search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add psktool to @direntry. Alphasort @direntry.
[gnutls.git] / lib / gnutls_pk.c
blob5e31804419d52e5f525595b0eb83204754bb5511
1 /*
2 * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25 /* This file contains the functions needed for RSA/DSA public key
26 * encryption and signatures.
27 */
28
29 #include <gnutls_int.h>
30 #include <gnutls_mpi.h>
31 #include <gnutls_pk.h>
32 #include <gnutls_errors.h>
33 #include <gnutls_datum.h>
34 #include <gnutls_global.h>
35 #include <gnutls_num.h>
36 #include "debug.h"
37 #include <x509/x509_int.h>
38 #include <x509/common.h>
39 #include <random.h>
40
41 static int _gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data,
42 mpi_t * pkey, int pkey_len);
43 static int _gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash,
44 mpi_t * pkey, int);
45 static int _gnutls_pk_verify (int algo, mpi_t hash, mpi_t * data,
46 mpi_t * pkey, int);
47 static int _gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data,
48 mpi_t * pkey, int);
49
50
51 /* Do PKCS-1 RSA encryption.
52 * params is modulus, public exp.
53 */
54 int
55 _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
56 const gnutls_datum_t * plaintext,
57 mpi_t * params, unsigned params_len,
58 unsigned btype)
59 {
60 unsigned int i, pad;
61 int ret;
62 mpi_t m, res;
63 opaque *edata, *ps;
64 size_t k, psize;
65 size_t mod_bits;
66
67 mod_bits = _gnutls_mpi_get_nbits (params[0]);
68 k = mod_bits / 8;
69 if (mod_bits % 8 != 0)
70 k++;
71
72 if (plaintext->size > k - 11)
73 {
74 gnutls_assert ();
75 return GNUTLS_E_PK_ENCRYPTION_FAILED;
76 }
77
78 edata = gnutls_malloc (k);
79 if (edata == NULL)
80 {
81 gnutls_assert ();
82 return GNUTLS_E_MEMORY_ERROR;
83 }
84
85 /* EB = 00||BT||PS||00||D
86 * (use block type 'btype')
87 */
88
89 edata[0] = 0;
90 edata[1] = btype;
91 psize = k - 3 - plaintext->size;
92
93 ps = &edata[2];
94 switch (btype)
95 {
96 case 2:
97 /* using public key */
98 if (params_len < RSA_PUBLIC_PARAMS)
99 {
100 gnutls_assert ();
101 gnutls_free (edata);
102 return GNUTLS_E_INTERNAL_ERROR;
103 }
104
105 ret = _gnutls_rnd (RND_RANDOM, ps, psize);
106 if ( ret < 0)
107 {
108 gnutls_assert ();
109 gnutls_free (edata);
110 return ret;
111 }
112 for (i = 0; i < psize; i++)
113 while (ps[i] == 0)
114 {
115 ret = _gnutls_rnd (RND_RANDOM, &ps[i], 1);
116 if (ret < 0)
117 {
118 gnutls_assert ();
119 gnutls_free (edata);
120 return ret;
121 }
122 }
123 break;
124 case 1:
125 /* using private key */
126
127 if (params_len < RSA_PRIVATE_PARAMS)
128 {
129 gnutls_assert ();
130 gnutls_free (edata);
131 return GNUTLS_E_INTERNAL_ERROR;
132 }
133
134 for (i = 0; i < psize; i++)
135 ps[i] = 0xff;
136 break;
137 default:
138 gnutls_assert ();
139 gnutls_free (edata);
140 return GNUTLS_E_INTERNAL_ERROR;
141 }
142
143 ps[psize] = 0;
144 memcpy (&ps[psize + 1], plaintext->data, plaintext->size);
145
146 if (_gnutls_mpi_scan_nz (&m, edata, &k) != 0)
147 {
148 gnutls_assert ();
149 gnutls_free (edata);
150 return GNUTLS_E_MPI_SCAN_FAILED;
151 }
152 gnutls_free (edata);
153
154 if (btype == 2) /* encrypt */
155 ret = _gnutls_pk_encrypt (GCRY_PK_RSA, &res, m, params, params_len);
156 else /* sign */
157 ret = _gnutls_pk_sign (GCRY_PK_RSA, &res, m, params, params_len);
158
159 _gnutls_mpi_release (&m);
160
161 if (ret < 0)
162 {
163 gnutls_assert ();
164 return ret;
165 }
166
167 _gnutls_mpi_print (NULL, &psize, res);
168
169 if (psize < k)
170 {
171 /* padding psize */
172 pad = k - psize;
173 psize = k;
174 }
175 else if (psize == k)
176 {
177 pad = 0;
178 }
179 else
180 { /* psize > k !!! */
181 /* This is an impossible situation */
182 gnutls_assert ();
183 _gnutls_mpi_release (&res);
184 return GNUTLS_E_INTERNAL_ERROR;
185 }
186
187 ciphertext->data = gnutls_malloc (psize);
188 if (ciphertext->data == NULL)
189 {
190 gnutls_assert ();
191 _gnutls_mpi_release (&res);
192 return GNUTLS_E_MEMORY_ERROR;
193 }
194 _gnutls_mpi_print (&ciphertext->data[pad], &psize, res);
195 for (i = 0; i < pad; i++)
196 ciphertext->data[i] = 0;
197
198 ciphertext->size = k;
199
200 _gnutls_mpi_release (&res);
201
202 return 0;
203 }
204
205
206 /* Do PKCS-1 RSA decryption.
