[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-369-g29e80af
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-369-g29e80af |
|
Date: |
Sun, 19 Sep 2010 07:10:10 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=29e80af525774c861383a03010956151b2ba8d1c
The branch, master has been updated
via 29e80af525774c861383a03010956151b2ba8d1c (commit)
via 048f53e009bbfbf49a876881f203e5e3b4cf011d (commit)
via d489db78429b47f998dc605b0941bb765879664e (commit)
via 3de40153b7692744cfdec6c96299b19e43f9737b (commit)
from 20151edffdb8d99c7feb986a2f102df76314cb7d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 29e80af525774c861383a03010956151b2ba8d1c
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Sep 19 09:09:43 2010 +0200
Corrected bug in wrap_nettle_pk_fixup that was importing DSA keys are RSA
ones.
commit 048f53e009bbfbf49a876881f203e5e3b4cf011d
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Sep 19 09:07:41 2010 +0200
indented some code
commit d489db78429b47f998dc605b0941bb765879664e
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Sep 19 08:42:45 2010 +0200
updated revision
commit 3de40153b7692744cfdec6c96299b19e43f9737b
Author: Ludovic Courtès <address@hidden>
Date: Sat Sep 18 15:56:28 2010 +0200
Add an OpenPGP authentication unit test.
* tests/Makefile.am (ctests)[ENABLE_OPENPGP]: Add `openpgp-auth'.
(TESTS_ENVIRONMENT): Add `srcdir'.
* tests/openpgp-auth.c: New file.
Signed-off-by: Nikos Mavrogiannopoulos <address@hidden>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 1 +
lib/m4/hooks.m4 | 2 +-
lib/nettle/pk.c | 597 ++++++++++++++++++++++++++-----------------------
lib/openpgp/privkey.c | 1 -
tests/Makefile.am | 13 +-
tests/openpgp-auth.c | 282 +++++++++++++++++++++++
6 files changed, 606 insertions(+), 290 deletions(-)
create mode 100644 tests/openpgp-auth.c
diff --git a/.gitignore b/.gitignore
index 5b8643f..101187d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -434,3 +434,4 @@ m4/
po/
lib/m4
lgl/
+/tests/openpgp-auth
diff --git a/lib/m4/hooks.m4 b/lib/m4/hooks.m4
index 4d7be06..f1a7ea0 100644
--- a/lib/m4/hooks.m4
+++ b/lib/m4/hooks.m4
@@ -27,7 +27,7 @@ AC_DEFUN([LIBGNUTLS_HOOKS],
# Interfaces added: AGE++
# Interfaces removed: AGE=0
AC_SUBST(LT_CURRENT, 43)
- AC_SUBST(LT_REVISION, 0)
+ AC_SUBST(LT_REVISION, 1)
AC_SUBST(LT_AGE, 17)
AC_SUBST(CXX_LT_CURRENT, 27)
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 29434b5..56b8867 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -50,7 +50,8 @@ static void rnd_func(void *_ctx, unsigned length, uint8_t *
data)
_gnutls_rnd(GNUTLS_RND_RANDOM, data, length);
}
-static void _dsa_params_to_pubkey(const gnutls_pk_params_st * pk_params,
struct dsa_public_key *pub)
+static void _dsa_params_to_pubkey(const gnutls_pk_params_st * pk_params,
+ struct dsa_public_key *pub)
{
memcpy(&pub->p, pk_params->params[0], sizeof(mpz_t));
memcpy(&pub->q, pk_params->params[1], sizeof(mpz_t));
@@ -58,12 +59,14 @@ static void _dsa_params_to_pubkey(const gnutls_pk_params_st
* pk_params, struct
memcpy(&pub->y, pk_params->params[3], sizeof(mpz_t));
}
-static void _dsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
struct dsa_private_key *pub)
+static void _dsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
+ struct dsa_private_key *pub)
{
memcpy(&pub->x, pk_params->params[4], sizeof(mpz_t));
}
-static void _rsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
struct rsa_private_key *priv)
