[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_8-58-g070113e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_8-58-g070113e |
|
Date: |
Tue, 13 Dec 2011 18:40:38 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=070113ec2142111ee741e47b7c76aea20c9ceb38
The branch, master has been updated
via 070113ec2142111ee741e47b7c76aea20c9ceb38 (commit)
via a4ab0c85b253719905fae036f96a9441da60aa86 (commit)
via 09ee8cd3271eae5509ea6db6581091ef0211a446 (commit)
from 3360065611857d43b7619684755f262e8cc9c0e4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 070113ec2142111ee741e47b7c76aea20c9ceb38
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Dec 13 19:43:10 2011 +0100
Added new priority string %SERVER_PRECEDENCE.
commit a4ab0c85b253719905fae036f96a9441da60aa86
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Dec 13 19:26:14 2011 +0100
Removed 128-bit ciphers from secure192, but added SHA256 (or no
ciphersuites are there).
commit 09ee8cd3271eae5509ea6db6581091ef0211a446
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Tue Dec 13 19:08:12 2011 +0100
Added the --dh-info parameter to certtool.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 13 +++-
lib/gnutls_handshake.c | 56 ++++++++++----
lib/gnutls_int.h | 1 +
lib/gnutls_priority.c | 13 ++-
src/Makefile.am | 2 +-
src/certtool-common.h | 2 +
src/certtool-gaa.c | 175 ++++++++++++++++++++++--------------------
src/certtool-gaa.h | 50 ++++++------
src/certtool.c | 3 +
src/certtool.gaa | 1 +
src/{prime.c => dh.c} | 198 +++++++++++++++++++++++++++---------------------
11 files changed, 298 insertions(+), 216 deletions(-)
rename src/{prime.c => dh.c} (57%)
diff --git a/NEWS b/NEWS
index 29127d6..67b21d0 100644
--- a/NEWS
+++ b/NEWS
@@ -4,10 +4,16 @@ See the end for copying conditions.
* Version 3.0.9 (unreleased)
+** certtool: Added new parameter --dh-info.
+
** certtool: -l option was overloaded so if combined with --priority
it will only list the ciphersuites that are enabled by the given
priority string.
+** libgnutls: Added new priority string %SERVER_PRECEDENCE, which
+changes the ciphersuite selection procedure. If specified the server
+priorities will be used for selection instead of the client's.
+
** libgnutls: Optimizations in Diffie-Hellman parameters generation
and key exchange.
@@ -18,15 +24,16 @@ session, a server will not store that session data into its
cache.
** libgnutls: Added gnutls_priority_get_cipher_suite_index() to
allow listing the ciphersuites enabled in a priority structure.
-It outputs and index to be used in gnutls_get_cipher_suite_info().
+It outputs an index to be used in gnutls_get_cipher_suite_info().
-** libgnutls: Optimizations in the elliptic curve code (timing
-attacks resistant code is only used in ECDSA private key operations).
+** libgnutls: Optimizations in the elliptic curve code --timing
+attacks resistant code is only used in ECDSA private key operations.
** doc: man pages for API functions generation was fixed and are
now added again in the distribution.
** API and ABI modifications:
+GNUTLS_ECC_CURVE_SECP192R1: New curve definition
gnutls_priority_get_cipher_suite_index: Added
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 1605648..024ad38 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -881,30 +881,58 @@ _gnutls_server_select_suite (gnutls_session_t session,
opaque * data,
retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
_gnutls_handshake_log ("HSK[%p]: Requested cipher suites[size: %d]: \n",
session, (int)datalen);
- for (j = 0; j < datalen; j += 2)
+
+ if (session->internals.priorities.server_precedence == 0)
{
- memcpy (&cs.suite, &data[j], 2);
- _gnutls_handshake_log ("\t0x%.2x, 0x%.2x %s\n", data[j], data[j+1],
_gnutls_cipher_suite_get_name (&cs));
- for (i = 0; i < cipher_suites_size; i+=2)
