diff options
Diffstat (limited to 'src/daemon/https/x509/sign.c')
-rw-r--r-- | src/daemon/https/x509/sign.c | 264 |
1 files changed, 0 insertions, 264 deletions
diff --git a/src/daemon/https/x509/sign.c b/src/daemon/https/x509/sign.c deleted file mode 100644 index 1cc032be..00000000 --- a/src/daemon/https/x509/sign.c +++ /dev/null | |||
@@ -1,264 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2003, 2004, 2005, 2006, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* All functions which relate to X.509 certificate signing stuff are | ||
26 | * included here | ||
27 | */ | ||
28 | |||
29 | #include <gnutls_int.h> | ||
30 | |||
31 | #ifdef ENABLE_PKI | ||
32 | |||
33 | #include <gnutls_errors.h> | ||
34 | #include <gnutls_cert.h> | ||
35 | #include <libtasn1.h> | ||
36 | #include <gnutls_global.h> | ||
37 | #include <gnutls_num.h> /* MAX */ | ||
38 | #include <gnutls_sig.h> | ||
39 | #include <gnutls_str.h> | ||
40 | #include <gnutls_datum.h> | ||
41 | #include <dn.h> | ||
42 | #include <x509.h> | ||
43 | #include <mpi.h> | ||
44 | #include <sign.h> | ||
45 | #include <common.h> | ||
46 | #include <verify.h> | ||
47 | |||
48 | /* Writes the digest information and the digest in a DER encoded | ||
49 | * structure. The digest info is allocated and stored into the info structure. | ||
50 | */ | ||
51 | static int | ||
52 | encode_ber_digest_info (enum MHD_GNUTLS_HashAlgorithm hash, | ||
53 | const MHD_gnutls_datum_t * digest, | ||
54 | MHD_gnutls_datum_t * info) | ||
55 | { | ||
56 | ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; | ||
57 | int result; | ||
58 | const char *algo; | ||
59 | |||
60 | algo = MHD_gtls_x509_mac_to_oid ((enum MHD_GNUTLS_HashAlgorithm) hash); | ||
61 | if (algo == NULL) | ||
62 | { | ||
63 | MHD_gnutls_assert (); | ||
64 | MHD__gnutls_x509_log ("Hash algorithm: %d\n", hash); | ||
65 | return GNUTLS_E_UNKNOWN_PK_ALGORITHM; | ||
66 | } | ||
67 | |||
68 | if ((result = MHD__asn1_create_element (MHD__gnutls_getMHD__gnutls_asn (), | ||
69 | "GNUTLS.DigestInfo", | ||
70 | &dinfo)) != ASN1_SUCCESS) | ||
71 | { | ||
72 | MHD_gnutls_assert (); | ||
73 | return MHD_gtls_asn2err (result); | ||
74 | } | ||
75 | |||
76 | result = | ||
77 | MHD__asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1); | ||
78 | if (result != ASN1_SUCCESS) | ||
79 | { | ||
80 | MHD_gnutls_assert (); | ||
81 | MHD__asn1_delete_structure (&dinfo); | ||
82 | return MHD_gtls_asn2err (result); | ||
83 | } | ||
84 | |||
85 | /* Write an ASN.1 NULL in the parameters field. This matches RFC | ||
86 | 3279 and RFC 4055, although is arguable incorrect from a historic | ||
87 | perspective (see those documents for more information). | ||
88 | Regardless of what is correct, this appears to be what most | ||
89 | implementations do. */ | ||
90 | result = MHD__asn1_write_value (dinfo, "digestAlgorithm.parameters", | ||
91 | "\x05\x00", 2); | ||
92 | if (result != ASN1_SUCCESS) | ||
93 | { | ||
94 | MHD_gnutls_assert (); | ||
95 | MHD__asn1_delete_structure (&dinfo); | ||
96 | return MHD_gtls_asn2err (result); | ||
97 | } | ||
98 | |||
99 | result = | ||
100 | MHD__asn1_write_value (dinfo, "digest", digest->data, digest->size); | ||
101 | if (result != ASN1_SUCCESS) | ||
102 | { | ||
103 | MHD_gnutls_assert (); | ||
104 | MHD__asn1_delete_structure (&dinfo); | ||
105 | return MHD_gtls_asn2err (result); | ||
106 | } | ||
107 | |||
108 | info->size = 0; | ||
109 | MHD__asn1_der_coding (dinfo, "", NULL, (int *) &info->size, NULL); | ||
110 | |||
111 | info->data = MHD_gnutls_malloc (info->size); | ||
112 | if (info->data == NULL) | ||
113 | { | ||
114 | MHD_gnutls_assert (); | ||
115 | MHD__asn1_delete_structure (&dinfo); | ||
116 | return GNUTLS_E_MEMORY_ERROR; | ||
117 | } | ||
118 | |||
119 | result = | ||
120 | MHD__asn1_der_coding (dinfo, "", info->data, (int *) &info->size, NULL); | ||
121 | if (result != ASN1_SUCCESS) | ||
122 | { | ||
123 | MHD_gnutls_assert (); | ||
124 | MHD__asn1_delete_structure (&dinfo); | ||
125 | return MHD_gtls_asn2err (result); | ||
126 | } | ||
127 | |||
128 | MHD__asn1_delete_structure (&dinfo); | ||
