[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r7762 - in libmicrohttpd/src/daemon/https: . tls x509
From: |
gnunet |
Subject: |
[GNUnet-SVN] r7762 - in libmicrohttpd/src/daemon/https: . tls x509 |
Date: |
Sun, 12 Oct 2008 14:52:18 -0600 (MDT) |
Author: grothoff
Date: 2008-10-12 14:52:17 -0600 (Sun, 12 Oct 2008)
New Revision: 7762
Modified:
libmicrohttpd/src/daemon/https/gnutls.h
libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c
libmicrohttpd/src/daemon/https/tls/gnutls_handshake.h
libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.c
libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.h
libmicrohttpd/src/daemon/https/x509/common.h
libmicrohttpd/src/daemon/https/x509/privkey.h
libmicrohttpd/src/daemon/https/x509/privkey_pkcs8.c
libmicrohttpd/src/daemon/https/x509/x509.h
libmicrohttpd/src/daemon/https/x509/x509_privkey.c
Log:
dce
Modified: libmicrohttpd/src/daemon/https/gnutls.h
===================================================================
--- libmicrohttpd/src/daemon/https/gnutls.h 2008-10-12 20:23:58 UTC (rev
7761)
+++ libmicrohttpd/src/daemon/https/gnutls.h 2008-10-12 20:52:17 UTC (rev
7762)
@@ -288,11 +288,6 @@
void MHD_gtls_handshake_set_private_extensions (MHD_gtls_session_t session,
int allow);
- MHD_gnutls_handshake_description_t
- MHD_gtls_handshake_get_last_out (MHD_gtls_session_t session);
- MHD_gnutls_handshake_description_t
- MHD_gtls_handshake_get_last_in (MHD_gtls_session_t session);
-
/*
* Record layer functions.
*/
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c 2008-10-12
20:23:58 UTC (rev 7761)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_handshake.c 2008-10-12
20:52:17 UTC (rev 7762)
@@ -59,13 +59,39 @@
#define TRUE 1
#define FALSE 0
+
+/* This should be sufficient by now. It should hold all the extensions
+ * plus the headers in a hello message.
+ */
+#define MAX_EXT_DATA_LENGTH 1024
+
+
+static int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
+ cipher_suite_st ** cipherSuites,
+ int numCipherSuites,
+ enum
+ MHD_GNUTLS_PublicKeyAlgorithm);
+static int MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque *
data,
+ int datalen);
+
+static int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len);
+
+static int MHD_gtls_handshake_common (MHD_gtls_session_t session);
+
+static int MHD_gtls_handshake_server (MHD_gtls_session_t session);
+
+#if MHD_DEBUG_TLS
+static int MHD_gtls_handshake_client (MHD_gtls_session_t session);
+#endif
+
+
static int MHD__gnutls_server_select_comp_method (MHD_gtls_session_t session,
opaque * data, int datalen);
/* Clears the handshake hash buffers and handles.
*/
-inline static void
+static void
MHD__gnutls_handshake_hash_buffers_clear (MHD_gtls_session_t session)
{
MHD_gnutls_hash_deinit (session->internals.handshake_mac_handle_md5, NULL);
@@ -119,13 +145,13 @@
session->internals.resumed_security_parameters.session_id_size;
}
-void
+static void
MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd)
{
memcpy (session->security_parameters.server_random, rnd, TLS_RANDOM_SIZE);
}
-void
+static void
MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd)
{
memcpy (session->security_parameters.client_random, rnd, TLS_RANDOM_SIZE);
@@ -243,7 +269,7 @@
/* this function will produce TLS_RANDOM_SIZE==32 bytes of random data
* and put it to dst.
*/
-int
+static int
MHD_gtls_tls_create_random (opaque * dst)
{
uint32_t tim;
@@ -257,7 +283,7 @@
/* generate server random value */
MHD_gtls_write_uint32 (tim, dst);
- if (MHD_gc_nonce (&dst[4], TLS_RANDOM_SIZE - 4) != GC_OK)
+ if (MHD_gc_nonce ((char*) &dst[4], TLS_RANDOM_SIZE - 4) != GC_OK)
{
MHD_gnutls_assert ();
return GNUTLS_E_RANDOM_FAILED;
@@ -268,7 +294,7 @@
/* returns the 0 on success or a negative value.