207 * params is modulus, public exp., private key
208 * Can decrypt block type 1 and type 2 packets.
209 */
210 int
211 _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
212 const gnutls_datum_t * ciphertext,
213 mpi_t * params, unsigned params_len,
214 unsigned btype)
215 {
216 unsigned k, i;
217 int ret;
218 mpi_t c, res;
219 opaque *edata;
220 size_t esize, mod_bits;
221
222 mod_bits = _gnutls_mpi_get_nbits (params[0]);
223 k = mod_bits / 8;
224 if (mod_bits % 8 != 0)
225 k++;
226
227 esize = ciphertext->size;
228
229 if (esize != k)
230 {
231 gnutls_assert ();
232 return GNUTLS_E_PK_DECRYPTION_FAILED;
233 }
234
235 if (_gnutls_mpi_scan_nz (&c, ciphertext->data, &esize) != 0)
236 {
237 gnutls_assert ();
238 return GNUTLS_E_MPI_SCAN_FAILED;
239 }
240
241 /* we can use btype to see if the private key is
242 * available.
243 */
244 if (btype == 2)
245 ret = _gnutls_pk_decrypt (GCRY_PK_RSA, &res, c, params, params_len);
246 else
247 {
248 ret = _gnutls_pk_encrypt (GCRY_PK_RSA, &res, c, params, params_len);
249 }
250 _gnutls_mpi_release (&c);
251
252 if (ret < 0)
253 {
254 gnutls_assert ();
255 return ret;
256 }
257
258 _gnutls_mpi_print (NULL, &esize, res);
259 edata = gnutls_malloc (esize + 1);
260 if (edata == NULL)
261 {
262 gnutls_assert ();
263 _gnutls_mpi_release (&res);
264 return GNUTLS_E_MEMORY_ERROR;
265 }
266 _gnutls_mpi_print (&edata[1], &esize, res);
267
268 _gnutls_mpi_release (&res);
269
270 /* EB = 00||BT||PS||00||D
271 * (use block type 'btype')
272 *
273 * From now on, return GNUTLS_E_DECRYPTION_FAILED on errors, to
274 * avoid attacks similar to the one described by Bleichenbacher in:
275 * "Chosen Ciphertext Attacks against Protocols Based on RSA
276 * Encryption Standard PKCS #1".
