[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-28-gdbde31c
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-28-gdbde31c |
|
Date: |
Thu, 16 Dec 2010 21:19:35 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=dbde31c7e7f19a57d5f02f9738f2f4585f2dbd2b
The branch, master has been updated
via dbde31c7e7f19a57d5f02f9738f2f4585f2dbd2b (commit)
via 70084689899074009015d16ed6aca1261b6523e4 (commit)
from 6eb6bbfe8e504a611145f454f4045e8f49fd5e44 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dbde31c7e7f19a57d5f02f9738f2f4585f2dbd2b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Dec 16 22:18:25 2010 +0100
Documented the addtion of gnutls_pubkey_import_privkey() and
gnutls_pubkey_verify_data()
commit 70084689899074009015d16ed6aca1261b6523e4
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Dec 16 22:16:19 2010 +0100
Added gnutls_pubkey_verify_data and test vectors.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 5 +++
lib/gnutls_pubkey.c | 37 +++++++++++++++++++
lib/includes/gnutls/abstract.h | 5 +++
lib/libgnutls.map | 1 +
lib/x509/verify.c | 7 +++-
tests/x509sign-verify.c | 79 +++++++++++++++++++++++++++++++++++++++-
6 files changed, 131 insertions(+), 3 deletions(-)
diff --git a/NEWS b/NEWS
index c3ee12d..66f6d6d 100644
--- a/NEWS
+++ b/NEWS
@@ -8,6 +8,9 @@ See the end for copying conditions.
** libgnutls: The deprecated gnutls_x509_privkey_sign_hash() was
replaced by gnutls_privkey_sign_hash2().
+** Added helper functions for signature verification:
+gnutls_pubkey_verify_data() and gnutls_pubkey_import_privkey().
+
** libgnutls: Added gnutls_pkcs11_privkey_sign_hash2(),
gnutls_openpgp_privkey_sign_hash2(), gnutls_privkey_sign_hash2(),
and gnutls_openpgp_crt_verify_hash().
@@ -19,6 +22,8 @@ integers.
Reported by "Brendan Doherty" <address@hidden>.
** API and ABI modifications:
+gnutls_pubkey_import_privkey: ADDED
+gnutls_pubkey_verify_data: ADDED
gnutls_pkcs11_privkey_sign_hash2: ADDED
gnutls_openpgp_privkey_sign_hash2: ADDED
gnutls_x509_privkey_sign_hash2: ADDED
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index a169871..d903a60 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -970,6 +970,43 @@ gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
}
/**
+ * gnutls_pubkey_verify_data:
+ * @pubkey: Holds the public key
+ * @flags: should be 0 for now
+ * @data: holds the data to be signed
+ * @signature: contains the signature
+ *
+ * This function will verify the given signed data, using the
+ * parameters from the certificate.
+ *
+ * Returns: In case of a verification failure 0 is returned, and 1 on
+ * success.
+ **/
+int
+gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
+{
+ int ret;
+
+ if (pubkey == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = pubkey_verify_sig( data, NULL, signature, pubkey->pk_algorithm,
+ pubkey->params, pubkey->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ }
+
+ return ret;
+}
+
+
+/**
* gnutls_pubkey_verify_hash:
* @key: Holds the certificate
* @flags: should be 0 for now
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 8bffeb5..8f024cb 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -83,6 +83,11 @@ gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
const gnutls_datum_t * signature,
gnutls_digest_algorithm_t * hash);
+int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature);
+
/* Private key operations */
int gnutls_privkey_init (gnutls_privkey_t * key);
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 4ad0ab3..422c90b 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -699,6 +699,7 @@ GNUTLS_2_12
gnutls_x509_privkey_sign_data2;
gnutls_pkcs11_privkey_sign_hash2;
gnutls_pubkey_import_privkey;
+ gnutls_pubkey_verify_data;
} GNUTLS_2_10;
GNUTLS_PRIVATE {
