[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_7-60-g8b5b5f8
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_7-60-g8b5b5f8 |
|
Date: |
Thu, 10 Nov 2011 21:12:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=8b5b5f8c07a735e160efd2fa619f2d5b2ee7ea6b
The branch, master has been updated
via 8b5b5f8c07a735e160efd2fa619f2d5b2ee7ea6b (commit)
via 2c4c2351f7c39ee61b3e4eebdb848db9445a6e38 (commit)
via ed4a698e12478e1c70f48de7ecf7f1e0e135e600 (commit)
via 9348de433ee9fe249d88c446303c074c26a51f23 (commit)
from b5f6c58ae2d6b4bcbeea5d25888fedb4a93849f8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8b5b5f8c07a735e160efd2fa619f2d5b2ee7ea6b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Nov 10 22:13:12 2011 +0100
Corrected ECC key generation.
commit 2c4c2351f7c39ee61b3e4eebdb848db9445a6e38
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Nov 10 21:54:43 2011 +0100
fail on certificate verification
commit ed4a698e12478e1c70f48de7ecf7f1e0e135e600
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Nov 10 21:51:25 2011 +0100
Added ECDSA key generation, signing and verification tests.
commit 9348de433ee9fe249d88c446303c074c26a51f23
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Nov 10 20:16:40 2011 +0100
verify the self signature of a CRQ when --crq-info parameter is given.
-----------------------------------------------------------------------
Summary of changes:
lib/crypto-backend.h | 10 ++++++
lib/gnutls_ecc.c | 12 ++++----
lib/gnutls_pubkey.c | 10 +++---
lib/nettle/pk.c | 54 +++++++++++++++++-----------------
lib/pkcs11_write.c | 2 +-
lib/x509/key_decode.c | 4 +-
lib/x509/key_encode.c | 6 ++--
lib/x509/privkey.c | 18 +++++-----
src/certtool.c | 15 +++++++--
tests/Makefile.am | 2 +-
tests/{pathlen => ecdsa}/Makefile.am | 6 ++--
tests/{sha2/sha2-dsa => ecdsa/ecdsa} | 36 +++++++++++++---------
12 files changed, 100 insertions(+), 75 deletions(-)
copy tests/{pathlen => ecdsa}/Makefile.am (90%)
copy tests/{sha2/sha2-dsa => ecdsa/ecdsa} (60%)
diff --git a/lib/crypto-backend.h b/lib/crypto-backend.h
index 0a20025..389e025 100644
--- a/lib/crypto-backend.h
+++ b/lib/crypto-backend.h
@@ -245,6 +245,16 @@
* [8] is k (private key)
*/
+#define ECC_PRIME 0
+#define ECC_ORDER 1
+#define ECC_A 2
+#define ECC_B 3
+#define ECC_GX 4
+#define ECC_GY 5
+#define ECC_X 6
+#define ECC_Y 7
+#define ECC_K 8
+
/**
* gnutls_direction_t:
* @GNUTLS_IMPORT: Import direction.
