aboutsummaryrefslogtreecommitdiff
path: root/src/daemon/https/x509/sign.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/daemon/https/x509/sign.c')
-rw-r--r--src/daemon/https/x509/sign.c264
1 files changed, 0 insertions, 264 deletions
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c
deleted file mode 100644
index 1cc032be..00000000
--- a/src/daemon/https/x509/sign.c
+++ /dev/null
@@ -1,264 +0,0 @@
1/*
2 * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25/* All functions which relate to X.509 certificate signing stuff are
26 * included here
27 */
28
29#include <gnutls_int.h>
30
31#ifdef ENABLE_PKI
32
33#include <gnutls_errors.h>
34#include <gnutls_cert.h>
35#include <libtasn1.h>
36#include <gnutls_global.h>
37#include <gnutls_num.h> /* MAX */
38#include <gnutls_sig.h>
39#include <gnutls_str.h>
40#include <gnutls_datum.h>
41#include <dn.h>
42#include <x509.h>
43#include <mpi.h>
44#include <sign.h>
45#include <common.h>
46#include <verify.h>
47
48/* Writes the digest information and the digest in a DER encoded
49 * structure. The digest info is allocated and stored into the info structure.
50 */
51static int
52encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash,
53 const MHD_gnutls_datum_t * digest,
54 MHD_gnutls_datum_t * info)
55{
56 ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
57 int result;
58 const char *algo;
59
60 algo = MHD_gtls_x509_mac_to_oid ((enum MHD_GNUTLS_HashAlgorithm) hash);
61 if (algo == NULL)
62 {
63 MHD_gnutls_assert ();
64 MHD__gnutls_x509_log ("Hash algorithm: %d\n", hash);
65 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
66 }
67
68 if ((result = MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (),
69 "GNUTLS.DigestInfo",
70 &dinfo)) != ASN1_SUCCESS)
71 {
72 MHD_gnutls_assert ();
73 return MHD_gtls_asn2err (result);
74 }
75
76 result =
77 MHD__asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1);
78 if (result != ASN1_SUCCESS)
79 {
80 MHD_gnutls_assert ();
81 MHD__asn1_delete_structure (&dinfo);
82 return MHD_gtls_asn2err (result);
83 }
84
85 /* Write an ASN.1 NULL in the parameters field. This matches RFC
86 3279 and RFC 4055, although is arguable incorrect from a historic
87 perspective (see those documents for more information).
88 Regardless of what is correct, this appears to be what most
89 implementations do. */
90 result = MHD__asn1_write_value (dinfo, "digestAlgorithm.parameters",
91 "\x05\x00", 2);
92 if (result != ASN1_SUCCESS)
93 {
94 MHD_gnutls_assert ();
95 MHD__asn1_delete_structure (&dinfo);
96 return MHD_gtls_asn2err (result);
97 }
98
99 result =
100 MHD__asn1_write_value (dinfo, "digest", digest->data, digest->size);
101 if (result != ASN1_SUCCESS)
102 {
103 MHD_gnutls_assert ();
104 MHD__asn1_delete_structure (&dinfo);
105 return MHD_gtls_asn2err (result);
106 }
107
108 info->size = 0;
109 MHD__asn1_der_coding (dinfo, "", NULL, (int *) &info->size, NULL);
110
111 info->data = MHD_gnutls_malloc (info->size);
112 if (info->data == NULL)
113 {
114 MHD_gnutls_assert ();
115 MHD__asn1_delete_structure (&dinfo);
116 return GNUTLS_E_MEMORY_ERROR;
117 }
118
119 result =
120 MHD__asn1_der_coding (dinfo, "", info->data, (int *) &info->size, NULL);
121 if (result != ASN1_SUCCESS)
122 {
123 MHD_gnutls_assert ();
124 MHD__asn1_delete_structure (&dinfo);
