[SCM] GNU gnutls branch, master, updated. gnutls_2_99

gnutls-commit
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-69-g1e8a1fa

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-69-g1e8a1fa
Date:	Sun, 22 May 2011 14:28:42 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1e8a1fac52de4d7bfe9cd13de33f3bc051610c08

The branch, master has been updated
       via  1e8a1fac52de4d7bfe9cd13de33f3bc051610c08 (commit)
       via  5892d0bf34761686c1078d8a251210fadef34d18 (commit)
       via  f91665debbb2b044ef95b0676a41cbf9c8ba2e79 (commit)
       via  98aefa42a4f5ba83d4cb925debf3b3536c4060e7 (commit)
      from  80febddf239ff7209a4eaf184023f336fcdc5fde (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 1e8a1fac52de4d7bfe9cd13de33f3bc051610c08
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun May 22 16:28:39 2011 +0200

    gnutls_algorithms.h -> algorithms.h

commit 5892d0bf34761686c1078d8a251210fadef34d18
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun May 22 16:27:27 2011 +0200

    corrected ECC public key encoding/decoding.

commit f91665debbb2b044ef95b0676a41cbf9c8ba2e79
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun May 22 16:26:12 2011 +0200

    Corrected bug in public key import.
    print information on ECC public keys.

commit 98aefa42a4f5ba83d4cb925debf3b3536c4060e7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun May 22 16:09:14 2011 +0200

    No need to keep Z in parameters since the pubkey can always be converted to 
an affine point.

-----------------------------------------------------------------------

Summary of changes:
 lib/includes/gnutls/crypto.h |    3 +--
 lib/nettle/pk.c              |    9 ++++-----
 lib/x509/key_decode.c        |   38 +++-----------------------------------
 lib/x509/key_encode.c        |   34 ++++------------------------------
 lib/x509/x509_int.h          |    4 ++--
 libextra/gnutls_extra.c      |    2 +-
 src/certtool-common.c        |    2 +-
 src/certtool.c               |   31 +++++++++++++++++++++++++++++++
 8 files changed, 47 insertions(+), 76 deletions(-)

diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 80fbf82..d781c07 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -287,8 +287,7 @@ extern "C"
  *  [4] is Gy
  *  [5] is x
  *  [6] is y
- *  [7] is z
- *  [8] is k (private key)
+ *  [7] is k (private key)
  */
 
 /**
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 971e6f0..c9acf64 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -109,7 +109,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t 
algo, gnutls_datum_t * o
         memcpy(&ecc_pub.Gy, pub->params[4], sizeof(mpz_t));
         memcpy(&ecc_pub.pubkey.x, pub->params[5], sizeof(mpz_t));
         memcpy(&ecc_pub.pubkey.y, pub->params[6], sizeof(mpz_t));
-        memcpy(&ecc_pub.pubkey.z, pub->params[7], sizeof(mpz_t));
+        mpz_init_set_ui(ecc_pub.pubkey.z, 1);
 
         ecc_priv.type = PK_PRIVATE;
         memcpy(&ecc_priv.prime, priv->params[0], sizeof(mpz_t));
@@ -119,8 +119,8 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t 
algo, gnutls_datum_t * o
         memcpy(&ecc_priv.Gy, priv->params[4], sizeof(mpz_t));
         memcpy(&ecc_priv.pubkey.x, priv->params[5], sizeof(mpz_t));
         memcpy(&ecc_priv.pubkey.y, priv->params[6], sizeof(mpz_t));
-        memcpy(&ecc_priv.pubkey.z, priv->params[7], sizeof(mpz_t));
-        memcpy(&ecc_priv.k, priv->params[8], sizeof(mpz_t));
+        memcpy(&ecc_priv.k, priv->params[7], sizeof(mpz_t));
+        mpz_init_set_ui(ecc_pub.pubkey.z, 1);
 
         sz = ECC_BUF_SIZE;
         out->data = gnutls_malloc(sz);
@@ -722,8 +722,7 @@ rsa_fail:
         mpz_set(TOMPZ(params->params[4]), key.Gy);
         mpz_set(TOMPZ(params->params[5]), key.pubkey.x);
         mpz_set(TOMPZ(params->params[6]), key.pubkey.y);
-        mpz_set(TOMPZ(params->params[7]), key.pubkey.z);
-        mpz_set(TOMPZ(params->params[8]), key.k);
+        mpz_set(TOMPZ(params->params[7]), key.k);
         
