static int set_dh_pk_params(gnutls_session_t session, bigint_t g, bigint_t p, unsigned q_bits) { /* just in case we are resuming a session */ gnutls_pk_params_release(&session->key.proto.tls12.dh.params); gnutls_pk_params_init(&session->key.proto.tls12.dh.params); session->key.proto.tls12.dh.params.params[DH_G] = _gnutls_mpi_copy(g); if (session->key.proto.tls12.dh.params.params[DH_G] == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); session->key.proto.tls12.dh.params.params[DH_P] = _gnutls_mpi_copy(p); if (session->key.proto.tls12.dh.params.params[DH_P] == NULL) { _gnutls_mpi_release(&session->key.proto.tls12.dh.params.params[DH_G]); return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); } session->key.proto.tls12.dh.params.params_nr = 3; /* include empty q */ session->key.proto.tls12.dh.params.algo = GNUTLS_PK_DH; session->key.proto.tls12.dh.params.qbits = q_bits; return 0; }
/** * gnutls_dh_params_cpy - copy a DH parameters structure * @dst: Is the destination structure, which should be initialized. * @src: Is the source structure * * This function will copy the DH parameters structure from source * to destination. * * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned, * otherwise an error code is returned. **/ int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src) { if (src == NULL) return GNUTLS_E_INVALID_REQUEST; dst->params[0] = _gnutls_mpi_copy (src->params[0]); dst->params[1] = _gnutls_mpi_copy (src->params[1]); if (dst->params[0] == NULL || dst->params[1] == NULL) return GNUTLS_E_MEMORY_ERROR; return 0; }
/** * gnutls_x509_privkey_cpy: * @dst: The destination key, which should be initialized. * @src: The source key * * This function will copy a private key from source to destination * key. Destination has to be initialized. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. **/ int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) { unsigned int i; int ret; if (!src || !dst) return GNUTLS_E_INVALID_REQUEST; for (i = 0; i < src->params.params_nr; i++) { dst->params.params[i] = _gnutls_mpi_copy (src->params.params[i]); if (dst->params.params[i] == NULL) return GNUTLS_E_MEMORY_ERROR; } dst->params.params_nr = src->params.params_nr; dst->params.flags = src->params.flags; dst->pk_algorithm = src->pk_algorithm; ret = _gnutls_asn1_encode_privkey (dst->pk_algorithm, &dst->key, &dst->params); if (ret < 0) { gnutls_assert (); return ret; } return 0; }
cdk_error_t _cdk_copy_seckey(cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src) { cdk_pkt_seckey_t k; int i; if (!dst || !src) return CDK_Inv_Value; *dst = NULL; k = cdk_calloc(1, sizeof *k); if (!k) return CDK_Out_Of_Core; memcpy(k, src, sizeof *k); _cdk_copy_pubkey(&k->pk, src->pk); if (src->encdata) { k->encdata = cdk_calloc(1, src->enclen + 1); if (!k->encdata) return CDK_Out_Of_Core; memcpy(k->encdata, src->encdata, src->enclen); } _cdk_s2k_copy(&k->protect.s2k, src->protect.s2k); for (i = 0; i < cdk_pk_get_nskey(src->pubkey_algo); i++) { k->mpi[i] = _gnutls_mpi_copy(src->mpi[i]); } *dst = k; return 0; }
int _gnutls_pk_params_copy(gnutls_pk_params_st * dst, const gnutls_pk_params_st * src) { unsigned int i, j; dst->params_nr = 0; if (src == NULL || src->params_nr == 0) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } dst->flags = src->flags; dst->algo = src->algo; for (i = 0; i < src->params_nr; i++) { dst->params[i] = _gnutls_mpi_copy(src->params[i]); if (dst->params[i] == NULL) { goto fail; } dst->params_nr++; } return 0; fail: for (j = 0; j < i; j++) _gnutls_mpi_release(&dst->params[j]); return GNUTLS_E_MEMORY_ERROR; }
int _gnutls_x509_privkey_to_gkey (gnutls_privkey * dest, gnutls_x509_privkey_t src) { int i, ret; memset (dest, 0, sizeof (gnutls_privkey)); for (i = 0; i < src->params_size; i++) { dest->params[i] = _gnutls_mpi_copy (src->params[i]); if (dest->params[i] == NULL) { gnutls_assert (); ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } } dest->pk_algorithm = src->pk_algorithm; dest->params_size = src->params_size; return 0; cleanup: for (i = 0; i < src->params_size; i++) { _gnutls_mpi_release (&dest->params[i]); } return ret; }