277 */
278
279
280 edata[0] = 0;
281 esize++;
282
283 if (edata[0] != 0 || edata[1] != btype)
284 {
285 gnutls_assert ();
286 gnutls_free (edata);
287 return GNUTLS_E_DECRYPTION_FAILED;
288 }
289
290 ret = GNUTLS_E_DECRYPTION_FAILED;
291 switch (btype)
292 {
293 case 2:
294 for (i = 2; i < esize; i++)
295 {
296 if (edata[i] == 0)
297 {
298 ret = 0;
299 break;
300 }
301 }
302 break;
303 case 1:
304 for (i = 2; i < esize; i++)
305 {
306 if (edata[i] == 0 && i > 2)
307 {
308 ret = 0;
309 break;
310 }
311 if (edata[i] != 0xff)
312 {
313 _gnutls_handshake_log ("PKCS #1 padding error");
314 /* PKCS #1 padding error. Don't use
315 GNUTLS_E_PKCS1_WRONG_PAD here. */
316 break;
317 }
318 }
319 break;
320 default:
321 gnutls_assert ();
322 gnutls_free (edata);
323 break;
324 }
325 i++;
326
327 if (ret < 0)
328 {
329 gnutls_assert ();
330 gnutls_free (edata);
331 return GNUTLS_E_DECRYPTION_FAILED;
332 }
333
334 if (_gnutls_sset_datum (plaintext, &edata[i], esize - i) < 0)
335 {
336 gnutls_assert ();
337 gnutls_free (edata);
338 return GNUTLS_E_MEMORY_ERROR;
339 }
340
341 gnutls_free (edata);
342
343 return 0;
344 }
345
346
347 int
348 _gnutls_rsa_verify (const gnutls_datum_t * vdata,
349 const gnutls_datum_t * ciphertext, mpi_t * params,
350 int params_len, int btype)
351 {
352
353 gnutls_datum_t plain;
354 int ret;
355
356 /* decrypt signature */
357 if ((ret =
358 _gnutls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len,
359 btype)) < 0)
360 {
361 gnutls_assert ();
362 return ret;
363 }
364
365 if (plain.size != vdata->size)
366 {
367 gnutls_assert ();
368 _gnutls_free_datum (&plain);
369 return GNUTLS_E_PK_SIG_VERIFY_FAILED;
370 }
371
372 if (memcmp (plain.data, vdata->data, plain.size) != 0)
373 {
374 gnutls_assert ();
375 _gnutls_free_datum (&plain);
376 return GNUTLS_E_PK_SIG_VERIFY_FAILED;
377 }
378
379 _gnutls_free_datum (&plain);
380
381 return 0; /* ok */
382 }
383
384 /* encodes the Dss-Sig-Value structure
385 */
386 static int
387 encode_ber_rs (gnutls_datum_t * sig_value, mpi_t r, mpi_t s)
388 {
389 ASN1_TYPE sig;
390 int result, tot_len;
391
392 if ((result =
393 asn1_create_element (_gnutls_get_gnutls_asn (),
394 "GNUTLS.DSASignatureValue",
395 &sig)) != ASN1_SUCCESS)
396 {
397 gnutls_assert ();
398 return _gnutls_asn2err (result);
399 }
400
401 result = _gnutls_x509_write_int (sig, "r", r, 1);
402 if (result < 0)
403 {
404 gnutls_assert ();
405 asn1_delete_structure (&sig);
406 return result;
407 }
408
409 result = _gnutls_x509_write_int (sig, "s", s, 1);
410 if (result < 0)
411 {
412 gnutls_assert ();
413 asn1_delete_structure (&sig);
414 return result;
415 }
416
417 tot_len = 0;
418
419 result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
420
421 asn1_delete_structure (&sig);
422
423 if (result < 0)
424 {
425 gnutls_assert ();
426 return result;
427 }
428
429 return 0;
430 }
431
432
433 /* Do DSA signature calculation. params is p, q, g, y, x in that order.