*/
-int
+static int
MHD_gtls_negotiate_version (MHD_gtls_session_t session,
enum MHD_GNUTLS_Protocol adv_version)
{
@@ -299,7 +325,7 @@
return ret;
}
-int
+static int
MHD_gtls_user_hello_func (MHD_gtls_session_t session,
enum MHD_GNUTLS_Protocol adv_version)
{
@@ -469,7 +495,7 @@
/* here we hash all pending data.
*/
-inline static int
+static int
MHD__gnutls_handshake_hash_pending (MHD_gtls_session_t session)
{
size_t siz;
@@ -669,7 +695,7 @@
/* This selects the best supported ciphersuite from the given ones. Then
* it adds the suite to the session and performs some checks.
*/
-int
+static int
MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data,
int datalen)
{
@@ -1270,6 +1296,7 @@
return ret;
}
+#if MHD_DEBUG_TLS
/* This function checks if the given cipher suite is supported, and sets it
* to the session;
*/
@@ -1352,6 +1379,7 @@
return 0;
}
+
/* This function sets the given comp method to the session.
*/
static int
@@ -1407,7 +1435,8 @@
MHD__gnutls_handshake_log ("HSK[%x]: SessionID length: %d\n", session,
session_id_len);
MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
- MHD_gtls_bin2hex (session_id, session_id_len, buf,
+ MHD_gtls_bin2hex (session_id, session_id_len,
+ (char*) buf,
sizeof (buf)));
if (session_id_len > 0 &&
@@ -1438,7 +1467,6 @@
}
}
-
/* This function reads and parses the server hello handshake message.
* This function also restores resumed parameters if we are resuming a
* session.
@@ -1653,12 +1681,6 @@
return datalen;
}
-/* This should be sufficient by now. It should hold all the extensions
- * plus the headers in a hello message.
- */
-#define MAX_EXT_DATA_LENGTH 1024
-
-#if MHD_DEBUG_TLS
/* This function sends the client hello handshake message.
*/
static int
@@ -1930,7 +1952,7 @@
MHD__gnutls_handshake_log ("HSK[%x]: SessionID: %s\n", session,
MHD_gtls_bin2hex (SessionID, session_id_len,
- buf, sizeof (buf)));
+ (char*) buf, sizeof (buf)));
memcpy (&data[pos],
session->security_parameters.current_cipher_suite.suite, 2);
@@ -2273,7 +2295,7 @@
* MHD_gtls_handshake_client
* This function performs the client side of the handshake of the TLS/SSL
protocol.
*/
-int
+static int
MHD_gtls_handshake_client (MHD_gtls_session_t session)
{
int ret = 0;
@@ -2515,7 +2537,7 @@
* This function does the server stuff of the handshake protocol.
*/
-int
+static int
MHD_gtls_handshake_server (MHD_gtls_session_t session)
{
int ret = 0;
@@ -2616,7 +2638,7 @@
return 0;
}
-int
+static int
MHD_gtls_handshake_common (MHD_gtls_session_t session)
{
int ret = 0;
@@ -2651,12 +2673,12 @@
}
-int
+static int
MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len)
{
*len = TLS_MAX_SESSION_ID_SIZE;
- if (MHD_gc_nonce (session_id, *len) != GC_OK)
+ if (MHD_gc_nonce ((char*) session_id, *len) != GC_OK)
{
MHD_gnutls_assert ();
return GNUTLS_E_RANDOM_FAILED;
@@ -2811,7 +2833,7 @@
* This does a more high level check than MHD_gnutls_supported_ciphersuites(),
* by checking certificates etc.
*/
-int
+static int
MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
cipher_suite_st ** cipherSuites,
int numCipherSuites,
@@ -2939,75 +2961,9 @@
}
-/**
- * MHD__gnutls_handshake_set_max_packet_length - This function will set the
maximum length of a handshake message
- * @session: is a #MHD_gtls_session_t structure.
- * @max: is the maximum number.
- *
- * This function will set the maximum size of a handshake message.
- * Handshake messages over this size are rejected. The default value
- * is 16kb which is large enough. Set this to 0 if you do not want to
- * set an upper limit.
