 | MHD_gtls_write_uint32 (tim, dst); |
259 | 285 | ||
260 | if (MHD_gc_nonce (&dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) | 286 | if (MHD_gc_nonce ((char*) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK) |
261 | { | 287 | { |
262 | MHD_gnutls_assert (); | 288 | MHD_gnutls_assert (); |
263 | return GNUTLS_E_RANDOM_FAILED; | 289 | return GNUTLS_E_RANDOM_FAILED; |
@@ -268,7 +294,7 @@ MHD_gtls_tls_create_random (opaque * dst) | |||
268 | 294 | ||
269 | /* returns the 0 on success or a negative value. | 295 | /* returns the 0 on success or a negative value. |
270 | */ | 296 | */ |
271 | int | 297 | static int |
272 | MHD_gtls_negotiate_version (MHD_gtls_session_t session, | 298 | MHD_gtls_negotiate_version (MHD_gtls_session_t session, |
273 | enum MHD_GNUTLS_Protocol adv_version) | 299 | enum MHD_GNUTLS_Protocol adv_version) |
274 | { | 300 | { |
@@ -299,7 +325,7 @@ MHD_gtls_negotiate_version (MHD_gtls_session_t session, | |||
299 | return ret; | 325 | return ret; |
300 | } | 326 | } |
301 | 327 | ||
302 | int | 328 | static int |
303 | MHD_gtls_user_hello_func (MHD_gtls_session_t session, | 329 | MHD_gtls_user_hello_func (MHD_gtls_session_t session, |
304 | enum MHD_GNUTLS_Protocol adv_version) | 330 | enum MHD_GNUTLS_Protocol adv_version) |
305 | { | 331 | { |
@@ -469,7 +495,7 @@ MHD__gnutls_read_client_hello (MHD_gtls_session_t session, opaque * data, | |||
469 | 495 | ||
470 | /* here we hash all pending data. | 496 | /* here we hash all pending data. |
471 | */ | 497 | */ |
472 | inline static int | 498 | static int |
473 | MHD__gnutls_handshake_hash_pending (MHD_gtls_session_t session) | 499 | MHD__gnutls_handshake_hash_pending (MHD_gtls_session_t session) |
474 | { | 500 | { |
475 | size_t siz; | 501 | size_t siz; |
@@ -669,7 +695,7 @@ MHD__gnutls_server_find_pk_algos_in_ciphersuites (const opaque * | |||
669 | /* This selects the best supported ciphersuite from the given ones. Then | 695 | /* This selects the best supported ciphersuite from the given ones. Then |
670 | * it adds the suite to the session and performs some checks. | 696 | * it adds the suite to the session and performs some checks. |
671 | */ | 697 | */ |
672 | int | 698 | static int |
673 | MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, | 699 | MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, |
674 | int datalen) | 700 | int datalen) |
675 | { | 701 | { |
@@ -1270,6 +1296,7 @@ MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t ** data, | |||
1270 | return ret; | 1296 | return ret; |
1271 | } | 1297 | } |
1272 | 1298 | ||
1299 | #if MHD_DEBUG_TLS | ||
1273 | /* This function checks if the given cipher suite is supported, and sets it | 1300 | /* This function checks if the given cipher suite is supported, and sets it |
1274 | * to the session; | 1301 | * to the session; |
1275 | */ | 1302 | */ |
@@ -1352,6 +1379,7 @@ MHD__gnutls_client_set_ciphersuite (MHD_gtls_session_t session, opaque suite[2]) | |||
1352 | return 0; | 1379 | return 0; |
1353 | } | 1380 | } |
1354 | 1381 | ||
1382 | |||
1355 | /* This function sets the given comp method to the session. | 1383 | /* This function sets the given comp method to the session. |
1356 | */ | 1384 | */ |
1357 | static int | 1385 | static int |
@@ -1407,7 +1435,8 @@ MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, | |||
1407 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session, | 1435 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session, |
1408 | session_id_len); | 1436 | session_id_len); |
1409 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | 1437 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, |
1410 | MHD_gtls_bin2hex (session_id, session_id_len, buf, | 1438 | MHD_gtls_bin2hex (session_id, session_id_len, |
1439 | (char*) buf, | ||
1411 | sizeof (buf))); | 1440 | sizeof (buf))); |
1412 | 1441 | ||
1413 | if (session_id_len > 0 && | 1442 | if (session_id_len > 0 && |
@@ -1438,7 +1467,6 @@ MHD__gnutls_client_check_if_resuming (MHD_gtls_session_t session, | |||
1438 | } | 1467 | } |
1439 | } | 1468 | } |
1440 | 1469 | ||
1441 | |||
1442 | /* This function reads and parses the server hello handshake message. | 1470 | /* This function reads and parses the server hello handshake message. |
1443 | * This function also restores resumed parameters if we are resuming a | 1471 | * This function also restores resumed parameters if we are resuming a |
1444 | * session. | 1472 | * session. |
@@ -1653,12 +1681,6 @@ MHD__gnutls_copy_comp_methods (MHD_gtls_session_t session, | |||
1653 | return datalen; | 1681 | return datalen; |
1654 | } | 1682 | } |
1655 | 1683 | ||
1656 | /* This should be sufficient by now. It should hold all the extensions | ||
1657 | * plus the headers in a hello message. | ||
1658 | */ | ||
1659 | #define MAX_EXT_DATA_LENGTH 1024 | ||
1660 | |||
1661 | #if MHD_DEBUG_TLS | ||
1662 | /* This function sends the client hello handshake message. | 1684 | /* This function sends the client hello handshake message. |
1663 | */ | 1685 | */ |
