[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_7-21-gac0d81e
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_7-21-gac0d81e |
|
Date: |
Sun, 25 Oct 2009 18:49:03 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=ac0d81e93315fc3ac5595396a179b0d31189a7ef
The branch, master has been updated
via ac0d81e93315fc3ac5595396a179b0d31189a7ef (commit)
from 68996b00292596980d5ca440a434ebc32cf4c7c1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ac0d81e93315fc3ac5595396a179b0d31189a7ef
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun Oct 25 19:38:16 2009 +0200
Corrected warnings in picky compilers and rearanged code.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 6 +
lib/x509/privkey_pkcs8.c | 253 +++++++++++++++++++++++-----------------------
2 files changed, 131 insertions(+), 128 deletions(-)
diff --git a/NEWS b/NEWS
index e6a0019..7f5d6d3 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@ See the end for copying conditions.
* Version 2.9.8 (unreleased)
+** libgnutls: Added support for AES-128,AES-192 and AES-256 in PKCS #8
+encryption. This affects also PKCS #12 encoded files.
+
+*** certtool: Added the --pkcs-cipher option to explicitely specify
+the encryption algorithm to use.
+
** libgnutls: Fix PKCS#12 encoding.
The error you would get was "The OID is not supported.". Problem
introduced for the v2.8.x branch in 2.7.6.
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 5bff37d..fa14858 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -362,6 +362,112 @@ error:
}
+static const char* cipher_to_pkcs_params(int cipher, const char** oid)
+{
+ switch(cipher)
+ {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ if (oid) *oid = AES_128_CBC_OID;
+ return "PKIX1.pkcs-5-aes128-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ if (oid) *oid = AES_192_CBC_OID;
+ return "PKIX1.pkcs-5-aes192-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ if (oid) *oid = AES_256_CBC_OID;
+ return "PKIX1.pkcs-5-aes256-CBC-params";
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ if (oid) *oid = DES_EDE3_CBC_OID;
+ return "PKIX1.pkcs-5-des-EDE3-CBC-params";
+ break;
+ default:
+ return NULL;
+ break;
+ }
+}
+
+static int cipher_to_schema(int cipher)
+{
+ switch(cipher)
+ {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ return PBES2_AES_128;
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ return PBES2_AES_192;
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ return PBES2_AES_256;
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ return PBES2_3DES;
+ break;
+ default:
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ break;
+ }
+}
+
+
+int _gnutls_pkcs_flags_to_schema(unsigned int flags)
+{
+int schema;
+
+ if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
+ schema = PKCS12_ARCFOUR_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
+ schema = PKCS12_RC2_40_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
+ schema = PBES2_3DES;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
+ schema = PBES2_AES_128;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
+ schema = PBES2_AES_192;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
+ schema = PBES2_AES_256;
+ else {
+ gnutls_assert();
+ _gnutls_x509_log
+ ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", flags);
+ schema = PKCS12_3DES_SHA1;
+ }
+
+ return schema;
+}
+
+/* returns the OID corresponding to given schema
+ */
+static int schema_to_oid(schema_id schema, const char** str_oid)
+{
+int result = 0;
+
+ switch (schema)
+ {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+ *str_oid = PBES2_OID;
+ break;
+ case PKCS12_3DES_SHA1:
+ *str_oid = PKCS12_PBE_3DES_SHA1_OID;
+ break;
+ case PKCS12_ARCFOUR_SHA1:
+ *str_oid = PKCS12_PBE_ARCFOUR_SHA1_OID;
+ break;
+ case PKCS12_RC2_40_SHA1:
+ *str_oid = PKCS12_PBE_RC2_40_SHA1_OID;
+ break;
+ default:
+ gnutls_assert();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return result;
+}
+
/* Converts a PKCS #8 private key info to
* a PKCS #8 EncryptedPrivateKeyInfo.
