static int
gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
int ret = 0;
gnutls_certificate_credentials_t cred;
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL) {
gnutls_assert();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
if ((ret = _gnutls_auth_info_set(session, GNUTLS_CRD_CERTIFICATE,
sizeof(cert_auth_info_st),
0)) < 0) {
gnutls_assert();
return ret;
}
ret =
_gnutls_ecdh_common_print_server_kx(session, data,
_gnutls_session_ecc_curve_get
(session));
if (ret < 0) {
gnutls_assert();
return ret;
}
/* Generate the signature. */
return _gnutls_gen_dhe_signature(session, data, data->data,
data->length);
}
static int
gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data)
{
int ret;
if ((ret =
_gnutls_auth_info_set(session, GNUTLS_CRD_PSK,
sizeof(psk_auth_info_st), 1)) < 0) {
gnutls_assert();
return ret;
}
ret = _gnutls_buffer_append_prefix(data, 16, 0);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _gnutls_ecdh_common_print_server_kx(session, data,
_gnutls_session_ecc_curve_get
(session));
if (ret < 0)
gnutls_assert();
return ret;
}
static int
gen_dhe_server_kx (gnutls_session_t session, gnutls_buffer_st* data)
{
bigint_t g, p;
const bigint_t *mpis;
int ret = 0, data_size;
gnutls_pcert_st *apr_cert_list;
gnutls_privkey_t apr_pkey;
int apr_cert_list_length;
gnutls_datum_t signature = { NULL, 0 }, ddata;
gnutls_certificate_credentials_t cred;
gnutls_dh_params_t dh_params;
gnutls_sign_algorithm_t sign_algo;
gnutls_protocol_t ver = gnutls_protocol_get_version (session);
cred = (gnutls_certificate_credentials_t)
_gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
if (cred == NULL)
{
gnutls_assert ();
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
}
/* find the appropriate certificate */
if ((ret =
_gnutls_get_selected_cert (session, &apr_cert_list,
&apr_cert_list_length, &apr_pkey)) < 0)
{
gnutls_assert ();
return ret;
}
if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
sizeof (cert_auth_info_st), 0)) < 0)
{
gnutls_assert ();
return ret;
}
if (!_gnutls_session_is_ecc (session))
{
dh_params =
_gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
mpis = _gnutls_dh_params_to_mpi (dh_params);
if (mpis == NULL)
{
gnutls_assert ();
return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
}
p = mpis[0];
g = mpis[1];
_gnutls_dh_set_group (session, g, p);
ret = _gnutls_dh_common_print_server_kx (session, g, p, dh_params->q_bits, data);
}
else
{
ret = _gnutls_ecdh_common_print_server_kx (session, data, _gnutls_session_ecc_curve_get(session));
}
if (ret < 0)
{
gnutls_assert ();
return ret;
}
data_size = ret;
/* Generate the signature. */
ddata.data = data->data;
ddata.size = data->length;
if (apr_cert_list_length > 0)
{
if ((ret =
_gnutls_handshake_sign_data (session, &apr_cert_list[0],
apr_pkey, &ddata, &signature,
&sign_algo)) < 0)
{
gnutls_assert ();
goto cleanup;
}
}
else
{
gnutls_assert ();
ret = data_size; /* do not put a signature - ILLEGAL! */
goto cleanup;
}
if (_gnutls_version_has_selectable_sighash (ver))
{
const sign_algorithm_st *aid;
uint8_t p[2];
if (sign_algo == GNUTLS_SIGN_UNKNOWN)
{
ret = GNUTLS_E_UNKNOWN_ALGORITHM;
goto cleanup;
}
aid = _gnutls_sign_to_tls_aid (sign_algo);
if (aid == NULL)
{
gnutls_assert();
ret = GNUTLS_E_UNKNOWN_ALGORITHM;
goto cleanup;
}
p[0] = aid->hash_algorithm;
p[1] = aid->sign_algorithm;
ret = _gnutls_buffer_append_data(data, p, 2);
if (ret < 0)
{
gnutls_assert();
goto cleanup;
}
}
ret = _gnutls_buffer_append_data_prefix(data, 16, signature.data, signature.size);
if (ret < 0)
{
gnutls_assert();
}
ret = data->length;
cleanup:
_gnutls_free_datum (&signature);
return ret;
}