1664 | static int | 1686 | static int |
@@ -1930,7 +1952,7 @@ MHD__gnutls_send_server_hello (MHD_gtls_session_t session, int again) | |||
1930 | 1952 | ||
1931 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, | 1953 | MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session, |
1932 | MHD_gtls_bin2hex (SessionID, session_id_len, | 1954 | MHD_gtls_bin2hex (SessionID, session_id_len, |
1933 | buf, sizeof (buf))); | 1955 | (char*) buf, sizeof (buf))); |
1934 | 1956 | ||
1935 | memcpy (&data[pos], | 1957 | memcpy (&data[pos], |
1936 | session->security_parameters.current_cipher_suite.suite, 2); | 1958 | session->security_parameters.current_cipher_suite.suite, 2); |
@@ -2273,7 +2295,7 @@ MHD__gnutls_handshake (MHD_gtls_session_t session) | |||
2273 | * MHD_gtls_handshake_client | 2295 | * MHD_gtls_handshake_client |
2274 | * This function performs the client side of the handshake of the TLS/SSL protocol. | 2296 | * This function performs the client side of the handshake of the TLS/SSL protocol. |
2275 | */ | 2297 | */ |
2276 | int | 2298 | static int |
2277 | MHD_gtls_handshake_client (MHD_gtls_session_t session) | 2299 | MHD_gtls_handshake_client (MHD_gtls_session_t session) |
2278 | { | 2300 | { |
2279 | int ret = 0; | 2301 | int ret = 0; |
@@ -2515,7 +2537,7 @@ MHD__gnutls_recv_handshake_final (MHD_gtls_session_t session, int init) | |||
2515 | * This function does the server stuff of the handshake protocol. | 2537 | * This function does the server stuff of the handshake protocol. |
2516 | */ | 2538 | */ |
2517 | 2539 | ||
2518 | int | 2540 | static int |
2519 | MHD_gtls_handshake_server (MHD_gtls_session_t session) | 2541 | MHD_gtls_handshake_server (MHD_gtls_session_t session) |
2520 | { | 2542 | { |
2521 | int ret = 0; | 2543 | int ret = 0; |
@@ -2616,7 +2638,7 @@ MHD_gtls_handshake_server (MHD_gtls_session_t session) | |||
2616 | return 0; | 2638 | return 0; |
2617 | } | 2639 | } |
2618 | 2640 | ||
2619 | int | 2641 | static int |
2620 | MHD_gtls_handshake_common (MHD_gtls_session_t session) | 2642 | MHD_gtls_handshake_common (MHD_gtls_session_t session) |
2621 | { | 2643 | { |
2622 | int ret = 0; | 2644 | int ret = 0; |
@@ -2651,12 +2673,12 @@ MHD_gtls_handshake_common (MHD_gtls_session_t session) | |||
2651 | 2673 | ||
2652 | } | 2674 | } |
2653 | 2675 | ||
2654 | int | 2676 | static int |
2655 | MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len) | 2677 | MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len) |
2656 | { | 2678 | { |
2657 | *len = TLS_MAX_SESSION_ID_SIZE; | 2679 | *len = TLS_MAX_SESSION_ID_SIZE; |
2658 | 2680 | ||
2659 | if (MHD_gc_nonce (session_id, *len) != GC_OK) | 2681 | if (MHD_gc_nonce ((char*) session_id, *len) != GC_OK) |
2660 | { | 2682 | { |
2661 | MHD_gnutls_assert (); | 2683 | MHD_gnutls_assert (); |
2662 | return GNUTLS_E_RANDOM_FAILED; | 2684 | return GNUTLS_E_RANDOM_FAILED; |
@@ -2811,7 +2833,7 @@ check_server_params (MHD_gtls_session_t session, | |||
2811 | * This does a more high level check than MHD_gnutls_supported_ciphersuites(), | 2833 | * This does a more high level check than MHD_gnutls_supported_ciphersuites(), |
2812 | * by checking certificates etc. | 2834 | * by checking certificates etc. |
2813 | */ | 2835 | */ |
2814 | int | 2836 | static int |
2815 | MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | 2837 | MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, |
2816 | cipher_suite_st ** cipherSuites, | 2838 | cipher_suite_st ** cipherSuites, |
2817 | int numCipherSuites, | 2839 | int numCipherSuites, |
@@ -2939,75 +2961,9 @@ MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | |||
2939 | 2961 | ||
2940 | } | 2962 | } |
2941 | 2963 | ||
2942 | /** | ||
2943 | * MHD__gnutls_handshake_set_max_packet_length - This function will set the maximum length of a handshake message | ||
2944 | * @session: is a #MHD_gtls_session_t structure. | ||
2945 | * @max: is the maximum number. | ||
2946 | * | ||
2947 | * This function will set the maximum size of a handshake message. | ||
2948 | * Handshake messages over this size are rejected. The default value | ||
2949 | * is 16kb which is large enough. Set this to 0 if you do not want to | ||
2950 | * set an upper limit. | ||
2951 | * | ||
2952 | **/ | ||
2953 | void | ||
2954 | MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session, | ||
2955 | size_t max) | ||
2956 | { | ||
2957 | session->internals.max_handshake_data_buffer_size = max; | ||
2958 | } | ||
2959 | |||
2960 | void | ||
2961 | MHD_gtls_set_adv_version (MHD_gtls_session_t session, | ||
2962 | enum MHD_GNUTLS_Protocol ver) | ||
2963 | { | ||
2964 | set_adv_version (session, MHD_gtls_version_get_major (ver), | ||
2965 | MHD_gtls_version_get_minor (ver)); | ||
2966 | } | ||
2967 | |||
2968 | enum MHD_GNUTLS_Protocol | 2964 | enum MHD_GNUTLS_Protocol |
2969 | MHD_gtls_get_adv_version (MHD_gtls_session_t session) | 2965 | MHD_gtls_get_adv_version (MHD_gtls_session_t session) |
2970 | { | 2966 | { |
