/* returns error if the certificate has different algorithm than
* the given key parameters.
*/
static int
_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
{
gnutls_datum_t cid;
gnutls_datum_t kid;
unsigned pk = res->cert_list[res->ncerts - 1][0].subject_pk_algorithm;
if (res->pkey[res->ncerts - 1].pk_algorithm != pk)
{
gnutls_assert ();
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
}
if (pk == GNUTLS_PK_RSA)
{
_gnutls_x509_write_rsa_params (res->pkey[res->ncerts - 1].params,
res->pkey[res->ncerts -
1].params_size, &kid);
_gnutls_x509_write_rsa_params (res->
cert_list[res->ncerts - 1][0].params,
res->cert_list[res->ncerts -
1][0].params_size, &cid);
}
else if (pk == GNUTLS_PK_DSA)
{
_gnutls_x509_write_dsa_params (res->pkey[res->ncerts - 1].params,
res->pkey[res->ncerts -
1].params_size, &kid);
_gnutls_x509_write_dsa_params (res->
cert_list[res->ncerts - 1][0].params,
res->cert_list[res->ncerts -
1][0].params_size, &cid);
}
if (cid.size != kid.size)
{
gnutls_assert ();
_gnutls_free_datum (&kid);
_gnutls_free_datum (&cid);
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
}
if (memcmp (kid.data, cid.data, kid.size) != 0)
{
gnutls_assert ();
_gnutls_free_datum (&kid);
_gnutls_free_datum (&cid);
return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
}
_gnutls_free_datum (&kid);
_gnutls_free_datum (&cid);
return 0;
}
int
_gnutls_x509_write_pubkey_params(gnutls_pk_algorithm_t algo,
gnutls_pk_params_st * params,
gnutls_datum_t * der)
{
switch (algo) {
case GNUTLS_PK_DSA:
return _gnutls_x509_write_dsa_params(params, der);
case GNUTLS_PK_RSA:
der->data = gnutls_malloc(ASN1_NULL_SIZE);
if (der->data == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
memcpy(der->data, ASN1_NULL, ASN1_NULL_SIZE);
der->size = ASN1_NULL_SIZE;
return 0;
case GNUTLS_PK_EC:
return _gnutls_x509_write_ecc_params(params->flags, der);
default:
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
}
/*
* This function writes and encodes the parameters for DSS or RSA keys.
* This is the "signatureAlgorithm" fields.
*/
int
_gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
gnutls_pk_algorithm_t pk_algorithm,
gnutls_digest_algorithm_t dig,
bigint_t * params, int params_size)
{
gnutls_datum_t der;
int result;
char name[128];
const char *pk;
_gnutls_str_cpy (name, sizeof (name), dst_name);
_gnutls_str_cat (name, sizeof (name), ".algorithm");
pk = _gnutls_x509_sign_to_oid (pk_algorithm, HASH2MAC (dig));
if (pk == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
/* write the OID.
*/
result = asn1_write_value (dst, name, pk, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
_gnutls_str_cpy (name, sizeof (name), dst_name);
_gnutls_str_cat (name, sizeof (name), ".parameters");
if (pk_algorithm == GNUTLS_PK_DSA)
{
result = _gnutls_x509_write_dsa_params (params, params_size, &der);
if (result < 0)
{
gnutls_assert ();
return result;
}
result = asn1_write_value (dst, name, der.data, der.size);
_gnutls_free_datum (&der);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
}
else
{ /* RSA */
result = asn1_write_value (dst, name, NULL, 0);
if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
{
/* Here we ignore the element not found error, since this
* may have been disabled before.
*/
gnutls_assert ();
return _gnutls_asn2err (result);
}
}
return 0;
}
/* Encodes and copies the private key parameters into a
* subjectPublicKeyInfo structure.
*
*/
int
_gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
const char *dst_name,
gnutls_pk_algorithm_t
pk_algorithm, bigint_t * params,
int params_size)
{
const char *pk;
gnutls_datum_t der = { NULL, 0 };
int result;
char name[128];
pk = _gnutls_x509_pk_to_oid (pk_algorithm);
if (pk == NULL)
{
gnutls_assert ();
return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
}
/* write the OID
*/
_asnstr_append_name (name, sizeof (name), dst_name, ".algorithm.algorithm");
result = asn1_write_value (dst, name, pk, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
if (pk_algorithm == GNUTLS_PK_RSA)
{
/* disable parameters, which are not used in RSA.
*/
_asnstr_append_name (name, sizeof (name), dst_name,
".algorithm.parameters");
result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
result = _gnutls_x509_write_rsa_params (params, params_size, &der);
if (result < 0)
{
gnutls_assert ();
return result;
}
/* Write the DER parameters. (in bits)
*/
_asnstr_append_name (name, sizeof (name), dst_name,
".subjectPublicKey");
result = asn1_write_value (dst, name, der.data, der.size * 8);
_gnutls_free_datum (&der);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
}
else if (pk_algorithm == GNUTLS_PK_DSA)
{
result = _gnutls_x509_write_dsa_params (params, params_size, &der);
if (result < 0)
{
gnutls_assert ();
return result;
}
/* Write the DER parameters.
*/
_asnstr_append_name (name, sizeof (name), dst_name,
".algorithm.parameters");
result = asn1_write_value (dst, name, der.data, der.size);
_gnutls_free_datum (&der);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
result = _gnutls_x509_write_dsa_public_key (params, params_size, &der);
if (result < 0)
{
gnutls_assert ();
return result;
}
_asnstr_append_name (name, sizeof (name), dst_name,
".subjectPublicKey");
result = asn1_write_value (dst, name, der.data, der.size * 8);
_gnutls_free_datum (&der);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
}
}
else
return GNUTLS_E_UNIMPLEMENTED_FEATURE;
return 0;
}