+ for (j = 0; j < datalen; j += 2)
{
- if (memcmp (&cipher_suites[i], &data[j], 2) == 0)
+ memcpy (&cs.suite, &data[j], 2);
+ _gnutls_handshake_log ("\t0x%.2x, 0x%.2x %s\n", data[j], data[j+1],
_gnutls_cipher_suite_get_name (&cs));
+ for (i = 0; i < cipher_suites_size; i+=2)
{
- _gnutls_handshake_log
- ("HSK[%p]: Selected cipher suite: %s\n", session,
- _gnutls_cipher_suite_get_name (&cs));
- memcpy (session->security_parameters.current_cipher_suite.suite,
+ if (memcmp (&cipher_suites[i], &data[j], 2) == 0)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected cipher suite: %s\n", session,
+ _gnutls_cipher_suite_get_name (&cs));
+ memcpy
(session->security_parameters.current_cipher_suite.suite,
&cipher_suites[i], 2);
- _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
- &session->
-
security_parameters.current_cipher_suite);
+ _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
+ &session->
+
security_parameters.current_cipher_suite);
- retval = 0;
- goto finish;
+ retval = 0;
+ goto finish;
+ }
}
}
}
+ else /* server selects */
+ {
+ for (i = 0; i < cipher_suites_size; i+=2)
+ {
+ for (j = 0; j < datalen; j += 2)
+ {
+ if (memcmp (&cipher_suites[i], &data[j], 2) == 0)
+ {
+ memcpy (&cs.suite, &data[j], 2);
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected cipher suite: %s\n", session,
+ _gnutls_cipher_suite_get_name (&cs));
+ memcpy
(session->security_parameters.current_cipher_suite.suite,
+ &cipher_suites[i], 2);
+ _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
+ &session->
+
security_parameters.current_cipher_suite);
+
+ retval = 0;
+ goto finish;
+ }
+ }
+ }
+ }
finish:
if (retval != 0)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 5ffbb01..4ace3d4 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -575,6 +575,7 @@ struct gnutls_priority_st
unsigned int allow_large_records:1;
safe_renegotiation_t sr;
unsigned int ssl3_record_version:1;
+ unsigned int server_precedence:1;
unsigned int additional_verify_flags;
};
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 7fa1eb2..8ac89a5 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -240,6 +240,7 @@ static const int supported_ecc_suiteb192[] = {
};
static const int supported_ecc_secure192[] = {
+ GNUTLS_ECC_CURVE_SECP384R1,
GNUTLS_ECC_CURVE_SECP521R1,
0
};
@@ -377,11 +378,7 @@ static const int cipher_priority_secure128[] = {
static const int cipher_priority_secure192[] = {
GNUTLS_CIPHER_AES_256_CBC,
GNUTLS_CIPHER_CAMELLIA_256_CBC,
- GNUTLS_CIPHER_AES_128_CBC,
- GNUTLS_CIPHER_CAMELLIA_128_CBC,
- GNUTLS_CIPHER_AES_128_GCM,
GNUTLS_CIPHER_AES_256_GCM,
- GNUTLS_CIPHER_3DES_CBC,
0
};
@@ -447,6 +444,8 @@ static const int sign_priority_secure128[] = {
};
static const int sign_priority_secure192[] = {
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_ECDSA_SHA384,
GNUTLS_SIGN_RSA_SHA512,
GNUTLS_SIGN_ECDSA_SHA512,
0
@@ -482,6 +481,7 @@ static const int mac_priority_secure128[] = {
};
static const int mac_priority_secure192[] = {
+ GNUTLS_MAC_SHA256,
GNUTLS_MAC_SHA384,
GNUTLS_MAC_AEAD,
0
@@ -945,6 +945,11 @@ gnutls_priority_init (gnutls_priority_t * priority_cache,
{
(*priority_cache)->sr = SR_DISABLED;
}
+ else if (strcasecmp (&broken_list[i][1],
+ "SERVER_PRECEDENCE") == 0)
+ {
+ (*priority_cache)->server_precedence = 1;
+ }
else
goto error;
}
diff --git a/src/Makefile.am b/src/Makefile.am
index cbde1cd..8875dc3 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -96,7 +96,7 @@ libcmd_cli_debug_la_SOURCES = tls_test.gaa tls_test-gaa.h
tls_test-gaa.c
#certtool
-certtool_SOURCES = certtool.c prime.c certtool-common.c $(PKCS11_SRCS)
+certtool_SOURCES = certtool.c dh.c certtool-common.c $(PKCS11_SRCS)
certtool_LDADD = ../lib/libgnutls.la
certtool_LDADD += libcmd-certtool.la ../gl/libgnu.la
certtool_LDADD += $(LTLIBGCRYPT)