434 */
435 int
436 _gnutls_dsa_sign (gnutls_datum_t * signature,
437 const gnutls_datum_t * hash, mpi_t * params,
438 unsigned params_len)
439 {
440 mpi_t rs[2], mdata;
441 int ret;
442 size_t k;
443
444 k = hash->size;
445 if (k < 20)
446 { /* SHA1 or better only */
447 gnutls_assert ();
448 return GNUTLS_E_PK_SIGN_FAILED;
449 }
450
451 if (_gnutls_mpi_scan_nz (&mdata, hash->data, &k) != 0)
452 {
453 gnutls_assert ();
454 return GNUTLS_E_MPI_SCAN_FAILED;
455 }
456
457 ret = _gnutls_pk_sign (GCRY_PK_DSA, rs, mdata, params, params_len);
458 /* rs[0], rs[1] now hold r,s */
459 _gnutls_mpi_release (&mdata);
460
461 if (ret < 0)
462 {
463 gnutls_assert ();
464 return ret;
465 }
466
467 ret = encode_ber_rs (signature, rs[0], rs[1]);
468
469 /* free r,s */
470 _gnutls_mpi_release (&rs[0]);
471 _gnutls_mpi_release (&rs[1]);
472
473 if (ret != 0)
474 {
475 gnutls_assert ();
476 return GNUTLS_E_MEMORY_ERROR;
477 }
478
479 return 0;
480 }
481
482 /* decodes the Dss-Sig-Value structure
483 */
484 static int
485 decode_ber_rs (const gnutls_datum_t * sig_value, mpi_t * r, mpi_t * s)
486 {
487 ASN1_TYPE sig;
488 int result;
489
490 if ((result =
491 asn1_create_element (_gnutls_get_gnutls_asn (),
492 "GNUTLS.DSASignatureValue",
493 &sig)) != ASN1_SUCCESS)
494 {
495 gnutls_assert ();
496 return _gnutls_asn2err (result);
497 }
498
499 result = asn1_der_decoding (&sig, sig_value->data, sig_value->size, NULL);
500 if (result != ASN1_SUCCESS)
501 {
502 gnutls_assert ();
503 asn1_delete_structure (&sig);
504 return _gnutls_asn2err (result);
505 }
506
507 result = _gnutls_x509_read_int (sig, "r", r);
508 if (result < 0)
509 {
510 gnutls_assert ();
511 asn1_delete_structure (&sig);
512 return result;
513 }
514
515 result = _gnutls_x509_read_int (sig, "s", s);
516 if (result < 0)
517 {
518 gnutls_assert ();
519 _gnutls_mpi_release (s);
520 asn1_delete_structure (&sig);
521 return result;
522 }
523
524 asn1_delete_structure (&sig);
525
526 return 0;
527 }
528
529 /* params is p, q, g, y in that order
530 */
531 int
532 _gnutls_dsa_verify (const gnutls_datum_t * vdata,
533 const gnutls_datum_t * sig_value, mpi_t * params,
534 int params_len)
535 {
536
537 mpi_t mdata;
538 int ret;
539 size_t k;
540 mpi_t rs[2];
541
542 if (vdata->size != 20)
543 { /* sha-1 only */
544 gnutls_assert ();
545 return GNUTLS_E_PK_SIG_VERIFY_FAILED;
546 }
547
548 if (decode_ber_rs (sig_value, &rs[0], &rs[1]) != 0)
549 {
550 gnutls_assert ();
551 return GNUTLS_E_MPI_SCAN_FAILED;
552 }
553
554 k = vdata->size;
555 if (_gnutls_mpi_scan_nz (&mdata, vdata->data, &k) != 0)
556 {
557 gnutls_assert ();
558 _gnutls_mpi_release (&rs[0]);
559 _gnutls_mpi_release (&rs[1]);
560 return GNUTLS_E_MPI_SCAN_FAILED;
561 }
562
563 /* decrypt signature */
564 ret = _gnutls_pk_verify (GCRY_PK_DSA, mdata, rs, params, params_len);
565 _gnutls_mpi_release (&mdata);
566 _gnutls_mpi_release (&rs[0]);
567 _gnutls_mpi_release (&rs[1]);
568
569 if (ret < 0)
570 {
571 gnutls_assert ();
572 return ret;
573 }
574
575 return 0; /* ok */
576 }
577
578
579 /* this is taken from gnupg
580 */
581
582 /****************
583 * Emulate our old PK interface here - sometime in the future we might
584 * change the internal design to directly fit to libgcrypt.