125 return MHD_gtls_asn2err (result);
126 }
127
128 MHD__asn1_delete_structure (&dinfo);
129
130 return 0;
131}
132
133/* if hash==MD5 then we do RSA-MD5
134 * if hash==SHA then we do RSA-SHA
135 * params[0] is modulus
136 * params[1] is public key
137 */
138static int
139pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash,
140 const MHD_gnutls_datum_t * text, mpi_t * params,
141 int params_len, MHD_gnutls_datum_t * signature)
142{
143 int ret;
144 opaque _digest[MAX_HASH_SIZE];
145 GNUTLS_HASH_HANDLE hd;
146 MHD_gnutls_datum_t digest, info;
147
148 hd = MHD_gtls_hash_init (HASH2MAC (hash));
149 if (hd == NULL)
150 {
151 MHD_gnutls_assert ();
152 return GNUTLS_E_HASH_FAILED;
153 }
154
155 MHD_gnutls_hash (hd, text->data, text->size);
156 MHD_gnutls_hash_deinit (hd, _digest);
157
158 digest.data = _digest;
159 digest.size = MHD_gnutls_hash_get_algo_len (HASH2MAC (hash));
160
161 /* Encode the digest as a DigestInfo
162 */
163 if ((ret = encode_ber_digest_info (hash, &digest, &info)) != 0)
164 {
165 MHD_gnutls_assert ();
166 return ret;
167 }
168
169 if ((ret =
170 MHD_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info,
171 signature)) < 0)
172 {
173 MHD_gnutls_assert ();
174 MHD__gnutls_free_datum (&info);
175 return ret;
176 }
177
178 MHD__gnutls_free_datum (&info);
179
180 return 0;
181}
182
183/* Signs the given data using the parameters from the signer's
184 * private key.
185 *
186 * returns 0 on success.
187 *
188 * 'tbs' is the data to be signed
189 * 'signature' will hold the signature!
190 * 'hash' is only used in PKCS1 RSA signing.
191 */
192static int
193MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs,
194 enum MHD_GNUTLS_HashAlgorithm hash,
195 MHD_gnutls_x509_privkey_t signer,
196 MHD_gnutls_datum_t * signature)
197{
198 int ret;
199
200 switch (signer->pk_algorithm)
201 {
202 case MHD_GNUTLS_PK_RSA:
203 ret =
204 pkcs1_rsa_sign (hash, tbs, signer->params, signer->params_size,
205 signature);
206 if (ret < 0)
207 {
208 MHD_gnutls_assert ();
209 return ret;
210 }
211 return 0;
212 break;
213 default:
214 MHD_gnutls_assert ();
215 return GNUTLS_E_INTERNAL_ERROR;
216 }
217
218}
219
220/* This is the same as the MHD__gnutls_x509_sign, but this one will decode
221 * the ASN1_TYPE given, and sign the DER data. Actually used to get the DER
222 * of the TBS and sign it on the fly.
223 */
224int
225MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name,
226 enum MHD_GNUTLS_HashAlgorithm hash,
227 MHD_gnutls_x509_privkey_t signer,
228 MHD_gnutls_datum_t * signature)
229{
230 int result;
231 opaque *buf;
232 int buf_size;
233 MHD_gnutls_datum_t tbs;
234
235 buf_size = 0;
236 MHD__asn1_der_coding (cert, tbs_name, NULL, &buf_size, NULL);
237
238 buf = MHD_gnutls_alloca (buf_size);
239 if (buf == NULL)
240 {
241 MHD_gnutls_assert ();
242 return GNUTLS_E_MEMORY_ERROR;
243 }
244
245 result = MHD__asn1_der_coding (cert, tbs_name, buf, &buf_size, NULL);
246
247 if (result != ASN1_SUCCESS)
248 {
249 MHD_gnutls_assert ();
250 MHD_gnutls_afree (buf);
251 return MHD_gtls_asn2err (result);
252 }
253
254 tbs.data = buf;
255 tbs.size = buf_size;
256
257 result = MHD__gnutls_x509_sign (&tbs, hash, signer, signature);
258 MHD_gnutls_afree (buf);
259
260 return result;
261}
262
263
264#endif