Bug Summary

File:lib/nettle/pk.c
Location:line 172, column 9
Description:Assigned value is garbage or undefined

Annotated Source Code

1/*
2 * Copyright (C) 2010, 2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23/* This file contains the functions needed for RSA/DSA public key
24 * encryption and signatures.
25 */
26
27#include <gnutls_int.h>
28#include <gnutls_mpi.h>
29#include <gnutls_pk.h>
30#include <gnutls_errors.h>
31#include <gnutls_datumgnutls_datum_t.h>
32#include <gnutls_global.h>
33#include <gnutls_num.h>
34#include <x509/x509_int.h>
35#include <x509/common.h>
36#include <random.h>
37#include <gnutls_pk.h>
38#include <nettle/dsa.h>
39#include <nettle/rsa.h>
40#include <random.h>
41#include <gnutls/crypto.h>
42#include "ecc.h"
43
44#define TOMPZ(x)(*((mpz_t*)(x))) (*((mpz_t*)(x)))
45
46static inline int is_supported_curve(int curve);
47
48static void
49rnd_func (void *_ctx, unsigned length, uint8_t * data)
50{
51 _gnutls_rnd (GNUTLS_RND_RANDOM, data, length);
52}
53
54static void
55_dsa_params_to_pubkey (const gnutls_pk_params_st * pk_params,
56 struct dsa_public_key *pub)
57{
58 memcpy (&pub->p, pk_params->params[0], sizeof (mpz_t));
59 memcpy (&pub->q, pk_params->params[1], sizeof (mpz_t));
60 memcpy (&pub->g, pk_params->params[2], sizeof (mpz_t));
61 memcpy (&pub->y, pk_params->params[3], sizeof (mpz_t));
62}
63
64static void
65_dsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
66 struct dsa_private_key *pub)
67{
68 memcpy (&pub->x, pk_params->params[4], sizeof (mpz_t));
69}
70
71static void
72_rsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
73 struct rsa_private_key *priv)
74{
75 memcpy (&priv->d, pk_params->params[2], sizeof (mpz_t));
76 memcpy (&priv->p, pk_params->params[3], sizeof (mpz_t));
77 memcpy (&priv->q, pk_params->params[4], sizeof (mpz_t));
78 memcpy (&priv->c, pk_params->params[5], sizeof (mpz_t));
79 memcpy (&priv->a, pk_params->params[6], sizeof (mpz_t));
80 memcpy (&priv->b, pk_params->params[7], sizeof (mpz_t));
81
82}
83
84static void
85_ecc_params_to_privkey(const gnutls_pk_params_st * pk_params,
86 ecc_key * priv)
87{
88 priv->type = PK_PRIVATE1;
89 memcpy(&priv->prime, pk_params->params[ECC_PRIME0], sizeof(mpz_t));
90 memcpy(&priv->order, pk_params->params[ECC_ORDER1], sizeof(mpz_t));
91 memcpy(&priv->A, pk_params->params[ECC_A2], sizeof(mpz_t));
92 memcpy(&priv->B, pk_params->params[ECC_B3], sizeof(mpz_t));
93 memcpy(&priv->Gx, pk_params->params[ECC_GX4], sizeof(mpz_t));
94 memcpy(&priv->Gy, pk_params->params[ECC_GY5], sizeof(mpz_t));
95 memcpy(&priv->pubkey.x, pk_params->params[ECC_X6], sizeof(mpz_t));
96 memcpy(&priv->pubkey.y, pk_params->params[ECC_Y7], sizeof(mpz_t));
97 memcpy(&priv->k, pk_params->params[ECC_K8], sizeof(mpz_t));
98 mpz_init_set_ui__gmpz_init_set_ui(priv->pubkey.z, 1);
99}
100
101static void _ecc_params_clear(ecc_key * key)
102{
103 mpz_clear__gmpz_clear(key->pubkey.z);
104}
105
106static void
107_ecc_params_to_pubkey(const gnutls_pk_params_st * pk_params,
108 ecc_key * pub)
109{
110 pub->type = PK_PUBLIC2;
111 memcpy(&pub->prime, pk_params->params[ECC_PRIME0], sizeof(mpz_t));
112 memcpy(&pub->order, pk_params->params[ECC_ORDER1], sizeof(mpz_t));
113 memcpy(&pub->A, pk_params->params[ECC_A2], sizeof(mpz_t));
114 memcpy(&pub->B, pk_params->params[ECC_B3], sizeof(mpz_t));
115 memcpy(&pub->Gx, pk_params->params[ECC_GX4], sizeof(mpz_t));
116 memcpy(&pub->Gy, pk_params->params[ECC_GY5], sizeof(mpz_t));
117 memcpy(&pub->pubkey.x, pk_params->params[ECC_X6], sizeof(mpz_t));
118 memcpy(&pub->pubkey.y, pk_params->params[ECC_Y7], sizeof(mpz_t));
119 mpz_init_set_ui__gmpz_init_set_ui(pub->pubkey.z, 1);
120}
121
122static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t algo, gnutls_datum_t * out,
123 const gnutls_pk_params_st * priv,
124 const gnutls_pk_params_st * pub)
125{
126 int ret;
127
128 switch (algo)
1
Control jumps to 'case GNUTLS_PK_EC:' at line 130
129 {
130 case GNUTLS_PK_EC:
131 {
132 ecc_key ecc_pub, ecc_priv;
133 int curve = priv->flags;
134 unsigned long sz;
135
136 out->data = NULL((void*)0);
137
138 if (is_supported_curve(curve) == 0)
2
Taking false branch
139 return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE)gnutls_assert_val_int(-322, "pk.c", 139);
