2 * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GnuTLS.
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26 #include <gnutls_int.h>
27 #include <gnutls_datum.h>
28 #include <gnutls_global.h>
29 #include <gnutls_errors.h>
30 #include <gnutls_rsa_export.h>
31 #include <gnutls_sig.h>
33 #include <gnutls_x509.h>
36 #include <gnutls_pk.h>
37 #include <gnutls_mpi.h>
39 static int _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params);
42 * gnutls_x509_privkey_init:
43 * @key: The structure to be initialized
45 * This function will initialize an private key structure.
47 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
48 * negative error value.
51 gnutls_x509_privkey_init (gnutls_x509_privkey_t * key)
53 *key = gnutls_calloc (1, sizeof (gnutls_x509_privkey_int));
57 (*key)->key = ASN1_TYPE_EMPTY;
58 (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
59 return 0; /* success */
62 return GNUTLS_E_MEMORY_ERROR;
66 * gnutls_x509_privkey_deinit:
67 * @key: The structure to be deinitialized
69 * This function will deinitialize a private key structure.
72 gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key)
79 for (i = 0; i < key->params_size; i++)
81 _gnutls_mpi_release (&key->params[i]);
84 asn1_delete_structure (&key->key);
89 * gnutls_x509_privkey_cpy:
90 * @dst: The destination key, which should be initialized.
91 * @src: The source key
93 * This function will copy a private key from source to destination
94 * key. Destination has to be initialized.
96 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
97 * negative error value.
100 gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src)
105 return GNUTLS_E_INVALID_REQUEST;
107 for (i = 0; i < src->params_size; i++)
109 dst->params[i] = _gnutls_mpi_copy (src->params[i]);
110 if (dst->params[i] == NULL)
111 return GNUTLS_E_MEMORY_ERROR;
114 dst->params_size = src->params_size;
115 dst->pk_algorithm = src->pk_algorithm;
117 switch (dst->pk_algorithm)
120 ret = _gnutls_asn1_encode_dsa (&dst->key, dst->params);
128 ret = _gnutls_asn1_encode_rsa (&dst->key, dst->params);
137 return GNUTLS_E_INVALID_REQUEST;
143 /* Converts an RSA PKCS#1 key to
144 * an internal structure (gnutls_private_key)
147 _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key,
148 gnutls_x509_privkey_t pkey)
152 gnutls_pk_params_st pk_params;
154 memset (&pk_params, 0, sizeof (pk_params));
155 pk_params.params_nr = RSA_PRIVATE_PARAMS;
158 asn1_create_element (_gnutls_get_gnutls_asn (),
159 "GNUTLS.RSAPrivateKey",
160 &pkey_asn)) != ASN1_SUCCESS)
166 result = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL);
167 if (result != ASN1_SUCCESS)
173 if ((result = _gnutls_x509_read_int (pkey_asn, "modulus",
174 &pk_params.params[0])) < 0)
181 _gnutls_x509_read_int (pkey_asn, "publicExponent",
182 &pk_params.params[1])) < 0)
189 _gnutls_x509_read_int (pkey_asn, "privateExponent",
190 &pk_params.params[2])) < 0)
196 if ((result = _gnutls_x509_read_int (pkey_asn, "prime1",
197 &pk_params.params[3])) < 0)
203 if ((result = _gnutls_x509_read_int (pkey_asn, "prime2",
204 &pk_params.params[4])) < 0)
210 if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient",
211 &pk_params.params[5])) < 0)
217 if ((result = _gnutls_x509_read_int (pkey_asn, "exponent1",
218 &pk_params.params[6])) < 0)
224 if ((result = _gnutls_x509_read_int (pkey_asn, "exponent2",
225 &pk_params.params[7])) < 0)
232 result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pk_params);
239 pkey->params[0] = pk_params.params[0];
240 pkey->params[1] = pk_params.params[1];
241 pkey->params[2] = pk_params.params[2];
242 pkey->params[3] = pk_params.params[3];
243 pkey->params[4] = pk_params.params[4];
244 pkey->params[5] = pk_params.params[5];
245 pkey->params[6] = pk_params.params[6];
246 pkey->params[7] = pk_params.params[7];
247 pkey->params_size = pk_params.params_nr;
252 asn1_delete_structure (&pkey_asn);
253 gnutls_pk_params_release (&pk_params);
259 decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
