diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-21 09:47:34 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-12-21 09:47:34 +0000 |
commit | 2fdcd35de21b6d2a81a74580f368863f6c483ad1 (patch) | |
tree | 63a0e4a3b93259e18f9bbab8d3e1c89503350d67 /lib | |
parent | 47568619a72f494719e468cc39a4b254954ea134 (diff) | |
download | gnutls-2fdcd35de21b6d2a81a74580f368863f6c483ad1.tar.gz |
Added gnutls_openpgp_key_get_key_usage(), and removed several compatibility
functions.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/dh_compat.c | 149 | ||||
-rw-r--r-- | lib/gnutls_ui.h | 136 | ||||
-rw-r--r-- | lib/rsa_compat.c | 285 |
3 files changed, 89 insertions, 481 deletions
diff --git a/lib/dh_compat.c b/lib/dh_compat.c deleted file mode 100644 index 56f5d0e87b..0000000000 --- a/lib/dh_compat.c +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright (C) 2000,2001,2003 Nikos Mavroyanopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_datum.h> -#include <x509_b64.h> /* for PKCS3 PEM decoding */ -#include <gnutls_global.h> -#include <gnutls_dh.h> -#include "debug.h" - -/* Replaces the prime in the static DH parameters, with a randomly - * generated one. - */ -/*- - * gnutls_dh_params_set - This function will replace the old DH parameters - * @dh_params: Is a structure will hold the prime numbers - * @prime: holds the new prime - * @generator: holds the new generator - * @bits: is the prime's number of bits. This value is ignored. - * - * This function will replace the pair of prime and generator for use in - * the Diffie-Hellman key exchange. The new parameters should be stored in the - * appropriate gnutls_datum. - * - -*/ -int gnutls_dh_params_set(gnutls_dh_params dh_params, gnutls_datum prime, - gnutls_datum generator, int bits) -{ - GNUTLS_MPI tmp_prime, tmp_g; - size_t siz = 0; - - /* sprime is not null, because of the check_bits() - * above. - */ - - siz = prime.size; - if (_gnutls_mpi_scan(&tmp_prime, prime.data, &siz)) { - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = generator.size; - if (_gnutls_mpi_scan(&tmp_g, generator.data, &siz)) { - _gnutls_mpi_release(&tmp_prime); - gnutls_assert(); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - /* copy the generated values to the structure - */ - dh_params->params[0] = tmp_prime; - dh_params->params[1] = tmp_g; - - return 0; - -} - -/*- - * gnutls_dh_params_generate - This function will generate new DH parameters - * @prime: will hold the new prime - * @generator: will hold the new generator - * @bits: is the prime's number of bits - * - * This function will generate a new pair of prime and generator for use in - * the Diffie-Hellman key exchange. The new parameters will be allocated using - * gnutls_malloc() and will be stored in the appropriate datum. - * This function is normally very slow. Another function - * (gnutls_dh_params_set()) should be called in order to replace the - * included DH primes in the gnutls library. - * - * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096. - * Also note that the generation of new DH parameters is only useful - * to servers. Clients use the parameters sent by the server, thus it's - * no use calling this in client side. - * - -*/ -int gnutls_dh_params_generate(gnutls_datum * prime, - gnutls_datum * generator, int bits) -{ - - GNUTLS_MPI tmp_prime, tmp_g; - size_t siz; - - if (_gnutls_dh_generate_prime(&tmp_g, &tmp_prime, bits) < 0) { - gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; - } - - siz = 0; - _gnutls_mpi_print(NULL, &siz, tmp_g); - - generator->data = gnutls_malloc(siz); - if (generator->data == NULL) { - _gnutls_mpi_release(&tmp_g); - _gnutls_mpi_release(&tmp_prime); - return