+static void _rsa_params_to_privkey(const gnutls_pk_params_st * pk_params,
+ struct rsa_private_key *priv)
{
memcpy(&priv->d, pk_params->params[2], sizeof(mpz_t));
memcpy(&priv->p, pk_params->params[3], sizeof(mpz_t));
@@ -84,26 +87,30 @@ _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
/* make a sexp from pkey */
switch (algo) {
- case GNUTLS_PK_RSA: {
- bigint_t p;
-
- if (_gnutls_mpi_scan_nz(&p, plaintext->data, plaintext->size)
!= 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ case GNUTLS_PK_RSA:{
+ bigint_t p;
- mpz_powm(p, p, TOMPZ(pk_params->params[1])/*e*/,
TOMPZ(pk_params->params[0]/*m*/));
+ if (_gnutls_mpi_scan_nz
+ (&p, plaintext->data, plaintext->size) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- ret = _gnutls_mpi_dprint_size(p, ciphertext, plaintext->size);
- _gnutls_mpi_release(&p);
+ mpz_powm(p, p, TOMPZ(pk_params->params[1]) /*e */ ,
+ TOMPZ(pk_params->params[0] /*m */ ));
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ ret =
+ _gnutls_mpi_dprint_size(p, ciphertext,
+ plaintext->size);
+ _gnutls_mpi_release(&p);
- break;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ break;
+ }
default:
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
@@ -112,7 +119,7 @@ _wrap_nettle_pk_encrypt(gnutls_pk_algorithm_t algo,
ret = 0;
-cleanup:
+ cleanup:
return ret;
}
@@ -120,9 +127,10 @@ cleanup:
/* returns the blinded c and the inverse of a random
* number r;
*/
-static bigint_t rsa_blind(bigint_t c, bigint_t e, bigint_t n, bigint_t *_ri)
+static bigint_t rsa_blind(bigint_t c, bigint_t e, bigint_t n,
+ bigint_t * _ri)
{
-bigint_t nc = NULL, r = NULL, ri = NULL;
+ bigint_t nc = NULL, r = NULL, ri = NULL;
/* nc = c*(r^e)
* ri = r^(-1)
@@ -139,15 +147,15 @@ bigint_t nc = NULL, r = NULL, ri = NULL;
goto fail;
}
- r = _gnutls_mpi_randomize (NULL, _gnutls_mpi_get_nbits(n),
- GNUTLS_RND_NONCE);
+ r = _gnutls_mpi_randomize(NULL, _gnutls_mpi_get_nbits(n),
+ GNUTLS_RND_NONCE);
if (r == NULL) {
gnutls_assert();
goto fail;
}
/* invert r */
- if (mpz_invert(ri, r, n)==0) {
+ if (mpz_invert(ri, r, n) == 0) {
gnutls_assert();
goto fail;
}
@@ -163,7 +171,7 @@ bigint_t nc = NULL, r = NULL, ri = NULL;
_gnutls_mpi_release(&r);
return nc;
-fail:
+ fail:
_gnutls_mpi_release(&nc);
_gnutls_mpi_release(&r);
return NULL;
@@ -186,42 +194,46 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
/* make a sexp from pkey */
switch (algo) {
- case GNUTLS_PK_RSA: {
- struct rsa_private_key priv;
- bigint_t c, ri, nc;
-
- if (_gnutls_mpi_scan_nz(&c, ciphertext->data, ciphertext->size)
!= 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ case GNUTLS_PK_RSA:{
+ struct rsa_private_key priv;
+ bigint_t c, ri, nc;
+
+ if (_gnutls_mpi_scan_nz
+ (&c, ciphertext->data,
+ ciphertext->size) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- nc = rsa_blind(c, pk_params->params[1]/*e*/,
- pk_params->params[0]/*m*/, &ri);
- _gnutls_mpi_release(&c);
- if (nc == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
+ nc = rsa_blind(c, pk_params->params[1] /*e */ ,
+ pk_params->params[0] /*m */ , &ri);
+ _gnutls_mpi_release(&c);
+ if (nc == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- rsa_private_key_init(&priv);
- _rsa_params_to_privkey(pk_params, &priv);
+ rsa_private_key_init(&priv);
+ _rsa_params_to_privkey(pk_params, &priv);
- rsa_compute_root(&priv, TOMPZ(nc), TOMPZ(nc));
+ rsa_compute_root(&priv, TOMPZ(nc), TOMPZ(nc));
