diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-25 08:38:43 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-05-27 05:35:11 +0000 |
| commit | d5f226c8e605b5ee14a6d9ed289b32dedb903d4d (patch) | |
| tree | 3e82b546430c6f186169a9854a776ebf8d94fd40 | |
| parent | f406f683e9841ae8cc80f65e822334c1494faba5 (diff) | |
| download | gnutls-d5f226c8e605b5ee14a6d9ed289b32dedb903d4d.tar.gz | |
pk: exported gnutls_decode_rs_value() and gnutls_encode_rs_value()
These functions allow encoding to and from a Dss-Sig-Value.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
| -rw-r--r-- | lib/includes/gnutls/crypto.h | 3 | ||||
| -rw-r--r-- | lib/libgnutls.map | 2 | ||||
| -rw-r--r-- | lib/pk.c | 59 |
3 files changed, 63 insertions, 1 deletions
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h index 2590d758a3..43dd37163b 100644 --- a/lib/includes/gnutls/crypto.h +++ b/lib/includes/gnutls/crypto.h @@ -236,6 +236,9 @@ gnutls_decode_ber_digest_info(const gnutls_datum_t * info, gnutls_digest_algorithm_t *hash, unsigned char *digest, unsigned int *digest_size); +int gnutls_decode_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t *r, gnutls_datum_t *s); +int gnutls_encode_rs_value(gnutls_datum_t * sig_value, const gnutls_datum_t * r, const gnutls_datum_t * s); + /* *INDENT-OFF* */ #ifdef __cplusplus } diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 61a4e98194..af7a151ff4 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1140,6 +1140,8 @@ GNUTLS_3_4 gnutls_x509_ext_export_inhibit_anypolicy; gnutls_x509_crt_get_inhibit_anypolicy; gnutls_x509_crt_set_inhibit_anypolicy; + gnutls_decode_rs_value; + gnutls_encode_rs_value; local: *; }; @@ -1,5 +1,6 @@ /* * Copyright (C) 2001-2014 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. * * Author: Nikos Mavrogiannopoulos * @@ -37,7 +38,34 @@ #include <random.h> #include <gnutls/crypto.h> -/* encodes the Dss-Sig-Value structure +/** + * gnutls_encode_rs_value: + * @sig_value: will hold a Dss-Sig-Value DER encoded structure + * @r: must contain the r value + * @s: must contain the s value + * + * This function will encode the provided r and s values, + * into a Dss-Sig-Value structure, used for DSA and ECDSA + * signatures. + * + * The output value should be deallocated using gnutls_free(). + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise + * an error code is returned. + * + * Since: 3.6.0 + * + **/ +int +gnutls_encode_rs_value(gnutls_datum_t * sig_value, + const gnutls_datum_t * r, + const gnutls_datum_t * s) +{ + return _gnutls_encode_ber_rs_raw(sig_value, r, s); +} + +/* same as gnutls_encode_rs_value(), but kept since it used + * to be exported for FIPS140 CAVS testing. */ int _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value, @@ -190,6 +218,35 @@ _gnutls_decode_ber_rs(const gnutls_datum_t * sig_value, bigint_t * r, return 0; } +/** + * gnutls_decode_rs_value: + * @sig_value: holds a Dss-Sig-Value DER or BER encoded structure + * @r: will contain the r value + * @s: will contain the s value + * + * This function will decode the provided @sig_value, + * into @r and @s elements. The Dss-Sig-Value is used for DSA and ECDSA + * signatures. + * + * The output values may be padded with a zero byte to prevent them + * from being interpreted as negative values. The value + * should be deallocated using gnutls_free(). + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise + * an error code is returned. + * + * Since: 3.6.0 + * + **/ +int gnutls_decode_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t *r, + gnutls_datum_t *s) +{ + return _gnutls_decode_ber_rs_raw(sig_value, r, s); +} + +/* same as gnutls_decode_rs_value(), but kept since it used + * to be exported for FIPS140 CAVS testing. + */ int _gnutls_decode_ber_rs_raw(const gnutls_datum_t * sig_value, gnutls_datum_t *r, gnutls_datum_t *s) |