265 asn1_create_element (_gnutls_get_gnutls_asn (),
266 "GNUTLS.DSAPrivateKey",
267 &dsa_asn)) != ASN1_SUCCESS)
273 result = asn1_der_decoding (&dsa_asn, raw_key->data, raw_key->size, NULL);
274 if (result != ASN1_SUCCESS)
280 if ((result = _gnutls_x509_read_int (dsa_asn, "p", &pkey->params[0])) < 0)
286 if ((result = _gnutls_x509_read_int (dsa_asn, "q", &pkey->params[1])) < 0)
292 if ((result = _gnutls_x509_read_int (dsa_asn, "g", &pkey->params[2])) < 0)
298 if ((result = _gnutls_x509_read_int (dsa_asn, "Y", &pkey->params[3])) < 0)
304 if ((result = _gnutls_x509_read_int (dsa_asn, "priv",
305 &pkey->params[4])) < 0)
310 pkey->params_size = 5;
315 asn1_delete_structure (&dsa_asn);
316 _gnutls_mpi_release (&pkey->params[0]);
317 _gnutls_mpi_release (&pkey->params[1]);
318 _gnutls_mpi_release (&pkey->params[2]);
319 _gnutls_mpi_release (&pkey->params[3]);
320 _gnutls_mpi_release (&pkey->params[4]);
326 #define PEM_KEY_DSA "DSA PRIVATE KEY"
327 #define PEM_KEY_RSA "RSA PRIVATE KEY"
330 * gnutls_x509_privkey_import:
331 * @key: The structure to store the parsed key
332 * @data: The DER or PEM encoded certificate.
333 * @format: One of DER or PEM
335 * This function will convert the given DER or PEM encoded key to the
336 * native #gnutls_x509_privkey_t format. The output will be stored in
339 * If the key is PEM encoded it should have a header of "RSA PRIVATE
340 * KEY", or "DSA PRIVATE KEY".
342 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
343 * negative error value.
346 gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
347 const gnutls_datum_t * data,
348 gnutls_x509_crt_fmt_t format)
350 int result = 0, need_free = 0;
351 gnutls_datum_t _data;
356 return GNUTLS_E_INVALID_REQUEST;
359 _data.data = data->data;
360 _data.size = data->size;
362 key->pk_algorithm = GNUTLS_PK_UNKNOWN;
364 /* If the Certificate is in PEM format then decode it
366 if (format == GNUTLS_X509_FMT_PEM)
370 /* Try the first header */
372 _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
375 key->pk_algorithm = GNUTLS_PK_RSA;
377 if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
379 /* try for the second header */
381 _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
386 result = GNUTLS_E_INTERNAL_ERROR;
392 key->pk_algorithm = GNUTLS_PK_DSA;
401 if (key->pk_algorithm == GNUTLS_PK_RSA)
403 key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
404 if (key->key == NULL)
407 else if (key->pk_algorithm == GNUTLS_PK_DSA)
409 key->key = decode_dsa_key (&_data, key);
410 if (key->key == NULL)
415 /* Try decoding with both, and accept the one that
418 key->pk_algorithm = GNUTLS_PK_RSA;
419 key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
421 if (key->key == NULL)
423 key->pk_algorithm = GNUTLS_PK_DSA;
424 key->key = decode_dsa_key (&_data, key);
425 if (key->key == NULL)
430 if (key->key == NULL)
433 result = GNUTLS_E_ASN1_DER_ERROR;
438 _gnutls_free_datum (&_data);
440 /* The key has now been decoded.
448 if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
450 _gnutls_debug_log ("Falling back to PKCS #8 key decoding\n");
451 result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
452 NULL, GNUTLS_PKCS_PLAIN);
457 _gnutls_free_datum (&_data);
462 #define FREE_RSA_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \
463 _gnutls_mpi_release(&key->params[i])
464 #define FREE_DSA_PRIVATE_PARAMS for (i=0;i<DSA_PRIVATE_PARAMS;i++) \
465 _gnutls_mpi_release(&key->params[i])
468 * gnutls_x509_privkey_import_rsa_raw:
469 * @key: The structure to store the parsed key
470 * @m: holds the modulus
471 * @e: holds the public exponent
472 * @d: holds the private exponent
473 * @p: holds the first prime (p)
474 * @q: holds the second prime (q)
475 * @u: holds the coefficient
477 * This function will convert the given RSA raw parameters to the
478 * native #gnutls_x509_privkey_t format. The output will be stored in
481 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
482 * negative error value.