GNUTLS_E_MEMORY_ERROR; - } - - generator->size = siz; - _gnutls_mpi_print(generator->data, &siz, tmp_g); - - - siz = 0; - _gnutls_mpi_print(NULL, &siz, tmp_prime); - - prime->data = gnutls_malloc(siz); - if (prime->data == NULL) { - gnutls_free(generator->data); - generator->data = NULL; generator->size = 0; - _gnutls_mpi_release(&tmp_g); - _gnutls_mpi_release(&tmp_prime); - return GNUTLS_E_MEMORY_ERROR; - } - prime->size = siz; - _gnutls_mpi_print(prime->data, &siz, tmp_prime); - -#ifdef DEBUG - { - opaque buffer[512]; - - _gnutls_debug_log - ("dh_params_generate: Generated %d bits prime %s, generator %s.\n", - bits, _gnutls_bin2hex(prime->data, prime->size, buffer, sizeof(buffer)), - _gnutls_bin2hex(generator->data, generator->size, buffer, sizeof(buffer))); - } -#endif - - return 0; - -} diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h index bff8ed8a31..6c2dbabdd3 100644 --- a/lib/gnutls_ui.h +++ b/lib/gnutls_ui.h @@ -2,27 +2,33 @@ # define GNUTLS_UI_H typedef enum gnutls_x509_subject_alt_name { - GNUTLS_SAN_DNSNAME=1, GNUTLS_SAN_RFC822NAME, + GNUTLS_SAN_DNSNAME = 1, GNUTLS_SAN_RFC822NAME, GNUTLS_SAN_URI, GNUTLS_SAN_IPADDRESS } gnutls_x509_subject_alt_name; -# ifdef LIBGNUTLS_VERSION /* These are defined only in gnutls.h */ +# ifdef LIBGNUTLS_VERSION /* These are defined only in gnutls.h */ /* Callback prototypes for the certificate authentication * callbacks. */ -typedef int gnutls_certificate_client_select_function( - gnutls_session, const gnutls_datum *client_cert, int ncerts, - const gnutls_datum* req_ca_cert, int nreqs); -typedef int gnutls_certificate_server_select_function( - gnutls_session, const gnutls_datum *server_certs, int ncerts); +typedef int gnutls_certificate_client_select_function(gnutls_session, + const gnutls_datum * + client_cert, + int ncerts, + const gnutls_datum * + req_ca_cert, + int nreqs); +typedef int gnutls_certificate_server_select_function(gnutls_session, + const gnutls_datum * + server_certs, + int ncerts); struct gnutls_openpgp_key_int; -typedef struct gnutls_openpgp_key_int* gnutls_openpgp_key; +typedef struct gnutls_openpgp_key_int *gnutls_openpgp_key; struct gnutls_openpgp_privkey_int; -typedef struct gnutls_openpgp_privkey_int* gnutls_openpgp_privkey; +typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey; typedef struct gnutls_retr_st { gnutls_certificate_type type; @@ -30,34 +36,36 @@ typedef struct gnutls_retr_st { gnutls_x509_crt *x509; gnutls_openpgp_key pgp; } cert; - uint ncerts; /* one for pgp keys */ + uint ncerts; /* one for pgp keys */ union key { gnutls_x509_privkey x509; gnutls_openpgp_privkey pgp; } key; - - uint deinit_all_keys; /* if non zero all keys will be deinited */ + + uint deinit_all_keys; /* if non zero all keys will be deinited */ } gnutls_retr_st; -typedef int gnutls_certificate_client_retrieve_function( - gnutls_session, const gnutls_datum* req_ca_cert, int nreqs, - gnutls_retr_st*); -typedef int gnutls_certificate_server_retrieve_function( - gnutls_session, gnutls_retr_st*); +typedef int gnutls_certificate_client_retrieve_function(gnutls_session, + const gnutls_datum + * req_ca_cert, + int nreqs, + gnutls_retr_st *); +typedef int gnutls_certificate_server_retrieve_function(gnutls_session, + gnutls_retr_st *); /* Functions that allow AUTH_INFO structures handling */ -gnutls_credentials_type gnutls_auth_get_type( gnutls_session session); +gnutls_credentials_type gnutls_auth_get_type(gnutls_session session); /* DH */ -void gnutls_dh_set_prime_bits( gnutls_session session, int bits); -int gnutls_dh_get_prime_bits( gnutls_session); -int gnutls_dh_get_secret_bits( gnutls_session); -int gnutls_dh_get_peers_public_bits( gnutls_session); +void gnutls_dh_set_prime_bits(gnutls_session