summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@crystal.(none)>2008-06-23 02:15:58 +0300
committerNikos Mavrogiannopoulos <nmav@crystal.(none)>2008-06-23 02:15:58 +0300
commitea88f2a86c00a9b5afca523e30fd9e77adda373d (patch)
tree3402a61baa9df4c9fd12365de11af55baf387979
parente6864717c4da368f81453d515a311476e2ac196b (diff)
downloadgnutls_with_ext_mpi.tar.gz
merged with master.gnutls_with_ext_mpi
Diffstat
-rw-r--r--AUTHORS3
-rw-r--r--GNUmakefile10
-rw-r--r--Makefile.am2
-rw-r--r--NEWS471
-rw-r--r--README20
-rw-r--r--THANKS3
-rwxr-xr-xbuild-aux/config.rpath10
-rwxr-xr-xbuild-aux/gendocs.sh11
-rw-r--r--configure.in77
-rw-r--r--doc/examples/Makefile.am18
-rw-r--r--doc/examples/ex-client-psk.c119
-rw-r--r--doc/examples/ex-cxx.cpp101
-rw-r--r--doc/examples/ex-serv-export.c10
-rw-r--r--doc/examples/ex-serv-psk.c226
-rw-r--r--doc/examples/ex-session-info.c11
-rw-r--r--doc/examples/ex-x509-info.c3
-rw-r--r--doc/gendocs_template6
-rw-r--r--doc/gnutls.texi740
-rw-r--r--doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-02.txt485
-rw-r--r--doc/protocol/draft-ietf-netconf-tls-02.txt809
-rw-r--r--doc/protocol/draft-ietf-tls-ecc-new-mac-06.txt392
-rw-r--r--doc/protocol/draft-ietf-tls-ecc-new-mac-07.txt392
-rw-r--r--doc/protocol/draft-rescorla-tls-extended-random-00.txt448
-rw-r--r--doc/reference/gnutls-docs.sgml6
-rw-r--r--gl/gnulib.mk17
-rw-r--r--gl/inet_ntop.h42
-rw-r--r--gl/inet_pton.h24
-rw-r--r--gl/m4/autobuild.m439
-rw-r--r--guile/src/core.c4
-rw-r--r--guile/tests/Makefile.am13
-rw-r--r--includes/gnutls/crypto.h1
-rw-r--r--lgl/m4/strcase.m444
-rw-r--r--lgl/m4/strings_h.m433
-rw-r--r--lgl/stdio-impl.h94
-rw-r--r--lgl/strcasecmp.c63
-rw-r--r--lgl/strings.in.h86
-rw-r--r--lgl/strncasecmp.c63
-rw-r--r--m4/autobuild.m434
-rw-r--r--m4/libgcrypt.m46
-rw-r--r--maint.mk2
-rw-r--r--po/LINGUAS1
-rw-r--r--po/POTFILES.in1
-rw-r--r--po/vi.po.in756
43 files changed, 5199 insertions, 497 deletions
diff --git a/AUTHORS b/AUTHORS
index eb5667792a..456f4c6c60 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -45,6 +45,9 @@ TLS/IA fixes.
Joe Orton <jorton@redhat.com>
Certificate name import/export, build fixes, test vectors.
+Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+OpenPGP discussion and improvements.
+
-----BEGIN PGP PUBLIC KEY BLOCK-----
URL: http://josefsson.org/key.txt (always latest version)
Comment: This 0xB565716F key is used to sign releases of GnuTLS.
diff --git a/GNUmakefile b/GNUmakefile
index 0c1bc38afb..062900b547 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -59,9 +59,13 @@ ifeq ($(_have-git-version-gen)0,yes$(MAKELEVEL))
_curr-ver := $(shell cd $(srcdir) && ./$(_build-aux)/git-version-gen \
$(srcdir)/.tarball-version)
ifneq ($(_curr-ver),$(VERSION))
- $(info INFO: running autoreconf for new version string: $(_curr-ver))
- _dummy := $(shell cd $(srcdir) && rm -rf autom4te.cache .version \
- && $(_autoreconf))
+ ifeq ($(_curr-ver),UNKNOWN)
+ $(info WARNING: unable to verify if $(VERSION) is correct version)
+ else
+ $(info INFO: running autoreconf for new version string: $(_curr-ver))
+ _dummy := $(shell cd $(srcdir) && rm -rf autom4te.cache .version \
+ && $(_autoreconf))
+ endif
endif
endif
endif
diff --git a/Makefile.am b/Makefile.am
index 7c921bf691..f7f31de4a8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -30,7 +30,7 @@ endif
ACLOCAL_AMFLAGS = -I m4 -I gl/m4 -I lgl/m4
-EXTRA_DIST = cfg.mk .clcopying
+EXTRA_DIST = cfg.mk maint.mk .clcopying
# Maintainer targets
diff --git a/NEWS b/NEWS
index 60de271df9..b83319f4ba 100644
--- a/NEWS
+++ b/NEWS
@@ -5,8 +5,9 @@ See the end for copying conditions.
* Version 2.5.0 (unreleased)
-** Added wide wildcard hostname matching. Patch by Jean-Philippe Garcia
-Ballester.
+** Fix compiler warnings.
+Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1281>.
** Added API to replace and update the crypto backend.
@@ -21,6 +22,399 @@ gnutls_crypto_rnd_register2: Added
gnutls_crypto_pk_register2: Added
gnutls_crypto_bigint_register2: Added
+* Version 2.4.0 (released 2008-06-19)
+
+** Major changes compared to the v2.2 branch:
+
+*** The OpenPGP sub-system has been improved and now supports subkeys.
+
+*** The PSK sub-system has been improved and now supports password
+*** derivation and PSK identity hints.
+The password derivation algorithms support is documented in
+draft-ietf-netconf-tls-02.txt.
+
+*** The certtool --inder and --outder has been replaced by --inraw and --outraw.
+This aligns terminology with OpenPGP, which doesn't use DER encoding.
+The old parameters will continue to work for some time.
+
+*** Certtool now confirm passwords and changes permissions of private key files.
+
+*** The default handshake size limit has been increased to 48kb.
+It appears as if some valid handshakes are large due to sending many
+CA certificates. (The earlier limit was 16kb.)
+
+*** LZO compression is now disabled by default.
+The main reason is that LZO compression in TLS is not standardized,
+but license compatiblity issues with minilzo triggered us to make this
+decision now.
+
+*** Improvements for cross-compilation to Windows and OpenWRT.
+
+*** The look of the GTK-DOC manual has been improved.
+Major developer visible changes compared to the v2.2 branch:
+
+*** Full OpenPGP support is part of libgnutls, licensed under the LGPL.
+
+*** New APIs to access the raw X.509 Subject and Issuer DN's and
+*** elements from the certificate credentials structure.
+Thanks to Joe Orton.
+
+*** New APIs to improve working with username/passwords and PSK.
+
+*** Names of constants to affect certificate printing changed.
+The constants are used for OpenPGP too, which the names didn't
+reflect, so the following name change has been made:
+
+ Old name New name
+ GNUTLS_X509_CRT_FULL GNUTLS_CRT_PRINT_FULL
+ GNUTLS_X509_CRT_ONELINE GNUTLS_CRT_PRINT_ONELINE
+ GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL
+
+The old names will be mapped to the new names for some time.
+
+*** The function gnutls_openpgp_privkey_get_id has been renamed to
+*** gnutls_openpgp_privkey_get_key_id.
+A compatibility mapping exists to avoid breaking API backwards
+compatibility.
+
+*** Replaced all uses of alloca with malloc and free.
+
+*** We no longer build with -D_REENTRANT -D_THREAD_SAFE.
+We have been unable to find a documented rationale for this practice.
+
+*** Of course, many smaller fixes have been made, see the ChangeLog file.
+
+*** API/ABI changes in GnuTLS 2.4
+All OpenPGP related functions have been moved from libgnutls-extra to
+libgnutls, and several new functions have been added (see below).
+Before making the release, we discussed whether moving functions from
+libgnutls-extra to libgnutls would require us to increment the ABI
+version, but the general opinion was that this would not be required.
+All older functions continue to work the same. We are open to the
+possibility that this decision will lead to problem on some platform,
+and if it turns out that the Right Thing should have been to increment
+the shared library version, we would need to release an update within
+the 2.4.x branch that increments the shared library version.
+
+This release adds the following functions:
+
+ gnutls_psk_client_get_hint
+ gnutls_psk_set_server_credentials_hint
+ gnutls_psk_netconf_derive_key
+
+ Used to get/set the PSK identity hint, and derive PSK keys from
+ passwords a'la netconf.
+
+ gnutls_x509_dn_deinit
+ gnutls_x509_dn_export
+ gnutls_x509_dn_import
+ gnutls_x509_dn_init
+
+ Used to handle X.509 Certificate DN's directly.
+
+ gnutls_hex2bin
+
+ Converts a data buffer to hex. Useful for handling PSK/SRP shared
+ secrets.
+
+ gnutls_certificate_get_x509_cas
+ gnutls_certificate_get_x509_crls
+ gnutls_certificate_get_openpgp_keyring
+
+ Functions for direct access to credential elements.
+
+ gnutls_openpgp_crt_get_auth_subkey
+ gnutls_openpgp_crt_get_key_id
+ gnutls_openpgp_crt_get_pk_dsa_raw
+ gnutls_openpgp_crt_get_pk_rsa_raw
+ gnutls_openpgp_crt_get_preferred_key_id
+ gnutls_openpgp_crt_get_revoked_status
+ gnutls_openpgp_crt_get_subkey_count
+ gnutls_openpgp_crt_get_subkey_creation_time
+ gnutls_openpgp_crt_get_subkey_expiration_time
+ gnutls_openpgp_crt_get_subkey_fingerprint
+ gnutls_openpgp_crt_get_subkey_id
+ gnutls_openpgp_crt_get_subkey_idx
+ gnutls_openpgp_crt_get_subkey_pk_algorithm
+ gnutls_openpgp_crt_get_subkey_pk_dsa_raw
+ gnutls_openpgp_crt_get_subkey_pk_rsa_raw
+ gnutls_openpgp_crt_get_subkey_revoked_status
+ gnutls_openpgp_crt_get_subkey_usage
+ gnutls_openpgp_crt_print
+ gnutls_openpgp_crt_set_preferred_key_id
+ gnutls_openpgp_keyring_get_crt
+ gnutls_openpgp_keyring_get_crt_count
+ gnutls_openpgp_privkey_export
+ gnutls_openpgp_privkey_export_dsa_raw
+ gnutls_openpgp_privkey_export_rsa_raw
+ gnutls_openpgp_privkey_export_subkey_dsa_raw
+ gnutls_openpgp_privkey_export_subkey_rsa_raw
+ gnutls_openpgp_privkey_get_fingerprint
+ gnutls_openpgp_privkey_get_key_id
+ gnutls_openpgp_privkey_get_pk_algorithm
+ gnutls_openpgp_privkey_get_preferred_key_id
+ gnutls_openpgp_privkey_get_revoked_status
+ gnutls_openpgp_privkey_get_subkey_count
+ gnutls_openpgp_privkey_get_subkey_creation_time
+ gnutls_openpgp_privkey_get_subkey_expiration_time
+ gnutls_openpgp_privkey_get_subkey_fingerprint
+ gnutls_openpgp_privkey_get_subkey_id
+ gnutls_openpgp_privkey_get_subkey_idx
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm
+ gnutls_openpgp_privkey_get_subkey_revoked_status
+ gnutls_openpgp_privkey_set_preferred_key_id
+
+ New OpenPGP related functions.
+
+ The function gnutls_openpgp_crt_get_key_id is the same as the old
+ from gnutls_openpgp_crt_get_id, see above.
+
+The release also adds a new header file 'gnutls/crypto.h', however it
+is currently not used.
+
+** libgnutls [OpenPGP]: New APIs to retrieve fingerprint from OpenPGP subkeys.
+Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+** API and ABI modifications:
+gnutls_openpgp_crt_get_subkey_fingerprint: ADDED.
+gnutls_openpgp_privkey_get_subkey_fingerprint: ADDED.
+
+* Version 2.3.15 (released 2008-06-15)
+
+** Disable the openpgp-certs self-tests.
+It results in failure under Wine and doesn't work on Debian buildds.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.14 (released 2008-06-11)
+
+** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
+An OpenPGP certificate is now only considered verified if all the user
+IDs are verified.
+
+** Examples: Make C++ example compile.
+Earlier it may have failed with an unresolved reference to strlen.
+
+** Documentation: Doc fix for gnutls_x509_crt_get_extension_oid.
+Reported by Sam Varshavchik <mrsam@courier-mta.com>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.13 (released 2008-06-07)
+
+** libgnutls [OpenPGP]: Make OpenPGP handshakes work again.
+
+** doc/: Add psktool to info index. Some minor cleanups.
+
+** tests/: Added non-forking TLS handshake test, see tests/mini.c.
+
+** tests/: Added libgcrypt.supp which can be used with valgrind.
+The file suppresses the known libgcrypt memory leaks, so they aren't
+printed when you run valgrind on the gnutls self-tests. Use it as
+follows: valgrind --suppressions=libgcrypt.supp ./x509self or add
+'--suppressions=/home/you/src/gnutls/tests/libgcrypt.supp' to your
+~/.valgrindrc file.
+
+** tests/: Reduce amount of debugging output by default.
+Use --verbose for each test to get the full output.
+
+** tests/: Fix memory leaks in several self-tests.
