[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-69-g1e8a1fa
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-69-g1e8a1fa |
Date: |
Sun, 22 May 2011 14:28:42 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1e8a1fac52de4d7bfe9cd13de33f3bc051610c08
The branch, master has been updated
via 1e8a1fac52de4d7bfe9cd13de33f3bc051610c08 (commit)
via 5892d0bf34761686c1078d8a251210fadef34d18 (commit)
via f91665debbb2b044ef95b0676a41cbf9c8ba2e79 (commit)
via 98aefa42a4f5ba83d4cb925debf3b3536c4060e7 (commit)
from 80febddf239ff7209a4eaf184023f336fcdc5fde (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1e8a1fac52de4d7bfe9cd13de33f3bc051610c08
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 16:28:39 2011 +0200
gnutls_algorithms.h -> algorithms.h
commit 5892d0bf34761686c1078d8a251210fadef34d18
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 16:27:27 2011 +0200
corrected ECC public key encoding/decoding.
commit f91665debbb2b044ef95b0676a41cbf9c8ba2e79
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 16:26:12 2011 +0200
Corrected bug in public key import.
print information on ECC public keys.
commit 98aefa42a4f5ba83d4cb925debf3b3536c4060e7
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 22 16:09:14 2011 +0200
No need to keep Z in parameters since the pubkey can always be converted to
an affine point.
-----------------------------------------------------------------------
Summary of changes:
lib/includes/gnutls/crypto.h | 3 +--
lib/nettle/pk.c | 9 ++++-----
lib/x509/key_decode.c | 38 +++-----------------------------------
lib/x509/key_encode.c | 34 ++++------------------------------
lib/x509/x509_int.h | 4 ++--
libextra/gnutls_extra.c | 2 +-
src/certtool-common.c | 2 +-
src/certtool.c | 31 +++++++++++++++++++++++++++++++
8 files changed, 47 insertions(+), 76 deletions(-)
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 80fbf82..d781c07 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -287,8 +287,7 @@ extern "C"
* [4] is Gy
* [5] is x
* [6] is y
- * [7] is z
- * [8] is k (private key)
+ * [7] is k (private key)
*/
/**
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 971e6f0..c9acf64 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -109,7 +109,7 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t
algo, gnutls_datum_t * o
memcpy(&ecc_pub.Gy, pub->params[4], sizeof(mpz_t));
memcpy(&ecc_pub.pubkey.x, pub->params[5], sizeof(mpz_t));
memcpy(&ecc_pub.pubkey.y, pub->params[6], sizeof(mpz_t));
- memcpy(&ecc_pub.pubkey.z, pub->params[7], sizeof(mpz_t));
+ mpz_init_set_ui(ecc_pub.pubkey.z, 1);
ecc_priv.type = PK_PRIVATE;
memcpy(&ecc_priv.prime, priv->params[0], sizeof(mpz_t));
@@ -119,8 +119,8 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t
algo, gnutls_datum_t * o
memcpy(&ecc_priv.Gy, priv->params[4], sizeof(mpz_t));
memcpy(&ecc_priv.pubkey.x, priv->params[5], sizeof(mpz_t));
memcpy(&ecc_priv.pubkey.y, priv->params[6], sizeof(mpz_t));
- memcpy(&ecc_priv.pubkey.z, priv->params[7], sizeof(mpz_t));
- memcpy(&ecc_priv.k, priv->params[8], sizeof(mpz_t));
+ memcpy(&ecc_priv.k, priv->params[7], sizeof(mpz_t));
+ mpz_init_set_ui(ecc_pub.pubkey.z, 1);
sz = ECC_BUF_SIZE;
out->data = gnutls_malloc(sz);
@@ -722,8 +722,7 @@ rsa_fail:
mpz_set(TOMPZ(params->params[4]), key.Gy);
