If OCSP revocation data are invalid or too old set appropriate verification flags.
[gnutls.git] / lib / gnutls_rsa_export.c
blobc88aee408359db6432d6b5b044a8cfc5d166371a
1 /*
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* This file contains code for RSA temporary keys. These keys are
24 * only used in export cipher suites.
27 #include <gnutls_int.h>
28 #include <gnutls_errors.h>
29 #include <gnutls_datum.h>
30 #include <gnutls_rsa_export.h>
31 #include "x509/x509_int.h"
32 #include "debug.h"
34 /* returns e and m, depends on the requested bits.
35 * We only support limited key sizes.
37 const gnutls_pk_params_st*
38 _gnutls_rsa_params_to_mpi (gnutls_rsa_params_t rsa_params)
40 if (rsa_params == NULL)
42 return NULL;
45 return &rsa_params->params;
48 /**
49 * gnutls_rsa_params_import_raw:
50 * @rsa_params: Is a structure will hold the parameters
51 * @m: holds the modulus
52 * @e: holds the public exponent
53 * @d: holds the private exponent
54 * @p: holds the first prime (p)
55 * @q: holds the second prime (q)
56 * @u: holds the coefficient
58 * This function will replace the parameters in the given structure.
59 * The new parameters should be stored in the appropriate
60 * gnutls_datum.
62 * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
63 **/
64 int
65 gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
66 const gnutls_datum_t * m,
67 const gnutls_datum_t * e,
68 const gnutls_datum_t * d,
69 const gnutls_datum_t * p,
70 const gnutls_datum_t * q,
71 const gnutls_datum_t * u)
73 return gnutls_x509_privkey_import_rsa_raw (rsa_params, m, e, d, p, q, u);
76 /**
77 * gnutls_rsa_params_init:
78 * @rsa_params: Is a structure that will hold the parameters
80 * This function will initialize the temporary RSA parameters structure.
82 * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
83 **/
84 int
85 gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params)
87 int ret;
89 ret = gnutls_x509_privkey_init (rsa_params);
90 if (ret < 0)
92 gnutls_assert ();
93 return ret;
96 return 0;
99 /**
100 * gnutls_rsa_params_deinit:
101 * @rsa_params: Is a structure that holds the parameters
103 * This function will deinitialize the RSA parameters structure.
105 void
106 gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params)
108 gnutls_x509_privkey_deinit (rsa_params);
112 * gnutls_rsa_params_cpy:
113 * @dst: Is the destination structure, which should be initialized.
114 * @src: Is the source structure
116 * This function will copy the RSA parameters structure from source
117 * to destination.
119 * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
122 gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
124 return gnutls_x509_privkey_cpy (dst, src);
128 * gnutls_rsa_params_generate2:
129 * @params: The structure where the parameters will be stored
130 * @bits: is the prime's number of bits
132 * This function will generate new temporary RSA parameters for use in
133 * RSA-EXPORT ciphersuites. This function is normally slow.
135 * Note that if the parameters are to be used in export cipher suites the
136 * bits value should be 512 or less.
137 * Also note that the generation of new RSA parameters is only useful
138 * to servers. Clients use the parameters sent by the server, thus it's
139 * no use calling this in client side.
141 * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
144 gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, unsigned int bits)
146 return gnutls_x509_privkey_generate (params, GNUTLS_PK_RSA, bits, 0);
150 * gnutls_rsa_params_import_pkcs1:
151 * @params: A structure where the parameters will be copied to
152 * @pkcs1_params: should contain a PKCS1 RSAPrivateKey structure PEM or DER encoded
153 * @format: the format of params. PEM or DER.
155 * This function will extract the RSAPrivateKey found in a PKCS1 formatted
156 * structure.
158 * If the structure is PEM encoded, it should have a header
159 * of "BEGIN RSA PRIVATE KEY".
161 * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
164 gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
165 const gnutls_datum_t * pkcs1_params,
166 gnutls_x509_crt_fmt_t format)
168 return gnutls_x509_privkey_import (params, pkcs1_params, format);
172 * gnutls_rsa_params_export_pkcs1:
173 * @params: Holds the RSA parameters
174 * @format: the format of output params. One of PEM or DER.
175 * @params_data: will contain a PKCS1 RSAPrivateKey structure PEM or DER encoded
176 * @params_data_size: holds the size of params_data (and will be replaced by the actual size of parameters)
178 * This function will export the given RSA parameters to a PKCS1
179 * RSAPrivateKey structure. If the buffer provided is not long enough to
180 * hold the output, then GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
182 * If the structure is PEM encoded, it will have a header
183 * of "BEGIN RSA PRIVATE KEY".
185 * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
188 gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
189 gnutls_x509_crt_fmt_t format,
190 unsigned char *params_data,
191 size_t * params_data_size)
193 return gnutls_x509_privkey_export (params, format,
194 params_data, params_data_size);
198 * gnutls_rsa_params_export_raw:
199 * @rsa: a structure that holds the rsa parameters
200 * @m: will hold the modulus
201 * @e: will hold the public exponent
202 * @d: will hold the private exponent
203 * @p: will hold the first prime (p)
204 * @q: will hold the second prime (q)
205 * @u: will hold the coefficient
206 * @bits: if non null will hold the prime's number of bits
208 * This function will export the RSA parameters found in the given
209 * structure. The new parameters will be allocated using
210 * gnutls_malloc() and will be stored in the appropriate datum.
212 * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
215 gnutls_rsa_params_export_raw (gnutls_rsa_params_t rsa,
216 gnutls_datum_t * m, gnutls_datum_t * e,
217 gnutls_datum_t * d, gnutls_datum_t * p,
218 gnutls_datum_t * q, gnutls_datum_t * u,
219 unsigned int *bits)
221 int ret;
223 ret = gnutls_x509_privkey_export_rsa_raw (rsa, m, e, d, p, q, u);
224 if (ret < 0)
226 gnutls_assert ();
227 return ret;
230 if (bits)
231 *bits = _gnutls_mpi_get_nbits (rsa->params.params[3]);
233 return 0;