- rsa_unblind(nc, ri, pk_params->params[0]/*m*/);
+ rsa_unblind(nc, ri, pk_params->params[0] /*m */ );
- ret = _gnutls_mpi_dprint_size(nc, plaintext, ciphertext->size);
+ ret =
+ _gnutls_mpi_dprint_size(nc, plaintext,
+ ciphertext->size);
- _gnutls_mpi_release(&nc);
- _gnutls_mpi_release(&ri);
+ _gnutls_mpi_release(&nc);
+ _gnutls_mpi_release(&ri);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
- break;
- }
+ break;
+ }
default:
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
@@ -230,7 +242,7 @@ _wrap_nettle_pk_decrypt(gnutls_pk_algorithm_t algo,
ret = 0;
-cleanup:
+ cleanup:
return ret;
}
@@ -247,82 +259,85 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo,
switch (algo) {
- case GNUTLS_PK_DSA: {
- struct dsa_public_key pub;
- struct dsa_private_key priv;
- struct dsa_signature sig;
-
- dsa_public_key_init(&pub);
- dsa_private_key_init(&priv);
- _dsa_params_to_pubkey(pk_params, &pub);
- _dsa_params_to_privkey(pk_params, &priv);
-
- dsa_signature_init(&sig);
-
- hash = _gnutls_dsa_q_to_hash(pub.q);
- if (vdata->size != _gnutls_hash_get_algo_len(hash)) {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto dsa_fail;
- }
-
- ret = _dsa_sign(&pub, &priv, NULL, rnd_func, vdata->size,
vdata->data, &sig);
- if (ret == 0) {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIGN_FAILED;
- goto dsa_fail;
- }
-
- ret =
- _gnutls_encode_ber_rs(signature, &sig.r,
- &sig.s);
-
-dsa_fail:
- dsa_signature_clear(&sig);
-
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- break;
- }
- case GNUTLS_PK_RSA: {
- struct rsa_private_key priv;
- bigint_t hash, nc, ri;
-
- if (_gnutls_mpi_scan_nz(&hash, vdata->data, vdata->size) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ case GNUTLS_PK_DSA:{
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+ struct dsa_signature sig;
- rsa_private_key_init(&priv);
- _rsa_params_to_privkey(pk_params, &priv);
+ dsa_public_key_init(&pub);
+ dsa_private_key_init(&priv);
+ _dsa_params_to_pubkey(pk_params, &pub);
+ _dsa_params_to_privkey(pk_params, &priv);
- nc = rsa_blind(hash, pk_params->params[1]/*e*/,
- pk_params->params[0]/*m*/, &ri);
+ dsa_signature_init(&sig);
- _gnutls_mpi_release(&hash);
+ hash = _gnutls_dsa_q_to_hash(pub.q);
+ if (vdata->size != _gnutls_hash_get_algo_len(hash)) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
- if (nc == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ ret =
+ _dsa_sign(&pub, &priv, NULL, rnd_func,
+ vdata->size, vdata->data, &sig);
+ if (ret == 0) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
+
+ ret =
+ _gnutls_encode_ber_rs(signature, &sig.r,
+ &sig.s);
+
+ dsa_fail:
+ dsa_signature_clear(&sig);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ break;
}
+ case GNUTLS_PK_RSA:{
+ struct rsa_private_key priv;
+ bigint_t hash, nc, ri;
+
+ if (_gnutls_mpi_scan_nz
+ (&hash, vdata->data, vdata->size) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
- rsa_compute_root(&priv, TOMPZ(nc), TOMPZ(nc));
+ rsa_private_key_init(&priv);
+ _rsa_params_to_privkey(pk_params, &priv);
- rsa_unblind(nc, ri, pk_params->params[0]/*m*/);
+ nc = rsa_blind(hash, pk_params->params[1] /*e */ ,
+ pk_params->params[0] /*m */ , &ri);
- ret = _gnutls_mpi_dprint(nc, signature);
- _gnutls_mpi_release(&nc);
- _gnutls_mpi_release(&ri);
+ _gnutls_mpi_release(&hash);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
+ if (nc == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
- break;
- }
