/* * This function will do RSA PKCS #1 1.5 encoding * on the given digest. The given digest must be allocated * and will be freed if replacement is required. */ int pk_prepare_hash(gnutls_pk_algorithm_t pk, const mac_entry_st * hash, gnutls_datum_t * digest) { int ret; gnutls_datum_t old_digest = { digest->data, digest->size }; switch (pk) { case GNUTLS_PK_RSA: if (unlikely(hash == NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); /* Encode the digest as a DigestInfo */ if ((ret = encode_ber_digest_info(hash, &old_digest, digest)) != 0) { gnutls_assert(); return ret; } _gnutls_free_datum(&old_digest); break; case GNUTLS_PK_DSA: case GNUTLS_PK_EC: break; default: gnutls_assert(); return GNUTLS_E_UNIMPLEMENTED_FEATURE; } return 0; }
/* * This function will do RSA PKCS #1 1.5 encoding * on the given digest. The given digest must be allocated * and will be freed if replacement is required. */ int pk_prepare_hash (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash, gnutls_datum_t * digest) { int ret; gnutls_datum_t old_digest = { digest->data, digest->size }; switch (pk) { case GNUTLS_PK_RSA: /* Encode the digest as a DigestInfo */ if ((ret = encode_ber_digest_info (hash, &old_digest, digest)) != 0) { gnutls_assert (); return ret; } _gnutls_free_datum (&old_digest); break; case GNUTLS_PK_DSA: break; default: gnutls_assert (); return GNUTLS_E_UNIMPLEMENTED_FEATURE; } return 0; }
/** * gnutls_encode_ber_digest_info: * @info: an RSA BER encoded DigestInfo structure * @hash: the hash algorithm that was used to get the digest * @digest: must contain the digest data * @output: will contain the allocated DigestInfo BER encoded data * * This function will encode the provided digest data, and its * algorithm into an RSA PKCS#1 1.5 DigestInfo structure. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. * * Since: 3.5.0 * **/ int gnutls_encode_ber_digest_info(gnutls_digest_algorithm_t hash, const gnutls_datum_t * digest, gnutls_datum_t * output) { const mac_entry_st *e = hash_to_entry(hash); if (unlikely(e == NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); return encode_ber_digest_info(e , digest, output); }
/* if hash==MD5 then we do RSA-MD5 * if hash==SHA then we do RSA-SHA * params[0] is modulus * params[1] is public key */ static int pkcs1_rsa_sign (gnutls_digest_algorithm_t hash, const gnutls_datum_t * text, bigint_t * params, int params_len, gnutls_datum_t * signature) { int ret; opaque _digest[MAX_HASH_SIZE]; digest_hd_st hd; gnutls_datum_t digest, info; ret = _gnutls_hash_init (&hd, HASH2MAC (hash)); if (ret < 0) { gnutls_assert (); return ret; } _gnutls_hash (&hd, text->data, text->size); _gnutls_hash_deinit (&hd, _digest); digest.data = _digest; digest.size = _gnutls_hash_get_algo_len (HASH2MAC (hash)); /* Encode the digest as a DigestInfo */ if ((ret = encode_ber_digest_info (hash, &digest, &info)) != 0) { gnutls_assert (); return ret; } if ((ret = _gnutls_sign (GNUTLS_PK_RSA, params, params_len, &info, signature)) < 0) { gnutls_assert (); _gnutls_free_datum (&info); return ret; } _gnutls_free_datum (&info); return 0; }