diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-27 15:12:27 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2002-01-27 15:12:27 +0000 |
commit | d71393001fae5e67c93602364320a91c8e81f3f5 (patch) | |
tree | 1e3989e8b9feda40ba613dddf93e2bff4fba7b1f | |
parent | 4d70e829e4f7bb5c913d20113d5be03199bd3766 (diff) | |
download | gnutls-d71393001fae5e67c93602364320a91c8e81f3f5.tar.gz |
added missing files
-rw-r--r-- | lib/auth_dhe.c (renamed from lib/auth_dhe_rsa.c) | 45 | ||||
-rw-r--r-- | lib/auth_dhe_dss.c | 273 | ||||
-rw-r--r-- | lib/auth_dhe_dss.h | 2 | ||||
-rw-r--r-- | src/x509/cert-dsa.pem | 88 | ||||
-rw-r--r-- | src/x509/key-dsa.pem | 12 |
5 files changed, 133 insertions, 287 deletions
diff --git a/lib/auth_dhe_rsa.c b/lib/auth_dhe.c index 67363a49b9..e9e75d2aa2 100644 --- a/lib/auth_dhe_rsa.c +++ b/lib/auth_dhe.c @@ -28,33 +28,54 @@ #include <gnutls_datum.h> #include <auth_x509.h> -static int gen_dhe_rsa_server_kx(GNUTLS_STATE, opaque **); -static int gen_dhe_rsa_client_kx(GNUTLS_STATE, opaque **); -static int proc_dhe_rsa_server_kx(GNUTLS_STATE, opaque *, int); -static int proc_dhe_rsa_client_kx(GNUTLS_STATE, opaque *, int); +static int gen_dhe_server_kx(GNUTLS_STATE, opaque **); +static int gen_dhe_client_kx(GNUTLS_STATE, opaque **); +static int proc_dhe_server_kx(GNUTLS_STATE, opaque *, int); +static int proc_dhe_client_kx(GNUTLS_STATE, opaque *, int); MOD_AUTH_STRUCT dhe_rsa_auth_struct = { "DHE_RSA", _gnutls_gen_x509_server_certificate, _gnutls_gen_x509_client_certificate, - gen_dhe_rsa_server_kx, + gen_dhe_server_kx, NULL, NULL, - gen_dhe_rsa_client_kx, + gen_dhe_client_kx, _gnutls_gen_x509_client_cert_vrfy, /* gen client cert vrfy */ _gnutls_gen_x509_server_cert_req, /* server cert request */ _gnutls_proc_x509_server_certificate, _gnutls_proc_x509_client_certificate, - proc_dhe_rsa_server_kx, + proc_dhe_server_kx, NULL, NULL, - proc_dhe_rsa_client_kx, + proc_dhe_client_kx, _gnutls_proc_x509_client_cert_vrfy, /* proc client cert vrfy */ _gnutls_proc_x509_cert_req /* proc server cert request */ }; -static int gen_dhe_rsa_server_kx(GNUTLS_STATE state, opaque ** data) +MOD_AUTH_STRUCT dhe_dss_auth_struct = { + "DHE_DSS", + _gnutls_gen_x509_server_certificate, + _gnutls_gen_x509_client_certificate, + gen_dhe_server_kx, + NULL, + NULL, + gen_dhe_client_kx, + _gnutls_gen_x509_client_cert_vrfy, /* gen client cert vrfy */ + _gnutls_gen_x509_server_cert_req, /* server cert request */ + + _gnutls_proc_x509_server_certificate, + _gnutls_proc_x509_client_certificate, + proc_dhe_server_kx, + NULL, + NULL, + proc_dhe_client_kx, + _gnutls_proc_x509_client_cert_vrfy, /* proc client cert vrfy */ + _gnutls_proc_x509_cert_req /* proc server cert request */ +}; + +static int gen_dhe_server_kx(GNUTLS_STATE state, opaque ** data) { MPI x, X, g, p; size_t n_X, n_g, n_p; @@ -169,7 +190,7 @@ static int gen_dhe_rsa_server_kx(GNUTLS_STATE state, opaque ** data) return data_size; } -static int gen_dhe_rsa_client_kx(GNUTLS_STATE state, opaque ** data) +static int gen_dhe_client_kx(GNUTLS_STATE state, opaque ** data) { MPI x, X; size_t n_X; @@ -223,7 +244,7 @@ static int gen_dhe_rsa_client_kx(GNUTLS_STATE state, opaque ** data) return n_X + 2; } -static int proc_dhe_rsa_server_kx(GNUTLS_STATE state, opaque * data, +static int proc_dhe_server_kx(GNUTLS_STATE state, opaque * data, int data_size) { uint16 n_Y, n_g, n_p; @@ -330,7 +351,7 @@ static int proc_dhe_rsa_server_kx(GNUTLS_STATE state, opaque * data, return ret; } -static int proc_dhe_rsa_client_kx(GNUTLS_STATE state, opaque * data, +static int proc_dhe_client_kx(GNUTLS_STATE state, opaque * data, int data_size) { uint16 n_Y; diff --git a/lib/auth_dhe_dss.c b/lib/auth_dhe_dss.c deleted file mode 100644 index cfad3c1dac..0000000000 --- a/lib/auth_dhe_dss.c +++ /dev/null @@ -1,273 +0,0 @@ -/* - * Copyright (C) 2000 Nikos Mavroyanopoulos - * - * This file is part of GNUTLS. - * - * GNUTLS is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * GNUTLS is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA - */ - -/* DHE_DSS is not really working. It is used as a template - * (it may work BUT it does not check certificates) - */ - -#if 0 - -#include "gnutls_int.h" -#include "gnutls_auth_int.h" -#include "gnutls_errors.h" -#include "gnutls_dh.h" -#include "auth_dhe_dss.h" -#include "gnutls_num.h" - -int gen_dhe_dss_server_kx( GNUTLS_KEY , opaque**); -int gen_dhe_dss_client_kx( GNUTLS_KEY , opaque**); -int proc_dhe_dss_server_kx( GNUTLS_KEY , opaque*, int); -int proc_dhe_dss_client_kx( GNUTLS_KEY , opaque*, int); - -int gen_dhe_dss_client_cert_vrfy( GNUTLS_KEY, opaque**); -int proc_dhe_dss_client_cert_vrfy( GNUTLS_KEY, opaque*, int); - -int gen_dhe_dss_server_cert_vrfy( GNUTLS_KEY, opaque**); -int proc_dhe_dss_server_cert_vrfy( GNUTLS_KEY, opaque*, int); - -MOD_AUTH_STRUCT dhe_dss_auth_struct = { - "DHE_DSS", - gen_dhe_dss_server_kx, - NULL, - NULL, - gen_dhe_dss_client_kx, - gen_dhe_dss_client_cert_vrfy, - gen_dhe_dss_server_cert_vrfy, - proc_dhe_dss_server_kx, - NULL, - NULL, - proc_dhe_dss_client_kx, - proc_dhe_dss_client_cert_vrfy, - proc_dhe_dss_server_cert_vrfy -}; - -int gen_dhe_dss_server_kx( GNUTLS_KEY key, opaque** data) { - GNUTLS_MPI x, X, g, p; - size_t n_X, n_g, n_p; - uint8 *data_p; - uint8 *data_g; - uint8 *data_X; - int ret = 0; - DHE_DSS_SERVER_CREDENTIALS * cred; - - cred = _gnutls_get_kx_cred( key, GNUTLS_KX_DHE_DSS, NULL); - if (cred==NULL) { - bits = DEFAULT_BITS; /* default */ - } else { - bits = cred->bits; - } - - g = gnutls_get_dh_params(&p, bits); - - key->auth_info = gnutls_malloc(sizeof(DHE_DSS_AUTH_INFO)); - if (key->auth_info==NULL) return GNUTLS_E_MEMORY_ERROR; - ((DHE_DSS_AUTH_INFO*)key->auth_info)->bits = gcry_mpi_get_nbits(p); - key->auth_info_size = sizeof(DHE_DSS_AUTH_INFO); - - X = gnutls_calc_dh_secret(&x, g, p); - - key->dh_secret = x; - - _gnutls_mpi_print( NULL, &n_g, g); - _gnutls_mpi_print( NULL, &n_p, p); - _gnutls_mpi_print( NULL, &n_X, X); - (*data) = gnutls_malloc(n_g + n_p + n_X + 6); - data_p = &(*data)[0]; - _gnutls_mpi_print( &data_p[2], &n_p, p); - _gnutls_mpi_release(p); - - WRITEuint16( n_p, data_p); - - data_g = &data_p[2 + n_p]; - _gnutls_mpi_print( &data_g[2], &n_g, g); - _gnutls_mpi_release(g); - - WRITEuint16( n_g, data_g); - - data_X = &data_g[2 + n_g]; - _gnutls_mpi_print( &data_X[2], &n_X, X); - _gnutls_mpi_release(X); - - WRITEuint16( n_X, data_X); - - ret = n_p+n_g+n_X+6; - - return ret; -} - -int gen_dhe_dss_client_kx( GNUTLS_KEY key, opaque** data) { -GNUTLS_MPI x, X; -size_t n_X; - - X = _gnutls_calc_dh_secret(&x, key->client_g, - key->client_p); - - _gnutls_mpi_print( NULL, &n_X, X); - (*data) = gnutls_malloc(n_X + 2); - - _gnutls_mpi_print( &(*data)[2], &n_X, X); - (*data)[0] = 1; /* extern - explicit since we do not have - certificate */ - _gnutls_mpi_release(X); - - WRITEuint16( n_X, &(*data)[0]); - - /* calculate the key after calculating the message */ - key->KEY = _gnutls_calc_dh_key(key->client_Y, x, key->client_p); - - /* THESE SHOULD BE DISCARDED */ - _gnutls_mpi_release(key->client_Y); - _gnutls_mpi_release(key->client_p); - _gnutls_mpi_release(key->client_g); - key->client_Y = NULL; - key->client_p = NULL; - key->client_g = NULL; - - return n_X+2; -} - -int proc_dhe_dss_server_kx( GNUTLS_KEY key, opaque* data, int data_size) { - uint16 n_Y, n_g, n_p; - size_t _n_Y, _n_g, _n_p; - uint8 *data_p; - uint8 *data_g; - uint8 *data_Y; - int i; - - - i = 0; - n_p = READuint16( &data[i]); - i += 2; - - data_p = &data[i]; - i += n_p; - if (i > data_size) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - n_g = READuint16( &data[i]); - i += 2; - - data_g = &data[i]; - i += n_g; - if (i > data_size) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - - n_Y = READuint16( &data[i]); - i += 2; - - data_Y = &data[i]; - i += n_Y; - if (i > data_size) { - gnutls_assert(); - return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; - } - _n_Y = n_Y; - _n_g = n_g; - _n_p = n_p; - - if (gcry_mpi_scan(&key->client_Y, data_Y, &_n_Y) != 0) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - if (gcry_mpi_scan(&key->client_g,, data_g, &_n_g) != 0) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - if (gcry_mpi_scan(&key->client_p, data_p, &_n_p) != 0) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - /* We should check signature in non-anonymous KX - * this is anonymous however - */ - gnutls_free(data); - - return 0; -} - -int proc_dhe_dss_client_kx( GNUTLS_KEY key, opaque* data, int data_size) { - uint16 n_Y; - size_t _n_Y; - MPI g, p; - - cred = _gnutls_get_kx_cred( key, GNUTLS_KX_DHE_DSS, NULL); - if (cred==NULL) { - bits = DEFAULT_BITS; /* default */ - } else { - bits = cred->bits; - } - -#if 0 /* removed. I do not know why - maybe I didn't get the protocol, - * but openssl does not use that byte - */ - if (data[0] != 1) { - gnutls_assert(); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } -#endif - - n_Y = READuint16( &data[0]); - _n_Y = n_Y; - - if (gcry_mpi_scan(&key->client_Y, &data[2], &_n_Y)) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - g = gnutls_get_dh_params(&p, bits); - key->KEY = gnutls_calc_dh_key( key->client_Y, key->dh_secret, p); - - mpi_release(g); - mpi_release(p); - - _gnutls_mpi_release(key->client_Y); - _gnutls_mpi_release(key->dh_secret); - key->client_Y = NULL; - key->dh_secret = NULL; - - return 0; -} - -int gen_dhe_dss_client_cert_vrfy( GNUTLS_KEY key, opaque** data) { - /* FIXME: not ready yet */ - (*data)=gnutls_calloc(1, 20); - return 20; -} -int gen_dhe_dss_server_cert_vrfy( GNUTLS_KEY key, opaque** data) { - /* FIXME: not ready yet */ - (*data)=gnutls_calloc(1, 20); - return 20; -} -int proc_dhe_dss_client_cert_vrfy( GNUTLS_KEY key, opaque* data, int data_size) { - /* no certificate check in anonymous KX */ - return 0; -} -int proc_dhe_dss_server_cert_vrfy( GNUTLS_KEY key, opaque* data, int data_size) { - /* no certificate check in this algorithm */ - return 0; -} - -#endif diff --git a/lib/auth_dhe_dss.h b/lib/auth_dhe_dss.h deleted file mode 100644 index 84e3f9ca10..0000000000 --- a/lib/auth_dhe_dss.h +++ /dev/null @@ -1,2 +0,0 @@ -extern MOD_AUTH_STRUCT