140
141 _ecc_params_to_pubkey(pub, &ecc_pub);
142 _ecc_params_to_privkey(priv, &ecc_priv);
143
144 if (ecc_projective_check_point(&ecc_pub.pubkey, pub->params[ECC_B3], pub->params[ECC_PRIME0]) != 0)
3
Taking true branch
145 {
146 ret = gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER)gnutls_assert_val_int(-55, "pk.c", 146);
147 goto ecc_cleanup;
4
Control jumps to line 163
148 }
149
150 sz = ECC_BUF_SIZE512;
151 out->data = gnutls_malloc(sz);
152 if (out->data == NULL((void*)0))
153 {
154 ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR)gnutls_assert_val_int(-25, "pk.c", 154);
155 goto ecc_cleanup;
156 }
157
158 ret = ecc_shared_secret(&ecc_priv, &ecc_pub, out->data, &sz);
159 if (ret != 0)
160 ret = gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR)gnutls_assert_val_int(-59, "pk.c", 160);
161
162ecc_cleanup:
163 _ecc_params_clear(&ecc_pub);
164 _ecc_params_clear(&ecc_priv);
165
166 if (ret < 0)
5
Taking false branch
167 {
168 gnutls_free(out->data);
169 return ret;
170 }
171
172 out->size = sz;
6
Assigned value is garbage or undefined
173 break;
174 }
175 default:
176 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",176); } while(0);;
177 ret = GNUTLS_E_INTERNAL_ERROR-59;
178 goto cleanup;
179 }
180
181 ret = 0;
182
183cleanup:
184
185 return ret;
186}
187
188static int
189_wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo,
190 gnutls_datum_t * ciphertext,
191 const gnutls_datum_t * plaintext,
192 const gnutls_pk_params_st * pk_params)
193{
194 int ret;
195
196 switch (algo)
197 {
198 case GNUTLS_PK_RSA:
199 {
200 bigint_t p;
201
202 if (_gnutls_mpi_scan_nz (&p, plaintext->data, plaintext->size) != 0)
203 {
204 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",204); } while(0);;
205 return GNUTLS_E_MPI_SCAN_FAILED-23;
206 }
207
208 mpz_powm__gmpz_powm (p, p, TOMPZ (pk_params->params[1])(*((mpz_t*)(pk_params->params[1]))) /*e */ ,
209 TOMPZ (pk_params->params[0] /*m */ )(*((mpz_t*)(pk_params->params[0]))));
210
211 ret = _gnutls_mpi_dprint_size (p, ciphertext, plaintext->size);
212 _gnutls_mpi_release (&p);
213
214 if (ret < 0)
215 {
216 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",216); } while(0);;
217 goto cleanup;
218 }
219
220 break;
221 }
222 default:
223 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",223); } while(0);;
224 ret = GNUTLS_E_INTERNAL_ERROR-59;
225 goto cleanup;
226 }
227
228 ret = 0;
229
230cleanup:
231
232 return ret;
233}
234
235/* returns the blinded c and the inverse of a random
236 * number r;
237 */
238static bigint_t
239rsa_blind (bigint_t c, bigint_t e, bigint_t n, bigint_t * _ri)
240{
241 bigint_t nc = NULL((void*)0), r = NULL((void*)0), ri = NULL((void*)0);
242
243 /* nc = c*(r^e)
244 * ri = r^(-1)
245 */
246 nc = _gnutls_mpi_alloc_like (n)_gnutls_mpi_ops.bigint_new(_gnutls_mpi_ops.bigint_get_nbits(n
));
247 if (nc == NULL((void*)0))
248 {
249 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",249); } while(0);;
250 return NULL((void*)0);
251 }
252
253 ri = _gnutls_mpi_alloc_like (n)_gnutls_mpi_ops.bigint_new(_gnutls_mpi_ops.bigint_get_nbits(n
));
254 if (nc == NULL((void*)0))
255 {
256 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",256); } while(0);;
257 goto fail;
258 }
259
260 r = _gnutls_mpi_randomize (NULL((void*)0), _gnutls_mpi_get_nbits (n)_gnutls_mpi_ops.bigint_get_nbits(n),
261 GNUTLS_RND_NONCE);
262 if (r == NULL((void*)0))
263 {
264 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",264); } while(0);;
265 goto fail;
266 }
267
268 /* invert r */
269 if (mpz_invert__gmpz_invert (ri, r, n) == 0)
270 {
271 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",271); } while(0);;
272 goto fail;
273 }
274
275 /* r = r^e */
276
277 _gnutls_mpi_powm (r, r, e, n)_gnutls_mpi_ops.bigint_powm(r,r,e,n);
278
279 _gnutls_mpi_mulm (nc, c, r, n)_gnutls_mpi_ops.bigint_mulm(nc,c,r,n);
280
281 *_ri = ri;
282
283 _gnutls_mpi_release (&r);
284
285 return nc;
286fail:
287 _gnutls_mpi_release (&nc);
288 _gnutls_mpi_release (&r);
289 return NULL((void*)0);
290}
291
292/* c = c*ri mod n
293 */
294static inline void
295rsa_unblind (bigint_t c, bigint_t ri, bigint_t n)
296{