485 gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
486 const gnutls_datum_t * m,
487 const gnutls_datum_t * e,
488 const gnutls_datum_t * d,
489 const gnutls_datum_t * p,
490 const gnutls_datum_t * q,
491 const gnutls_datum_t * u)
493 return gnutls_x509_privkey_import_rsa_raw2 (key, m, e, d, p, q, u, NULL,
498 * gnutls_x509_privkey_import_rsa_raw2:
499 * @key: The structure to store the parsed key
500 * @m: holds the modulus
501 * @e: holds the public exponent
502 * @d: holds the private exponent
503 * @p: holds the first prime (p)
504 * @q: holds the second prime (q)
505 * @u: holds the coefficient
506 * @e1: holds e1 = d mod (p-1)
507 * @e2: holds e2 = d mod (q-1)
509 * This function will convert the given RSA raw parameters to the
510 * native #gnutls_x509_privkey_t format. The output will be stored in
513 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
514 * negative error value.
517 gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
518 const gnutls_datum_t * m,
519 const gnutls_datum_t * e,
520 const gnutls_datum_t * d,
521 const gnutls_datum_t * p,
522 const gnutls_datum_t * q,
523 const gnutls_datum_t * u,
524 const gnutls_datum_t * e1,
525 const gnutls_datum_t * e2)
529 gnutls_pk_params_st pk_params;
531 memset (&pk_params, 0, sizeof (pk_params));
536 return GNUTLS_E_INVALID_REQUEST;
539 key->params_size = 0;
542 if (_gnutls_mpi_scan_nz (&key->params[0], m->data, siz))
545 FREE_RSA_PRIVATE_PARAMS;
546 return GNUTLS_E_MPI_SCAN_FAILED;
551 if (_gnutls_mpi_scan_nz (&key->params[1], e->data, siz))
554 FREE_RSA_PRIVATE_PARAMS;
555 return GNUTLS_E_MPI_SCAN_FAILED;
560 if (_gnutls_mpi_scan_nz (&key->params[2], d->data, siz))
563 FREE_RSA_PRIVATE_PARAMS;
564 return GNUTLS_E_MPI_SCAN_FAILED;
569 if (_gnutls_mpi_scan_nz (&key->params[3], p->data, siz))
572 FREE_RSA_PRIVATE_PARAMS;
573 return GNUTLS_E_MPI_SCAN_FAILED;
578 if (_gnutls_mpi_scan_nz (&key->params[4], q->data, siz))
581 FREE_RSA_PRIVATE_PARAMS;
582 return GNUTLS_E_MPI_SCAN_FAILED;
587 if (_gnutls_mpi_scan_nz (&key->params[5], u->data, siz))
590 FREE_RSA_PRIVATE_PARAMS;
591 return GNUTLS_E_MPI_SCAN_FAILED;
598 if (_gnutls_mpi_scan_nz (&key->params[6], e1->data, siz))
601 FREE_RSA_PRIVATE_PARAMS;
602 return GNUTLS_E_MPI_SCAN_FAILED;
607 if (_gnutls_mpi_scan_nz (&key->params[7], e2->data, siz))
610 FREE_RSA_PRIVATE_PARAMS;
611 return GNUTLS_E_MPI_SCAN_FAILED;
616 for (i = 0; i < key->params_size; i++)
618 pk_params.params[i] = key->params[i];
621 pk_params.params_nr = key->params_size;
623 ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pk_params);
627 FREE_RSA_PRIVATE_PARAMS;
631 for (i = 0; i < pk_params.params_nr; i++)
633 key->params[i] = pk_params.params[i];
635 key->params_size = pk_params.params_nr;
637 ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
641 FREE_RSA_PRIVATE_PARAMS;
645 key->params_size = RSA_PRIVATE_PARAMS;
646 key->pk_algorithm = GNUTLS_PK_RSA;
653 * gnutls_x509_privkey_import_dsa_raw:
654 * @key: The structure to store the parsed key
661 * This function will convert the given DSA raw parameters to the
662 * native #gnutls_x509_privkey_t format. The output will be stored
665 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
666 * negative error value.