+None of the self tests should be leaking memory when running valgrind
+or similar tools. (Known exceptions are dhepskself, pskself, and
+set_pkcs12_cred, which appear likely to be due to memory leaks in the
+library.)
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.12 (released 2008-06-04)
+
+** Merge gnutls_with_netconf branch.
+
+*** libgnutls [PSK]: New API to retrieve PSK identity hint in client.
+The function is gnutls_psk_client_get_hint.
+
+*** libgnutls [PSK]: New API to set PSK identity hint in server.
+The function is gnutls_psk_set_server_credentials_hint.
+
+*** libgnutls [PSK]: Support server key exchange with PSK identity hint.
+In the client, the message is parsed and the application can use
+gnutls_psk_client_get_hint to retrieve the hint. In the server, the
+message is sent if the application has specified a PSK identity hint
+using gnutls_psk_set_server_credentials_hint.
+
+*** libgnutls [PSK]: Support Netconf PSK key derivation.
+The function gnutls_psk_netconf_derive_key supports the PSK key
+derivation as specified in draft-ietf-netconf-tls-02.txt. New self
+test netconf-psk.c.
+
+*** psktool: Support new --netconf-hint to generate PSK key from password.
+Uses the Netconf algorithm to derive PSK key from password.
+
+*** gnutls-serv: Support new --pskhint parameter to set PSK identity hint.
+
+*** gnutls-cli: Always support PSK modes, through a callback.
+The callback will derive a PSK key using Netconf algorithm. It will
+print the PSK identity hint to help the user.
+
+*** New PSK example client and server.
+See doc/examples/ex-client-psk.c and doc/examples/ex-serv-psk.c.
+
+** libgnutls: Fix gnutls_x509_crl_set_version on arm platforms.
+The code didn't work properly on platforms where 'char' is unsigned,
+when you set version 0. Reported by Laurence Withers
+<l@lwithers.me.uk> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2825>.
+
+** libgnutls-openssl: added RAND_pseudo_bytes API.
+Patch from Robert Millan <rmh@aybabtu.com>.
+
+** API and ABI modifications:
+RAND_pseudo_bytes: ADDED to libgnutls-openssl.
+gnutls_psk_client_get_hint: ADDED.
+gnutls_psk_set_server_credentials_hint: ADDED.
+gnutls_psk_netconf_derive_key: ADDED
+
+* Version 2.3.11 (released 2008-05-20)
+
+** Fix flaw in fix for GNUTLS-SA-2008-1-3.
+The flaw would result in incorrectly terminated sessions with the
+error "Decryption has failed" when the server sends a small packet
+(typically when the session is closed). Reported by Andreas Metzler
+<ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2807>.
+
+** Don't use gnulib headers when building C++ library.
+Fixes builds under Windows.
+
+** Make umask a requirement.
+We don't know of any system that lacks it, even GNU CoreUtils use it
+unconditionally.
+
+** Update gnulib files.
+Fixes a problem where it pulled in a replacement for memcmp under
+MinGW, which caused the C++ example to fail to build.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.10 (released 2008-05-19)
+
+** Added wide wildcard hostname matching.
+Tiny patch by Jean-Philippe Garcia Ballester.
+
+** Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
+Thanks to CERT-FI for finding the bugs and providing detailed reports,
+which allowed the bugs to be reproduced and fixed easily. Patches
+developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates
+with more details about these vulnerabilities will be added to
+<http://www.gnu.org/software/gnutls/security.html>
+
+*** [GNUTLS-SA-2008-1-1]
+*** libgnutls: Fix crash when sending invalid server name.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to store more session resumption data than what was
+allocated for, thus overwriting unallocated memory.
+
+*** [GNUTLS-SA-2008-1-2]
+*** libgnutls: Fix crash when sending repeated client hellos.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+triggers a null-pointer dereference.
+
+*** [GNUTLS-SA-2008-1-3]
+*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to read memory beyond the end of the received record.
+
+** libgnutlsxx: Updated API according to patches from Eduardo
+Villanueva Che (discussion at
+<http://lists.gnu.org/archive/html/gnutls-devel/2007-02/msg00017.html>)
+
+** Use umask to restrict permissions to owner before creating a file.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.9 (released 2008-05-16)
+
+** libgnutls: Fix build failures if SRP/OpenPGP is disabled.
+Based on report and tiny patches from
+<jared.jennings.ctr@eglin.af.mil>, see
+<https://savannah.gnu.org/support/index.php?106342>.
+
+** libgnutls: Translation fixes.
+
+** gnutls-cli: Fix so that PSK authentication works.
+Also improve manual to give example for gnutls-cli PSK authentication.
+
+** certtool: Encrypting a private key now require a confirmed password.
+Before './certtool -k -8' would merely ask for a password once.
+Reported by Daniel 'NebuchadnezzaR' Dehennin
+<nebuchadnezzar@asgardr.info> see
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>.
+
+** certtool: When writing private keys to files, change permissions of file.
+Now the file which the private key is saved to is chmod'ed 0600.
+Reported by martin f krafft <madduck@debian.org> see
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>.
+
+** guile: Fix -fgnu89-inline test.
+
+** Removed --enable-profile-mode.
+The code linked gnutls with the libfc project (Function Check) which
+appears to have been stalled since around 2002.
+
+** Clean up header file checks by ./configure.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.8 (released 2008-04-29)
+
+** libgnutls: Increase default handshake packet size limit to 48kb.
+The old limit was 16kb and some servers send huge list of trusted CAs,
+thus running into the limit. FYI, applications can further increase
+this limit using gnutls_handshake_set_max_packet_length. Thanks to
+Marc Haber <mh+debian-bugs@zugschlus.de> and "Marc F. Clemente"
+<marc@mclemente.net> for reporting and providing test servers.
+
+** libgnutls: Add new error code: GNUTLS_E_HANDSHAKE_TOO_LARGE
+Returned when the handshake data size is too large. Before
+GNUTLS_E_MEMORY_ERROR was used, which could be confused with other
+error situations.
+
+** libgnutls: Hide definitions in crypto.h.
+We have decided that the APIs defined in crypto.h are not stable
+enough for v2.4, so don't use any of those functions.
+
+** gnutls-cli: exit when hostname doesn't match certificate.
+Use --insecure to avoid hostname comparison.
+
+** certtool: --inder and --outder replaced by --inraw and --outraw.
+The reason is to align terminology with OpenPGP, which doesn't use
+DER. The old parameters will continue to work for some time.
+
+** doc: Add section 'Index of new symbols in 2.4.0' to the GTK-DOC manual.
+
+** doc: Many cosmetic fixes, to silence (most) gtk-doc warnings.
+
+** Mingw32: Revert libgcrypt vasprintf work-around added in last release.
+Use libgcrypt 1.4.1 or later when building on MinGW32, it removes the
+vasprintf symbol from the libgcrypt library which caused problems.
+
+** Update of gnulib files.
+
+
+** API and ABI modifications:
+GNUTLS_E_HANDSHAKE_TOO_LARGE: ADDED.
+
* Version 2.3.7 (released 2008-04-21)
** opencdk now properly sets the key usage bits into openpgp keys.
@@ -308,6 +702,79 @@ in a callback friendly way.
** API and ABI modifications:
No changes since last version.
+* Version 2.2.5 (released 2008-05-19)
+
+** Fix flaw in fix for GNUTLS-SA-2008-1-3.
+The flaw would result in incorrectly terminated sessions with the
+error "Decryption has failed" when the server sends a small packet
+(typically when the session is closed). Reported by Andreas Metzler
+<ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2807>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.4 (released 2008-05-19)
+
+** Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
+Thanks to CERT-FI for finding the bugs and providing detailed reports,
+which allowed the bugs to be reproduced and fixed easily. Patches
+developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates
+with more details about these vulnerabilities will be added to
+<http://www.gnu.org/software/gnutls/security.html>
+
+*** [GNUTLS-SA-2008-1-1]
+*** libgnutls: Fix crash when sending invalid server name.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to store more session resumption data than what was
+allocated for, thus overwriting unallocated memory.
+
+*** [GNUTLS-SA-2008-1-2]
+*** libgnutls: Fix crash when sending repeated client hellos.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+triggers a null-pointer dereference.
+
+*** [GNUTLS-SA-2008-1-3]
+*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to read memory beyond the end of the received record.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.3 (released 2008-05-06)
+
+** Increase default handshake packet size limit to 48kb.
+The old limit was 16kb and some servers send huge list of trusted CAs,
+thus running into the limit. FYI, applications can further increase
+this limit using gnutls_handshake_set_max_packet_length. Thanks to
+Marc Haber <mh+debian-bugs@zugschlus.de> and "Marc F. Clemente"
+<marc@mclemente.net> for reporting and providing test servers.
+
+** Fix compilation error related to __FUNCTION__ on some systems.
+Reported by Tim Mooney, see
+<https://savannah.gnu.org/support/?106267>.
+
+** Documented the --priority option to gnutls-cli and gnutls-serv.
+
+** Fix fopen file descriptor leak in PSK server code.
+Thanks to Laurence Withers <l@lwithers.me.uk>, see
+<http://lists.gnu.org/archive/html/gnutls-devel/2008-04/msg00002.html>.
+
+** Build Guile code with -fgnu89-inline only when supported.
+Reported by Kris Karas <ktk@enterprise.bidmc.harvard.edu> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2708>.
+
+** Make Camellia encryption work.
+Reported by Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2746>.
+
+** API and ABI modifications:
+No changes since last version.
+
* Version 2.2.2 (released 2008-02-21)
** Cipher priority string handling now handle strings that starts with NULL.
diff --git a/README b/README
index cf72ea54de..7b8c2921f3 100644
--- a/README
+++ b/README
@@ -22,26 +22,6 @@ In case you are compiling for embedded systems you should check the
configure options (that is run: 'configure --help'), and disable
unneeded features of gnutls.
-Experimental:
-
-If you specify --with-builtin-crypto, you will use gnulib instead of
-libgcrypt for (some) crypto routines.
-
-Currently the generic crypto interface only support secret key
-ciphering, hashing and gathering of random data. Supporting
-RSA/DSA/DH/SEXP/MPI in the generic crypto interface is pending.
-
-If --with-builtin-crypto is specified, random data will be read from
-system device files (e.g., /dev/random) directly. The files used are
-printed when running configure, you can override them using
---enable-random-device, --enable-pseudo-random-device, and
---enable-nonce-device. Please let us know if the defaults for some
-systems are wrong.
-
-The goal here is to make GnuTLS build standalone, in case Libgcrypt is
-not available, but also to allow easy use of other crypto libraries or
-crypto hardware.
-
LICENSE ISSUES
--------------
diff --git a/THANKS b/THANKS
index aa03f913ce..3c715af95b 100644
--- a/THANKS
+++ b/THANKS
@@ -80,6 +80,9 @@ Rainer Gerhards <rgerhards@gmail.com>
John Brooks <aspecialj@gmail.com>
Massimo Gaspari <massimo.gaspari@alice.it>
Marc F. Clemente <marc@mclemente.net>
+Daniel Dehennin <nebuchadnezzar@asgardr.info>
+martin f krafft <madduck@debian.org>
+Sam Varshavchik <mrsam@courier-mta.com>
----------------------------------------------------------------------
Copying and distribution of this file, with or without modification,
diff --git a/build-aux/config.rpath b/build-aux/config.rpath
index 35f959b87c..c547c68825 100755
--- a/build-aux/config.rpath
+++ b/build-aux/config.rpath
@@ -2,7 +2,7 @@
# Output a system dependent set of variables, describing how to set the
# run time search path of shared libraries in an executable.
#
-# Copyright 1996-2008 Free Software Foundation, Inc.
+# Copyright 1996-2007 Free Software Foundation, Inc.
