diff options
Diffstat (limited to 'src/daemon/https/x509/x509_privkey.c')
-rw-r--r-- | src/daemon/https/x509/x509_privkey.c | 337 |
1 files changed, 6 insertions, 331 deletions
diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c index e01861b8..579ce664 100644 --- a/src/daemon/https/x509/x509_privkey.c +++ b/src/daemon/https/x509/x509_privkey.c | |||
@@ -39,8 +39,8 @@ | |||
39 | #include <dsa.h> | 39 | #include <dsa.h> |
40 | #include <verify.h> | 40 | #include <verify.h> |
41 | 41 | ||
42 | static int MHD__gnutlsMHD__asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params); | 42 | static int MHD__gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params); |
43 | int MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); | 43 | int MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params); |
44 | 44 | ||
45 | /* remove this when libgcrypt can handle the PKCS #1 coefficients from | 45 | /* remove this when libgcrypt can handle the PKCS #1 coefficients from |
46 | * rsa keys | 46 | * rsa keys |
@@ -127,7 +127,7 @@ MHD_gnutls_x509_privkey_cpy (MHD_gnutls_x509_privkey_t dst, MHD_gnutls_x509_priv | |||
127 | switch (dst->pk_algorithm) | 127 | switch (dst->pk_algorithm) |
128 | { | 128 | { |
129 | case MHD_GNUTLS_PK_RSA: | 129 | case MHD_GNUTLS_PK_RSA: |
130 | ret = MHD__gnutlsMHD__asn1_encode_rsa (&dst->key, dst->params); | 130 | ret = MHD__gnutls_asn1_encode_rsa (&dst->key, dst->params); |
131 | if (ret < 0) | 131 | if (ret < 0) |
132 | { | 132 | { |
133 | MHD_gnutls_assert (); | 133 | MHD_gnutls_assert (); |
@@ -439,7 +439,7 @@ MHD_gnutls_x509_privkey_import_rsa_raw (MHD_gnutls_x509_privkey_t key, | |||
439 | 439 | ||
440 | if (!key->crippled) | 440 | if (!key->crippled) |
441 | { | 441 | { |
442 | ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params); | 442 | ret = MHD__gnutls_asn1_encode_rsa (&key->key, key->params); |
443 | if (ret < 0) | 443 | if (ret < 0) |
444 | { | 444 | { |
445 | MHD_gnutls_assert (); | 445 | MHD_gnutls_assert (); |
@@ -481,7 +481,7 @@ MHD_gnutls_x509_privkey_get_pk_algorithm (MHD_gnutls_x509_privkey_t key) | |||
481 | /* Encodes the RSA parameters into an ASN.1 RSA private key structure. | 481 | /* Encodes the RSA parameters into an ASN.1 RSA private key structure. |
482 | */ | 482 | */ |
483 | static int | 483 | static int |
484 | MHD__gnutlsMHD__asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params) | 484 | MHD__gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params) |
485 | { | 485 | { |
486 | int result, i; | 486 | int result, i; |
487 | size_t size[8], total; | 487 | size_t size[8], total; |
@@ -712,7 +712,7 @@ cleanup:MHD_gtls_mpi_release (&u); | |||
712 | /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure. | 712 | /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure. |
713 | */ | 713 | */ |
714 | int | 714 | int |
715 | MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params) | 715 | MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params) |
716 | { | 716 | { |
717 | int result, i; | 717 | int result, i; |
718 | size_t size[DSA_PRIVATE_PARAMS], total; | 718 | size_t size[DSA_PRIVATE_PARAMS], total; |
@@ -823,328 +823,3 @@ cleanup:MHD__asn1_delete_structure (c2); | |||
823 | return result; | 823 | return result; |
824 | } | 824 | } |
825 | 825 | ||
826 | /** | ||
827 | * MHD_gnutls_x509_privkey_generate - This function will generate a private key | ||
828 | * @key: should contain a MHD_gnutls_x509_privkey_t structure | ||
829 | * @algo: is one of RSA or DSA. | ||