+ rsa_compute_root(&priv, TOMPZ(nc), TOMPZ(nc));
+
+ rsa_unblind(nc, ri, pk_params->params[0] /*m */ );
+
+ ret = _gnutls_mpi_dprint(nc, signature);
+ _gnutls_mpi_release(&nc);
+ _gnutls_mpi_release(&ri);
+
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ break;
+ }
default:
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
@@ -331,37 +346,38 @@ dsa_fail:
ret = 0;
-cleanup:
+ cleanup:
return ret;
}
static int
_int_rsa_verify(const gnutls_pk_params_st * pk_params,
- bigint_t m,
- bigint_t s)
+ bigint_t m, bigint_t s)
{
- int res;
+ int res;
+
+ mpz_t m1;
- mpz_t m1;
+ if ((mpz_sgn(TOMPZ(s)) <= 0)
+ || (mpz_cmp(TOMPZ(s), TOMPZ(pk_params->params[0])) >= 0))
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
- if ( (mpz_sgn(TOMPZ(s)) <= 0)
- || (mpz_cmp(TOMPZ(s), TOMPZ(pk_params->params[0])) >= 0) )
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ mpz_init(m1);
- mpz_init(m1);
+ mpz_powm(m1, TOMPZ(s), TOMPZ(pk_params->params[1]),
+ TOMPZ(pk_params->params[0]));
- mpz_powm(m1, TOMPZ(s), TOMPZ(pk_params->params[1]),
TOMPZ(pk_params->params[0]));
+ res = !mpz_cmp(TOMPZ(m), m1);
- res = !mpz_cmp(TOMPZ(m), m1);
+ mpz_clear(m1);
- mpz_clear(m1);
+ if (res == 0)
+ res = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ else
+ res = 0;
- if (res == 0)
- res = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- else res = 0;
-
- return res;
+ return res;
}
static int
@@ -374,66 +390,71 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo,
bigint_t tmp[2] = { NULL, NULL };
switch (algo) {
- case GNUTLS_PK_DSA: {
- struct dsa_public_key pub;
- struct dsa_signature sig;
-
- ret = _gnutls_decode_ber_rs(signature, &tmp[0], &tmp[1]);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
- }
- dsa_public_key_init(&pub);
- _dsa_params_to_pubkey(pk_params, &pub);
- memcpy(&sig.r, tmp[0], sizeof(sig.r));
- memcpy(&sig.s, tmp[1], sizeof(sig.s));
-
- hash = _gnutls_dsa_q_to_hash(pub.q);
- if (vdata->size != _gnutls_hash_get_algo_len(hash)) {
- gnutls_assert();
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- goto dsa_fail;
- }
-
- ret = _dsa_verify(&pub, vdata->size, vdata->data, &sig);
- if (ret == 0)
- ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
- else
- ret = 0;
-
-dsa_fail:
- _gnutls_mpi_release(&tmp[0]);
- _gnutls_mpi_release(&tmp[1]);
- break;
- }
- case GNUTLS_PK_RSA: {
- bigint_t hash;
-
- if (_gnutls_mpi_scan_nz(&hash, vdata->data, vdata->size) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
- }
+ case GNUTLS_PK_DSA:{
+ struct dsa_public_key pub;
+ struct dsa_signature sig;
+
+ ret =
+ _gnutls_decode_ber_rs(signature, &tmp[0],
+ &tmp[1]);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+ dsa_public_key_init(&pub);
+ _dsa_params_to_pubkey(pk_params, &pub);
+ memcpy(&sig.r, tmp[0], sizeof(sig.r));
+ memcpy(&sig.s, tmp[1], sizeof(sig.s));
+
+ hash = _gnutls_dsa_q_to_hash(pub.q);
+ if (vdata->size != _gnutls_hash_get_algo_len(hash)) {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ goto dsa_fail;
+ }
- ret =
- _gnutls_mpi_scan_nz(&tmp[0], signature->data,
- signature->size);
- if (ret < 0) {
- gnutls_assert();
- goto cleanup;
+ ret =
+ _dsa_verify(&pub, vdata->size, vdata->data,
+ &sig);
+ if (ret == 0)
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ else
+ ret = 0;
+
+ dsa_fail:
+ _gnutls_mpi_release(&tmp[0]);
+ _gnutls_mpi_release(&tmp[1]);
+ break;
}
+ case GNUTLS_PK_RSA:{
+ bigint_t hash;
- ret = _int_rsa_verify(pk_params, hash, tmp[0]);
