help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] X.509 certificates around JUST A PUBLIC key... can it

From: Zach C.
Subject: Re: [Help-gnutls] X.509 certificates around JUST A PUBLIC key... can it be done?
Date: Sat, 2 Aug 2008 09:16:57 -0600
Hate to tell you this, but I managed to wrangle it to working the way I described using three datum structs, one filled with junk, and gnutls_x509_privkey_rsa_raw. Which I then set onto the cert directly. Worked like a charm. Since the certificate set_key function only ever imports the public exponent and modulus anyway. :) 

Thanks for the help though :)
On Aug 2, 2008, at 3:06 AM, Nikos Mavrogiannopoulos <address@hidden> wrote: 


Zach C. wrote:

So here's the dilemma.
I'm fully aware that I can currently generate the Root and Host certificates without a problem in GnuTLS. The problem I'm having, though, is that I *need* to be able to generate a certificate around the public key sent by the iPhone and then sign that certificate with the root private key. I'm 
wondering if that's possible in GnuTLS... I was considering doing a
gnutls_x509_privkey_import_rsa_raw and *only* setting the modulus and public exponent (however I would get them), but I'm not sure if that would work or if GnuTLS would throw an error out about it. And if it did it properly, whether setting the new "private key" struct on a new certificate would do 
what I'm describing here.


Actually I sketched a function like that. I'd appreciate if you could
try if it fits your needs.

regards,
Nikos
diff --git a/lib/x509/crq.c b/lib/x509/crq.c
index ff73c40..2eac706 100644
--- a/lib/x509/crq.c
+++ b/lib/x509/crq.c
@@ -678,6 +678,74 @@ gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key) 
}

/**
+ * gnutls_x509_crq_set_key_rsa_raw - This function will associate the Certificate request with a key 
+  * @crq: should contain a gnutls_x509_crq_t structure
+  * @m: holds the modulus
+  * @e: holds the public exponent
+  *
+ * This function will set the public parameters from the given private key to the 
+  * request. Only RSA keys are currently supported.
+  *
+  * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+  *   negative error value.
+  *
+  **/
+int
+gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
+                    const gnutls_datum_t * m,
+                    const gnutls_datum_t * e)
+{
+  int result, ret;
+  size_t siz = 0;
+  bigint_t temp_params[RSA_PUBLIC_PARAMS];
+
+
+  if (crq == NULL)
+    {
+      gnutls_assert ();
+      return GNUTLS_E_INVALID_REQUEST;
+    }
+
+  memset(temp_params, 0, sizeof(temp_params));
+
+  siz = m->size;
+  if (_gnutls_mpi_scan_nz (&temp_params[0], m->data, siz))
+    {
+      gnutls_assert ();
+      ret = GNUTLS_E_MPI_SCAN_FAILED;
+      goto error;
+    }
+
+  siz = e->size;
+  if (_gnutls_mpi_scan_nz (&temp_params[1], e->data, siz))
+    {
+      gnutls_assert ();
+      ret = GNUTLS_E_MPI_SCAN_FAILED;
+      goto error;
+    }
+
+  result = _gnutls_x509_encode_and_copy_PKI_params (crq->crq,
+                            "certificationRequestInfo.subjectPKInfo",
+                            GNUTLS_PK_RSA,
+                            temp_params,
+                            RSA_PUBLIC_PARAMS);
+
+  if (result < 0)
+    {
+      gnutls_assert ();
+      ret = result;
+      goto error;
+    }
+
+  ret = 0;
+
+error:
+    _gnutls_mpi_release (&temp_params[0]);
+    _gnutls_mpi_release (&temp_params[1]);
+    return ret;
+}
+
+/**
* gnutls_x509_crq_set_challenge_password - This function will set a challenge password 
  * @crq: should contain a gnutls_x509_crq_t structure
  * @pass: holds a null terminated password
reply via email to
[Prev in Thread] Current Thread [Next in Thread]