search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix documentation for gnutls_dtls_set_mtu()
[gnutls.git] / lib / gnutls_sig.c
blobc576655e1041de14040f0a7e3a4d65237566bc02
1 /*
2 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #include <gnutls_int.h>
24 #include <gnutls_errors.h>
25 #include <x509_b64.h>
26 #include <auth/cert.h>
27 #include <algorithms.h>
28 #include <gnutls_datum.h>
29 #include <gnutls_mpi.h>
30 #include <gnutls_global.h>
31 #include <gnutls_pk.h>
32 #include <debug.h>
33 #include <gnutls_buffers.h>
34 #include <gnutls_sig.h>
35 #include <gnutls_kx.h>
36 #include <libtasn1.h>
37 #include <ext/signature.h>
38 #include <gnutls_state.h>
39 #include <x509/common.h>
40 #include <abstract_int.h>
41
42 static int
43 sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
44 gnutls_pcert_st* cert, gnutls_privkey_t pkey,
45 const gnutls_datum_t * hash_concat,
46 gnutls_datum_t * signature);
47
48
49 /* While this is currently equal to the length of RSA/SHA512
50 * signature, it should also be sufficient for DSS signature and any
51 * other RSA signatures including one with the old MD5/SHA1-combined
52 * format.
53 */
54 #define MAX_SIG_SIZE 19 + MAX_HASH_SIZE
55
56 /* Generates a signature of all the random data and the parameters.
57 * Used in DHE_* ciphersuites.
58 */
59 int
60 _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_pcert_st* cert,
61 gnutls_privkey_t pkey, gnutls_datum_t * params,
62 gnutls_datum_t * signature,
63 gnutls_sign_algorithm_t * sign_algo)
64 {
65 gnutls_datum_t dconcat;
66 int ret;
67 digest_hd_st td_sha;
68 uint8_t concat[MAX_SIG_SIZE];
69 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
70 gnutls_digest_algorithm_t hash_algo;
71
72 *sign_algo =
73 _gnutls_session_get_sign_algo (session, cert);
74 if (*sign_algo == GNUTLS_SIGN_UNKNOWN)
75 {
76 gnutls_assert ();
77 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
78 }
79
80 hash_algo = _gnutls_sign_get_hash_algorithm (*sign_algo);
81
82 _gnutls_handshake_log ("HSK[%p]: signing handshake data: using %s\n",
83 session, gnutls_sign_algorithm_get_name (*sign_algo));
84
85 ret = _gnutls_hash_init (&td_sha, hash_algo);
86 if (ret < 0)
87 {
88 gnutls_assert ();
89 return ret;
90 }
91
92 _gnutls_hash (&td_sha, session->security_parameters.client_random,
93 GNUTLS_RANDOM_SIZE);
94 _gnutls_hash (&td_sha, session->security_parameters.server_random,
95 GNUTLS_RANDOM_SIZE);
96 _gnutls_hash (&td_sha, params->data, params->size);
97
98 switch (gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL))
99 {
100 case GNUTLS_PK_RSA:
101 if (!_gnutls_version_has_selectable_sighash (ver))
102 {
103 digest_hd_st td_md5;
104
105 ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
106 if (ret < 0)
107 {
108 gnutls_assert ();
109 return ret;
110 }
111
112 _gnutls_hash (&td_md5, session->security_parameters.client_random,
113 GNUTLS_RANDOM_SIZE);
114 _gnutls_hash (&td_md5, session->security_parameters.server_random,
115 GNUTLS_RANDOM_SIZE);
116 _gnutls_hash (&td_md5, params->data, params->size);
117
118 _gnutls_hash_deinit (&td_md5, concat);
119 _gnutls_hash_deinit (&td_sha, &concat[16]);
120
121 dconcat.data = concat;
122 dconcat.size = 36;
123 }
124 else
125 { /* TLS 1.2 way */
126
127 _gnutls_hash_deinit (&td_sha, concat);
128
129 dconcat.data = concat;
130 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
131 }
132 break;
133 case GNUTLS_PK_DSA:
134 case GNUTLS_PK_EC:
135 _gnutls_hash_deinit (&td_sha, concat);
136
137 if (!IS_SHA(hash_algo))
138 {
139 gnutls_assert ();
140 return GNUTLS_E_INTERNAL_ERROR;
141 }
142 dconcat.data = concat;
143 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
144 break;
145
146 default:
147 gnutls_assert ();
148 _gnutls_hash_deinit (&td_sha, NULL);
149 return GNUTLS_E_INTERNAL_ERROR;
150 }
151
152 ret = sign_tls_hash (session, hash_algo, cert, pkey, &dconcat, signature);
153 if (ret < 0)
154 {
155 gnutls_assert ();
156 }
157
158 return ret;
159
160 }
161
162 /* This will create a PKCS1 or DSA signature, as defined in the TLS protocol.
