static int
_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
const gnutls_datum_t * vdata,
const gnutls_datum_t * signature,
const gnutls_pk_params_st * pk_params)
{
int ret;
unsigned int hash_len;
bigint_t tmp[2] = { NULL, NULL };
switch (algo)
{
case GNUTLS_PK_EC: /* ECDSA */
{
ecc_key pub;
struct dsa_signature sig;
int stat;
int curve_id = pk_params->flags;
if (is_supported_curve(curve_id) == 0)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
_ecc_params_to_pubkey(pk_params, &pub);
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
_gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
if (hash_len > vdata->size)
hash_len = vdata->size;
ret = ecc_verify_hash(&sig, vdata->data, hash_len, &stat, &pub, curve_id);
if (ret != 0 || stat != 1)
{
gnutls_assert();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
else
ret = 0;
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
_ecc_params_clear( &pub);
break;
}
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_signature sig;
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
memset(&pub, 0, sizeof(pub));
_dsa_params_to_pubkey (pk_params, &pub);
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
_gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
if (hash_len > vdata->size)
hash_len = vdata->size;
ret = _dsa_verify (&pub, hash_len, vdata->data, &sig);
if (ret == 0)
{
gnutls_assert();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
else
ret = 0;
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
_rsa_params_to_pubkey (pk_params, &pub);
ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
ret = rsa_pkcs1_verify (&pub, vdata->size, vdata->data, TOMPZ(tmp[0]));
if (ret == 0)
ret = gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
else ret = 0;
_gnutls_mpi_release (&tmp[0]);
break;
}
default:
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
cleanup:
return ret;
}
static int
_wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo,
const gnutls_datum_t * vdata,
const gnutls_datum_t * signature,
const gnutls_pk_params_st * pk_params)
{
gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL;
int rc = -1, ret;
bigint_t hash;
bigint_t tmp[2] = { NULL, NULL };
if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
/* make a sexp from pkey */
switch (algo)
{
case GNUTLS_PK_DSA:
if (pk_params->params_nr >= 4)
rc = gcry_sexp_build (&s_pkey, NULL,
"(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
pk_params->params[0], pk_params->params[1],
pk_params->params[2], pk_params->params[3]);
break;
case GNUTLS_PK_RSA:
if (pk_params->params_nr >= 2)
rc = gcry_sexp_build (&s_pkey, NULL,
"(public-key(rsa(n%m)(e%m)))",
pk_params->params[0], pk_params->params[1]);
break;
default:
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
if (rc != 0)
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
/* put the data into a simple list */
if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
switch (algo)
{
case GNUTLS_PK_DSA:
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
rc = gcry_sexp_build (&s_sig, NULL,
"(sig-val(dsa(r%m)(s%m)))", tmp[0], tmp[1]);
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
break;
case GNUTLS_PK_RSA:
ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", tmp[0]);
_gnutls_mpi_release (&tmp[0]);
break;
default:
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
if (rc != 0)
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
if (rc != 0)
{
gnutls_assert ();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
goto cleanup;
}
ret = 0;
cleanup:
_gnutls_mpi_release (&hash);
if (s_sig)
gcry_sexp_release (s_sig);
if (s_hash)
gcry_sexp_release (s_hash);
if (s_pkey)
gcry_sexp_release (s_pkey);
return ret;
}
static int
_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
const gnutls_datum_t * vdata,
const gnutls_datum_t * signature,
const gnutls_pk_params_st * pk_params)
{
int ret;
unsigned int hash_len;
bigint_t tmp[2] = { NULL, NULL };
switch (algo)
{
case GNUTLS_PK_EC: /* ECDSA */
{
ecc_key pub;
struct dsa_signature sig;
int stat;
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
_ecc_params_to_pubkey(pk_params, &pub);
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
_gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
if (hash_len > vdata->size)
hash_len = vdata->size;
ret = ecc_verify_hash(&sig, vdata->data, hash_len, &stat, &pub);
if (ret != 0 || stat != 1)
{
gnutls_assert();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
else
ret = 0;
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
_ecc_params_clear( &pub);
break;
}
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_signature sig;
ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
memset(&pub, 0, sizeof(pub));
_dsa_params_to_pubkey (pk_params, &pub);
memcpy (&sig.r, tmp[0], sizeof (sig.r));
memcpy (&sig.s, tmp[1], sizeof (sig.s));
_gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
if (hash_len > vdata->size)
hash_len = vdata->size;
ret = _dsa_verify (&pub, hash_len, vdata->data, &sig);
if (ret == 0)
{
gnutls_assert();
ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
else
ret = 0;
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&tmp[1]);
break;
}
case GNUTLS_PK_RSA:
{
bigint_t hash;
if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
{
gnutls_assert ();
return GNUTLS_E_MPI_SCAN_FAILED;
}
ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
if (ret < 0)
{
gnutls_assert ();
goto cleanup;
}
ret = _int_rsa_verify (pk_params, hash, tmp[0]);
_gnutls_mpi_release (&tmp[0]);
_gnutls_mpi_release (&hash);
break;
}
default:
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
cleanup:
return ret;
}
