gnutls-commit
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-17-g676b4da


From: Nikos Mavrogiannopoulos
Subject: [SCM] GNU gnutls branch, master, updated. gnutls_3_0_11-17-g676b4da
Date: Sun, 08 Jan 2012 14:54:37 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=676b4da6b9737e2113326c3c8e606e3616a2904b

The branch, master has been updated
       via  676b4da6b9737e2113326c3c8e606e3616a2904b (commit)
      from  3eece98521d1965bd260b5f4a4e38835b01a9d35 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 676b4da6b9737e2113326c3c8e606e3616a2904b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun Jan 8 15:57:47 2012 +0100

    Added gnutls_pubkey_encrypt_data().

-----------------------------------------------------------------------

Summary of changes:
 NEWS                                               |    2 +-
 lib/gnutls_pubkey.c                                |   35 ++++++-
 lib/includes/gnutls/abstract.h                     |    5 +
 lib/libgnutls.map                                  |    1 +
 tests/Makefile.am                                  |    2 +-
 tests/{x509sign-verify.c => rsa-encrypt-decrypt.c} |  113 ++++++--------------
 6 files changed, 75 insertions(+), 83 deletions(-)
 copy tests/{x509sign-verify.c => rsa-encrypt-decrypt.c} (57%)

diff --git a/NEWS b/NEWS
index 80a51a2..5ff929a 100644
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ and public keys as well.
 generation.
 
 ** API and ABI modifications:
-No changes since last version.
+gnutls_pubkey_encrypt_data: Added
 
 
 * Version 3.0.11 (released 2012-01-06)
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index 3e93306..0a8a4c4 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -1373,13 +1373,13 @@ gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey,
 
 /**
  * gnutls_pubkey_verify_hash:
- * @key: Holds the certificate
+ * @key: Holds the public key
  * @flags: should be 0 for now
  * @hash: holds the hash digest to be verified
  * @signature: contains the signature
  *
  * This function will verify the given signed digest, using the
- * parameters from the certificate.
+ * parameters from the public key.
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value (%GNUTLS_E_PK_SIG_VERIFY_FAILED in verification 
failure).
@@ -1407,6 +1407,37 @@ gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned 
int flags,
 }
 
 /**
+ * gnutls_pubkey_encrypt_data:
+ * @key: Holds the public key
+ * @flags: should be 0 for now
+ * @plaintext: The data to be encrypted
+ * @ciphertext: contains the encrypted data
+ *
+ * This function will encrypt the given data, using the public
+ * key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value.
+ *
+ * Since: 3.0.0
+ **/
+int
+gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags,
+                           const gnutls_datum_t * plaintext,
+                           gnutls_datum_t * ciphertext)
+{
+  if (key == NULL || key->pk_algorithm != GNUTLS_PK_RSA)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  return _gnutls_pkcs1_rsa_encrypt (ciphertext, plaintext,
+                                    &key->params,
+                                    2);
+}
+
+/**
  * gnutls_pubkey_get_verify_algorithm:
  * @key: Holds the certificate
  * @signature: contains the signature
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 84bac69..ce043c1 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -126,6 +126,11 @@ gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key,
                               const gnutls_datum_t * x,
                               const gnutls_datum_t * y);
 
+int
+gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags,
+                           const gnutls_datum_t * plaintext,
+                           gnutls_datum_t * ciphertext);
+
 int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key);
 
 int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key);
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 0477210..81b0cef 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -727,6 +727,7 @@ GNUTLS_3_0_0 {
        gnutls_x509_privkey_verify_params;
        gnutls_priority_get_cipher_suite_index;
        gnutls_random_art;
+       gnutls_pubkey_encrypt_data;
 } GNUTLS_2_12;
 
 GNUTLS_PRIVATE {
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b00adfc..005f503 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -66,7 +66,7 @@ ctests = mini-deflate simple gc set_pkcs12_cred certder 
certuniqueid  \
         crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain         \
         nul-in-x509-names x509_altname pkcs12_encode mini-x509         \
         mini-x509-rehandshake rng-fork mini-eagain-dtls        \
-        x509cert x509cert-tl infoaccess
+        x509cert x509cert-tl infoaccess rsa-encrypt-decrypt
 
 if ENABLE_OPENSSL
 ctests +=  openssl
diff --git a/tests/x509sign-verify.c b/tests/rsa-encrypt-decrypt.c
similarity index 57%
copy from tests/x509sign-verify.c
copy to tests/rsa-encrypt-decrypt.c
index cecff55..b17b38e 100644
--- a/tests/x509sign-verify.c
+++ b/tests/rsa-encrypt-decrypt.c
@@ -49,16 +49,9 @@ const gnutls_datum_t hash_data = {
   20
 };
 