2971 | return MHD_gtls_version_get (MHD__gnutls_get_adv_version_major (session), | 2967 | return MHD_gtls_version_get (MHD__gnutls_get_adv_version_major (session), |
2972 | MHD__gnutls_get_adv_version_minor (session)); | 2968 | MHD__gnutls_get_adv_version_minor (session)); |
2973 | } | 2969 | } |
2974 | |||
2975 | /** | ||
2976 | * MHD_gtls_handshake_get_last_in - Returns the last handshake message received. | ||
2977 | * @session: is a #MHD_gtls_session_t structure. | ||
2978 | * | ||
2979 | * This function is only useful to check where the last performed | ||
2980 | * handshake failed. If the previous handshake succeed or was not | ||
2981 | * performed at all then no meaningful value will be returned. | ||
2982 | * | ||
2983 | * Check %MHD_gnutls_handshake_description_t in gnutls.h for the | ||
2984 | * available handshake descriptions. | ||
2985 | * | ||
2986 | * Returns: the last handshake message type received, a | ||
2987 | * %MHD_gnutls_handshake_description_t. | ||
2988 | **/ | ||
2989 | MHD_gnutls_handshake_description_t | ||
2990 | MHD_gtls_handshake_get_last_in (MHD_gtls_session_t session) | ||
2991 | { | ||
2992 | return session->internals.last_handshake_in; | ||
2993 | } | ||
2994 | |||
2995 | /** | ||
2996 | * MHD_gtls_handshake_get_last_out - Returns the last handshake message sent. | ||
2997 | * @session: is a #MHD_gtls_session_t structure. | ||
2998 | * | ||
2999 | * This function is only useful to check where the last performed | ||
3000 | * handshake failed. If the previous handshake succeed or was not | ||
3001 | * performed at all then no meaningful value will be returned. | ||
3002 | * | ||
3003 | * Check %MHD_gnutls_handshake_description_t in gnutls.h for the | ||
3004 | * available handshake descriptions. | ||
3005 | * | ||
3006 | * Returns: the last handshake message type sent, a | ||
3007 | * %MHD_gnutls_handshake_description_t. | ||
3008 | **/ | ||
3009 | MHD_gnutls_handshake_description_t | ||
3010 | MHD_gtls_handshake_get_last_out (MHD_gtls_session_t session) | ||
3011 | { | ||
3012 | return session->internals.last_handshake_out; | ||
3013 | } | ||
diff --git a/src/daemon/https/tls/gnutls_handshake.h b/src/daemon/https/tls/gnutls_handshake.h index 6514ffc6..5c40d480 100644 --- a/src/daemon/https/tls/gnutls_handshake.h +++ b/src/daemon/https/tls/gnutls_handshake.h | |||
@@ -36,29 +36,6 @@ int MHD_gtls_recv_hello (MHD_gtls_session_t session, opaque * data, | |||
36 | int MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t **, int *, | 36 | int MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t **, int *, |
37 | MHD_gnutls_handshake_description_t, | 37 | MHD_gnutls_handshake_description_t, |
38 | Optional optional); | 38 | Optional optional); |
39 | int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len); | ||
40 | int MHD_gtls_handshake_common (MHD_gtls_session_t session); | ||
41 | int MHD_gtls_handshake_server (MHD_gtls_session_t session); | ||
42 | void MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd); | ||
43 | void MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd); | ||
44 | int MHD_gtls_tls_create_random (opaque * dst); | ||
45 | int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session, | ||
46 | cipher_suite_st ** cipherSuites, | ||
47 | int numCipherSuites, | ||
48 | enum | ||
49 | MHD_GNUTLS_PublicKeyAlgorithm); | ||
50 | int MHD_gtls_find_pk_algos_in_ciphersuites (opaque * data, int datalen); | ||
51 | int MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data, | ||
52 | int datalen); | ||
53 | |||
54 | int MHD_gtls_negotiate_version (MHD_gtls_session_t session, | ||
55 | enum MHD_GNUTLS_Protocol adv_version); | ||
56 | int MHD_gtls_user_hello_func (MHD_gtls_session_t, | ||
57 | enum MHD_GNUTLS_Protocol adv_version); | ||
58 | |||
59 | #if MHD_DEBUG_TLS | ||
60 | int MHD_gtls_handshake_client (MHD_gtls_session_t session); | ||
61 | #endif | ||
62 | 39 | ||
63 | #define STATE session->internals.handshake_state | 40 | #define STATE session->internals.handshake_state |
64 | /* This returns true if we have got there | 41 | /* This returns true if we have got there |
diff --git a/src/daemon/https/tls/gnutls_rsa_export.c b/src/daemon/https/tls/gnutls_rsa_export.c index 64834a98..d48ee327 100644 --- a/src/daemon/https/tls/gnutls_rsa_export.c +++ b/src/daemon/https/tls/gnutls_rsa_export.c | |||
@@ -35,13 +35,6 @@ | |||
35 | #include "x509.h" | 35 | #include "x509.h" |
36 | #include "privkey.h" | 36 | #include "privkey.h" |
37 | 37 | ||
38 | /* This function takes a number of bits and returns a supported | ||
39 | * number of bits. Ie a number of bits that we have a prime in the | ||
40 | * dh_primes structure. | ||
41 | */ | ||
42 | |||
43 | #define MAX_SUPPORTED_BITS 512 | ||
44 | |||
45 | /* returns e and m, depends on the requested bits. | 38 | /* returns e and m, depends on the requested bits. |
46 | * We only support limited key sizes. | 39 | * We only support limited key sizes. |
47 | */ | 40 | */ |
@@ -52,144 +45,9 @@ MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t rsa_params) | |||