diff --git a/src/certtool-common.h b/src/certtool-common.h
index a67ee69..052fcd1 100644
--- a/src/certtool-common.h
+++ b/src/certtool-common.h
@@ -32,6 +32,7 @@ enum
ACTION_PUBKEY_INFO,
ACTION_CERT_PUBKEY,
ACTION_VERIFY,
+ ACTION_DH_INFO,
};
#define TYPE_CRT 1
@@ -74,6 +75,7 @@ gnutls_sec_param_t str_to_sec_param (const char *str);
/* prime.c */
int generate_prime (int how, common_info_st * info);
+void dh_info (common_info_st * ci);
FILE *safe_open_rw (const char *file, int privkey_op);
diff --git a/src/certtool-gaa.c b/src/certtool-gaa.c
index 01aebc4..f0b1cb4 100644
--- a/src/certtool-gaa.c
+++ b/src/certtool-gaa.c
@@ -141,6 +141,7 @@ void gaa_help(void)
__gaa_helpsingle(0, "verify-crl", "", "Verify a CRL.");
__gaa_helpsingle(0, "generate-dh-params", "", "Generate PKCS #3 encoded
Diffie-Hellman parameters.");
__gaa_helpsingle(0, "get-dh-params", "", "Get the included PKCS #3
encoded Diffie-Hellman parameters.");
+ __gaa_helpsingle(0, "dh-info", "", "Print information on Diffie-Hellman
parameters.");
__gaa_helpsingle(0, "load-privkey", "FILE ", "Private key file to
use.");
__gaa_helpsingle(0, "load-pubkey", "FILE ", "Public key file to use.");
__gaa_helpsingle(0, "load-request", "FILE ", "Certificate request file
to use.");
@@ -198,55 +199,55 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 145 "certtool.gaa"
+#line 146 "certtool.gaa"
int debug;
-#line 142 "certtool.gaa"
+#line 143 "certtool.gaa"
char *pkcs_cipher;
-#line 139 "certtool.gaa"
+#line 140 "certtool.gaa"
char *template;
-#line 136 "certtool.gaa"
+#line 137 "certtool.gaa"
char *infile;
-#line 133 "certtool.gaa"
+#line 134 "certtool.gaa"
char *outfile;
-#line 130 "certtool.gaa"
+#line 131 "certtool.gaa"
int quick_random;
-#line 127 "certtool.gaa"
+#line 128 "certtool.gaa"
char* sec_param;
-#line 124 "certtool.gaa"
+#line 125 "certtool.gaa"
int bits;
-#line 120 "certtool.gaa"
+#line 121 "certtool.gaa"
int outcert_format;
-#line 116 "certtool.gaa"
+#line 117 "certtool.gaa"
int incert_format;
-#line 113 "certtool.gaa"
+#line 114 "certtool.gaa"
int export;
-#line 110 "certtool.gaa"
+#line 111 "certtool.gaa"
char *hash;
-#line 107 "certtool.gaa"
+#line 108 "certtool.gaa"
int ecc;
-#line 104 "certtool.gaa"
+#line 105 "certtool.gaa"
int dsa;
-#line 101 "certtool.gaa"
+#line 102 "certtool.gaa"
int pkcs8;
-#line 94 "certtool.gaa"
+#line 95 "certtool.gaa"
int v1_cert;
-#line 91 "certtool.gaa"
+#line 92 "certtool.gaa"
int fix_key;
-#line 74 "certtool.gaa"
+#line 75 "certtool.gaa"
int crq_extensions;
-#line 59 "certtool.gaa"
+#line 60 "certtool.gaa"
char *pass;
-#line 56 "certtool.gaa"
+#line 57 "certtool.gaa"
char *ca;
-#line 53 "certtool.gaa"
+#line 54 "certtool.gaa"
char *ca_privkey;
-#line 50 "certtool.gaa"
+#line 51 "certtool.gaa"
char *cert;
-#line 47 "certtool.gaa"
+#line 48 "certtool.gaa"
char *request;
-#line 44 "certtool.gaa"
+#line 45 "certtool.gaa"
char *pubkey;
-#line 41 "certtool.gaa"
+#line 42 "certtool.gaa"
char *privkey;
#line 17 "certtool.gaa"
int action;
@@ -306,7 +307,7 @@ static int gaa_error = 0;
#define GAA_MULTIPLE_OPTION 3
#define GAA_REST 0
-#define GAA_NB_OPTION 55
+#define GAA_NB_OPTION 56
#define GAAOPTID_version 1
#define GAAOPTID_help 2
#define GAAOPTID_debug 3
@@ -350,18 +351,19 @@ static int gaa_error = 0;
#define GAAOPTID_load_request 41
#define GAAOPTID_load_pubkey 42
#define GAAOPTID_load_privkey 43
-#define GAAOPTID_get_dh_params 44
-#define GAAOPTID_generate_dh_params 45
-#define GAAOPTID_verify_crl 46
-#define GAAOPTID_verify 47
-#define GAAOPTID_verify_chain 48
-#define GAAOPTID_generate_request 49
-#define GAAOPTID_generate_privkey 50
-#define GAAOPTID_update_certificate 51
-#define GAAOPTID_generate_crl 52
-#define GAAOPTID_generate_proxy 53
-#define GAAOPTID_generate_certificate 54
-#define GAAOPTID_generate_self_signed 55
+#define GAAOPTID_dh_info 44