585 */
586 static int
587 _gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data,
588 mpi_t * pkey, int pkey_len)
589 {
590 gcry_sexp_t s_ciph, s_data, s_pkey;
591 int rc = -1;
592
593 /* make a sexp from pkey */
594 switch (algo)
595 {
596 case GCRY_PK_RSA:
597 if (pkey_len >= 2)
598 rc = gcry_sexp_build (&s_pkey, NULL,
599 "(public-key(rsa(n%m)(e%m)))",
600 pkey[0], pkey[1]);
601 break;
602
603 default:
604 gnutls_assert ();
605 return GNUTLS_E_INTERNAL_ERROR;
606 }
607
608 if (rc != 0)
609 {
610 gnutls_assert ();
611 return GNUTLS_E_INTERNAL_ERROR;
612 }
613
614 /* put the data into a simple list */
615 if (gcry_sexp_build (&s_data, NULL, "%m", data))
616 {
617 gnutls_assert ();
618 gcry_sexp_release (s_pkey);
619 return GNUTLS_E_INTERNAL_ERROR;
620 }
621
622 /* pass it to libgcrypt */
623 rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
624 gcry_sexp_release (s_data);
625 gcry_sexp_release (s_pkey);
626
627 if (rc != 0)
628 {
629 gnutls_assert ();
630 return GNUTLS_E_PK_ENCRYPTION_FAILED;
631
632 }
633 else
634 { /* add better error handling or make gnupg use S-Exp directly */
635 gcry_sexp_t list = gcry_sexp_find_token (s_ciph, "a", 0);
636 if (list == NULL)
637 {
638 gnutls_assert ();
639 gcry_sexp_release (s_ciph);
640 return GNUTLS_E_INTERNAL_ERROR;
641 }
642
643 resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
644 gcry_sexp_release (list);
645
646 if (resarr[0] == NULL)
647 {
648 gnutls_assert ();
649 gcry_sexp_release (s_ciph);
650 return GNUTLS_E_INTERNAL_ERROR;
651 }
652 }
653
654 gcry_sexp_release (s_ciph);
655 return rc;
656 }
657
658 static int
659 _gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey,
660 int pkey_len)
661 {
662 gcry_sexp_t s_plain, s_data, s_pkey;
663 int rc = -1;
664
665 /* make a sexp from pkey */
666 switch (algo)
667 {
668 case GCRY_PK_RSA:
669 if (pkey_len >= 6)
670 rc = gcry_sexp_build (&s_pkey, NULL,
671 "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
672 pkey[0], pkey[1], pkey[2], pkey[3],
673 pkey[4], pkey[5]);
674 break;
675
676 default:
677 gnutls_assert ();
678 return GNUTLS_E_INTERNAL_ERROR;
679 }
680
681 if (rc != 0)
682 {
683 gnutls_assert ();
684 return GNUTLS_E_INTERNAL_ERROR;
685 }
686
687 /* put the data into a simple list */
688 if (gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data))
689 {
690 gnutls_assert ();
691 gcry_sexp_release (s_pkey);
692 return GNUTLS_E_INTERNAL_ERROR;
693 }
694
695 /* pass it to libgcrypt */
696 rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey);
697 gcry_sexp_release (s_data);
698 gcry_sexp_release (s_pkey);
699
700 if (rc != 0)
701 {
702 gnutls_assert ();
703 return GNUTLS_E_PK_DECRYPTION_FAILED;
704
705 }
706 else
707 { /* add better error handling or make gnupg use S-Exp directly */
708 resarr[0] = gcry_sexp_nth_mpi (s_plain, 0, 0);
709
710 if (resarr[0] == NULL)
711 {
712 gnutls_assert ();
713 gcry_sexp_release (s_plain);
714 return GNUTLS_E_INTERNAL_ERROR;
715 }
716 }
717
718 gcry_sexp_release (s_plain);
719 return rc;
720 }
721
722
723 /* in case of DSA puts into data, r,s
724 */
725 static int
726 _gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash, mpi_t * pkey,
727 int pkey_len)
728 {
729 gcry_sexp_t s_hash, s_key, s_sig;
730 int rc = -1;
731
732 /* make a sexp from pkey */
733 switch (algo)
734 {
735 case GCRY_PK_DSA:
736 if (pkey_len >= 5)
737 rc = gcry_sexp_build (&s_key, NULL,
738 "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
739 pkey[0], pkey[1], pkey[2], pkey[3], pkey[4]);
740 else
741 {
742 gnutls_assert ();
743 }
744
745 break;
746 case GCRY_PK_RSA:
747 if (pkey_len >= 6)