52 | { | 45 | { |
53 | return NULL; | 46 | return NULL; |
54 | } | 47 | } |
55 | |||
56 | return rsa_params->params; | 48 | return rsa_params->params; |
57 | |||
58 | } | ||
59 | |||
60 | /* resarr will contain: modulus(0), public exponent(1), private exponent(2), | ||
61 | * prime1 - p (3), prime2 - q(4), u (5). | ||
62 | */ | ||
63 | int | ||
64 | MHD__gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits) | ||
65 | { | ||
66 | |||
67 | int ret; | ||
68 | gcry_sexp_t parms, key, list; | ||
69 | |||
70 | ret = gcry_sexp_build (&parms, NULL, "(genkey(rsa(nbits %d)))", bits); | ||
71 | if (ret != 0) | ||
72 | { | ||
73 | MHD_gnutls_assert (); | ||
74 | return GNUTLS_E_INTERNAL_ERROR; | ||
75 | } | ||
76 | |||
77 | /* generate the RSA key */ | ||
78 | ret = gcry_pk_genkey (&key, parms); | ||
79 | gcry_sexp_release (parms); | ||
80 | |||
81 | if (ret != 0) | ||
82 | { | ||
83 | MHD_gnutls_assert (); | ||
84 | return GNUTLS_E_INTERNAL_ERROR; | ||
85 | } | ||
86 | |||
87 | list = gcry_sexp_find_token (key, "n", 0); | ||
88 | if (list == NULL) | ||
89 | { | ||
90 | MHD_gnutls_assert (); | ||
91 | gcry_sexp_release (key); | ||
92 | return GNUTLS_E_INTERNAL_ERROR; | ||
93 | } | ||
94 | |||
95 | resarr[0] = gcry_sexp_nth_mpi (list, 1, 0); | ||
96 | gcry_sexp_release (list); | ||
97 | |||
98 | list = gcry_sexp_find_token (key, "e", 0); | ||
99 | if (list == NULL) | ||
100 | { | ||
101 | MHD_gnutls_assert (); | ||
102 | gcry_sexp_release (key); | ||
103 | return GNUTLS_E_INTERNAL_ERROR; | ||
104 | } | ||
105 | |||
106 | resarr[1] = gcry_sexp_nth_mpi (list, 1, 0); | ||
107 | gcry_sexp_release (list); | ||
108 | |||
109 | list = gcry_sexp_find_token (key, "d", 0); | ||
110 | if (list == NULL) | ||
111 | { | ||
112 | MHD_gnutls_assert (); | ||
113 | gcry_sexp_release (key); | ||
114 | return GNUTLS_E_INTERNAL_ERROR; | ||
115 | } | ||
116 | |||
117 | resarr[2] = gcry_sexp_nth_mpi (list, 1, 0); | ||
118 | gcry_sexp_release (list); | ||
119 | |||
120 | list = gcry_sexp_find_token (key, "p", 0); | ||
121 | if (list == NULL) | ||
122 | { | ||
123 | MHD_gnutls_assert (); | ||
124 | gcry_sexp_release (key); | ||
125 | return GNUTLS_E_INTERNAL_ERROR; | ||
126 | } | ||
127 | |||
128 | resarr[3] = gcry_sexp_nth_mpi (list, 1, 0); | ||
129 | gcry_sexp_release (list); | ||
130 | |||
131 | |||
132 | list = gcry_sexp_find_token (key, "q", 0); | ||
133 | if (list == NULL) | ||
134 | { | ||
135 | MHD_gnutls_assert (); | ||
136 | gcry_sexp_release (key); | ||
137 | return GNUTLS_E_INTERNAL_ERROR; | ||
138 | } | ||
139 | |||
140 | resarr[4] = gcry_sexp_nth_mpi (list, 1, 0); | ||
141 | gcry_sexp_release (list); | ||
142 | |||
143 | |||
144 | list = gcry_sexp_find_token (key, "u", 0); | ||
145 | if (list == NULL) | ||
146 | { | ||
147 | MHD_gnutls_assert (); | ||
148 | gcry_sexp_release (key); | ||
149 | return GNUTLS_E_INTERNAL_ERROR; | ||
150 | } | ||
151 | |||
152 | resarr[5] = gcry_sexp_nth_mpi (list, 1, 0); | ||
153 | gcry_sexp_release (list); | ||
154 | |||
155 | gcry_sexp_release (key); | ||
156 | |||
157 | MHD__gnutls_dump_mpi ("n: ", resarr[0]); | ||
158 | MHD__gnutls_dump_mpi ("e: ", resarr[1]); | ||
159 | MHD__gnutls_dump_mpi ("d: ", resarr[2]); | ||
160 | MHD__gnutls_dump_mpi ("p: ", resarr[3]); | ||
161 | MHD__gnutls_dump_mpi ("q: ", resarr[4]); | ||
162 | MHD__gnutls_dump_mpi ("u: ", resarr[5]); | ||
163 | |||
164 | *resarr_len = 6; | ||
165 | |||
166 | return 0; | ||
167 | |||
168 | } | 49 | } |
169 | 50 | ||
170 | /** | ||
171 | * MHD__gnutls_rsa_params_init - This function will initialize the temporary RSA parameters | ||
172 | * @rsa_params: Is a structure that will hold the parameters | ||
173 | * | ||
174 | * This function will initialize the temporary RSA parameters structure. | ||
175 | * | ||
176 | **/ | ||
177 | int | ||
178 | MHD__gnutls_rsa_params_init (MHD_gtls_rsa_params_t * rsa_params) | ||
179 | { | ||
180 | int ret; | ||
181 | |||
182 | ret = MHD_gnutls_x509_privkey_init (rsa_params); | ||
183 | if (ret < 0) | ||
184 | { | ||
185 | MHD_gnutls_assert (); | ||
186 | return ret; | ||
187 | } | ||
188 | |||
189 | (*rsa_params)->crippled = 1; | ||
190 | |||
191 | return 0; | ||
192 | } | ||
193 | 51 | ||
194 | /** | 52 | /** |
195 | * MHD__gnutls_rsa_params_deinit - This function will deinitialize the RSA parameters | 53 | * MHD__gnutls_rsa_params_deinit - This function will deinitialize the RSA parameters |
@@ -204,24 +62,3 @@ MHD__gnutls_rsa_params_deinit (MHD_gtls_rsa_params_t rsa_params) | |||
204 | MHD_gnutls_x509_privkey_deinit (rsa_params); | 62 | MHD_gnutls_x509_privkey_deinit (rsa_params); |
205 | } | 63 | } |
206 | 64 | ||
207 | /** | ||
208 | * MHD__gnutls_rsa_params_generate2 - This function will generate temporary RSA parameters | ||
209 | * @params: The structure where the parameters will be stored | ||
210 | * @bits: is the prime's number of bits | ||
211 | * | ||
212 | * This function will generate new temporary RSA parameters for use in | ||
213 | * RSA-EXPORT ciphersuites. This function is normally slow. | ||