session, int bits); +int gnutls_dh_get_prime_bits(gnutls_session); +int gnutls_dh_get_secret_bits(gnutls_session); +int gnutls_dh_get_peers_public_bits(gnutls_session); /* RSA */ int gnutls_rsa_export_get_modulus_bits(gnutls_session session); @@ -66,45 +74,79 @@ int gnutls_rsa_export_get_modulus_bits(gnutls_session session); #include <gnutls/compat8.h> -void gnutls_certificate_client_set_select_function( gnutls_session, gnutls_certificate_client_select_function *); -void gnutls_certificate_server_set_select_function( gnutls_session, gnutls_certificate_server_select_function *); +void gnutls_certificate_client_set_select_function(gnutls_session, + gnutls_certificate_client_select_function + *); +void gnutls_certificate_server_set_select_function(gnutls_session, + gnutls_certificate_server_select_function + *); -void gnutls_certificate_client_set_retrieve_function( gnutls_session, gnutls_certificate_client_retrieve_function *); -void gnutls_certificate_server_set_retrieve_function( gnutls_session, gnutls_certificate_server_retrieve_function *); +void gnutls_certificate_client_set_retrieve_function(gnutls_session, + gnutls_certificate_client_retrieve_function + *); +void gnutls_certificate_server_set_retrieve_function(gnutls_session, + gnutls_certificate_server_retrieve_function + *); -void gnutls_certificate_server_set_request( gnutls_session, gnutls_certificate_request); +void gnutls_certificate_server_set_request(gnutls_session, + gnutls_certificate_request); /* X.509 certificate handling functions */ int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, - gnutls_x509_crt_fmt format, gnutls_datum * prime, - gnutls_datum * generator, int* prime_bits); -int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, - const gnutls_datum * generator, gnutls_x509_crt_fmt format, - unsigned char* params_data, int* params_data_size); + gnutls_x509_crt_fmt format, + gnutls_datum * prime, + gnutls_datum * generator, + int *prime_bits); +int gnutls_pkcs3_export_dh_params(const gnutls_datum * prime, + const gnutls_datum * generator, + gnutls_x509_crt_fmt format, + unsigned char *params_data, + int *params_data_size); /* get data from the session */ -const gnutls_datum* gnutls_certificate_get_peers( gnutls_session, unsigned int* list_size); -const gnutls_datum *gnutls_certificate_get_ours( gnutls_session session); +const gnutls_datum *gnutls_certificate_get_peers(gnutls_session, + unsigned int *list_size); +const gnutls_datum *gnutls_certificate_get_ours(gnutls_session session); time_t gnutls_certificate_activation_time_peers(gnutls_session session); time_t gnutls_certificate_expiration_time_peers(gnutls_session session); -int gnutls_certificate_client_get_request_status( gnutls_session); -int gnutls_certificate_verify_peers( gnutls_session); - -int gnutls_pem_base64_encode( const char* header, const gnutls_datum *data, - char* result, size_t* result_size); -int gnutls_pem_base64_decode( const char* header, const gnutls_datum *b64_data, - unsigned char* result, size_t* result_size); +int gnutls_certificate_client_get_request_status(gnutls_session); +int gnutls_certificate_verify_peers(gnutls_session); -int gnutls_pem_base64_encode_alloc( const char* header, const gnutls_datum *data, - gnutls_datum * result); -int gnutls_pem_base64_decode_alloc( const char* header, const gnutls_datum *b64_data, - gnutls_datum* result); +int gnutls_pem_base64_encode(const char *header, const gnutls_datum * data, + char *result, size_t * result_size); +int gnutls_pem_base64_decode(const char *header, + const gnutls_datum * b64_data, + unsigned char *result, size_t * result_size); -# endif /* LIBGNUTLS_VERSION */ +int gnutls_pem_base64_encode_alloc(const