163 * Cert is the certificate of the corresponding private key. It is only checked if
164 * it supports signing.
165 */
166 static int
167 sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
168 gnutls_pcert_st* cert, gnutls_privkey_t pkey,
169 const gnutls_datum_t * hash_concat,
170 gnutls_datum_t * signature)
171 {
172 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
173 unsigned int key_usage = 0;
174 /* If our certificate supports signing
175 */
176
177 if (cert != NULL)
178 {
179 gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
180
181 if (key_usage != 0)
182 if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
183 {
184 gnutls_assert ();
185 return GNUTLS_E_KEY_USAGE_VIOLATION;
186 }
187
188 /* External signing. Deprecated. To be removed. */
189 if (!pkey)
190 {
191 int ret;
192
193 if (!session->internals.sign_func)
194 return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
195
196 if (!_gnutls_version_has_selectable_sighash (ver))
197 return (*session->internals.sign_func)
198 (session, session->internals.sign_func_userdata,
199 cert->type, &cert->cert, hash_concat, signature);
200 else
201 {
202 gnutls_datum_t digest;
203
204 ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size);
205 if (ret < 0)
206 return gnutls_assert_val(ret);
207
208 ret = pk_prepare_hash (gnutls_privkey_get_pk_algorithm(pkey, NULL), hash_algo, &digest);
209 if (ret < 0)
210 {
211 gnutls_assert ();
212 goto es_cleanup;
213 }
214
215 ret = (*session->internals.sign_func)
216 (session, session->internals.sign_func_userdata,
217 cert->type, &cert->cert, &digest, signature);
218 es_cleanup:
219 gnutls_free(digest.data);
220
221 return ret;
222 }
223 }
224 }
225
226 if (!_gnutls_version_has_selectable_sighash (ver))
227 return _gnutls_privkey_sign_hash (pkey, hash_concat, signature);
228 else
229 return gnutls_privkey_sign_hash (pkey, hash_algo, 0, hash_concat, signature);
230 }
231
232 static int
233 verify_tls_hash (gnutls_protocol_t ver, gnutls_pcert_st* cert,
234 const gnutls_datum_t * hash_concat,
235 gnutls_datum_t * signature, size_t sha1pos,
236 gnutls_sign_algorithm_t sign_algo,
237 gnutls_pk_algorithm_t pk_algo)
238 {
239 int ret;
240 gnutls_datum_t vdata;
241 unsigned int key_usage = 0, flags;
242
243 if (cert == NULL)
244 {
245 gnutls_assert ();
246 return GNUTLS_E_CERTIFICATE_ERROR;
247 }
248
249 gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
250
251 /* If the certificate supports signing continue.
252 */
253 if (key_usage != 0)
254 if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
255 {
256 gnutls_assert ();
257 return GNUTLS_E_KEY_USAGE_VIOLATION;
258 }
259
260 if (pk_algo == GNUTLS_PK_UNKNOWN)
261 pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
262 switch (pk_algo)
263 {
264 case GNUTLS_PK_RSA:
265
266 vdata.data = hash_concat->data;
267 vdata.size = hash_concat->size;
268
269 /* verify signature */
270 if (!_gnutls_version_has_selectable_sighash (ver))
271 flags = GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA;
272 else
273 flags = 0;
274 break;
275 case GNUTLS_PK_DSA:
276 case GNUTLS_PK_EC:
277 vdata.data = &hash_concat->data[sha1pos];
278 vdata.size = hash_concat->size - sha1pos;
279
280 flags = 0;
281
282 break;
283 default:
284 gnutls_assert ();
285 return GNUTLS_E_INTERNAL_ERROR;
286 }
287
288 ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags,
289 &vdata, signature);
290
291 if (ret < 0)
292 return gnutls_assert_val(ret);
293
294
295 return 0;
296 }
297
298
299 /* Generates a signature of all the random data and the parameters.
300 * Used in DHE_* ciphersuites.