297 _gnutls_mpi_mulm (c, c, ri, n)_gnutls_mpi_ops.bigint_mulm(c,c,ri,n);
298}
299
300static int
301_wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo,
302 gnutls_datum_t * plaintext,
303 const gnutls_datum_t * ciphertext,
304 const gnutls_pk_params_st * pk_params)
305{
306 int ret;
307
308 /* make a sexp from pkey */
309 switch (algo)
310 {
311 case GNUTLS_PK_RSA:
312 {
313 struct rsa_private_key priv;
314 bigint_t c, ri, nc;
315
316 if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0)
317 {
318 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",318); } while(0);;
319 return GNUTLS_E_MPI_SCAN_FAILED-23;
320 }
321
322 nc = rsa_blind (c, pk_params->params[1] /*e */ ,
323 pk_params->params[0] /*m */ , &ri);
324 _gnutls_mpi_release (&c);
325 if (nc == NULL((void*)0))
326 {
327 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",327); } while(0);;
328 return GNUTLS_E_MEMORY_ERROR-25;
329 }
330
331 memset(&priv, 0, sizeof(priv));
332 _rsa_params_to_privkey (pk_params, &priv);
333
334 rsa_compute_rootnettle_rsa_compute_root (&priv, TOMPZ (nc)(*((mpz_t*)(nc))), TOMPZ (nc)(*((mpz_t*)(nc))));
335
336 rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
337
338 ret = _gnutls_mpi_dprint_size (nc, plaintext, ciphertext->size);
339
340 _gnutls_mpi_release (&nc);
341 _gnutls_mpi_release (&ri);
342
343 if (ret < 0)
344 {
345 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",345); } while(0);;
346 goto cleanup;
347 }
348
349 break;
350 }
351 default:
352 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",352); } while(0);;
353 ret = GNUTLS_E_INTERNAL_ERROR-59;
354 goto cleanup;
355 }
356
357 ret = 0;
358
359cleanup:
360
361 return ret;
362}
363
364/* in case of DSA puts into data, r,s
365 */
366static int
367_wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
368 gnutls_datum_t * signature,
369 const gnutls_datum_t * vdata,
370 const gnutls_pk_params_st * pk_params)
371{
372 int ret, hash;
373
374 switch (algo)
375 {
376 case GNUTLS_PK_EC: /* we do ECDSA */
377 {
378 ecc_key priv;
379 struct dsa_signature sig;
380 int hash_len;
381
382 _ecc_params_to_privkey(pk_params, &priv);
383
384 dsa_signature_initnettle_dsa_signature_init (&sig);
385
386 hash = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
387 if (hash_len > vdata->size)
388 {
389 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",389); } while(0);;
390 _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", gnutls_mac_get_name(hash), hash_len)do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "Security level of algorithm requires hash %s(%d) or better\n"
, gnutls_mac_get_name(hash), hash_len); } while(0);
391 hash_len = vdata->size;
392 }
393
394 ret = ecc_sign_hash(vdata->data, hash_len,
395 &sig, NULL((void*)0), rnd_func, &priv);
396 if (ret != 0)
397 {
398 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",398); } while(0);;
399 ret = GNUTLS_E_PK_SIGN_FAILED-46;
400 goto ecdsa_fail;
401 }
402
403 ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
404
405 ecdsa_fail:
406 dsa_signature_clearnettle_dsa_signature_clear (&sig);
407 _ecc_params_clear( &priv);
408
409 if (ret < 0)
410 {
411 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",411); } while(0);;
412 goto cleanup;
413 }
414 break;
415 }
416 case GNUTLS_PK_DSA:
417 {
418 struct dsa_public_key pub;
419 struct dsa_private_key priv;
420 struct dsa_signature sig;
421 int hash_len;
422
423 memset(&priv, 0, sizeof(priv));
424 memset(&pub, 0, sizeof(pub));
425 _dsa_params_to_pubkey (pk_params, &pub);
426 _dsa_params_to_privkey (pk_params, &priv);
427
428 dsa_signature_initnettle_dsa_signature_init (&sig);
429
430 hash = _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
431 if (hash_len > vdata->size)
432 {
433 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",433); } while(0);;
434 _gnutls_debug_log("Security level of algorithm requires hash %s(%d) or better\n", gnutls_mac_get_name(hash), hash_len)do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "Security level of algorithm requires hash %s(%d) or better\n"
, gnutls_mac_get_name(hash), hash_len); } while(0);
435 hash_len = vdata->size;
436 }
437
438 ret =
439 _dsa_sign_nettle_dsa_sign (&pub, &priv, NULL((void*)0), rnd_func,
