search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
certtool is able to set certificate policies via a template
[gnutls.git] / lib / gnutls_sig.c
blobf2c2db3e3f10bdfa9c2cdab524a316ceccf1ac06
1 /*
2 * Copyright (C) 2001-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #include <gnutls_int.h>
24 #include <gnutls_errors.h>
25 #include <x509_b64.h>
26 #include <auth/cert.h>
27 #include <algorithms.h>
28 #include <gnutls_datum.h>
29 #include <gnutls_mpi.h>
30 #include <gnutls_global.h>
31 #include <gnutls_pk.h>
32 #include <debug.h>
33 #include <gnutls_buffers.h>
34 #include <gnutls_sig.h>
35 #include <gnutls_kx.h>
36 #include <libtasn1.h>
37 #include <ext/signature.h>
38 #include <gnutls_state.h>
39 #include <x509/common.h>
40 #include <abstract_int.h>
41
42 static int
43 sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
44 gnutls_pcert_st* cert, gnutls_privkey_t pkey,
45 const gnutls_datum_t * hash_concat,
46 gnutls_datum_t * signature);
47
48
49 /* While this is currently equal to the length of RSA/SHA512
50 * signature, it should also be sufficient for DSS signature and any
51 * other RSA signatures including one with the old MD5/SHA1-combined
52 * format.
53 */
54 #define MAX_SIG_SIZE 19 + MAX_HASH_SIZE
55
56 /* Generates a signature of all the random data and the parameters.
57 * Used in DHE_* ciphersuites.
58 */
59 int
60 _gnutls_handshake_sign_data (gnutls_session_t session, gnutls_pcert_st* cert,
61 gnutls_privkey_t pkey, gnutls_datum_t * params,
62 gnutls_datum_t * signature,
63 gnutls_sign_algorithm_t * sign_algo)
64 {
65 gnutls_datum_t dconcat;
66 int ret;
67 digest_hd_st td_sha;
68 uint8_t concat[MAX_SIG_SIZE];
69 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
70 gnutls_digest_algorithm_t hash_algo;
71
72 *sign_algo =
73 _gnutls_session_get_sign_algo (session, cert);
74 if (*sign_algo == GNUTLS_SIGN_UNKNOWN)
75 {
76 gnutls_assert ();
77 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
78 }
79
80 gnutls_sign_algorithm_set(session, *sign_algo);
81
82 hash_algo = gnutls_sign_get_hash_algorithm (*sign_algo);
83
84 _gnutls_handshake_log ("HSK[%p]: signing handshake data: using %s\n",
85 session, gnutls_sign_algorithm_get_name (*sign_algo));
86
87 ret = _gnutls_hash_init (&td_sha, hash_algo);
88 if (ret < 0)
89 {
90 gnutls_assert ();
91 return ret;
92 }
93
94 _gnutls_hash (&td_sha, session->security_parameters.client_random,
95 GNUTLS_RANDOM_SIZE);
96 _gnutls_hash (&td_sha, session->security_parameters.server_random,
97 GNUTLS_RANDOM_SIZE);
98 _gnutls_hash (&td_sha, params->data, params->size);
99
100 switch (gnutls_privkey_get_pk_algorithm(pkey, NULL))
101 {
102 case GNUTLS_PK_RSA:
103 if (!_gnutls_version_has_selectable_sighash (ver))
104 {
105 digest_hd_st td_md5;
106
107 ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
108 if (ret < 0)
109 {
110 gnutls_assert ();
111 return ret;
112 }
113
114 _gnutls_hash (&td_md5, session->security_parameters.client_random,
115 GNUTLS_RANDOM_SIZE);
116 _gnutls_hash (&td_md5, session->security_parameters.server_random,
117 GNUTLS_RANDOM_SIZE);
118 _gnutls_hash (&td_md5, params->data, params->size);
119
120 _gnutls_hash_deinit (&td_md5, concat);
121 _gnutls_hash_deinit (&td_sha, &concat[16]);
122
123 dconcat.data = concat;
124 dconcat.size = 36;
125 }
126 else
127 { /* TLS 1.2 way */
128