129 | |||
130 | return 0; | ||
131 | } | ||
132 | |||
133 | /* if hash==MD5 then we do RSA-MD5 | ||
134 | * if hash==SHA then we do RSA-SHA | ||
135 | * params[0] is modulus | ||
136 | * params[1] is public key | ||
137 | */ | ||
138 | static int | ||
139 | pkcs1_rsa_sign (enum MHD_GNUTLS_HashAlgorithm hash, | ||
140 | const MHD_gnutls_datum_t * text, mpi_t * params, | ||
141 | int params_len, MHD_gnutls_datum_t * signature) | ||
142 | { | ||
143 | int ret; | ||
144 | opaque _digest[MAX_HASH_SIZE]; | ||
145 | GNUTLS_HASH_HANDLE hd; | ||
146 | MHD_gnutls_datum_t digest, info; | ||
147 | |||
148 | hd = MHD_gtls_hash_init (HASH2MAC (hash)); | ||
149 | if (hd == NULL) | ||
150 | { | ||
151 | MHD_gnutls_assert (); | ||
152 | return GNUTLS_E_HASH_FAILED; | ||
153 | } | ||
154 | |||
155 | MHD_gnutls_hash (hd, text->data, text->size); | ||
156 | MHD_gnutls_hash_deinit (hd, _digest); | ||
157 | |||
158 | digest.data = _digest; | ||
159 | digest.size = MHD_gnutls_hash_get_algo_len (HASH2MAC (hash)); | ||
160 | |||
161 | /* Encode the digest as a DigestInfo | ||
162 | */ | ||
163 | if ((ret = encode_ber_digest_info (hash, &digest, &info)) != 0) | ||
164 | { | ||
165 | MHD_gnutls_assert (); | ||
166 | return ret; | ||
167 | } | ||
168 | |||
169 | if ((ret = | ||
170 | MHD_gtls_sign (MHD_GNUTLS_PK_RSA, params, params_len, &info, | ||
171 | signature)) < 0) | ||
172 | { | ||
173 | MHD_gnutls_assert (); | ||
174 | MHD__gnutls_free_datum (&info); | ||
175 | return ret; | ||
176 | } | ||
177 | |||
178 | MHD__gnutls_free_datum (&info); | ||
179 | |||
180 | return 0; | ||
181 | } | ||
182 | |||
183 | /* Signs the given data using the parameters from the signer's | ||
184 | * private key. | ||
185 | * | ||
186 | * returns 0 on success. | ||
187 | * | ||
188 | * 'tbs' is the data to be signed | ||
189 | * 'signature' will hold the signature! | ||
190 | * 'hash' is only used in PKCS1 RSA signing. | ||
191 | */ | ||
192 | static int | ||
193 | MHD__gnutls_x509_sign (const MHD_gnutls_datum_t * tbs, | ||
194 | enum MHD_GNUTLS_HashAlgorithm hash, | ||
195 | MHD_gnutls_x509_privkey_t signer, | ||
196 | MHD_gnutls_datum_t * signature) | ||
197 | { | ||
198 | int ret; | ||
199 | |||
200 | switch (signer->pk_algorithm) | ||
201 | { | ||
202 | case MHD_GNUTLS_PK_RSA: | ||
203 | ret = | ||
204 | pkcs1_rsa_sign (hash, tbs, signer->params, signer->params_size, | ||
205 | signature); | ||
206 | if (ret < 0) | ||
207 | { | ||
208 | MHD_gnutls_assert (); | ||
209 | return ret; | ||
210 | } | ||
211 | return 0; | ||
212 | break; | ||
213 | default: | ||
214 | MHD_gnutls_assert (); | ||
215 | return GNUTLS_E_INTERNAL_ERROR; | ||
216 | } | ||
217 | |||
218 | } | ||
219 | |||
220 | /* This is the same as the MHD__gnutls_x509_sign, but this one will decode | ||
221 | * the ASN1_TYPE given, and sign the DER data. Actually used to get the DER | ||
222 | * of the TBS and sign it on the fly. | ||
223 | */ | ||
224 | int | ||
225 | MHD__gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, | ||
226 | enum MHD_GNUTLS_HashAlgorithm hash, | ||
227 | MHD_gnutls_x509_privkey_t signer, | ||
228 | MHD_gnutls_datum_t * signature) | ||
229 | { | ||
230 | int result; | ||
231 | opaque *buf; | ||
232 | int buf_size; | ||
233 | MHD_gnutls_datum_t tbs; | ||
234 | |||
235 | buf_size = 0; | ||
236 | MHD__asn1_der_coding (cert, tbs_name, NULL, &buf_size, NULL); | ||
237 | |||
238 | buf = MHD_gnutls_alloca (buf_size); | ||
239 | if (buf == NULL) | ||
240 | { | ||
241 | MHD_gnutls_assert (); | ||
242 | return GNUTLS_E_MEMORY_ERROR; | ||
243 | } | ||
244 | |||
245 | result = MHD__asn1_der_coding (cert, tbs_name, buf, &buf_size, NULL); | ||
246 | |||
247 | if (result != ASN1_SUCCESS) | ||
248 | { | ||
249 | MHD_gnutls_assert (); | ||
250 | MHD_gnutls_afree (buf); | ||
251 | return MHD_gtls_asn2err (result); | ||
252 | } | ||
253 | |||
254 | tbs.data = buf; | ||
255 | tbs.size = buf_size; | ||
256 | |||
257 | result = MHD__gnutls_x509_sign (&tbs, hash, signer, signature); | ||
258 | MHD_gnutls_afree (buf); | ||
259 | |||
260 | return result; | ||
261 | } | ||
262 | |||
263 | |||
264 | #endif | ||