440 hash_len, vdata->data, &sig);
441 if (ret == 0)
442 {
443 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",443); } while(0);;
444 ret = GNUTLS_E_PK_SIGN_FAILED-46;
445 goto dsa_fail;
446 }
447
448 ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
449
450 dsa_fail:
451 dsa_signature_clearnettle_dsa_signature_clear (&sig);
452
453 if (ret < 0)
454 {
455 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",455); } while(0);;
456 goto cleanup;
457 }
458 break;
459 }
460 case GNUTLS_PK_RSA:
461 {
462 struct rsa_private_key priv;
463 bigint_t hash, nc, ri;
464
465 if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
466 {
467 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",467); } while(0);;
468 return GNUTLS_E_MPI_SCAN_FAILED-23;
469 }
470
471 memset(&priv, 0, sizeof(priv));
472 _rsa_params_to_privkey (pk_params, &priv);
473
474 nc = rsa_blind (hash, pk_params->params[1] /*e */ ,
475 pk_params->params[0] /*m */ , &ri);
476
477 _gnutls_mpi_release (&hash);
478
479 if (nc == NULL((void*)0))
480 {
481 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",481); } while(0);;
482 ret = GNUTLS_E_MEMORY_ERROR-25;
483 goto rsa_fail;
484 }
485
486 rsa_compute_rootnettle_rsa_compute_root (&priv, TOMPZ (nc)(*((mpz_t*)(nc))), TOMPZ (nc)(*((mpz_t*)(nc))));
487
488 rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
489
490 ret = _gnutls_mpi_dprint (nc, signature);
491
492rsa_fail:
493 _gnutls_mpi_release (&nc);
494 _gnutls_mpi_release (&ri);
495
496 if (ret < 0)
497 {
498 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",498); } while(0);;
499 goto cleanup;
500 }
501
502 break;
503 }
504 default:
505 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",505); } while(0);;
506 ret = GNUTLS_E_INTERNAL_ERROR-59;
507 goto cleanup;
508 }
509
510 ret = 0;
511
512cleanup:
513
514 return ret;
515}
516
517static int
518_int_rsa_verify (const gnutls_pk_params_st * pk_params,
519 bigint_t m, bigint_t s)
520{
521 int res;
522
523 mpz_t m1;
524
525 if ((mpz_sgn (TOMPZ (s))(((*((mpz_t*)(s))))->_mp_size < 0 ? -1 : ((*((mpz_t*)(s
))))->_mp_size > 0) <= 0)
526 || (mpz_cmp__gmpz_cmp (TOMPZ (s)(*((mpz_t*)(s))), TOMPZ (pk_params->params[0])(*((mpz_t*)(pk_params->params[0])))) >= 0))
527 return GNUTLS_E_PK_SIG_VERIFY_FAILED-89;
528
529 mpz_init__gmpz_init (m1);
530
531 mpz_powm__gmpz_powm (m1, TOMPZ (s)(*((mpz_t*)(s))), TOMPZ (pk_params->params[1])(*((mpz_t*)(pk_params->params[1]))),
532 TOMPZ (pk_params->params[0])(*((mpz_t*)(pk_params->params[0]))));
533
534 res = !mpz_cmp__gmpz_cmp (TOMPZ (m)(*((mpz_t*)(m))), m1);
535
536 mpz_clear__gmpz_clear (m1);
537
538 if (res == 0)
539 res = GNUTLS_E_PK_SIG_VERIFY_FAILED-89;
540 else
541 res = 0;
542
543 return res;
544}
545
546static int
547_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
548 const gnutls_datum_t * vdata,
549 const gnutls_datum_t * signature,
550 const gnutls_pk_params_st * pk_params)
551{
552 int ret;
553 int hash_len;
554 bigint_t tmp[2] = { NULL((void*)0), NULL((void*)0) };
555
556 switch (algo)
557 {
558 case GNUTLS_PK_EC: /* ECDSA */
559 {
560 ecc_key pub;
561 struct dsa_signature sig;
562 int stat;
563
564 ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
565 if (ret < 0)
566 {
567 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",567); } while(0);;
568 goto cleanup;
569 }
570
571 _ecc_params_to_pubkey(pk_params, &pub);
572 memcpy (&sig.r, tmp[0], sizeof (sig.r));
573 memcpy (&sig.s, tmp[1], sizeof (sig.s));
574
575 _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
576 if (hash_len > vdata->size)
577 hash_len = vdata->size;
578
579 ret = ecc_verify_hash(&sig, vdata->data, hash_len, &stat, &pub);
580 if (ret != 0 || stat != 1)
581 {
582 gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",582); } while(0);;
583 ret = GNUTLS_E_PK_SIG_VERIFY_FAILED-89;
584 }
585 else
586 ret = 0;
587
588 _gnutls_mpi_release (&tmp[0]);
589 _gnutls_mpi_release (&tmp[1]);
590 _ecc_params_clear( &pub);
591 break;
592 }
593 case GNUTLS_PK_DSA:
594 {
595 struct dsa_public_key pub;
596 struct dsa_signature sig;
597
598 ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
599 if (ret < 0)
600 {
601 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",601); } while(0);;