diff --git a/lib/gnutls_ecc.c b/lib/gnutls_ecc.c
index 4d85f9f..9c5a97a 100644
--- a/lib/gnutls_ecc.c
+++ b/lib/gnutls_ecc.c
@@ -122,7 +122,7 @@ int ret;
goto cleanup;
}
- ret = _gnutls_mpi_scan_nz(¶ms->params[0], val, val_size);
+ ret = _gnutls_mpi_scan_nz(¶ms->params[ECC_PRIME], val, val_size);
if (ret < 0)
{
gnutls_assert();
@@ -138,7 +138,7 @@ int ret;
goto cleanup;
}
- ret = _gnutls_mpi_scan_nz(¶ms->params[1], val, val_size);
+ ret = _gnutls_mpi_scan_nz(¶ms->params[ECC_ORDER], val, val_size);
if (ret < 0)
{
gnutls_assert();
@@ -154,7 +154,7 @@ int ret;
goto cleanup;
}
- ret = _gnutls_mpi_scan_nz(¶ms->params[2], val, val_size);
+ ret = _gnutls_mpi_scan_nz(¶ms->params[ECC_A], val, val_size);
if (ret < 0)
{
gnutls_assert();
@@ -170,7 +170,7 @@ int ret;
goto cleanup;
}
- ret = _gnutls_mpi_scan_nz(¶ms->params[3], val, val_size);
+ ret = _gnutls_mpi_scan_nz(¶ms->params[ECC_B], val, val_size);
if (ret < 0)
{
gnutls_assert();
@@ -186,7 +186,7 @@ int ret;
goto cleanup;
}
- ret = _gnutls_mpi_scan_nz(¶ms->params[4], val, val_size);
+ ret = _gnutls_mpi_scan_nz(¶ms->params[ECC_GX], val, val_size);
if (ret < 0)
{
gnutls_assert();
@@ -202,7 +202,7 @@ int ret;
goto cleanup;
}
- ret = _gnutls_mpi_scan_nz(¶ms->params[5], val, val_size);
+ ret = _gnutls_mpi_scan_nz(¶ms->params[ECC_GY], val, val_size);
if (ret < 0)
{
gnutls_assert();
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index fbbaa57..f9d8d2f 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -740,7 +740,7 @@ gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key,
gnutls_ecc_curve_t *curve,
*curve = key->params.flags;
/* X */
- ret = _gnutls_mpi_dprint_lz (key->params.params[6], x);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_X], x);
if (ret < 0)
{
gnutls_assert ();
@@ -748,7 +748,7 @@ gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key,
gnutls_ecc_curve_t *curve,
}
/* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[7], y);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_Y], y);
if (ret < 0)
{
gnutls_assert ();
@@ -1137,7 +1137,7 @@ gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key,
if (ret < 0)
return gnutls_assert_val(ret);
- if (_gnutls_mpi_scan_nz (&key->params.params[6], x->data, x->size))
+ if (_gnutls_mpi_scan_nz (&key->params.params[ECC_X], x->data, x->size))
{
gnutls_assert ();
ret = GNUTLS_E_MPI_SCAN_FAILED;
@@ -1145,7 +1145,7 @@ gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key,
}
key->params.params_nr++;
- if (_gnutls_mpi_scan_nz (&key->params.params[7], y->data, y->size))
+ if (_gnutls_mpi_scan_nz (&key->params.params[ECC_Y], y->data, y->size))
{
gnutls_assert ();
ret = GNUTLS_E_MPI_SCAN_FAILED;
@@ -1199,7 +1199,7 @@ gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t key,
}
ret = _gnutls_ecc_ansi_x963_import(ecpoint->data, ecpoint->size,
- &key->params.params[6], &key->params.params[7]);
+ &key->params.params[ECC_X], &key->params.params[ECC_Y]);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 826c27b..c56288e 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -86,15 +86,15 @@ _ecc_params_to_privkey(const gnutls_pk_params_st *
pk_params,
ecc_key * priv)
{
priv->type = PK_PRIVATE;
- memcpy(&priv->prime, pk_params->params[0], sizeof(mpz_t));
- memcpy(&priv->order, pk_params->params[1], sizeof(mpz_t));
- memcpy(&priv->A, pk_params->params[2], sizeof(mpz_t));
- memcpy(&priv->B, pk_params->params[3], sizeof(mpz_t));
- memcpy(&priv->Gx, pk_params->params[4], sizeof(mpz_t));
- memcpy(&priv->Gy, pk_params->params[5], sizeof(mpz_t));
- memcpy(&priv->pubkey.x, pk_params->params[6], sizeof(mpz_t));
- memcpy(&priv->pubkey.y, pk_params->params[7], sizeof(mpz_t));
- memcpy(&priv->k, pk_params->params[8], sizeof(mpz_t));
+ memcpy(&priv->prime, pk_params->params[ECC_PRIME], sizeof(mpz_t));