- *
- **/
-void
-MHD__gnutls_handshake_set_max_packet_length (MHD_gtls_session_t session,
- size_t max)
-{
- session->internals.max_handshake_data_buffer_size = max;
-}
-
-void
-MHD_gtls_set_adv_version (MHD_gtls_session_t session,
- enum MHD_GNUTLS_Protocol ver)
-{
- set_adv_version (session, MHD_gtls_version_get_major (ver),
- MHD_gtls_version_get_minor (ver));
-}
-
enum MHD_GNUTLS_Protocol
MHD_gtls_get_adv_version (MHD_gtls_session_t session)
{
return MHD_gtls_version_get (MHD__gnutls_get_adv_version_major (session),
MHD__gnutls_get_adv_version_minor (session));
}
-
-/**
- * MHD_gtls_handshake_get_last_in - Returns the last handshake message
received.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * This function is only useful to check where the last performed
- * handshake failed. If the previous handshake succeed or was not
- * performed at all then no meaningful value will be returned.
- *
- * Check %MHD_gnutls_handshake_description_t in gnutls.h for the
- * available handshake descriptions.
- *
- * Returns: the last handshake message type received, a
- * %MHD_gnutls_handshake_description_t.
- **/
-MHD_gnutls_handshake_description_t
-MHD_gtls_handshake_get_last_in (MHD_gtls_session_t session)
-{
- return session->internals.last_handshake_in;
-}
-
-/**
- * MHD_gtls_handshake_get_last_out - Returns the last handshake message sent.
- * @session: is a #MHD_gtls_session_t structure.
- *
- * This function is only useful to check where the last performed
- * handshake failed. If the previous handshake succeed or was not
- * performed at all then no meaningful value will be returned.
- *
- * Check %MHD_gnutls_handshake_description_t in gnutls.h for the
- * available handshake descriptions.
- *
- * Returns: the last handshake message type sent, a
- * %MHD_gnutls_handshake_description_t.
- **/
-MHD_gnutls_handshake_description_t
-MHD_gtls_handshake_get_last_out (MHD_gtls_session_t session)
-{
- return session->internals.last_handshake_out;
-}
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_handshake.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_handshake.h 2008-10-12
20:23:58 UTC (rev 7761)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_handshake.h 2008-10-12
20:52:17 UTC (rev 7762)
@@ -36,30 +36,7 @@
int MHD_gtls_recv_handshake (MHD_gtls_session_t session, uint8_t **, int *,
MHD_gnutls_handshake_description_t,
Optional optional);
-int MHD_gtls_generate_session_id (opaque * session_id, uint8_t * len);
-int MHD_gtls_handshake_common (MHD_gtls_session_t session);
-int MHD_gtls_handshake_server (MHD_gtls_session_t session);
-void MHD_gtls_set_server_random (MHD_gtls_session_t session, uint8_t * rnd);
-void MHD_gtls_set_client_random (MHD_gtls_session_t session, uint8_t * rnd);
-int MHD_gtls_tls_create_random (opaque * dst);
-int MHD_gtls_remove_unwanted_ciphersuites (MHD_gtls_session_t session,
- cipher_suite_st ** cipherSuites,
- int numCipherSuites,
- enum
- MHD_GNUTLS_PublicKeyAlgorithm);
-int MHD_gtls_find_pk_algos_in_ciphersuites (opaque * data, int datalen);
-int MHD_gtls_server_select_suite (MHD_gtls_session_t session, opaque * data,
- int datalen);
-int MHD_gtls_negotiate_version (MHD_gtls_session_t session,
- enum MHD_GNUTLS_Protocol adv_version);
-int MHD_gtls_user_hello_func (MHD_gtls_session_t,
- enum MHD_GNUTLS_Protocol adv_version);
-
-#if MHD_DEBUG_TLS
-int MHD_gtls_handshake_client (MHD_gtls_session_t session);
-#endif
-
#define STATE session->internals.handshake_state
/* This returns true if we have got there
* before (and not finished due to an interrupt).
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.c
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.c 2008-10-12
20:23:58 UTC (rev 7761)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.c 2008-10-12
20:52:17 UTC (rev 7762)
@@ -35,13 +35,6 @@
#include "x509.h"
#include "privkey.h"
-/* This function takes a number of bits and returns a supported
- * number of bits. Ie a number of bits that we have a prime in the
- * dh_primes structure.
- */
-
-#define MAX_SUPPORTED_BITS 512
-
/* returns e and m, depends on the requested bits.
* We only support limited key sizes.
