/src/gnutls/lib/auth/ecdhe.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (C) 2011-2012 Free Software Foundation, Inc. |
3 | | * Copyright (C) 2017 Red Hat, Inc. |
4 | | * |
5 | | * Author: Nikos Mavrogiannopoulos |
6 | | * |
7 | | * This file is part of GnuTLS. |
8 | | * |
9 | | * The GnuTLS is free software; you can redistribute it and/or |
10 | | * modify it under the terms of the GNU Lesser General Public License |
11 | | * as published by the Free Software Foundation; either version 2.1 of |
12 | | * the License, or (at your option) any later version. |
13 | | * |
14 | | * This library is distributed in the hope that it will be useful, but |
15 | | * WITHOUT ANY WARRANTY; without even the implied warranty of |
16 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
17 | | * Lesser General Public License for more details. |
18 | | * |
19 | | * You should have received a copy of the GNU Lesser General Public License |
20 | | * along with this program. If not, see <https://www.gnu.org/licenses/> |
21 | | * |
22 | | */ |
23 | | |
24 | | /* This file contains common stuff in Ephemeral Diffie-Hellman (DHE) |
25 | | * and Anonymous DH key exchange(DHA). These are used in the handshake |
26 | | * procedure of the certificate and anonymous authentication. |
27 | | */ |
28 | | |
29 | | #include "gnutls_int.h" |
30 | | #include "auth.h" |
31 | | #include "errors.h" |
32 | | #include "dh.h" |
33 | | #include "num.h" |
34 | | #include "tls-sig.h" |
35 | | #include "state.h" |
36 | | #include "datum.h" |
37 | | #include "x509.h" |
38 | | #include "auth/ecdhe.h" |
39 | | #include "ecc.h" |
40 | | #include "ext/supported_groups.h" |
41 | | #include "algorithms.h" |
42 | | #include "auth/psk.h" |
43 | | #include "auth/cert.h" |
44 | | #include "pk.h" |
45 | | |
46 | | static int gen_ecdhe_server_kx(gnutls_session_t, gnutls_buffer_st *); |
47 | | static int proc_ecdhe_server_kx(gnutls_session_t session, uint8_t *data, |
48 | | size_t _data_size); |
49 | | static int proc_ecdhe_client_kx(gnutls_session_t session, uint8_t *data, |
50 | | size_t _data_size); |
51 | | |
52 | | #if defined(ENABLE_ECDHE) |
53 | | const mod_auth_st ecdhe_ecdsa_auth_struct = { |
54 | | "ECDHE_ECDSA", |
55 | | _gnutls_gen_cert_server_crt, |
56 | | _gnutls_gen_cert_client_crt, |
57 | | gen_ecdhe_server_kx, |
58 | | _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */ |
59 | | _gnutls_gen_cert_client_crt_vrfy, |
60 | | _gnutls_gen_cert_server_cert_req, |
61 | | |
62 | | _gnutls_proc_crt, |
63 | | _gnutls_proc_crt, |
64 | | proc_ecdhe_server_kx, |
65 | | proc_ecdhe_client_kx, |
66 | | _gnutls_proc_cert_client_crt_vrfy, |
67 | | _gnutls_proc_cert_cert_req |
68 | | }; |
69 | | |
70 | | const mod_auth_st ecdhe_rsa_auth_struct = { |
71 | | "ECDHE_RSA", |
72 | | _gnutls_gen_cert_server_crt, |
73 | | _gnutls_gen_cert_client_crt, |
74 | | gen_ecdhe_server_kx, |
75 | | _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */ |
76 | | _gnutls_gen_cert_client_crt_vrfy, |
77 | | _gnutls_gen_cert_server_cert_req, |
78 | | |
79 | | _gnutls_proc_crt, |