# Taken from GNU libtool, 2001
# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
#
@@ -158,7 +158,7 @@ if test "$with_gnu_ld" = yes; then
# option of GNU ld is called -rpath, not --rpath.
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
case "$host_os" in
- aix[3-9]*)
+ aix3* | aix4* | aix5*)
# On AIX/PPC, the GNU linker is very broken
if test "$host_cpu" != ia64; then
ld_shlibs=no
@@ -254,7 +254,7 @@ else
hardcode_direct=unsupported
fi
;;
- aix[4-9]*)
+ aix4* | aix5*)
if test "$host_cpu" = ia64; then
# On IA64, the linker does run time linking by default, so we don't
# have to do anything special.
@@ -264,7 +264,7 @@ else
# Test if we are trying to use run time linking or normal
# AIX style linking. If -brtl is somewhere in LDFLAGS, we
# need to do runtime linking.
- case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ case $host_os in aix4.[23]|aix4.[23].*|aix5*)
for ld_flag in $LDFLAGS; do
if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
aix_use_runtimelinking=yes
@@ -505,7 +505,7 @@ case "$host_os" in
aix3*)
library_names_spec='$libname.a'
;;
- aix[4-9]*)
+ aix4* | aix5*)
library_names_spec='$libname$shrext'
;;
amigaos*)
diff --git a/build-aux/gendocs.sh b/build-aux/gendocs.sh
index 5247034fe0..aded2c4d7f 100755
--- a/build-aux/gendocs.sh
+++ b/build-aux/gendocs.sh
@@ -157,6 +157,11 @@ if test ! -r $GENDOCS_TEMPLATE_DIR/gendocs_template; then
exit 1
fi
+case $outdir in
+ /*) dotdot_outdir="$outdir";;
+ *) dotdot_outdir="../$outdir";;
+esac
+
echo Generating output formats for $srcfile
cmd="$SETLANG $MAKEINFO -o $PACKAGE.info \"$srcfile\""
@@ -206,7 +211,7 @@ html_split() {
(
cd ${split_html_dir} || exit 1
ln -sf ${PACKAGE}.html index.html
- tar -czf ../$outdir/${PACKAGE}.html_$1.tar.gz -- *.html
+ tar -czf $dotdot_outdir/${PACKAGE}.html_$1.tar.gz -- *.html
)
eval html_$1_tgz_size=`calcsize $outdir/${PACKAGE}.html_$1.tar.gz`
rm -f $outdir/html_$1/*.html
@@ -231,7 +236,7 @@ if test -z "$use_texi2html"; then
split_html_dir=$PACKAGE.html
(
cd ${split_html_dir} || exit 1
- tar -czf ../$outdir/${PACKAGE}.html_node.tar.gz -- *.html
+ tar -czf $dotdot_outdir/${PACKAGE}.html_node.tar.gz -- *.html
)
html_node_tgz_size=`calcsize $outdir/${PACKAGE}.html_node.tar.gz`
rm -f $outdir/html_node/*.html
@@ -273,7 +278,7 @@ if test -n "$docbook"; then
split_html_db_dir=html_node_db
(
cd ${split_html_db_dir} || exit 1
- tar -czf ../$outdir/${PACKAGE}.html_node_db.tar.gz -- *.html
+ tar -czf $dotdot_outdir/${PACKAGE}.html_node_db.tar.gz -- *.html
)
html_node_db_tgz_size=`calcsize $outdir/${PACKAGE}.html_node_db.tar.gz`
rm -f $outdir/html_node_db/*.html
diff --git a/configure.in b/configure.in
index 2d07204b7e..70775ed606 100644
--- a/configure.in
+++ b/configure.in
@@ -22,24 +22,19 @@ dnl Process this file with autoconf to produce a configure script.
# USA
AC_PREREQ(2.61)
-AC_INIT([GnuTLS], [2.3.8], [bug-gnutls@gnu.org])
+AC_INIT([GnuTLS], [2.5.0], [bug-gnutls@gnu.org])
AC_CONFIG_AUX_DIR([build-aux])
-AC_CANONICAL_TARGET
-
AM_INIT_AUTOMAKE([1.10 dist-bzip2])
AM_CONFIG_HEADER(config.h)
-AB_INIT
-
# Library code modified: REVISION++
# Interfaces changed/added/removed: CURRENT++ REVISION=0
# Interfaces added: AGE++
# Interfaces removed: AGE=0
-AC_SUBST(LT_CURRENT, 29)
-AC_SUBST(LT_REVISION, 2)
-AC_SUBST(LT_AGE, 3)
-ac_full=1
+AC_SUBST(LT_CURRENT, 31)
+AC_SUBST(LT_REVISION, 0)
+AC_SUBST(LT_AGE, 5)
# Used when creating the Windows libgnutls-XX.def files.
SOVERSION=`expr ${LT_CURRENT} - ${LT_AGE}`
@@ -77,13 +72,6 @@ AC_ARG_ENABLE(developer-mode,
opt_developer_mode=$enableval)
AC_MSG_RESULT($opt_developer_mode)
-opt_profiler_mode=no
-AC_MSG_CHECKING([whether in profile mode])
-AC_ARG_ENABLE(profile-mode,
- AS_HELP_STRING([--enable-profile-mode], [enable profiler]),
-opt_profiler_mode=$enableval)
-AC_MSG_RESULT($opt_profiler_mode)
-
AC_MSG_RESULT([***
*** Checking for compilation programs...
])
@@ -125,9 +113,6 @@ if test "$use_cxx" != "no"; then
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
AC_LANG_POP(C++)
fi
-AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
-AC_MSG_CHECKING([whether to build C++ library])
-AC_MSG_RESULT($use_cxx)
AC_MSG_CHECKING([whether C99 macros are supported])
AC_TRY_COMPILE(,[
@@ -164,8 +149,6 @@ if test $ac_cv_c_compiler_gnu != no; then
AC_COMPILE_IFELSE(AC_LANG_PROGRAM([]),
_gcc_gnu89_inline=yes, _gcc_gnu89_inline=no)
AC_MSG_RESULT($_gcc_gnu89_inline)
- AM_CONDITIONAL([HAVE_GCC_GNU89_INLINE_OPTION],
- [test "x$_gcc_gnu89_inline" = "xyes"])
CFLAGS=$_gcc_cflags_save;
AC_MSG_CHECKING([if gcc/ld supports -Wl,--output-def])
@@ -202,17 +185,22 @@ fi
# Needs to be called outside of 'if' clause.
AM_CONDITIONAL(HAVE_LD_OUTPUT_DEF, test "$output_def" = "yes")
+AM_CONDITIONAL([HAVE_GCC_GNU89_INLINE_OPTION],
+ [test "$_gcc_gnu89_inline" = "yes"])
AC_MSG_RESULT([***
*** Detecting C library capabilities...
])
AC_HEADER_STDC
-AC_CHECK_HEADERS(strings.h)
-AC_CHECK_HEADERS(errno.h)
-AC_CHECK_HEADERS(math.h limits.h float.h stdarg.h ctype.h)
AC_CHECK_HEADERS(netdb.h)
-AC_CHECK_FUNCS(umask isascii fork,,)
+AC_CHECK_FUNCS(fork,,)
+AC_DEFINE([HAVE_STRINGS_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_FLOAT_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_LIMITS_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_MATH_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_CTYPE_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_ERRNO_H], 1, [Hard-code for src/cfg/.])
# No fork on MinGW, disable some self-tests until we fix them.
AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
@@ -370,6 +358,10 @@ dnl Can't disable - gnutls depends on gcrypt
]]))
libgcrypt=yes
+# If this ever changes to 0, the user disabled some officially enabled
+# stuff so we will print a warning.
+ac_full=1
+
# Hard-wire the gl/m4/gc.m4 test.
AC_ARG_WITH(builtin-crypto,
AS_HELP_STRING([--with-builtin-crypto],
@@ -427,6 +419,7 @@ else
ac_full=0
AC_MSG_RESULT(yes)
fi
+AM_CONDITIONAL(ENABLE_PSK, test "$ac_enable_psk" != "no")
AC_MSG_CHECKING([whether to disable anonymous authentication support])
AC_ARG_ENABLE(anon-authentication,
@@ -479,9 +472,6 @@ else
fi
AM_CONDITIONAL(ENABLE_PKI, test "$disable_pki" = "no")
-dnl Check whether to disable OpenPGP authentication completely
-dnl from libgnutls-extra.
-
ac_enable_openpgp=yes
AC_MSG_CHECKING([whether to disable OpenPGP Certificate authentication support])
AC_ARG_ENABLE(openpgp-authentication,
@@ -532,6 +522,17 @@ AC_MSG_RESULT($minitasn1_enabled)
AM_CONDITIONAL(ENABLE_MINITASN1, test "$minitasn1_enabled" = "yes")
+if test "$ac_full" != 1; then
+ AC_MSG_WARN([[
+***
+*** C++ library disabled because some parts of GnuTLS has been disabled.
+]])
+ use_cxx=no
+fi
+AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
+AC_MSG_CHECKING([whether to build C++ library])
+AC_MSG_RESULT($use_cxx)
+
dnl Check for libcfg+
SAVED_LIBS=$LIBS
@@ -660,20 +661,6 @@ export ac_full
AM_CFLAGS="${AM_CFLAGS} ${LIBGCRYPT_CFLAGS}"
-if test $ac_cv_c_compiler_gnu != no; then
- if test x$opt_profiler_mode = xyes; then
- AC_CHECK_PROG(FC_OK, fc-config, yes, no)
- if test x$FC_OK = xyes; then
- AM_CFLAGS="${AM_CFLAGS} `fc-config --cflags`"
- LIBS="$LIBS `fc-config --libs`"
- else
-AC_MSG_WARN(***
-*** You must install libfc in order to enable profiling. http://www710.univ-lyon1.fr/~yperret/fnccheck/profiler.html
-)
- fi
- fi
-fi
-
if test $ac_full -eq 0; then
AC_SUBST(POSSIBLY_WARN_ABOUT_MISSING_FEATURES, [[
#ifdef __GNUC__
@@ -688,6 +675,10 @@ AC_CONFIG_COMMANDS([chmod-config],[[
chmod +x libextra/libgnutls-extra-config
]],[[]])
+
+AC_DEFINE([INTERNAL_GNUTLS_CRYPTO_H_ENABLE_UNSUPPORTED_API], 1,
+ [Enable prototypes in includes/crypto.h.])
+
AC_CONFIG_FILES([Makefile po/Makefile.in \
doc/Makefile doc/examples/Makefile doc/scripts/Makefile \
doc/manpages/Makefile doc/reference/Makefile \
@@ -702,7 +693,7 @@ AC_CONFIG_FILES([Makefile po/Makefile.in \
includes/Makefile includes/gnutls/gnutls.h \
lib/Makefile lib/minitasn1/Makefile lib/x509/Makefile \
libextra/Makefile lib/openpgp/Makefile lib/opencdk/Makefile \
- tests/openpgp/Makefile \
+ tests/openpgp/Makefile tests/openpgp-certs/Makefile \
src/Makefile \
src/cfg/Makefile src/cfg/platon/Makefile src/cfg/platon/str/Makefile \
lib/libgnutls-config libextra/libgnutls-extra-config \
diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am
index f5db096241..df1e89158f 100644
--- a/doc/examples/Makefile.am
+++ b/doc/examples/Makefile.am
@@ -28,8 +28,18 @@ LDADD = libexamples.la \
../../libextra/libgnutls-extra.la \
../../gl/libgnu.la
-noinst_PROGRAMS = ex-cert-select ex-client2 ex-client-resume \
- ex-crq ex-serv1 ex-serv-export
+CXX_LDADD = $(LDADD) \
+ ../../lib/libgnutlsxx.la
+
+noinst_PROGRAMS = ex-client2 ex-client-resume
+noinst_PROGRAMS += ex-cert-select ex-crq
+noinst_PROGRAMS += ex-serv1 ex-serv-export
+
+if ENABLE_CXX
+ex_cxx_SOURCES = ex-cxx.cpp
+ex_cxx_LDADD = $(CXX_LDADD)
+noinst_PROGRAMS += ex-cxx
+endif
if ENABLE_ANON
noinst_PROGRAMS += ex-client1 ex-serv-anon
@@ -40,6 +50,10 @@ if ENABLE_OPENPGP
noinst_PROGRAMS += ex-serv-pgp
endif
+if ENABLE_PSK
+noinst_PROGRAMS += ex-client-psk ex-serv-psk
+endif
+
if ENABLE_SRP
noinst_PROGRAMS += ex-client-srp ex-serv-srp
endif
diff --git a/doc/examples/ex-client-psk.c b/doc/examples/ex-client-psk.c
new file mode 100644
index 0000000000..be718e0bde
--- /dev/null
+++ b/doc/examples/ex-client-psk.c
@@ -0,0 +1,119 @@
+/* Copyright 2007, 2008 Free Software Foundation
+ *
+ * Copying and distribution of this file, with or without modification,
+ * are permitted in any medium without royalty provided the copyright
+ * notice and this notice are preserved.
+ */
+
+#if HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <gnutls/gnutls.h>
+
+/* A very basic TLS client, with PSK authentication.
+ */
+
+#define MAX_BUF 1024
+#define CAFILE "ca.pem"
+#define MSG "GET / HTTP/1.0\r\n\r\n"
+
+extern int tcp_connect (void);
+extern void tcp_close (int sd);
+
+int
+main (void)
+{
+ int ret, sd, ii;
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ const char *err;
+ gnutls_psk_client_credentials_t pskcred;
+ const gnutls_datum_t key = { "DEADBEEF", 8 };
+
+ gnutls_global_init ();
+
+ gnutls_psk_allocate_client_credentials (&pskcred);
+ gnutls_psk_set_client_credentials (pskcred, "test", &key,
+ GNUTLS_PSK_KEY_HEX);
+
+ /* Initialize TLS session
+ */
+ gnutls_init (&session, GNUTLS_CLIENT);
+
+ /* Use default priorities */
+ ret = gnutls_priority_set_direct (session, "PERFORMANCE", &err);
+ if (ret < 0) {
+ if (ret == GNUTLS_E_INVALID_REQUEST) {
+ fprintf(stderr, "Syntax error at: %s\n", err);
+ }
+ exit(1);
+ }
+
+ /* put the x509 credentials to the current session
+ */
+ gnutls_credentials_set (session, GNUTLS_CRD_PSK, pskcred);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect ();
+
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
+
+ /* Perform the TLS handshake
+ */
+ ret = gnutls_handshake (session);
+
+ if (ret < 0)
+ {
+ fprintf (stderr, "*** Handshake failed\n");
+ gnutls_perror (ret);
+ goto end;
+ }
+ else
+ {
+ printf ("- Handshake was completed\n");
+ }
+
+ gnutls_record_send (session, MSG, strlen (MSG));
+
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+ if (ret == 0)
+ {
+ printf ("- Peer has closed the TLS connection\n");
+ goto end;
+ }
+ else if (ret < 0)
+ {
+ fprintf (stderr, "*** Error: %s\n", gnutls_strerror (ret));
+ goto end;
+ }
+
+ printf ("- Received %d bytes: ", ret);
+ for (ii = 0; ii < ret; ii++)
+ {
+ fputc (buffer[ii], stdout);
+ }
+ fputs ("\n", stdout);
+
+ gnutls_bye (session, GNUTLS_SHUT_RDWR);
+
+end:
+
+ tcp_close (sd);
+
+ gnutls_deinit (session);
+
+ gnutls_psk_free_client_credentials (pskcred);
+
+ gnutls_global_deinit ();
+
+ return 0;
+}
diff --git a/doc/examples/ex-cxx.cpp b/doc/examples/ex-cxx.cpp
new file mode 100644
index 0000000000..1bade542fe
--- /dev/null
+++ b/doc/examples/ex-cxx.cpp
@@ -0,0 +1,101 @@
+#if HAVE_CONFIG_H
+# include <config.h>
+#else
+#endif
+#include <iostream>
+#include <stdexcept>
+#include <gnutls/gnutls.h>
+#include <gnutls/gnutlsxx.h>
+#include <cstring> /* for strlen */
+
+/* A very basic TLS client, with anonymous authentication.
