/**
* ntfs_rsa_private_key_import_from_gnutls
*/
static ntfs_rsa_private_key ntfs_rsa_private_key_import_from_gnutls(
gnutls_x509_privkey_t priv_key)
{
int i, j;
size_t tmp_size;
gnutls_datum_t rd[6];
gcry_mpi_t rm[6];
gcry_sexp_t rsa_key;
/* Extract the RSA parameters from the GNU TLS private key. */
if (gnutls_x509_privkey_export_rsa_raw(priv_key, &rd[0], &rd[1],
&rd[2], &rd[3], &rd[4], &rd[5])) {
ntfs_log_error("Failed to export rsa parameters. (Is the "
"key an RSA private key?)\n");
return NULL;
}
/* Convert each RSA parameter to mpi format. */
for (i = 0; i < 6; i++) {
if (gcry_mpi_scan(&rm[i], GCRYMPI_FMT_USG, rd[i].data,
rd[i].size, &tmp_size) != GPG_ERR_NO_ERROR) {
ntfs_log_error("Failed to convert RSA parameter %i "
"to mpi format (size %d)\n", i,
rd[i].size);
rsa_key = NULL;
break;
}
}
/* Release the no longer needed datum values. */
for (j = 0; j < 6; j++) {
if (rd[j].data && rd[j].size)
gnutls_free(rd[j].data);
}
/*
* Build the gcrypt private key, note libgcrypt uses p and q inversed
* to what gnutls uses.
*/
if (i == 6 && gcry_sexp_build(&rsa_key, NULL,
"(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
rm[0], rm[1], rm[2], rm[4], rm[3], rm[5]) !=
GPG_ERR_NO_ERROR) {
ntfs_log_error("Failed to build RSA private key s-exp.\n");
rsa_key = NULL;
}
/* Release the no longer needed mpi values. */
for (j = 0; j < i; j++)
gcry_mpi_release(rm[j]);
return (ntfs_rsa_private_key)rsa_key;
}
/**
* gnutls_rsa_params_export_raw - This function will export the RSA parameters
* @params: a structure that holds the rsa parameters
* @m: will hold the modulus
* @e: will hold the public exponent
* @d: will hold the private exponent
* @p: will hold the first prime (p)
* @q: will hold the second prime (q)
* @u: will hold the coefficient
* @bits: if non null will hold the prime's number of bits
*
* This function will export the RSA parameters found in the given
* structure. The new parameters will be allocated using
* gnutls_malloc() and will be stored in the appropriate datum.
*
**/
int
gnutls_rsa_params_export_raw (gnutls_rsa_params_t params,
gnutls_datum_t * m, gnutls_datum_t * e,
gnutls_datum_t * d, gnutls_datum_t * p,
gnutls_datum_t * q, gnutls_datum_t * u,
unsigned int *bits)
{
int ret;
ret = gnutls_x509_privkey_export_rsa_raw (params, m, e, d, p, q, u);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
if (bits)
*bits = _gnutls_mpi_get_nbits (params->params[3]);
return 0;
}
EAPI void
eet_identity_print(Eet_Key *key,
FILE *out)
{
#ifdef HAVE_SIGNATURE
# ifdef HAVE_GNUTLS
const char *names[6] = {
"Modulus",
"Public exponent",
"Private exponent",
"First prime",
"Second prime",
"Coefficient"
};
int err = 0;
gnutls_datum_t data = { NULL, 0 };
gnutls_datum_t rsa_raw[6];
size_t size = 128;
char *res = NULL;
char buf[33];
unsigned int i, j;
if (!key)
return;
if (!emile_cipher_init()) return ;
if (key->private_key)
{
if (gnutls_x509_privkey_export_rsa_raw(key->private_key,
rsa_raw + 0, /* Modulus */
rsa_raw + 1, /* Public exponent */
rsa_raw + 2, /* Private exponent */
rsa_raw + 3, /* First prime */
rsa_raw + 4, /* Second prime */
rsa_raw + 5)) /* Coefficient */
goto on_error;
if (!(res = malloc(size)))
goto on_error;
fprintf(out, "Private Key:\n");
buf[32] = '\0';
for (i = 0; i < 6; i++)
{
while ((err = gnutls_hex_encode(rsa_raw + i, res, &size)) ==
GNUTLS_E_SHORT_MEMORY_BUFFER)
{
char *temp;
size += 128;
if (!(temp = realloc(res, size)))
goto on_error;
res = temp;
}
if (err)
goto on_error;
fprintf(out, "\t%s:\n", names[i]);
for (j = 0; strlen(res) > j; j += 32)
{
snprintf(buf, 32, "%s", res + j);
fprintf(out, "\t\t%s\n", buf);
}
}
free(res);
res = NULL;
}
if (key->certificate)
{
fprintf(out, "Public certificate:\n");
if (gnutls_x509_crt_print(key->certificate, GNUTLS_X509_CRT_FULL,
&data))
goto on_error;
fprintf(out, "%s\n", data.data);
gnutls_free(data.data);
data.data = NULL;
}
on_error:
if (res)
free(res);
if (data.data)
gnutls_free(data.data);
return;
# else /* ifdef HAVE_GNUTLS */
RSA *rsa;
DSA *dsa;
DH *dh;
if (!key)
return;
if (!emile_cipher_init()) return ;
rsa = EVP_PKEY_get1_RSA(key->private_key);
if (rsa)
{
fprintf(out, "Private key (RSA):\n");
RSA_print_fp(out, rsa, 0);
}
dsa = EVP_PKEY_get1_DSA(key->private_key);
if (dsa)
{
fprintf(out, "Private key (DSA):\n");
DSA_print_fp(out, dsa, 0);
}
dh = EVP_PKEY_get1_DH(key->private_key);
if (dh)
{
fprintf(out, "Private key (DH):\n");
DHparams_print_fp(out, dh);
}
fprintf(out, "Public certificate:\n");
X509_print_fp(out, key->certificate);
# endif /* ifdef HAVE_GNUTLS */
#else /* ifdef HAVE_SIGNATURE */
key = NULL;
out = NULL;
ERR("You need to compile signature support in EET.");
#endif /* ifdef HAVE_SIGNATURE */
}
