/** * gnutls_x509_privkey_sign_data2: * @signer: Holds the key * @digest: should be MD5 or SHA1 * @flags: should be 0 for now * @data: holds the data to be signed * @signature: will contain the signature allocate with gnutls_malloc() * * This function will sign the given data using a signature algorithm * supported by the private key. Signature algorithms are always used * together with a hash functions. Different hash functions may be * used for the RSA algorithm, but only SHA-1,SHA-224 and SHA-256 * for the DSA keys, depending on their bit size. * * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine * the hash algorithm. * * The RSA algorithm is used in PKCS #1 v1.5 mode. * * If the buffer provided is not long enough to hold the output, then * *@signature_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will * be returned. * * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. **/ int gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer, gnutls_digest_algorithm_t hash, unsigned int flags, const gnutls_datum_t * data, gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; ret = pk_hash_data (signer->pk_algorithm, hash, signer->params, data, &digest); if (ret < 0) { gnutls_assert (); return ret; } ret = gnutls_x509_privkey_sign_hash2 (signer, hash, flags, &digest, signature); if (ret < 0) { gnutls_assert (); goto cleanup; } ret = 0; cleanup: _gnutls_free_datum (&digest); return ret; }
/** * gnutls_x509_privkey_sign_data: * @key: Holds the key * @digest: should be MD5 or SHA1 * @flags: should be 0 for now * @data: holds the data to be signed * @signature: will contain the signature * @signature_size: holds the size of signature (and will be replaced * by the new size) * * This function will sign the given data using a signature algorithm * supported by the private key. Signature algorithms are always used * together with a hash functions. Different hash functions may be * used for the RSA algorithm, but only SHA-1 for the DSA keys. * * If the buffer provided is not long enough to hold the output, then * *@signature_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will * be returned. * * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine * the hash algorithm. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Deprecated: Use gnutls_privkey_sign_data(). */ int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, gnutls_digest_algorithm_t digest, unsigned int flags, const gnutls_datum_t * data, void *signature, size_t * signature_size) { int result; gnutls_datum_t sig = { NULL, 0 }; gnutls_datum_t hash; if (key == NULL) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } result = pk_hash_data (key->pk_algorithm, digest, &key->params, data, &hash); if (result < 0) { gnutls_assert (); return result; } result = _gnutls_x509_privkey_sign_hash2 (key, digest, flags, &hash, signature); _gnutls_free_datum(&hash); if (result < 0) { gnutls_assert (); return result; } if (*signature_size < sig.size) { *signature_size = sig.size; _gnutls_free_datum (&sig); return GNUTLS_E_SHORT_MEMORY_BUFFER; } *signature_size = sig.size; memcpy (signature, sig.data, sig.size); _gnutls_free_datum (&sig); return 0; }
/** * gnutls_privkey_sign_data: * @signer: Holds the key * @hash: should be a digest algorithm * @flags: Zero or one of %gnutls_privkey_flags_t * @data: holds the data to be signed * @signature: will contain the signature allocate with gnutls_malloc() * * This function will sign the given data using a signature algorithm * supported by the private key. Signature algorithms are always used * together with a hash functions. Different hash functions may be * used for the RSA algorithm, but only the SHA family for the DSA keys. * * You may use gnutls_pubkey_get_preferred_hash_algorithm() to determine * the hash algorithm. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 2.12.0 **/ int gnutls_privkey_sign_data(gnutls_privkey_t signer, gnutls_digest_algorithm_t hash, unsigned int flags, const gnutls_datum_t * data, gnutls_datum_t * signature) { int ret; gnutls_datum_t digest; const mac_entry_st *me = mac_to_entry(hash); if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ret = pk_hash_data(signer->pk_algorithm, me, NULL, data, &digest); if (ret < 0) { gnutls_assert(); return ret; } ret = pk_prepare_hash(signer->pk_algorithm, me, &digest); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = gnutls_privkey_sign_raw_data(signer, flags, &digest, signature); _gnutls_free_datum(&digest); if (ret < 0) { gnutls_assert(); return ret; } return 0; cleanup: _gnutls_free_datum(&digest); return ret; }