char *header, + const gnutls_datum * data, + gnutls_datum * result); +int gnutls_pem_base64_decode_alloc(const char *header, + const gnutls_datum * b64_data, + gnutls_datum * result); -#endif /* GNUTLS_UI_H */ +/* key_usage will be an OR of the following values: + */ +#define GNUTLS_KEY_DIGITAL_SIGNATURE 128 /* when the key is to be + * used for signing. + */ +#define GNUTLS_KEY_NON_REPUDIATION 64 +#define GNUTLS_KEY_KEY_ENCIPHERMENT 32 /* when the key is to be + * used for encryption. + */ +#define GNUTLS_KEY_DATA_ENCIPHERMENT 16 +#define GNUTLS_KEY_KEY_AGREEMENT 8 +#define GNUTLS_KEY_KEY_CERT_SIGN 4 +#define GNUTLS_KEY_CRL_SIGN 2 +#define GNUTLS_KEY_ENCIPHER_ONLY 1 +#define GNUTLS_KEY_DECIPHER_ONLY 32768 + + +# endif /* LIBGNUTLS_VERSION */ + +#endif /* GNUTLS_UI_H */ diff --git a/lib/rsa_compat.c b/lib/rsa_compat.c deleted file mode 100644 index 092d49a5fa..0000000000 --- a/lib/rsa_compat.c +++ /dev/null @@ -1,285 +0,0 @@ -/* - * Copyright (C) 2002,2003 Nikos Mavroyanopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - */ - -/* This file contains code for RSA temporary keys. These keys are - * only used in export cipher suites. - */ - -#include <gnutls_int.h> -#include <gnutls_errors.h> -#include <gnutls_datum.h> -#include <gnutls_rsa_export.h> -#include "debug.h" - -/* This function takes a number of bits and returns a supported - * number of bits. Ie a number of bits that we have a prime in the - * dh_primes structure. - */ - -#define MAX_SUPPORTED_BITS 512 - -/* returns a negative value if the bits size is not supported - */ -static int check_bits(int bits) -{ - if (bits > MAX_SUPPORTED_BITS) - return GNUTLS_E_INVALID_REQUEST; - - return 0; -} - - -#define FREE_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \ - _gnutls_mpi_release(&rsa_params->params[i]); - -/*- - * gnutls_rsa_params_set - This function will replace the old RSA parameters - * @rsa_params: Is a structure which will hold the parameters - * @m: holds the modulus - * @e: holds the public exponent - * @d: holds the private exponent - * @p: holds the first prime (p) - * @q: holds the second prime (q) - * @u: holds the coefficient - * @bits: is the modulus's number of bits - * - * This function will replace the parameters used in the RSA-EXPORT key - * exchange. The new parameters should be stored in the - * appropriate gnutls_datum. - * - * Note that the bits value should only be less than 512. That is because - * the RSA-EXPORT ciphersuites are only allowed to sign a modulus of 512 - * bits. - * - -*/ -int gnutls_rsa_params_set(gnutls_rsa_params rsa_params, - gnutls_datum m, gnutls_datum e, - gnutls_datum d, gnutls_datum p, gnutls_datum q, gnutls_datum u, - int bits) -{ - int i; - size_t siz; - - if (check_bits(bits) < 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - FREE_PRIVATE_PARAMS - - siz = m.size; - if (_gnutls_mpi_scan(&rsa_params->params[0], m.data, &siz)) { - gnutls_assert(); - failed: - FREE_PRIVATE_PARAMS - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = e.size; - if (_gnutls_mpi_scan(&rsa_params->params[1], e.data, &siz)) { - gnutls_assert(); - goto failed; - } - - siz = d.size; - if (_gnutls_mpi_scan(&rsa_params->params[2], d.data, &siz)) { - gnutls_assert(); - goto failed; - } - - siz = p.size; - if (_gnutls_mpi_scan(&rsa_params->params[3], p.data, &siz)) { - gnutls_assert(); - goto failed; - } - - siz = q.size; - if (_gnutls_mpi_scan(&rsa_params->params[4], q.data, &siz)) { - gnutls_assert(); - goto failed; - } - - siz = u.size; - if (_gnutls_mpi_scan(&rsa_params->params[5], u.data, &siz)) { - gnutls_assert(); - goto failed; - } - - return 0; - -} - - -#define FREE_ALL_MPIS for (i=0;i<sizeof(rsa_params)/sizeof(GNUTLS_MPI);i++) \ - _gnutls_mpi_release( &rsa_params[i]) \ - -/*- - * gnutls_rsa_params_generate - This function will generate temporary RSA parameters - * @m: will hold the modulus - * @e: will hold the public exponent - * @d: will hold the private exponent - * @p: will hold the first prime (p) - * @q: will hold the second prime (q) - * @u: will hold the coefficient - * @bits: is the prime's number of bits - * - * This function will generate new temporary RSA parameters for use in - * RSA-EXPORT ciphersuites. The new parameters will be allocated using - * gnutls_malloc() and will be stored in the appropriate datum. - * This function is normally slow. An other function - * (gnutls_rsa_params_set()) should be called in order to use the - * generated RSA parameters. - * - * Note that the bits value should be 512. - * Also note that the generation of new RSA parameters is only useful - * to servers. Clients use the parameters sent by the server, thus it's - * no use calling this in client side. - * - -*/ -int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, - gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, - gnutls_datum* u, int bits) -{ - - GNUTLS_MPI rsa_params[RSA_PRIVATE_PARAMS]; - int rsa_params_len; - size_t siz; - uint i; - int ret; - - if (check_bits(bits) < 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_rsa_generate_params( rsa_params, &rsa_params_len, bits); - if (ret < 0) { - gnutls_assert(); - return ret; - } - - siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[0]); - - m->data = gnutls_malloc(siz); - if (m->data == NULL) { - FREE_ALL_MPIS; - return GNUTLS_E_MEMORY_ERROR; - } - - m->size = siz; - _gnutls_mpi_print( m->data, &siz, rsa_params[0]); - - /* E */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[1]); - - e->data = gnutls_malloc(siz); - if (e->data == NULL) { - FREE_ALL_MPIS; - _gnutls_free_datum( m); - return GNUTLS_E_MEMORY_ERROR; - } - - e->size = siz; - _gnutls_mpi_print( e->data, &siz, rsa_params[1]); - - /* D */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[2]); - - d->data = gnutls_malloc(siz); - if (d->data == NULL) { - FREE_ALL_MPIS; - _gnutls_free_datum( m); - _gnutls_free_datum( e); - return GNUTLS_E_MEMORY_ERROR; - } - - d->size = siz; - _gnutls_mpi_print( d->data, &siz, rsa_params[2]); - - /* P */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[3]); - - p->data = gnutls_malloc(siz); - if (p->data == NULL) { - FREE_ALL_MPIS; - _gnutls_free_datum( m); - _gnutls_free_datum( e); - _gnutls_free_datum( d); - return GNUTLS_E_MEMORY_ERROR; - } - - p->size = siz; - _gnutls_mpi_print(p->data, &siz, rsa_params[3]); - - /* Q */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[4]); - - q->data = gnutls_malloc(siz); - if (q->data == NULL) { - FREE_ALL_MPIS; - _gnutls_free_datum( m); - _gnutls_free_datum( e); - _gnutls_free_datum( d); - _gnutls_free_datum( p); - return GNUTLS_E_MEMORY_ERROR; - } - - q->size = siz; - _gnutls_mpi_print(q->data, &siz, rsa_params[4]); - - /* U */ - siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[5]); - - u->data = gnutls_malloc(siz); - if (u->data == NULL) { - FREE_ALL_MPIS; - _gnutls_free_datum( m); - _gnutls_free_datum( e); - _gnutls_free_datum( d); - _gnutls_free_datum( p); - _gnutls_free_datum( q); - return GNUTLS_E_MEMORY_ERROR; - } - - u->size = siz; - _gnutls_mpi_print(u->data, &siz, rsa_params[5]); - - FREE_ALL_MPIS; - -#ifdef DEBUG - { - opaque buffer[512]; - - _gnutls_debug_log("rsa_params_generate: Generated %d bits modulus %s, exponent %s.\n", - bits, _gnutls_bin2hex(m->data, m->size, buffer, sizeof(buffer)), - _gnutls_bin2hex( e->data, e->size, buffer, sizeof(buffer))); - } -#endif - - return 0; - -} |