129 _gnutls_hash_deinit (&td_sha, concat);
130
131 dconcat.data = concat;
132 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
133 }
134 break;
135 case GNUTLS_PK_DSA:
136 case GNUTLS_PK_EC:
137 _gnutls_hash_deinit (&td_sha, concat);
138
139 if (!IS_SHA(hash_algo))
140 {
141 gnutls_assert ();
142 return GNUTLS_E_INTERNAL_ERROR;
143 }
144 dconcat.data = concat;
145 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
146 break;
147
148 default:
149 gnutls_assert ();
150 _gnutls_hash_deinit (&td_sha, NULL);
151 return GNUTLS_E_INTERNAL_ERROR;
152 }
153
154 ret = sign_tls_hash (session, hash_algo, cert, pkey, &dconcat, signature);
155 if (ret < 0)
156 {
157 gnutls_assert ();
158 }
159
160 return ret;
161
162 }
163
164 /* This will create a PKCS1 or DSA signature, as defined in the TLS protocol.
165 * Cert is the certificate of the corresponding private key. It is only checked if
166 * it supports signing.
167 */
168 static int
169 sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
170 gnutls_pcert_st* cert, gnutls_privkey_t pkey,
171 const gnutls_datum_t * hash_concat,
172 gnutls_datum_t * signature)
173 {
174 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
175 unsigned int key_usage = 0;
176 /* If our certificate supports signing
177 */
178
179 if (cert != NULL)
180 {
181 gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
182
183 if (key_usage != 0)
184 if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
185 {
186 gnutls_assert ();
187 _gnutls_audit_log(session, "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
188 }
189
190 /* External signing. Deprecated. To be removed. */
191 if (!pkey)
192 {
193 int ret;
194
195 if (!session->internals.sign_func)
196 return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
197
198 if (!_gnutls_version_has_selectable_sighash (ver))
199 return (*session->internals.sign_func)
200 (session, session->internals.sign_func_userdata,
201 cert->type, &cert->cert, hash_concat, signature);
202 else
203 {
204 gnutls_datum_t digest;
205
206 ret = _gnutls_set_datum(&digest, hash_concat->data, hash_concat->size);
207 if (ret < 0)
208 return gnutls_assert_val(ret);
209
210 ret = pk_prepare_hash (gnutls_privkey_get_pk_algorithm(pkey, NULL), hash_algo, &digest);
211 if (ret < 0)
212 {
213 gnutls_assert ();
214 goto es_cleanup;
215 }
216
217 ret = (*session->internals.sign_func)
218 (session, session->internals.sign_func_userdata,
219 cert->type, &cert->cert, &digest, signature);
220 es_cleanup:
221 gnutls_free(digest.data);
222
223 return ret;
224 }
225 }
226 }
227
228 if (!_gnutls_version_has_selectable_sighash (ver))
229 return _gnutls_privkey_sign_hash (pkey, hash_concat, signature);
230 else
231 return gnutls_privkey_sign_hash (pkey, hash_algo, 0, hash_concat, signature);
232 }
233
234 static int
235 verify_tls_hash (gnutls_session_t session,
236 gnutls_protocol_t ver, gnutls_pcert_st* cert,
237 const gnutls_datum_t * hash_concat,
238 gnutls_datum_t * signature, size_t sha1pos,
239 gnutls_sign_algorithm_t sign_algo,
240 gnutls_pk_algorithm_t pk_algo)
241 {
242 int ret;
243 gnutls_datum_t vdata;
244 unsigned int key_usage = 0, flags;
245
246 if (cert == NULL)
247 {
248 gnutls_assert ();
249 return GNUTLS_E_CERTIFICATE_ERROR;
250 }
251
252 gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);
253
254 /* If the certificate supports signing continue.