+ * written by Eduardo Villanueva Che.
+ */
+
+#define MAX_BUF 1024
+#define SA struct sockaddr
+
+#define CAFILE "ca.pem"
+#define MSG "GET / HTTP/1.0\r\n\r\n"
+
+extern "C"
+{
+ int tcp_connect(void);
+ void tcp_close(int sd);
+}
+
+
+int main(void)
+{
+ int sd = -1;
+ gnutls_global_init();
+
+ try
+ {
+
+ /* Allow connections to servers that have OpenPGP keys as well.
+ */
+ gnutls::client_session session;
+
+ /* X509 stuff */
+ gnutls::certificate_credentials credentials;
+
+
+ /* sets the trusted cas file
+ */
+ credentials.set_x509_trust_file(CAFILE, GNUTLS_X509_FMT_PEM);
+ /* put the x509 credentials to the current session
+ */
+ session.set_credentials(credentials);
+
+ /* Use default priorities */
+ session.set_priority ("NORMAL", NULL);
+
+ /* connect to the peer
+ */
+ sd = tcp_connect();
+ session.set_transport_ptr((gnutls_transport_ptr_t) sd);
+
+ /* Perform the TLS handshake
+ */
+ int ret = session.handshake();
+ if (ret < 0)
+ {
+// gnutls_perror(ret);
+ throw std::runtime_error("Handshake failed");
+ }
+ else
+ {
+ std::cout << "- Handshake was completed" << std::endl;
+ }
+
+ session.send(MSG, strlen(MSG));
+ char buffer[MAX_BUF + 1];
+ ret = session.recv(buffer, MAX_BUF);
+ if (ret == 0)
+ {
+ throw std::runtime_error("Peer has closed the TLS connection");
+ }
+ else if (ret < 0)
+ {
+ throw std::runtime_error(gnutls_strerror(ret));
+ }
+
+ std::cout << "- Received " << ret << " bytes:" << std::endl;
+ std::cout.write(buffer, ret);
+ std::cout << std::endl;
+
+ session.bye(GNUTLS_SHUT_RDWR);
+ }
+ catch (std::exception &ex)
+ {
+ std::cerr << "Exception caught: " << ex.what() << std::endl;
+ }
+
+ if (sd != -1)
+ tcp_close(sd);
+
+ gnutls_global_deinit();
+
+ return 0;
+}
diff --git a/doc/examples/ex-serv-export.c b/doc/examples/ex-serv-export.c
index 2ff4aa6230..13f5308cca 100644
--- a/doc/examples/ex-serv-export.c
+++ b/doc/examples/ex-serv-export.c
@@ -1,4 +1,4 @@
-/* Copyright 2007 Free Software Foundation
+/* Copyright 2007, 2008 Free Software Foundation
*
* Copying and distribution of this file, with or without modification,
* are permitted in any medium without royalty provided the copyright
@@ -248,6 +248,11 @@ main (void)
}
close (listen_sd);
+ if (TLS_SESSION_CACHE != 0)
+ {
+ wrap_db_deinit ();
+ }
+
gnutls_certificate_free_credentials (cert_cred);
gnutls_global_deinit ();
@@ -288,6 +293,9 @@ wrap_db_init (void)
static void
wrap_db_deinit (void)
{
+ if (cache_db)
+ free (cache_db);
+ cache_db = NULL;
return;
}
diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c
new file mode 100644
index 0000000000..a5ef67db68
--- /dev/null
+++ b/doc/examples/ex-serv-psk.c
@@ -0,0 +1,226 @@
+/* Copyright 2007, 2008 Free Software Foundation
+ *
+ * Copying and distribution of this file, with or without modification,
+ * are permitted in any medium without royalty provided the copyright
+ * notice and this notice are preserved.
+ */
+
+#if HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <netinet/in.h>
+#include <string.h>
+#include <unistd.h>
+#include <gnutls/gnutls.h>
+#include <gcrypt.h> /* for gcry_control */
+
+#define KEYFILE "key.pem"
+#define CERTFILE "cert.pem"
+#define CAFILE "ca.pem"
+#define CRLFILE "crl.pem"
+
+/* This is a sample TLS echo server, supporting X.509 and PSK
+ authentication.
+ */
+
+
+#define SA struct sockaddr
+#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);}
+#define MAX_BUF 1024
+#define PORT 5556 /* listen to 5556 port */
+#define DH_BITS 1024
+
+/* These are global */
+gnutls_certificate_credentials_t x509_cred;
+gnutls_psk_server_credentials_t psk_cred;
+gnutls_priority_t priority_cache;
+
+gnutls_session_t
+initialize_tls_session (void)
+{
+ gnutls_session_t session;
+
+ gnutls_init (&session, GNUTLS_SERVER);
+
+ gnutls_priority_set (session, priority_cache);
+
+ gnutls_credentials_set (session, GNUTLS_CRD_CERTIFICATE, x509_cred);
+ gnutls_credentials_set (session, GNUTLS_CRD_PSK, psk_cred);
+
+ /* request client certificate if any.
+ */
+ gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST);
+
+ return session;
+}
+
+static gnutls_dh_params_t dh_params;
+
+static int
+generate_dh_params (void)
+{
+
+ /* Generate Diffie Hellman parameters - for use with DHE
+ * kx algorithms. When short bit length is used, it might
+ * be wise to regenerate parameters.
+ *
+ * Check the ex-serv-export.c example for using static
+ * parameters.
+ */
+ gnutls_dh_params_init (&dh_params);
+ gnutls_dh_params_generate2 (dh_params, DH_BITS);
+
+ return 0;
+}
+
+static int
+pskfunc (gnutls_session_t session, const char *username, gnutls_datum_t * key)
+{
+ printf ("psk: username %s\n", username);
+ key->data = gnutls_malloc (4);
+ key->data[0] = 0xDE;
+ key->data[1] = 0xAD;
+ key->data[2] = 0xBE;
+ key->data[3] = 0xEF;
+ key->size = 4;
+ return 0;
+}
+
+int
+main (void)
+{
+ int err, listen_sd, i;
+ int sd, ret;
+ struct sockaddr_in sa_serv;
+ struct sockaddr_in sa_cli;
+ int client_len;
+ char topbuf[512];
+ gnutls_session_t session;
+ char buffer[MAX_BUF + 1];
+ int optval = 1;
+
+ /* to disallow usage of the blocking /dev/random
+ */
+ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+
+ /* this must be called once in the program
+ */
+ gnutls_global_init ();
+
+ gnutls_certificate_allocate_credentials (&x509_cred);
+ gnutls_certificate_set_x509_trust_file (x509_cred, CAFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_crl_file (x509_cred, CRLFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_certificate_set_x509_key_file (x509_cred, CERTFILE, KEYFILE,
+ GNUTLS_X509_FMT_PEM);
+
+ gnutls_psk_allocate_server_credentials (&psk_cred);
+ gnutls_psk_set_server_credentials_function (psk_cred, pskfunc);
+
+ generate_dh_params ();
+
+ gnutls_priority_init( &priority_cache, "NORMAL:PSK", NULL);
+
+
+ gnutls_certificate_set_dh_params (x509_cred, dh_params);
+
+ /* Socket operations
+ */
+ listen_sd = socket (AF_INET, SOCK_STREAM, 0);
+ SOCKET_ERR (listen_sd, "socket");
+
+ memset (&sa_serv, '\0', sizeof (sa_serv));
+ sa_serv.sin_family = AF_INET;
+ sa_serv.sin_addr.s_addr = INADDR_ANY;
+ sa_serv.sin_port = htons (PORT); /* Server Port number */
+
+ setsockopt (listen_sd, SOL_SOCKET, SO_REUSEADDR, &optval, sizeof (int));
+
+ err = bind (listen_sd, (SA *) & sa_serv, sizeof (sa_serv));
+ SOCKET_ERR (err, "bind");
+ err = listen (listen_sd, 1024);
+ SOCKET_ERR (err, "listen");
+
+ printf ("Server ready. Listening to port '%d'.\n\n", PORT);
+
+ client_len = sizeof (sa_cli);
+ for (;;)
+ {
+ session = initialize_tls_session ();
+
+ sd = accept (listen_sd, (SA *) & sa_cli, &client_len);
+
+ printf ("- connection from %s, port %d\n",
+ inet_ntop (AF_INET, &sa_cli.sin_addr, topbuf,
+ sizeof (topbuf)), ntohs (sa_cli.sin_port));
+
+ gnutls_transport_set_ptr (session, (gnutls_transport_ptr_t) sd);
+ ret = gnutls_handshake (session);
+ if (ret < 0)
+ {
+ close (sd);
+ gnutls_deinit (session);
+ fprintf (stderr, "*** Handshake has failed (%s)\n\n",
+ gnutls_strerror (ret));
+ continue;
+ }
+ printf ("- Handshake was completed\n");
+
+ /* see the Getting peer's information example */
+ /* print_info(session); */
+
+ i = 0;
+ for (;;)
+ {
+ memset (buffer, 0, MAX_BUF + 1);
+ ret = gnutls_record_recv (session, buffer, MAX_BUF);
+
+ if (ret == 0)
+ {
+ printf ("\n- Peer has closed the GNUTLS connection\n");
+ break;
+ }
+ else if (ret < 0)
+ {
+ fprintf (stderr, "\n*** Received corrupted "
+ "data(%d). Closing the connection.\n\n", ret);
+ break;
+ }
+ else if (ret > 0)
+ {
+ /* echo data back to the client
+ */
+ gnutls_record_send (session, buffer, strlen (buffer));
+ }
+ }
+ printf ("\n");
+ /* do not wait for the peer to close the connection.
+ */
+ gnutls_bye (session, GNUTLS_SHUT_WR);
+
+ close (sd);
+ gnutls_deinit (session);
+
+ }
+ close (listen_sd);
+
+ gnutls_certificate_free_credentials (x509_cred);
+ gnutls_psk_free_server_credentials (psk_cred);
+
+ gnutls_priority_deinit(priority_cache);
+
+ gnutls_global_deinit ();
+
+ return 0;
+
+}
diff --git a/doc/examples/ex-session-info.c b/doc/examples/ex-session-info.c
index dded275152..382b038185 100644
--- a/doc/examples/ex-session-info.c
+++ b/doc/examples/ex-session-info.c
@@ -1,4 +1,4 @@
-/* Copyright 2007 Free Software Foundation
+/* Copyright 2007, 2008 Free Software Foundation
*
* Copying and distribution of this file, with or without modification,
* are permitted in any medium without royalty provided the copyright
@@ -43,12 +43,21 @@ print_info (gnutls_session_t session)
break;
+#ifdef ENABLE_SRP
case GNUTLS_CRD_SRP:
printf ("- SRP session with username %s\n",
gnutls_srp_server_get_username (session));
break;
+#endif
case GNUTLS_CRD_PSK:
+ /* This returns NULL in server side.
+ */
+ if (gnutls_psk_client_get_hint (session) != NULL)
+ printf ("- PSK authentication. PSK hint '%s'\n",
+ gnutls_psk_client_get_hint (session));
+ /* This returns NULL in client side.
+ */
if (gnutls_psk_server_get_username (session) != NULL)
printf ("- PSK authentication. Connected as '%s'\n",
gnutls_psk_server_get_username (session));
diff --git a/doc/examples/ex-x509-info.c b/doc/examples/ex-x509-info.c
index 911d315d44..5ffee181e2 100644
--- a/doc/examples/ex-x509-info.c
+++ b/doc/examples/ex-x509-info.c
@@ -1,4 +1,4 @@
-/* Copyright 2007 Free Software Foundation
+/* Copyright 2007, 2008 Free Software Foundation
*
* Copying and distribution of this file, with or without modification,
* are permitted in any medium without royalty provided the copyright
@@ -81,7 +81,6 @@ print_x509_certificate_info (gnutls_session_t session)
size = sizeof (serial);
gnutls_x509_crt_get_serial (cert, serial, &size);
- size = sizeof (serial);
printf ("\tCertificate serial number: %s\n", bin2hex (serial, size));
/* Extract some of the public key algorithm's parameters
diff --git a/doc/gendocs_template b/doc/gendocs_template
index 066908e023..63a636a6e4 100644
--- a/doc/gendocs_template
+++ b/doc/gendocs_template
@@ -59,7 +59,7 @@
(%%TEXI_TGZ_SIZE%%K bytes gzipped tar file).</a></li>
</ul>
-<p>You can <a href="http://www.gnu.org/order/">buy printed copies of
+<p>You can <a href="http://shop.fsf.org/">buy printed copies of
some manuals</a> (among other items) from the Free Software Foundation;
this helps support FSF activities.</p>
@@ -80,7 +80,7 @@ script</a>.)</p>
<!-- Please make sure the copyright date is consistent with the document -->
<!-- and that it is like this "2001, 2002" not this "2001-2002." -->
</div><!-- for id="content", starts in the include above -->
-<!--#include virtual="/server/footer-min.html" -->
+<!--#include virtual="/server/footer.html" -->
<div id="footer">
<p>
@@ -94,7 +94,7 @@ Please send broken links and other corrections or suggestions to
</p>
<p>
-Copyright &copy; 2007 Free Software Foundation, Inc.,
+Copyright &copy; 2008 Free Software Foundation, Inc.,
</p>
<address>51 Franklin Street, Fifth Floor, Boston, MA 02111, USA</address>
<p>Verbatim copying and distribution of this entire article is
diff --git a/doc/gnutls.texi b/doc/gnutls.texi
index 62f37c2281..49f8431f63 100644
--- a/doc/gnutls.texi
+++ b/doc/gnutls.texi
@@ -39,10 +39,11 @@ Documentation License''.