+#define GAAOPTID_get_dh_params 45
+#define GAAOPTID_generate_dh_params 46
+#define GAAOPTID_verify_crl 47
+#define GAAOPTID_verify 48
+#define GAAOPTID_verify_chain 49
+#define GAAOPTID_generate_request 50
+#define GAAOPTID_generate_privkey 51
+#define GAAOPTID_update_certificate 52
+#define GAAOPTID_generate_crl 53
+#define GAAOPTID_generate_proxy 54
+#define GAAOPTID_generate_certificate 55
+#define GAAOPTID_generate_self_signed 56
#line 168 "gaa.skel"
@@ -712,6 +714,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECK1STR("", GAAOPTID_pgp_certificate_info);
GAA_CHECK1STR("", GAAOPTID_certificate_pubkey);
GAA_CHECK1STR("i", GAAOPTID_certificate_info);
+ GAA_CHECK1STR("", GAAOPTID_dh_info);
GAA_CHECK1STR("", GAAOPTID_get_dh_params);
GAA_CHECK1STR("", GAAOPTID_generate_dh_params);
GAA_CHECK1STR("", GAAOPTID_verify_crl);
@@ -771,6 +774,7 @@ static int gaa_get_option_num(char *str, int status)
GAA_CHECKSTR("load-request", GAAOPTID_load_request);
GAA_CHECKSTR("load-pubkey", GAAOPTID_load_pubkey);
GAA_CHECKSTR("load-privkey", GAAOPTID_load_privkey);
+ GAA_CHECKSTR("dh-info", GAAOPTID_dh_info);
GAA_CHECKSTR("get-dh-params", GAAOPTID_get_dh_params);
GAA_CHECKSTR("generate-dh-params",
GAAOPTID_generate_dh_params);
GAA_CHECKSTR("verify-crl", GAAOPTID_verify_crl);
@@ -832,14 +836,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
{
case GAAOPTID_version:
OK = 0;
-#line 150 "certtool.gaa"
+#line 151 "certtool.gaa"
{ certtool_version(); exit(0); ;};
return GAA_OK;
break;
case GAAOPTID_help:
OK = 0;
-#line 148 "certtool.gaa"
+#line 149 "certtool.gaa"
{ gaa_help(); exit(0); ;};
return GAA_OK;
@@ -849,7 +853,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_debug.arg1, gaa_getint, GAATMP_debug.size1);
gaa_index++;
-#line 146 "certtool.gaa"
+#line 147 "certtool.gaa"
{ gaaval->debug = GAATMP_debug.arg1 ;};
return GAA_OK;
@@ -859,7 +863,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_pkcs_cipher.arg1, gaa_getstr,
GAATMP_pkcs_cipher.size1);
gaa_index++;
-#line 143 "certtool.gaa"
+#line 144 "certtool.gaa"
{ gaaval->pkcs_cipher = GAATMP_pkcs_cipher.arg1 ;};
return GAA_OK;
@@ -869,7 +873,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_template.arg1, gaa_getstr,
GAATMP_template.size1);
gaa_index++;
-#line 140 "certtool.gaa"
+#line 141 "certtool.gaa"
{ gaaval->template = GAATMP_template.arg1 ;};
return GAA_OK;
@@ -879,7 +883,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_infile.arg1, gaa_getstr, GAATMP_infile.size1);
gaa_index++;
-#line 137 "certtool.gaa"
+#line 138 "certtool.gaa"
{ gaaval->infile = GAATMP_infile.arg1 ;};
return GAA_OK;
@@ -889,14 +893,14 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_outfile.arg1, gaa_getstr, GAATMP_outfile.size1);
gaa_index++;
-#line 134 "certtool.gaa"
+#line 135 "certtool.gaa"
{ gaaval->outfile = GAATMP_outfile.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_disable_quick_random:
OK = 0;
-#line 131 "certtool.gaa"
+#line 132 "certtool.gaa"
{ gaaval->quick_random = 0; ;};
return GAA_OK;
@@ -906,7 +910,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_sec_param.arg1, gaa_getstr,
GAATMP_sec_param.size1);
gaa_index++;
-#line 128 "certtool.gaa"
+#line 129 "certtool.gaa"
{ gaaval->sec_param = GAATMP_sec_param.arg1 ;};
return GAA_OK;
@@ -916,42 +920,42 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_bits.arg1, gaa_getint, GAATMP_bits.size1);
gaa_index++;
-#line 125 "certtool.gaa"
+#line 126 "certtool.gaa"
{ gaaval->bits = GAATMP_bits.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_outraw:
OK = 0;
-#line 122 "certtool.gaa"
+#line 123 "certtool.gaa"
{ gaaval->outcert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_outder:
OK = 0;
-#line 121 "certtool.gaa"
+#line 122 "certtool.gaa"
{ gaaval->outcert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_inraw:
OK = 0;
-#line 118 "certtool.gaa"
+#line 119 "certtool.gaa"
{ gaaval->incert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_inder:
OK = 0;
-#line 117 "certtool.gaa"
+#line 118 "certtool.gaa"
{ gaaval->incert_format=1 ;};
return GAA_OK;
break;
case GAAOPTID_export_ciphers:
OK = 0;
-#line 114 "certtool.gaa"
+#line 115 "certtool.gaa"
{ gaaval->export=1 ;};
return GAA_OK;
@@ -961,147 +965,147 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_hash.arg1, gaa_getstr, GAATMP_hash.size1);
gaa_index++;
-#line 111 "certtool.gaa"
+#line 112 "certtool.gaa"
{ gaaval->hash = GAATMP_hash.arg1 ;};
return GAA_OK;
break;
case GAAOPTID_ecc:
OK = 0;
-#line 108 "certtool.gaa"
+#line 109 "certtool.gaa"
{ gaaval->ecc=1 ;};
return GAA_OK;
break;
case GAAOPTID_dsa:
OK = 0;
-#line 105 "certtool.gaa"
+#line 106 "certtool.gaa"
{ gaaval->dsa=1 ;};
return GAA_OK;
break;
case GAAOPTID_pkcs8:
OK = 0;
-#line 102 "certtool.gaa"
+#line 103 "certtool.gaa"
{ gaaval->pkcs8=1 ;};
return GAA_OK;
break;
case GAAOPTID_to_p8:
OK = 0;
-#line 99 "certtool.gaa"
+#line 100 "certtool.gaa"
{ gaaval->action = ACTION_GENERATE_PKCS8; ;};
return GAA_OK;
break;
case GAAOPTID_to_p12:
OK = 0;
-#line 97 "certtool.gaa"
+#line 98 "certtool.gaa"
{ gaaval->action = ACTION_TO_PKCS12; ;};
return GAA_OK;
break;
case GAAOPTID_v1:
OK = 0;
-#line 95 "certtool.gaa"
+#line 96 "certtool.gaa"
{ gaaval->v1_cert = 1; ;};
return GAA_OK;
break;
case GAAOPTID_fix_key:
OK = 0;
-#line 92 "certtool.gaa"
+#line 93 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->fix_key = 1; ;};
return GAA_OK;
break;
case GAAOPTID_pubkey_info:
OK = 0;
-#line 89 "certtool.gaa"
+#line 90 "certtool.gaa"
{ gaaval->action = ACTION_PUBKEY_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_pgp_key_info:
OK = 0;
-#line 87 "certtool.gaa"
+#line 88 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->action = ACTION_PGP_PRIVKEY_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_key_info:
OK = 0;
-#line 85 "certtool.gaa"
+#line 86 "certtool.gaa"
{ gaaval->privkey_op=1; gaaval->action = ACTION_PRIVKEY_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_smime_to_p7:
OK = 0;
-#line 81 "certtool.gaa"
+#line 82 "certtool.gaa"
{ gaaval->action = ACTION_SMIME_TO_P7; ;};
return GAA_OK;
break;
case GAAOPTID_p7_info:
OK = 0;
-#line 79 "certtool.gaa"
+#line 80 "certtool.gaa"
{ gaaval->action = ACTION_P7_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_p12_info:
OK = 0;
-#line 77 "certtool.gaa"
+#line 78 "certtool.gaa"
{ gaaval->action = ACTION_PKCS12_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_no_crq_extensions:
OK = 0;
-#line 75 "certtool.gaa"
+#line 76 "certtool.gaa"
{ gaaval->crq_extensions = 0; ;};
return GAA_OK;
break;
case GAAOPTID_crq_info:
OK = 0;
-#line 72 "certtool.gaa"
+#line 73 "certtool.gaa"
{ gaaval->action = ACTION_REQUEST; ;};
return GAA_OK;
break;
case GAAOPTID_crl_info:
OK = 0;
-#line 70 "certtool.gaa"
+#line 71 "certtool.gaa"
{ gaaval->action = ACTION_CRL_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_pgp_ring_info:
OK = 0;
-#line 68 "certtool.gaa"
+#line 69 "certtool.gaa"
{ gaaval->action = ACTION_RING_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_pgp_certificate_info:
OK = 0;
-#line 66 "certtool.gaa"
+#line 67 "certtool.gaa"
{ gaaval->action = ACTION_PGP_INFO; ;};
return GAA_OK;
break;
case GAAOPTID_certificate_pubkey:
OK = 0;
-#line 64 "certtool.gaa"
+#line 65 "certtool.gaa"
{ gaaval->action = ACTION_CERT_PUBKEY; ;};
return GAA_OK;
break;
case GAAOPTID_certificate_info:
OK = 0;
-#line 62 "certtool.gaa"
+#line 63 "certtool.gaa"
{ gaaval->action = ACTION_CERT_INFO; ;};
return GAA_OK;
@@ -1111,7 +1115,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_password.arg1, gaa_getstr,
GAATMP_password.size1);
gaa_index++;
-#line 60 "certtool.gaa"
+#line 61 "certtool.gaa"