+ memcpy(&priv->order, pk_params->params[ECC_ORDER], sizeof(mpz_t));
+ memcpy(&priv->A, pk_params->params[ECC_A], sizeof(mpz_t));
+ memcpy(&priv->B, pk_params->params[ECC_B], sizeof(mpz_t));
+ memcpy(&priv->Gx, pk_params->params[ECC_GX], sizeof(mpz_t));
+ memcpy(&priv->Gy, pk_params->params[ECC_GY], sizeof(mpz_t));
+ memcpy(&priv->pubkey.x, pk_params->params[ECC_X], sizeof(mpz_t));
+ memcpy(&priv->pubkey.y, pk_params->params[ECC_Y], sizeof(mpz_t));
+ memcpy(&priv->k, pk_params->params[ECC_K], sizeof(mpz_t));
mpz_init_set_ui(priv->pubkey.z, 1);
}
@@ -108,14 +108,14 @@ _ecc_params_to_pubkey(const gnutls_pk_params_st *
pk_params,
ecc_key * pub)
{
pub->type = PK_PUBLIC;
- memcpy(&pub->prime, pk_params->params[0], sizeof(mpz_t));
- memcpy(&pub->order, pk_params->params[1], sizeof(mpz_t));
- memcpy(&pub->A, pk_params->params[2], sizeof(mpz_t));
- memcpy(&pub->B, pk_params->params[3], sizeof(mpz_t));
- memcpy(&pub->Gx, pk_params->params[4], sizeof(mpz_t));
- memcpy(&pub->Gy, pk_params->params[5], sizeof(mpz_t));
- memcpy(&pub->pubkey.x, pk_params->params[6], sizeof(mpz_t));
- memcpy(&pub->pubkey.y, pk_params->params[7], sizeof(mpz_t));
+ memcpy(&pub->prime, pk_params->params[ECC_PRIME], sizeof(mpz_t));
+ memcpy(&pub->order, pk_params->params[ECC_ORDER], sizeof(mpz_t));
+ memcpy(&pub->A, pk_params->params[ECC_A], sizeof(mpz_t));
+ memcpy(&pub->B, pk_params->params[ECC_B], sizeof(mpz_t));
+ memcpy(&pub->Gx, pk_params->params[ECC_GX], sizeof(mpz_t));
+ memcpy(&pub->Gy, pk_params->params[ECC_GY], sizeof(mpz_t));
+ memcpy(&pub->pubkey.x, pk_params->params[ECC_X], sizeof(mpz_t));
+ memcpy(&pub->pubkey.y, pk_params->params[ECC_Y], sizeof(mpz_t));
mpz_init_set_ui(pub->pubkey.z, 1);
}
@@ -141,7 +141,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t
algo, gnutls_datum_t * o
_ecc_params_to_pubkey(pub, &ecc_pub);
_ecc_params_to_privkey(priv, &ecc_priv);
- if (ecc_projective_check_point(&ecc_pub.pubkey, pub->params[3],
pub->params[0]) != 0)
+ if (ecc_projective_check_point(&ecc_pub.pubkey, pub->params[ECC_B],
pub->params[ECC_PRIME]) != 0)
{
ret = gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
goto ecc_cleanup;
@@ -819,15 +819,15 @@ rsa_fail:
}
params->flags = level;
- mpz_set(TOMPZ(params->params[0]), key.prime);
- mpz_set(TOMPZ(params->params[1]), key.order);
- mpz_set(TOMPZ(params->params[2]), key.A);
- mpz_set(TOMPZ(params->params[3]), key.B);
- mpz_set(TOMPZ(params->params[4]), key.Gx);
- mpz_set(TOMPZ(params->params[5]), key.Gy);
- mpz_set(TOMPZ(params->params[6]), key.pubkey.x);
- mpz_set(TOMPZ(params->params[7]), key.pubkey.y);
- mpz_set(TOMPZ(params->params[8]), key.k);
+ mpz_set(TOMPZ(params->params[ECC_PRIME]), key.prime);
+ mpz_set(TOMPZ(params->params[ECC_ORDER]), key.order);
+ mpz_set(TOMPZ(params->params[ECC_A]), key.A);
+ mpz_set(TOMPZ(params->params[ECC_B]), key.B);
+ mpz_set(TOMPZ(params->params[ECC_GX]), key.Gx);
+ mpz_set(TOMPZ(params->params[ECC_GY]), key.Gy);
+ mpz_set(TOMPZ(params->params[ECC_X]), key.pubkey.x);
+ mpz_set(TOMPZ(params->params[ECC_Y]), key.pubkey.y);
+ mpz_set(TOMPZ(params->params[ECC_K]), key.k);
ecc_fail:
ecc_free(&key);
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 8d867fb..005b92d 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -447,7 +447,7 @@ gnutls_pkcs11_copy_x509_privkey (const char *token_url,
goto cleanup;
}
- ret = _gnutls_mpi_dprint_lz(&key->params.params[8], &x);
+ ret = _gnutls_mpi_dprint_lz(&key->params.params[ECC_K], &x);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index 7d430e8..8383a94 100644
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -102,8 +102,8 @@ _gnutls_x509_read_ecc_pubkey (opaque * der, int dersize,
gnutls_pk_params_st * p
/* Eventhough RFC5480 defines the public key to be an ECPoint (i.e. OCTET
STRING),
* it is actually copied in raw there. Why do they use ASN.1 anyway?