255 */
256 if (key_usage != 0)
257 if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
258 {
259 gnutls_assert ();
260 _gnutls_audit_log(session, "Peer's certificate does not allow digital signatures. Key usage violation detected (ignored).\n");
261 }
262
263 if (pk_algo == GNUTLS_PK_UNKNOWN)
264 pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
265 switch (pk_algo)
266 {
267 case GNUTLS_PK_RSA:
268
269 vdata.data = hash_concat->data;
270 vdata.size = hash_concat->size;
271
272 /* verify signature */
273 if (!_gnutls_version_has_selectable_sighash (ver))
274 flags = GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA;
275 else
276 flags = 0;
277 break;
278 case GNUTLS_PK_DSA:
279 case GNUTLS_PK_EC:
280 vdata.data = &hash_concat->data[sha1pos];
281 vdata.size = hash_concat->size - sha1pos;
282
283 flags = 0;
284
285 break;
286 default:
287 gnutls_assert ();
288 return GNUTLS_E_INTERNAL_ERROR;
289 }
290
291 ret = gnutls_pubkey_verify_hash2(cert->pubkey, sign_algo, flags,
292 &vdata, signature);
293
294 if (ret < 0)
295 return gnutls_assert_val(ret);
296
297
298 return 0;
299 }
300
301
302 /* Generates a signature of all the random data and the parameters.
303 * Used in DHE_* ciphersuites.
304 */
305 int
306 _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_pcert_st* cert,
307 const gnutls_datum_t * params,
308 gnutls_datum_t * signature,
309 gnutls_sign_algorithm_t sign_algo)
310 {
311 gnutls_datum_t dconcat;
312 int ret;
313 digest_hd_st td_md5;
314 digest_hd_st td_sha;
315 uint8_t concat[MAX_SIG_SIZE];
316 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
317 gnutls_digest_algorithm_t hash_algo;
318
319 if (_gnutls_version_has_selectable_sighash (ver))
320 {
321 _gnutls_handshake_log ("HSK[%p]: verify handshake data: using %s\n",
322 session, gnutls_sign_algorithm_get_name (sign_algo));
323
324 ret = _gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver, sign_algo);
325 if (ret < 0)
326 return gnutls_assert_val(ret);
327
328 ret = _gnutls_session_sign_algo_enabled (session, sign_algo);
329 if (ret < 0)
330 return gnutls_assert_val(ret);
331
332 hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
333 }
334 else
335 {
336 ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
337 if (ret < 0)
338 {
339 gnutls_assert ();
340 return ret;
341 }
342
343 _gnutls_hash (&td_md5, session->security_parameters.client_random,
344 GNUTLS_RANDOM_SIZE);
345 _gnutls_hash (&td_md5, session->security_parameters.server_random,
346 GNUTLS_RANDOM_SIZE);
347 _gnutls_hash (&td_md5, params->data, params->size);
348
349 hash_algo = GNUTLS_DIG_SHA1;
350 }
351
352 ret = _gnutls_hash_init (&td_sha, hash_algo);
353 if (ret < 0)
354 {
355 gnutls_assert ();
356 if (!_gnutls_version_has_selectable_sighash (ver))
357 _gnutls_hash_deinit (&td_md5, NULL);
358 return ret;
359 }
360
361 _gnutls_hash (&td_sha, session->security_parameters.client_random,
362 GNUTLS_RANDOM_SIZE);
363 _gnutls_hash (&td_sha, session->security_parameters.server_random,
