diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-01 14:43:04 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-07 14:51:19 +0200 |
commit | 3b876ea64d9f390f749bb0ee9a6b779daace69f9 (patch) | |
tree | b5ad1698b803c5a3605939e3cdf3ef606280ee1f | |
parent | f6cd10ad3c6d1e781832fc6c7a33f2413e3128bf (diff) | |
download | gnutls-3b876ea64d9f390f749bb0ee9a6b779daace69f9.tar.gz |
x509: no longer emit the previous custom format for provable parameters
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/gnutls.asn | 11 | ||||
-rw-r--r-- | lib/gnutls_asn1_tab.c | 10 | ||||
-rw-r--r-- | lib/x509/key_encode.c | 61 | ||||
-rw-r--r-- | lib/x509/privkey.c | 50 | ||||
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 2 | ||||
-rw-r--r-- | lib/x509/x509_int.h | 2 |
6 files changed, 24 insertions, 112 deletions
diff --git a/lib/gnutls.asn b/lib/gnutls.asn index e006b6d5b7..570d8263fd 100644 --- a/lib/gnutls.asn +++ b/lib/gnutls.asn @@ -26,18 +26,14 @@ RSAPrivateKey ::= SEQUENCE { exponent1 INTEGER, -- (Usually large) d mod (p-1) exponent2 INTEGER, -- (Usually large) d mod (q-1) coefficient INTEGER, -- (Usually large) (inverse of q) mod p - otherInfo RSAOtherInfo OPTIONAL + otherPrimeInfos OtherPrimeInfos OPTIONAL } ProvableSeed ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, + algorithm OBJECT IDENTIFIER, -- the hash algorithm OID used for FIPS186-4 generation seed OCTET STRING } -RSAOtherInfo ::= CHOICE { - otherPrimeInfos OtherPrimeInfos, -- the hash algorithm OID used for FIPS186-4 generation - seed [1] ProvableSeed -} OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo @@ -84,8 +80,7 @@ DSAPrivateKey ::= SEQUENCE { q INTEGER, g INTEGER, Y INTEGER, -- public - priv INTEGER, - seed [1] ProvableSeed OPTIONAL + priv INTEGER } -- from PKCS#3 diff --git a/lib/gnutls_asn1_tab.c b/lib/gnutls_asn1_tab.c index 587e54ed36..d58f864c0b 100644 --- a/lib/gnutls_asn1_tab.c +++ b/lib/gnutls_asn1_tab.c @@ -20,14 +20,10 @@ const asn1_static_node gnutls_asn1_tab[] = { { "exponent1", 1073741827, NULL }, { "exponent2", 1073741827, NULL }, { "coefficient", 1073741827, NULL }, - { "otherInfo", 16386, "RSAOtherInfo"}, + { "otherPrimeInfos", 16386, "OtherPrimeInfos"}, { "ProvableSeed", 1610612741, NULL }, { "algorithm", 1073741836, NULL }, { "seed", 7, NULL }, - { "RSAOtherInfo", 1610612754, NULL }, - { "otherPrimeInfos", 1073741826, "OtherPrimeInfos"}, - { "seed", 536879106, "ProvableSeed"}, - { NULL, 2056, "1"}, { "OtherPrimeInfos", 1612709899, NULL }, { "MAX", 1074266122, "1"}, { NULL, 2, "OtherPrimeInfo"}, @@ -57,9 +53,7 @@ const asn1_static_node gnutls_asn1_tab[] = { { "q", 1073741827, NULL }, { "g", 1073741827, NULL }, { "Y", 1073741827, NULL }, - { "priv", 1073741827, NULL }, - { "seed", 536895490, "ProvableSeed"}, - { NULL, 2056, "1"}, + { "priv", 3, NULL }, { "DHParameter", 1610612741, NULL }, { "prime", 1073741827, NULL }, { "base", 1073741827, NULL }, diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index 98b9769b59..d9d2cc8984 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -490,7 +490,7 @@ _gnutls_x509_write_dsa_pubkey(gnutls_pk_params_st * params, /* Encodes the RSA parameters into an ASN.1 RSA private key structure. */ static int -_gnutls_asn1_encode_rsa(ASN1_TYPE * c2, gnutls_pk_params_st * params, unsigned compat) +_gnutls_asn1_encode_rsa(ASN1_TYPE * c2, gnutls_pk_params_st * params) { int result, ret; uint8_t null = '\0'; @@ -596,34 +596,11 @@ _gnutls_asn1_encode_rsa(ASN1_TYPE * c2, gnutls_pk_params_st * params, unsigned c goto cleanup; } - if (compat == 0 && (params->flags & GNUTLS_PK_FLAG_PROVABLE) && params->seed_size > 0) { - if ((result = asn1_write_value(*c2, "otherInfo", - "seed", 1)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "otherInfo.seed.seed", - params->seed, params->seed_size)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "otherInfo.seed.algorithm", - gnutls_digest_get_oid(params->palgo), 1)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(result); - goto cleanup; - } - } else { - if ((result = asn1_write_value(*c2, "otherInfo", - NULL, 0)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(result); - goto cleanup; - } + if ((result = asn1_write_value(*c2, "otherPrimeInfos", + NULL, 0)) != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(result); + goto cleanup; } if ((result = @@ -756,7 +733,7 @@ cleanup: /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure. */ static int -_gnutls_asn1_encode_dsa(ASN1_TYPE * c2, gnutls_pk_params_st * params, unsigned compat) +_gnutls_asn1_encode_dsa(ASN1_TYPE * c2, gnutls_pk_params_st * params) { int result, ret; const uint8_t null = '\0'; @@ -816,24 +793,6 @@ _gnutls_asn1_encode_dsa(ASN1_TYPE * c2, gnutls_pk_params_st * params, unsigned c goto cleanup; } - if (params->seed_size > 0 && compat == 0) { - if ((result = asn1_write_value(*c2, "seed.seed", - params->seed, params->seed_size)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "seed.algorithm", - gnutls_digest_get_oid(params->palgo), 1)) != ASN1_SUCCESS) { - gnutls_assert(); - ret = _gnutls_asn2err(result); - goto cleanup; - } - } else { - (void)asn1_write_value(*c2, "seed", NULL, 0); - } - if ((result = asn1_write_value(*c2, "version", &null, 1)) != ASN1_SUCCESS) { gnutls_assert(); @@ -850,14 +809,14 @@ cleanup: } int _gnutls_asn1_encode_privkey(ASN1_TYPE * c2, - gnutls_pk_params_st * params, unsigned compat) + gnutls_pk_params_st * params) { switch (params->algo) { case GNUTLS_PK_RSA: case GNUTLS_PK_RSA_PSS: - return _gnutls_asn1_encode_rsa(c2, params, compat); + return _gnutls_asn1_encode_rsa(c2, params); case GNUTLS_PK_DSA: - return _gnutls_asn1_encode_dsa(c2, params, compat); + return _gnutls_asn1_encode_dsa(c2, params); case GNUTLS_PK_ECDSA: case GNUTLS_PK_EDDSA_ED25519: return _gnutls_asn1_encode_ecc(c2, params); diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 81ff5c6db3..09a9bf03d3 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -113,7 +113,7 @@ gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, ret = _gnutls_asn1_encode_privkey(&dst->key, - &dst->params, src->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); + &dst->params); if (ret < 0) { gnutls_assert(); gnutls_pk_params_release(&dst->params); @@ -132,8 +132,6 @@ _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key, { int result; ASN1_TYPE pkey_asn; - char tmp[64]; - int tmp_size; gnutls_pk_params_init(&pkey->params); @@ -220,29 +218,6 @@ _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t * raw_key, pkey->params.params_nr = RSA_PRIVATE_PARAMS; pkey->params.algo = GNUTLS_PK_RSA; - tmp_size = sizeof(tmp); - result = asn1_read_value(pkey_asn, "otherInfo", tmp, &tmp_size); - if (result == ASN1_SUCCESS && strcmp(tmp, "seed") == 0) { - gnutls_datum_t v; - char oid[MAX_OID_SIZE]; - int oid_size; - - oid_size = sizeof(oid); - result = asn1_read_value(pkey_asn, "otherInfo.seed.algorithm", oid, &oid_size); - if (result == ASN1_SUCCESS) { - pkey->params.palgo = gnutls_oid_to_digest(oid); - } - - result = _gnutls_x509_read_value(pkey_asn, "otherInfo.seed.seed", &v); - if (result >= 0) { - if (v.size <= sizeof(pkey->params.seed)) { - memcpy(pkey->params.seed, v.data, v.size); - pkey->params.seed_size = v.size; - } - gnutls_free(v.data); - } - } - return