int _gnutls_dh_compute_key(gnutls_dh_params_t dh_params, const gnutls_datum_t *priv_key, const gnutls_datum_t *pub_key, const gnutls_datum_t *peer_key, gnutls_datum_t *Z) { gnutls_pk_params_st pub, priv; int ret; gnutls_pk_params_init(&pub); gnutls_pk_params_init(&priv); pub.algo = GNUTLS_PK_DH; if (_gnutls_mpi_init_scan_nz (&pub.params[DH_Y], peer_key->data, peer_key->size) != 0) { ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); goto cleanup; } priv.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]); priv.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]); if (_gnutls_mpi_init_scan_nz (&priv.params[DH_X], priv_key->data, priv_key->size) != 0) { ret = gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED); goto cleanup; } priv.params_nr = 3; /* include empty q */ priv.algo = GNUTLS_PK_DH; Z->data = NULL; ret = _gnutls_pk_derive(GNUTLS_PK_DH, Z, &priv, &pub); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = 0; cleanup: gnutls_pk_params_clear(&pub); gnutls_pk_params_clear(&priv); return ret; }
int _gnutls_dh_generate_key(gnutls_dh_params_t dh_params, gnutls_datum_t *priv_key, gnutls_datum_t *pub_key) { gnutls_pk_params_st params; int ret; gnutls_pk_params_init(¶ms); params.params[DH_P] = _gnutls_mpi_copy(dh_params->params[0]); params.params[DH_G] = _gnutls_mpi_copy(dh_params->params[1]); params.params_nr = 3; /* include empty q */ params.algo = GNUTLS_PK_DH; priv_key->data = NULL; pub_key->data = NULL; ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, ¶ms); if (ret < 0) { return gnutls_assert_val(ret); } ret = _gnutls_mpi_dprint_lz(params.params[DH_X], priv_key); if (ret < 0) { gnutls_assert(); goto fail; } ret = _gnutls_mpi_dprint_lz(params.params[DH_Y], pub_key); if (ret < 0) { gnutls_assert(); goto fail; } ret = 0; goto cleanup; fail: gnutls_free(pub_key->data); gnutls_free(priv_key->data); cleanup: gnutls_pk_params_clear(¶ms); return ret; }
/** * gnutls_x509_privkey_cpy - This function copies a private key * @dst: The destination key, which should be initialized. * @src: The source key * * This function will copy a private key from source to destination key. * **/ int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) { int i, ret; if (!src || !dst) return GNUTLS_E_INVALID_REQUEST; for (i = 0; i < src->params_size; i++) { dst->params[i] = _gnutls_mpi_copy (src->params[i]); if (dst->params[i] == NULL) return GNUTLS_E_MEMORY_ERROR; } dst->params_size = src->params_size; dst->pk_algorithm = src->pk_algorithm; dst->crippled = src->crippled; if (!src->crippled) { switch (dst->pk_algorithm) { case GNUTLS_PK_DSA: ret = _encode_dsa (&dst->key, dst->params); if (ret < 0) { gnutls_assert (); return ret; } break; case GNUTLS_PK_RSA: ret = _encode_rsa (&dst->key, dst->params); if (ret < 0) { gnutls_assert (); return ret; } break; default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } } return 0; }
int _gnutls_pk_params_copy(gnutls_pk_params_st * dst, const gnutls_pk_params_st * src) { unsigned int i, j; dst->params_nr = 0; if (src == NULL || src->params_nr == 0) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } dst->flags = src->flags; dst->algo = src->algo; for (i = 0; i < src->params_nr; i++) { dst->params[i] = _gnutls_mpi_copy(src->params[i]); if (dst->params[i] == NULL) { goto fail; } dst->params_nr++; } if (_gnutls_set_datum(&dst->raw_priv, src->raw_priv.data, src->raw_priv.size) < 0) { gnutls_assert(); goto fail; } if (_gnutls_set_datum(&dst->raw_pub, src->raw_pub.data, src->raw_pub.size) < 0) { gnutls_assert(); goto fail; } if (src->seed_size) { dst->seed_size = src->seed_size; memcpy(dst->seed, src->seed, src->seed_size); } return 0; fail: for (j = 0; j < i; j++) _gnutls_mpi_release(&dst->params[j]); return GNUTLS_E_MEMORY_ERROR; }
cdk_error_t _cdk_copy_pubkey(cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src) { cdk_pkt_pubkey_t k; int i; if (!dst || !src) return CDK_Inv_Value; *dst = NULL; k = cdk_calloc(1, sizeof *k); if (!k) return CDK_Out_Of_Core; memcpy(k, src, sizeof *k); if (src->uid) _cdk_copy_userid(&k->uid, src->uid); if (src->prefs) k->prefs = _cdk_copy_prefs(src->prefs); for (i = 0; i < cdk_pk_get_npkey(src->pubkey_algo); i++) k->mpi[i] = _gnutls_mpi_copy(src->mpi[i]); *dst = k; return 0; }