214 | * | ||
215 | * Note that if the parameters are to be used in export cipher suites the | ||
216 | * bits value should be 512 or less. | ||
217 | * Also note that the generation of new RSA parameters is only useful | ||
218 | * to servers. Clients use the parameters sent by the server, thus it's | ||
219 | * no use calling this in client side. | ||
220 | * | ||
221 | **/ | ||
222 | int | ||
223 | MHD__gnutls_rsa_params_generate2 (MHD_gtls_rsa_params_t params, | ||
224 | unsigned int bits) | ||
225 | { | ||
226 | return MHD_gnutls_x509_privkey_generate (params, MHD_GNUTLS_PK_RSA, bits, 0); | ||
227 | } | ||
diff --git a/src/daemon/https/tls/gnutls_rsa_export.h b/src/daemon/https/tls/gnutls_rsa_export.h index 61cfdd97..a34dfe9d 100644 --- a/src/daemon/https/tls/gnutls_rsa_export.h +++ b/src/daemon/https/tls/gnutls_rsa_export.h | |||
@@ -24,4 +24,4 @@ | |||
24 | 24 | ||
25 | const mpi_t *MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t); | 25 | const mpi_t *MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t); |
26 | int MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session); | 26 | int MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session); |
27 | int MHD__gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits); | 27 | |
diff --git a/src/daemon/https/x509/common.h b/src/daemon/https/x509/common.h index 4050f36b..059fafe0 100644 --- a/src/daemon/https/x509/common.h +++ b/src/daemon/https/x509/common.h | |||
@@ -116,7 +116,7 @@ int MHD__gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst, | |||
116 | MHD_GNUTLS_PublicKeyAlgorithm | 116 | MHD_GNUTLS_PublicKeyAlgorithm |
117 | pk_algorithm, mpi_t * params, | 117 | pk_algorithm, mpi_t * params, |
118 | int params_size); | 118 | int params_size); |
119 | int MHD__gnutlsMHD__asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, | 119 | int MHD__gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name, |
120 | ASN1_TYPE src, const char *src_name); | 120 | ASN1_TYPE src, const char *src_name); |
121 | 121 | ||
122 | int MHD__gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, | 122 | int MHD__gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name, |
diff --git a/src/daemon/https/x509/privkey.h b/src/daemon/https/x509/privkey.h index ab29ec1c..31fc2d72 100644 --- a/src/daemon/https/x509/privkey.h +++ b/src/daemon/https/x509/privkey.h | |||
@@ -28,4 +28,4 @@ ASN1_TYPE MHD__gnutls_privkey_decode_pkcs1_rsa_key (const MHD_gnutls_datum_t * | |||
28 | raw_key, | 28 | raw_key, |
29 | MHD_gnutls_x509_privkey_t pkey); | 29 | MHD_gnutls_x509_privkey_t pkey); |
30 | 30 | ||
31 | int MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); | 31 | int MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); |
diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c index 447dca15..1ef59d2f 100644 --- a/src/daemon/https/x509/privkey_pkcs8.c +++ b/src/daemon/https/x509/privkey_pkcs8.c | |||
@@ -474,7 +474,7 @@ _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, MHD_gnutls_x509_privkey pkey) | |||
474 | 474 | ||
475 | if (!pkey->crippled) | 475 | if (!pkey->crippled) |
476 | { | 476 | { |
477 | ret = MHD__gnutlsMHD__asn1_encode_dsa (&pkey->key, pkey->params); | 477 | ret = MHD__gnutls_asn1_encode_dsa (&pkey->key, pkey->params); |
478 | if (ret < 0) | 478 | if (ret < 0) |
479 | { | 479 | { |
480 | MHD_gnutls_assert (); | 480 | MHD_gnutls_assert (); |
diff --git a/src/daemon/https/x509/x509.h b/src/daemon/https/x509/x509.h index 90e2aa8c..ee28dc73 100644 --- a/src/daemon/https/x509/x509.h +++ b/src/daemon/https/x509/x509.h | |||
@@ -560,8 +560,6 @@ extern "C" | |||
560 | const MHD_gnutls_datum_t * p, | 560 | const MHD_gnutls_datum_t * p, |
561 | const MHD_gnutls_datum_t * q, | 561 | const MHD_gnutls_datum_t * q, |
562 | const MHD_gnutls_datum_t * u); | 562 | const MHD_gnutls_datum_t * u); |
563 | int MHD_gnutls_x509_privkey_fix (MHD_gnutls_x509_privkey_t key); | ||
564 | |||
565 | int MHD_gnutls_x509_privkey_export_dsa_raw (MHD_gnutls_x509_privkey_t key, | 563 | int MHD_gnutls_x509_privkey_export_dsa_raw (MHD_gnutls_x509_privkey_t key, |
566 | MHD_gnutls_datum_t * p, | 564 | MHD_gnutls_datum_t * p, |
567 | MHD_gnutls_datum_t * q, | 565 | MHD_gnutls_datum_t * q, |
@@ -581,10 +579,6 @@ extern "C" | |||
581 | unsigned char *output_data, | 579 | unsigned char *output_data, |
582 | size_t * output_data_size); | 580 | size_t * output_data_size); |
583 | 581 | ||
584 | int MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key, | ||
585 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, | ||
586 | unsigned int bits, unsigned int flags); | ||
587 | |||
588 | int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key, | 582 | int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key, |
589 | MHD_gnutls_x509_crt_fmt_t format, | 583 | MHD_gnutls_x509_crt_fmt_t format, |
590 | void *output_data, | 584 | void *output_data, |
@@ -603,14 +597,6 @@ extern "C" | |||
603 | MHD_gnutls_datum_t * q, | 597 | MHD_gnutls_datum_t * q, |