*/
@@ -52,146 +45,11 @@
{
return NULL;
}
-
return rsa_params->params;
-
}
-/* resarr will contain: modulus(0), public exponent(1), private exponent(2),
- * prime1 - p (3), prime2 - q(4), u (5).
- */
-int
-MHD__gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits)
-{
- int ret;
- gcry_sexp_t parms, key, list;
-
- ret = gcry_sexp_build (&parms, NULL, "(genkey(rsa(nbits %d)))", bits);
- if (ret != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- /* generate the RSA key */
- ret = gcry_pk_genkey (&key, parms);
- gcry_sexp_release (parms);
-
- if (ret != 0)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- list = gcry_sexp_find_token (key, "n", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "e", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "d", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- list = gcry_sexp_find_token (key, "p", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
-
- list = gcry_sexp_find_token (key, "q", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
-
- list = gcry_sexp_find_token (key, "u", 0);
- if (list == NULL)
- {
- MHD_gnutls_assert ();
- gcry_sexp_release (key);
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- resarr[5] = gcry_sexp_nth_mpi (list, 1, 0);
- gcry_sexp_release (list);
-
- gcry_sexp_release (key);
-
- MHD__gnutls_dump_mpi ("n: ", resarr[0]);
- MHD__gnutls_dump_mpi ("e: ", resarr[1]);
- MHD__gnutls_dump_mpi ("d: ", resarr[2]);
- MHD__gnutls_dump_mpi ("p: ", resarr[3]);
- MHD__gnutls_dump_mpi ("q: ", resarr[4]);
- MHD__gnutls_dump_mpi ("u: ", resarr[5]);
-
- *resarr_len = 6;
-
- return 0;
-
-}
-
/**
- * MHD__gnutls_rsa_params_init - This function will initialize the temporary
RSA parameters
- * @rsa_params: Is a structure that will hold the parameters
- *
- * This function will initialize the temporary RSA parameters structure.
- *
- **/
-int
-MHD__gnutls_rsa_params_init (MHD_gtls_rsa_params_t * rsa_params)
-{
- int ret;
-
- ret = MHD_gnutls_x509_privkey_init (rsa_params);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- (*rsa_params)->crippled = 1;
-
- return 0;
-}
-
-/**
* MHD__gnutls_rsa_params_deinit - This function will deinitialize the RSA
parameters
* @rsa_params: Is a structure that holds the parameters
*
@@ -204,24 +62,3 @@
MHD_gnutls_x509_privkey_deinit (rsa_params);
}
-/**
- * MHD__gnutls_rsa_params_generate2 - This function will generate temporary
RSA parameters
- * @params: The structure where the parameters will be stored
- * @bits: is the prime's number of bits
- *
- * This function will generate new temporary RSA parameters for use in
- * RSA-EXPORT ciphersuites. This function is normally slow.
- *
- * Note that if the parameters are to be used in export cipher suites the
- * bits value should be 512 or less.
- * Also note that the generation of new RSA parameters is only useful
- * to servers. Clients use the parameters sent by the server, thus it's
- * no use calling this in client side.
- *
- **/
-int
-MHD__gnutls_rsa_params_generate2 (MHD_gtls_rsa_params_t params,
- unsigned int bits)
-{
- return MHD_gnutls_x509_privkey_generate (params, MHD_GNUTLS_PK_RSA, bits, 0);
-}
Modified: libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.h
===================================================================
--- libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.h 2008-10-12
20:23:58 UTC (rev 7761)
+++ libmicrohttpd/src/daemon/https/tls/gnutls_rsa_export.h 2008-10-12
20:52:17 UTC (rev 7762)
@@ -24,4 +24,4 @@
const mpi_t *MHD__gnutls_rsa_params_to_mpi (MHD_gtls_rsa_params_t);
int MHD__gnutls_peers_cert_less_512 (MHD_gtls_session_t session);
-int MHD__gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int
bits);
+
Modified: libmicrohttpd/src/daemon/https/x509/common.h
===================================================================
--- libmicrohttpd/src/daemon/https/x509/common.h 2008-10-12 20:23:58 UTC
(rev 7761)
+++ libmicrohttpd/src/daemon/https/x509/common.h 2008-10-12 20:52:17 UTC
(rev 7762)
@@ -116,7 +116,7 @@
MHD_GNUTLS_PublicKeyAlgorithm
pk_algorithm, mpi_t * params,
int params_size);
-int MHD__gnutlsMHD__asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
