diff options
Diffstat (limited to 'src/gnutls/asymkeys.c')
-rw-r--r-- | src/gnutls/asymkeys.c | 129 |
1 files changed, 42 insertions, 87 deletions
diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c index de9d3fe6..220b98e2 100644 --- a/src/gnutls/asymkeys.c +++ b/src/gnutls/asymkeys.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:asymkeys + * @Short_description: Asymmetric keys implementation for GnuTLS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -60,13 +68,10 @@ static int xmlSecGnuTLSConvertParamsToMpis(gnutls_datum_t * params, xmlSecSize p xmlSecAssert2(paramsNum == mpisNum, -1); for(ii = 0; ii < paramsNum; ++ii) { + mpis[ii] = NULL; rc = gcry_mpi_scan(&(mpis[ii]), GCRYMPI_FMT_USG, params[ii].data, params[ii].size, NULL); if((rc != GPG_ERR_NO_ERROR) || (mpis[ii] == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_mpi_scan", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, ii); /* destroy up to now */ return(-1); } @@ -118,11 +123,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey &(params[0]), &(params[1]), &(params[2]), &(params[3]), &(params[4])); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_privkey_export_dsa_raw", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_privkey_export_dsa_raw", err, NULL); return(-1); } @@ -131,36 +132,30 @@ xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey params, sizeof(params)/sizeof(params[0]), mpis, sizeof(mpis)/sizeof(mpis[0])); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSConvertParamsToMpis", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL); xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0])); return(-1); } xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0])); + /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* First check that x < y; if not swap x and y */ + if (gcry_mpi_cmp (mpis[4], mpis[3]) > 0) { + gcry_mpi_swap (mpis[3], mpis[4]); + } + /* build expressions */ rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", mpis[0], mpis[1], mpis[2], mpis[3], mpis[4]); if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/dsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(private/dsa)", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); } rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", mpis[0], mpis[1], mpis[2], mpis[3]); if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(public/dsa)", rc, NULL); gcry_sexp_release(priv_key); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); @@ -169,11 +164,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataDsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKeyPair", NULL); gcry_sexp_release(pub_key); gcry_sexp_release(priv_key); return(-1); @@ -224,11 +215,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data, params, sizeof(params)/sizeof(params[0]), mpis, sizeof(mpis)/sizeof(mpis[0])); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSConvertParamsToMpis", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL); /* don't destroy params - we got them from outside !!! */ return(-1); } @@ -238,11 +225,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data, rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", mpis[0], mpis[1], mpis[2], mpis[3]); if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(public/dsa)", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); } @@ -250,11 +233,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data, ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataDsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKeyPair", NULL); gcry_sexp_release(pub_key); return(-1); } @@ -312,11 +291,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey &(params[0]), &(params[1]), &(params[2]), &(params[3]), &(params[4]), &(params[5])); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_privkey_export_rsa_raw", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_privkey_export_rsa_raw", err, NULL); return(-1); } @@ -325,37 +300,33 @@ xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey params, sizeof(params)/sizeof(params[0]), mpis, sizeof(mpis)/sizeof(mpis[0])); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSConvertParamsToMpis", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL); xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0])); return(-1); } xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0])); + /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* (http://gnupg.10057.n7.nabble.com/RSA-PKCS-1-signing-differs-from-OpenSSL-s-td27920.html) */ + /* First check that p < q; if not swap p and q and recompute u. */ + if (gcry_mpi_cmp(mpis[3], mpis[4]) > 0) { + gcry_mpi_swap(mpis[3], mpis[4]); + gcry_mpi_invm(mpis[5], mpis[3], mpis[4]); + } + /* build expressions */ rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", mpis[0], mpis[1], mpis[2], mpis[3], mpis[4], mpis[5]); if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(private/rsa)", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); } rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))", mpis[0], mpis[1]); if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(public/rsa)", rc, NULL); gcry_sexp_release(priv_key); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); @@ -364,11 +335,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataRsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKeyPair", NULL); gcry_sexp_release(pub_key); gcry_sexp_release(priv_key); return(-1); @@ -412,11 +379,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data, params, sizeof(params)/sizeof(params[0]), mpis, sizeof(mpis)/sizeof(mpis[0])); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSConvertParamsToMpis", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL); /* don't destroy params - we got them from outside !!! */ return(-1); } @@ -426,11 +389,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data, rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))", mpis[0], mpis[1]); if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(public/rsa)", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); } @@ -438,11 +397,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data, ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataRsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKeyPair", NULL); gcry_sexp_release(pub_key); return(-1); } |