604 | MHD_gnutls_datum_t * u); | 598 | MHD_gnutls_datum_t * u); |
605 | 599 | ||
606 | /* Signing stuff. | ||
607 | */ | ||
608 | int MHD_gnutls_x509_privkey_sign_data (MHD_gnutls_x509_privkey_t key, | ||
609 | enum MHD_GNUTLS_HashAlgorithm digest, | ||
610 | unsigned int flags, | ||
611 | const MHD_gnutls_datum_t * data, | ||
612 | void *signature, | ||
613 | size_t * signature_size); | ||
614 | int MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key, | 600 | int MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key, |
615 | unsigned int flags, | 601 | unsigned int flags, |
616 | const MHD_gnutls_datum_t * data, | 602 | const MHD_gnutls_datum_t * data, |
@@ -620,10 +606,6 @@ extern "C" | |||
620 | const MHD_gnutls_datum_t * data, | 606 | const MHD_gnutls_datum_t * data, |
621 | const MHD_gnutls_datum_t * signature); | 607 | const MHD_gnutls_datum_t * signature); |
622 | 608 | ||
623 | int MHD_gnutls_x509_privkey_sign_hash (MHD_gnutls_x509_privkey_t key, | ||
624 | const MHD_gnutls_datum_t * hash, | ||
625 | MHD_gnutls_datum_t * signature); | ||
626 | |||
627 | /* Certificate request stuff. | 609 | /* Certificate request stuff. |
628 | */ | 610 | */ |
629 | struct MHD_gnutls_x509_crq_int; | 611 | struct MHD_gnutls_x509_crq_int; |
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c index e01861b8..579ce664 100644 --- a/src/daemon/https/x509/x509_privkey.c +++ b/src/daemon/https/x509/x509_privkey.c | |||
@@ -39,8 +39,8 @@ | |||
39 | #include <dsa.h> | 39 | #include <dsa.h> |
40 | #include <verify.h> | 40 | #include <verify.h> |
41 | 41 | ||
42 | static int MHD__gnutlsMHD__asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params); | 42 | static int MHD__gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params); |
43 | int MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); | 43 | int MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); |
44 | 44 | ||
45 | /* remove this when libgcrypt can handle the PKCS #1 coefficients from | 45 | /* remove this when libgcrypt can handle the PKCS #1 coefficients from |
46 | * rsa keys | 46 | * rsa keys |
@@ -127,7 +127,7 @@ MHD_gnutls_x509_privkey_cpy (MHD_gnutls_x509_privkey_t dst, MHD_gnutls_x509_priv | |||
127 | switch (dst->pk_algorithm) | 127 | switch (dst->pk_algorithm) |
128 | { | 128 | { |
129 | case MHD_GNUTLS_PK_RSA: | 129 | case MHD_GNUTLS_PK_RSA: |
130 | ret = MHD__gnutlsMHD__asn1_encode_rsa (&dst->key, dst->params); | 130 | ret = MHD__gnutls_asn1_encode_rsa (&dst->key, dst->params); |
131 | if (ret < 0) | 131 | if (ret < 0) |
132 | { | 132 | { |
133 | MHD_gnutls_assert (); | 133 | MHD_gnutls_assert (); |
@@ -439,7 +439,7 @@ MHD_gnutls_x509_privkey_import_rsa_raw (MHD_gnutls_x509_privkey_t key, | |||
439 | 439 | ||
440 | if (!key->crippled) | 440 | if (!key->crippled) |
441 | { | 441 | { |
442 | ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params); | 442 | ret = MHD__gnutls_asn1_encode_rsa (&key->key, key->params); |
443 | if (ret < 0) | 443 | if (ret < 0) |
444 | { | 444 | { |
445 | MHD_gnutls_assert (); | 445 | MHD_gnutls_assert (); |
@@ -481,7 +481,7 @@ MHD_gnutls_x509_privkey_get_pk_algorithm (MHD_gnutls_x509_privkey_t key) | |||
481 | /* Encodes the RSA parameters into an ASN.1 RSA private key structure. | 481 | /* Encodes the RSA parameters into an ASN.1 RSA private key structure. |
482 | */ | 482 | */ |
483 | static int | 483 | static int |
484 | MHD__gnutlsMHD__asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params) | 484 | MHD__gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params) |
485 | { | 485 | { |
486 | int result, i; | 486 | int result, i; |
487 | size_t size[8], total; | 487 | size_t size[8], total; |
@@ -712,7 +712,7 @@ cleanup:MHD_gtls_mpi_release (&u); | |||
712 | /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure. | 712 | /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure. |
713 | */ | 713 | */ |
714 | int | 714 | int |
715 | MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params) | 715 | MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params) |
716 | { | 716 | { |
717 | int result, i; | 717 | int result, i; |
718 | size_t size[DSA_PRIVATE_PARAMS], total; | 718 | size_t size[DSA_PRIVATE_PARAMS], total; |
@@ -823,328 +823,3 @@ cleanup:MHD__asn1_delete_structure (c2); | |||
823 | return result; | 823 | return result; |
824 | } | 824 | } |
825 | 825 | ||
826 | /** | ||
827 | * MHD_gnutls_x509_privkey_generate - This function will generate a private key | ||
828 | * @key: should contain a MHD_gnutls_x509_privkey_t structure | ||
829 | * @algo: is one of RSA or DSA. | ||
830 | * @bits: the size of the modulus | ||
831 | * @flags: unused for now. Must be 0. | ||
832 | * | ||
833 | * This function will generate a random private key. Note that | ||
834 | * this function must be called on an empty private key. | ||
835 | * | ||
836 | * Returns 0 on success or a negative value on error. | ||
837 | * | ||
838 | **/ | ||
839 | int | ||
840 | MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key, | ||
