int
_gnutls_pk_params_copy (gnutls_pk_params_st * dst, bigint_t * params,
int params_len)
{
int i, j;
dst->params_nr = 0;
if (params_len == 0 || params == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
for (i = 0; i < params_len; i++)
{
dst->params[i] = _gnutls_mpi_set (NULL, params[i]);
if (dst->params[i] == NULL)
{
for (j = 0; j < i; j++)
_gnutls_mpi_release (&dst->params[j]);
return GNUTLS_E_MEMORY_ERROR;
}
dst->params_nr++;
}
return 0;
}
int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, const gnutls_pk_params_st * src)
{
int i, j;
dst->params_nr = 0;
if (src == NULL || src->params_nr == 0)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
for (i = 0; i < src->params_nr; i++)
{
dst->params[i] = _gnutls_mpi_set (NULL, src->params[i]);
if (dst->params[i] == NULL)
{
for (j = 0; j < i; j++)
_gnutls_mpi_release (&dst->params[j]);
return GNUTLS_E_MEMORY_ERROR;
}
dst->params_nr++;
}
return 0;
}
static int
wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
unsigned int level /*bits */ ,
gnutls_pk_params_st * params)
{
int ret;
unsigned int i, q_bits;
memset(params, 0, sizeof(*params));
switch (algo)
{
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_private_key priv;
dsa_public_key_init (&pub);
dsa_private_key_init (&priv);
/* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
* but we do NIST DSA here */
if (level <= 1024)
q_bits = 160;
else
q_bits = 256;
ret =
dsa_generate_keypair (&pub, &priv, NULL,
rnd_func, NULL, NULL, level, q_bits);
if (ret != 1)
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto dsa_fail;
}
params->params_nr = 0;
for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
{
params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
if (params->params[i] == NULL)
{
ret = GNUTLS_E_MEMORY_ERROR;
goto dsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set (params->params[0], pub.p);
_gnutls_mpi_set (params->params[1], pub.q);
_gnutls_mpi_set (params->params[2], pub.g);
_gnutls_mpi_set (params->params[3], pub.y);
_gnutls_mpi_set (params->params[4], priv.x);
dsa_fail:
dsa_private_key_clear (&priv);
dsa_public_key_clear (&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
struct rsa_private_key priv;
rsa_public_key_init (&pub);
rsa_private_key_init (&priv);
_gnutls_mpi_set_ui (&pub.e, 65537);
ret =
rsa_generate_keypair (&pub, &priv, NULL,
rnd_func, NULL, NULL, level, 0);
if (ret != 1)
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto rsa_fail;
}
params->params_nr = 0;
for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
{
params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
if (params->params[i] == NULL)
{
ret = GNUTLS_E_MEMORY_ERROR;
goto rsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set (params->params[0], pub.n);
_gnutls_mpi_set (params->params[1], pub.e);
_gnutls_mpi_set (params->params[2], priv.d);
_gnutls_mpi_set (params->params[3], priv.p);
_gnutls_mpi_set (params->params[4], priv.q);
_gnutls_mpi_set (params->params[5], priv.c);
_gnutls_mpi_set (params->params[6], priv.a);
_gnutls_mpi_set (params->params[7], priv.b);
rsa_fail:
rsa_private_key_clear (&priv);
rsa_public_key_clear (&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_EC:
{
ecc_key key;
ecc_set_type tls_ecc_set;
const gnutls_ecc_curve_entry_st *st;
st = _gnutls_ecc_curve_get_params(level);
if (st == NULL)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
tls_ecc_set.size = st->size;
tls_ecc_set.prime = st->prime;
tls_ecc_set.order = st->order;
tls_ecc_set.Gx = st->Gx;
tls_ecc_set.Gy = st->Gy;
tls_ecc_set.A = st->A;
tls_ecc_set.B = st->B;
ret = ecc_make_key(NULL, rnd_func, &key, &tls_ecc_set, st->id);
if (ret != 0)
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
params->params_nr = 0;
for (i = 0; i < ECC_PRIVATE_PARAMS; i++)
{
params->params[i] = _gnutls_mpi_alloc_like(&key.prime);
if (params->params[i] == NULL)
{
ret = GNUTLS_E_MEMORY_ERROR;
goto ecc_fail;
}
params->params_nr++;
}
params->flags = level;
mpz_set(TOMPZ(params->params[ECC_PRIME]), key.prime);
mpz_set(TOMPZ(params->params[ECC_ORDER]), key.order);
mpz_set(TOMPZ(params->params[ECC_A]), key.A);
mpz_set(TOMPZ(params->params[ECC_B]), key.B);
mpz_set(TOMPZ(params->params[ECC_GX]), key.Gx);
mpz_set(TOMPZ(params->params[ECC_GY]), key.Gy);
mpz_set(TOMPZ(params->params[ECC_X]), key.pubkey.x);
mpz_set(TOMPZ(params->params[ECC_Y]), key.pubkey.y);
mpz_set(TOMPZ(params->params[ECC_K]), key.k);
ecc_fail:
ecc_free(&key);
if (ret < 0)
goto fail;