669 gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
670 const gnutls_datum_t * p,
671 const gnutls_datum_t * q,
672 const gnutls_datum_t * g,
673 const gnutls_datum_t * y,
674 const gnutls_datum_t * x)
682 return GNUTLS_E_INVALID_REQUEST;
686 if (_gnutls_mpi_scan_nz (&key->params[0], p->data, siz))
689 FREE_DSA_PRIVATE_PARAMS;
690 return GNUTLS_E_MPI_SCAN_FAILED;
694 if (_gnutls_mpi_scan_nz (&key->params[1], q->data, siz))
697 FREE_DSA_PRIVATE_PARAMS;
698 return GNUTLS_E_MPI_SCAN_FAILED;
702 if (_gnutls_mpi_scan_nz (&key->params[2], g->data, siz))
705 FREE_DSA_PRIVATE_PARAMS;
706 return GNUTLS_E_MPI_SCAN_FAILED;
710 if (_gnutls_mpi_scan_nz (&key->params[3], y->data, siz))
713 FREE_DSA_PRIVATE_PARAMS;
714 return GNUTLS_E_MPI_SCAN_FAILED;
718 if (_gnutls_mpi_scan_nz (&key->params[4], x->data, siz))
721 FREE_DSA_PRIVATE_PARAMS;
722 return GNUTLS_E_MPI_SCAN_FAILED;
725 ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
729 FREE_DSA_PRIVATE_PARAMS;
733 key->params_size = DSA_PRIVATE_PARAMS;
734 key->pk_algorithm = GNUTLS_PK_DSA;
742 * gnutls_x509_privkey_get_pk_algorithm:
743 * @key: should contain a #gnutls_x509_privkey_t structure
745 * This function will return the public key algorithm of a private
748 * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
749 * success, or a negative value on error.
752 gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key)
757 return GNUTLS_E_INVALID_REQUEST;
760 return key->pk_algorithm;
764 * gnutls_x509_privkey_export:
765 * @key: Holds the key
766 * @format: the format of output params. One of PEM or DER.
767 * @output_data: will contain a private key PEM or DER encoded
768 * @output_data_size: holds the size of output_data (and will be
769 * replaced by the actual size of parameters)
771 * This function will export the private key to a PKCS1 structure for
772 * RSA keys, or an integer sequence for DSA keys. The DSA keys are in
773 * the same format with the parameters used by openssl.
775 * If the buffer provided is not long enough to hold the output, then
776 * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER
779 * If the structure is PEM encoded, it will have a header
780 * of "BEGIN RSA PRIVATE KEY".
782 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
783 * negative error value.
786 gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
787 gnutls_x509_crt_fmt_t format, void *output_data,
788 size_t * output_data_size)
795 return GNUTLS_E_INVALID_REQUEST;
798 if (key->pk_algorithm == GNUTLS_PK_RSA)
800 else if (key->pk_algorithm == GNUTLS_PK_DSA)
805 return _gnutls_x509_export_int (key->key, format, msg,
806 output_data, output_data_size);
810 * gnutls_x509_privkey_sec_param:
811 * @key: a key structure
813 * This function will return the security parameter appropriate with
816 * Returns: On success, a valid security parameter is returned otherwise
817 * %GNUTLS_SEC_PARAM_UNKNOWN is returned.
820 gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key)
824 switch (key->pk_algorithm)
827 ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits (key->params[0] /*m */
831 ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits (key->params[0] /*p */
835 ret = GNUTLS_SEC_PARAM_UNKNOWN;
842 * gnutls_x509_privkey_export_rsa_raw:
843 * @key: a structure that holds the rsa parameters
844 * @m: will hold the modulus
845 * @e: will hold the public exponent
846 * @d: will hold the private exponent
847 * @p: will hold the first prime (p)
848 * @q: will hold the second prime (q)
849 * @u: will hold the coefficient
851 * This function will export the RSA private key's parameters found
852 * in the given structure. The new parameters will be allocated using
853 * gnutls_malloc() and will be stored in the appropriate datum.
855 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
856 * negative error value.
859 gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
860 gnutls_datum_t * m, gnutls_datum_t * e,
861 gnutls_datum_t * d, gnutls_datum_t * p,
862 gnutls_datum_t * q, gnutls_datum_t * u)
865 return gnutls_x509_privkey_export_rsa_raw2 (key, m, e, d, p, q, u, NULL,
870 * gnutls_x509_privkey_export_rsa_raw2:
871 * @key: a structure that holds the rsa parameters
872 * @m: will hold the modulus
873 * @e: will hold the public exponent
874 * @d: will hold the private exponent
875 * @p: will hold the first prime (p)
876 * @q: will hold the second prime (q)
877 * @u: will hold the coefficient
878 * @e1: will hold e1 = d mod (p-1)
879 * @e2: will hold e2 = d mod (q-1)
881 * This function will export the RSA private key's parameters found
882 * in the given structure. The new parameters will be allocated using
883 * gnutls_malloc() and will be stored in the appropriate datum.
885 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
886 * negative error value.