364 GNUTLS_RANDOM_SIZE);
365 _gnutls_hash (&td_sha, params->data, params->size);
366
367 if (!_gnutls_version_has_selectable_sighash (ver))
368 {
369 _gnutls_hash_deinit (&td_md5, concat);
370 _gnutls_hash_deinit (&td_sha, &concat[16]);
371 dconcat.data = concat;
372 dconcat.size = 36;
373 }
374 else
375 {
376 _gnutls_hash_deinit (&td_sha, concat);
377
378 dconcat.data = concat;
379 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
380 }
381
382 ret = verify_tls_hash (session, ver, cert, &dconcat, signature,
383 dconcat.size - _gnutls_hash_get_algo_len (hash_algo),
384 sign_algo, gnutls_sign_get_pk_algorithm (sign_algo));
385 if (ret < 0)
386 {
387 gnutls_assert ();
388 return ret;
389 }
390
391 return ret;
392
393 }
394
395 /* Client certificate verify calculations
396 */
397
398 /* this is _gnutls_handshake_verify_crt_vrfy for TLS 1.2
399 */
400 static int
401 _gnutls_handshake_verify_crt_vrfy12 (gnutls_session_t session,
402 gnutls_pcert_st* cert,
403 gnutls_datum_t * signature,
404 gnutls_sign_algorithm_t sign_algo)
405 {
406 int ret;
407 uint8_t concat[MAX_HASH_SIZE];
408 gnutls_datum_t dconcat;
409 gnutls_digest_algorithm_t hash_algo;
410 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
411 gnutls_pk_algorithm_t pk = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
412
413 ret = _gnutls_session_sign_algo_enabled(session, sign_algo);
414 if (ret < 0)
415 return gnutls_assert_val(ret);
416
417 hash_algo = gnutls_sign_get_hash_algorithm(sign_algo);
418
419 ret = _gnutls_hash_fast(hash_algo, session->internals.handshake_hash_buffer.data,
420 session->internals.handshake_hash_buffer_prev_len,
421 concat);
422 if (ret < 0)
423 return gnutls_assert_val(ret);
424
425 dconcat.data = concat;
426 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
427
428 ret =
429 verify_tls_hash (session, ver, cert, &dconcat, signature, 0, sign_algo, pk);
430 if (ret < 0)
431 {
432 gnutls_assert ();
433 return ret;
434 }
435
436 return ret;
437
438 }
439
440 /* Verifies a TLS signature (like the one in the client certificate
441 * verify message).
442 */
443 int
444 _gnutls_handshake_verify_crt_vrfy (gnutls_session_t session,
445 gnutls_pcert_st *cert,
446 gnutls_datum_t * signature,
447 gnutls_sign_algorithm_t sign_algo)
448 {
449 int ret;
450 uint8_t concat[MAX_SIG_SIZE];
451 digest_hd_st td_md5;
452 digest_hd_st td_sha;
453 gnutls_datum_t dconcat;
454 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
455
456 _gnutls_handshake_log ("HSK[%p]: verify cert vrfy: using %s\n",
457 session, gnutls_sign_algorithm_get_name (sign_algo));
458
459
460 if (_gnutls_version_has_selectable_sighash(ver))
461 return _gnutls_handshake_verify_crt_vrfy12 (session, cert, signature,
462 sign_algo);
463
464 ret =
465 _gnutls_hash_init (&td_md5, GNUTLS_DIG_MD5);
466 if (ret < 0)
467 {
468 gnutls_assert ();
469 return ret;
470 }
471
472 ret =
473 _gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1);
474 if (ret < 0)
475 {
476 gnutls_assert ();
477 _gnutls_hash_deinit (&td_md5, NULL);