80 | | _gnutls_proc_crt, |
81 | | proc_ecdhe_server_kx, |
82 | | proc_ecdhe_client_kx, |
83 | | _gnutls_proc_cert_client_crt_vrfy, |
84 | | _gnutls_proc_cert_cert_req |
85 | | }; |
86 | | |
87 | | static int calc_ecdh_key(gnutls_session_t session, gnutls_datum_t *psk_key, |
88 | | const gnutls_ecc_curve_entry_st *ecurve) |
89 | 0 | { |
90 | 0 | gnutls_pk_params_st pub; |
91 | 0 | int ret; |
92 | 0 | gnutls_datum_t tmp_dh_key; |
93 | |
|
94 | 0 | gnutls_pk_params_init(&pub); |
95 | 0 | pub.params[ECC_X] = session->key.proto.tls12.ecdh.x; |
96 | 0 | pub.params[ECC_Y] = session->key.proto.tls12.ecdh.y; |
97 | 0 | pub.raw_pub.data = session->key.proto.tls12.ecdh.raw.data; |
98 | 0 | pub.raw_pub.size = session->key.proto.tls12.ecdh.raw.size; |
99 | 0 | pub.curve = ecurve->id; |
100 | |
|
101 | 0 | ret = _gnutls_pk_derive(ecurve->pk, &tmp_dh_key, |
102 | 0 | &session->key.proto.tls12.ecdh.params, &pub); |
103 | 0 | if (ret < 0) { |
104 | 0 | ret = gnutls_assert_val(ret); |
105 | 0 | goto cleanup; |
106 | 0 | } |
107 | | |
108 | 0 | if (psk_key == NULL) { |
109 | 0 | memcpy(&session->key.key, &tmp_dh_key, sizeof(gnutls_datum_t)); |
110 | 0 | tmp_dh_key.data = NULL; /* no longer needed */ |
111 | 0 | } else { |
112 | 0 | ret = _gnutls_set_psk_session_key(session, psk_key, |
113 | 0 | &tmp_dh_key); |
114 | 0 | _gnutls_free_temp_key_datum(&tmp_dh_key); |
115 | |
|
116 | 0 | if (ret < 0) { |
117 | 0 | ret = gnutls_assert_val(ret); |
118 | 0 | goto cleanup; |
119 | 0 | } |
120 | 0 | } |
121 | | |
122 | 0 | ret = 0; |
123 | |
|
124 | 0 | cleanup: |
125 | | /* no longer needed */ |
126 | 0 | _gnutls_mpi_release(&session->key.proto.tls12.ecdh.x); |
127 | 0 | _gnutls_mpi_release(&session->key.proto.tls12.ecdh.y); |
128 | 0 | _gnutls_free_datum(&session->key.proto.tls12.ecdh.raw); |
129 | 0 | gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params); |
130 | 0 | return ret; |
131 | 0 | } |
132 | | |
133 | | int _gnutls_proc_ecdh_common_client_kx( |
134 | | gnutls_session_t session, uint8_t *data, size_t _data_size, |
135 | | const struct gnutls_group_entry_st *group, gnutls_datum_t *psk_key) |
136 | 0 | { |
137 | 0 | ssize_t data_size = _data_size; |
138 | 0 | int ret, i = 0; |
139 | 0 | unsigned point_size; |
140 | 0 | const gnutls_ecc_curve_entry_st *ecurve; |
141 | |
|
142 | 0 | if (group == NULL) |
143 | 0 | return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); |
144 | | |
145 | 0 | ecurve = _gnutls_ecc_curve_get_params(group->curve); |
146 | 0 | if (ecurve == NULL) |
147 | 0 | return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); |
148 | | |
149 | 0 | DECR_LEN(data_size, 1); |
150 | 0 | point_size = data[i]; |
151 | 0 | i += 1; |
152 | |
|
153 | 0 | if (point_size == 0) { |
154 | 0 | ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); |
155 | 0 | goto cleanup; |
156 | 0 | } |
157 | | |
158 | 0 | DECR_LEN(data_size, point_size); |
159 | | |
160 | 0 | if (ecurve->pk == GNUTLS_PK_EC) { |
161 | 0 | ret = _gnutls_ecc_ansi_x962_import( |
162 | 0 | &data[i], point_size, &session->key.proto.tls12.ecdh.x, |