889 gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
890 gnutls_datum_t * m, gnutls_datum_t * e,
891 gnutls_datum_t * d, gnutls_datum_t * p,
892 gnutls_datum_t * q, gnutls_datum_t * u,
893 gnutls_datum_t * e1, gnutls_datum_t * e2)
896 gnutls_pk_params_st pk_params;
898 memset (&pk_params, 0, sizeof (pk_params));
903 return GNUTLS_E_INVALID_REQUEST;
906 m->data = e->data = d->data = p->data = q->data = u->data = NULL;
907 m->size = e->size = d->size = p->size = q->size = u->size = 0;
909 ret = _gnutls_pk_params_copy (&pk_params, key->params, RSA_PRIVATE_PARAMS);
916 ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
923 ret = _gnutls_mpi_dprint_lz (pk_params.params[0], m);
931 ret = _gnutls_mpi_dprint_lz (pk_params.params[1], e);
939 ret = _gnutls_mpi_dprint_lz (pk_params.params[2], d);
947 ret = _gnutls_mpi_dprint_lz (pk_params.params[3], p);
955 ret = _gnutls_mpi_dprint_lz (pk_params.params[4], q);
963 ret = _gnutls_mpi_dprint_lz (key->params[5], u);
973 ret = _gnutls_mpi_dprint_lz (key->params[6], e1);
984 ret = _gnutls_mpi_dprint_lz (key->params[7], e2);
992 gnutls_pk_params_release (&pk_params);
997 _gnutls_free_datum (m);
998 _gnutls_free_datum (d);
999 _gnutls_free_datum (e);
1000 _gnutls_free_datum (p);
1001 _gnutls_free_datum (q);
1002 gnutls_pk_params_release (&pk_params);
1008 * gnutls_x509_privkey_export_dsa_raw:
1009 * @key: a structure that holds the DSA parameters
1010 * @p: will hold the p
1011 * @q: will hold the q
1012 * @g: will hold the g
1013 * @y: will hold the y
1014 * @x: will hold the x
1016 * This function will export the DSA private key's parameters found
1017 * in the given structure. The new parameters will be allocated using
1018 * gnutls_malloc() and will be stored in the appropriate datum.
1020 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1021 * negative error value.
1024 gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
1025 gnutls_datum_t * p, gnutls_datum_t * q,
1026 gnutls_datum_t * g, gnutls_datum_t * y,
1034 return GNUTLS_E_INVALID_REQUEST;
1038 ret = _gnutls_mpi_dprint_lz (key->params[0], p);
1046 ret = _gnutls_mpi_dprint_lz (key->params[1], q);
1050 _gnutls_free_datum (p);
1056 ret = _gnutls_mpi_dprint_lz (key->params[2], g);
1060 _gnutls_free_datum (p);
1061 _gnutls_free_datum (q);
1067 ret = _gnutls_mpi_dprint_lz (key->params[3], y);
1071 _gnutls_free_datum (p);
1072 _gnutls_free_datum (g);
1073 _gnutls_free_datum (q);
1078 ret = _gnutls_mpi_dprint_lz (key->params[4], x);
1082 _gnutls_free_datum (y);
1083 _gnutls_free_datum (p);
1084 _gnutls_free_datum (g);
1085 _gnutls_free_datum (q);
1093 /* Encodes the RSA parameters into an ASN.1 RSA private key structure.