mpz_set(TOMPZ(params->params[5]), key.pubkey.x);
mpz_set(TOMPZ(params->params[6]), key.pubkey.y);
- mpz_set(TOMPZ(params->params[7]), key.pubkey.z);
- mpz_set(TOMPZ(params->params[8]), key.k);
+ mpz_set(TOMPZ(params->params[7]), key.k);
ecc_fail:
ecc_free(&key);
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c
index d0bbce1..e7ec3ae 100644
--- a/lib/x509/key_decode.c
+++ b/lib/x509/key_decode.c
@@ -104,41 +104,9 @@ _gnutls_x509_read_rsa_pubkey (opaque * der, int dersize,
gnutls_pk_params_st * p
int
_gnutls_x509_read_ecc_pubkey (opaque * der, int dersize, gnutls_pk_params_st *
params)
{
-#if 0
- int ret;
- ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- gnutls_datum_t octet;
-
- if ((ret = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.ECPoint", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (ret);
- }
-
- ret = asn1_der_decoding (&spk, der, dersize, NULL);
- if (ret != ASN1_SUCCESS)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return _gnutls_asn2err (ret);
- }
-
-
- if ((ret = _gnutls_x509_read_value (spk, "", &octet, 0)) < 0)
- {
- gnutls_assert ();
- asn1_delete_structure (&spk);
- return GNUTLS_E_ASN1_GENERIC_ERROR;
- }
-
- ret = _gnutls_ecc_ansi_x963_import (octet.data, octet.size,
¶ms->params[5],
- ¶ms->params[6]);
- _gnutls_free_datum(&octet);
-
- return ret;
-#endif
+/* Eventhough RFC5480 defines the public key to be an ECPoint (i.e. OCTET
STRING),
+ * it is actually copied in raw there. Why do they use ASN.1 anyway?
+ */
return _gnutls_ecc_ansi_x963_import (der, dersize, ¶ms->params[5],
¶ms->params[6]);
}
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c
index 8b44d08..0860e7c 100644
--- a/lib/x509/key_encode.c
+++ b/lib/x509/key_encode.c
@@ -120,7 +120,6 @@ _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
{
int result;
ASN1_TYPE spk = ASN1_TYPE_EMPTY;
- gnutls_datum_t out;
der->data = NULL;
der->size = 0;
@@ -132,38 +131,13 @@ _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st *
params,
goto cleanup;
}
- result = _gnutls_ecc_ansi_x963_export(params->flags, params->params[5],
params->params[6], &out);
+ result = _gnutls_ecc_ansi_x963_export(params->flags, params->params[5],
params->params[6], /*&out*/der);
if (result < 0)
return gnutls_assert_val(result);
- if ((result = asn1_create_element
- (_gnutls_get_gnutls_asn (), "GNUTLS.ECPoint", &spk))
- != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = asn1_write_value (spk, "", out.data, out.size);
- if (result != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto cleanup;
- }
-
- result = _gnutls_x509_der_encode (spk, "", der, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto cleanup;
- }
-
result = 0;
cleanup:
- _gnutls_free_datum(&out);
asn1_delete_structure (&spk);
return result;
@@ -314,14 +288,14 @@ _gnutls_x509_write_ecc_params (gnutls_pk_params_st*
params,
return _gnutls_asn2err (result);
}
- if ((result = asn1_write_value (spk, "parameters", "namedCurve", 1)) !=
ASN1_SUCCESS)
+ if ((result = asn1_write_value (spk, "", "namedCurve", 1)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
goto cleanup;
}
- if ((result = asn1_write_value (spk, "parameters.namedCurve", oid, 1)) !=
ASN1_SUCCESS)
+ if ((result = asn1_write_value (spk, "namedCurve", oid, 1)) != ASN1_SUCCESS)
{