163 | 0 | &session->key.proto.tls12.ecdh.y); |
164 | 0 | if (ret < 0) { |
165 | 0 | gnutls_assert(); |
166 | 0 | goto cleanup; |
167 | 0 | } |
168 | 0 | } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519 || |
169 | 0 | ecurve->pk == GNUTLS_PK_ECDH_X448) { |
170 | 0 | if (ecurve->size != point_size) |
171 | 0 | return gnutls_assert_val( |
172 | 0 | GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); |
173 | | |
174 | 0 | ret = _gnutls_set_datum(&session->key.proto.tls12.ecdh.raw, |
175 | 0 | &data[i], point_size); |
176 | 0 | if (ret < 0) { |
177 | 0 | gnutls_assert(); |
178 | 0 | goto cleanup; |
179 | 0 | } |
180 | | |
181 | | /* RFC7748 requires to mask the MSB in the final byte |
182 | | * for X25519 (not X448) */ |
183 | 0 | if (ecurve->id == GNUTLS_ECC_CURVE_X25519) { |
184 | 0 | session->key.proto.tls12.ecdh.raw.data[point_size - 1] &= |
185 | 0 | 0x7f; |
186 | 0 | } |
187 | 0 | } else { |
188 | 0 | return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); |
189 | 0 | } |
190 | | |
191 | 0 | if (data_size != 0) { |
192 | 0 | ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); |
193 | 0 | goto cleanup; |
194 | 0 | } |
195 | | |
196 | | /* generate pre-shared key */ |
197 | 0 | ret = calc_ecdh_key(session, psk_key, ecurve); |
198 | 0 | if (ret < 0) { |
199 | 0 | gnutls_assert(); |
200 | 0 | goto cleanup; |
201 | 0 | } |
202 | 0 | cleanup: |
203 | 0 | _gnutls_mpi_release(&session->key.proto.tls12.ecdh.x); |
204 | 0 | _gnutls_mpi_release(&session->key.proto.tls12.ecdh.y); |
205 | 0 | _gnutls_free_datum(&session->key.proto.tls12.ecdh.raw); |
206 | 0 | gnutls_pk_params_clear(&session->key.proto.tls12.ecdh.params); |
207 | 0 | return ret; |
208 | 0 | } |
209 | | |
210 | | static int proc_ecdhe_client_kx(gnutls_session_t session, uint8_t *data, |
211 | | size_t _data_size) |
212 | 0 | { |
213 | 0 | gnutls_certificate_credentials_t cred; |
214 | |
|
215 | 0 | cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( |
216 | 0 | session, GNUTLS_CRD_CERTIFICATE); |
217 | 0 | if (cred == NULL) { |
218 | 0 | gnutls_assert(); |
219 | 0 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
220 | 0 | } |
221 | | |
222 | 0 | return _gnutls_proc_ecdh_common_client_kx(session, data, _data_size, |
223 | 0 | get_group(session), NULL); |
224 | 0 | } |
225 | | |
226 | | int _gnutls_gen_ecdh_common_client_kx(gnutls_session_t session, |
227 | | gnutls_buffer_st *data) |
228 | 0 | { |
229 | 0 | return _gnutls_gen_ecdh_common_client_kx_int(session, data, NULL); |
230 | 0 | } |
231 | | |
232 | | int _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, |
233 | | gnutls_buffer_st *data, |
234 | | gnutls_datum_t *psk_key) |
235 | 0 | { |
236 | 0 | int ret; |
237 | 0 | gnutls_datum_t out; |
238 | 0 | const gnutls_group_entry_st *group = get_group(session); |
239 | 0 | const gnutls_ecc_curve_entry_st *ecurve; |
240 | 0 | int pk; |
241 | 0 | unsigned init_pos = data->length; |
242 | |
|
243 | 0 | if (group == NULL) |
244 | 0 | return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); |