break;
}
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
fail:
for (i = 0; i < params->params_nr; i++)
{
_gnutls_mpi_release (¶ms->params[i]);
}
params->params_nr = 0;
return ret;
}
static int
wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
unsigned int level /*bits */ ,
gnutls_pk_params_st * params)
{
int ret;
unsigned int i, q_bits;
memset(params, 0, sizeof(*params));
switch (algo) {
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_private_key priv;
dsa_public_key_init(&pub);
dsa_private_key_init(&priv);
/* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
* but we do NIST DSA here */
if (level <= 1024)
q_bits = 160;
else
q_bits = 256;
ret =
dsa_generate_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level, q_bits);
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto dsa_fail;
}
params->params_nr = 0;
for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
params->params[i] =
_gnutls_mpi_alloc_like(&pub.p);
if (params->params[i] == NULL) {
ret = GNUTLS_E_MEMORY_ERROR;
goto dsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set(params->params[0], pub.p);
_gnutls_mpi_set(params->params[1], pub.q);
_gnutls_mpi_set(params->params[2], pub.g);
_gnutls_mpi_set(params->params[3], pub.y);
_gnutls_mpi_set(params->params[4], priv.x);
dsa_fail:
dsa_private_key_clear(&priv);
dsa_public_key_clear(&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
struct rsa_private_key priv;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
_gnutls_mpi_set_ui(&pub.e, 65537);
ret =
rsa_generate_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level, 0);
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto rsa_fail;
}
params->params_nr = 0;
for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
params->params[i] =
_gnutls_mpi_alloc_like(&pub.n);
if (params->params[i] == NULL) {
ret = GNUTLS_E_MEMORY_ERROR;
goto rsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set(params->params[0], pub.n);
_gnutls_mpi_set(params->params[1], pub.e);
_gnutls_mpi_set(params->params[2], priv.d);
_gnutls_mpi_set(params->params[3], priv.p);
_gnutls_mpi_set(params->params[4], priv.q);
_gnutls_mpi_set(params->params[5], priv.c);
_gnutls_mpi_set(params->params[6], priv.a);
_gnutls_mpi_set(params->params[7], priv.b);
rsa_fail:
rsa_private_key_clear(&priv);
rsa_public_key_clear(&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
struct ecc_point pub;
const struct ecc_curve *curve;
curve = get_supported_curve(level);
if (curve == NULL)
return
gnutls_assert_val
(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
ecc_scalar_init(&key, curve);
ecc_point_init(&pub, curve);
ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
params->params[ECC_X] = _gnutls_mpi_new(0);
params->params[ECC_Y] = _gnutls_mpi_new(0);
params->params[ECC_K] = _gnutls_mpi_new(0);
if (params->params[ECC_X] == NULL
|| params->params[ECC_Y] == NULL
|| params->params[ECC_K] == NULL) {
_gnutls_mpi_release(¶ms->
params[ECC_X]);
_gnutls_mpi_release(¶ms->
params[ECC_Y]);
_gnutls_mpi_release(¶ms->
params[ECC_K]);
goto ecc_cleanup;
}
params->flags = level;
params->params_nr = ECC_PRIVATE_PARAMS;
ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
TOMPZ(params->params[ECC_Y]));
ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
ecc_cleanup:
ecc_point_clear(&pub);
ecc_scalar_clear(&key);
break;
}
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
fail:
for (i = 0; i < params->params_nr; i++) {
_gnutls_mpi_release(¶ms->params[i]);
}
params->params_nr = 0;
return ret;
}
bigint_t
_gnutls_mpi_randomize (bigint_t r, unsigned int bits,
gnutls_rnd_level_t level)
{
size_t size = 1 + (bits / 8);
int ret;
int rem, i;
bigint_t tmp;
char tmpbuf[512];
opaque *buf;
int buf_release = 0;
if (size < sizeof (tmpbuf))
{
buf = tmpbuf;
}
else
{
buf = gnutls_malloc (size);
if (buf == NULL)
{
gnutls_assert ();
goto cleanup;
}
buf_release = 1;
}
ret = _gnutls_rnd (level, buf, size);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
/* mask the bits that weren't requested */
rem = bits % 8;
if (rem == 0)
{
buf[0] = 0;
}
else
{
for (i = 8; i >= rem; i--)
buf[0] = clearbit (buf[0], i);
}
ret = _gnutls_mpi_scan (&tmp, buf, size);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
if (buf_release != 0)
{
gnutls_free (buf);
buf = NULL;
}
if (r != NULL)
{
_gnutls_mpi_set (r, tmp);
_gnutls_mpi_release (&tmp);
return r;
}
return tmp;
cleanup:
if (buf_release != 0)
gnutls_free (buf);
return NULL;
}
