summaryrefslogtreecommitdiff
path: root/legacy/eet/src
diff options
context:
space:
mode:
authorCedric BAIL <cedric.bail@free.fr>2012-02-09 10:30:04 +0000
committerCedric BAIL <cedric.bail@free.fr>2012-02-09 10:30:04 +0000
commit87eb14012b9236415ba6810bae0e32320859b303 (patch)
tree1abc3e0c0cfc8ba414e54b7c11fc3ca19277411f /legacy/eet/src
parentedbdd6a1ad833cadb440eeec68d416e58ff404b3 (diff)
eet: add support for GnuTLS 3.x
SVN revision: 67785
Diffstat (limited to 'legacy/eet/src')
-rw-r--r--legacy/eet/src/lib/eet_cipher.c69
1 files changed, 56 insertions, 13 deletions
diff --git a/legacy/eet/src/lib/eet_cipher.c b/legacy/eet/src/lib/eet_cipher.c
index 37a0899623..0d4203b77e 100644
--- a/legacy/eet/src/lib/eet_cipher.c
+++ b/legacy/eet/src/lib/eet_cipher.c
@@ -56,6 +56,9 @@ void *alloca(size_t);
56 56
57#ifdef HAVE_CIPHER 57#ifdef HAVE_CIPHER
58# ifdef HAVE_GNUTLS 58# ifdef HAVE_GNUTLS
59# if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA
60# include <gnutls/abstract.h>
61# endif
59# include <gnutls/x509.h> 62# include <gnutls/x509.h>
60# include <gcrypt.h> 63# include <gcrypt.h>
61# else /* ifdef HAVE_GNUTLS */ 64# else /* ifdef HAVE_GNUTLS */
@@ -497,6 +500,10 @@ eet_identity_sign(FILE *fp,
497 gnutls_datum_t datum = { NULL, 0 }; 500 gnutls_datum_t datum = { NULL, 0 };
498 size_t sign_len = 0; 501 size_t sign_len = 0;
499 size_t cert_len = 0; 502 size_t cert_len = 0;
503#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
504 gnutls_datum_t signum = { NULL, 0 };
505 gnutls_privkey_t privkey;
506#endif
500# else /* ifdef HAVE_GNUTLS */ 507# else /* ifdef HAVE_GNUTLS */
501 EVP_MD_CTX md_ctx; 508 EVP_MD_CTX md_ctx;
502 unsigned int sign_len = 0; 509 unsigned int sign_len = 0;
@@ -528,6 +535,28 @@ eet_identity_sign(FILE *fp,
528 datum.size = st_buf.st_size; 535 datum.size = st_buf.st_size;
529 536
530 /* Get the signature length */ 537 /* Get the signature length */
538#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
539 if (gnutls_privkey_init(&privkey) < 0)
540 {
541 err = EET_ERROR_SIGNATURE_FAILED;
542 goto on_error;
543 }
544
545 if (gnutls_privkey_import_x509(privkey, key->private_key, 0) < 0)
546 {
547 err = EET_ERROR_SIGNATURE_FAILED;
548 goto on_error;
549 }
550
551 if (gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &datum, &signum) < 0)
552 {
553 err = EET_ERROR_SIGNATURE_FAILED;
554 goto on_error;
555 }
556
557 sign = signum.data;
558 sign_len = signum.size;
559#else
531 if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0, 560 if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
532 &datum, sign, &sign_len) && 561 &datum, sign, &sign_len) &&
533 !sign_len) 562 !sign_len)
@@ -550,6 +579,7 @@ eet_identity_sign(FILE *fp,
550 579
551 goto on_error; 580 goto on_error;
552 } 581 }
582#endif
553 583
554 /* Get the certificate length */ 584 /* Get the certificate length */
555 if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert, 585 if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
@@ -696,6 +726,10 @@ eet_identity_check(const void *data_base,
696 gnutls_datum_t datum; 726 gnutls_datum_t datum;
697 gnutls_datum_t signature; 727 gnutls_datum_t signature;
698# if EET_USE_NEW_GNUTLS_API 728# if EET_USE_NEW_GNUTLS_API
729# if EET_USE_NEW_PUBKEY_VERIFY_HASH
730 gnutls_pubkey_t pubkey;
731 gnutls_digest_algorithm_t hash_algo;
732# endif
699 unsigned char *hash; 733 unsigned char *hash;
700 gcry_md_hd_t md; 734 gcry_md_hd_t md;
701 int err; 735 int err;
@@ -724,28 +758,32 @@ eet_identity_check(const void *data_base,
724 758
725 hash = gcry_md_read(md, GCRY_MD_SHA1); 759 hash = gcry_md_read(md, GCRY_MD_SHA1);
726 if (!hash) 760 if (!hash)
727 { 761 goto on_error;
728 gcry_md_close(md);
729 return NULL;
730 }
731 762
732 datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1); 763 datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
733 datum.data = hash; 764 datum.data = hash;
734 765
766# ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
767 if (gnutls_pubkey_init(&pubkey) < 0)
768 goto on_error;
769
770 if (gnutls_pubkey_import_x509(pubkey, cert, 0) < 0)
771 goto on_error;
772
773 if (gnutls_pubkey_get_verify_algorithm(pubkey, &signature, &hash_algo) < 0)
774 goto on_error;
775
776 if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
777 goto on_error;
778# else
735 if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature)) 779 if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
736 { 780 goto on_error;
737 gcry_md_close(md); 781# endif
738 return NULL;
739 }
740 782
741 if (sha1) 783 if (sha1)
742 { 784 {
743 *sha1 = malloc(datum.size); 785 *sha1 = malloc(datum.size);
744 if (!*sha1) 786 if (!*sha1) goto on_error;
745 {
746 gcry_md_close(md);
747 return NULL;
748 }
749 787
750 memcpy(*sha1, hash, datum.size); 788 memcpy(*sha1, hash, datum.size);
751 *sha1_length = datum.size; 789 *sha1_length = datum.size;
@@ -818,6 +856,11 @@ eet_identity_check(const void *data_base,
818 *raw_signature_length = sign_len; 856 *raw_signature_length = sign_len;
819 857
820 return cert_der; 858 return cert_der;
859# ifdef HAVE_GNUTLS
860 on_error:
861 gcry_md_close(md);
862 return NULL;
863# endif
821#else /* ifdef HAVE_SIGNATURE */ 864#else /* ifdef HAVE_SIGNATURE */
822 data_base = NULL; 865 data_base = NULL;
823 data_length = 0; 866 data_length = 0;