 ecc_fail:
         ecc_free(&key);
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index d0bbce1..e7ec3ae 100644
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -104,41 +104,9 @@ _gnutls_x509_read_rsa_pubkey (opaque * der, int dersize, 
gnutls_pk_params_st * p
 int
 _gnutls_x509_read_ecc_pubkey (opaque * der, int dersize, gnutls_pk_params_st * 
params)
 {
-#if 0  
-  int ret;
-  ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-  gnutls_datum_t octet;
-
-  if ((ret = asn1_create_element
-       (_gnutls_get_gnutls_asn (), "GNUTLS.ECPoint", &spk))
-      != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      return _gnutls_asn2err (ret);
-    }
-
-  ret = asn1_der_decoding (&spk, der, dersize, NULL);
-  if (ret != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&spk);
-      return _gnutls_asn2err (ret);
-    }
-
-
-  if ((ret = _gnutls_x509_read_value (spk, "", &octet, 0)) < 0)
-    {
-      gnutls_assert ();
-      asn1_delete_structure (&spk);
-      return GNUTLS_E_ASN1_GENERIC_ERROR;
-    }
-
-  ret = _gnutls_ecc_ansi_x963_import (octet.data, octet.size, 
&params->params[5],
-                                     &params->params[6]);
-  _gnutls_free_datum(&octet);
-  
-  return ret;
-#endif
+/* Eventhough RFC5480 defines the public key to be an ECPoint (i.e. OCTET 
STRING),
+ * it is actually copied in raw there. Why do they use ASN.1 anyway?
+ */
   return _gnutls_ecc_ansi_x963_import (der, dersize, &params->params[5],
                                      &params->params[6]);
 }
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 8b44d08..0860e7c 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -120,7 +120,6 @@ _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
 {
   int result;
   ASN1_TYPE spk = ASN1_TYPE_EMPTY;
-  gnutls_datum_t out;
 
   der->data = NULL;
   der->size = 0;
@@ -132,38 +131,13 @@ _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * 
params,
       goto cleanup;
     }
 
-  result = _gnutls_ecc_ansi_x963_export(params->flags, params->params[5], 
params->params[6], &out);
+  result = _gnutls_ecc_ansi_x963_export(params->flags, params->params[5], 
params->params[6], /*&out*/der);
   if (result < 0)
     return gnutls_assert_val(result);
 
-  if ((result = asn1_create_element
-       (_gnutls_get_gnutls_asn (), "GNUTLS.ECPoint", &spk))
-      != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      result = _gnutls_asn2err (result);
-      goto cleanup;
-    }
-
-  result = asn1_write_value (spk, "", out.data, out.size);
-  if (result != ASN1_SUCCESS)
-    {
-      gnutls_assert ();
-      result = _gnutls_asn2err (result);
-      goto cleanup;
-    }
-  
-  result = _gnutls_x509_der_encode (spk, "", der, 0);
-  if (result < 0)
-    {
-      gnutls_assert ();
-      goto cleanup;
-    }
-
   result = 0;
 
 cleanup:
-  _gnutls_free_datum(&out);
   asn1_delete_structure (&spk);
 
   return result;
@@ -314,14 +288,14 @@ _gnutls_x509_write_ecc_params (gnutls_pk_params_st* 
params,
       return _gnutls_asn2err (result);
     }
 
-  if ((result = asn1_write_value (spk, "parameters", "namedCurve", 1)) != 
ASN1_SUCCESS)
+  if ((result = asn1_write_value (spk, "", "namedCurve", 1)) != ASN1_SUCCESS)
     {
       gnutls_assert ();
       result = _gnutls_asn2err (result);
       goto cleanup;
     }
   
-  if ((result = asn1_write_value (spk, "parameters.namedCurve", oid, 1)) != 
ASN1_SUCCESS)
+  if ((result = asn1_write_value (spk, "namedCurve", oid, 1)) != ASN1_SUCCESS)
     {
       gnutls_assert ();
       result = _gnutls_asn2err (result);
@@ -656,7 +630,7 @@ _gnutls_asn1_encode_ecc (ASN1_TYPE * c2, 
gnutls_pk_params_st * params)
       goto cleanup;
     }
 