830 | * @bits: the size of the modulus | ||
831 | * @flags: unused for now. Must be 0. | ||
832 | * | ||
833 | * This function will generate a random private key. Note that | ||
834 | * this function must be called on an empty private key. | ||
835 | * | ||
836 | * Returns 0 on success or a negative value on error. | ||
837 | * | ||
838 | **/ | ||
839 | int | ||
840 | MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key, | ||
841 | enum MHD_GNUTLS_PublicKeyAlgorithm algo, | ||
842 | unsigned int bits, unsigned int flags) | ||
843 | { | ||
844 | int ret, params_len; | ||
845 | int i; | ||
846 | |||
847 | if (key == NULL) | ||
848 | { | ||
849 | MHD_gnutls_assert (); | ||
850 | return GNUTLS_E_INVALID_REQUEST; | ||
851 | } | ||
852 | |||
853 | switch (algo) | ||
854 | { | ||
855 | case MHD_GNUTLS_PK_RSA: | ||
856 | ret = MHD__gnutls_rsa_generate_params (key->params, ¶ms_len, bits); | ||
857 | if (ret < 0) | ||
858 | { | ||
859 | MHD_gnutls_assert (); | ||
860 | return ret; | ||
861 | } | ||
862 | |||
863 | if (!key->crippled) | ||
864 | { | ||
865 | ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params); | ||
866 | if (ret < 0) | ||
867 | { | ||
868 | MHD_gnutls_assert (); | ||
869 | goto cleanup; | ||
870 | } | ||
871 | } | ||
872 | |||
873 | key->params_size = params_len; | ||
874 | key->pk_algorithm = MHD_GNUTLS_PK_RSA; | ||
875 | |||
876 | break; | ||
877 | default: | ||
878 | MHD_gnutls_assert (); | ||
879 | return GNUTLS_E_INVALID_REQUEST; | ||
880 | } | ||
881 | |||
882 | return 0; | ||
883 | |||
884 | cleanup:key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN; | ||
885 | key->params_size = 0; | ||
886 | for (i = 0; i < params_len; i++) | ||
887 | MHD_gtls_mpi_release (&key->params[i]); | ||
888 | |||
889 | return ret; | ||
890 | } | ||
891 | |||
892 | /** | ||
893 | * MHD_gnutls_x509_privkey_get_key_id - Return unique ID of the key's parameters | ||
894 | * @key: Holds the key | ||
895 | * @flags: should be 0 for now | ||
896 | * @output_data: will contain the key ID | ||
897 | * @output_data_size: holds the size of output_data (and will be | ||
898 | * replaced by the actual size of parameters) | ||
899 | * | ||
900 | * This function will return a unique ID the depends on the public key | ||
901 | * parameters. This ID can be used in checking whether a certificate | ||
902 | * corresponds to the given key. | ||
903 | * | ||
904 | * If the buffer provided is not long enough to hold the output, then | ||
905 | * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
906 | * be returned. The output will normally be a SHA-1 hash output, | ||
907 | * which is 20 bytes. | ||
908 | * | ||
909 | * Return value: In case of failure a negative value will be | ||
910 | * returned, and 0 on success. | ||
911 | * | ||
912 | **/ | ||
913 | int | ||
914 | MHD_gnutls_x509_privkey_get_key_id (MHD_gnutls_x509_privkey_t key, | ||
915 | unsigned int flags, | ||
916 | unsigned char *output_data, | ||
917 | size_t * output_data_size) | ||
918 | { | ||
919 | int result; | ||
920 | GNUTLS_HASH_HANDLE hd; | ||
921 | MHD_gnutls_datum_t der = { NULL, | ||
922 | 0 | ||
923 | }; | ||
924 | |||
925 | if (key == NULL || key->crippled) | ||
926 | { | ||
927 | MHD_gnutls_assert (); | ||
928 | return GNUTLS_E_INVALID_REQUEST; | ||
929 | } | ||
930 | |||
931 | if (*output_data_size < 20) | ||
932 | { | ||
933 | MHD_gnutls_assert (); | ||
934 | *output_data_size = 20; | ||
935 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