*/
- return _gnutls_ecc_ansi_x963_import (der, dersize, ¶ms->params[6],
- ¶ms->params[7]);
+ return _gnutls_ecc_ansi_x963_import (der, dersize, ¶ms->params[ECC_X],
+ ¶ms->params[ECC_Y]);
}
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 1caf721..926148a 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -118,7 +118,7 @@ _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
if (params->params_nr < ECC_PUBLIC_PARAMS)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- result = _gnutls_ecc_ansi_x963_export(params->flags, params->params[6],
params->params[7], /*&out*/der);
+ result = _gnutls_ecc_ansi_x963_export(params->flags, params->params[ECC_X],
params->params[ECC_Y], /*&out*/der);
if (result < 0)
return gnutls_assert_val(result);
@@ -580,7 +580,7 @@ _gnutls_asn1_encode_ecc (ASN1_TYPE * c2,
gnutls_pk_params_st * params)
if (params->params_nr != ECC_PRIVATE_PARAMS || oid == NULL)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
- ret = _gnutls_ecc_ansi_x963_export(params->flags, params->params[6],
params->params[7], &pubkey);
+ ret = _gnutls_ecc_ansi_x963_export(params->flags, params->params[ECC_X],
params->params[ECC_Y], &pubkey);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -610,7 +610,7 @@ _gnutls_asn1_encode_ecc (ASN1_TYPE * c2,
gnutls_pk_params_st * params)
goto cleanup;
}
- ret = _gnutls_x509_write_int (*c2, "privateKey", params->params[7], 1);
+ ret = _gnutls_x509_write_int (*c2, "privateKey", params->params[ECC_K], 1);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
index f7d7f3d..75e59bd 100644
--- a/lib/x509/privkey.c
+++ b/lib/x509/privkey.c
@@ -307,8 +307,8 @@ _gnutls_privkey_decode_ecc_key (const gnutls_datum_t *
raw_key,
goto error;
}
- ret = _gnutls_ecc_ansi_x963_import (out.data, out.size,
&pkey->params.params[6],
- &pkey->params.params[7]);
+ ret = _gnutls_ecc_ansi_x963_import (out.data, out.size,
&pkey->params.params[ECC_X],
+ &pkey->params.params[ECC_Y]);
_gnutls_free_datum(&out);
if (ret < 0)
@@ -319,7 +319,7 @@ _gnutls_privkey_decode_ecc_key (const gnutls_datum_t *
raw_key,
pkey->params.params_nr += 2;
/* read the private key */
- ret = _gnutls_x509_read_int (pkey_asn, "privateKey",
&pkey->params.params[8]);
+ ret = _gnutls_x509_read_int (pkey_asn, "privateKey",
&pkey->params.params[ECC_K]);
if (ret < 0)
{
gnutls_assert();
@@ -860,7 +860,7 @@ gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t
key,
if (ret < 0)
return gnutls_assert_val(ret);
- if (_gnutls_mpi_scan_nz (&key->params.params[6], x->data, x->size))
+ if (_gnutls_mpi_scan_nz (&key->params.params[ECC_X], x->data, x->size))
{
gnutls_assert ();
ret = GNUTLS_E_MPI_SCAN_FAILED;
@@ -868,7 +868,7 @@ gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t
key,
}
key->params.params_nr++;
- if (_gnutls_mpi_scan_nz (&key->params.params[7], y->data, y->size))
+ if (_gnutls_mpi_scan_nz (&key->params.params[ECC_Y], y->data, y->size))
{
gnutls_assert ();
ret = GNUTLS_E_MPI_SCAN_FAILED;
@@ -876,7 +876,7 @@ gnutls_x509_privkey_import_ecc_raw (gnutls_x509_privkey_t
key,
}
key->params.params_nr++;
- if (_gnutls_mpi_scan_nz (&key->params.params[8], k->data, k->size))
+ if (_gnutls_mpi_scan_nz (&key->params.params[ECC_K], k->data, k->size))
{
