C++ (Cpp) gnutls_pubkey_verify_hash Examples

Programming Language: C++ (Cpp)

Method/Function: gnutls_pubkey_verify_hash

Examples at hotexamples.com: 2

C++ (Cpp) gnutls_pubkey_verify_hash - 2 examples found. These are the top rated real world C++ (Cpp) examples of gnutls_pubkey_verify_hash extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: x509sign-verify.c Project: nobled/gnutls

void
doit (void)
{
  gnutls_x509_privkey_t key;
  gnutls_x509_crt_t crt;
  gnutls_pubkey_t pubkey;
  gnutls_privkey_t privkey;
  gnutls_digest_algorithm_t hash_algo;
  gnutls_sign_algorithm_t sign_algo;
  gnutls_datum_t signature;
  gnutls_datum_t signature2;
  int ret;
  size_t i;

  gnutls_global_init ();

  gnutls_global_set_log_function (tls_log_func);
  if (debug)
    gnutls_global_set_log_level (6);

  for (i = 0; i < sizeof (key_dat) / sizeof (key_dat[0]); i++)
    {
      if (debug)
        success ("loop %d\n", (int) i);

      ret = gnutls_x509_privkey_init (&key);
      if (ret < 0)
        fail ("gnutls_x509_privkey_init\n");

      ret =
        gnutls_x509_privkey_import (key, &key_dat[i], GNUTLS_X509_FMT_PEM);
      if (ret < 0)
        fail ("gnutls_x509_privkey_import\n");

      ret = gnutls_pubkey_init (&pubkey);
      if (ret < 0)
        fail ("gnutls_privkey_init\n");

      ret = gnutls_privkey_init (&privkey);
      if (ret < 0)
        fail ("gnutls_pubkey_init\n");

      ret = gnutls_privkey_import_x509 (privkey, key, 0);
      if (ret < 0)
        fail ("gnutls_privkey_import_x509\n");

      ret = gnutls_privkey_sign_hash (privkey, GNUTLS_DIG_SHA1, 0,
				      &hash_data, &signature2);
      if (ret < 0)
        fail ("gnutls_privkey_sign_hash\n");

      ret = gnutls_privkey_sign_data (privkey, GNUTLS_DIG_SHA1, 0,
				      &raw_data, &signature);
      if (ret < 0)
        fail ("gnutls_x509_privkey_sign_hash\n");

      ret = gnutls_x509_crt_init (&crt);
      if (ret < 0)
        fail ("gnutls_x509_crt_init\n");

      ret = gnutls_x509_crt_import (crt, &cert_dat[i], GNUTLS_X509_FMT_PEM);
      if (ret < 0)
        fail ("gnutls_x509_crt_import\n");

      ret =
        gnutls_pubkey_import_x509 (pubkey, crt, 0);
      if (ret < 0)
        fail ("gnutls_x509_pubkey_import\n");

      ret =
        gnutls_pubkey_get_verify_algorithm (pubkey, &signature, &hash_algo);
      if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
        fail ("gnutls_x509_crt_get_verify_algorithm\n");

      ret = gnutls_pubkey_verify_hash (pubkey, 0, &hash_data, &signature);
      if (ret < 0)
        fail ("gnutls_x509_pubkey_verify_hash\n");

      ret =
        gnutls_pubkey_get_verify_algorithm (pubkey, &signature2, &hash_algo);
      if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
        fail ("gnutls_x509_crt_get_verify_algorithm (hashed data)\n");

      ret = gnutls_pubkey_verify_hash (pubkey, 0, &hash_data, &signature2);
      if (ret < 0)
        fail ("gnutls_x509_pubkey_verify_hash-1 (hashed data)\n");

      /* should fail */
      ret = gnutls_pubkey_verify_hash (pubkey, 0, &invalid_hash_data, &signature2);
      if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
        fail ("gnutls_x509_pubkey_verify_hash-2 (hashed data)\n");
        
      sign_algo = gnutls_pk_to_sign(gnutls_pubkey_get_pk_algorithm(pubkey, NULL),
                                    GNUTLS_DIG_SHA1);

      ret = gnutls_pubkey_verify_hash2 (pubkey, sign_algo, 0, &hash_data, &signature2);
      if (ret < 0)
        fail ("gnutls_x509_pubkey_verify_hash2-1 (hashed data)\n");

      /* should fail */
      ret = gnutls_pubkey_verify_hash2 (pubkey, sign_algo, 0, &invalid_hash_data, &signature2);
      if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
        fail ("gnutls_x509_pubkey_verify_hash2-2 (hashed data)\n");


      gnutls_free(signature.data);
      gnutls_free(signature2.data);
      gnutls_x509_privkey_deinit (key);
      gnutls_x509_crt_deinit (crt);
      gnutls_privkey_deinit (privkey);
      gnutls_pubkey_deinit (pubkey);
    }

  gnutls_global_deinit ();
}

Example #2

Show file

static int
verify_tls_hash (gnutls_protocol_t ver, gnutls_pcert_st* cert,
                    const gnutls_datum_t * hash_concat,
                    gnutls_datum_t * signature, size_t sha1pos,
                    gnutls_pk_algorithm_t pk_algo)
{
  int ret;
  gnutls_datum_t vdata;
  unsigned int key_usage = 0, flags;

  if (cert == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_CERTIFICATE_ERROR;
    }

  gnutls_pubkey_get_key_usage(cert->pubkey, &key_usage);

  /* If the certificate supports signing continue.
   */
  if (key_usage != 0)
    if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
      {
        gnutls_assert ();
        return GNUTLS_E_KEY_USAGE_VIOLATION;
      }

  if (pk_algo == GNUTLS_PK_UNKNOWN)
    pk_algo = gnutls_pubkey_get_pk_algorithm(cert->pubkey, NULL);
  switch (pk_algo)
    {
    case GNUTLS_PK_RSA:

      vdata.data = hash_concat->data;
      vdata.size = hash_concat->size;

      /* verify signature */
      if (!_gnutls_version_has_selectable_sighash (ver))
        flags = GNUTLS_PUBKEY_VERIFY_FLAG_TLS_RSA;
      else
        flags = 0;


      break;
    case GNUTLS_PK_DSA:

      vdata.data = &hash_concat->data[sha1pos];
      vdata.size = hash_concat->size - sha1pos;

      flags = 0;

      break;
    default:
      gnutls_assert ();
      return GNUTLS_E_INTERNAL_ERROR;
    }

  ret = gnutls_pubkey_verify_hash(cert->pubkey, flags, &vdata,
    signature);

  if (ret < 0)
    return gnutls_assert_val(ret);


  return 0;
}