{ gaaval->pass = GAATMP_password.arg1 ;};
return GAA_OK;
@@ -1121,7 +1125,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_ca_certificate.arg1, gaa_getstr,
GAATMP_load_ca_certificate.size1);
gaa_index++;
-#line 57 "certtool.gaa"
+#line 58 "certtool.gaa"
{ gaaval->ca = GAATMP_load_ca_certificate.arg1 ;};
return GAA_OK;
@@ -1131,7 +1135,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_ca_privkey.arg1, gaa_getstr,
GAATMP_load_ca_privkey.size1);
gaa_index++;
-#line 54 "certtool.gaa"
+#line 55 "certtool.gaa"
{ gaaval->ca_privkey = GAATMP_load_ca_privkey.arg1 ;};
return GAA_OK;
@@ -1141,7 +1145,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_certificate.arg1, gaa_getstr,
GAATMP_load_certificate.size1);
gaa_index++;
-#line 51 "certtool.gaa"
+#line 52 "certtool.gaa"
{ gaaval->cert = GAATMP_load_certificate.arg1 ;};
return GAA_OK;
@@ -1151,7 +1155,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_request.arg1, gaa_getstr,
GAATMP_load_request.size1);
gaa_index++;
-#line 48 "certtool.gaa"
+#line 49 "certtool.gaa"
{ gaaval->request = GAATMP_load_request.arg1 ;};
return GAA_OK;
@@ -1161,7 +1165,7 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_pubkey.arg1, gaa_getstr,
GAATMP_load_pubkey.size1);
gaa_index++;
-#line 45 "certtool.gaa"
+#line 46 "certtool.gaa"
{ gaaval->pubkey = GAATMP_load_pubkey.arg1 ;};
return GAA_OK;
@@ -1171,11 +1175,18 @@ static int gaa_try(int gaa_num, int gaa_index, gaainfo
*gaaval, char *opt_list)
GAA_TESTMOREARGS;
GAA_FILL(GAATMP_load_privkey.arg1, gaa_getstr,
GAATMP_load_privkey.size1);
gaa_index++;
-#line 42 "certtool.gaa"
+#line 43 "certtool.gaa"
{ gaaval->privkey = GAATMP_load_privkey.arg1 ;};
return GAA_OK;
break;
+ case GAAOPTID_dh_info:
+ OK = 0;
+#line 40 "certtool.gaa"
+{ gaaval->action = ACTION_DH_INFO; ;};
+
+ return GAA_OK;
+ break;
case GAAOPTID_get_dh_params:
OK = 0;
#line 39 "certtool.gaa"
@@ -1284,7 +1295,7 @@ int gaa(int argc, char **argv, gaainfo *gaaval)
if(inited == 0)
{
-#line 152 "certtool.gaa"
+#line 153 "certtool.gaa"
{ gaaval->bits = 0; gaaval->pkcs8 = 0; gaaval->privkey = NULL;
gaaval->ca=NULL; gaaval->ca_privkey = NULL;
gaaval->debug=1; gaaval->request = NULL; gaaval->infile = NULL;
gaaval->outfile = NULL; gaaval->cert = NULL;
gaaval->incert_format = 0; gaaval->outcert_format = 0;
gaaval->action=-1; gaaval->pass = NULL; gaaval->v1_cert = 0;
diff --git a/src/certtool-gaa.h b/src/certtool-gaa.h
index f661e36..fa684de 100644
--- a/src/certtool-gaa.h
+++ b/src/certtool-gaa.h
@@ -8,55 +8,55 @@ typedef struct _gaainfo gaainfo;
struct _gaainfo
{
-#line 145 "certtool.gaa"
+#line 146 "certtool.gaa"
int debug;
-#line 142 "certtool.gaa"
+#line 143 "certtool.gaa"
char *pkcs_cipher;
-#line 139 "certtool.gaa"
+#line 140 "certtool.gaa"
char *template;
-#line 136 "certtool.gaa"
+#line 137 "certtool.gaa"
char *infile;
-#line 133 "certtool.gaa"
+#line 134 "certtool.gaa"
char *outfile;
-#line 130 "certtool.gaa"
+#line 131 "certtool.gaa"
int quick_random;
-#line 127 "certtool.gaa"
+#line 128 "certtool.gaa"
char* sec_param;
-#line 124 "certtool.gaa"
+#line 125 "certtool.gaa"
int bits;
-#line 120 "certtool.gaa"
+#line 121 "certtool.gaa"
int outcert_format;
-#line 116 "certtool.gaa"
+#line 117 "certtool.gaa"
int incert_format;
-#line 113 "certtool.gaa"
+#line 114 "certtool.gaa"
int export;
-#line 110 "certtool.gaa"
+#line 111 "certtool.gaa"
char *hash;
-#line 107 "certtool.gaa"
+#line 108 "certtool.gaa"
int ecc;
-#line 104 "certtool.gaa"
+#line 105 "certtool.gaa"
int dsa;
-#line 101 "certtool.gaa"
+#line 102 "certtool.gaa"
int pkcs8;
-#line 94 "certtool.gaa"
+#line 95 "certtool.gaa"
int v1_cert;
-#line 91 "certtool.gaa"
+#line 92 "certtool.gaa"
int fix_key;
-#line 74 "certtool.gaa"
+#line 75 "certtool.gaa"
int crq_extensions;
-#line 59 "certtool.gaa"
+#line 60 "certtool.gaa"
char *pass;
