[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] X.509 certificates around JUST A PUBLIC key... can it
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] X.509 certificates around JUST A PUBLIC key... can it be done? |
Date: |
Sat, 02 Aug 2008 12:06:11 +0300 |
User-agent: |
Thunderbird 2.0.0.16 (X11/20080724) |
Zach C. wrote:
> So here's the dilemma.
> I'm fully aware that I can currently generate the Root and Host certificates
> without a problem in GnuTLS. The problem I'm having, though, is that I
> *need* to be able to generate a certificate around the public key sent by
> the iPhone and then sign that certificate with the root private key. I'm
> wondering if that's possible in GnuTLS... I was considering doing a
> gnutls_x509_privkey_import_rsa_raw and *only* setting the modulus and public
> exponent (however I would get them), but I'm not sure if that would work or
> if GnuTLS would throw an error out about it. And if it did it properly,
> whether setting the new "private key" struct on a new certificate would do
> what I'm describing here.
Actually I sketched a function like that. I'd appreciate if you could
try if it fits your needs.
regards,
Nikos
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index ff73c40..2eac706 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -678,6 +678,74 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,
gnutls_x509_privkey_t key)
}
/**
+ * gnutls_x509_crq_set_key_rsa_raw - This function will associate the
Certificate request with a key
+ * @crq: should contain a gnutls_x509_crq_t structure
+ * @m: holds the modulus
+ * @e: holds the public exponent
+ *
+ * This function will set the public parameters from the given private key to
the
+ * request. Only RSA keys are currently supported.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ **/
+int
+gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
+{
+ int result, ret;
+ size_t siz = 0;
+ bigint_t temp_params[RSA_PUBLIC_PARAMS];
+
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memset(temp_params, 0, sizeof(temp_params));
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz (&temp_params[0], m->data, siz))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto error;
+ }
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz (&temp_params[1], e->data, siz))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto error;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params (crq->crq,
+
"certificationRequestInfo.subjectPKInfo",
+ GNUTLS_PK_RSA,
+ temp_params,
+ RSA_PUBLIC_PARAMS);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ ret = result;
+ goto error;
+ }
+
+ ret = 0;
+
+error:
+ _gnutls_mpi_release (&temp_params[0]);
+ _gnutls_mpi_release (&temp_params[1]);
+ return ret;
+}
+
+/**
* gnutls_x509_crq_set_challenge_password - This function will set a
challenge password
* @crq: should contain a gnutls_x509_crq_t structure
* @pass: holds a null terminated password