1096 _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params)
1100 gnutls_pk_params_st pk_params;
1101 gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
1103 memset (&pk_params, 0, sizeof (pk_params));
1105 memset (&m, 0, sizeof (m));
1106 memset (&p, 0, sizeof (p));
1107 memset (&q, 0, sizeof (q));
1108 memset (&p, 0, sizeof (p));
1109 memset (&u, 0, sizeof (u));
1110 memset (&e, 0, sizeof (e));
1111 memset (&d, 0, sizeof (d));
1112 memset (&exp1, 0, sizeof (exp1));
1113 memset (&exp2, 0, sizeof (exp2));
1115 result = _gnutls_pk_params_copy (&pk_params, params, RSA_PRIVATE_PARAMS);
1122 result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
1129 /* retrieve as data */
1131 result = _gnutls_mpi_dprint_lz (pk_params.params[0], &m);
1138 result = _gnutls_mpi_dprint_lz (pk_params.params[1], &e);
1145 result = _gnutls_mpi_dprint_lz (pk_params.params[2], &d);
1152 result = _gnutls_mpi_dprint_lz (pk_params.params[3], &p);
1159 result = _gnutls_mpi_dprint_lz (pk_params.params[4], &q);
1166 result = _gnutls_mpi_dprint_lz (pk_params.params[5], &u);
1173 result = _gnutls_mpi_dprint_lz (pk_params.params[6], &exp1);
1180 result = _gnutls_mpi_dprint_lz (pk_params.params[7], &exp2);
1187 /* Ok. Now we have the data. Create the asn1 structures
1190 /* first make sure that no previously allocated data are leaked */
1191 if (*c2 != ASN1_TYPE_EMPTY)
1193 asn1_delete_structure (c2);
1194 *c2 = ASN1_TYPE_EMPTY;
1197 if ((result = asn1_create_element
1198 (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPrivateKey", c2))
1202 result = _gnutls_asn2err (result);
1208 if ((result = asn1_write_value (*c2, "modulus",
1209 m.data, m.size)) != ASN1_SUCCESS)
1212 result = _gnutls_asn2err (result);
1216 if ((result = asn1_write_value (*c2, "publicExponent",
1217 e.data, e.size)) != ASN1_SUCCESS)
1220 result = _gnutls_asn2err (result);
1224 if ((result = asn1_write_value (*c2, "privateExponent",
1225 d.data, d.size)) != ASN1_SUCCESS)
1228 result = _gnutls_asn2err (result);
1232 if ((result = asn1_write_value (*c2, "prime1",
1233 p.data, p.size)) != ASN1_SUCCESS)
1236 result = _gnutls_asn2err (result);
1240 if ((result = asn1_write_value (*c2, "prime2",
1241 q.data, q.size)) != ASN1_SUCCESS)
1244 result = _gnutls_asn2err (result);
1248 if ((result = asn1_write_value (*c2, "coefficient",
1249 u.data, u.size)) != ASN1_SUCCESS)
1252 result = _gnutls_asn2err (result);
1257 if ((result = asn1_write_value (*c2, "exponent1",
1258 exp1.data, exp1.size)) != ASN1_SUCCESS)
1261 result = _gnutls_asn2err (result);
1265 if ((result = asn1_write_value (*c2, "exponent2",
1266 exp2.data, exp2.size)) != ASN1_SUCCESS)
1269 result = _gnutls_asn2err (result);
1273 if ((result = asn1_write_value (*c2, "otherPrimeInfos",
1274 NULL, 0)) != ASN1_SUCCESS)
1277 result = _gnutls_asn2err (result);
1281 if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
1284 result = _gnutls_asn2err (result);
1292 asn1_delete_structure (c2);
1294 gnutls_pk_params_release (&pk_params);
1296 _gnutls_free_datum (&m);
1297 _gnutls_free_datum (&d);
1298 _gnutls_free_datum (&e);
1299 _gnutls_free_datum (&p);
1300 _gnutls_free_datum (&q);
1301 _gnutls_free_datum (&u);
1302 _gnutls_free_datum (&exp1);
1303 _gnutls_free_datum (&exp2);
1308 /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure.
1311 _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, bigint_t * params)
1314 size_t size[DSA_PRIVATE_PARAMS], total;
1315 opaque *p_data, *q_data, *g_data, *x_data, *y_data;
1316 opaque *all_data = NULL, *p;
1319 /* Read all the sizes */
1321 for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
1323 _gnutls_mpi_print_lz (params[i], NULL, &size[i]);
1328 * allocate data enough to hold everything
1330 all_data = gnutls_secure_malloc (total);
1331 if (all_data == NULL)
1334 result = GNUTLS_E_MEMORY_ERROR;
1349 _gnutls_mpi_print_lz (params[0], p_data, &size[0]);
1350 _gnutls_mpi_print_lz (params[1], q_data, &size[1]);
1351 _gnutls_mpi_print_lz (params[2], g_data, &size[2]);
1352 _gnutls_mpi_print_lz (params[3], y_data, &size[3]);
1353 _gnutls_mpi_print_lz (params[4], x_data, &size[4]);
1355 /* Ok. Now we have the data. Create the asn1 structures
1358 /* first make sure that no previously allocated data are leaked */
1359 if (*c2 != ASN1_TYPE_EMPTY)
1361 asn1_delete_structure (c2);
1362 *c2 = ASN1_TYPE_EMPTY;
1365 if ((result = asn1_create_element
1366 (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPrivateKey", c2))
1370 result = _gnutls_asn2err (result);
1376 if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS)
1379 result = _gnutls_asn2err (result);
1383 if ((result = asn1_write_value (*c2, "q", q_data, size[1])) != ASN1_SUCCESS)
1386 result = _gnutls_asn2err (result);
1390 if ((result = asn1_write_value (*c2, "g", g_data, size[2])) != ASN1_SUCCESS)
1393 result = _gnutls_asn2err (result);
1397 if ((result = asn1_write_value (*c2, "Y", y_data, size[3])) != ASN1_SUCCESS)
1400 result = _gnutls_asn2err (result);
1404 if ((result = asn1_write_value (*c2, "priv",
1405 x_data, size[4])) != ASN1_SUCCESS)
1408 result = _gnutls_asn2err (result);
1412 gnutls_free (all_data);
1414 if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
1417 result = _gnutls_asn2err (result);
1424 asn1_delete_structure (c2);
1425 gnutls_free (all_data);
1432 * gnutls_x509_privkey_generate:
1433 * @key: should contain a #gnutls_x509_privkey_t structure
1434 * @algo: is one of RSA or DSA.