- _gnutls_mpi_release(&tmp[0]);
- _gnutls_mpi_release(&hash);
- break;
- }
+ if (_gnutls_mpi_scan_nz
+ (&hash, vdata->data, vdata->size) != 0) {
+ gnutls_assert();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ ret =
+ _gnutls_mpi_scan_nz(&tmp[0], signature->data,
+ signature->size);
+ if (ret < 0) {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ ret = _int_rsa_verify(pk_params, hash, tmp[0]);
+ _gnutls_mpi_release(&tmp[0]);
+ _gnutls_mpi_release(&hash);
+ break;
+ }
default:
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto cleanup;
}
-cleanup:
+ cleanup:
return ret;
}
@@ -443,107 +464,115 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t
algo,
unsigned int level /*bits */ ,
gnutls_pk_params_st * params)
{
-int ret, i;
-int q_bits;
+ int ret, i;
+ int q_bits;
switch (algo) {
- case GNUTLS_PK_DSA: {
- struct dsa_public_key pub;
- struct dsa_private_key priv;
-
- dsa_public_key_init(&pub);
- dsa_private_key_init(&priv);
-
- /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
- * but we do NIST DSA here */
- if (level <= 1024)
- q_bits = 160;
- else
- q_bits = 256;
-
- ret = dsa_generate_keypair (&pub, &priv, NULL, rnd_func, NULL,
NULL, level, q_bits);
- if (ret != 1) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
- }
-
- params->params_nr = 0;
- for (i=0;i<DSA_PRIVATE_PARAMS;i++) {
- params->params[i] = _gnutls_mpi_alloc_like(&pub.p);
- if (params->params[i] == NULL) {
- ret = GNUTLS_E_MEMORY_ERROR;
- dsa_private_key_clear(&priv);
- dsa_public_key_clear(&pub);
- goto fail;
+ case GNUTLS_PK_DSA:{
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+
+ dsa_public_key_init(&pub);
+ dsa_private_key_init(&priv);
+
+ /* the best would be to use
_gnutls_pk_bits_to_subgroup_bits()
+ * but we do NIST DSA here */
+ if (level <= 1024)
+ q_bits = 160;
+ else
+ q_bits = 256;
+
+ ret =
+ dsa_generate_keypair(&pub, &priv, NULL,
+ rnd_func, NULL, NULL,
+ level, q_bits);
+ if (ret != 1) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- params->params_nr++;
- }
- _gnutls_mpi_set(params->params[0], pub.p);
- _gnutls_mpi_set(params->params[1], pub.q);
- _gnutls_mpi_set(params->params[2], pub.g);
- _gnutls_mpi_set(params->params[3], pub.y);
- _gnutls_mpi_set(params->params[4], priv.x);
-
- dsa_private_key_clear(&priv);
- dsa_public_key_clear(&pub);
-
- break;
- }
- case GNUTLS_PK_RSA: {
- struct rsa_public_key pub;
- struct rsa_private_key priv;
-
- rsa_public_key_init(&pub);
- rsa_private_key_init(&priv);
-
- _gnutls_mpi_set_ui(&pub.e, 65537);
-
- ret = rsa_generate_keypair (&pub, &priv, NULL, rnd_func, NULL,
NULL, level, 0);
- if (ret != 1) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+
+ params->params_nr = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
+ params->params[i] =
+ _gnutls_mpi_alloc_like(&pub.p);
+ if (params->params[i] == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ dsa_private_key_clear(&priv);
+ dsa_public_key_clear(&pub);
+ goto fail;
+ }
+ params->params_nr++;
+ }
+ _gnutls_mpi_set(params->params[0], pub.p);
+ _gnutls_mpi_set(params->params[1], pub.q);
+ _gnutls_mpi_set(params->params[2], pub.g);
+ _gnutls_mpi_set(params->params[3], pub.y);
+ _gnutls_mpi_set(params->params[4], priv.x);
+
+ dsa_private_key_clear(&priv);
+ dsa_public_key_clear(&pub);
+
+ break;
}
-
- params->params_nr = 0;
- for (i=0;i<RSA_PRIVATE_PARAMS;i++) {
- params->params[i] = _gnutls_mpi_alloc_like(&pub.n);