478 return GNUTLS_E_HASH_FAILED;
479 }
480
481 _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len);
482 _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer_prev_len);
483
484 if (ver == GNUTLS_SSL3)
485 {
486 ret = _gnutls_generate_master (session, 1);
487 if (ret < 0)
488 {
489 _gnutls_hash_deinit (&td_md5, NULL);
490 _gnutls_hash_deinit (&td_sha, NULL);
491 return gnutls_assert_val(ret);
492 }
493
494 ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
495 session->
496 security_parameters.master_secret,
497 GNUTLS_MASTER_SIZE);
498 if (ret < 0)
499 {
500 _gnutls_hash_deinit (&td_sha, NULL);
501 return gnutls_assert_val(ret);
502 }
503
504 ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
505 session->
506 security_parameters.master_secret,
507 GNUTLS_MASTER_SIZE);
508 if (ret < 0)
509 {
510 return gnutls_assert_val(ret);
511 }
512 }
513 else
514 {
515 _gnutls_hash_deinit (&td_md5, concat);
516 _gnutls_hash_deinit (&td_sha, &concat[16]);
517 }
518
519 dconcat.data = concat;
520 dconcat.size = 20 + 16; /* md5+ sha */
521
522 ret =
523 verify_tls_hash (session, ver, cert, &dconcat, signature, 16,
524 GNUTLS_SIGN_UNKNOWN,
525 gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL));
526 if (ret < 0)
527 {
528 gnutls_assert ();
529 return ret;
530 }
531
532 return ret;
533
534 }
535
536 /* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2
537 */
538 static int
539 _gnutls_handshake_sign_crt_vrfy12 (gnutls_session_t session,
540 gnutls_pcert_st* cert, gnutls_privkey_t pkey,
541 gnutls_datum_t * signature)
542 {
543 gnutls_datum_t dconcat;
544 int ret;
545 uint8_t concat[MAX_SIG_SIZE];
546 gnutls_sign_algorithm_t sign_algo;
547 gnutls_digest_algorithm_t hash_algo;
548
549 sign_algo =
550 _gnutls_session_get_sign_algo (session, cert);
551 if (sign_algo == GNUTLS_SIGN_UNKNOWN)
552 {
553 gnutls_assert ();
554 return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
555 }
556
557 gnutls_sign_algorithm_set(session, sign_algo);
558
559 hash_algo = gnutls_sign_get_hash_algorithm (sign_algo);
560
561 _gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n",
562 gnutls_sign_algorithm_get_name (sign_algo),
563 gnutls_mac_get_name ((gnutls_mac_algorithm_t)hash_algo));
564
565 ret = _gnutls_hash_fast (hash_algo, session->internals.handshake_hash_buffer.data,
566 session->internals.handshake_hash_buffer.length,
567 concat);
568 if (ret < 0)
569 return gnutls_assert_val(ret);
570
571 dconcat.data = concat;
572 dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
573
574 ret = sign_tls_hash (session, hash_algo, cert, pkey, &dconcat, signature);
575 if (ret < 0)
576 {
577 gnutls_assert ();
578 return ret;
579 }
580
581 return sign_algo;
582 }
583
584
585 /* Generates a signature of all the previous sent packets in the
586 * handshake procedure.
587 * 20040227: now it works for SSL 3.0 as well
588 * 20091031: works for TLS 1.2 too!
589 *
590 * For TLS1.x, x<2 returns negative for failure and zero or unspecified for success.
