summaryrefslogtreecommitdiff
path: root/src/gnutls/asymkeys.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gnutls/asymkeys.c')
-rw-r--r--src/gnutls/asymkeys.c129
1 files changed, 42 insertions, 87 deletions
diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c
index de9d3fe6..220b98e2 100644
--- a/src/gnutls/asymkeys.c
+++ b/src/gnutls/asymkeys.c
@@ -1,11 +1,19 @@
-/**
- * XMLSec library
+/*
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
*
* Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved.
*/
+/**
+ * SECTION:asymkeys
+ * @Short_description: Asymmetric keys implementation for GnuTLS.
+ * @Stability: Private
+ *
+ */
+
#include "globals.h"
#include <string.h>
@@ -60,13 +68,10 @@ static int xmlSecGnuTLSConvertParamsToMpis(gnutls_datum_t * params, xmlSecSize p
xmlSecAssert2(paramsNum == mpisNum, -1);
for(ii = 0; ii < paramsNum; ++ii) {
+ mpis[ii] = NULL;
rc = gcry_mpi_scan(&(mpis[ii]), GCRYMPI_FMT_USG, params[ii].data, params[ii].size, NULL);
if((rc != GPG_ERR_NO_ERROR) || (mpis[ii] == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_mpi_scan",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSGCryptError("gcry_mpi_scan", rc, NULL);
xmlSecGnuTLSDestroyMpis(mpis, ii); /* destroy up to now */
return(-1);
}
@@ -118,11 +123,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey
&(params[0]), &(params[1]), &(params[2]),
&(params[3]), &(params[4]));
if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_privkey_export_dsa_raw",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlSecGnuTLSError("gnutls_x509_privkey_export_dsa_raw", err, NULL);
return(-1);
}
@@ -131,36 +132,30 @@ xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey
params, sizeof(params)/sizeof(params[0]),
mpis, sizeof(mpis)/sizeof(mpis[0]));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSConvertParamsToMpis",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL);
xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
return(-1);
}
xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+ /* Convert from OpenSSL parameter ordering to the OpenPGP order. */
+ /* First check that x < y; if not swap x and y */
+ if (gcry_mpi_cmp (mpis[4], mpis[3]) > 0) {
+ gcry_mpi_swap (mpis[3], mpis[4]);
+ }
+
/* build expressions */
rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
mpis[0], mpis[1], mpis[2], mpis[3], mpis[4]);
if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/dsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSGCryptError("gcry_sexp_build(private/dsa)", rc, NULL);
xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
return(-1);
}
rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
mpis[0], mpis[1], mpis[2], mpis[3]);
if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSGCryptError("gcry_sexp_build(public/dsa)", rc, NULL);
gcry_sexp_release(priv_key);
xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
return(-1);
@@ -169,11 +164,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey
ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKeyDataDsaAdoptKeyPair",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKeyPair", NULL);
gcry_sexp_release(pub_key);
gcry_sexp_release(priv_key);
return(-1);
@@ -224,11 +215,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data,
params, sizeof(params)/sizeof(params[0]),
mpis, sizeof(mpis)/sizeof(mpis[0]));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSConvertParamsToMpis",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL);
/* don't destroy params - we got them from outside !!! */
return(-1);
}
@@ -238,11 +225,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data,
rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
mpis[0], mpis[1], mpis[2], mpis[3]);
if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSGCryptError("gcry_sexp_build(public/dsa)", rc, NULL);
xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
return(-1);
}
@@ -250,11 +233,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data,
ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, NULL);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKeyDataDsaAdoptKeyPair",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKeyPair", NULL);
gcry_sexp_release(pub_key);
return(-1);
}
@@ -312,11 +291,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey
&(params[0]), &(params[1]), &(params[2]),
&(params[3]), &(params[4]), &(params[5]));
if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_privkey_export_rsa_raw",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlSecGnuTLSError("gnutls_x509_privkey_export_rsa_raw", err, NULL);
return(-1);
}
@@ -325,37 +300,33 @@ xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey
params, sizeof(params)/sizeof(params[0]),
mpis, sizeof(mpis)/sizeof(mpis[0]));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSConvertParamsToMpis",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL);
xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
return(-1);
}
xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+ /* Convert from OpenSSL parameter ordering to the OpenPGP order. */
+ /* (http://gnupg.10057.n7.nabble.com/RSA-PKCS-1-signing-differs-from-OpenSSL-s-td27920.html) */
+ /* First check that p < q; if not swap p and q and recompute u. */
+ if (gcry_mpi_cmp(mpis[3], mpis[4]) > 0) {
+ gcry_mpi_swap(mpis[3], mpis[4]);
+ gcry_mpi_invm(mpis[5], mpis[3], mpis[4]);
+ }
+
/* build expressions */
rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
mpis[0], mpis[1], mpis[2],
mpis[3], mpis[4], mpis[5]);
if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSGCryptError("gcry_sexp_build(private/rsa)", rc, NULL);
xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
return(-1);
}
rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))",
mpis[0], mpis[1]);
if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSGCryptError("gcry_sexp_build(public/rsa)", rc, NULL);
gcry_sexp_release(priv_key);
xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
return(-1);
@@ -364,11 +335,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey
ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKeyDataRsaAdoptKeyPair",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKeyPair", NULL);
gcry_sexp_release(pub_key);
gcry_sexp_release(priv_key);
return(-1);
@@ -412,11 +379,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data,
params, sizeof(params)/sizeof(params[0]),
mpis, sizeof(mpis)/sizeof(mpis[0]));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSConvertParamsToMpis",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL);
/* don't destroy params - we got them from outside !!! */
return(-1);
}
@@ -426,11 +389,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data,
rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))",
mpis[0], mpis[1]);
if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSGCryptError("gcry_sexp_build(public/rsa)", rc, NULL);
xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
return(-1);
}
@@ -438,11 +397,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data,
ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, NULL);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKeyDataRsaAdoptKeyPair",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKeyPair", NULL);
gcry_sexp_release(pub_key);
return(-1);
}