- if (params->params[i] == NULL) {
- ret = GNUTLS_E_MEMORY_ERROR;
- rsa_private_key_clear(&priv);
- rsa_public_key_clear(&pub);
- goto fail;
+ case GNUTLS_PK_RSA:{
+ struct rsa_public_key pub;
+ struct rsa_private_key priv;
+
+ rsa_public_key_init(&pub);
+ rsa_private_key_init(&priv);
+
+ _gnutls_mpi_set_ui(&pub.e, 65537);
+
+ ret =
+ rsa_generate_keypair(&pub, &priv, NULL,
+ rnd_func, NULL, NULL,
+ level, 0);
+ if (ret != 1) {
+ gnutls_assert();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ params->params_nr = 0;
+ for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
+ params->params[i] =
+ _gnutls_mpi_alloc_like(&pub.n);
+ if (params->params[i] == NULL) {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ rsa_private_key_clear(&priv);
+ rsa_public_key_clear(&pub);
+ goto fail;
+ }
+ params->params_nr++;
+
}
- params->params_nr++;
-
+ _gnutls_mpi_set(params->params[0], pub.n);
+ _gnutls_mpi_set(params->params[1], pub.e);
+ _gnutls_mpi_set(params->params[2], priv.d);
+ _gnutls_mpi_set(params->params[3], priv.p);
+ _gnutls_mpi_set(params->params[4], priv.q);
+ _gnutls_mpi_set(params->params[5], priv.c);
+ _gnutls_mpi_set(params->params[6], priv.a);
+ _gnutls_mpi_set(params->params[7], priv.b);
+ rsa_private_key_clear(&priv);
+ rsa_public_key_clear(&pub);
+
+ break;
}
- _gnutls_mpi_set(params->params[0], pub.n);
- _gnutls_mpi_set(params->params[1], pub.e);
- _gnutls_mpi_set(params->params[2], priv.d);
- _gnutls_mpi_set(params->params[3], priv.p);
- _gnutls_mpi_set(params->params[4], priv.q);
- _gnutls_mpi_set(params->params[5], priv.c);
- _gnutls_mpi_set(params->params[6], priv.a);
- _gnutls_mpi_set(params->params[7], priv.b);
- rsa_private_key_clear(&priv);
- rsa_public_key_clear(&pub);
-
- break;
- }
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
-
+
return 0;
-fail:
+ fail:
- for (i=0;i<params->params_nr;i++) {
+ for (i = 0; i < params->params_nr; i++) {
_gnutls_mpi_release(¶ms->params[i]);
}
- params->params_nr=0;
-
+ params->params_nr = 0;
+
return ret;
}
@@ -553,24 +582,28 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
gnutls_direction_t direction,
gnutls_pk_params_st * params)
{
-int result;
+ int result;
- if (direction == GNUTLS_IMPORT) {
+ if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA) {
/* do not trust the generated values. Some old private keys
* generated by us have mess on the values. Those were very
* old but it seemed some of the shipped example private
* keys were as old.
*/
- mpz_invert(TOMPZ(params->params[5]), TOMPZ(params->params[4]),
TOMPZ(params->params[3]));
+ mpz_invert(TOMPZ(params->params[5]),
+ TOMPZ(params->params[4]),
+ TOMPZ(params->params[3]));
- /* calculate exp1 [6] and exp2 [7] */
+ /* calculate exp1 [6] and exp2 [7] */
_gnutls_mpi_release(¶ms->params[6]);
_gnutls_mpi_release(¶ms->params[7]);
- result = _gnutls_calc_rsa_exp(params->params, RSA_PRIVATE_PARAMS-2);
- if (result < 0) {
- gnutls_assert();
- return result;
+ result =
+ _gnutls_calc_rsa_exp(params->params,
+ RSA_PRIVATE_PARAMS - 2);
+ if (result < 0) {
+ gnutls_assert();
+ return result;
}
params->params_nr = RSA_PRIVATE_PARAMS;
}
diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index 9be4a2c..9450e33 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -758,7 +758,6 @@ _gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t
pkey,
goto error;
}
}
-
/* fixup will generate exp1 and exp2 that are not
* available here.