*/
@@ -375,6 +481,7 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t
* der_key,
ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
struct pbkdf2_params kdf_params;
struct pbe_enc_params enc_params;
+ const char* str_oid;
if ((result =
@@ -389,34 +496,17 @@ encode_to_pkcs8_key (schema_id schema, const
gnutls_datum_t * der_key,
/* Write the encryption schema OID
*/
- switch (schema)
+ result = schema_to_oid(schema, &str_oid);
+ if (result < 0)
{
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
- result =
- asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
- PBES2_OID, 1);
- break;
- case PKCS12_3DES_SHA1:
- result =
- asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
- PKCS12_PBE_3DES_SHA1_OID, 1);
- break;
- case PKCS12_ARCFOUR_SHA1:
- result =
- asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
- PKCS12_PBE_ARCFOUR_SHA1_OID, 1);
- break;
- case PKCS12_RC2_40_SHA1:
- result =
- asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
- PKCS12_PBE_RC2_40_SHA1_OID, 1);
- break;
-
+ gnutls_assert();
+ return result;
}
+ result =
+ asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
+ str_oid, 1);
+
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
@@ -478,31 +568,6 @@ error:
return result;
}
-int _gnutls_pkcs_flags_to_schema(unsigned int flags)
-{
-int schema;
-
- if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
- schema = PKCS12_ARCFOUR_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
- schema = PKCS12_RC2_40_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
- schema = PBES2_3DES;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
- schema = PBES2_AES_128;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
- schema = PBES2_AES_192;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
- schema = PBES2_AES_256;
- else {
- gnutls_assert();
- _gnutls_x509_log
- ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", flags);
- schema = PKCS12_3DES_SHA1;
- }
-
- return schema;
-}
/**
* gnutls_x509_privkey_export_pkcs8 - This function will export the private
key to PKCS8 format
@@ -599,28 +664,6 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t
key,
return ret;
}
-static int cipher_to_schema(int cipher)
-{
- switch(cipher)
- {
- case GNUTLS_CIPHER_AES_128_CBC:
- return PBES2_AES_128;
- break;
- case GNUTLS_CIPHER_AES_192_CBC:
- return PBES2_AES_192;
- break;
- case GNUTLS_CIPHER_AES_256_CBC:
- return PBES2_AES_256;
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- return PBES2_3DES;
- break;
- default:
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
- break;
- }
-}
-
/* Read the parameters cipher, IV, salt etc using the given
* schema ID.
@@ -1429,32 +1472,6 @@ oid2cipher (const char *oid, gnutls_cipher_algorithm_t *
algo)
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
}
-static const char* cipher_to_pkcs_params(int cipher, const char** oid)
-{
- switch(cipher)
- {
- case GNUTLS_CIPHER_AES_128_CBC:
- if (oid) *oid = AES_128_CBC_OID;
- return "PKIX1.pkcs-5-aes128-CBC-params";
- break;
- case GNUTLS_CIPHER_AES_192_CBC:
- if (oid) *oid = AES_192_CBC_OID;
- return "PKIX1.pkcs-5-aes192-CBC-params";
- break;
- case GNUTLS_CIPHER_AES_256_CBC:
- if (oid) *oid = AES_256_CBC_OID;
- return "PKIX1.pkcs-5-aes256-CBC-params";
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- if (oid) *oid = DES_EDE3_CBC_OID;
- return "PKIX1.pkcs-5-des-EDE3-CBC-params";
- break;
- default:
- return NULL;
- break;
- }
-}
-
static int
@@ -2280,7 +2297,7 @@ _gnutls_pkcs7_encrypt_data (schema_id schema,
ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
struct pbkdf2_params kdf_params;
struct pbe_enc_params enc_params;
-
+ const char* str_oid;
if ((result =
asn1_create_element (_gnutls_get_pkix (),
@@ -2294,38 +2311,18 @@ _gnutls_pkcs7_encrypt_data (schema_id schema,
/* Write the encryption schema OID
*/
- switch (schema)
+ result = schema_to_oid(schema, &str_oid);
+ if (result < 0)
{
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
- result =
- asn1_write_value (pkcs7_asn,
-
"encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- PBES2_OID, 1);
- break;
- case PKCS12_3DES_SHA1:
- result =
- asn1_write_value (pkcs7_asn,
-
"encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- PKCS12_PBE_3DES_SHA1_OID, 1);
- break;
- case PKCS12_ARCFOUR_SHA1:
- result =
- asn1_write_value (pkcs7_asn,
-
"encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- PKCS12_PBE_ARCFOUR_SHA1_OID, 1);
- break;
- case PKCS12_RC2_40_SHA1:
- result =
- asn1_write_value (pkcs7_asn,
-
"encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- PKCS12_PBE_RC2_40_SHA1_OID, 1);
- break;
-
+ gnutls_assert();
+ return result;
}
+ result =
+ asn1_write_value (pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ str_oid, 1);
+
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_7-21-gac0d81e,
Nikos Mavrogiannopoulos <=