dhe_dss_auth_struct; - diff --git a/src/x509/cert-dsa.pem b/src/x509/cert-dsa.pem new file mode 100644 index 0000000000..914512b166 --- /dev/null +++ b/src/x509/cert-dsa.pem @@ -0,0 +1,88 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6 (0x6) + Signature Algorithm: md5WithRSAEncryption + Issuer: C=GR, ST=Attiki, L=Athina, O=GNUTLS, OU=GNUTLS dev., CN=GNUTLS TEST CA/Email=gnutls-dev@gnupg.org + Validity + Not Before: Jan 27 14:38:52 2002 GMT + Not After : Jan 27 14:38:52 2003 GMT + Subject: C=GR, ST=Attiki, L=Athina, O=GNUTLS, OU=INSECURE WEB SERVER, CN=localhost-ng/Email=none@gnutls.org + Subject Public Key Info: + Public Key Algorithm: dsaEncryption + DSA Public Key: + pub: + 1b:0f:6a:db:3f:c3:14:7c:b2:4c:d8:1e:58:4e:a2: + de:3a:86:b0:cc:46:02:9b:a9:6b:00:2e:ed:c2:26: + c2:46:4d:3a:75:92:20:85:aa:39:61:ff:ad:b0:53: + 40:ab:4a:10:91:1c:7b:15:ab:64:97:a6:35:ff:ec: + b6:48:65:15:4d:e4:56:86:23:67:a2:26:7b:ab:0b: + 7c:a4:8f:60:8f:72:5c:20:b9:6d:e1:ee:16:7d:6f: + 42:75:b8:6f:42:40:c1:34:b0:03:76:7c:b3:8d:c6: + e0:5d:df:a8:73:d5:13:31:5f:55:fc:df:3d:dc:24: + 0c:e4:a9:35:26:74:58:76 + P: + 00:df:46:92:6d:98:32:d2:0b:50:d9:73:fb:40:c5: + 06:e0:21:ce:b7:6e:7b:7e:69:e6:32:e8:50:d1:7b: + bc:61:e5:62:0c:5d:62:fd:ec:8e:a9:a6:83:96:f2: + b7:d5:3e:c1:95:9e:91:fc:58:24:e0:8b:ca:65:55: + 98:55:2a:84:87:dc:73:50:d7:a2:fc:cf:85:ec:5c: + 4c:e5:a9:95:c5:e7:40:eb:24:df:7d:13:db:5e:8e: + f1:4e:9e:67:9c:9a:66:1e:37:26:be:5b:50:ed:85: + 0b:33:e0:c8:d0:cb:a4:0f:19:ef:99:36:ba:0d:fa: + e5:6c:91:e9:f4:da:12:c1:53 + Q: + 00:eb:04:43:bd:ea:50:5c:0a:aa:ad:c0:ae:6a:b5: + 24:db:fc:27:ee:c1 + G: + 69:84:fc:bd:d0:36:fb:53:b2:5b:31:8c:92:f4:fd: + 72:80:16:58:89:8b:be:e3:06:87:20:5d:fa:4c:4a: + 90:72:41:d1:ee:d9:b6:14:c6:fc:ed:56:dd:11:28: + 13:f1:ff:da:a7:65:41:77:70:93:eb:d0:d5:59:48: + a4:4f:11:9d:35:9a:66:52:14:c8:d4:22:82:ed:07: + e1:fc:06:cd:e8:75:d2:af:bf:68:74:d7:56:6d:06: + 5b:b4:af:28:5c:81:25:14:0f:44:9e:f6:1c:2d:98: + 3d:17:2d:b0:5b:5d:3a:23:e9:8c:27:8e:9d:fe:88: + 3c:a0:3e:0e:a7:c2:5e:d2 + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:EF:EE:94:AB:C8:CA:57:7F:53:13:DB:76:DC:1A:95:00:93:BA:F3:C9 + + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto + X509v3 Basic Constraints: critical + CA:FALSE + Signature Algorithm: md5WithRSAEncryption + 86:09:fa:85:38:1a:84:79:ca:d5:bb:23:41:5b:67:92:f1:99: + 02:31:e7:a1:9e:27:4b:37:9a:a4:b9:6a:dc:f9:66:43:93:f3: + fd:12:35:cd:e9:37:18:e1:7f:3e:2b:40:87:67:97:a8:22:a4: + 34:b5:75:34:94:88:e9:31:ad:3b:52:c9:6c:3a:e0:19:9e:fc: + e7:cf:50:66:72:90:3f:3c:37:54:e2:17:d4:6f:0a:ca:e5:f7: + 4e:1e:6f:c4:5f:d9:38:25:04:df:b7:96:f6:38:ea:75:96:24: + b3:d6:76:8c:15:eb:e0:05:ff:60:08:06:42:bf:89:76:fb:33: + a4:98 +-----BEGIN CERTIFICATE----- +MIIEIDCCA4mgAwIBAgIBBjANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCR1Ix +DzANBgNVBAgTBkF0dGlraTEPMA0GA1UEBxMGQXRoaW5hMQ8wDQYDVQQKEwZHTlVU +TFMxFDASBgNVBAsTC0dOVVRMUyBkZXYuMRcwFQYDVQQDEw5HTlVUTFMgVEVTVCBD +QTEjMCEGCSqGSIb3DQEJARYUZ251dGxzLWRldkBnbnVwZy5vcmcwHhcNMDIwMTI3 +MTQzODUyWhcNMDMwMTI3MTQzODUyWjCBlTELMAkGA1UEBhMCR1IxDzANBgNVBAgT +BkF0dGlraTEPMA0GA1UEBxMGQXRoaW5hMQ8wDQYDVQQKEwZHTlVUTFMxHDAaBgNV +BAsTE0lOU0VDVVJFIFdFQiBTRVJWRVIxFTATBgNVBAMTDGxvY2FsaG9zdC1uZzEe +MBwGCSqGSIb3DQEJARYPbm9uZUBnbnV0bHMub3JnMIIBtjCCASsGByqGSM44BAEw +ggEeAoGBAN9Gkm2YMtILUNlz+0DFBuAhzrdue35p5jLoUNF7vGHlYgxdYv3sjqmm +g5byt9U+wZWekfxYJOCLymVVmFUqhIfcc1DXovzPhexcTOWplcXnQOsk330T216O +8U6eZ5yaZh43Jr5bUO2FCzPgyNDLpA8Z75k2ug365WyR6fTaEsFTAhUA6wRDvepQ +XAqqrcCuarUk2/wn7sECgYBphPy90Db7U7JbMYyS9P1ygBZYiYu+4waHIF36TEqQ +ckHR7tm2FMb87VbdESgT8f/ap2VBd3CT69DVWUikTxGdNZpmUhTI1CKC7Qfh/AbN +6HXSr79odNdWbQZbtK8oXIElFA9EnvYcLZg9Fy2wW106I+mMJ46d/og8oD4Op8Je +0gOBhAACgYAbD2rbP8MUfLJM2B5YTqLeOoawzEYCm6lrAC7twibCRk06dZIghao5 +Yf+tsFNAq0oQkRx7Fatkl6Y1/+y2SGUVTeRWhiNnoiZ7qwt8pI9gj3JcILlt4e4W +fW9CdbhvQkDBNLADdnyzjcbgXd+oc9UTMV9V/N893CQM5Kk1JnRYdqNnMGUwHwYD +VR0jBBgwFoAU7+6Uq8jKV39TE9t23BqVAJO688kwNAYDVR0lBC0wKwYIKwYBBQUH +AwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhCBAEwDAYDVR0TAQH/BAIw +ADANBgkqhkiG9w0BAQQFAAOBgQCGCfqFOBqEecrVuyNBW2eS8ZkCMeehnidLN5qk +uWrc+WZDk/P9EjXN6TcY4X8+K0CHZ5eoIqQ0tXU0lIjpMa07UslsOuAZnvznz1Bm +cpA/PDdU4hfUbwrK5fdOHm/EX9k4JQTft5b2OOp1liSz1naMFevgBf9gCAZCv4l2 ++zOkmA== +-----END CERTIFICATE----- diff --git a/src/x509/key-dsa.pem b/src/x509/key-dsa.pem new file mode 100644 index 0000000000..179c81f3a4 --- /dev/null +++ b/src/x509/key-dsa.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBAAKBgQDfRpJtmDLSC1DZc/tAxQbgIc63bnt+aeYy6FDRe7xh5WIMXWL9 +7I6ppoOW8rfVPsGVnpH8WCTgi8plVZhVKoSH3HNQ16L8z4XsXEzlqZXF50DrJN99 +E9tejvFOnmecmmYeNya+W1DthQsz4MjQy6QPGe+ZNroN+uVsken02hLBUwIVAOsE +Q73qUFwKqq3Armq1JNv8J+7BAoGAaYT8vdA2+1OyWzGMkvT9coAWWImLvuMGhyBd ++kxKkHJB0e7ZthTG/O1W3REoE/H/2qdlQXdwk+vQ1VlIpE8RnTWaZlIUyNQigu0H +4fwGzeh10q+/aHTXVm0GW7SvKFyBJRQPRJ72HC2YPRctsFtdOiPpjCeOnf6IPKA+ +DqfCXtICgYAbD2rbP8MUfLJM2B5YTqLeOoawzEYCm6lrAC7twibCRk06dZIghao5 +Yf+tsFNAq0oQkRx7Fatkl6Y1/+y2SGUVTeRWhiNnoiZ7qwt8pI9gj3JcILlt4e4W +fW9CdbhvQkDBNLADdnyzjcbgXd+oc9UTMV9V/N893CQM5Kk1JnRYdgIUJuo33Alb +GwYHGtcWAGwXLbHMzf0= +-----END DSA PRIVATE KEY----- |