602 goto cleanup;
603 }
604 memset(&pub, 0, sizeof(pub));
605 _dsa_params_to_pubkey (pk_params, &pub);
606 memcpy (&sig.r, tmp[0], sizeof (sig.r));
607 memcpy (&sig.s, tmp[1], sizeof (sig.s));
608
609 _gnutls_dsa_q_to_hash (algo, pk_params, &hash_len);
610 if (hash_len > vdata->size)
611 hash_len = vdata->size;
612
613 ret = _dsa_verify_nettle_dsa_verify (&pub, hash_len, vdata->data, &sig);
614 if (ret == 0)
615 {
616 gnutls_assert()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",616); } while(0);;
617 ret = GNUTLS_E_PK_SIG_VERIFY_FAILED-89;
618 }
619 else
620 ret = 0;
621
622 _gnutls_mpi_release (&tmp[0]);
623 _gnutls_mpi_release (&tmp[1]);
624 break;
625 }
626 case GNUTLS_PK_RSA:
627 {
628 bigint_t hash;
629
630 if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
631 {
632 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",632); } while(0);;
633 return GNUTLS_E_MPI_SCAN_FAILED-23;
634 }
635
636 ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
637 if (ret < 0)
638 {
639 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",639); } while(0);;
640 goto cleanup;
641 }
642
643 ret = _int_rsa_verify (pk_params, hash, tmp[0]);
644 _gnutls_mpi_release (&tmp[0]);
645 _gnutls_mpi_release (&hash);
646 break;
647 }
648 default:
649 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",649); } while(0);;
650 ret = GNUTLS_E_INTERNAL_ERROR-59;
651 goto cleanup;
652 }
653
654cleanup:
655
656 return ret;
657}
658
659static inline int is_supported_curve(int curve)
660{
661 if (gnutls_ecc_curve_get_name(curve) != NULL((void*)0))
662 return 1;
663 else
664 return 0;
665}
666
667
668static int
669wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
670 unsigned int level /*bits */ ,
671 gnutls_pk_params_st * params)
672{
673 int ret, i;
674 int q_bits;
675
676 memset(params, 0, sizeof(*params));
677
678 switch (algo)
679 {
680
681 case GNUTLS_PK_DSA:
682 {
683 struct dsa_public_key pub;
684 struct dsa_private_key priv;
685
686 dsa_public_key_initnettle_dsa_public_key_init (&pub);
687 dsa_private_key_initnettle_dsa_private_key_init (&priv);
688
689 /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
690 * but we do NIST DSA here */
691 if (level <= 1024)
692 q_bits = 160;
693 else
694 q_bits = 256;
695
696 ret =
697 dsa_generate_keypairnettle_dsa_generate_keypair (&pub, &priv, NULL((void*)0),
698 rnd_func, NULL((void*)0), NULL((void*)0), level, q_bits);
699 if (ret != 1)
700 {
701 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",701); } while(0);;
702 ret = GNUTLS_E_INTERNAL_ERROR-59;
703 goto dsa_fail;
704 }
705
706 params->params_nr = 0;
707 for (i = 0; i < DSA_PRIVATE_PARAMS5; i++)
708 {
709 params->params[i] = _gnutls_mpi_alloc_like (&pub.p)_gnutls_mpi_ops.bigint_new(_gnutls_mpi_ops.bigint_get_nbits(&
pub.p));
710 if (params->params[i] == NULL((void*)0))
711 {
712 ret = GNUTLS_E_MEMORY_ERROR-25;
713 goto dsa_fail;
714 }
715 params->params_nr++;
716 }
717
718 ret = 0;
719 _gnutls_mpi_set (params->params[0], pub.p)_gnutls_mpi_ops.bigint_set(params->params[0],pub.p);
720 _gnutls_mpi_set (params->params[1], pub.q)_gnutls_mpi_ops.bigint_set(params->params[1],pub.q);
721 _gnutls_mpi_set (params->params[2], pub.g)_gnutls_mpi_ops.bigint_set(params->params[2],pub.g);
722 _gnutls_mpi_set (params->params[3], pub.y)_gnutls_mpi_ops.bigint_set(params->params[3],pub.y);
723 _gnutls_mpi_set (params->params[4], priv.x)_gnutls_mpi_ops.bigint_set(params->params[4],priv.x);
724
725dsa_fail:
726 dsa_private_key_clearnettle_dsa_private_key_clear (&priv);
727 dsa_public_key_clearnettle_dsa_public_key_clear (&pub);
728
729 if (ret < 0)
730 goto fail;
731
732 break;
733 }
734 case GNUTLS_PK_RSA:
735 {
736 struct rsa_public_key pub;
737 struct rsa_private_key priv;
738
739 rsa_public_key_initnettle_rsa_public_key_init (&pub);
740 rsa_private_key_initnettle_rsa_private_key_init (&priv);
741
742 _gnutls_mpi_set_ui (&pub.e, 65537)_gnutls_mpi_ops.bigint_set_ui(&pub.e,65537);
743
744 ret =
745 rsa_generate_keypairnettle_rsa_generate_keypair (&pub, &priv, NULL((void*)0),
746 rnd_func, NULL((void*)0), NULL((void*)0), level, 0);
747 if (ret != 1)
748 {
749 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",749); } while(0);;