gnutls_assert ();
result = _gnutls_asn2err (result);
@@ -656,7 +630,7 @@ _gnutls_asn1_encode_ecc (ASN1_TYPE * c2,
gnutls_pk_params_st * params)
goto cleanup;
}
- ret = _gnutls_x509_write_int (*c2, "privateKey", params->params[8], 1);
+ ret = _gnutls_x509_write_int (*c2, "privateKey", params->params[7], 1);
if (ret < 0)
{
gnutls_assert ();
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index 95132ff..4df028b 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -78,7 +78,7 @@ typedef struct gnutls_pkcs7_int
/* parameters should not be larger than this limit */
#define DSA_PUBLIC_PARAMS 4
#define RSA_PUBLIC_PARAMS 2
-#define ECC_PUBLIC_PARAMS 8
+#define ECC_PUBLIC_PARAMS 7
#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA
*/
@@ -86,7 +86,7 @@ typedef struct gnutls_pkcs7_int
/* parameters should not be larger than this limit */
#define DSA_PRIVATE_PARAMS 5
#define RSA_PRIVATE_PARAMS 8
-#define ECC_PRIVATE_PARAMS 9
+#define ECC_PRIVATE_PARAMS 8
#if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
#error INCREASE MAX_PRIV_PARAMS
diff --git a/libextra/gnutls_extra.c b/libextra/gnutls_extra.c
index bdcbfcc..71d051a 100644
--- a/libextra/gnutls_extra.c
+++ b/libextra/gnutls_extra.c
@@ -24,7 +24,7 @@
#include <gnutls_int.h>
#include <gnutls_errors.h>
#include <gnutls_extensions.h>
-#include <gnutls_algorithms.h>
+#include <algorithms.h>
#include <gnutls/extra.h>
#ifdef HAVE_GCRYPT
diff --git a/src/certtool-common.c b/src/certtool-common.c
index a4cc71c..91fbbeb 100644
--- a/src/certtool-common.c
+++ b/src/certtool-common.c
@@ -547,7 +547,7 @@ load_pubkey (int mand, common_info_st * info)
if (info->pubkey == NULL)
error (EXIT_FAILURE, 0, "missing --load-pubkey");
- if (strncmp(info->privkey, "pkcs11:", 7) == 0)
+ if (strncmp(info->pubkey, "pkcs11:", 7) == 0)
return _load_pkcs11_pubkey(info->pubkey);
ret = gnutls_pubkey_init (&key);
diff --git a/src/certtool.c b/src/certtool.c
index 83b7f53..17443cf 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -144,6 +144,21 @@ print_dsa_pkey (gnutls_datum_t * x, gnutls_datum_t * y,
gnutls_datum_t * p,
}
static void
+print_ecc_pkey (gnutls_ecc_curve_t curve, gnutls_datum_t* k, gnutls_datum_t *
x, gnutls_datum_t * y)
+{
+ if (k)
+ {
+ fprintf (outfile, "private key:");
+ print_hex_datum (k);
+ }
+ fprintf (outfile, "curve:\t%s\n", gnutls_ecc_curve_get_name(curve));
+ fprintf (outfile, "x:");
+ print_hex_datum (x);
+ fprintf (outfile, "y:");
+ print_hex_datum (y);
+}
+
+static void
print_rsa_pkey (gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d,
gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u,
gnutls_datum_t * exp1, gnutls_datum_t * exp2)
@@ -2933,6 +2948,22 @@ pubkey_info (gnutls_x509_crt_t crt, common_info_st *
cinfo)
gnutls_free (g.data);
}
}
+ else if (ret == GNUTLS_PK_ECC)
+ {
+ gnutls_datum_t x, y;
+ gnutls_ecc_curve_t curve;
+
+ ret = gnutls_pubkey_get_pk_ecc_raw (pubkey, &curve, &x, &y);
+ if (ret < 0)
+ fprintf (stderr, "Error in key ECC data export: %s\n",
+ gnutls_strerror (ret));
+ else
+ {
+ print_ecc_pkey (curve, NULL, &y, &x);
+ gnutls_free (y.data);
+ gnutls_free (x.data);
+ }
+ }
ret = gnutls_pubkey_get_key_usage (pubkey, &usage);
if (ret < 0)
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-69-g1e8a1fa,
Nikos Mavrogiannopoulos <=