*/
diff --git a/tests/Makefile.am b/tests/Makefile.am
index b14f4fd..875173e 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -68,7 +68,7 @@ openssl_LDADD = $(LDADD) ../libextra/libgnutls-openssl.la
endif
if ENABLE_OPENPGP
-ctests += openpgp-keyring pgps2kgnu
+ctests += openpgp-auth openpgp-keyring pgps2kgnu
openpgp_keyring_LDADD = $(LDADD) ../libextra/libgnutls-extra.la
endif
@@ -88,10 +88,11 @@ dist_check_SCRIPTS = rfc2253-escape-test
TESTS = $(ctests) $(dist_check_SCRIPTS)
-TESTS_ENVIRONMENT = \
- PKCS12FILE=$(srcdir)/pkcs12-decode/client.p12 \
- PKCS12PASSWORD=foobar \
+TESTS_ENVIRONMENT = \
+ PKCS12FILE=$(srcdir)/pkcs12-decode/client.p12 \
+ PKCS12PASSWORD=foobar \
PKCS12FILE_2=$(srcdir)/pkcs12-decode/pkcs12_2certs.p12 \
- PKCS12PASSWORD_2="" \
- EXEEXT=$(EXEEXT) \
+ PKCS12PASSWORD_2="" \
+ EXEEXT=$(EXEEXT) \
+ srcdir="$(srcdir)" \
$(VALGRIND)
diff --git a/tests/openpgp-auth.c b/tests/openpgp-auth.c
new file mode 100644
index 0000000..09b5d88
--- /dev/null
+++ b/tests/openpgp-auth.c
@@ -0,0 +1,282 @@
+/*
+ * Copyright (C) 2010 Free Software Foundation
+ * Author: Ludovic Courtès
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GNUTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <gnutls/gnutls.h>
+#include <gnutls/openpgp.h>
+
+#include "utils.h"
+#include <read-file.h>
+
+#include <unistd.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/wait.h>
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+
+static const char message[] = "Hello, brave GNU world!";
+
+/* The OpenPGP key pair for use and the key ID in those keys. */
+static const char pub_key_file[] = "../guile/tests/openpgp-pub.asc";
+static const char priv_key_file[] = "../guile/tests/openpgp-sec.asc";
+static const char *key_id =
+ NULL
+ /* FIXME: The values below don't work as expected. */
+ /* "auto" */
+ /* "bd572cdcccc07c35" */;
+
+static const char rsa_params_file[] = "../guile/tests/rsa-parameters.pem";
+
+static const int protocols[] = { GNUTLS_TLS1_0, 0 };
+static const int cert_types[] = { GNUTLS_CRT_OPENPGP, 0 };
+static const int ciphers[] =
+ {
+ GNUTLS_CIPHER_NULL, GNUTLS_CIPHER_ARCFOUR,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC,
+ 0
+ };
+static const int kx[] =
+ {
+ GNUTLS_KX_RSA, GNUTLS_KX_RSA_EXPORT,
+ GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS,
+ 0
+ };
+static const int macs[] =
+ {
+ GNUTLS_MAC_SHA1, GNUTLS_MAC_RMD160, GNUTLS_MAC_MD5,
+ 0
+ };
+
+static void
+log_message (int level, const char *message)
+{
+ fprintf (stderr, "[%5d|%2d] %s", getpid (), level, message);
+}
+
+�
+void
+doit ()
+{
+ int err;
+ int sockets[2];
+ const char *srcdir;
+ char *pub_key_path, *priv_key_path;
+ pid_t child;
+
+ gnutls_global_init ();
+
+ srcdir = getenv ("srcdir") ?: ".";
+
+ if (debug)
+ {
+ gnutls_global_set_log_level (10);
+ gnutls_global_set_log_function (log_message);
+ }
+
+ err = socketpair (PF_UNIX, SOCK_STREAM, 0, sockets);
+ if (err != 0)
+ fail ("socketpair %s\n", strerror (errno));
+
+ pub_key_path = alloca (strlen (srcdir) + strlen (pub_key_file) + 2);
+ strcpy (pub_key_path, srcdir);
+ strcat (pub_key_path, "/");
+ strcat (pub_key_path, pub_key_file);
+
+ priv_key_path = alloca (strlen (srcdir) + strlen (priv_key_file) + 2);
+ strcpy (priv_key_path, srcdir);
+ strcat (priv_key_path, "/");
+ strcat (priv_key_path, priv_key_file);
+
+ child = fork ();
+ if (child == -1)
+ fail ("fork %s\n", strerror (errno));
+
+ if (child == 0)
+ {
+ /* Child process (client). */
+ gnutls_session_t session;
+ gnutls_certificate_credentials_t cred;
+ ssize_t sent;
+
+ if (debug)
+ printf ("client process %i\n", getpid ());
+
+ err = gnutls_init (&session, GNUTLS_CLIENT);
+ if (err != 0)
+ fail ("client session %d\n", err);
+
+ gnutls_set_default_priority (session);
+ gnutls_transport_set_ptr (session,
+ (gnutls_transport_ptr_t)(intptr_t) sockets[0]);
+
+ err = gnutls_certificate_allocate_credentials (&cred);
+ if (err != 0)
+ fail ("client credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_file, priv_key_file,