841 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, | ||
842 | unsigned int bits, unsigned int flags) | ||
843 | { | ||
844 | int ret, params_len; | ||
845 | int i; | ||
846 | |||
847 | if (key == NULL) | ||
848 | { | ||
849 | MHD_gnutls_assert (); | ||
850 | return GNUTLS_E_INVALID_REQUEST; | ||
851 | } | ||
852 | |||
853 | switch (algo) | ||
854 | { | ||
855 | case MHD_GNUTLS_PK_RSA: | ||
856 | ret = MHD__gnutls_rsa_generate_params (key->params, ¶ms_len, bits); | ||
857 | if (ret < 0) | ||
858 | { | ||
859 | MHD_gnutls_assert (); | ||
860 | return ret; | ||
861 | } | ||
862 | |||
863 | if (!key->crippled) | ||
864 | { | ||
865 | ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params); | ||
866 | if (ret < 0) | ||
867 | { | ||
868 | MHD_gnutls_assert (); | ||
869 | goto cleanup; | ||
870 | } | ||
871 | } | ||
872 | |||
873 | key->params_size = params_len; | ||
874 | key->pk_algorithm = MHD_GNUTLS_PK_RSA; | ||
875 | |||
876 | break; | ||
877 | default: | ||
878 | MHD_gnutls_assert (); | ||
879 | return GNUTLS_E_INVALID_REQUEST; | ||
880 | } | ||
881 | |||
882 | return 0; | ||
883 | |||
884 | cleanup:key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; | ||
885 | key->params_size = 0; | ||
886 | for (i = 0; i < params_len; i++) | ||
887 | MHD_gtls_mpi_release (&key->params[i]); | ||
888 | |||
889 | return ret; | ||
890 | } | ||
891 | |||
892 | /** | ||
893 | * MHD_gnutls_x509_privkey_get_key_id - Return unique ID of the key's parameters | ||
894 | * @key: Holds the key | ||
895 | * @flags: should be 0 for now | ||
896 | * @output_data: will contain the key ID | ||
897 | * @output_data_size: holds the size of output_data (and will be | ||
898 | * replaced by the actual size of parameters) | ||
899 | * | ||
900 | * This function will return a unique ID the depends on the public key | ||
901 | * parameters. This ID can be used in checking whether a certificate | ||
902 | * corresponds to the given key. | ||
903 | * | ||
904 | * If the buffer provided is not long enough to hold the output, then | ||
905 | * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
906 | * be returned. The output will normally be a SHA-1 hash output, | ||
907 | * which is 20 bytes. | ||
908 | * | ||
909 | * Return value: In case of failure a negative value will be | ||
910 | * returned, and 0 on success. | ||
911 | * | ||
912 | **/ | ||
913 | int | ||
914 | MHD_gnutls_x509_privkey_get_key_id (MHD_gnutls_x509_privkey_t key, | ||
915 | unsigned int flags, | ||
916 | unsigned char *output_data, | ||
917 | size_t * output_data_size) | ||
918 | { | ||
919 | int result; | ||
920 | GNUTLS_HASH_HANDLE hd; | ||
921 | MHD_gnutls_datum_t der = { NULL, | ||
922 | 0 | ||
923 | }; | ||
924 | |||
925 | if (key == NULL || key->crippled) | ||
926 | { | ||
927 | MHD_gnutls_assert (); | ||
928 | return GNUTLS_E_INVALID_REQUEST; | ||
929 | } | ||
930 | |||
931 | if (*output_data_size < 20) | ||
932 | { | ||
933 | MHD_gnutls_assert (); | ||
934 | *output_data_size = 20; | ||
935 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
936 | } | ||
937 | |||
938 | if (key->pk_algorithm == MHD_GNUTLS_PK_RSA) | ||
939 | { | ||
940 | result = MHD__gnutls_x509_write_rsa_params (key->params, key->params_size, | ||
941 | &der); | ||
942 | if (result < 0) | ||
943 | { | ||
944 | MHD_gnutls_assert (); | ||
945 | goto cleanup; | ||
946 | } | ||
947 | } | ||
948 | else | ||
949 | return GNUTLS_E_INTERNAL_ERROR; | ||
950 | |||
951 | hd = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); | ||
952 | if (hd == GNUTLS_HASH_FAILED) | ||
953 | { | ||
954 | MHD_gnutls_assert (); | ||
955 | result = GNUTLS_E_INTERNAL_ERROR; | ||
956 | goto cleanup; | ||
957 | } | ||
958 | |||
959 | MHD_gnutls_hash (hd, der.data, der.size); | ||
960 | |||
961 | MHD_gnutls_hash_deinit (hd, output_data); | ||
962 | *output_data_size = 20; | ||
963 | |||
964 | result = 0; | ||
965 | |||
966 | cleanup: | ||
967 | |||
968 | MHD__gnutls_free_datum (&der); | ||
969 | return result; | ||
970 | } | ||
971 | |||
972 | #ifdef ENABLE_PKI | ||
973 | |||
974 | /** | ||
975 | * MHD_gnutls_x509_privkey_sign_data - This function will sign the given data using the private key params | ||
976 | * @key: Holds the key | ||
977 | * @digest: should be MD5 or SHA1 | ||
978 | * @flags: should be 0 for now | ||
979 | * @data: holds the data to be signed | ||
980 | * @signature: will contain the signature | ||
981 | * @signature_size: holds the size of signature (and will be replaced | ||
982 | * by the new size) | ||
983 | * | ||
984 | * This function will sign the given data using a signature algorithm | ||
985 | * supported by the private key. Signature algorithms are always used | ||
986 | * together with a hash functions. Different hash functions may be | ||
987 | * used for the RSA algorithm, but only SHA-1 for the DSA keys. | ||
988 | * | ||
989 | * If the buffer provided is not long enough to hold the output, then | ||
990 | * *signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
991 | * be returned. | ||
992 | * | ||