-const gnutls_datum_t invalid_hash_data = {
-  (void *)
-    "\xaa\xf4\xc6\x1d\xdc\xca\xe8\xa2\xda\xbe"
-    "\xde\x0f\x3b\x48\x2c\xb9\xae\xa9\x43\x4d",
-  20
-};
-
 const gnutls_datum_t raw_data = {
-  (void *) "hello",
-  5
+  (void *) "hello there",
+  11
 };
 
 static char pem1_cert[] =
@@ -93,51 +86,12 @@ static char pem1_key[] =
   "sWZGfbnU3ryjvkb6YuFjgtzbZDZHWQCo8/cOtOBmPdk=\n"
   "-----END RSA PRIVATE KEY-----\n";
 
-static char pem2_cert[] =
-  "-----BEGIN CERTIFICATE-----\n"
-  "MIIDbzCCAtqgAwIBAgIERiYdRTALBgkqhkiG9w0BAQUwGTEXMBUGA1UEAxMOR251\n"
-  "VExTIHRlc3QgQ0EwHhcNMDcwNDE4MTMyOTQxWhcNMDgwNDE3MTMyOTQxWjA3MRsw\n"
-  "GQYDVQQKExJHbnVUTFMgdGVzdCBzZXJ2ZXIxGDAWBgNVBAMTD3Rlc3QuZ251dGxz\n"
-  "Lm9yZzCCAbQwggEpBgcqhkjOOAQBMIIBHAKBgLmE9VqBvhoNxYpzjwybL5u2DkvD\n"
-  "dBp/ZK2d8yjFoEe8m1dW8ZfVfjcD6fJM9OOLfzCjXS+7oaI3wuo1jx+xX6aiXwHx\n"
-  "IzYr5E8vLd2d1TqmOa96UXzSJY6XdM8exXtLdkOBBx8GFLhuWBLhkOI3b9Ib7GjF\n"
-  "WOLmMOBqXixjeOwHAhSfVoxIZC/+jap6bZbbBF0W7wilcQKBgGIGfuRcdgi3Rhpd\n"
-  "15fUKiH7HzHJ0vT6Odgn0Zv8J12nCqca/FPBL0PCN8iFfz1Mq12BMvsdXh5UERYg\n"
-  "xoBa2YybQ/Dda6D0w/KKnDnSHHsP7/ook4/SoSLr3OCKi60oDs/vCYXpNr2LelDV\n"
-  "e/clDWxgEcTvcJDP1hvru47GPjqXA4GEAAKBgA+Kh1fy0cLcrN9Liw+Luin34QPk\n"
-  "VfqymAfW/RKxgLz1urRQ1H+gDkPnn8l4EV/l5Awsa2qkNdy9VOVgNpox0YpZbmsc\n"
-  "ur0uuut8h+/ayN2h66SD5out+vqOW9c3yDI+lsI+9EPafZECD7e8+O+P90EAXpbf\n"
-  "DwiW3Oqy6QaCr9Ivo4GTMIGQMAwGA1UdEwEB/wQCMAAwGgYDVR0RBBMwEYIPdGVz\n"
-  "dC5nbnV0bHMub3JnMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH\n"
-  "gAAwHQYDVR0OBBYEFL/su87Y6HtwVuzz0SuS1tSZClvzMB8GA1UdIwQYMBaAFOk8\n"
-  "HPutkm7mBqRWLKLhwFMnyPKVMAsGCSqGSIb3DQEBBQOBgQBCsrnfD1xzh8/Eih1f\n"
-  "x+M0lPoX1Re5L2ElHI6DJpHYOBPwf9glwxnet2+avzgUQDUFwUSxOhodpyeaACXD\n"
-  "o0gGVpcH8sOBTQ+aTdM37hGkPxoXjtIkR/LgG5nP2H2JRd5TkW8l13JdM4MJFB4W\n"
-  "QcDzQ8REwidsfh9uKAluk1c/KQ==\n" "-----END CERTIFICATE-----\n";
-
-static char pem2_key[] =
-  "-----BEGIN DSA PRIVATE KEY-----\n"
-  "MIIBugIBAAKBgQC5hPVagb4aDcWKc48Mmy+btg5Lw3Qaf2StnfMoxaBHvJtXVvGX\n"
-  "1X43A+nyTPTji38wo10vu6GiN8LqNY8fsV+mol8B8SM2K+RPLy3dndU6pjmvelF8\n"
-  "0iWOl3TPHsV7S3ZDgQcfBhS4blgS4ZDiN2/SG+xoxVji5jDgal4sY3jsBwIVAJ9W\n"
-  "jEhkL/6NqnptltsEXRbvCKVxAoGAYgZ+5Fx2CLdGGl3Xl9QqIfsfMcnS9Po52CfR\n"
-  "m/wnXacKpxr8U8EvQ8I3yIV/PUyrXYEy+x1eHlQRFiDGgFrZjJtD8N1roPTD8oqc\n"
-  "OdIcew/v+iiTj9KhIuvc4IqLrSgOz+8Jhek2vYt6UNV79yUNbGARxO9wkM/WG+u7\n"
-  "jsY+OpcCgYAPiodX8tHC3KzfS4sPi7op9+ED5FX6spgH1v0SsYC89bq0UNR/oA5D\n"
-  "55/JeBFf5eQMLGtqpDXcvVTlYDaaMdGKWW5rHLq9LrrrfIfv2sjdoeukg+aLrfr6\n"
-  "jlvXN8gyPpbCPvRD2n2RAg+3vPjvj/dBAF6W3w8IltzqsukGgq/SLwIUS5/r/2ya\n"
-  "AoNBXjeBjgCGMei2m8E=\n" "-----END DSA PRIVATE KEY-----\n";
-
 const gnutls_datum_t cert_dat[] = {
   {pem1_cert, sizeof (pem1_cert)}
-  ,
-  {pem2_cert, sizeof (pem2_cert)}
 };
 
