[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-31-gfb39830
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-31-gfb39830 |
|
Date: |
Mon, 27 Aug 2012 16:38:15 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=fb39830546a65c757f3aa473357098f9877dba87
The branch, master has been updated
via fb39830546a65c757f3aa473357098f9877dba87 (commit)
via e62907fde541e88ed7badd791629ccaf0353bd46 (commit)
from ee7f87ef596232c7097a48a7cff2fe16b5bc79da (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fb39830546a65c757f3aa473357098f9877dba87
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Aug 27 18:38:01 2012 +0200
simplified ECDSA/DSA signature generation in tokens.
commit e62907fde541e88ed7badd791629ccaf0353bd46
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Aug 26 23:26:29 2012 +0200
documented fix
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 +++
lib/gnutls_pk.c | 48 +++++++++++++++++++++++++++++++++++++++----
lib/gnutls_pk.h | 4 +++
lib/pkcs11_privkey.c | 55 ++++++++++++++++++++------------------------------
4 files changed, 73 insertions(+), 38 deletions(-)
diff --git a/NEWS b/NEWS
index 2707899..e36b2a0 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,10 @@ assume the PKCS #8 file format, instead of ignoring the
password.
** tpmtool: No longer asks for key password in registered keys.
+** libgnutls: Fixed DSA and ECDSA signature generation in smart
+cards. Thanks to Andreas Schwier from cardcontact.de for providing
+me with ECDSA capable smart cards.
+
** API and ABI modifications:
gnutls_sign_algorithm_get: Added
gnutls_sign_get_hash_algorithm: Added
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 8c3b9d3..f65b7da 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -39,6 +39,48 @@
/* encodes the Dss-Sig-Value structure
*/
int
+_gnutls_encode_ber_rs_raw (gnutls_datum_t * sig_value,
+ const gnutls_datum_t *r,
+ const gnutls_datum_t *s)
+{
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_write_value( sig, "r", r->data, r->size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return _gnutls_asn2err(result);
+ }
+
+ result = asn1_write_value( sig, "s", s->data, s->size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return _gnutls_asn2err(result);
+ }
+
+ result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
+ asn1_delete_structure (&sig);
+
+ if (result < 0)
+ return gnutls_assert_val(result);
+
+ return 0;
+}
+
+int
_gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
{
ASN1_TYPE sig;
@@ -70,14 +112,10 @@ _gnutls_encode_ber_rs (gnutls_datum_t * sig_value,
bigint_t r, bigint_t s)
}
result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
-
asn1_delete_structure (&sig);
if (result < 0)
- {
- gnutls_assert ();
- return result;
- }
+ return gnutls_assert_val(result);
return 0;
}
diff --git a/lib/gnutls_pk.h b/lib/gnutls_pk.h
index ee2b80b..29af4c4 100644
--- a/lib/gnutls_pk.h
+++ b/lib/gnutls_pk.h
@@ -49,6 +49,10 @@ int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, const
gnutls_pk_params_st
/* The internal PK interface */
int
_gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s);
+int
+_gnutls_encode_ber_rs_raw (gnutls_datum_t * sig_value,
+ const gnutls_datum_t *r,
+ const gnutls_datum_t *s);
int
_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 43e3877..3a6ce09 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -148,22 +148,6 @@ gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t
pkey,
} while (0);
-static int read_rs(bigint_t *r, bigint_t *s, uint8_t *data, size_t data_size)
-{
-unsigned int dhalf = data_size/2;
-
- if (_gnutls_mpi_scan_nz (r, data, dhalf) != 0)
- return gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
-
- if (_gnutls_mpi_scan_nz (s, &data[dhalf], dhalf) != 0)
- {
- _gnutls_mpi_release(r);
- return gnutls_assert_val(GNUTLS_E_MPI_SCAN_FAILED);
- }
-
- return 0;
-}
-
/*-
* _gnutls_pkcs11_privkey_sign_hash:
* @key: Holds the key
@@ -185,6 +169,7 @@ _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t
key,
ck_rv_t rv;
int ret;
struct ck_mechanism mech;
+ gnutls_datum_t tmp = {NULL, 0};
unsigned long siglen;
struct pkcs11_session_info _sinfo;
struct pkcs11_session_info *sinfo;
@@ -225,23 +210,22 @@ _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t
key,
goto cleanup;
}
- signature->data = gnutls_malloc (siglen);
- signature->size = siglen;
+ tmp.data = gnutls_malloc (siglen);
+ tmp.size = siglen;
- rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size,
signature->data, &siglen);
+ rv = pkcs11_sign (sinfo->module, sinfo->pks, hash->data, hash->size,
tmp.data, &siglen);
if (rv != CKR_OK)
{
- gnutls_free (signature->data);
gnutls_assert ();
ret = pkcs11_rv_to_err (rv);
goto cleanup;
}
- signature->size = siglen;
if (key->pk_algorithm == GNUTLS_PK_EC || key->pk_algorithm == GNUTLS_PK_DSA)
{
- bigint_t r,s;
+ unsigned int hlen = siglen / 2;
+ gnutls_datum_t r, s;
if (siglen % 2 != 0)
{
@@ -250,23 +234,26 @@ _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t
key,
goto cleanup;
}
- ret = read_rs(&r, &s, signature->data, signature->size);
- if (ret < 0)
- {
- gnutls_assert();
- goto cleanup;
- }
-
- gnutls_free(signature->data);
- ret = _gnutls_encode_ber_rs (signature, r, s);
- _gnutls_mpi_release(&r);
- _gnutls_mpi_release(&s);
+ r.data = tmp.data;
+ r.size = hlen;
+
+ s.data = &tmp.data[hlen];
+ s.size = hlen;
+ ret = _gnutls_encode_ber_rs_raw (signature, &r, &s);
if (ret < 0)
{
gnutls_assert();
goto cleanup;
}
+
+ gnutls_free(tmp.data);
+ tmp.data = NULL;
+ }
+ else
+ {
+ signature->size = siglen;
+ signature->data = tmp.data;
}
ret = 0;
@@ -274,6 +261,8 @@ _gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t
key,
cleanup:
if (sinfo != &key->sinfo)
pkcs11_close_session (sinfo);
+ if (ret < 0)
+ gnutls_free(tmp.data);
return ret;
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-31-gfb39830,
Nikos Mavrogiannopoulos <=