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 5bb77e8..8ced281 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -799,8 +799,13 @@ dsa_verify_sig (const gnutls_datum_t * text,
gnutls_datum_t digest;
digest_hd_st hd;
- if (hash && hash->data && hash->size == 20)
+ if (hash)
{
+ if (!hash->data || hash->size != 20)
+ {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
digest = *hash;
}
else
diff --git a/tests/x509sign-verify.c b/tests/x509sign-verify.c
index 32a6d67..0d2a36c 100644
--- a/tests/x509sign-verify.c
+++ b/tests/x509sign-verify.c
@@ -37,6 +37,7 @@
#include <unistd.h>
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
+#include <gnutls/abstract.h>
#include "utils.h"
@@ -48,6 +49,13 @@ const gnutls_datum_t hash_data = {
20
};
+const gnutls_datum_t invalid_hash_data = {
+ (void *)
+ "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe"
+ "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d",
+ 20
+};
+
const gnutls_datum_t raw_data = {
(void *) "hello",
5
@@ -137,6 +145,8 @@ doit (void)
{
gnutls_x509_privkey_t key;
gnutls_x509_crt_t crt;
+ gnutls_pubkey_t pubkey;
+ gnutls_privkey_t privkey;
gnutls_digest_algorithm_t hash_algo;
gnutls_datum_t signature;
gnutls_datum_t signature2;
@@ -185,7 +195,7 @@ doit (void)
fail ("gnutls_x509_crt_get_verify_algorithm\n");
ret = gnutls_x509_crt_verify_hash (crt, 0, &hash_data, &signature);
- if (ret < 0)
+ if (ret <= 0)
fail ("gnutls_x509_privkey_verify_hash\n");
ret =
@@ -194,12 +204,77 @@ doit (void)
fail ("gnutls_x509_crt_get_verify_algorithm (hashed data)\n");
ret = gnutls_x509_crt_verify_hash (crt, 0, &hash_data, &signature2);
- if (ret < 0)
+ if (ret <= 0)
fail ("gnutls_x509_privkey_verify_hash (hashed data)\n");
+ /* should fail */
+ ret = gnutls_x509_crt_verify_hash (crt, 0, &invalid_hash_data,
&signature2);
+ if (ret < 0 || ret == 1)
+ fail ("gnutls_x509_privkey_verify_hash (hashed data)\n");
+
+
+ gnutls_free(signature.data);
+ gnutls_free(signature2.data);
gnutls_x509_privkey_deinit (key);
gnutls_x509_crt_deinit (crt);
}
+ /* now try verifying using a pubkey that imports the
+ * key from an RSA private key.
+ */
+
+ ret = gnutls_x509_privkey_init (&key);
+ if (ret < 0)
+ fail ("gnutls_x509_privkey_init\n");
+
+ ret = gnutls_pubkey_init (&pubkey);
+ if (ret < 0)
+ fail ("gnutls_privkey_init\n");
+
+ ret = gnutls_privkey_init (&privkey);
+ if (ret < 0)
+ fail ("gnutls_pubkey_init\n");
+
+ ret = gnutls_x509_privkey_generate (key, GNUTLS_PK_RSA, 1024, 0);
+ if (ret < 0)
+ fail ("gnutls_x509_privkey_generate\n");
+
+ ret =
+ gnutls_x509_privkey_sign_data2 (key, GNUTLS_DIG_SHA1, 0, &raw_data,
+ &signature);
+ if (ret < 0)
+ fail ("gnutls_x509_privkey_sign_hash\n");
+
+ /* try verifying */
+ ret = gnutls_privkey_import_x509 (privkey, key, 0);
+ if (ret < 0)
+ fail ("gnutls_privkey_import_x509\n");
+
+ ret =
+ gnutls_pubkey_import_privkey (pubkey, privkey,
+ GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_ENCIPHERMENT, 0);
+ if (ret < 0)
+ fail ("gnutls_pubkey_import_privkey\n");
+
+ ret = gnutls_pubkey_get_verify_algorithm (pubkey, &signature, &hash_algo);
+ if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
+ fail ("gnutls_pubkey_get_verify_algorithm\n");
+
+ /* should fail */
+ ret = gnutls_pubkey_verify_hash (pubkey, 0, &invalid_hash_data, &signature);
+ if (ret < 0 || ret == 1)
+ fail ("gnutls_x509_privkey_verify_hash 1\n");
+
+ /* should succeed */
+ ret = gnutls_pubkey_verify_data (pubkey, 0, &raw_data, &signature);
+ if (ret <= 0)
+ fail ("gnutls_x509_privkey_verify_data\n");
+
+ gnutls_x509_privkey_deinit(key);
+ gnutls_privkey_deinit (privkey);
+ gnutls_pubkey_deinit (pubkey);
+ gnutls_free(signature.data);
+
gnutls_global_deinit ();
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-28-gdbde31c,
Nikos Mavrogiannopoulos <=