1435 * @bits: the size of the modulus
1436 * @flags: unused for now. Must be 0.
1438 * This function will generate a random private key. Note that this
1439 * function must be called on an empty private key.
1441 * Do not set the number of bits directly, use gnutls_sec_param_to_pk_bits().
1443 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1444 * negative error value.
1447 gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
1448 gnutls_pk_algorithm_t algo, unsigned int bits,
1452 unsigned int params_len = MAX_PRIV_PARAMS_SIZE;
1458 return GNUTLS_E_INVALID_REQUEST;
1464 ret = _gnutls_dsa_generate_params (key->params, ¶ms_len, bits);
1471 if (params_len != DSA_PRIVATE_PARAMS)
1474 ret = GNUTLS_E_INTERNAL_ERROR;
1478 ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
1484 key->params_size = params_len;
1485 key->pk_algorithm = GNUTLS_PK_DSA;
1489 ret = _gnutls_rsa_generate_params (key->params, ¶ms_len, bits);
1496 if (params_len != RSA_PRIVATE_PARAMS)
1499 ret = GNUTLS_E_INTERNAL_ERROR;
1503 ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
1510 key->params_size = params_len;
1511 key->pk_algorithm = GNUTLS_PK_RSA;
1516 return GNUTLS_E_INVALID_REQUEST;
1522 key->pk_algorithm = GNUTLS_PK_UNKNOWN;
1523 key->params_size = 0;
1524 for (i = 0; i < params_len; i++)
1525 _gnutls_mpi_release (&key->params[i]);
1531 * gnutls_x509_privkey_get_key_id:
1532 * @key: Holds the key
1533 * @flags: should be 0 for now
1534 * @output_data: will contain the key ID
1535 * @output_data_size: holds the size of output_data (and will be
1536 * replaced by the actual size of parameters)
1538 * This function will return a unique ID the depends on the public key
1539 * parameters. This ID can be used in checking whether a certificate
1540 * corresponds to the given key.
1542 * If the buffer provided is not long enough to hold the output, then
1543 * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will
1544 * be returned. The output will normally be a SHA-1 hash output,
1545 * which is 20 bytes.
1547 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1548 * negative error value.
1551 gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
1553 unsigned char *output_data,
1554 size_t * output_data_size)
1558 gnutls_datum_t der = { NULL, 0 };
1563 return GNUTLS_E_INVALID_REQUEST;
1566 if (*output_data_size < 20)
1569 *output_data_size = 20;
1570 return GNUTLS_E_SHORT_MEMORY_BUFFER;
1573 if (key->pk_algorithm == GNUTLS_PK_RSA)
1576 _gnutls_x509_write_rsa_params (key->params, key->params_size, &der);
1583 else if (key->pk_algorithm == GNUTLS_PK_DSA)
1586 _gnutls_x509_write_dsa_public_key (key->params,
1587 key->params_size, &der);
1595 return GNUTLS_E_INTERNAL_ERROR;
1597 result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
1604 _gnutls_hash (&hd, der.data, der.size);
1606 _gnutls_hash_deinit (&hd, output_data);
1607 *output_data_size = 20;
1613 _gnutls_free_datum (&der);
1620 * _gnutls_x509_privkey_sign_hash2:
1621 * @signer: Holds the signer's key
1622 * @hash_algo: The hash algorithm used
1623 * @hash_data: holds the data to be signed
1624 * @signature: will contain newly allocated signature
1625 * @flags: zero for now
1627 * This function will sign the given hashed data using a signature algorithm
1628 * supported by the private key. Signature algorithms are always used
1629 * together with a hash functions. Different hash functions may be
1630 * used for the RSA algorithm, but only SHA-1,SHA-224 and SHA-256
1631 * for the DSA keys, depending on their bit size.
