int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo,
uint8_t * der, int dersize,
gnutls_pk_params_st * params)
{
switch (algo) {
case GNUTLS_PK_RSA:
return 0;
case GNUTLS_PK_DSA:
return _gnutls_x509_read_dsa_params(der, dersize, params);
case GNUTLS_PK_EC:
return _gnutls_x509_read_ecc_params(der, dersize, ¶ms->flags);
default:
return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
}
}
/* Extracts DSA and RSA parameters from a certificate.
*/
static int
get_mpis (int pk_algorithm, ASN1_TYPE asn, const char *root,
bigint_t * params, int *params_size)
{
int result;
char name[256];
gnutls_datum tmp = { NULL, 0 };
/* Read the algorithm's parameters
*/
snprintf (name, sizeof (name), "%s.subjectPublicKey", root);
result = _gnutls_x509_read_value (asn, name, &tmp, 2);
if (result < 0)
{
gnutls_assert ();
fprintf (stderr, "name: %s\n", name);
return result;
}
switch (pk_algorithm)
{
case GNUTLS_PK_RSA:
/* params[0] is the modulus,
* params[1] is the exponent
*/
if (*params_size < RSA_PUBLIC_PARAMS)
{
gnutls_assert ();
/* internal error. Increase the bigint_ts in params */
result = GNUTLS_E_INTERNAL_ERROR;
goto error;
}
if ((result =
_gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0)
{
gnutls_assert ();
goto error;
}
*params_size = RSA_PUBLIC_PARAMS;
break;
case GNUTLS_PK_DSA:
/* params[0] is p,
* params[1] is q,
* params[2] is q,
* params[3] is pub.
*/
if (*params_size < DSA_PUBLIC_PARAMS)
{
gnutls_assert ();
/* internal error. Increase the bigint_ts in params */
result = GNUTLS_E_INTERNAL_ERROR;
goto error;
}
if ((result =
_gnutls_x509_read_dsa_pubkey (tmp.data, tmp.size, params)) < 0)
{
gnutls_assert ();
goto error;
}
/* Now read the parameters
*/
_gnutls_free_datum (&tmp);
snprintf (name, sizeof (name), "%s.algorithm.parameters", root);
result = _gnutls_x509_read_value (asn, name, &tmp, 0);
/* FIXME: If the parameters are not included in the certificate
* then the issuer's parameters should be used. This is not
* done yet.
*/
if (result < 0)
{
gnutls_assert ();
goto error;
}
if ((result =
_gnutls_x509_read_dsa_params (tmp.data, tmp.size, params)) < 0)
{
gnutls_assert ();
goto error;
}
*params_size = DSA_PUBLIC_PARAMS;
break;
default:
/* other types like DH
* currently not supported
*/
gnutls_assert ();
result = GNUTLS_E_X509_CERTIFICATE_ERROR;
goto error;
}
result = 0;
error:
_gnutls_free_datum (&tmp);
return result;
}
/* Extracts DSA and RSA parameters from a certificate.
*/
int
_gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
bigint_t * params, int *params_size)
{
int result;
int pk_algorithm;
gnutls_datum tmp = { NULL, 0 };
/* Read the algorithm's OID
*/
pk_algorithm = gnutls_x509_crt_get_pk_algorithm (cert, NULL);
/* Read the algorithm's parameters
*/
result = _gnutls_x509_read_value (cert->cert,
"tbsCertificate.subjectPublicKeyInfo.subjectPublicKey",
&tmp, 2);
if (result < 0)
{
gnutls_assert ();
return result;
}
switch (pk_algorithm)
{
case GNUTLS_PK_RSA:
/* params[0] is the modulus,
* params[1] is the exponent
*/
if (*params_size < RSA_PUBLIC_PARAMS)
{
gnutls_assert ();
/* internal error. Increase the bigint_ts in params */
result = GNUTLS_E_INTERNAL_ERROR;
goto error;
}
if ((result =
_gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0)
{
gnutls_assert ();
goto error;
}
*params_size = RSA_PUBLIC_PARAMS;
break;
case GNUTLS_PK_DSA:
/* params[0] is p,
* params[1] is q,
* params[2] is q,
* params[3] is pub.
*/
if (*params_size < DSA_PUBLIC_PARAMS)
{
gnutls_assert ();
/* internal error. Increase the bigint_ts in params */
result = GNUTLS_E_INTERNAL_ERROR;
goto error;
}
if ((result =
_gnutls_x509_read_dsa_pubkey (tmp.data, tmp.size, params)) < 0)
{
gnutls_assert ();
goto error;
}
/* Now read the parameters
*/
_gnutls_free_datum (&tmp);
result = _gnutls_x509_read_value (cert->cert,
"tbsCertificate.subjectPublicKeyInfo.algorithm.parameters",
&tmp, 0);
/* FIXME: If the parameters are not included in the certificate
* then the issuer's parameters should be used. This is not
* done yet.
*/
if (result < 0)
{
gnutls_assert ();
goto error;
}
if ((result =
_gnutls_x509_read_dsa_params (tmp.data, tmp.size, params)) < 0)
{
gnutls_assert ();
goto error;
}
*params_size = DSA_PUBLIC_PARAMS;
break;
default:
/* other types like DH
* currently not supported
*/
gnutls_assert ();
result = GNUTLS_E_X509_CERTIFICATE_ERROR;
goto error;
}
result = 0;
error:
_gnutls_free_datum (&tmp);
return result;
}