591 * For TLS1.2 returns the signature algorithm used on success, or a negative error code;
592 */
593 int
594 _gnutls_handshake_sign_crt_vrfy (gnutls_session_t session,
595 gnutls_pcert_st* cert, gnutls_privkey_t pkey,
596 gnutls_datum_t * signature)
597 {
598 gnutls_datum_t dconcat;
599 int ret;
600 uint8_t concat[MAX_SIG_SIZE];
601 digest_hd_st td_md5;
602 digest_hd_st td_sha;
603 gnutls_protocol_t ver = gnutls_protocol_get_version (session);
604 gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm(pkey, NULL);
605
606 if (_gnutls_version_has_selectable_sighash(ver))
607 return _gnutls_handshake_sign_crt_vrfy12 (session, cert, pkey,
608 signature);
609
610 ret =
611 _gnutls_hash_init (&td_sha, GNUTLS_DIG_SHA1);
612 if (ret < 0)
613 {
614 gnutls_assert ();
615 return ret;
616 }
617
618 _gnutls_hash(&td_sha, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length);
619
620 if (ver == GNUTLS_SSL3)
621 {
622 ret = _gnutls_generate_master (session, 1);
623 if (ret < 0)
624 {
625 gnutls_assert ();
626 _gnutls_hash_deinit (&td_sha, NULL);
627 return ret;
628 }
629
630 ret = _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
631 session->
632 security_parameters.master_secret,
633 GNUTLS_MASTER_SIZE);
634 if (ret < 0)
635 return gnutls_assert_val(ret);
636 }
637 else
638 _gnutls_hash_deinit (&td_sha, &concat[16]);
639
640 /* ensure 1024 bit DSA keys are used */
641 ret = _gnutls_pubkey_compatible_with_sig(session, cert->pubkey, ver, GNUTLS_SIGN_UNKNOWN);
642 if (ret < 0)
643 return gnutls_assert_val(ret);
644
645 switch (pk)
646 {
647 case GNUTLS_PK_RSA:
648 ret =
649 _gnutls_hash_init (&td_md5, GNUTLS_DIG_MD5);
650 if (ret < 0)
651 return gnutls_assert_val(ret);
652
653 _gnutls_hash(&td_md5, session->internals.handshake_hash_buffer.data, session->internals.handshake_hash_buffer.length);
654
655 if (ver == GNUTLS_SSL3)
656 {
657 ret = _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
658 session->
659 security_parameters.master_secret,
660 GNUTLS_MASTER_SIZE);
661 if (ret < 0)
662 return gnutls_assert_val(ret);
663 }
664 else
665 _gnutls_hash_deinit (&td_md5, concat);
666
667 dconcat.data = concat;
668 dconcat.size = 36;
669 break;
670 case GNUTLS_PK_DSA:
671 case GNUTLS_PK_EC:
672
673 dconcat.data = &concat[16];
674 dconcat.size = 20;
675 break;
676
677 default:
678 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
679 }
680 ret = sign_tls_hash (session, GNUTLS_DIG_NULL, cert, pkey, &dconcat, signature);
681 if (ret < 0)
682 {
683 gnutls_assert ();
684 }
685
686 return ret;
687 }
688
689 int
690 pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
691 gnutls_pk_params_st* params,
692 const gnutls_datum_t * data, gnutls_datum_t * digest)
693 {
694 int ret;
695
696 digest->size = _gnutls_hash_get_algo_len (hash);
697 digest->data = gnutls_malloc (digest->size);
698 if (digest->data == NULL)
699 {
700 gnutls_assert ();
701 return GNUTLS_E_MEMORY_ERROR;
702 }
703
704 ret = _gnutls_hash_fast (hash, data->data, data->size, digest->data);
705 if (ret < 0)
706 {
707 gnutls_assert ();
708 goto cleanup;
709 }
710
711 return 0;
712
713 cleanup:
714 gnutls_free (digest->data);
715 return ret;
716 }
717
718
719 /*
720 * This function will do RSA PKCS #1 1.5 encoding
721 * on the given digest. The given digest must be allocated
722 * and will be freed if replacement is required.
723 */
724 int
725 pk_prepare_hash (gnutls_pk_algorithm_t pk,
726 gnutls_digest_algorithm_t hash, gnutls_datum_t * digest)
727 {
728 int ret;
729 gnutls_datum_t old_digest = { digest->data, digest->size };
730
731 switch (pk)
732 {
733 case GNUTLS_PK_RSA:
734 /* Encode the digest as a DigestInfo
735 */
736 if ((ret = encode_ber_digest_info (hash, &old_digest, digest)) != 0)
737 {
738 gnutls_assert ();
739 return ret;
740 }
741
742 _gnutls_free_datum (&old_digest);
743 break;
744 case GNUTLS_PK_DSA:
745 case GNUTLS_PK_EC:
746 break;
747 default:
748 gnutls_assert ();
749 return GNUTLS_E_UNIMPLEMENTED_FEATURE;
750 }
751
752 return 0;
753 }
754
Implementation of the SSL/TLS protocol