245 | | |
246 | 0 | ecurve = _gnutls_ecc_curve_get_params(group->curve); |
247 | 0 | if (ecurve == NULL) |
248 | 0 | return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); |
249 | | |
250 | 0 | pk = ecurve->pk; |
251 | | |
252 | | /* generate temporal key */ |
253 | 0 | ret = _gnutls_pk_generate_keys( |
254 | 0 | pk, ecurve->id, &session->key.proto.tls12.ecdh.params, 1); |
255 | 0 | if (ret < 0) |
256 | 0 | return gnutls_assert_val(ret); |
257 | | |
258 | 0 | if (pk == GNUTLS_PK_EC) { |
259 | 0 | ret = _gnutls_ecc_ansi_x962_export( |
260 | 0 | ecurve->id, |
261 | 0 | session->key.proto.tls12.ecdh.params |
262 | 0 | .params[ECC_X] /* x */, |
263 | 0 | session->key.proto.tls12.ecdh.params |
264 | 0 | .params[ECC_Y] /* y */, |
265 | 0 | &out); |
266 | |
|
267 | 0 | if (ret < 0) { |
268 | 0 | gnutls_assert(); |
269 | 0 | goto cleanup; |
270 | 0 | } |
271 | | |
272 | 0 | ret = _gnutls_buffer_append_data_prefix(data, 8, out.data, |
273 | 0 | out.size); |
274 | |
|
275 | 0 | _gnutls_free_datum(&out); |
276 | |
|
277 | 0 | if (ret < 0) { |
278 | 0 | gnutls_assert(); |
279 | 0 | goto cleanup; |
280 | 0 | } |
281 | 0 | } else if (pk == GNUTLS_PK_ECDH_X25519 || pk == GNUTLS_PK_ECDH_X448) { |
282 | 0 | ret = _gnutls_buffer_append_data_prefix( |
283 | 0 | data, 8, |
284 | 0 | session->key.proto.tls12.ecdh.params.raw_pub.data, |
285 | 0 | session->key.proto.tls12.ecdh.params.raw_pub.size); |
286 | 0 | if (ret < 0) { |
287 | 0 | gnutls_assert(); |
288 | 0 | goto cleanup; |
289 | 0 | } |
290 | 0 | } |
291 | | |
292 | | /* generate pre-shared key */ |
293 | 0 | ret = calc_ecdh_key(session, psk_key, ecurve); |
294 | 0 | if (ret < 0) { |
295 | 0 | gnutls_assert(); |
296 | 0 | goto cleanup; |
297 | 0 | } |
298 | | |
299 | 0 | ret = data->length - init_pos; |
300 | 0 | cleanup: |
301 | 0 | gnutls_pk_params_clear(&session->key.proto.tls12.ecdh.params); |
302 | 0 | return ret; |
303 | 0 | } |
304 | | |
305 | | static int proc_ecdhe_server_kx(gnutls_session_t session, uint8_t *data, |
306 | | size_t _data_size) |
307 | 0 | { |
308 | 0 | int ret; |
309 | 0 | gnutls_datum_t vparams; |
310 | |
|
311 | 0 | ret = _gnutls_proc_ecdh_common_server_kx(session, data, _data_size); |
312 | 0 | if (ret < 0) |
313 | 0 | return gnutls_assert_val(ret); |
314 | | |
315 | 0 | vparams.data = data; |
316 | 0 | vparams.size = ret; |
317 | |
|
318 | 0 | return _gnutls_proc_dhe_signature(session, data + ret, _data_size - ret, |
319 | 0 | &vparams); |
320 | 0 | } |
321 | | |
322 | | int _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, uint8_t *data, |
323 | | size_t _data_size) |
324 | 0 | { |
325 | 0 | int i, ret; |
326 | 0 | unsigned point_size; |
327 | 0 | const gnutls_group_entry_st *group; |
328 | 0 | ssize_t data_size = _data_size; |
329 | 0 | const gnutls_ecc_curve_entry_st *ecurve; |
330 | | |
331 | | /* just in case we are resuming a session */ |
332 | 0 | gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params); |
333 | |
|
334 | 0 | gnutls_pk_params_init(&session->key.proto.tls12.ecdh.params); |
335 | |
|
336 | 0 | i = 0; |
