CK_RV
gkm_crypto_verify_xsa (gcry_sexp_t sexp, CK_MECHANISM_TYPE mech, CK_BYTE_PTR data,
CK_ULONG n_data, CK_BYTE_PTR signature, CK_ULONG n_signature)
{
int algorithm;
CK_RV rv;
g_return_val_if_fail (sexp, CKR_GENERAL_ERROR);
g_return_val_if_fail (signature, CKR_ARGUMENTS_BAD);
g_return_val_if_fail (data, CKR_ARGUMENTS_BAD);
if (!gkm_sexp_parse_key (sexp, &algorithm, NULL, NULL))
g_return_val_if_reached (CKR_GENERAL_ERROR);
/*
* The algorithm checks below are merely sanity checks.
* Other code should have checed this at an earlier stage
* and return the right error codes if invalid.
*/
switch (mech) {
case CKM_RSA_PKCS:
g_return_val_if_fail (algorithm == GCRY_PK_RSA, CKR_GENERAL_ERROR);
rv = gkm_rsa_mechanism_verify (sexp, egg_padding_pkcs1_pad_01, data, n_data, signature, n_signature);
break;
case CKM_RSA_X_509:
g_return_val_if_fail (algorithm == GCRY_PK_RSA, CKR_GENERAL_ERROR);
rv = gkm_rsa_mechanism_verify (sexp, egg_padding_zero_pad, data, n_data, signature, n_signature);
break;
case CKM_DSA:
g_return_val_if_fail (algorithm == GCRY_PK_DSA, CKR_GENERAL_ERROR);
rv = gkm_dsa_mechanism_verify (sexp, data, n_data, signature, n_signature);
break;
default:
/* Again shouldn't be reached */
g_return_val_if_reached (CKR_GENERAL_ERROR);
};
return rv;
}
guchar*
gkm_data_der_write_private_key (gcry_sexp_t s_key, gsize *len)
{
gboolean is_priv;
int algorithm;
g_return_val_if_fail (s_key != NULL, NULL);
if (!gkm_sexp_parse_key (s_key, &algorithm, &is_priv, NULL))
g_return_val_if_reached (NULL);
g_return_val_if_fail (is_priv, NULL);
switch (algorithm) {
case GCRY_PK_RSA:
return gkm_data_der_write_private_key_rsa (s_key, len);
case GCRY_PK_DSA:
return gkm_data_der_write_private_key_dsa (s_key, len);
default:
g_return_val_if_reached (NULL);
}
}
guchar*
gkm_data_der_write_private_pkcs8_plain (gcry_sexp_t skey, gsize *n_data)
{
GNode *asn = NULL;
int algorithm;
gboolean is_priv;
GQuark oid;
guchar *params, *key, *data;
gsize n_params, n_key;
init_quarks ();
/* Parse and check that the key is for real */
if (!gkm_sexp_parse_key (skey, &algorithm, &is_priv, NULL))
g_return_val_if_reached (NULL);
g_return_val_if_fail (is_priv == TRUE, NULL);
asn = egg_asn1x_create (pkix_asn1_tab, "pkcs-8-PrivateKeyInfo");
g_return_val_if_fail (asn, NULL);
/* Write out the version */
if (!egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn, "version", NULL), 0))
g_return_val_if_reached (NULL);
/* Per algorithm differences */
switch (algorithm)
{
/* RSA gets encoded in a standard simple way */
case GCRY_PK_RSA:
oid = OID_PKIX1_RSA;
params = NULL;
n_params = 0;
key = gkm_data_der_write_private_key_rsa (skey, &n_key);
break;
/* DSA gets incoded with the params seperate */
case GCRY_PK_DSA:
oid = OID_PKIX1_DSA;
key = gkm_data_der_write_private_key_dsa_part (skey, &n_key);
params = gkm_data_der_write_private_key_dsa_params (skey, &n_params);
break;
default:
g_warning ("trying to serialize unsupported private key algorithm: %d", algorithm);
return NULL;
};
/* Write out the algorithm */
if (!egg_asn1x_set_oid_as_quark (egg_asn1x_node (asn, "privateKeyAlgorithm", "algorithm", NULL), oid))
g_return_val_if_reached (NULL);
/* Write out the parameters */
if (params) {
if (!egg_asn1x_set_raw_element (egg_asn1x_node (asn, "privateKeyAlgorithm", "parameters", NULL),
params, n_params, egg_secure_free))
g_return_val_if_reached (NULL);
}
/* Write out the key portion */
if (!egg_asn1x_set_string_as_raw (egg_asn1x_node (asn, "privateKey", NULL),
key, n_key, egg_secure_free))
g_return_val_if_reached (NULL);
data = egg_asn1x_encode (asn, egg_secure_realloc, n_data);
if (data == NULL)
g_warning ("couldn't encode private pkcs8 key: %s", egg_asn1x_message (asn));
egg_asn1x_destroy (asn);
return data;
}