 const gnutls_datum_t key_dat[] = {
   {pem1_key, sizeof (pem1_key)}
-  ,
-  {pem2_key, sizeof (pem2_key)}
 };
 
 void
@@ -147,9 +101,7 @@ doit (void)
   gnutls_x509_crt_t crt;
   gnutls_pubkey_t pubkey;
   gnutls_privkey_t privkey;
-  gnutls_digest_algorithm_t hash_algo;
-  gnutls_datum_t signature;
-  gnutls_datum_t signature2;
+  gnutls_datum_t out, out2;
   int ret;
   size_t i;
 
@@ -181,16 +133,6 @@ doit (void)
       if (ret < 0)
         fail ("gnutls_privkey_import_x509\n");
 
-      ret = gnutls_privkey_sign_hash (privkey, GNUTLS_DIG_SHA1, 0,
-                                     &hash_data, &signature2);
-      if (ret < 0)
-        fail ("gnutls_privkey_sign_hash\n");
-
-      ret = gnutls_privkey_sign_data (privkey, GNUTLS_DIG_SHA1, 0,
-                                     &raw_data, &signature);
-      if (ret < 0)
-        fail ("gnutls_x509_privkey_sign_hash\n");
-
       ret = gnutls_x509_crt_init (&crt);
       if (ret < 0)
         fail ("gnutls_x509_crt_init\n");
@@ -204,32 +146,45 @@ doit (void)
       if (ret < 0)
         fail ("gnutls_x509_pubkey_import\n");
 
-      ret =
-        gnutls_pubkey_get_verify_algorithm (pubkey, &signature, &hash_algo);
-      if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
-        fail ("gnutls_x509_crt_get_verify_algorithm\n");
 
-      ret = gnutls_pubkey_verify_hash (pubkey, 0, &hash_data, &signature);
+      ret = gnutls_pubkey_encrypt_data(pubkey, 0, &hash_data, &out);
       if (ret < 0)
-        fail ("gnutls_x509_privkey_verify_hash\n");
+        fail ("gnutls_pubkey_encrypt_data\n");
 
-      ret =
-        gnutls_pubkey_get_verify_algorithm (pubkey, &signature2, &hash_algo);
-      if (ret < 0 || hash_algo != GNUTLS_DIG_SHA1)
-        fail ("gnutls_x509_crt_get_verify_algorithm (hashed data)\n");
 
-      ret = gnutls_pubkey_verify_hash (pubkey, 0, &hash_data, &signature2);
+      ret = gnutls_privkey_decrypt_data (privkey, 0,
+                                     &out, &out2);
+      if (ret < 0)
+        fail ("gnutls_privkey_decrypt_data\n");
+
+      if (out2.size != hash_data.size)
+        fail ("Decrypted data don't match original (1)\n");
+
+      if (memcmp(out2.data, hash_data.data, hash_data.size) != 0)
+        fail ("Decrypted data don't match original (2)\n");
+
+      gnutls_free(out.data);
+      gnutls_free(out2.data);
+
+      ret = gnutls_pubkey_encrypt_data(pubkey, 0, &raw_data, &out);
       if (ret < 0)
-        fail ("gnutls_x509_privkey_verify_hash (hashed data)\n");
+        fail ("gnutls_pubkey_encrypt_data\n");
+
+      ret = gnutls_privkey_decrypt_data (privkey, 0,
+                                     &out, &out2);
+      if (ret < 0)
+        fail ("gnutls_privkey_decrypt_data\n");
+
+      if (out2.size != raw_data.size)
+        fail ("Decrypted data don't match original (3)\n");
 
-      /* should fail */
-      ret = gnutls_pubkey_verify_hash (pubkey, 0, &invalid_hash_data, 
&signature2);
-      if (ret != GNUTLS_E_PK_SIG_VERIFY_FAILED)
-        fail ("gnutls_x509_privkey_verify_hash (hashed data)\n");
+      if (memcmp(out2.data, raw_data.data, raw_data.size) != 0)
+        fail ("Decrypted data don't match original (4)\n");
 
+      if (debug) success("ok\n");
 
-      gnutls_free(signature.data);
-      gnutls_free(signature2.data);
+      gnutls_free(out.data);
+      gnutls_free(out2.data);
       gnutls_x509_privkey_deinit (key);
       gnutls_x509_crt_deinit (crt);
       gnutls_privkey_deinit (privkey);


hooks/post-receive
-- 
GNU gnutls



reply via email to

[Prev in Thread] Current Thread [Next in Thread]