936 | } | ||
937 | |||
938 | if (key->pk_algorithm == MHD_GNUTLS_PK_RSA) | ||
939 | { | ||
940 | result = MHD__gnutls_x509_write_rsa_params (key->params, key->params_size, | ||
941 | &der); | ||
942 | if (result < 0) | ||
943 | { | ||
944 | MHD_gnutls_assert (); | ||
945 | goto cleanup; | ||
946 | } | ||
947 | } | ||
948 | else | ||
949 | return GNUTLS_E_INTERNAL_ERROR; | ||
950 | |||
951 | hd = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1); | ||
952 | if (hd == GNUTLS_HASH_FAILED) | ||
953 | { | ||
954 | MHD_gnutls_assert (); | ||
955 | result = GNUTLS_E_INTERNAL_ERROR; | ||
956 | goto cleanup; | ||
957 | } | ||
958 | |||
959 | MHD_gnutls_hash (hd, der.data, der.size); | ||
960 | |||
961 | MHD_gnutls_hash_deinit (hd, output_data); | ||
962 | *output_data_size = 20; | ||
963 | |||
964 | result = 0; | ||
965 | |||
966 | cleanup: | ||
967 | |||
968 | MHD__gnutls_free_datum (&der); | ||
969 | return result; | ||
970 | } | ||
971 | |||
972 | #ifdef ENABLE_PKI | ||
973 | |||
974 | /** | ||
975 | * MHD_gnutls_x509_privkey_sign_data - This function will sign the given data using the private key params | ||
976 | * @key: Holds the key | ||
977 | * @digest: should be MD5 or SHA1 | ||
978 | * @flags: should be 0 for now | ||
979 | * @data: holds the data to be signed | ||
980 | * @signature: will contain the signature | ||
981 | * @signature_size: holds the size of signature (and will be replaced | ||
982 | * by the new size) | ||
983 | * | ||
984 | * This function will sign the given data using a signature algorithm | ||
985 | * supported by the private key. Signature algorithms are always used | ||
986 | * together with a hash functions. Different hash functions may be | ||
987 | * used for the RSA algorithm, but only SHA-1 for the DSA keys. | ||
988 | * | ||
989 | * If the buffer provided is not long enough to hold the output, then | ||
990 | * *signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will | ||
991 | * be returned. | ||
992 | * | ||
993 | * In case of failure a negative value will be returned, and | ||
994 | * 0 on success. | ||
995 | * | ||
996 | **/ | ||
997 | int | ||
998 | MHD_gnutls_x509_privkey_sign_data (MHD_gnutls_x509_privkey_t key, | ||
999 | enum MHD_GNUTLS_HashAlgorithm digest, | ||
1000 | unsigned int flags, | ||
1001 | const MHD_gnutls_datum_t * data, | ||
1002 | void *signature, size_t * signature_size) | ||
1003 | { | ||
1004 | int result; | ||
1005 | MHD_gnutls_datum_t sig = { NULL, 0 }; | ||
1006 | |||
1007 | if (key == NULL) | ||
1008 | { | ||
1009 | MHD_gnutls_assert (); | ||
1010 | return GNUTLS_E_INVALID_REQUEST; | ||
1011 | } | ||
1012 | |||
1013 | result = MHD__gnutls_x509_sign (data, digest, key, &sig); | ||
1014 | if (result < 0) | ||
1015 | { | ||
1016 | MHD_gnutls_assert (); | ||
1017 | return result; | ||
1018 | } | ||
1019 | |||
1020 | if (*signature_size < sig.size) | ||
1021 | { | ||
1022 | *signature_size = sig.size; | ||
1023 | MHD__gnutls_free_datum (&sig); | ||
1024 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
1025 | } | ||
1026 | |||
1027 | *signature_size = sig.size; | ||
1028 | memcpy (signature, sig.data, sig.size); | ||
1029 | |||
1030 | MHD__gnutls_free_datum (&sig); | ||
1031 | |||
1032 | return 0; | ||
1033 | } | ||
1034 | |||
1035 | /** | ||
1036 | * MHD_gnutls_x509_privkey_sign_hash - This function will sign the given data using the private key params | ||
1037 | * @key: Holds the key | ||
1038 | * @hash: holds the data to be signed | ||