@direntry
* GnuTLS: (gnutls). Package for Transport Layer Security.
* certtool: (gnutls)Invoking certtool. Manipulate certificates and keys.
-* srptool: (gnutls)Invoking srptool. Simple SRP password tool.
* gnutls-serv: (gnutls)Invoking gnutls-serv. GNU TLS test server.
* gnutls-cli: (gnutls)Invoking gnutls-cli. GNU TLS test client.
* gnutls-cli-debug: (gnutls)Invoking gnutls-cli-debug. GNU TLS debug client.
+* psktool: (gnutls)Invoking psktool. Simple TLS-Pre-Shared-Keys manager.
+* srptool: (gnutls)Invoking srptool. Simple SRP password tool.
@end direntry
@titlepage
@@ -1494,6 +1495,17 @@ file can be stored to the credentials structure by calling
password file format is to be used, then the function
@ref{gnutls_psk_set_server_credentials_function}, should be used instead.
+The server can help the client chose a suitable username and password,
+by sending a hint. In the server, specify the hint by calling
+@ref{gnutls_psk_set_server_credentials_hint}. The client can retrieve
+the hint, for example in the callback function, using
+@ref{gnutls_psk_client_get_hint}.
+
+There is no standard mechanism to derive a PSK key from a password
+specified by the TLS PSK document. However, GnuTLS provides
+@ref{gnutls_psk_netconf_derive_key} which follows the algorithm
+specified in @file{draft-ietf-netconf-tls-02.txt}.
+
Some helper functions such as:
@itemize
@@ -2250,6 +2262,7 @@ implemented by another example.
* Client with Resume capability example::
* Simple client example with SRP authentication::
* Simple client example with TLS/IA support::
+* Simple client example in @acronym{C++}::
* Helper function for TCP connections::
@end menu
@@ -2345,6 +2358,14 @@ The following client is a simple client which uses the
@verbatiminclude examples/ex-client-tlsia.c
+@node Simple client example in @acronym{C++}
+@subsection Simple Client Example using the @acronym{C++} API
+
+The following client is a simple example of a client
+client utilizing the GnuTLS @acronym{C++} API.
+
+@verbatiminclude examples/ex-cxx.cpp
+
@node Helper function for TCP connections
@subsection Helper Function for TCP Connections
@@ -2505,58 +2526,317 @@ let you use the library for common tasks without writing an
application. The applications are discussed in this chapter.
@menu
-* Invoking srptool::
+* Invoking certtool::
* Invoking gnutls-cli::
* Invoking gnutls-cli-debug::
* Invoking gnutls-serv::
-* Invoking certtool::
+* Invoking psktool::
+* Invoking srptool::
@end menu
-@node Invoking srptool
-@section Invoking srptool
-@anchor{srptool}
-@cindex srptool
+@node Invoking certtool
+@section Invoking certtool
+@cindex certtool
-The @file{srptool} is a very simple program that emulates the programs
-in the @emph{Stanford SRP libraries}. It is intended for use in
-places where you don't expect @acronym{SRP} authentication to be the
-used for system users. Traditionally @emph{libsrp} used two
-files. One called 'tpasswd' which holds usernames and verifiers, and
-'tpasswd.conf' which holds generators and primes.
+This is a program to generate @acronym{X.509} certificates, certificate
+requests, CRLs and private keys.
-How to use srptool:
+@verbatim
+Certtool help
+Usage: certtool [options]
+ -s, --generate-self-signed
+ Generate a self-signed certificate.
+ -c, --generate-certificate
+ Generate a signed certificate.
+ --generate-proxy Generate a proxy certificate.
+ --generate-crl Generate a CRL.
+ -u, --update-certificate
+ Update a signed certificate.
+ -p, --generate-privkey Generate a private key.
+ -q, --generate-request Generate a PKCS #10 certificate
+ request.
+ -e, --verify-chain Verify a PEM encoded certificate chain.
+ The last certificate in the chain must
+ be a self signed one.
+ --verify-crl Verify a CRL.
+ --generate-dh-params Generate PKCS #3 encoded Diffie Hellman
+ parameters.
+ --get-dh-params Get the included PKCS #3 encoded Diffie
+ Hellman parameters.
+ --load-privkey FILE Private key file to use.
+ --load-request FILE Certificate request file to use.
+ --load-certificate FILE
+ Certificate file to use.
+ --load-ca-privkey FILE Certificate authority's private key
+ file to use.
+ --load-ca-certificate FILE
+ Certificate authority's certificate
+ file to use.
+ --password PASSWORD Password to use.
+ -i, --certificate-info Print information on a certificate.
+ -l, --crl-info Print information on a CRL.
+ --p12-info Print information on a PKCS #12
+ structure.
+ --p7-info Print information on a PKCS #7
+ structure.
+ --smime-to-p7 Convert S/MIME to PKCS #7 structure.
+ -k, --key-info Print information on a private key.
+ --fix-key Regenerate the parameters in a private
+ key.
+ --to-p12 Generate a PKCS #12 structure.
+ -8, --pkcs8 Use PKCS #8 format for private keys.
+ --dsa Use DSA keys.
+ --hash STR Hash algorithm to use for signing
+ (MD5,SHA1,RMD160).
+ --export-ciphers Use weak encryption algorithms.
+ --inder Use DER format for input certificates
+ and private keys.
+ --outder Use DER format for output certificates
+ and private keys.
+ --bits BITS specify the number of bits for key
+ generation.
+ --outfile FILE Output file.
+ --infile FILE Input file.
+ --template FILE Template file to use for non
+ interactive operation.
+ -d, --debug LEVEL specify the debug level. Default is 1.
+ -h, --help shows this help text
+ -v, --version shows the program's version
+ --copyright shows the program's license
+@end verbatim
+
+The program can be used interactively or non interactively by
+specifying the @code{--template} command line option. See below for an
+example of a template file.
+
+How to use certtool interactively:
@itemize
+@item
+To generate parameters for Diffie Hellman key exchange, use the command:
+@example
+$ certtool --generate-dh-params --outfile dh.pem
+@end example
@item
-To create tpasswd.conf which holds the g and n values for
-@acronym{SRP} protocol (generator and a large prime), run:
+To generate parameters for the RSA-EXPORT key exchange, use the command:
+@example
+$ certtool --generate-privkey --bits 512 --outfile rsa.pem
+@end example
+
+@end itemize
+
+@itemize
+@item
+To create a self signed certificate, use the command:
@example
-$ srptool --create-conf /etc/tpasswd.conf
+$ certtool --generate-privkey --outfile ca-key.pem
+$ certtool --generate-self-signed --load-privkey ca-key.pem \
+ --outfile ca-cert.pem
@end example
+Note that a self-signed certificate usually belongs to a certificate
+authority, that signs other certificates.
+
@item
-This command will create /etc/tpasswd and will add user 'test' (you
-will also be prompted for a password). Verifiers are stored by default
-in the way libsrp expects.
+To create a private key, run:
@example
-$ srptool --passwd /etc/tpasswd \
- --passwd-conf /etc/tpasswd.conf -u test
+$ certtool --generate-privkey --outfile key.pem
@end example
@item
-This command will check against a password. If the password matches
-the one in /etc/tpasswd you will get an ok.
+To generate a certificate using the private key, use the command:
@example
-$ srptool --passwd /etc/tpasswd \
- --passwd-conf /etc/tpasswd.conf --verify -u test
+$ certtool --generate-certificate --load-privkey key.pem \
+ --outfile cert.pem --load-ca-certificate ca-cert.pem \
+ --load-ca-privkey ca-key.pem
+@end example
+
+@item
+To create a certificate request (needed when the certificate is issued by
+another party), run:
+
+@example
+$ certtool --generate-request --load-privkey key.pem \
+ --outfile request.pem
+@end example
+
+@item
+To generate a certificate using the previous request, use the command:
+
+@example
+$ certtool --generate-certificate --load-request request.pem \
+ --outfile cert.pem \
+ --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
+@end example
+
+@item
+To view the certificate information, use:
+
+@example
+$ certtool --certificate-info --infile cert.pem
+@end example
+
+@item
+To generate a @acronym{PKCS} #12 structure using the previous key and
+certificate, use the command:
+
+@example
+$ certtool --load-certificate cert.pem --load-privkey key.pem \
+ --to-p12 --outder --outfile key.p12
+@end example
+
+@item
+Proxy certificate can be used to delegate your credential to a
+temporary, typically short-lived, certificate. To create one from the
+previously created certificate, first create a temporary key and then
+generate a proxy certificate for it, using the commands:
+
+@example
+$ certtool --generate-privkey > proxy-key.pem
+$ certtool --generate-proxy --load-ca-privkey key.pem \
+ --load-privkey proxy-key.pem --load-certificate cert.pem \
+ --outfile proxy-cert.pem
+@end example
+
+@item
+To create an empty Certificate Revocation List (CRL) do:
+
+@example
+$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem
+@end example
+
+To create a CRL that contains some revoked certificates, place the
+certificates in a file and use @code{--load-certificate} as follows:
+
+@example
+$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem --load-certificate revoked-certs.pem
+@end example
+
+@item
+To verify a Certificate Revocation List (CRL) do:
+
+@example
+$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem
+@end example
+
+@end itemize
+
+Certtool's template file format:
+
+@itemize
+
+@item
+Firstly create a file named 'cert.cfg' that contains the information
+about the certificate. An example file is listed below.
+
+@item
+Then execute:
+
+@example
+$ certtool --generate-certificate cert.pem --load-privkey key.pem \
+ --template cert.cfg \
+ --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
@end example
@end itemize
+An example certtool template file:
+
+@example
+# X.509 Certificate options
+#
+# DN options
+
+# The organization of the subject.
+organization = "Koko inc."
+
+# The organizational unit of the subject.
+unit = "sleeping dept."
+
+# The locality of the subject.
+# locality =
+
+# The state of the certificate owner.
+state = "Attiki"
+
+# The country of the subject. Two letter code.
+country = GR
+
+# The common name of the certificate owner.
+cn = "Cindy Lauper"
+
+# A user id of the certificate owner.
+#uid = "clauper"
+
+# If the supported DN OIDs are not adequate you can set
+# any OID here.
+# For example set the X.520 Title and the X.520 Pseudonym
+# by using OID and string pairs.
+#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal"
+
+# This is deprecated and should not be used in new
+# certificates.
+# pkcs9_email = "none@@none.org"
+
+# The serial number of the certificate
+serial = 007
+
+# In how many days, counting from today, this certificate will expire.
+expiration_days = 700
+
+# X.509 v3 extensions
+
+# A dnsname in case of a WWW server.
+#dns_name = "www.none.org"
+
+# An IP address in case of a server.
+#ip_address = "192.168.1.1"
+
+# An email in case of a person
+email = "none@@none.org"
+
+# An URL that has CRLs (certificate revocation lists)
+# available. Needed in CA certificates.
+#crl_dist_points = "http://www.getcrl.crl/getcrl/"
+
+# Whether this is a CA certificate or not
+#ca
+
+# Whether this certificate will be used for a TLS client
+#tls_www_client
+
+# Whether this certificate will be used for a TLS server
+#tls_www_server
+
+# Whether this certificate will be used to sign data (needed
+# in TLS DHE ciphersuites).
+signing_key
+
+# Whether this certificate will be used to encrypt data (needed
+# in TLS RSA ciphersuites). Note that it is prefered to use different
+# keys for encryption and signing.
+#encryption_key
+
+# Whether this key will be used to sign other certificates.
+#cert_signing_key
+
+# Whether this key will be used to sign CRLs.
+#crl_signing_key
+
+# Whether this key will be used to sign code.
+#code_signing_key
+
+# Whether this key will be used to sign OCSP data.
+#ocsp_signing_key
+
+# Whether this key will be used for time stamping.
+#time_stamping_key
+@end example
+
@node Invoking gnutls-cli
@section Invoking gnutls-cli
@cindex gnutls-cli
@@ -2614,6 +2894,70 @@ Usage: gnutls-cli [options] hostname
--copyright prints the program's license
@end verbatim
+To connect to a server using PSK authentication, you may use something
+like:
+
+@smallexample
+$ gnutls-cli -p 5556 test.gnutls.org --pskusername jas --pskkey 9e32cf7786321a828ef7668f09fb35db --priority NORMAL:+PSK:-RSA:-DHE-RSA -d 4711
+@end smallexample
+
+@menu
+* Example client PSK connection::
+@end menu
+
+@node Example client PSK connection
+@subsection Example client PSK connection
+@cindex PSK client
+
+If your server only supports the PSK ciphersuite, connecting to it
+should be as simple as connecting to the server:
+
+@smallexample
+$ ./gnutls-cli -p 5556 localhost
+Resolving 'localhost'...