+ key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail ("client openpgp keys %d\n", err);
+
+ err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
+ if (err != 0)
+ fail ("client credential_set %d\n", err);
+
+ gnutls_protocol_set_priority (session, protocols);
+ gnutls_certificate_type_set_priority (session, cert_types);
+ gnutls_cipher_set_priority (session, ciphers);
+ gnutls_kx_set_priority (session, kx);
+ gnutls_mac_set_priority (session, macs);
+ gnutls_dh_set_prime_bits (session, 1024);
+
+ err = gnutls_handshake (session);
+ if (err != 0)
+ fail ("client handshake %d\n", err);
+ else if (debug)
+ printf ("client handshake successful\n");
+
+ sent = gnutls_record_send (session, message, sizeof (message));
+ if (sent != sizeof (message))
+ fail ("client sent %li vs. %li\n", sent, sizeof (message));
+
+ err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail ("client bye %d\n", err);
+
+ if (debug)
+ printf ("client done\n");
+ }
+ else
+ {
+ /* Parent process (server). */
+ gnutls_session_t session;
+ gnutls_dh_params_t dh_params;
+ gnutls_rsa_params_t rsa_params;
+ gnutls_certificate_credentials_t cred;
+ char greetings[sizeof (message) * 2];
+ ssize_t received;
+ pid_t done;
+ int status;
+ size_t rsa_size;
+ gnutls_datum_t rsa_data;
+
+ if (debug)
+ printf ("server process %i (child %i)\n", getpid (), child);
+
+ err = gnutls_init (&session, GNUTLS_SERVER);
+ if (err != 0)
+ fail ("server session %d\n", err);
+
+ gnutls_set_default_priority (session);
+ gnutls_transport_set_ptr (session,
+ (gnutls_transport_ptr_t)(intptr_t) sockets[1]);
+
+ err = gnutls_certificate_allocate_credentials (&cred);
+ if (err != 0)
+ fail ("server credentials %d\n", err);
+
+ err =
+ gnutls_certificate_set_openpgp_key_file2 (cred,
+ pub_key_file, priv_key_file,
+ key_id,
+ GNUTLS_OPENPGP_FMT_BASE64);
+ if (err != 0)
+ fail ("server openpgp keys %d\n", err);
+
+ err = gnutls_dh_params_init (&dh_params);
+ if (err)
+ fail ("server DH params init %d\n", err);
+
+ err = gnutls_dh_params_generate2 (dh_params, 1024);
+ if (err)
+ fail ("server DH params generate %d\n", err);
+
+ gnutls_certificate_set_dh_params (cred, dh_params);
+
+ rsa_data.data =
+ (unsigned char *) read_binary_file (rsa_params_file, &rsa_size);
+ rsa_data.size = rsa_size;
+
+ err = gnutls_rsa_params_init (&rsa_params);
+ if (err)
+ fail ("server RSA params init %d\n", err);
+
+ err = gnutls_rsa_params_import_pkcs1 (rsa_params, &rsa_data,
+ GNUTLS_X509_FMT_PEM);
+ if (err)
+ fail ("server RSA params import %d\n", err);
+
+ gnutls_certificate_set_rsa_export_params (cred, rsa_params);
+
+ err = gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, cred);
+ if (err != 0)
+ fail ("server credential_set %d\n", err);
+
+ gnutls_protocol_set_priority (session, protocols);
+ gnutls_certificate_type_set_priority (session, cert_types);
+ gnutls_cipher_set_priority (session, ciphers);
+ gnutls_kx_set_priority (session, kx);
+ gnutls_mac_set_priority (session, macs);
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUIRE);
+
+ err = gnutls_handshake (session);
+ if (err != 0)
+ fail ("server handshake %d\n", err);
+
+ received = gnutls_record_recv (session, greetings, sizeof (greetings));
+ if (received != sizeof (message)
+ || memcmp (greetings, message, sizeof (message)))
+ fail ("server received %li vs. %li\n", received, sizeof (message));
+
+ err = gnutls_bye (session, GNUTLS_SHUT_RDWR);
+ if (err != 0)
+ fail ("server bye %d\n", err);
+
+ if (debug)
+ printf ("server done\n");
+
+ done = wait (&status);
+ if (done < 0)
+ fail ("wait %s\n", strerror (errno));
+
+ if (done != child)
+ fail ("who's that?! %d\n", done);
+
+ if (WIFEXITED (status))
+ {
+ if (WEXITSTATUS (status) != 0)
+ fail ("child exited with status %d\n", WEXITSTATUS (status));
+ }
+ else if (WIFSIGNALED (status))
+ fail ("child stopped by signal %d\n", WTERMSIG (status));
+ else
+ fail ("child failed: %d\n", status);
+ }
+}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_10-369-g29e80af,
Nikos Mavrogiannopoulos <=