static int privkey_to_pubkey(gnutls_pk_algorithm_t pk, const gnutls_pk_params_st * priv, gnutls_pk_params_st * pub) { int ret; pub->algo = priv->algo; pub->flags = priv->flags; switch (pk) { case GNUTLS_PK_RSA: pub->params[0] = _gnutls_mpi_copy(priv->params[0]); pub->params[1] = _gnutls_mpi_copy(priv->params[1]); pub->params_nr = RSA_PUBLIC_PARAMS; if (pub->params[0] == NULL || pub->params[1] == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } break; case GNUTLS_PK_DSA: pub->params[0] = _gnutls_mpi_copy(priv->params[0]); pub->params[1] = _gnutls_mpi_copy(priv->params[1]); pub->params[2] = _gnutls_mpi_copy(priv->params[2]); pub->params[3] = _gnutls_mpi_copy(priv->params[3]); pub->params_nr = DSA_PUBLIC_PARAMS; if (pub->params[0] == NULL || pub->params[1] == NULL || pub->params[2] == NULL || pub->params[3] == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } break; case GNUTLS_PK_EC: pub->params[ECC_X] = _gnutls_mpi_copy(priv->params[ECC_X]); pub->params[ECC_Y] = _gnutls_mpi_copy(priv->params[ECC_Y]); pub->params_nr = ECC_PUBLIC_PARAMS; if (pub->params[ECC_X] == NULL || pub->params[ECC_Y] == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } break; default: gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } return 0; cleanup: gnutls_pk_params_release(pub); return ret; }
static int privkey_to_pubkey (gnutls_pk_algorithm_t pk, const bigint_t * params, int params_size, bigint_t * new_params, int *new_params_size) { int ret, i; switch (pk) { case GNUTLS_PK_RSA: if (*new_params_size < RSA_PUBLIC_PARAMS || params_size < RSA_PRIVATE_PARAMS) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } new_params[0] = _gnutls_mpi_copy (params[0]); new_params[1] = _gnutls_mpi_copy (params[1]); *new_params_size = RSA_PUBLIC_PARAMS; if (new_params[0] == NULL || new_params[1] == NULL) { gnutls_assert (); ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } break; case GNUTLS_PK_DSA: if (*new_params_size < DSA_PUBLIC_PARAMS || params_size < DSA_PRIVATE_PARAMS) { gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } new_params[0] = _gnutls_mpi_copy (params[0]); new_params[1] = _gnutls_mpi_copy (params[1]); new_params[2] = _gnutls_mpi_copy (params[2]); new_params[3] = _gnutls_mpi_copy (params[3]); *new_params_size = DSA_PUBLIC_PARAMS; if (new_params[0] == NULL || new_params[1] == NULL || new_params[2] == NULL || new_params[3] == NULL) { gnutls_assert (); ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } break; default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } return 0; cleanup: for (i = 0; i < *new_params_size; i++) _gnutls_mpi_release (new_params[i]); return ret; }
/* This function reads the RSA parameters from peer's certificate; */ static int _gnutls_get_public_rsa_params (gnutls_session_t session, bigint_t params[MAX_PUBLIC_PARAMS_SIZE], int *params_len) { int ret; cert_auth_info_t info; gnutls_cert peer_cert; int i; /* normal non export case */ info = _gnutls_get_auth_info (session); if (info == NULL || info->ncerts == 0) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } ret = _gnutls_get_auth_info_gcert (&peer_cert, session->security_parameters.cert_type, info, CERT_ONLY_PUBKEY | CERT_NO_COPY); if (ret < 0) { gnutls_assert (); return ret; } /* EXPORT case: */ if (_gnutls_cipher_suite_get_kx_algo (&session->security_parameters.current_cipher_suite) == GNUTLS_KX_RSA_EXPORT && _gnutls_mpi_get_nbits (peer_cert.params[0]) > 512) { _gnutls_gcert_deinit (&peer_cert); if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } if (*params_len < 2) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } *params_len = 2; for (i = 0; i < *params_len; i++) { params[i] = _gnutls_mpi_copy (session->key->rsa[i]); } return 0; } /* end of export case */ if (*params_len < peer_cert.params_size) { gnutls_assert (); return GNUTLS_E_INTERNAL_ERROR; } *params_len = peer_cert.params_size; for (i = 0; i < *params_len; i++) { params[i] = _gnutls_mpi_copy (peer_cert.params[i]); } _gnutls_gcert_deinit (&peer_cert); return 0; }