+Connecting to '127.0.0.1:5556'...
+- PSK client callback. PSK hint 'psk_identity_hint'
+Enter PSK identity: psk_identity
+Enter password:
+- PSK authentication. PSK hint 'psk_identity_hint'
+- Version: TLS1.1
+- Key Exchange: PSK
+- Cipher: AES-128-CBC
+- MAC: SHA1
+- Compression: NULL
+- Handshake was completed
+
+- Simple Client Mode:
+@end smallexample
+
+If the server supports several cipher suites, you may need to force it
+to chose PSK by using a cipher priority parameter such as
+@code{--priority NORMAL:+PSK:-RSA:-DHE-RSA:-DHE-PSK}.
+
+@cindex Netconf
+Instead of using the Netconf-way to derive the PSK key from a
+password, you can also give the PSK username and key directly on the
+command line:
+
+@smallexample
+$ ./gnutls-cli -p 5556 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344
+Resolving 'localhost'...
+Connecting to '127.0.0.1:5556'...
+- PSK authentication. PSK hint 'psk_identity_hint'
+- Version: TLS1.1
+- Key Exchange: PSK
+- Cipher: AES-128-CBC
+- MAC: SHA1
+- Compression: NULL
+- Handshake was completed
+
+- Simple Client Mode:
+@end smallexample
+
+By keeping the @code{--pskusername} parameter and removing the
+@code{--pskkey} parameter, it will query only for the password during
+the handshake.
+
@node Invoking gnutls-cli-debug
@section Invoking gnutls-cli-debug
@cindex gnutls-cli-debug
@@ -2889,309 +3233,111 @@ gnutls-serv --http \
--pskpasswd psk-passwd.txt
@end example
-@node Invoking certtool
-@section Invoking certtool
-@cindex certtool
-
-This is a program to generate @acronym{X.509} certificates, certificate
-requests, CRLs and private keys.
-
-@verbatim
-Certtool help
-Usage: certtool [options]
- -s, --generate-self-signed
- Generate a self-signed certificate.
- -c, --generate-certificate
- Generate a signed certificate.
- --generate-proxy Generate a proxy certificate.
- --generate-crl Generate a CRL.
- -u, --update-certificate
- Update a signed certificate.
- -p, --generate-privkey Generate a private key.
- -q, --generate-request Generate a PKCS #10 certificate
- request.
- -e, --verify-chain Verify a PEM encoded certificate chain.
- The last certificate in the chain must
- be a self signed one.
- --verify-crl Verify a CRL.
- --generate-dh-params Generate PKCS #3 encoded Diffie Hellman
- parameters.
- --get-dh-params Get the included PKCS #3 encoded Diffie
- Hellman parameters.
- --load-privkey FILE Private key file to use.
- --load-request FILE Certificate request file to use.
- --load-certificate FILE
- Certificate file to use.
- --load-ca-privkey FILE Certificate authority's private key
- file to use.
- --load-ca-certificate FILE
- Certificate authority's certificate
- file to use.
- --password PASSWORD Password to use.
- -i, --certificate-info Print information on a certificate.
- -l, --crl-info Print information on a CRL.
- --p12-info Print information on a PKCS #12
- structure.
- --p7-info Print information on a PKCS #7
- structure.
- --smime-to-p7 Convert S/MIME to PKCS #7 structure.
- -k, --key-info Print information on a private key.
- --fix-key Regenerate the parameters in a private
- key.
- --to-p12 Generate a PKCS #12 structure.
- -8, --pkcs8 Use PKCS #8 format for private keys.
- --dsa Use DSA keys.
- --hash STR Hash algorithm to use for signing
- (MD5,SHA1,RMD160).
- --export-ciphers Use weak encryption algorithms.
- --inder Use DER format for input certificates
- and private keys.
- --outder Use DER format for output certificates
- and private keys.
- --bits BITS specify the number of bits for key
- generation.
- --outfile FILE Output file.
- --infile FILE Input file.
- --template FILE Template file to use for non
- interactive operation.
- -d, --debug LEVEL specify the debug level. Default is 1.
- -h, --help shows this help text
- -v, --version shows the program's version
- --copyright shows the program's license
-@end verbatim
-
-The program can be used interactively or non interactively by
-specifying the @code{--template} command line option. See below for an
-example of a template file.
-
-How to use certtool interactively:
-
-@itemize
-@item
-To generate parameters for Diffie Hellman key exchange, use the command:
-@example
-$ certtool --generate-dh-params --outfile dh.pem
-@end example
-
-@item
-To generate parameters for the RSA-EXPORT key exchange, use the command:
-@example
-$ certtool --generate-privkey --bits 512 --outfile rsa.pem
-@end example
-
-@end itemize
-
-@itemize
-
-@item
-To create a self signed certificate, use the command:
-@example
-$ certtool --generate-privkey --outfile ca-key.pem
-$ certtool --generate-self-signed --load-privkey ca-key.pem \
- --outfile ca-cert.pem
-@end example
-
-Note that a self-signed certificate usually belongs to a certificate
-authority, that signs other certificates.
+@menu
+* Example server PSK connection::
+@end menu
-@item
-To create a private key, run:
+@node Example server PSK connection
+@subsection Example server PSK connection
+@cindex PSK server
-@example
-$ certtool --generate-privkey --outfile key.pem
-@end example
+To set up a PSK server with @code{gnutls-serv} you need to create PSK
+password file (@pxref{Invoking psktool}). In the example below, I
+type @code{password} at the prompt.
-@item
-To generate a certificate using the private key, use the command:
+@smallexample
+$ ./psktool -u psk_identity -p psks.txt -n psk_identity_hint
+Enter password:
+Key stored to psks.txt
+$ cat psks.txt
+psk_identity:88f3824b3e5659f52d00e959bacab954b6540344
+$
+@end smallexample
-@example
-$ certtool --generate-certificate --load-privkey key.pem \
- --outfile cert.pem --load-ca-certificate ca-cert.pem \
- --load-ca-privkey ca-key.pem
-@end example
+After this, start the server pointing to the password file. We
+disable DHE-PSK.
-@item
-To create a certificate request (needed when the certificate is issued by
-another party), run:
+@smallexample
+$ ./gnutls-serv --pskpasswd psks.txt --pskhint psk_identity_hint --priority NORMAL:-DHE-PSK
+Set static Diffie Hellman parameters, consider --dhparams.
+Echo Server ready. Listening to port '5556'.
+@end smallexample
-@example
-$ certtool --generate-request --load-privkey key.pem \
- --outfile request.pem
-@end example
+You can now connect to the server using a PSK client (@pxref{Example
+client PSK connection}).
-@item
-To generate a certificate using the previous request, use the command:
+@node Invoking psktool
+@section Invoking psktool
+@cindex psktool
-@example
-$ certtool --generate-certificate --load-request request.pem \
- --outfile cert.pem \
- --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
-@end example
+This is a program to manage @acronym{PSK} username and keys.
-@item
-To view the certificate information, use:
+@verbatim
+PSKtool help
+Usage : psktool [options]
+ -u, --username username
+ specify username.
+ -p, --passwd FILE specify a password file.
+ -n, --netconf-hint HINT
+ derive key from Netconf password, using
+ HINT as the psk_identity_hint.
+ -s, --keysize SIZE specify the key size in bytes.
+ -v, --version prints the program's version number
+ -h, --help shows this help text
+@end verbatim
-@example
-$ certtool --certificate-info --infile cert.pem
-@end example
+Normally the file will generate random keys for the indicate username.
+You may also derive PSK keys from passwords, using the algorithm
+specified in @file{draft-ietf-netconf-tls-02.txt}. The algorithm
+needs a PSK identity hint, which you specify using
+@code{--netconf-hint}. To derive a PSK key from a password with an
+empty PSK identity hint, using @code{--netconf-hint ""}.
-@item
-To generate a @acronym{PKCS} #12 structure using the previous key and
-certificate, use the command:
+@node Invoking srptool
+@section Invoking srptool
+@anchor{srptool}
+@cindex srptool
-@example
-$ certtool --load-certificate cert.pem --load-privkey key.pem \
- --to-p12 --outder --outfile key.p12
-@end example
+The @file{srptool} is a very simple program that emulates the programs
+in the @emph{Stanford SRP libraries}. It is intended for use in
+places where you don't expect @acronym{SRP} authentication to be the
+used for system users. Traditionally @emph{libsrp} used two
+files. One called 'tpasswd' which holds usernames and verifiers, and
+'tpasswd.conf' which holds generators and primes.
-@item
-Proxy certificate can be used to delegate your credential to a
-temporary, typically short-lived, certificate. To create one from the
-previously created certificate, first create a temporary key and then
-generate a proxy certificate for it, using the commands:
+How to use srptool:
-@example
-$ certtool --generate-privkey > proxy-key.pem
-$ certtool --generate-proxy --load-ca-privkey key.pem \
- --load-privkey proxy-key.pem --load-certificate cert.pem \
- --outfile proxy-cert.pem
-@end example
+@itemize
@item
-To create an empty Certificate Revocation List (CRL) do:
-
-@example
-$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem
-@end example
-
-To create a CRL that contains some revoked certificates, place the
-certificates in a file and use @code{--load-certificate} as follows:
+To create tpasswd.conf which holds the g and n values for
+@acronym{SRP} protocol (generator and a large prime), run:
@example
-$ certtool --generate-crl --load-ca-privkey x509-ca-key.pem --load-ca-certificate x509-ca.pem --load-certificate revoked-certs.pem
+$ srptool --create-conf /etc/tpasswd.conf
@end example
@item
-To verify a Certificate Revocation List (CRL) do:
+This command will create /etc/tpasswd and will add user 'test' (you
+will also be prompted for a password). Verifiers are stored by default
+in the way libsrp expects.
@example
-$ certtool --verify-crl --load-ca-certificate x509-ca.pem < crl.pem
+$ srptool --passwd /etc/tpasswd \
+ --passwd-conf /etc/tpasswd.conf -u test
@end example
-@end itemize
-
-Certtool's template file format:
-
-@itemize
-
@item
-Firstly create a file named 'cert.cfg' that contains the information
-about the certificate. An example file is listed below.
-
-@item
-Then execute:
+This command will check against a password. If the password matches
+the one in /etc/tpasswd you will get an ok.
@example
-$ certtool --generate-certificate cert.pem --load-privkey key.pem \
- --template cert.cfg \
- --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem
+$ srptool --passwd /etc/tpasswd \
+ --passwd-conf /etc/tpasswd.conf --verify -u test
@end example
@end itemize
-An example certtool template file:
-
-@example
-# X.509 Certificate options
-#
-# DN options
-
-# The organization of the subject.
-organization = "Koko inc."
-
-# The organizational unit of the subject.
-unit = "sleeping dept."
-
-# The locality of the subject.
-# locality =
-
-# The state of the certificate owner.
-state = "Attiki"
-
-# The country of the subject. Two letter code.
-country = GR
-
-# The common name of the certificate owner.
-cn = "Cindy Lauper"
-
-# A user id of the certificate owner.
-#uid = "clauper"
-
-# If the supported DN OIDs are not adequate you can set
-# any OID here.
-# For example set the X.520 Title and the X.520 Pseudonym
-# by using OID and string pairs.
-#dn_oid = "2.5.4.12" "Dr." "2.5.4.65" "jackal"
-
-# This is deprecated and should not be used in new
-# certificates.
-# pkcs9_email = "none@@none.org"
-
-# The serial number of the certificate
-serial = 007
-
-# In how many days, counting from today, this certificate will expire.
-expiration_days = 700
-
-# X.509 v3 extensions
-
-# A dnsname in case of a WWW server.
-#dns_name = "www.none.org"
-
-# An IP address in case of a server.
-#ip_address = "192.168.1.1"
-
-# An email in case of a person
-email = "none@@none.org"
-
-# An URL that has CRLs (certificate revocation lists)
-# available. Needed in CA certificates.
-#crl_dist_points = "http://www.getcrl.crl/getcrl/"
-
-# Whether this is a CA certificate or not
-#ca
-
-# Whether this certificate will be used for a TLS client
-#tls_www_client
-
-# Whether this certificate will be used for a TLS server
-#tls_www_server
-
-# Whether this certificate will be used to sign data (needed
-# in TLS DHE ciphersuites).
-signing_key
-
-# Whether this certificate will be used to encrypt data (needed
-# in TLS RSA ciphersuites). Note that it is prefered to use different
-# keys for encryption and signing.
-#encryption_key
-
-# Whether this key will be used to sign other certificates.
-#cert_signing_key
-
-# Whether this key will be used to sign CRLs.
-#crl_signing_key
-
-# Whether this key will be used to sign code.
-#code_signing_key
-
-# Whether this key will be used to sign OCSP data.
-#ocsp_signing_key
-
-# Whether this key will be used for time stamping.