993 | * In case of failure a negative value will be returned, and | ||
994 | * 0 on success. | ||
995 | * | ||
996 | **/ | ||
997 | int | ||
998 | MHD_gnutls_x509_privkey_sign_data (MHD_gnutls_x509_privkey_t key, | ||
999 | enum MHD_GNUTLS_HashAlgorithm digest, | ||
1000 | unsigned int flags, | ||
1001 | const MHD_gnutls_datum_t * data, | ||
1002 | void *signature, size_t * signature_size) | ||
1003 | { | ||
1004 | int result; | ||
1005 | MHD_gnutls_datum_t sig = { NULL, 0 }; | ||
1006 | |||
1007 | if (key == NULL) | ||
1008 | { | ||
1009 | MHD_gnutls_assert (); | ||
1010 | return GNUTLS_E_INVALID_REQUEST; | ||
1011 | } | ||
1012 | |||
1013 | result = MHD__gnutls_x509_sign (data, digest, key, &sig); | ||
1014 | if (result < 0) | ||
1015 | { | ||
1016 | MHD_gnutls_assert (); | ||
1017 | return result; | ||
1018 | } | ||
1019 | |||
1020 | if (*signature_size < sig.size) | ||
1021 | { | ||
1022 | *signature_size = sig.size; | ||
1023 | MHD__gnutls_free_datum (&sig); | ||
1024 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
1025 | } | ||
1026 | |||
1027 | *signature_size = sig.size; | ||
1028 | memcpy (signature, sig.data, sig.size); | ||
1029 | |||
1030 | MHD__gnutls_free_datum (&sig); | ||
1031 | |||
1032 | return 0; | ||
1033 | } | ||
1034 | |||
1035 | /** | ||
1036 | * MHD_gnutls_x509_privkey_sign_hash - This function will sign the given data using the private key params | ||
1037 | * @key: Holds the key | ||
1038 | * @hash: holds the data to be signed | ||
1039 | * @signature: will contain newly allocated signature | ||
1040 | * | ||
1041 | * This function will sign the given hash using the private key. | ||
1042 | * | ||
1043 | * Return value: In case of failure a negative value will be returned, | ||
1044 | * and 0 on success. | ||
1045 | **/ | ||
1046 | int | ||
1047 | MHD_gnutls_x509_privkey_sign_hash (MHD_gnutls_x509_privkey_t key, | ||
1048 | const MHD_gnutls_datum_t * hash, | ||
1049 | MHD_gnutls_datum_t * signature) | ||
1050 | { | ||
1051 | int result; | ||
1052 | |||
1053 | if (key == NULL) | ||
1054 | { | ||
1055 | MHD_gnutls_assert (); | ||
1056 | return GNUTLS_E_INVALID_REQUEST; | ||
1057 | } | ||
1058 | |||
1059 | result = MHD_gtls_sign (key->pk_algorithm, key->params, | ||
1060 | key->params_size, hash, signature); | ||
1061 | if (result < 0) | ||
1062 | { | ||
1063 | MHD_gnutls_assert (); | ||
1064 | return result; | ||
1065 | } | ||
1066 | |||
1067 | return 0; | ||
1068 | } | ||
1069 | |||
1070 | /** | ||
1071 | * MHD_gnutls_x509_privkey_verify_data - This function will verify the given signed data. | ||
1072 | * @key: Holds the key | ||
1073 | * @flags: should be 0 for now | ||
1074 | * @data: holds the data to be signed | ||
1075 | * @signature: contains the signature | ||
1076 | * | ||
1077 | * This function will verify the given signed data, using the parameters in the | ||
1078 | * private key. | ||
1079 | * | ||
1080 | * In case of a verification failure 0 is returned, and | ||
1081 | * 1 on success. | ||
1082 | * | ||
1083 | **/ | ||
1084 | int | ||
1085 | MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key, | ||
1086 | unsigned int flags, | ||
1087 | const MHD_gnutls_datum_t * data, | ||
1088 | const MHD_gnutls_datum_t * signature) | ||
1089 | { | ||
1090 | int result; | ||
1091 | |||
1092 | if (key == NULL) | ||
1093 | { | ||
1094 | MHD_gnutls_assert (); | ||
1095 | return GNUTLS_E_INVALID_REQUEST; | ||
1096 | } | ||
1097 | |||
1098 | result = MHD__gnutls_x509_privkey_verify_signature (data, signature, key); | ||
1099 | if (result < 0) | ||
1100 | { | ||
1101 | MHD_gnutls_assert (); | ||
1102 | return 0; | ||
1103 | } | ||
1104 | |||
1105 | return result; | ||
1106 | } | ||
1107 | |||
1108 | /** | ||
1109 | * MHD_gnutls_x509_privkey_fix - This function will recalculate some parameters of the key. | ||
1110 | * @key: Holds the key | ||
1111 | * | ||
1112 | * This function will recalculate the secondary parameters in a key. | ||
1113 | * In RSA keys, this can be the coefficient and exponent1,2. | ||
1114 | * | ||
1115 | * Return value: In case of failure a negative value will be | ||
1116 | * returned, and 0 on success. | ||
1117 | * | ||
1118 | **/ | ||
1119 | int | ||
1120 | MHD_gnutls_x509_privkey_fix (MHD_gnutls_x509_privkey_t key) | ||
1121 | { | ||
1122 | int ret; | ||
1123 | |||
1124 | if (key == NULL) | ||
1125 | { | ||
1126 | MHD_gnutls_assert (); | ||
1127 | return GNUTLS_E_INVALID_REQUEST; | ||
1128 | } | ||
1129 | |||
1130 | if (!key->crippled) | ||
1131 | MHD__asn1_delete_structure (&key->key); | ||
1132 | switch (key->pk_algorithm) | ||
1133 | { | ||
1134 | case MHD_GNUTLS_PK_RSA: | ||
1135 | ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params); | ||
1136 | if (ret < 0) | ||
1137 | { | ||
1138 | MHD_gnutls_assert (); | ||
1139 | return ret; | ||
1140 | } | ||
1141 | break; | ||
1142 | default: | ||
1143 | MHD_gnutls_assert (); | ||
1144 | return GNUTLS_E_INVALID_REQUEST; | ||
1145 | } | ||
1146 | |||
1147 | return 0; | ||
1148 | } | ||
1149 | |||
1150 | #endif | ||