748 rc = gcry_sexp_build (&s_key, NULL,
749 "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
750 pkey[0], pkey[1], pkey[2], pkey[3],
751 pkey[4], pkey[5]);
752 else
753 {
754 gnutls_assert ();
755 }
756 break;
757
758 default:
759 gnutls_assert ();
760 return GNUTLS_E_INTERNAL_ERROR;
761 }
762
763 if (rc != 0)
764 {
765 gnutls_assert ();
766 return GNUTLS_E_INTERNAL_ERROR;
767 }
768
769 /* put the data into a simple list */
770 if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
771 {
772 gnutls_assert ();
773 return GNUTLS_E_INTERNAL_ERROR;
774 }
775
776 /* pass it to libgcrypt */
777 rc = gcry_pk_sign (&s_sig, s_hash, s_key);
778 gcry_sexp_release (s_hash);
779 gcry_sexp_release (s_key);
780
781 if (rc != 0)
782 {
783 gnutls_assert ();
784 return GNUTLS_E_PK_SIGN_FAILED;
785
786 }
787 else
788 {
789 gcry_sexp_t list;
790
791 if (algo == GCRY_PK_DSA)
792 {
793 list = gcry_sexp_find_token (s_sig, "r", 0);
794 if (list == NULL)
795 {
796 gnutls_assert ();
797 gcry_sexp_release (s_sig);
798 return GNUTLS_E_INTERNAL_ERROR;
799 }
800
801 data[0] = gcry_sexp_nth_mpi (list, 1, 0);
802 gcry_sexp_release (list);
803
804 list = gcry_sexp_find_token (s_sig, "s", 0);
805 if (list == NULL)
806 {
807 gnutls_assert ();
808 gcry_sexp_release (s_sig);
809 return GNUTLS_E_INTERNAL_ERROR;
810 }
811
812 data[1] = gcry_sexp_nth_mpi (list, 1, 0);
813 gcry_sexp_release (list);
814 }
815 else
816 { /* GCRY_PK_RSA */
817 list = gcry_sexp_find_token (s_sig, "s", 0);
818 if (list == NULL)
819 {
820 gnutls_assert ();
821 gcry_sexp_release (s_sig);
822 return GNUTLS_E_INTERNAL_ERROR;
823 }
824
825 data[0] = gcry_sexp_nth_mpi (list, 1, 0);
826 gcry_sexp_release (list);
827 }
828 }
829
830 gcry_sexp_release (s_sig);
831 return 0;
832 }
833
834
835 static int
836 _gnutls_pk_verify (int algo, mpi_t hash, mpi_t * data,
837 mpi_t * pkey, int pkey_len)
838 {
839 gcry_sexp_t s_sig, s_hash, s_pkey;
840 int rc = -1;
841
842 /* make a sexp from pkey */
843 switch (algo)
844 {
845 case GCRY_PK_DSA:
846 if (pkey_len >= 4)
847 rc = gcry_sexp_build (&s_pkey, NULL,
848 "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
849 pkey[0], pkey[1], pkey[2], pkey[3]);
850 break;
851 case GCRY_PK_RSA:
852 if (pkey_len >= 2)
853 rc = gcry_sexp_build (&s_pkey, NULL,
854 "(public-key(rsa(n%m)(e%m)))",
855 pkey[0], pkey[1]);
856 break;
857
858 default:
859 gnutls_assert ();
860 return GNUTLS_E_INTERNAL_ERROR;
861 }
862
863 if (rc != 0)
864 {
865 gnutls_assert ();
866 return GNUTLS_E_INTERNAL_ERROR;
867 }
868
869 /* put the data into a simple list */
870 if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
871 {
872 gnutls_assert ();
873 gcry_sexp_release (s_pkey);
874 return GNUTLS_E_INTERNAL_ERROR;
875 }
876
877 switch (algo)
878 {
879 case GCRY_PK_DSA:
880 rc = gcry_sexp_build (&s_sig, NULL,
881 "(sig-val(dsa(r%m)(s%m)))", data[0], data[1]);
882 break;
883 case GCRY_PK_RSA:
884 rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", data[0]);
885 break;
886
887 default:
888 gnutls_assert ();
889 gcry_sexp_release (s_pkey);
890 gcry_sexp_release (s_hash);
891 return GNUTLS_E_INTERNAL_ERROR;
892 }
893
894 if (rc != 0)
895 {
896 gnutls_assert ();
897 gcry_sexp_release (s_pkey);
898 gcry_sexp_release (s_hash);
899 return GNUTLS_E_INTERNAL_ERROR;
900 }
901
902 rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
903
904 gcry_sexp_release (s_sig);
905 gcry_sexp_release (s_hash);
906 gcry_sexp_release (s_pkey);
907
908 if (rc != 0)
909 {
910 gnutls_assert ();
911 return GNUTLS_E_PK_SIG_VERIFY_FAILED;
912 }
913
914 return 0;
915 }
Implementation of the SSL/TLS protocol