750 ret = GNUTLS_E_INTERNAL_ERROR-59;
751 goto rsa_fail;
752 }
753
754 params->params_nr = 0;
755 for (i = 0; i < RSA_PRIVATE_PARAMS8; i++)
756 {
757 params->params[i] = _gnutls_mpi_alloc_like (&pub.n)_gnutls_mpi_ops.bigint_new(_gnutls_mpi_ops.bigint_get_nbits(&
pub.n));
758 if (params->params[i] == NULL((void*)0))
759 {
760 ret = GNUTLS_E_MEMORY_ERROR-25;
761 goto rsa_fail;
762 }
763 params->params_nr++;
764
765 }
766
767 ret = 0;
768
769 _gnutls_mpi_set (params->params[0], pub.n)_gnutls_mpi_ops.bigint_set(params->params[0],pub.n);
770 _gnutls_mpi_set (params->params[1], pub.e)_gnutls_mpi_ops.bigint_set(params->params[1],pub.e);
771 _gnutls_mpi_set (params->params[2], priv.d)_gnutls_mpi_ops.bigint_set(params->params[2],priv.d);
772 _gnutls_mpi_set (params->params[3], priv.p)_gnutls_mpi_ops.bigint_set(params->params[3],priv.p);
773 _gnutls_mpi_set (params->params[4], priv.q)_gnutls_mpi_ops.bigint_set(params->params[4],priv.q);
774 _gnutls_mpi_set (params->params[5], priv.c)_gnutls_mpi_ops.bigint_set(params->params[5],priv.c);
775 _gnutls_mpi_set (params->params[6], priv.a)_gnutls_mpi_ops.bigint_set(params->params[6],priv.a);
776 _gnutls_mpi_set (params->params[7], priv.b)_gnutls_mpi_ops.bigint_set(params->params[7],priv.b);
777
778rsa_fail:
779 rsa_private_key_clearnettle_rsa_private_key_clear (&priv);
780 rsa_public_key_clearnettle_rsa_public_key_clear (&pub);
781
782 if (ret < 0)
783 goto fail;
784
785 break;
786 }
787 case GNUTLS_PK_EC:
788 {
789 ecc_key key;
790 ecc_set_type tls_ecc_set;
791 const gnutls_ecc_curve_entry_st *st;
792
793 st = _gnutls_ecc_curve_get_params(level);
794 if (st == NULL((void*)0))
795 return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE)gnutls_assert_val_int(-322, "pk.c", 795);
796
797 tls_ecc_set.size = st->size;
798 tls_ecc_set.prime = st->prime;
799 tls_ecc_set.order = st->order;
800 tls_ecc_set.Gx = st->Gx;
801 tls_ecc_set.Gy = st->Gy;
802 tls_ecc_set.A = st->A;
803 tls_ecc_set.B = st->B;
804
805 ret = ecc_make_key(NULL((void*)0), rnd_func, &key, &tls_ecc_set);
806 if (ret != 0)
807 return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR)gnutls_assert_val_int(-59, "pk.c", 807);
808
809 params->params_nr = 0;
810 for (i = 0; i < ECC_PRIVATE_PARAMS9; i++)
811 {
812 params->params[i] = _gnutls_mpi_alloc_like(&key.prime)_gnutls_mpi_ops.bigint_new(_gnutls_mpi_ops.bigint_get_nbits(&
key.prime));
813 if (params->params[i] == NULL((void*)0))
814 {
815 ret = GNUTLS_E_MEMORY_ERROR-25;
816 goto ecc_fail;
817 }
818 params->params_nr++;
819 }
820 params->flags = level;
821
822 mpz_set__gmpz_set(TOMPZ(params->params[ECC_PRIME])(*((mpz_t*)(params->params[0]))), key.prime);
823 mpz_set__gmpz_set(TOMPZ(params->params[ECC_ORDER])(*((mpz_t*)(params->params[1]))), key.order);
824 mpz_set__gmpz_set(TOMPZ(params->params[ECC_A])(*((mpz_t*)(params->params[2]))), key.A);
825 mpz_set__gmpz_set(TOMPZ(params->params[ECC_B])(*((mpz_t*)(params->params[3]))), key.B);
826 mpz_set__gmpz_set(TOMPZ(params->params[ECC_GX])(*((mpz_t*)(params->params[4]))), key.Gx);
827 mpz_set__gmpz_set(TOMPZ(params->params[ECC_GY])(*((mpz_t*)(params->params[5]))), key.Gy);
828 mpz_set__gmpz_set(TOMPZ(params->params[ECC_X])(*((mpz_t*)(params->params[6]))), key.pubkey.x);
829 mpz_set__gmpz_set(TOMPZ(params->params[ECC_Y])(*((mpz_t*)(params->params[7]))), key.pubkey.y);
830 mpz_set__gmpz_set(TOMPZ(params->params[ECC_K])(*((mpz_t*)(params->params[8]))), key.k);
831
832ecc_fail:
833 ecc_free(&key);
834
835 if (ret < 0)
836 goto fail;
837
838 break;
839 }
840 default:
841 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",841); } while(0);;
842 return GNUTLS_E_INVALID_REQUEST-50;
843 }
844
845 return 0;
846
847fail:
848
849 for (i = 0; i < params->params_nr; i++)
850 {
851 _gnutls_mpi_release (&params->params[i]);
852 }
853 params->params_nr = 0;
854
855 return ret;
856}
857
858static int
859wrap_nettle_pk_verify_params (gnutls_pk_algorithm_t algo,
860 const gnutls_pk_params_st * params)
861{
862 int ret;
863
864 switch (algo)
865 {
866 case GNUTLS_PK_RSA:
867 {
868 bigint_t t1 = NULL((void*)0), t2 = NULL((void*)0);
869
870 if (params->params_nr != RSA_PRIVATE_PARAMS8)
871 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST)gnutls_assert_val_int(-50, "pk.c", 871);
