/**
* gnutls_openpgp_privkey_sign_hash:
* @key: Holds the key
* @hash: holds the data to be signed
* @signature: will contain newly allocated signature
*
* This function will sign the given hash using the private key. You
* should use gnutls_openpgp_privkey_set_preferred_key_id() before
* calling this function to set the subkey to use.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
*
* Deprecated: Use gnutls_privkey_sign_hash() instead.
*/
int
gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
const gnutls_datum_t * hash,
gnutls_datum_t * signature)
{
int result, i;
bigint_t params[MAX_PRIV_PARAMS_SIZE];
int params_size = MAX_PRIV_PARAMS_SIZE;
int pk_algorithm;
uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE];
if (key == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
if (result == 0)
{
uint32_t kid[2];
int idx;
KEYID_IMPORT (kid, keyid);
idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
pk_algorithm =
gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
result =
_gnutls_openpgp_privkey_get_mpis (key, kid, params, ¶ms_size);
}
else
{
pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
result = _gnutls_openpgp_privkey_get_mpis (key, NULL,
params, ¶ms_size);
}
if (result < 0)
{
gnutls_assert ();
return result;
}
result =
_gnutls_soft_sign (pk_algorithm, params, params_size, hash, signature);
for (i = 0; i < params_size; i++)
_gnutls_mpi_release (¶ms[i]);
if (result < 0)
{
gnutls_assert ();
return result;
}
return 0;
}
/*-
* _gnutls_x509_privkey_sign_hash2:
* @signer: Holds the signer's key
* @hash_algo: The hash algorithm used
* @hash_data: holds the data to be signed
* @signature: will contain newly allocated signature
* @flags: (0) for now
*
* This function will sign the given hashed data using a signature algorithm
* supported by the private key. Signature algorithms are always used
* together with a hash functions. Different hash functions may be
* used for the RSA algorithm, but only SHA-1,SHA-224 and SHA-256
* for the DSA keys, depending on their bit size.
*
* Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
* the hash algorithm.
*
* The RSA algorithm is used in PKCS #1 v1.5 mode.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
-*/
static int
_gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer,
gnutls_digest_algorithm_t hash_algo,
unsigned int flags,
const gnutls_datum_t * hash_data,
gnutls_datum_t * signature)
{
int ret;
gnutls_datum_t digest;
digest.data = gnutls_malloc (hash_data->size);
if (digest.data == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
digest.size = hash_data->size;
memcpy (digest.data, hash_data->data, digest.size);
ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
ret = _gnutls_soft_sign (signer->pk_algorithm, &signer->params,
&digest, signature);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
ret = 0;
cleanup:
_gnutls_free_datum (&digest);
return ret;
}
/**
* gnutls_x509_privkey_sign_hash:
* @key: Holds the key
* @hash: holds the data to be signed
* @signature: will contain newly allocated signature
*
* This function will sign the given hash using the private key. Do not
* use this function directly unless you know what it is. Typical signing
* requires the data to be hashed and stored in special formats
* (e.g. BER Digest-Info for RSA).
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Deprecated in: 2.12.0
*/
int
gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
const gnutls_datum_t * hash,
gnutls_datum_t * signature)
{
int result;
if (key == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
result = _gnutls_soft_sign (key->pk_algorithm, &key->params,
hash, signature);
if (result < 0)
{
gnutls_assert ();
return result;
}
return 0;
}
/*-
* _gnutls_privkey_sign_hash:
* @key: Holds the key
* @data: holds the data to be signed
* @signature: will contain the signature allocate with gnutls_malloc()
*
* This function will sign the given data using a signature algorithm
* supported by the private key.
*
* Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
* negative error value.
-*/
int
_gnutls_privkey_sign_hash (gnutls_privkey_t key,
const gnutls_datum_t * hash,
gnutls_datum_t * signature)
{
switch (key->type)
{
#ifdef ENABLE_OPENPGP
case GNUTLS_PRIVKEY_OPENPGP:
return _gnutls_openpgp_privkey_sign_hash (key->key.openpgp,
hash, signature);
#endif
case GNUTLS_PRIVKEY_PKCS11:
return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
hash, signature);
case GNUTLS_PRIVKEY_X509:
return _gnutls_soft_sign (key->key.x509->pk_algorithm,
key->key.x509->params,
key->key.x509->params_size, hash, signature);
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
}