-#line 56 "certtool.gaa"
+#line 57 "certtool.gaa"
char *ca;
-#line 53 "certtool.gaa"
+#line 54 "certtool.gaa"
char *ca_privkey;
-#line 50 "certtool.gaa"
+#line 51 "certtool.gaa"
char *cert;
-#line 47 "certtool.gaa"
+#line 48 "certtool.gaa"
char *request;
-#line 44 "certtool.gaa"
+#line 45 "certtool.gaa"
char *pubkey;
-#line 41 "certtool.gaa"
+#line 42 "certtool.gaa"
char *privkey;
#line 17 "certtool.gaa"
int action;
diff --git a/src/certtool.c b/src/certtool.c
index 1988aff..110fdeb 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1065,6 +1065,9 @@ gaa_parser (int argc, char **argv)
case ACTION_CERT_INFO:
certificate_info (0, &cinfo);
break;
+ case ACTION_DH_INFO:
+ dh_info (&cinfo);
+ break;
case ACTION_CERT_PUBKEY:
certificate_info (1, &cinfo);
break;
diff --git a/src/certtool.gaa b/src/certtool.gaa
index 4834d60..7e79102 100644
--- a/src/certtool.gaa
+++ b/src/certtool.gaa
@@ -37,6 +37,7 @@ option (verify-crl) { $action=ACTION_VERIFY_CRL; } "Verify a
CRL."
option (generate-dh-params) { $action=ACTION_GENERATE_DH; } "Generate PKCS #3
encoded Diffie-Hellman parameters."
option (get-dh-params) { $action=ACTION_GET_DH; } "Get the included PKCS #3
encoded Diffie-Hellman parameters."
+option (dh-info) { $action = ACTION_DH_INFO; } "Print information on
Diffie-Hellman parameters."
#char *privkey;
option (load-privkey) STR "FILE" { $privkey = $1 } "Private key file to use."
diff --git a/src/prime.c b/src/dh.c
similarity index 57%
rename from src/prime.c
rename to src/dh.c
index 0855a8f..6335bbe 100644
--- a/src/prime.c
+++ b/src/dh.c
@@ -27,6 +27,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <gnutls/gnutls.h>
+#include <read-file.h>
#include <certtool-common.h>
/* Generates Diffie-Hellman parameters (a prime and a generator
@@ -36,14 +37,105 @@
extern FILE *outfile;
extern FILE *infile;
-static const int cparams = 0;
+static void
+print_dh_info (gnutls_datum_t * p, gnutls_datum_t * g, unsigned int q_bits)
+{
+int i;
+
+ fprintf (outfile, "\nGenerator (%d bits): ", g->size*8);
+
+ for (i = 0; i < g->size; i++)
+ {
+ if (i != 0 && i % 12 == 0)
+ fprintf (outfile, "\n\t");
+ else if (i != 0 && i != g->size)
+ fprintf (outfile, ":");
+
+ fprintf (outfile, "%.2x", g->data[i]);
+ }
+
+ fprintf (outfile, "\n\n");
+
+ /* print prime */
+
+ fprintf (outfile, "Prime (%d bits):", p->size*8);
+
+ for (i = 0; i < p->size; i++)
+ {
+ if (i % 12 == 0)
+ fprintf (outfile, "\n\t");
+ else if (i != 0 && i != p->size)
+ fprintf (outfile, ":");
+ fprintf (outfile, "%.2x", p->data[i]);
+ }
+
+ if (q_bits > 0)
+ fprintf (outfile, "\n\nRecommended key length: %d bits\n", q_bits);
+ fprintf (outfile, "\n");
+
+}
+
+void dh_info (common_info_st * ci)
+{
+ gnutls_datum_t params;
+ size_t size;
+ int ret;
+ gnutls_dh_params_t dh_params;
+ gnutls_datum_t p, g;
+ unsigned int q_bits = 0;
+
+ if (gnutls_dh_params_init (&dh_params) < 0)
+ {
+ fprintf (stderr, "Error in dh parameter initialization\n");
+ exit (1);
+ }
+
+ params.data = fread_file (infile, &size);
+ params.size = size;
+
+ ret =
+ gnutls_dh_params_import_pkcs3 (dh_params, ¶ms, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error parsing dh params: %s\n", gnutls_strerror (ret));
+ exit (1);
+ }
+
+ ret = gnutls_dh_params_export_raw (dh_params, &p, &g, &q_bits);
+ if (ret < 0)
+ {
+ fprintf (stderr, "Error exporting parameters: %s\n",
+ gnutls_strerror (ret));
+ exit (1);
+ }
+
+ print_dh_info (&p, &g, q_bits);
+
+ { /* generate a PKCS#3 structure */
+ size_t len = buffer_size;
+
+ ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
+ buffer, &len);
+
+ if (ret == 0)
+ {
+ fprintf (outfile, "\n%s", buffer);
+ }
+ else
+ {
+ fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
+ }
+
+ }
+
+ gnutls_dh_params_deinit(dh_params);
+}
/* If how is zero then the included parameters are used.