pkey_asn; error: @@ -466,8 +441,6 @@ decode_dsa_key(const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) #define PEM_KEY_DSA "DSA PRIVATE KEY" #define PEM_KEY_RSA "RSA PRIVATE KEY" -#define PEM_KEY_DSA_PROVABLE "FIPS186-4 DSA PRIVATE KEY" -#define PEM_KEY_RSA_PROVABLE "FIPS186-4 RSA PRIVATE KEY" #define PEM_KEY_ECC "EC PRIVATE KEY" #define PEM_KEY_PKCS8 "PRIVATE KEY" @@ -547,8 +520,6 @@ gnutls_x509_privkey_import(gnutls_x509_privkey_t key, IF_CHECK_FOR(PEM_KEY_RSA, GNUTLS_PK_RSA, ptr, begin_ptr, left, key) else IF_CHECK_FOR(PEM_KEY_ECC, GNUTLS_PK_EC, ptr, begin_ptr, left, key) else IF_CHECK_FOR(PEM_KEY_DSA, GNUTLS_PK_DSA, ptr, begin_ptr, left, key) - else IF_CHECK_FOR(PEM_KEY_RSA_PROVABLE, GNUTLS_PK_RSA, ptr, begin_ptr, left, key) - else IF_CHECK_FOR(PEM_KEY_DSA_PROVABLE, GNUTLS_PK_DSA, ptr, begin_ptr, left, key) if (key->params.algo == GNUTLS_PK_UNKNOWN && left >= sizeof(PEM_KEY_PKCS8)) { if (memcmp(ptr, PEM_KEY_PKCS8, sizeof(PEM_KEY_PKCS8)-1) == 0) { @@ -996,7 +967,7 @@ gnutls_x509_privkey_import_rsa_raw2(gnutls_x509_privkey_t key, ret = _gnutls_asn1_encode_privkey(&key->key, - &key->params, key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); + &key->params); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1092,7 +1063,7 @@ gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, ret = _gnutls_asn1_encode_privkey(&key->key, - &key->params, key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); + &key->params); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1330,15 +1301,9 @@ gnutls_x509_privkey_set_spki(gnutls_x509_privkey_t key, const gnutls_x509_spki_t static const char *set_msg(gnutls_x509_privkey_t key) { if (GNUTLS_PK_IS_RSA(key->params.algo)) { - if (key->params.seed_size > 0 && !(key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT)) - return PEM_KEY_RSA_PROVABLE; - else - return PEM_KEY_RSA; + return PEM_KEY_RSA; } else if (key->params.algo == GNUTLS_PK_DSA) { - if (key->params.seed_size > 0 && !(key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT)) - return PEM_KEY_DSA_PROVABLE; - else - return PEM_KEY_DSA; + return PEM_KEY_DSA; } else if (key->params.algo == GNUTLS_PK_EC) return PEM_KEY_ECC; else @@ -1733,7 +1698,7 @@ gnutls_x509_privkey_generate2(gnutls_x509_privkey_t key, } } - ret = _gnutls_asn1_encode_privkey(&key->key, &key->params, key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); + ret = _gnutls_asn1_encode_privkey(&key->key, &key->params); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -2179,8 +2144,7 @@ int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key) ret = _gnutls_asn1_encode_privkey(&key->key, - &key->params, - key->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); + &key->params); if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 46351dca25..4cad7bfcdc 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -1170,7 +1170,7 @@ _decode_pkcs8_dsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey) ret = _gnutls_asn1_encode_privkey(&pkey->key, - &pkey->params, pkey->flags&GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT); + &pkey->params); if (ret < 0) { gnutls_assert(); goto error; diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h index e325c06bf2..3dd3985cf3 100644 --- a/lib/x509/x509_int.h +++ b/lib/x509/x509_int.h @@ -258,7 +258,7 @@ _gnutls_x509_read_ecc_params(uint8_t * der, int dersize, unsigned int *curve); int _gnutls_asn1_encode_privkey(ASN1_TYPE * c2, - gnutls_pk_params_st * params, unsigned compat); + gnutls_pk_params_st * params); void _gnutls_x509_privkey_get_spki_params(gnutls_x509_privkey_t key, gnutls_x509_spki_st * params); |