+int MHD__gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
ASN1_TYPE src, const char *src_name);
int MHD__gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
Modified: libmicrohttpd/src/daemon/https/x509/privkey.h
===================================================================
--- libmicrohttpd/src/daemon/https/x509/privkey.h 2008-10-12 20:23:58 UTC
(rev 7761)
+++ libmicrohttpd/src/daemon/https/x509/privkey.h 2008-10-12 20:52:17 UTC
(rev 7762)
@@ -28,4 +28,4 @@
raw_key,
MHD_gnutls_x509_privkey_t
pkey);
-int MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
+int MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
Modified: libmicrohttpd/src/daemon/https/x509/privkey_pkcs8.c
===================================================================
--- libmicrohttpd/src/daemon/https/x509/privkey_pkcs8.c 2008-10-12 20:23:58 UTC
(rev 7761)
+++ libmicrohttpd/src/daemon/https/x509/privkey_pkcs8.c 2008-10-12 20:52:17 UTC
(rev 7762)
@@ -474,7 +474,7 @@
if (!pkey->crippled)
{
- ret = MHD__gnutlsMHD__asn1_encode_dsa (&pkey->key, pkey->params);
+ ret = MHD__gnutls_asn1_encode_dsa (&pkey->key, pkey->params);
if (ret < 0)
{
MHD_gnutls_assert ();
Modified: libmicrohttpd/src/daemon/https/x509/x509.h
===================================================================
--- libmicrohttpd/src/daemon/https/x509/x509.h 2008-10-12 20:23:58 UTC (rev
7761)
+++ libmicrohttpd/src/daemon/https/x509/x509.h 2008-10-12 20:52:17 UTC (rev
7762)
@@ -560,8 +560,6 @@
const MHD_gnutls_datum_t * p,
const MHD_gnutls_datum_t * q,
const MHD_gnutls_datum_t * u);
- int MHD_gnutls_x509_privkey_fix (MHD_gnutls_x509_privkey_t key);
-
int MHD_gnutls_x509_privkey_export_dsa_raw (MHD_gnutls_x509_privkey_t key,
MHD_gnutls_datum_t * p,
MHD_gnutls_datum_t * q,
@@ -581,10 +579,6 @@
unsigned char *output_data,
size_t * output_data_size);
- int MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key,
- enum MHD_GNUTLS_PublicKeyAlgorithm algo,
- unsigned int bits, unsigned int flags);
-
int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key,
MHD_gnutls_x509_crt_fmt_t format,
void *output_data,
@@ -603,14 +597,6 @@
MHD_gnutls_datum_t * q,
MHD_gnutls_datum_t * u);
-/* Signing stuff.
- */
- int MHD_gnutls_x509_privkey_sign_data (MHD_gnutls_x509_privkey_t key,
- enum MHD_GNUTLS_HashAlgorithm digest,
- unsigned int flags,
- const MHD_gnutls_datum_t * data,
- void *signature,
- size_t * signature_size);
int MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key,
unsigned int flags,
const MHD_gnutls_datum_t * data,
@@ -620,10 +606,6 @@
const MHD_gnutls_datum_t * data,
const MHD_gnutls_datum_t * signature);
- int MHD_gnutls_x509_privkey_sign_hash (MHD_gnutls_x509_privkey_t key,
- const MHD_gnutls_datum_t * hash,
- MHD_gnutls_datum_t * signature);
-
/* Certificate request stuff.
*/
struct MHD_gnutls_x509_crq_int;
Modified: libmicrohttpd/src/daemon/https/x509/x509_privkey.c
===================================================================
--- libmicrohttpd/src/daemon/https/x509/x509_privkey.c 2008-10-12 20:23:58 UTC
(rev 7761)
+++ libmicrohttpd/src/daemon/https/x509/x509_privkey.c 2008-10-12 20:52:17 UTC
(rev 7762)
@@ -39,8 +39,8 @@
#include <dsa.h>
#include <verify.h>
-static int MHD__gnutlsMHD__asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params);
-int MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
+static int MHD__gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params);
+int MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params);
/* remove this when libgcrypt can handle the PKCS #1 coefficients from
* rsa keys
@@ -127,7 +127,7 @@
switch (dst->pk_algorithm)
{
case MHD_GNUTLS_PK_RSA:
- ret = MHD__gnutlsMHD__asn1_encode_rsa (&dst->key, dst->params);
+ ret = MHD__gnutls_asn1_encode_rsa (&dst->key, dst->params);
if (ret < 0)
{
MHD_gnutls_assert ();
@@ -439,7 +439,7 @@
if (!key->crippled)
{
- ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params);
+ ret = MHD__gnutls_asn1_encode_rsa (&key->key, key->params);
if (ret < 0)
{
MHD_gnutls_assert ();
@@ -481,7 +481,7 @@
/* Encodes the RSA parameters into an ASN.1 RSA private key structure.
