/*- * gnutls_privkey_sign_raw_data: * @key: Holds the key * @flags: should be zero * @data: holds the data to be signed * @signature: will contain the signature allocated with gnutls_malloc() * * This function will sign the given data using a signature algorithm * supported by the private key. Note that this is a low-level function * and does not apply any preprocessing or hash on the signed data. * For example on an RSA key the input @data should be of the DigestInfo * PKCS #1 1.5 format. Use it only if you know what are you doing. * * Note this function is equivalent to using the %GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA * flag with gnutls_privkey_sign_hash(). * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.1.10 -*/ static int _gnutls_privkey_sign_raw_data(gnutls_privkey_t key, unsigned flags, const gnutls_datum_t * data, gnutls_datum_t * signature) { switch (key->type) { #ifdef ENABLE_OPENPGP case GNUTLS_PRIVKEY_OPENPGP: return gnutls_openpgp_privkey_sign_hash(key->key.openpgp, data, signature); #endif #ifdef ENABLE_PKCS11 case GNUTLS_PRIVKEY_PKCS11: return _gnutls_pkcs11_privkey_sign_hash(key->key.pkcs11, data, signature); #endif case GNUTLS_PRIVKEY_X509: return _gnutls_pk_sign(key->key.x509->pk_algorithm, signature, data, &key->key.x509->params); case GNUTLS_PRIVKEY_EXT: if (key->key.ext.sign_func == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); return key->key.ext.sign_func(key, key->key.ext.userdata, data, signature); default: gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } }
/*- * _gnutls_privkey_sign_hash: * @key: Holds the key * @data: holds the data to be signed * @signature: will contain the signature allocate with gnutls_malloc() * * This function will sign the given data using a signature algorithm * supported by the private key. * * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a * negative error value. -*/ int _gnutls_privkey_sign_hash (gnutls_privkey_t key, const gnutls_datum_t * hash, gnutls_datum_t * signature) { switch (key->type) { #ifdef ENABLE_OPENPGP case GNUTLS_PRIVKEY_OPENPGP: return _gnutls_openpgp_privkey_sign_hash (key->key.openpgp, hash, signature); #endif case GNUTLS_PRIVKEY_PKCS11: return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11, hash, signature); case GNUTLS_PRIVKEY_X509: return _gnutls_soft_sign (key->key.x509->pk_algorithm, key->key.x509->params, key->key.x509->params_size, hash, signature); default: gnutls_assert (); return GNUTLS_E_INVALID_REQUEST; } }