-#time_stamping_key
-@end example
-
@node Function reference
@chapter Function Reference
@cindex Function reference
diff --git a/doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-02.txt b/doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-02.txt
new file mode 100644
index 0000000000..91d2cb8ea4
--- /dev/null
+++ b/doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-02.txt
@@ -0,0 +1,485 @@
+TLS Working Group Mohamad Badra
+Internet Draft LIMOS Laboratory
+Intended status: Standards Track April 30, 2008
+Expires: October 2008
+
+
+
+ Pre-Shared Key Cipher Suites for Transport Layer Security (TLS) with
+ SHA-256/384 and AES Galois Counter Mode
+ draft-badra-tls-psk-new-mac-aes-gcm-02.txt
+
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six
+ months and may be updated, replaced, or obsoleted by other documents
+ at any time. It is inappropriate to use Internet-Drafts as
+ reference material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+ This Internet-Draft will expire on October 30, 2008.
+
+Copyright Notice
+
+ Copyright (C) The IETF Trust (2008).
+
+Abstract
+
+ RFC 4279 and RFC 4785 describe pre-shared key cipher suites for
+ Transport Layer Security (TLS). However, all those cipher suites
+ use SHA-1 as their MAC algorithm. This document describes a set of
+ cipher suites for TLS/DTLS which uses stronger digest algorithms
+
+
+
+
+Badra Expires October 30, 2008 [Page 1]
+
+Internet-Draft TLS PSK New MAC and AES-GCM April 2008
+
+
+ (i.e., SHA-256 or SHA-384) and another which uses the Advanced
+ Encryption Standard (AES) in Galois Counter Mode (GCM).
+
+Table of Contents
+
+
+ 1. Introduction...................................................3
+ 1.1. Conventions used in this document.........................3
+ 2. PSK, DHE_PSK and RSA_PSK Key Exchange Algorithms with AES-GCM..3
+ 3. PSK, DHE_PSK and RSA_PSK Key Exchange with SHA-256/384.........4
+ 3.1. PSK Key Exchange Algorithm with SHA-256/384...............4
+ 3.2. DHE_PSK Key Exchange Algorithm with SHA-256/384...........5
+ 3.3. RSA_PSK Key Exchange Algorithm with SHA-256/384...........5
+ 4. Security Considerations........................................5
+ 5. IANA Considerations............................................6
+ 6. Acknowledgments................................................6
+ 7. References.....................................................6
+ 7.1. Normative References......................................6
+ 7.2. Informative References....................................7
+ Author's Addresses................................................8
+ Full Copyright Statement..........................................8
+ Intellectual Property.............................................8
+ Acknowledgment....................................................9
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Badra Expires October 30, 2008 [Page 2]
+
+Internet-Draft TLS PSK New MAC and AES-GCM April 2008
+
+
+1. Introduction
+
+ TLS 1.2 [I-D.ietf-tls-rfc4346-bis], adds support for authenticated
+ encryption with additional data (AEAD) cipher modes [RFC5116]. This
+ document describes the use of Advanced Encryption Standard (AES)
+ [AES] in Galois Counter Mode (GCM) [GCM] (AES-GCM) with various pre-
+ shared key (PSK) key exchange mechanisms ([RFC4279] and [RFC4785])
+ as a cipher suite for Transport Layer Security (TLS).
+
+ This document also specifies PSK cipher suites for TLS which replace
+ SHA-1 by SHA-256 or SHA-384. RFC 4279 [RFC4279] and RFC 4785
+ [RFC4785] describe PSK cipher suites for TLS. However, all of the
+ RFC 4279 and the RFC 4785 cipher suites use HMAC-SHA1 as their MAC
+ algorithm. Due to recent analytic work on SHA-1 [Wang05], the IETF
+ is gradually moving away from SHA-1 and towards stronger hash
+ algorithms.
+
+ ECC based cipher suites with SHA-256/384 and AES-GCM are defined in
+ [I-D.ietf-tls-ecc-new-mac]; RSA, DSS and Diffie-Hellman based cipher
+ suites are specified in [I-D.ietf-tls-rsa-aes-gcm]. The reader is
+ expected to become familiar with these two memos prior to studying
+ this document.
+
+1.1. Conventions used in this document
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+2. PSK, DHE_PSK and RSA_PSK Key Exchange Algorithms with AES-GCM
+
+ The following eight cipher suites use the new authenticated
+ encryption modes defined in TLS 1.2 with AES in Galois Counter Mode
+ (GCM) [GCM]. The cipher suites with DHE_PSK key exchange algorithm
+ (TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 and
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA348) provide Perfect Forward Secrecy
+ (PFS).
+
+ CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_258_GCM_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_256_GCM_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = {0xXX,0xXX};
+
+
+
+Badra Expires October 30, 2008 [Page 3]
+
+Internet-Draft TLS PSK New MAC and AES-GCM April 2008
+
+
+ These cipher suites use authenticated encryption with additional
+ data (AEAD) algorithms AEAD_AES_128_GCM and AEAD_AES_256_GCM
+ described in RFC 5116. GCM is used as described in [I-D.ietf-tls-
+ rsa-aes-gcm].
+
+ The PSK, DHE_PSK and RSA_PSK key exchanges are performed as defined
+ in [RFC4279].
+
+ The PRF algorithms SHALL be as follows:
+
+ For cipher suites ending with _SHA256, the PRF is the TLS PRF
+ [I-D.ietf-tls-rfc4346-bis] with SHA-256 as the hash function.
+
+ For cipher suites ending with _SHA384, the PRF is the TLS PRF
+ [I-D.ietf-tls-rfc4346-bis] with SHA-384 as the hash function.
+
+ Implementations MUST send TLS Alert bad_record_mac for all types of
+ failures encountered in processing the AES-GCM algorithm.
+
+3. PSK, DHE_PSK and RSA_PSK Key Exchange with SHA-256/384
+
+ The cipher suites described in this section use AES [AES] in CBC
+ [CBC] mode with an HMAC-based MAC.
+
+3.1. PSK Key Exchange Algorithm with SHA-256/384
+
+ CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0xXX,0xXX};
+
+ The above six cipher suites are the same as the corresponding cipher
+ suites in RFC 4279 and RFC 4785 (with names ending in "_SHA" in
+ place of "_SHA256" or "_SHA384"), except for the hash and PRF
+ algorithms, which are SHA-256 and SHA-384 [SHS] as follows.
+
+ CipherSuite MAC PRF
+ ------------ --- ---
+ TLS_PSK_WITH_AES_128_CBC_SHA256 HMAC-SHA-256 P_SHA-256
+ TLS_PSK_WITH_AES_128_CBC_SHA384 HMAC-SHA-384 P_SHA-384
+ TLS_PSK_WITH_AES_256_CBC_SHA256 HMAC-SHA-256 P_SHA-256
+ TLS_PSK_WITH_AES_256_CBC_SHA384 HMAC-SHA-384 P_SHA-384
+ TLS_PSK_WITH_NULL_SHA256 HMAC-SHA-256 P_SHA-256
+ TLS_PSK_WITH_NULL_SHA384 HMAC-SHA-384 P_SHA-384
+
+
+
+Badra Expires October 30, 2008 [Page 4]
+
+Internet-Draft TLS PSK New MAC and AES-GCM April 2008
+
+
+3.2. DHE_PSK Key Exchange Algorithm with SHA-256/384
+
+ CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_NULL_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_NULL_SHA384 = {0xXX,0xXX};
+
+ The above six cipher suites are the same as the corresponding cipher
+ suites in RFC 4279 and RFC 4785 (with names ending in "_SHA" in
+ place of "_SHA256" or "_SHA384"), except for the hash and PRF
+ algorithms, which are SHA-256 and SHA-384 [SHS] as follows.
+
+ CipherSuite MAC PRF
+ ------------ --- ---
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 HMAC-SHA-256 P_SHA-256
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA384 HMAC-SHA-384 P_SHA-384
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA256 HMAC-SHA-256 P_SHA-256
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 HMAC-SHA-384 P_SHA-384
+
+3.3. RSA_PSK Key Exchange Algorithm with SHA-256/384
+
+ CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX};
+
+ The above four cipher suites are the same as the corresponding
+ cipher suites in RFC 4279 and RFC 4785 (with names ending in "_SHA"
+ in place of "_SHA256" or "_SHA384"), except for the hash and PRF
+ algorithms, which are SHA-256 and SHA-384 [SHS] as follows.
+
+ CipherSuite MAC PRF
+ ------------ --- ---
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 HMAC-SHA-256 P_SHA-256
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA384 HMAC-SHA-384 P_SHA-384
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA256 HMAC-SHA-256 P_SHA-256
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 HMAC-SHA-384 P_SHA-384
+
+4. Security Considerations
+
+ The security considerations in RFC 4279, RFC 4758, and [I-D.ietf-
+ tls-rsa-aes-gcm] apply to this document as well. In addition, as
+ described in [I-D.ietf-tls-rsa-aes-gcm], these cipher suites may
+ only be used with TLS 1.2 or greater.
+
+
+
+Badra Expires October 30, 2008 [Page 5]
+
+Internet-Draft TLS PSK New MAC and AES-GCM April 2008
+
+
+5. IANA Considerations
+
+ IANA has assigned the following values for the cipher suites defined
+ in this document:
+
+ CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_258_GCM_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_128_GCM_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_256_GCM_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_128_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_NULL_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_DHE_PSK_WITH_NULL_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_128_CBC_SHA384 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA256 = {0xXX,0xXX};
+ CipherSuite TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = {0xXX,0xXX};
+
+6. Acknowledgments
+
+ This draft borrows heavily from [I-D.ietf-tls-ecc-new-mac] and [I-
+ D.ietf-tls-rsa-aes-gcm].
+
+7. References
+
+7.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [I-D.ietf-tls-rfc4346-bis]
+ Dierks, T. and E. Rescorla, "The Transport Layer Security
+ (TLS) Protocol Version 1.2", draft-ietf-tls-rfc4346-bis-
+ 10, work in progress, March 2008.
+
+
+
+Badra Expires October 30, 2008 [Page 6]
+
+Internet-Draft TLS PSK New MAC and AES-GCM April 2008
+
+
+ [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated
+ Encryption", RFC 5116, January 2008.
+
+ [RFC4279] Eronen, P. and H. Tschofenig, "Pre-Shared Key Ciphersuites
+ for Transport Layer Security (TLS)", RFC 4279, December
+ 2005.
+
+ [RFC4785] Blumenthal, U., Goel, P., "Pre-Shared Key (PSK)
+ Ciphersuites with NULL Encryption for Transport Layer
+ Security (TLS)", RFC 4785, January 2007.
+
+ [AES] National Institute of Standards and Technology,
+ "Specification for the Advanced Encryption Standard
+ (AES)", FIPS 197, November 2001.
+
+ [SHS] National Institute of Standards and Technology, "Secure
+ Hash Standard", FIPS 180-2, August 2002.
+
+ [CBC] National Institute of Standards and Technology,
+ "Recommendation for Block Cipher Modes of Operation -
+ Methods and Techniques", SP 800-38A, December 2001.
+
+ [GCM] National Institute of Standards and Technology,
+ "Recommendation for Block Cipher Modes of Operation:
+ Galois;/Counter Mode (GCM) for Confidentiality and
+ Authentication", SP 800-38D, November 2007.
+
+7.2. Informative References
+
+ [Wang05] Wang, X., Yin, Y., and H. Yu, "Finding Collisions in the
+ Full SHA-1", CRYPTO 2005, August 2005.
+
+ [I-D.ietf-tls-ecc-new-mac]
+ Rescorla, E., "TLS Elliptic Curve Cipher Suites with SHA-
+ 256/384 and AES Galois Counter Mode", draft-ietf-tls-ecc-
+ new-mac-06 (work in progress), April 2008.
+
+ [I-D.ietf-tls-rsa-aes-gcm]
+ Salowey, J., A. Choudhury, and C. McGrew, "RSA based AES-
+ GCM Cipher Suites for TLS", draft-ietf-tls-rsa-aes-gcm-03
+ (work in progress), April 2008.
+
+
+
+
+
+
+
+
+Badra Expires October 30, 2008 [Page 7]
+
+Internet-Draft TLS PSK New MAC and AES-GCM April 2008
+
+
+Author's Addresses
+
+ Mohamad Badra
+ LIMOS Laboratory - UMR6158, CNRS
+ France
+
+ Email: badra@isima.fr
+
+
+Full Copyright Statement
+
+ Copyright (C) The IETF Trust (2008).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on
+ an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
+ REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE
+ IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL
+ WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY
+ WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE
+ ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
+ FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed
+ to pertain to the implementation or use of the technology described
+ in this document or the extent to which any license under such
+ rights might or might not be available; nor does it represent that
+ it has made any independent effort to identify any such rights.
+ Information on the procedures with respect to rights in RFC
+ documents can be found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use
+ of such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository
+ at http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+
+
+Badra Expires October 30, 2008 [Page 8]
+
+Internet-Draft TLS PSK New MAC and AES-GCM April 2008
+
+
+ this standard. Please address the information to the IETF at ietf-
+ ipr@ietf.org.
+
+Acknowledgment
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Badra Expires October 30, 2008 [Page 9]
+
diff --git a/doc/protocol/draft-ietf-netconf-tls-02.txt b/doc/protocol/draft-ietf-netconf-tls-02.txt
new file mode 100644
index 0000000000..2c37fa6a81
--- /dev/null
+++ b/doc/protocol/draft-ietf-netconf-tls-02.txt
@@ -0,0 +1,809 @@
+NETCONF Working Group Mohamad Badra
+Internet Draft LIMOS Laboratory
+Intended status: Standards Track May 27, 2008
+Expires: November 2008
+
+
+
+ NETCONF over Transport Layer Security (TLS)
+ draft-ietf-netconf-tls-02.txt
+
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html
+
+ This Internet-Draft will expire on November 27, 2008.