*/
static int
-MHD__gnutlsMHD__asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params)
+MHD__gnutls_asn1_encode_rsa (ASN1_TYPE * c2, mpi_t * params)
{
int result, i;
size_t size[8], total;
@@ -712,7 +712,7 @@
/* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure.
*/
int
-MHD__gnutlsMHD__asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params)
+MHD__gnutls_asn1_encode_dsa (ASN1_TYPE * c2, mpi_t * params)
{
int result, i;
size_t size[DSA_PRIVATE_PARAMS], total;
@@ -823,328 +823,3 @@
return result;
}
-/**
- * MHD_gnutls_x509_privkey_generate - This function will generate a private key
- * @key: should contain a MHD_gnutls_x509_privkey_t structure
- * @algo: is one of RSA or DSA.
- * @bits: the size of the modulus
- * @flags: unused for now. Must be 0.
- *
- * This function will generate a random private key. Note that
- * this function must be called on an empty private key.
- *
- * Returns 0 on success or a negative value on error.
- *
- **/
-int
-MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key,
- enum MHD_GNUTLS_PublicKeyAlgorithm algo,
- unsigned int bits, unsigned int flags)
-{
- int ret, params_len;
- int i;
-
- if (key == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- switch (algo)
- {
- case MHD_GNUTLS_PK_RSA:
- ret = MHD__gnutls_rsa_generate_params (key->params, ¶ms_len, bits);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
-
- if (!key->crippled)
- {
- ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
- }
-
- key->params_size = params_len;
- key->pk_algorithm = MHD_GNUTLS_PK_RSA;
-
- break;
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
-
-cleanup:key->pk_algorithm = MHD_GNUTLS_PK_UNKNOWN;
- key->params_size = 0;
- for (i = 0; i < params_len; i++)
- MHD_gtls_mpi_release (&key->params[i]);
-
- return ret;
-}
-
-/**
- * MHD_gnutls_x509_privkey_get_key_id - Return unique ID of the key's
parameters
- * @key: Holds the key
- * @flags: should be 0 for now
- * @output_data: will contain the key ID
- * @output_data_size: holds the size of output_data (and will be
- * replaced by the actual size of parameters)
- *
- * This function will return a unique ID the depends on the public key
- * parameters. This ID can be used in checking whether a certificate
- * corresponds to the given key.
- *
- * If the buffer provided is not long enough to hold the output, then
- * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
- * be returned. The output will normally be a SHA-1 hash output,
- * which is 20 bytes.
- *
- * Return value: In case of failure a negative value will be
- * returned, and 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_privkey_get_key_id (MHD_gnutls_x509_privkey_t key,
- unsigned int flags,
- unsigned char *output_data,
- size_t * output_data_size)
-{
- int result;
- GNUTLS_HASH_HANDLE hd;
- MHD_gnutls_datum_t der = { NULL,
- 0
- };
-
- if (key == NULL || key->crippled)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (*output_data_size < 20)
- {
- MHD_gnutls_assert ();
- *output_data_size = 20;
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- if (key->pk_algorithm == MHD_GNUTLS_PK_RSA)
- {
- result = MHD__gnutls_x509_write_rsa_params (key->params,
key->params_size,
- &der);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- goto cleanup;
- }
- }
- else
- return GNUTLS_E_INTERNAL_ERROR;
-
- hd = MHD_gtls_hash_init (MHD_GNUTLS_MAC_SHA1);
- if (hd == GNUTLS_HASH_FAILED)
- {
- MHD_gnutls_assert ();
- result = GNUTLS_E_INTERNAL_ERROR;
- goto cleanup;
- }
-
- MHD_gnutls_hash (hd, der.data, der.size);
-
- MHD_gnutls_hash_deinit (hd, output_data);
- *output_data_size = 20;
-
- result = 0;
-
-cleanup:
-
- MHD__gnutls_free_datum (&der);
- return result;
-}
-
-#ifdef ENABLE_PKI
-
-/**
- * MHD_gnutls_x509_privkey_sign_data - This function will sign the given data
using the private key params
- * @key: Holds the key
- * @digest: should be MD5 or SHA1
- * @flags: should be 0 for now
- * @data: holds the data to be signed
- * @signature: will contain the signature
- * @signature_size: holds the size of signature (and will be replaced
- * by the new size)
- *
- * This function will sign the given data using a signature algorithm
- * supported by the private key. Signature algorithms are always used
- * together with a hash functions. Different hash functions may be
- * used for the RSA algorithm, but only SHA-1 for the DSA keys.
