int
_gnutls_gen_ecdh_common_client_kx_int (gnutls_session_t session,
gnutls_buffer_st* data,
gnutls_datum_t * psk_key)
{
int ret;
gnutls_datum_t out;
int curve = _gnutls_session_ecc_curve_get(session);
/* generate temporal key */
ret = _gnutls_pk_generate(GNUTLS_PK_EC, curve, &session->key.ecdh_params);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _gnutls_ecc_ansi_x963_export(curve, session->key.ecdh_params.params[6] /* x */,
session->key.ecdh_params.params[7] /* y */, &out);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
_gnutls_free_datum(&out);
if (ret < 0)
return gnutls_assert_val(ret);
/* generate pre-shared key */
ret = calc_ecdh_key(session, psk_key);
if (ret < 0)
return gnutls_assert_val(ret);
return data->length;
}
/* If the psk flag is set, then an empty psk_identity_hint will
* be inserted */
int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session,
gnutls_buffer_st * data,
gnutls_ecc_curve_t curve)
{
uint8_t p;
int ret;
gnutls_datum_t out;
if (curve == GNUTLS_ECC_CURVE_INVALID)
return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES);
/* curve type */
p = 3;
ret = _gnutls_buffer_append_data(data, &p, 1);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
_gnutls_buffer_append_prefix(data, 16,
_gnutls_ecc_curve_get_tls_id
(curve));
if (ret < 0)
return gnutls_assert_val(ret);
/* generate temporal key */
ret =
_gnutls_pk_generate(GNUTLS_PK_EC, curve,
&session->key.ecdh_params);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
_gnutls_ecc_ansi_x963_export(curve,
session->key.ecdh_params.
params[ECC_X] /* x */ ,
session->key.ecdh_params.
params[ECC_Y] /* y */ , &out);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
_gnutls_buffer_append_data_prefix(data, 8, out.data, out.size);
_gnutls_free_datum(&out);
if (ret < 0)
return gnutls_assert_val(ret);
return data->length;
}
/**
* gnutls_x509_privkey_generate:
* @key: should contain a #gnutls_x509_privkey_t structure
* @algo: is one of the algorithms in #gnutls_pk_algorithm_t.
* @bits: the size of the modulus
* @flags: unused for now. Must be 0.
*
* This function will generate a random private key. Note that this
* function must be called on an empty private key.
*
* Do not set the number of bits directly, use gnutls_sec_param_to_pk_bits().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
gnutls_pk_algorithm_t algo, unsigned int bits,
unsigned int flags)
{
int ret;
if (key == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
gnutls_pk_params_init(&key->params);
if (algo == GNUTLS_PK_EC)
bits = _gnutls_ecc_bits_to_curve(bits);
ret = _gnutls_pk_generate (algo, bits, &key->params);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret = _gnutls_asn1_encode_privkey (algo, &key->key, &key->params);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
key->pk_algorithm = algo;
return 0;
cleanup:
key->pk_algorithm = GNUTLS_PK_UNKNOWN;
gnutls_pk_params_release(&key->params);
return ret;
}