301 */
302 int
303 _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_pcert_st* cert,
304 const gnutls_datum_t * params,
305 gnutls_datum_t * signature,
306 gnutls_sign_algorithm_t sign_algo)
307 {
308 gnutls_datum_t dconcat;
309 int ret;
310 digest_hd_st td_md5;
311 digest_hd_st td_sha;
312 uint8_t concat[MAX_SIG_SIZE];
313 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
314 gnutls_digest_algorithm_t hash_algo;
315
316 if (_gnutls_version_has_selectable_sighash (ver))
317 {
318 _gnutls_handshake_log ("HSK[%p]: verify handshake data: using %s\n",
319 session, gnutls_sign_algorithm_get_name (sign_algo));
320
321 ret = _gnutls_pubkey_compatible_with_sig(cert->pubkey, ver, sign_algo);
322 if (ret < 0)
323 return gnutls_assert_val(ret);
324
325 ret = _gnutls_session_sign_algo_enabled (session, sign_algo);
326 if (ret < 0)
327 return gnutls_assert_val(ret);
328
329 hash_algo = _gnutls_sign_get_hash_algorithm (sign_algo);
330 }
331 else
332 {
333 ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
334 if (ret < 0)
335 {
336 gnutls_assert ();
337 return ret;
338 }
339
340 _gnutls_hash (&td_md5, session->security_parameters.client_random,
341 GNUTLS_RANDOM_SIZE);
342 _gnutls_hash (&td_md5, session->security_parameters.server_random,
343 GNUTLS_RANDOM_SIZE);
344 _gnutls_hash (&td_md5, params->data, params->size);
345
346 hash_algo = GNUTLS_DIG_SHA1;
347 }
348
349 ret = _gnutls_hash_init (&td_sha, hash_algo);
350 if (ret < 0)
351 {
352 gnutls_assert ();
353 if (!_gnutls_version_has_selectable_sighash (ver))
354 _gnutls_hash_deinit (&td_md5, NULL);
355 return ret;
356 }
357
358 _gnutls_hash (&td_sha, session->security_parameters.client_random,
359 GNUTLS_RANDOM_SIZE);
360 _gnutls_hash (&td_sha, session->security_parameters.server_random,
361 GNUTLS_RANDOM_SIZE);
362 _gnutls_hash (&td_sha, params->data, params->size);
363
364 if (!_gnutls_version_has_selectable_sighash (ver))
365 {
366 _gnutls_hash_deinit (&td_md5, concat);
367 _gnutls_hash_deinit (&td_sha, &concat[16]);
368 dconcat.data = concat;
369 dconcat.size = 36;
370 }
371 else
372 {
373 _gnutls_hash_deinit (&td_sha, concat);
374
375 dconcat.data = concat;
376 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
377 }
378
379 ret = verify_tls_hash (ver, cert, &dconcat, signature,
380 dconcat.size -
381 _gnutls_hash_get_algo_len (hash_algo),
382 sign_algo,
383 _gnutls_sign_get_pk_algorithm (sign_algo));
384 if (ret < 0)
385 {
386 gnutls_assert ();
387 return ret;
388 }
389
390 return ret;
391
392 }
393
394 /* Client certificate verify calculations
395 */
396
397 /* this is _gnutls_handshake_verify_crt_vrfy for TLS 1.2
398 */
399 static int
400 _gnutls_handshake_verify_crt_vrfy12 (gnutls_session_t session,
401 gnutls_pcert_st* cert,
402 gnutls_datum_t * signature,
403 gnutls_sign_algorithm_t sign_algo)
404 {
405 int ret;
406 uint8_t concat[MAX_HASH_SIZE];
407 gnutls_datum_t dconcat;
408 gnutls_digest_algorithm_t hash_algo;
409 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
410 gnutls_pk_algorithm_t pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
411
412 ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
413 if (ret < 0)
414 return gnutls_assert_val(ret);
415
416 hash_algo = _gnutls_sign_get_hash_algorithm(sign_algo);
417
418 ret = _gnutls_hash_fast(hash_algo, session->internals.handshake_hash_buffer.data,
419 session->internals.handshake_hash_buffer_prev_len,
420 concat);
421 if (ret < 0)
422 return gnutls_assert_val(ret);
423
424 dconcat.data = concat;
425 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
426
427 ret =
428 verify_tls_hash (ver, cert, &dconcat, signature, 0, sign_algo, pk);
429 if (ret < 0)
430 {
431 gnutls_assert ();
432 return ret;
433 }
434
435 return ret;
436
437 }
438
439 /* Verifies a TLS signature (like the one in the client certificate
440 * verify message).
