/**
* gnutls_x509_privkey_sign_data2:
* @signer: Holds the key
* @digest: should be MD5 or SHA1
* @flags: should be 0 for now
* @data: holds the data to be signed
* @signature: will contain the signature allocate with gnutls_malloc()
*
* This function will sign the given data using a signature algorithm
* supported by the private key. Signature algorithms are always used
* together with a hash functions. Different hash functions may be
* used for the RSA algorithm, but only SHA-1,SHA-224 and SHA-256
* for the DSA keys, depending on their bit size.
*
* Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
* the hash algorithm.
*
* The RSA algorithm is used in PKCS #1 v1.5 mode.
*
* If the buffer provided is not long enough to hold the output, then
* *@signature_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will
* be returned.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
**/
int
gnutls_x509_privkey_sign_data2 (gnutls_x509_privkey_t signer,
gnutls_digest_algorithm_t hash,
unsigned int flags,
const gnutls_datum_t * data,
gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
ret =
pk_hash_data (signer->pk_algorithm, hash, signer->params, data, &digest);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret =
gnutls_x509_privkey_sign_hash2 (signer, hash, flags, &digest, signature);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
ret = 0;
cleanup:
_gnutls_free_datum (&digest);
return ret;
}
/**
* gnutls_x509_privkey_sign_data:
* @key: Holds the key
* @digest: should be MD5 or SHA1
* @flags: should be 0 for now
* @data: holds the data to be signed
* @signature: will contain the signature
* @signature_size: holds the size of signature (and will be replaced
* by the new size)
*
* This function will sign the given data using a signature algorithm
* supported by the private key. Signature algorithms are always used
* together with a hash functions. Different hash functions may be
* used for the RSA algorithm, but only SHA-1 for the DSA keys.
*
* If the buffer provided is not long enough to hold the output, then
* *@signature_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will
* be returned.
*
* Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
* the hash algorithm.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Deprecated: Use gnutls_privkey_sign_data().
*/
int
gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
gnutls_digest_algorithm_t digest,
unsigned int flags,
const gnutls_datum_t * data,
void *signature, size_t * signature_size)
{
int result;
gnutls_datum_t sig = { NULL, 0 };
gnutls_datum_t hash;
if (key == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
result =
pk_hash_data (key->pk_algorithm, digest, &key->params, data, &hash);
if (result < 0)
{
gnutls_assert ();
return result;
}
result =
_gnutls_x509_privkey_sign_hash2 (key, digest, flags, &hash, signature);
_gnutls_free_datum(&hash);
if (result < 0)
{
gnutls_assert ();
return result;
}
if (*signature_size < sig.size)
{
*signature_size = sig.size;
_gnutls_free_datum (&sig);
return GNUTLS_E_SHORT_MEMORY_BUFFER;
}
*signature_size = sig.size;
memcpy (signature, sig.data, sig.size);
_gnutls_free_datum (&sig);
return 0;
}
/**
* gnutls_privkey_sign_data:
* @signer: Holds the key
* @hash: should be a digest algorithm
* @flags: Zero or one of %gnutls_privkey_flags_t
* @data: holds the data to be signed
* @signature: will contain the signature allocate with gnutls_malloc()
*
* This function will sign the given data using a signature algorithm
* supported by the private key. Signature algorithms are always used
* together with a hash functions. Different hash functions may be
* used for the RSA algorithm, but only the SHA family for the DSA keys.
*
* You may use gnutls_pubkey_get_preferred_hash_algorithm() to determine
* the hash algorithm.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 2.12.0
**/
int
gnutls_privkey_sign_data(gnutls_privkey_t signer,
gnutls_digest_algorithm_t hash,
unsigned int flags,
const gnutls_datum_t * data,
gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
const mac_entry_st *me = mac_to_entry(hash);
if (flags & GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
ret = pk_hash_data(signer->pk_algorithm, me, NULL, data, &digest);
if (ret < 0) {
gnutls_assert();
return ret;
}
ret = pk_prepare_hash(signer->pk_algorithm, me, &digest);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
gnutls_privkey_sign_raw_data(signer, flags, &digest,
signature);
_gnutls_free_datum(&digest);
if (ret < 0) {
gnutls_assert();
return ret;
}
return 0;
cleanup:
_gnutls_free_datum(&digest);
return ret;
}
