int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, uint8_t * der, int dersize, gnutls_pk_params_st * params) { switch (algo) { case GNUTLS_PK_RSA: return 0; case GNUTLS_PK_DSA: return _gnutls_x509_read_dsa_params(der, dersize, params); case GNUTLS_PK_EC: return _gnutls_x509_read_ecc_params(der, dersize, ¶ms->flags); default: return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); } }
/* Extracts DSA and RSA parameters from a certificate. */ static int get_mpis (int pk_algorithm, ASN1_TYPE asn, const char *root, bigint_t * params, int *params_size) { int result; char name[256]; gnutls_datum tmp = { NULL, 0 }; /* Read the algorithm's parameters */ snprintf (name, sizeof (name), "%s.subjectPublicKey", root); result = _gnutls_x509_read_value (asn, name, &tmp, 2); if (result < 0) { gnutls_assert (); fprintf (stderr, "name: %s\n", name); return result; } switch (pk_algorithm) { case GNUTLS_PK_RSA: /* params[0] is the modulus, * params[1] is the exponent */ if (*params_size < RSA_PUBLIC_PARAMS) { gnutls_assert (); /* internal error. Increase the bigint_ts in params */ result = GNUTLS_E_INTERNAL_ERROR; goto error; } if ((result = _gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0) { gnutls_assert (); goto error; } *params_size = RSA_PUBLIC_PARAMS; break; case GNUTLS_PK_DSA: /* params[0] is p, * params[1] is q, * params[2] is q, * params[3] is pub. */ if (*params_size < DSA_PUBLIC_PARAMS) { gnutls_assert (); /* internal error. Increase the bigint_ts in params */ result = GNUTLS_E_INTERNAL_ERROR; goto error; } if ((result = _gnutls_x509_read_dsa_pubkey (tmp.data, tmp.size, params)) < 0) { gnutls_assert (); goto error; } /* Now read the parameters */ _gnutls_free_datum (&tmp); snprintf (name, sizeof (name), "%s.algorithm.parameters", root); result = _gnutls_x509_read_value (asn, name, &tmp, 0); /* FIXME: If the parameters are not included in the certificate * then the issuer's parameters should be used. This is not * done yet. */ if (result < 0) { gnutls_assert (); goto error; } if ((result = _gnutls_x509_read_dsa_params (tmp.data, tmp.size, params)) < 0) { gnutls_assert (); goto error; } *params_size = DSA_PUBLIC_PARAMS; break; default: /* other types like DH * currently not supported */ gnutls_assert (); result = GNUTLS_E_X509_CERTIFICATE_ERROR; goto error; } result = 0; error: _gnutls_free_datum (&tmp); return result; }
/* Extracts DSA and RSA parameters from a certificate. */ int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, bigint_t * params, int *params_size) { int result; int pk_algorithm; gnutls_datum tmp = { NULL, 0 }; /* Read the algorithm's OID */ pk_algorithm = gnutls_x509_crt_get_pk_algorithm (cert, NULL); /* Read the algorithm's parameters */ result = _gnutls_x509_read_value (cert->cert, "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", &tmp, 2); if (result < 0) { gnutls_assert (); return result; } switch (pk_algorithm) { case GNUTLS_PK_RSA: /* params[0] is the modulus, * params[1] is the exponent */ if (*params_size < RSA_PUBLIC_PARAMS) { gnutls_assert (); /* internal error. Increase the bigint_ts in params */ result = GNUTLS_E_INTERNAL_ERROR; goto error; } if ((result = _gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0) { gnutls_assert (); goto error; } *params_size = RSA_PUBLIC_PARAMS; break; case GNUTLS_PK_DSA: /* params[0] is p, * params[1] is q, * params[2] is q, * params[3] is pub. */ if (*params_size < DSA_PUBLIC_PARAMS) { gnutls_assert (); /* internal error. Increase the bigint_ts in params */ result = GNUTLS_E_INTERNAL_ERROR; goto error; } if ((result = _gnutls_x509_read_dsa_pubkey (tmp.data, tmp.size, params)) < 0) { gnutls_assert (); goto error; } /* Now read the parameters */ _gnutls_free_datum (&tmp); result = _gnutls_x509_read_value (cert->cert, "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters", &tmp, 0); /* FIXME: If the parameters are not included in the certificate * then the issuer's parameters should be used. This is not * done yet. */ if (result < 0) { gnutls_assert (); goto error; } if ((result = _gnutls_x509_read_dsa_params (tmp.data, tmp.size, params)) < 0) { gnutls_assert (); goto error; } *params_size = DSA_PUBLIC_PARAMS; break; default: /* other types like DH * currently not supported */ gnutls_assert (); result = GNUTLS_E_X509_CERTIFICATE_ERROR; goto error; } result = 0; error: _gnutls_free_datum (&tmp); return result; }