1633 * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
1634 * the hash algorithm.
1636 * The RSA algorithm is used in PKCS #1 v1.5 mode.
1638 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1639 * negative error value.
1642 _gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer,
1643 gnutls_digest_algorithm_t hash_algo,
1645 const gnutls_datum_t * hash_data,
1646 gnutls_datum_t * signature)
1649 gnutls_datum_t digest;
1651 digest.data = gnutls_malloc (hash_data->size);
1652 if (digest.data == NULL)
1655 return GNUTLS_E_MEMORY_ERROR;
1657 digest.size = hash_data->size;
1658 memcpy (digest.data, hash_data->data, digest.size);
1660 ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
1667 ret = _gnutls_soft_sign (signer->pk_algorithm, signer->params,
1668 signer->params_size, &digest, signature);
1679 _gnutls_free_datum (&digest);
1684 * gnutls_x509_privkey_sign_hash:
1685 * @key: Holds the key
1686 * @hash: holds the data to be signed
1687 * @signature: will contain newly allocated signature
1689 * This function will sign the given hash using the private key. Do not
1690 * use this function directly unless you know what it is. Typical signing
1691 * requires the data to be hashed and stored in special formats
1692 * (e.g. BER Digest-Info for RSA).
1694 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1695 * negative error value.
1697 * Deprecated in: 2.12.0
1700 gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
1701 const gnutls_datum_t * hash,
1702 gnutls_datum_t * signature)
1709 return GNUTLS_E_INVALID_REQUEST;
1712 result = _gnutls_soft_sign (key->pk_algorithm, key->params,
1713 key->params_size, hash, signature);
1724 * gnutls_x509_privkey_sign_data:
1725 * @key: Holds the key
1726 * @digest: should be MD5 or SHA1
1727 * @flags: should be 0 for now
1728 * @data: holds the data to be signed
1729 * @signature: will contain the signature
1730 * @signature_size: holds the size of signature (and will be replaced
1733 * This function will sign the given data using a signature algorithm
1734 * supported by the private key. Signature algorithms are always used
1735 * together with a hash functions. Different hash functions may be
1736 * used for the RSA algorithm, but only SHA-1 for the DSA keys.
1738 * If the buffer provided is not long enough to hold the output, then
1739 * *@signature_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will
1742 * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
1743 * the hash algorithm.
1745 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1746 * negative error value.
1748 * Deprecated: Use gnutls_privkey_sign_data().
1751 gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
1752 gnutls_digest_algorithm_t digest,
1754 const gnutls_datum_t * data,
1755 void *signature, size_t * signature_size)
1758 gnutls_datum_t sig = { NULL, 0 };
1759 gnutls_datum_t hash;
1764 return GNUTLS_E_INVALID_REQUEST;
1768 pk_hash_data (key->pk_algorithm, digest, key->params, data, &hash);
1776 _gnutls_x509_privkey_sign_hash2 (key, digest, flags, &hash, signature);
1778 _gnutls_free_datum(&hash);
1786 if (*signature_size < sig.size)
1788 *signature_size = sig.size;
1789 _gnutls_free_datum (&sig);
1790 return GNUTLS_E_SHORT_MEMORY_BUFFER;
1793 *signature_size = sig.size;
1794 memcpy (signature, sig.data, sig.size);
1796 _gnutls_free_datum (&sig);
1803 * gnutls_x509_privkey_verify_data:
1804 * @key: Holds the key
1805 * @flags: should be 0 for now
1806 * @data: holds the data to be signed
1807 * @signature: contains the signature
1809 * This function will verify the given signed data, using the
1810 * parameters in the private key.
1812 * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
1813 * is returned, and a positive code on success.
1815 * Deprecated: Use gnutls_pubkey_verify_data().
1818 gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
1820 const gnutls_datum_t * data,
1821 const gnutls_datum_t * signature)
1828 return GNUTLS_E_INVALID_REQUEST;
1831 result = _gnutls_x509_privkey_verify_signature (data, signature, key);
1842 * gnutls_x509_privkey_fix:
1843 * @key: Holds the key
1845 * This function will recalculate the secondary parameters in a key.
1846 * In RSA keys, this can be the coefficient and exponent1,2.
1848 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1849 * negative error value.
1852 gnutls_x509_privkey_fix (gnutls_x509_privkey_t key)
1859 return GNUTLS_E_INVALID_REQUEST;
1862 asn1_delete_structure (&key->key);
1864 switch (key->pk_algorithm)
1867 ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
1875 ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
1884 return GNUTLS_E_INVALID_REQUEST;