-  ret = _gnutls_x509_write_int (*c2, "privateKey", params->params[8], 1);
+  ret = _gnutls_x509_write_int (*c2, "privateKey", params->params[7], 1);
   if (ret < 0)
     {
       gnutls_assert ();
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 95132ff..4df028b 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -78,7 +78,7 @@ typedef struct gnutls_pkcs7_int
 /* parameters should not be larger than this limit */
 #define DSA_PUBLIC_PARAMS 4
 #define RSA_PUBLIC_PARAMS 2
-#define ECC_PUBLIC_PARAMS 8
+#define ECC_PUBLIC_PARAMS 7
 
 
 #define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS       /* ok for RSA and DSA 
*/
@@ -86,7 +86,7 @@ typedef struct gnutls_pkcs7_int
 /* parameters should not be larger than this limit */
 #define DSA_PRIVATE_PARAMS 5
 #define RSA_PRIVATE_PARAMS 8
-#define ECC_PRIVATE_PARAMS 9
+#define ECC_PRIVATE_PARAMS 8
 
 #if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
 #error INCREASE MAX_PRIV_PARAMS
diff --git a/libextra/gnutls_extra.c b/libextra/gnutls_extra.c
index bdcbfcc..71d051a 100644
--- a/libextra/gnutls_extra.c
+++ b/libextra/gnutls_extra.c
@@ -24,7 +24,7 @@
 #include <gnutls_int.h>
 #include <gnutls_errors.h>
 #include <gnutls_extensions.h>
-#include <gnutls_algorithms.h>
+#include <algorithms.h>
 #include <gnutls/extra.h>
 
 #ifdef HAVE_GCRYPT
diff --git a/src/certtool-common.c b/src/certtool-common.c
index a4cc71c..91fbbeb 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -547,7 +547,7 @@ load_pubkey (int mand, common_info_st * info)
   if (info->pubkey == NULL)
     error (EXIT_FAILURE, 0, "missing --load-pubkey");
 
-  if (strncmp(info->privkey, "pkcs11:", 7) == 0)
+  if (strncmp(info->pubkey, "pkcs11:", 7) == 0)
     return _load_pkcs11_pubkey(info->pubkey);
 
   ret = gnutls_pubkey_init (&key);
diff --git a/src/certtool.c b/src/certtool.c
index 83b7f53..17443cf 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -144,6 +144,21 @@ print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y, 
gnutls_datum_t * p,
 }
 
 static void
+print_ecc_pkey (gnutls_ecc_curve_t curve, gnutls_datum_t* k, gnutls_datum_t * 
x, gnutls_datum_t * y)
+{
+  if (k)
+    {
+      fprintf (outfile, "private key:");
+      print_hex_datum (k);
+    }
+  fprintf (outfile, "curve:\t%s\n", gnutls_ecc_curve_get_name(curve));
+  fprintf (outfile, "x:");
+  print_hex_datum (x);
+  fprintf (outfile, "y:");
+  print_hex_datum (y);
+}
+
+static void
 print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
                 gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u,
                 gnutls_datum_t * exp1, gnutls_datum_t * exp2)
@@ -2933,6 +2948,22 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st * 
cinfo)
           gnutls_free (g.data);
         }
     }
+  else if (ret == GNUTLS_PK_ECC)
+    {
+      gnutls_datum_t x, y;
+      gnutls_ecc_curve_t curve;
+
+      ret = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y);
+      if (ret < 0)
+        fprintf (stderr, "Error in key ECC data export: %s\n",
+                 gnutls_strerror (ret));
+      else
+        {
+          print_ecc_pkey (curve, NULL, &y, &x);
+          gnutls_free (y.data);
+          gnutls_free (x.data);
+        }
+    }
 
   ret = gnutls_pubkey_get_key_usage (pubkey, &usage);
   if (ret < 0)


hooks/post-receive
-- 
GNU gnutls
[Prev in Thread]
Current Thread
[Next in Thread]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-69-g1e8a1fa, Nikos Mavrogiannopoulos <=
Prev by Date: Hydra job gnu:gnutls-master:tarball build 1094397: Failed
Next by Date: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_5-5-gbd17ae2
Previous by thread: Hydra job gnu:gnutls-master:tarball build 1094397: Failed
Next by thread: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_5-5-gbd17ae2
Index(es):
- Date
- Thread