872
873 t1 = _gnutls_mpi_new (256)_gnutls_mpi_ops.bigint_new(256);
874 if (t1 == NULL((void*)0))
875 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR)gnutls_assert_val_int(-25, "pk.c", 875);
876
877 _gnutls_mpi_mulm (t1, params->params[RSA_PRIME1], params->params[RSA_PRIME2], params->params[RSA_MODULUS])_gnutls_mpi_ops.bigint_mulm(t1,params->params[3],params->
params[4],params->params[0]);
878 if (_gnutls_mpi_cmp_ui(t1, 0)_gnutls_mpi_ops.bigint_cmp_ui(t1,0) != 0)
879 {
880 ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER)gnutls_assert_val_int(-325, "pk.c", 880);
881 goto rsa_cleanup;
882 }
883
884 mpz_invert__gmpz_invert (TOMPZ(t1)(*((mpz_t*)(t1))), TOMPZ (params->params[RSA_PRIME2])(*((mpz_t*)(params->params[4]))), TOMPZ (params->params[RSA_PRIME1])(*((mpz_t*)(params->params[3]))));
885 if (_gnutls_mpi_cmp(t1, params->params[RSA_COEF])_gnutls_mpi_ops.bigint_cmp(t1,params->params[5]) != 0)
886 {
887 ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER)gnutls_assert_val_int(-325, "pk.c", 887);
888 goto rsa_cleanup;
889 }
890
891 /* [RSA_PRIME1] = d % p-1, [RSA_PRIME2] = d % q-1 */
892 _gnutls_mpi_sub_ui (t1, params->params[RSA_PRIME1], 1)_gnutls_mpi_ops.bigint_sub_ui(t1,params->params[3],1);
893 t2 = _gnutls_mpi_mod (params->params[RSA_PRIV], t1)_gnutls_mpi_ops.bigint_mod(params->params[2],t1);
894 if (t2 == NULL((void*)0))
895 {
896 ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR)gnutls_assert_val_int(-25, "pk.c", 896);
897 goto rsa_cleanup;
898 }
899
900 if (_gnutls_mpi_cmp(params->params[RSA_E1], t2)_gnutls_mpi_ops.bigint_cmp(params->params[6],t2) != 0)
901 {
902 ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER)gnutls_assert_val_int(-325, "pk.c", 902);
903 goto rsa_cleanup;
904 }
905
906 _gnutls_mpi_sub_ui (t1, params->params[RSA_PRIME2], 1)_gnutls_mpi_ops.bigint_sub_ui(t1,params->params[4],1);
907 _gnutls_mpi_release(&t2);
908
909 t2 = _gnutls_mpi_mod (params->params[RSA_PRIV], t1)_gnutls_mpi_ops.bigint_mod(params->params[2],t1);
910 if (t2 == NULL((void*)0))
911 {
912 ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR)gnutls_assert_val_int(-25, "pk.c", 912);
913 goto rsa_cleanup;
914 }
915
916 if (_gnutls_mpi_cmp(params->params[RSA_E2], t2)_gnutls_mpi_ops.bigint_cmp(params->params[7],t2) != 0)
917 {
918 ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER)gnutls_assert_val_int(-325, "pk.c", 918);
919 goto rsa_cleanup;
920 }
921
922 ret = 0;
923
924rsa_cleanup:
925 _gnutls_mpi_release(&t1);
926 _gnutls_mpi_release(&t2);
927 }
928
929 break;
930 case GNUTLS_PK_DSA:
931 {
932 bigint_t t1 = NULL((void*)0);
933
934 if (params->params_nr != DSA_PRIVATE_PARAMS5)
935 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST)gnutls_assert_val_int(-50, "pk.c", 935);
936
937 t1 = _gnutls_mpi_new (256)_gnutls_mpi_ops.bigint_new(256);
938 if (t1 == NULL((void*)0))
939 return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR)gnutls_assert_val_int(-25, "pk.c", 939);
940
941 _gnutls_mpi_powm (t1, params->params[DSA_G], params->params[DSA_X], params->params[DSA_P])_gnutls_mpi_ops.bigint_powm(t1,params->params[2],params->
params[4],params->params[0]);
942
943 if (_gnutls_mpi_cmp(t1, params->params[DSA_Y])_gnutls_mpi_ops.bigint_cmp(t1,params->params[3]) != 0)
944 {
945 ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER)gnutls_assert_val_int(-325, "pk.c", 945);
946 goto dsa_cleanup;
947 }
948
949 ret = 0;
950
951dsa_cleanup:
952 _gnutls_mpi_release(&t1);
953 }
954
955 break;
956 case GNUTLS_PK_EC:
957 {
958 int curve = params->flags;
959 ecc_key ecc_priv;
960 ecc_point *R;
961 ecc_point zero;
962
963 if (params->params_nr != ECC_PRIVATE_PARAMS9)
964 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST)gnutls_assert_val_int(-50, "pk.c", 964);
965
966 if (is_supported_curve(curve) == 0)
967 return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE)gnutls_assert_val_int(-322, "pk.c", 967);
968
969 _ecc_params_to_privkey(params, &ecc_priv);
970 R = ecc_new_point();
971
972 /* verify that x,y lie on the curve */
973 ret = ecc_projective_check_point(&ecc_priv.pubkey, TOMPZ(params->params[ECC_B])(*((mpz_t*)(params->params[3]))), params->params[ECC_PRIME0]);
974 if (ret != 0)
