static int dcrypt_gnutls_generate_keypair(struct dcrypt_keypair *pair_r, enum dcrypt_key_type kind, unsigned int bits, const char *curve, const char **error_r) { gnutls_pk_algorithm_t pk_algo; gnutls_ecc_curve_t pk_curve; if (kind == DCRYPT_KEY_EC) { pk_curve = gnutls_ecc_curve_get_id(curve); if (pk_curve == GNUTLS_ECC_CURVE_INVALID) { *error_r = "Invalid curve"; return -1; } bits = GNUTLS_CURVE_TO_BITS(pk_curve); #if GNUTLS_VERSION_NUMBER >= 0x030500 pk_algo = gnutls_curve_get_pk(pk_curve); #else pk_algo = GNUTLS_PK_EC; #endif } else if (kind == DCRYPT_KEY_RSA) { pk_algo = gnutls_pk_get_id("RSA"); } else { *error_r = "Unsupported key type"; return -1; } int ec; gnutls_privkey_t priv; if ((ec = gnutls_privkey_init(&priv)) != GNUTLS_E_SUCCESS) return dcrypt_gnutls_error(ec, error_r); #if GNUTLS_VERSION_NUMBER >= 0x030500 gnutls_privkey_set_flags(priv, GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); #endif ec = gnutls_privkey_generate(priv, pk_algo, bits, 0); if (ec != GNUTLS_E_SUCCESS) { gnutls_privkey_deinit(priv); return dcrypt_gnutls_error(ec, error_r); } pair_r->priv = (struct dcrypt_private_key*)priv; return dcrypt_gnutls_private_to_public_key(pair_r->priv, &pair_r->pub, error_r); }
void doit (void) { if (debug) { printf ("GnuTLS header version %s.\n", GNUTLS_VERSION); printf ("GnuTLS library version %s.\n", gnutls_check_version (NULL)); } if (!gnutls_check_version (GNUTLS_VERSION)) fail ("gnutls_check_version ERROR\n"); { const gnutls_pk_algorithm_t *algs; size_t i; int pk; algs = gnutls_pk_list (); if (!algs) fail ("gnutls_pk_list return NULL\n"); for (i = 0; algs[i]; i++) { if (debug) printf ("pk_list[%d] = %d = %s = %d\n", (int) i, algs[i], gnutls_pk_algorithm_get_name (algs[i]), gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i]))); if (gnutls_pk_get_id (gnutls_pk_algorithm_get_name (algs[i])) != algs[i]) fail ("gnutls_pk id's doesn't match\n"); } pk = gnutls_pk_get_id ("foo"); if (pk != GNUTLS_PK_UNKNOWN) fail ("gnutls_pk unknown test failed (%d)\n", pk); if (debug) success ("gnutls_pk_list ok\n"); } { const gnutls_sign_algorithm_t *algs; size_t i; int pk; algs = gnutls_sign_list (); if (!algs) fail ("gnutls_sign_list return NULL\n"); for (i = 0; algs[i]; i++) { if (debug) printf ("sign_list[%d] = %d = %s = %d\n", (int) i, algs[i], gnutls_sign_algorithm_get_name (algs[i]), gnutls_sign_get_id (gnutls_sign_algorithm_get_name (algs[i]))); if (gnutls_sign_get_id (gnutls_sign_algorithm_get_name (algs[i])) != algs[i]) fail ("gnutls_sign id's doesn't match\n"); } pk = gnutls_sign_get_id ("foo"); if (pk != GNUTLS_PK_UNKNOWN) fail ("gnutls_sign unknown test failed (%d)\n", pk); if (debug) success ("gnutls_sign_list ok\n"); } }