337 | 0 | DECR_LEN(data_size, 1); |
338 | 0 | if (data[i++] != 3) |
339 | 0 | return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); |
340 | | |
341 | 0 | DECR_LEN(data_size, 2); |
342 | | |
343 | 0 | group = _gnutls_tls_id_to_group(_gnutls_read_uint16(&data[i])); |
344 | 0 | if (group == NULL || group->curve == 0) { |
345 | 0 | _gnutls_debug_log("received unknown curve %u.%u\n", |
346 | 0 | (unsigned)data[i], (unsigned)data[i + 1]); |
347 | 0 | return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); |
348 | 0 | } else { |
349 | 0 | _gnutls_debug_log("received curve %s\n", group->name); |
350 | 0 | } |
351 | | |
352 | 0 | i += 2; |
353 | |
|
354 | 0 | if (!_gnutls_session_supports_group(session, group->id)) |
355 | 0 | return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); |
356 | | |
357 | 0 | ecurve = _gnutls_ecc_curve_get_params(group->curve); |
358 | 0 | if (ecurve == NULL) { |
359 | 0 | return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); |
360 | 0 | } |
361 | | |
362 | 0 | _gnutls_session_group_set(session, group); |
363 | |
|
364 | 0 | DECR_LEN(data_size, 1); |
365 | 0 | point_size = data[i]; |
366 | 0 | i++; |
367 | |
|
368 | 0 | DECR_LEN(data_size, point_size); |
369 | | |
370 | 0 | if (ecurve->pk == GNUTLS_PK_EC) { |
371 | 0 | ret = _gnutls_ecc_ansi_x962_import( |
372 | 0 | &data[i], point_size, &session->key.proto.tls12.ecdh.x, |
373 | 0 | &session->key.proto.tls12.ecdh.y); |
374 | 0 | if (ret < 0) |
375 | 0 | return gnutls_assert_val(ret); |
376 | |
|
377 | 0 | } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519 || |
378 | 0 | ecurve->pk == GNUTLS_PK_ECDH_X448) { |
379 | 0 | if (ecurve->size != point_size) |
380 | 0 | return gnutls_assert_val( |
381 | 0 | GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); |
382 | | |
383 | 0 | ret = _gnutls_set_datum(&session->key.proto.tls12.ecdh.raw, |
384 | 0 | &data[i], point_size); |
385 | 0 | if (ret < 0) |
386 | 0 | return gnutls_assert_val(ret); |
387 | | |
388 | | /* RFC7748 requires to mask the MSB in the final byte |
389 | | * for X25519 (not X448) */ |
390 | 0 | if (ecurve->id == GNUTLS_ECC_CURVE_X25519) { |
391 | 0 | session->key.proto.tls12.ecdh.raw.data[point_size - 1] &= |
392 | 0 | 0x7f; |
393 | 0 | } |
394 | 0 | } else { |
395 | 0 | return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); |
396 | 0 | } |
397 | | |
398 | 0 | i += point_size; |
399 | |
|
400 | 0 | return i; |
401 | 0 | } |
402 | | |
403 | | /* If the psk flag is set, then an empty psk_identity_hint will |
404 | | * be inserted */ |
405 | | int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, |
406 | | gnutls_buffer_st *data, |
407 | | const gnutls_group_entry_st *group) |
408 | 0 | { |
409 | 0 | uint8_t p; |
410 | 0 | int ret; |
411 | 0 | gnutls_datum_t out; |
412 | 0 | unsigned init_pos = data->length; |
413 | |
|
414 | 0 | if (group == NULL || group->curve == 0) |
415 | 0 | return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); |
416 | | |
417 | | /* just in case we are resuming a session */ |