975 {
976 ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER)gnutls_assert_val_int(-325, "pk.c", 976);
977 goto ecc_cleanup;
978 }
979
980 memcpy(&zero.x, ecc_priv.Gx, sizeof(mpz_t));
981 memcpy(&zero.y, ecc_priv.Gy, sizeof(mpz_t));
982 memcpy(&zero.z, ecc_priv.pubkey.z, sizeof(mpz_t)); /* z = 1 */
983
984 /* verify that k*(Gx,Gy)=(x,y) */
985 ret = ecc_mulmod(ecc_priv.k, &zero, R, TOMPZ(params->params[ECC_A])(*((mpz_t*)(params->params[2]))), TOMPZ(params->params[ECC_PRIME])(*((mpz_t*)(params->params[0]))), 1);
986 if (ret != 0)
987 {
988 ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER)gnutls_assert_val_int(-325, "pk.c", 988);
989 goto ecc_cleanup;
990 }
991
992 if (mpz_cmp__gmpz_cmp(ecc_priv.pubkey.x, R->x) != 0 || mpz_cmp__gmpz_cmp(ecc_priv.pubkey.y, R->y) != 0)
993 {
994 ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER)gnutls_assert_val_int(-325, "pk.c", 994);
995 goto ecc_cleanup;
996 }
997
998 ret = 0;
999
1000ecc_cleanup:
1001 _ecc_params_clear(&ecc_priv);
1002 ecc_del_point(R);
1003 }
1004 break;
1005 default:
1006 ret = gnutls_assert_val(GNUTLS_E_INVALID_REQUEST)gnutls_assert_val_int(-50, "pk.c", 1006);
1007 }
1008
1009 return ret;
1010}
1011
1012static int calc_rsa_exp (gnutls_pk_params_st* params)
1013{
1014 bigint_t tmp = _gnutls_mpi_alloc_like (params->params[0])_gnutls_mpi_ops.bigint_new(_gnutls_mpi_ops.bigint_get_nbits(params
->params[0]));
1015
1016 if (params->params_nr < RSA_PRIVATE_PARAMS8 - 2)
1017 {
1018 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",1018); } while(0);;
1019 return GNUTLS_E_INTERNAL_ERROR-59;
1020 }
1021
1022 if (tmp == NULL((void*)0))
1023 {
1024 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",1024); } while(0);;
1025 return GNUTLS_E_MEMORY_ERROR-25;
1026 }
1027
1028 /* [6] = d % p-1, [7] = d % q-1 */
1029 _gnutls_mpi_sub_ui (tmp, params->params[3], 1)_gnutls_mpi_ops.bigint_sub_ui(tmp,params->params[3],1);
1030 params->params[6] = _gnutls_mpi_mod (params->params[2] /*d */ , tmp)_gnutls_mpi_ops.bigint_mod(params->params[2],tmp);
1031
1032 _gnutls_mpi_sub_ui (tmp, params->params[4], 1)_gnutls_mpi_ops.bigint_sub_ui(tmp,params->params[4],1);
1033 params->params[7] = _gnutls_mpi_mod (params->params[2] /*d */ , tmp)_gnutls_mpi_ops.bigint_mod(params->params[2],tmp);
1034
1035 _gnutls_mpi_release (&tmp);
1036
1037 if (params->params[7] == NULL((void*)0) || params->params[6] == NULL((void*)0))
1038 {
1039 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",1039); } while(0);;
1040 return GNUTLS_E_MEMORY_ERROR-25;
1041 }
1042
1043 return 0;
1044}
1045
1046
1047static int
1048wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo,
1049 gnutls_direction_t direction,
1050 gnutls_pk_params_st * params)
1051{
1052 int result;
1053
1054 if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA)
1055 {
1056 /* do not trust the generated values. Some old private keys
1057 * generated by us have mess on the values. Those were very
1058 * old but it seemed some of the shipped example private
1059 * keys were as old.
1060 */
1061 mpz_invert__gmpz_invert (TOMPZ (params->params[RSA_COEF])(*((mpz_t*)(params->params[5]))),
1062 TOMPZ (params->params[RSA_PRIME2])(*((mpz_t*)(params->params[4]))), TOMPZ (params->params[RSA_PRIME1])(*((mpz_t*)(params->params[3]))));
1063
1064 /* calculate exp1 [6] and exp2 [7] */
1065 _gnutls_mpi_release (&params->params[RSA_E16]);
1066 _gnutls_mpi_release (&params->params[RSA_E27]);
1067
1068 result = calc_rsa_exp (params);
1069 if (result < 0)
1070 {
1071 gnutls_assert ()do { if (__builtin_expect((_gnutls_log_level >= 2), 0)) _gnutls_log
( 2, "ASSERT: %s:%d\n", "pk.c",1071); } while(0);;
1072 return result;
1073 }
1074 params->params_nr = RSA_PRIVATE_PARAMS8;
1075 }
1076
1077 return 0;
1078}
1079
1080int crypto_pk_prio = INT_MAX2147483647;
1081
1082gnutls_crypto_pk_st _gnutls_pk_ops = {
1083 .encrypt = _wrap_nettle_pk_encrypt,
1084 .decrypt = _wrap_nettle_pk_decrypt,
1085 .sign = _wrap_nettle_pk_sign,
1086 .verify = _wrap_nettle_pk_verify,
1087 .verify_params = wrap_nettle_pk_verify_params,
1088 .generate = wrap_nettle_pk_generate_params,
1089 .pk_fixup_private_params = wrap_nettle_pk_fixup,
1090 .derive = _wrap_nettle_pk_derive,
1091};