gnutls_assert ();
ret = GNUTLS_E_MPI_SCAN_FAILED;
@@ -1022,7 +1022,7 @@ int gnutls_x509_privkey_export_ecc_raw
(gnutls_x509_privkey_t key,
*curve = key->params.flags;
/* X */
- ret = _gnutls_mpi_dprint_lz (key->params.params[6], x);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_X], x);
if (ret < 0)
{
gnutls_assert ();
@@ -1030,7 +1030,7 @@ int gnutls_x509_privkey_export_ecc_raw
(gnutls_x509_privkey_t key,
}
/* Y */
- ret = _gnutls_mpi_dprint_lz (key->params.params[7], y);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_Y], y);
if (ret < 0)
{
gnutls_assert ();
@@ -1040,7 +1040,7 @@ int gnutls_x509_privkey_export_ecc_raw
(gnutls_x509_privkey_t key,
/* K */
- ret = _gnutls_mpi_dprint_lz (key->params.params[8], k);
+ ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_K], k);
if (ret < 0)
{
gnutls_assert ();
diff --git a/src/certtool.c b/src/certtool.c
index 824165a..518081d 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1561,6 +1561,16 @@ print_crq_info (gnutls_x509_crq_t crq, FILE * out)
gnutls_free (cinfo.data);
}
+
+ ret = gnutls_x509_crq_verify(crq, 0);
+ if (ret < 0)
+ {
+ fprintf(out, "Self signature: FAILED\n\n");
+ }
+ else
+ {
+ fprintf(out, "Self signature: verified\n\n");
+ }
size = buffer_size;
ret = gnutls_x509_crq_export (crq, info.outcert_format, buffer, &size);
@@ -1935,7 +1945,6 @@ static int detailed_verification(gnutls_x509_crt_t cert,
size_t issuer_name_size;
int ret;
-
issuer_name_size = sizeof (issuer_name);
ret =
gnutls_x509_crt_get_issuer_dn (cert, issuer_name, &issuer_name_size);
@@ -2090,8 +2099,8 @@ _verify_x509_mem (const void *cert, int cert_size, const
void* ca, int ca_size)
gnutls_free(x509_cert_list);
gnutls_x509_trust_list_deinit(list, 1);
- if (ret < 0)
- error (EXIT_FAILURE, 0, "verification error: %s", gnutls_strerror (ret));
+ if (output != 0)
+ exit(EXIT_FAILURE);
return 0;
}
diff --git a/tests/Makefile.am b/tests/Makefile.am
index c1e332c..13b8f7c 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -20,7 +20,7 @@
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
SUBDIRS = . rsa-md5-collision pkcs1-padding pkcs8-decode pkcs12-decode \
- userid pathlen key-id sha2 safe-renegotiation dsa scripts
+ userid pathlen key-id sha2 safe-renegotiation dsa scripts ecdsa
if ENABLE_OPENPGP
SUBDIRS += openpgp-certs
diff --git a/tests/pathlen/Makefile.am b/tests/ecdsa/Makefile.am
similarity index 90%
copy from tests/pathlen/Makefile.am
copy to tests/ecdsa/Makefile.am
index bf1cd07..9be864e 100644
--- a/tests/pathlen/Makefile.am
+++ b/tests/ecdsa/Makefile.am
@@ -19,10 +19,10 @@
# along with this file; if not, write to the Free Software Foundation,
# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-EXTRA_DIST = ca-no-pathlen.pem no-ca-or-pathlen.pem
+EXTRA_DIST =
-dist_check_SCRIPTS = pathlen
+dist_check_SCRIPTS = ecdsa
-TESTS = pathlen
+TESTS = ecdsa
TESTS_ENVIRONMENT = EXEEXT=$(EXEEXT)
diff --git a/tests/sha2/sha2-dsa b/tests/ecdsa/ecdsa
similarity index 60%
copy from tests/sha2/sha2-dsa
copy to tests/ecdsa/ecdsa
index c62e6a2..20ea747 100755
--- a/tests/sha2/sha2-dsa
+++ b/tests/ecdsa/ecdsa
@@ -1,8 +1,8 @@
#!/bin/sh
-# Copyright (C) 2006, 2007, 2008, 2010 Free Software Foundation, Inc.