441 */
442 int
443 _gnutls_handshake_verify_crt_vrfy (gnutls_session_t session,
444 gnutls_pcert_st *cert,
445 gnutls_datum_t * signature,
446 gnutls_sign_algorithm_t sign_algo)
447 {
448 int ret;
449 uint8_t concat[MAX_SIG_SIZE];
450 digest_hd_st td_md5;
451 digest_hd_st td_sha;
452 gnutls_datum_t dconcat;
453 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
454
455 _gnutls_handshake_log ("HSK[%p]: verify cert vrfy: using %s\n",
456 session, gnutls_sign_algorithm_get_name (sign_algo));
457
458
459 if (_gnutls_version_has_selectable_sighash(ver))
460 return _gnutls_handshake_verify_crt_vrfy12 (session, cert, signature,
461 sign_algo);
462
463 ret =
464 _gnutls_hash_init (&td_md5, GNUTLS_DIG_MD5);
465 if (ret < 0)
466 {
467 gnutls_assert ();
468 return ret;
469 }
470
471 ret =
472 _gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1);
473 if (ret < 0)
474 {
475 gnutls_assert ();
476 _gnutls_hash_deinit (&td_md5, NULL);
477 return GNUTLS_E_HASH_FAILED;
478 }
479
480 _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len);
481 _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len);
482
483 if (ver == GNUTLS_SSL3)
484 {
485 ret = _gnutls_generate_master (session, 1);
486 if (ret < 0)
487 {
488 _gnutls_hash_deinit (&td_md5, NULL);
489 _gnutls_hash_deinit (&td_sha, NULL);
490 return gnutls_assert_val(ret);
491 }
492
493 ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
494 session->
495 security_parameters.master_secret,
496 GNUTLS_MASTER_SIZE);
497 if (ret < 0)
498 {
499 _gnutls_hash_deinit (&td_sha, NULL);
500 return gnutls_assert_val(ret);
501 }
502
503 ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
504 session->
505 security_parameters.master_secret,
506 GNUTLS_MASTER_SIZE);
507 if (ret < 0)
508 {
509 return gnutls_assert_val(ret);
510 }
511 }
512 else
513 {
514 _gnutls_hash_deinit (&td_md5, concat);
515 _gnutls_hash_deinit (&td_sha, &concat[16]);
516 }
517
518 dconcat.data = concat;
519 dconcat.size = 20 + 16; /* md5+ sha */
520
521 ret =
522 verify_tls_hash (ver, cert, &dconcat, signature, 16,
523 GNUTLS_SIGN_UNKNOWN,
524 gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL));
525 if (ret < 0)
526 {
527 gnutls_assert ();
528 return ret;
529 }
530
531 return ret;
532
533 }
534
535 /* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2
536 */
537 static int
538 _gnutls_handshake_sign_crt_vrfy12 (gnutls_session_t session,
539 gnutls_pcert_st* cert, gnutls_privkey_t pkey,
540 gnutls_datum_t * signature)
541 {
542 gnutls_datum_t dconcat;
543 int ret;
544 uint8_t concat[MAX_SIG_SIZE];
545 gnutls_sign_algorithm_t sign_algo;
546 gnutls_digest_algorithm_t hash_algo;
547
548 sign_algo =
549 _gnutls_session_get_sign_algo (session, cert);
550 if (sign_algo == GNUTLS_SIGN_UNKNOWN)
551 {
552 gnutls_assert ();
553 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
554 }
555
556 hash_algo = _gnutls_sign_get_hash_algorithm (sign_algo);
557
558 _gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n",
559 gnutls_sign_algorithm_get_name (sign_algo),
560 gnutls_mac_get_name ((gnutls_mac_algorithm_t)hash_algo));
561
562 ret = _gnutls_hash_fast (hash_algo, session->internals.handshake_hash_buffer.data,
563 session->internals.handshake_hash_buffer.length,
564 concat);
565 if (ret < 0)
566 return gnutls_assert_val(ret);
567
568 dconcat.data = concat;
569 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
570
571 ret = sign_tls_hash (session, hash_algo, cert, pkey, &dconcat, signature);
572 if (ret < 0)
573 {
574 gnutls_assert ();
575 return ret;
576 }
577
578 return sign_algo;
579 }
580
581
582 /* Generates a signature of all the previous sent packets in the
583 * handshake procedure.
584 * 20040227: now it works for SSL 3.0 as well
585 * 20091031: works for TLS 1.2 too!
586 *
587 * For TLS1.x, x<2 returns negative for failure and zero or unspecified for success.