1039 | * @signature: will contain newly allocated signature | ||
1040 | * | ||
1041 | * This function will sign the given hash using the private key. | ||
1042 | * | ||
1043 | * Return value: In case of failure a negative value will be returned, | ||
1044 | * and 0 on success. | ||
1045 | **/ | ||
1046 | int | ||
1047 | MHD_gnutls_x509_privkey_sign_hash (MHD_gnutls_x509_privkey_t key, | ||
1048 | const MHD_gnutls_datum_t * hash, | ||
1049 | MHD_gnutls_datum_t * signature) | ||
1050 | { | ||
1051 | int result; | ||
1052 | |||
1053 | if (key == NULL) | ||
1054 | { | ||
1055 | MHD_gnutls_assert (); | ||
1056 | return GNUTLS_E_INVALID_REQUEST; | ||
1057 | } | ||
1058 | |||
1059 | result = MHD_gtls_sign (key->pk_algorithm, key->params, | ||
1060 | key->params_size, hash, signature); | ||
1061 | if (result < 0) | ||
1062 | { | ||
1063 | MHD_gnutls_assert (); | ||
1064 | return result; | ||
1065 | } | ||
1066 | |||
1067 | return 0; | ||
1068 | } | ||
1069 | |||
1070 | /** | ||
1071 | * MHD_gnutls_x509_privkey_verify_data - This function will verify the given signed data. | ||
1072 | * @key: Holds the key | ||
1073 | * @flags: should be 0 for now | ||
1074 | * @data: holds the data to be signed | ||
1075 | * @signature: contains the signature | ||
1076 | * | ||
1077 | * This function will verify the given signed data, using the parameters in the | ||
1078 | * private key. | ||
1079 | * | ||
1080 | * In case of a verification failure 0 is returned, and | ||
1081 | * 1 on success. | ||
1082 | * | ||
1083 | **/ | ||
1084 | int | ||
1085 | MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key, | ||
1086 | unsigned int flags, | ||
1087 | const MHD_gnutls_datum_t * data, | ||
1088 | const MHD_gnutls_datum_t * signature) | ||
1089 | { | ||
1090 | int result; | ||
1091 | |||
1092 | if (key == NULL) | ||
1093 | { | ||
1094 | MHD_gnutls_assert (); | ||
1095 | return GNUTLS_E_INVALID_REQUEST; | ||
1096 | } | ||
1097 | |||
1098 | result = MHD__gnutls_x509_privkey_verify_signature (data, signature, key); | ||
1099 | if (result < 0) | ||
1100 | { | ||
1101 | MHD_gnutls_assert (); | ||
1102 | return 0; | ||
1103 | } | ||
1104 | |||
1105 | return result; | ||
1106 | } | ||
1107 | |||
1108 | /** | ||
1109 | * MHD_gnutls_x509_privkey_fix - This function will recalculate some parameters of the key. | ||
1110 | * @key: Holds the key | ||
1111 | * | ||
1112 | * This function will recalculate the secondary parameters in a key. | ||
1113 | * In RSA keys, this can be the coefficient and exponent1,2. | ||
1114 | * | ||
1115 | * Return value: In case of failure a negative value will be | ||
1116 | * returned, and 0 on success. | ||
1117 | * | ||
1118 | **/ | ||
1119 | int | ||
1120 | MHD_gnutls_x509_privkey_fix (MHD_gnutls_x509_privkey_t key) | ||
1121 | { | ||
1122 | int ret; | ||
1123 | |||
1124 | if (key == NULL) | ||
1125 | { | ||
1126 | MHD_gnutls_assert (); | ||
1127 | return GNUTLS_E_INVALID_REQUEST; | ||
1128 | } | ||
1129 | |||
1130 | if (!key->crippled) | ||
1131 | MHD__asn1_delete_structure (&key->key); | ||
1132 | switch (key->pk_algorithm) | ||
1133 | { | ||
1134 | case MHD_GNUTLS_PK_RSA: | ||
1135 | ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params); | ||
1136 | if (ret < 0) | ||
1137 | { | ||
1138 | MHD_gnutls_assert (); | ||
1139 | return ret; | ||
1140 | } | ||
1141 | break; | ||
1142 | default: | ||
1143 | MHD_gnutls_assert (); | ||
1144 | return GNUTLS_E_INVALID_REQUEST; | ||
1145 | } | ||
1146 | |||
1147 | return 0; | ||
1148 | } | ||
1149 | |||
1150 | #endif | ||