+# Copyright (C) 2011 Free Software Foundation, Inc.
#
-# Author: Simon Josefsson
+# Author: Nikos Mavrogiannopoulos
#
# This file is part of GnuTLS.
#
@@ -26,11 +26,13 @@ srcdir=${srcdir:-.}
CERTTOOL=${CERTTOOL:-../../src/certtool$EXEEXT}
echo ca > template
-echo cn = "SHA 256 CA" >> template
+echo cn = "ECDSA SHA 256 CA" >> template
+
+$CERTTOOL --generate-privkey --ecc > key-ca-ecdsa.pem
$CERTTOOL -d 2 --generate-self-signed --template template \
- --load-privkey $srcdir/key-ca-dsa.pem \
- --outfile new-ca-dsa.pem \
+ --load-privkey key-ca-ecdsa.pem \
+ --outfile new-ca-ecdsa.pem \
--hash sha256 >out 2>&1
if [ $? != 0 ];then
@@ -39,13 +41,14 @@ if [ $? != 0 ];then
fi
echo ca > template
-echo cn = "SHA 224 Mid CA" >> template
+$CERTTOOL --generate-privkey --ecc > key-subca-ecdsa.pem
+echo cn = "ECDSA SHA 224 Mid CA" >> template
$CERTTOOL -d 2 --generate-certificate --template template \
- --load-ca-privkey $srcdir/key-ca-dsa.pem \
- --load-ca-certificate new-ca-dsa.pem \
- --load-privkey $srcdir/key-subca-dsa.pem \
- --outfile new-subca-dsa.pem \
+ --load-ca-privkey key-ca-ecdsa.pem \
+ --load-ca-certificate new-ca-ecdsa.pem \
+ --load-privkey key-subca-ecdsa.pem \
+ --outfile new-subca-ecdsa.pem \
--hash sha224 >out 2>&1
if [ $? != 0 ];then
@@ -55,10 +58,12 @@ fi
echo cn = "End-user" > template
+$CERTTOOL --generate-privkey --ecc > key-ecdsa.pem
+
$CERTTOOL -d 2 --generate-certificate --template template \
- --load-ca-privkey $srcdir/key-subca-dsa.pem \
- --load-ca-certificate new-subca-dsa.pem \
- --load-privkey $srcdir/key-dsa.pem \
+ --load-ca-privkey key-subca-ecdsa.pem \
+ --load-ca-certificate new-subca-ecdsa.pem \
+ --load-privkey key-ecdsa.pem \
--outfile new-user.pem >out 2>&1
if [ $? != 0 ];then
@@ -66,7 +71,7 @@ if [ $? != 0 ];then
exit 1
fi
-cat new-user.pem new-subca-dsa.pem new-ca-dsa.pem > out
+cat new-user.pem new-subca-ecdsa.pem new-ca-ecdsa.pem > out
$CERTTOOL --verify-chain <out > verify
if [ $? != 0 ];then
@@ -74,6 +79,7 @@ if [ $? != 0 ];then
exit 1
fi
-rm -f verify new-user.pem new-ca-dsa.pem new-subca-dsa.pem template out
+rm -f verify new-user.pem new-ca-ecdsa.pem new-subca-ecdsa.pem template out
+rm -f key-subca-ecdsa.pem key-ca-ecdsa.pem key-ecdsa.pem
exit 0
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_7-60-g8b5b5f8,
Nikos Mavrogiannopoulos <=