588 * For TLS1.2 returns the signature algorithm used on success, or a negative error code;
589 */
590 int
591 _gnutls_handshake_sign_crt_vrfy (gnutls_session_t session,
592 gnutls_pcert_st* cert, gnutls_privkey_t pkey,
593 gnutls_datum_t * signature)
594 {
595 gnutls_datum_t dconcat;
596 int ret;
597 uint8_t concat[MAX_SIG_SIZE];
598 digest_hd_st td_md5;
599 digest_hd_st td_sha;
600 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
601 gnutls_pk_algorithm_t pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
602
603 if (_gnutls_version_has_selectable_sighash(ver))
604 return _gnutls_handshake_sign_crt_vrfy12 (session, cert, pkey,
605 signature);
606
607 ret =
608 _gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1);
609 if (ret < 0)
610 {
611 gnutls_assert ();
612 return ret;
613 }
614
615 _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length);
616
617 if (ver == GNUTLS_SSL3)
618 {
619 ret = _gnutls_generate_master (session, 1);
620 if (ret < 0)
621 {
622 gnutls_assert ();
623 _gnutls_hash_deinit (&td_sha, NULL);
624 return ret;
625 }
626
627 ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
628 session->
629 security_parameters.master_secret,
630 GNUTLS_MASTER_SIZE);
631 if (ret < 0)
632 return gnutls_assert_val(ret);
633 }
634 else
635 _gnutls_hash_deinit (&td_sha, &concat[16]);
636
637 /* ensure 1024 bit DSA keys are used */
638 ret = _gnutls_pubkey_compatible_with_sig(cert->pubkey, ver, GNUTLS_SIGN_UNKNOWN);
639 if (ret < 0)
640 return gnutls_assert_val(ret);
641
642 switch (pk)
643 {
644 case GNUTLS_PK_RSA:
645 ret =
646 _gnutls_hash_init (&td_md5, GNUTLS_DIG_MD5);
647 if (ret < 0)
648 return gnutls_assert_val(ret);
649
650 _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length);
651
652 if (ver == GNUTLS_SSL3)
653 {
654 ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
655 session->
656 security_parameters.master_secret,
657 GNUTLS_MASTER_SIZE);
658 if (ret < 0)
659 return gnutls_assert_val(ret);
660 }
661 else
662 _gnutls_hash_deinit (&td_md5, concat);
663
664 dconcat.data = concat;
665 dconcat.size = 36;
666 break;
667 case GNUTLS_PK_DSA:
668 case GNUTLS_PK_EC:
669
670 dconcat.data = &concat[16];
671 dconcat.size = 20;
672 break;
673
674 default:
675 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
676 }
677 ret = sign_tls_hash (session, GNUTLS_DIG_NULL, cert, pkey, &dconcat, signature);
678 if (ret < 0)
679 {
680 gnutls_assert ();
681 }
682
683 return ret;
684 }
685
686 int
687 pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
688 gnutls_pk_params_st* params,
689 const gnutls_datum_t * data, gnutls_datum_t * digest)
690 {
691 int ret;
692
693 digest->size = _gnutls_hash_get_algo_len (hash);
694 digest->data = gnutls_malloc (digest->size);
695 if (digest->data == NULL)
696 {
697 gnutls_assert ();
698 return GNUTLS_E_MEMORY_ERROR;
699 }
700
701 ret = _gnutls_hash_fast (hash, data->data, data->size, digest->data);
702 if (ret < 0)
703 {
704 gnutls_assert ();
705 goto cleanup;
706 }
707
708 return 0;
709
710 cleanup:
711 gnutls_free (digest->data);
712 return ret;
713 }
714
715
716 /*
717 * This function will do RSA PKCS #1 1.5 encoding
718 * on the given digest. The given digest must be allocated
719 * and will be freed if replacement is required.
720 */
721 int
722 pk_prepare_hash (gnutls_pk_algorithm_t pk,
723 gnutls_digest_algorithm_t hash, gnutls_datum_t * digest)
724 {
725 int ret;
726 gnutls_datum_t old_digest = { digest->data, digest->size };
727
728 switch (pk)
729 {
730 case GNUTLS_PK_RSA:
731 /* Encode the digest as a DigestInfo
732 */
733 if ((ret = encode_ber_digest_info (hash, &old_digest, digest)) != 0)
734 {
735 gnutls_assert ();
736 return ret;
737 }
738
739 _gnutls_free_datum (&old_digest);
740 break;
741 case GNUTLS_PK_DSA:
742 case GNUTLS_PK_EC:
743 break;
744 default:
745 gnutls_assert ();
746 return GNUTLS_E_UNIMPLEMENTED_FEATURE;
747 }
748
749 return 0;
750 }
751
Implementation of the SSL/TLS protocol