*/
int
generate_prime (int how, common_info_st * info)
{
- unsigned int i;
int ret;
gnutls_dh_params_t dh_params;
gnutls_datum_t p, g;
@@ -99,7 +191,7 @@ generate_prime (int how, common_info_st * info)
g = gnutls_srp_2048_group_generator;
bits = 2048;
}
- else if (bits <=3072)
+ else if (bits <= 3072)
{
p = gnutls_srp_3072_group_prime;
g = gnutls_srp_3072_group_generator;
@@ -121,98 +213,30 @@ generate_prime (int how, common_info_st * info)
}
#else
fprintf (stderr, "Parameters unavailable as SRP is disabled.\n");
- exit(1);
+ exit (1);
#endif
}
- if (cparams)
- {
+ print_dh_info (&p, &g, q_bits);
- fprintf (outfile, "/* generator */\n");
- fprintf (outfile, "\nconst uint8 g[%d] = { ", g.size);
+ { /* generate a PKCS#3 structure */
+ size_t len = buffer_size;
- for (i = 0; i < g.size; i++)
- {
- if (i % 7 == 0)
- fprintf (outfile, "\n\t");
- fprintf (outfile, "0x%.2x", g.data[i]);
- if (i != g.size - 1)
- fprintf (outfile, ", ");
- }
-
- fprintf (outfile, "\n};\n\n");
- }
- else
- {
- fprintf (outfile, "\nGenerator: ");
+ ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
+ buffer, &len);
- for (i = 0; i < g.size; i++)
- {
- if (i != 0 && i % 12 == 0)
- fprintf (outfile, "\n\t");
- else if (i != 0 && i != g.size)
- fprintf (outfile, ":");
+ if (ret == 0)
+ {
+ fprintf (outfile, "\n%s", buffer);
+ }
+ else
+ {
+ fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
+ }
- fprintf (outfile, "%.2x", g.data[i]);
- }
+ }
- fprintf (outfile, "\n\n");
- }
-
- /* print prime */
-
- if (cparams)
- {
- fprintf (outfile, "/* prime - %d bits */\n", p.size * 8);
- fprintf (outfile, "\nconst uint8 prime[%d] = { ", p.size);
-
- for (i = 0; i < p.size; i++)
- {
- if (i % 7 == 0)
- fprintf (outfile, "\n\t");
- fprintf (outfile, "0x%.2x", p.data[i]);
- if (i != p.size - 1)
- fprintf (outfile, ", ");
- }
-
- fprintf (outfile, "\n};\n");
- }
- else
- {
- fprintf (outfile, "Prime (%d bits):", bits);
-
- for (i = 0; i < p.size; i++)
- {
- if (i % 12 == 0)
- fprintf (outfile, "\n\t");
- else if (i != 0 && i != p.size)
- fprintf (outfile, ":");
- fprintf (outfile, "%.2x", p.data[i]);
- }
-
- if (q_bits > 0)
- fprintf (outfile, "\n\nRecommended key length: %d bits\n", q_bits);
- fprintf (outfile, "\n");
- }
-
- if (!cparams)
- { /* generate a PKCS#3 structure */
-
- size_t len = buffer_size;
-
- ret = gnutls_dh_params_export_pkcs3 (dh_params, GNUTLS_X509_FMT_PEM,
- buffer, &len);
-
- if (ret == 0)
- {
- fprintf (outfile, "\n%s", buffer);
- }
- else
- {
- fprintf (stderr, "Error: %s\n", gnutls_strerror (ret));
- }
-
- }
+ gnutls_dh_params_deinit(dh_params);
return 0;
}
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_8-58-g070113e,
Nikos Mavrogiannopoulos <=