418 | 0 | gnutls_pk_params_release(&session->key.proto.tls12.ecdh.params); |
419 | |
|
420 | 0 | gnutls_pk_params_init(&session->key.proto.tls12.ecdh.params); |
421 | | |
422 | | /* curve type */ |
423 | 0 | p = 3; |
424 | |
|
425 | 0 | ret = _gnutls_buffer_append_data(data, &p, 1); |
426 | 0 | if (ret < 0) |
427 | 0 | return gnutls_assert_val(ret); |
428 | | |
429 | 0 | ret = _gnutls_buffer_append_prefix(data, 16, group->tls_id); |
430 | 0 | if (ret < 0) |
431 | 0 | return gnutls_assert_val(ret); |
432 | | |
433 | | /* generate temporal key */ |
434 | 0 | ret = _gnutls_pk_generate_keys(group->pk, group->curve, |
435 | 0 | &session->key.proto.tls12.ecdh.params, |
436 | 0 | 1); |
437 | 0 | if (ret < 0) |
438 | 0 | return gnutls_assert_val(ret); |
439 | | |
440 | 0 | if (group->pk == GNUTLS_PK_EC) { |
441 | 0 | ret = _gnutls_ecc_ansi_x962_export( |
442 | 0 | group->curve, |
443 | 0 | session->key.proto.tls12.ecdh.params |
444 | 0 | .params[ECC_X] /* x */, |
445 | 0 | session->key.proto.tls12.ecdh.params |
446 | 0 | .params[ECC_Y] /* y */, |
447 | 0 | &out); |
448 | 0 | if (ret < 0) |
449 | 0 | return gnutls_assert_val(ret); |
450 | | |
451 | 0 | ret = _gnutls_buffer_append_data_prefix(data, 8, out.data, |
452 | 0 | out.size); |
453 | |
|
454 | 0 | _gnutls_free_datum(&out); |
455 | |
|
456 | 0 | if (ret < 0) |
457 | 0 | return gnutls_assert_val(ret); |
458 | |
|
459 | 0 | } else if (group->pk == GNUTLS_PK_ECDH_X25519 || |
460 | 0 | group->pk == GNUTLS_PK_ECDH_X448) { |
461 | 0 | ret = _gnutls_buffer_append_data_prefix( |
462 | 0 | data, 8, |
463 | 0 | session->key.proto.tls12.ecdh.params.raw_pub.data, |
464 | 0 | session->key.proto.tls12.ecdh.params.raw_pub.size); |
465 | 0 | if (ret < 0) |
466 | 0 | return gnutls_assert_val(ret); |
467 | 0 | } else { |
468 | 0 | return gnutls_assert_val(GNUTLS_E_ECC_NO_SUPPORTED_CURVES); |
469 | 0 | } |
470 | | |
471 | 0 | return data->length - init_pos; |
472 | 0 | } |
473 | | |
474 | | static int gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st *data) |
475 | 0 | { |
476 | 0 | int ret = 0; |
477 | 0 | gnutls_certificate_credentials_t cred; |
478 | 0 | unsigned sig_pos; |
479 | |
|
480 | 0 | cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( |
481 | 0 | session, GNUTLS_CRD_CERTIFICATE); |
482 | 0 | if (cred == NULL) { |
483 | 0 | gnutls_assert(); |
484 | 0 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; |
485 | 0 | } |
486 | | |
487 | 0 | if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, |
488 | 0 | sizeof(cert_auth_info_st), 1)) < 0) { |
489 | 0 | gnutls_assert(); |
490 | 0 | return ret; |
491 | 0 | } |
492 | | |
493 | 0 | sig_pos = data->length; |
494 | |
|
495 | 0 | ret = _gnutls_ecdh_common_print_server_kx(session, data, |
496 | 0 | get_group(session)); |
497 | 0 | if (ret < 0) { |
498 | 0 | gnutls_assert(); |
499 | 0 | return ret; |
500 | 0 | } |
501 | | |
502 | | /* Generate the signature. */ |
503 | 0 | return _gnutls_gen_dhe_signature(session, data, &data->data[sig_pos], |
504 | 0 | data->length - sig_pos); |
505 | 0 | } |
506 | | |
507 | | #endif |