- *
- * If the buffer provided is not long enough to hold the output, then
- * *signature_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
- * be returned.
- *
- * In case of failure a negative value will be returned, and
- * 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_privkey_sign_data (MHD_gnutls_x509_privkey_t key,
- enum MHD_GNUTLS_HashAlgorithm digest,
- unsigned int flags,
- const MHD_gnutls_datum_t * data,
- void *signature, size_t * signature_size)
-{
- int result;
- MHD_gnutls_datum_t sig = { NULL, 0 };
-
- if (key == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = MHD__gnutls_x509_sign (data, digest, key, &sig);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- if (*signature_size < sig.size)
- {
- *signature_size = sig.size;
- MHD__gnutls_free_datum (&sig);
- return GNUTLS_E_SHORT_MEMORY_BUFFER;
- }
-
- *signature_size = sig.size;
- memcpy (signature, sig.data, sig.size);
-
- MHD__gnutls_free_datum (&sig);
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_privkey_sign_hash - This function will sign the given data
using the private key params
- * @key: Holds the key
- * @hash: holds the data to be signed
- * @signature: will contain newly allocated signature
- *
- * This function will sign the given hash using the private key.
- *
- * Return value: In case of failure a negative value will be returned,
- * and 0 on success.
- **/
-int
-MHD_gnutls_x509_privkey_sign_hash (MHD_gnutls_x509_privkey_t key,
- const MHD_gnutls_datum_t * hash,
- MHD_gnutls_datum_t * signature)
-{
- int result;
-
- if (key == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = MHD_gtls_sign (key->pk_algorithm, key->params,
- key->params_size, hash, signature);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return result;
- }
-
- return 0;
-}
-
-/**
- * MHD_gnutls_x509_privkey_verify_data - This function will verify the given
signed data.
- * @key: Holds the key
- * @flags: should be 0 for now
- * @data: holds the data to be signed
- * @signature: contains the signature
- *
- * This function will verify the given signed data, using the parameters in the
- * private key.
- *
- * In case of a verification failure 0 is returned, and
- * 1 on success.
- *
- **/
-int
-MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key,
- unsigned int flags,
- const MHD_gnutls_datum_t * data,
- const MHD_gnutls_datum_t * signature)
-{
- int result;
-
- if (key == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- result = MHD__gnutls_x509_privkey_verify_signature (data, signature, key);
- if (result < 0)
- {
- MHD_gnutls_assert ();
- return 0;
- }
-
- return result;
-}
-
-/**
- * MHD_gnutls_x509_privkey_fix - This function will recalculate some
parameters of the key.
- * @key: Holds the key
- *
- * This function will recalculate the secondary parameters in a key.
- * In RSA keys, this can be the coefficient and exponent1,2.
- *
- * Return value: In case of failure a negative value will be
- * returned, and 0 on success.
- *
- **/
-int
-MHD_gnutls_x509_privkey_fix (MHD_gnutls_x509_privkey_t key)
-{
- int ret;
-
- if (key == NULL)
- {
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- if (!key->crippled)
- MHD__asn1_delete_structure (&key->key);
- switch (key->pk_algorithm)
- {
- case MHD_GNUTLS_PK_RSA:
- ret = MHD__gnutlsMHD__asn1_encode_rsa (&key->key, key->params);
- if (ret < 0)
- {
- MHD_gnutls_assert ();
- return ret;
- }
- break;
- default:
- MHD_gnutls_assert ();
- return GNUTLS_E_INVALID_REQUEST;
- }
-
- return 0;
-}
-
-#endif
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r7762 - in libmicrohttpd/src/daemon/https: . tls x509,
gnunet <=