+
+Copyright Notice
+
+ Copyright (C) The IETF Trust (2008).
+
+Abstract
+
+ The Network Configuration Protocol (NETCONF) provides mechanisms to
+ install, manipulate, and delete the configuration of network devices.
+ This document describes how to use the Transport Layer Protocol (TLS)
+ to secure NETCONF exchanges.
+
+
+
+
+
+Badra Expires November 27, 2008 [Page 1]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+Table of Contents
+
+
+ 1. Introduction...................................................3
+ 1.1. Conventions used in this document.........................3
+ 2. NETCONF over TLS...............................................3
+ 2.1. Connection Initiation.....................................3
+ 2.2. Connection Closure........................................4
+ 3. Endpoint Authentication and Identification.....................4
+ 3.1. Server Identity...........................................5
+ 3.2. Client Identity...........................................6
+ 3.3. Password-Based Authentication.............................6
+ 4. Cipher Suite Requirements......................................7
+ 5. Security Considerations........................................7
+ 6. IANA Considerations............................................7
+ 7. Acknowledgments................................................8
+ A. Appendix - Test Vectors for the PSK Derivation Function........9
+ B. Appendix - Enabling Third Party Authentication using Passwords10
+ B.1. Working Group discussion at the 71st IETF meeting........12
+ Normative References.............................................13
+ Authors' Addresses...............................................14
+ Intellectual Property and Copyright Statements...................14
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Badra Expires November 27, 2008 [Page 2]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+1. Introduction
+ The NETCONF protocol [RFC4741] defines a simple mechanism through
+ which a network device can be managed. NETCONF is connection-
+ oriented, requiring a persistent connection between peers. This
+ connection must provide reliable, sequenced data delivery, integrity
+ and confidentiality and peers authentication. This document
+ describes how to use TLS [RFC4346] to secure NETCONF connections.
+
+ Throughout this document, the terms "client" and "server" are used to
+ refer to the two ends of the TLS connection. The client actively
+ opens the TLS connection, and the server passively listens for the
+ incoming TLS connection. The terms "manager" and "agent" are used to
+ refer to the two ends of the NETCONF protocol session. The manager
+ issues NETCONF remote procedure call (RPC) commands, and the agent
+ replies to those commands. When NETCONF is run over TLS using the
+ mapping defined in this document, the client is always the manager,
+ and the server is always the agent.
+
+1.1. Conventions used in this document
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in RFC-2119 [RFC2119].
+
+2. NETCONF over TLS
+
+ Since TLS is application protocol-independent, NETCONF can operate on
+ top of the TLS protocol transparently. This document defines how
+ NETCONF can be used within a Transport Layer Security (TLS) session.
+
+2.1. Connection Initiation
+
+ The peer acting as the NETCONF manager MUST also act as the TLS
+ client. It MUST connect to the server that passively listens for the
+ incoming TLS connection on the IANA-to-be-assigned TCP port <TBA>.
+ It MUST therefore send the TLS ClientHello to begin the TLS
+ handshake. Once the TLS handshake has been finished, the client and
+ the server MAY then send their NETCONF exchanges. In particular, the
+ client will send complete XML documents to the server containing
+ <rpc> elements, and the server will respond with complete XML
+ documents containing <rpc-reply> elements. The client MAY indicate
+ interest in receiving event notifications from a NETCONF server by
+ creating a subscription to receive event notifications [I-D.ietf--
+ netconf-notification], in which the NETCONF server replies to
+ indicate whether the subscription request was successful and, if it
+ was successful, begins sending the event notifications to the NETCONF
+ client as the events occur within the system. All these elements are
+
+
+Badra Expires November 27, 2008 [Page 3]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+ encapsulated into TLS records of type "application data". These
+ records are protected using the TLS material keys.
+
+ Current NETCONF messages don't include a message's length. This
+ document uses consequently the same delimiter sequence defined in
+ [RFC4742] and therefore the special character sequence, ]]>]]>, to
+ delimit XML documents.
+
+2.2. Connection Closure
+
+ Either NETCONF peer MAY stop the NETCONF connection at any time and
+ therefore notify the other NETCONF peer that no more data on this
+ channel will be sent and that any data received after a closure
+ request will be ignored. This MAY happen when no data is received
+ from a connection for a long time, where the application decides what
+ "long" means.
+
+ TLS has the ability for secure connection closure using the Alert
+ protocol. When the NETCONF peer closes the NETCONF connection, it
+ MUST send a TLS close_notify alert before closing the TCP connection.
+ Any data received after a closure alert is ignored.
+
+ Unless a fatal error has occurred, each party is required to send a
+ close_notify alert before closing the write side of the connection
+ [RFC4346]. The other party MUST respond with a close_notify alert of
+ its own and close down the connection immediately, discarding any
+ pending writes. It is not required for the initiator of the close to
+ wait for the responding close_notify alert before closing the read
+ side of the connection.
+
+3. Endpoint Authentication and Identification
+
+ NETCONF requires that its transport provide mutual authentication of
+ client and server, so cipher suites that are anonymous or which only
+ authenticate the server to the client MUST NOT be used with NETCONF.
+ This document specifies how to use TLS with endpoint authentication,
+ which can be based on either preshared keys [RFC4279] or public key
+ certificates [RFC4346]. Some cipher suites (e.g.
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA) use both. Section 3.1 describes
+ how the client authenticates the server if public key certificates
+ are provided by the server, section 3.2 describes how the server
+ authenticates the client if public key certificates are provided by
+ the client, and section 3.3 describes how the client and server
+ mutually authenticate one another using a password.
+
+
+
+
+
+Badra Expires November 27, 2008 [Page 4]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+3.1. Server Identity
+
+ During the TLS negotiation, the client MUST carefully examine the
+ certificate presented by the server to determine if it meets their
+ expectations. Particularly, the client MUST check its understanding
+ of the server hostname against the server's identity as presented in
+ the server Certificate message, in order to prevent man-in-the-middle
+ attacks.
+
+ Matching is performed according to these rules [RFC4642]:
+
+ - The client MUST use the server hostname it used to open the
+ connection (or the hostname specified in TLS "server_name"
+ extension [RFC4366]) as the value to compare against the server
+ name as expressed in the server certificate. The client MUST
+ NOT use any form of the server hostname derived from an
+ insecure remote source (e.g., insecure DNS lookup). CNAME
+ canonicalization is not done.
+
+ - If a subjectAltName extension of type dNSName is present in the
+ certificate, it MUST be used as the source of the server's
+ identity.
+
+ - Matching is case-insensitive.
+
+ - A "*" wildcard character MAY be used as the left-most name
+ component in the certificate. For example, *.example.com would
+ match a.example.com, foo.example.com, etc., but would not match
+ example.com.
+
+ - If the certificate contains multiple names (e.g., more than one
+ dNSName field), then a match with any one of the fields is
+ considered acceptable.
+
+ If the match fails, the client MUST either ask for explicit user
+ confirmation or terminate the connection and indicate the server's
+ identity is suspect.
+
+ Additionally, clients MUST verify the binding between the identity of
+ the servers to which they connect and the public keys presented by
+ those servers. Clients SHOULD implement the algorithm in Section 6
+ of [RFC5280] for general certificate validation, but MAY supplement
+ that algorithm with other validation methods that achieve equivalent
+ levels of verification (such as comparing the server certificate
+ against a local store of already-verified certificates and identity
+ bindings).
+
+
+
+Badra Expires November 27, 2008 [Page 5]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+ If the client has external information as to the expected identity of
+ the server, the hostname check MAY be omitted.
+
+3.2. Client Identity
+
+ Typically, the server has no external knowledge of what the client's
+ identity ought to be and so checks (other than that the client has a
+ certificate chain rooted in an appropriate CA) are not possible. If
+ a server has such knowledge (typically from some source external to
+ NETCONF or TLS) it MUST check the identity as described above.
+
+3.3. Password-Based Authentication
+
+ [RFC4279] supports authentication based on pre-shared keys (PSKs).
+ These pre-shared keys are symmetric keys, shared in advance among the
+ communicating parties.
+
+ The PSK can be generated in many ways and its length is variable.
+ Implementation of this document MAY rely on [RFC4279] to enable
+ password based user authentication. In this case, the password is
+ used to generate the PSK. It is RECOMMENDED that implementations
+ that allow the administrator to manually configure the password also
+ provide functionality for generating a new random password, taking
+ [RFC4086] into account.
+
+ This document generates the PSK from the password as follow:
+
+ PSK = SHA-1(SHA-1(psk_identity + "Key Pad for Netconf" + password) +
+ psk_identity_hint)
+
+ Where + means concatenation.
+
+ The label "Key Pad for Netconf" is an ASCII string.
+
+ The psk_identity_hint is initially defined in section 5.1 of
+ [RFC4279]. The psk_identity_hint can do double duty and also provide
+ a form of server authentication in the case where the user has the
+ same password on a number of NETCONF servers. If a hint is provided,
+ the psk_identity_hint is encoded in the same way as in [RFC4279] and
+ should be a string representation of the name of the server
+ recognizable to the administrator or his software. In the case where
+ the user types a server name to connect to, it should be that string.
+ If the string the user enters differs from the one returned as
+ psk_identity_hint, the software could display the server's name and
+ ask the user to confirm. For automated scripts, the names could be
+ expected to match. It is highly recommended that implementations set
+
+
+
+Badra Expires November 27, 2008 [Page 6]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+ the psk_identity_hint to the DNS name of the NETCONF server (i.e.,
+ the TLS server).
+
+ It is RECOMMENDED that users choose different passwords for the
+ different servers they manage.
+
+ Note 1: The NETCONF over TLS implementation need not store the
+ password in clear text, but rather can store the value of the
+ inner SHA-1 (SHA-1(SHA-1(password + psk_identity + "Key Pad for
+ Netconf") + psk_identity_hint)), which could not be used as a
+ password equivalent for applications other than NETCONF. Deriving
+ the PSK from a password is not secure. This construction is used
+ because it is anticipated that people will do it anyway.
+
+ Note 2: [RFC4279] defines some conformance requirements for the
+ PSK, for the PSK identity encoding and for the identity hint. The
+ same requirements apply here as well; in particular on the
+ password. Moreover, the management interface by which the
+ password is provided MUST accept ASCII strings of at least 64
+ octets and MUST NOT add a null terminator before using them as
+ shared secrets. It MUST also accept a HEX encoding of the
+ password. The management interface MAY accept other encodings if
+ the algorithm for translating the encoding to a binary string is
+ specified.
+
+4. Cipher Suite Requirements
+
+ A compliant implementation of the protocol specified in this document
+ MUST implement the cipher suite TLS_DHE_PSK_WITH_AES_128_CBC_SHA and
+ MAY implement any TLS cipher suite that provides mutual
+ authentication.
+
+5. Security Considerations
+
+ The security considerations described throughout [RFC4346] and
+ [RFC4279] apply here as well.
+
+ As with all schemes involving shared keys and passwords, special care
+ should be taken to protect the shared values and passwords as well as
+ to limit their exposure over time. Alternatively, using certificates
+ would provide better protection.
+
+6. IANA Considerations
+
+ IANA is requested to assign a TCP port number that will be the
+ default port for NETCONF over TLS sessions as defined in this
+ document.
+
+
+Badra Expires November 27, 2008 [Page 7]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+ IANA has assigned port <TBA> for this purpose.
+
+7. Acknowledgments
+
+ A significant amount of the text in Section 3.1 was lifted from
+ [RFC4642].
+
+ The author would like to acknowledge David Harrington, Miao Fuyou,
+ Eric Rescorla, Juergen Schoenwaelder, Simon Josefsson, Olivier
+ Coupelon and the NETCONF mailing list members for their comments on
+ the document. The author appreciates also Bert Wijnen, Mehmet Ersue
+ and Dan Romascanu for their efforts on issues resolving discussion,
+ and Charlie Kaufman for the thorough review of this document and for
+ the helpful comments on the password-based authentication.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Badra Expires November 27, 2008 [Page 8]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+A. Appendix - Test Vectors for the PSK Derivation Function
+
+ The test vectors for the PSK derivation function in this document
+ have been cross-verified by two independent implementations. An
+ implementation that concurs with the results provided in this
+ document should be interoperable with other similar implementations.
+
+ password = password
+ psk_identity = psk_identity
+ psk_identity_hint = psk_identity_hint
+
+ The inner SHA-1 value (in hex):
+
+ inner := SHA-1(password + psk_identity + "Key Pad for Netconf")
+ == SHA-1("psk_identityKey Pad for Netconfpassword")
+ => 6d6eeb6a b8d0466b 45245d07 47d86726 b41b868c
+
+ The outer SHA-1 value (in hex):
+
+ outer := SHA-1(inner + psk_identity_hint)
+ => 88f3824b 3e5659f5 2d00e959 bacab954 b6540344
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Badra Expires November 27, 2008 [Page 9]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+B. Appendix - Enabling Third Party Authentication using Passwords
+
+ During the 71st IETF meeting, several proposals have been proposed to
+ enable third party authentication that could be used in combination
+ with existing user authentication databases such as RADIUS. They are
+ listed below. More details on those proposals may be found at
+ https://www3.ietf.org/proceedings/08mar/slides/netconf-1/netconf-
+ 1.htm and
+ http://www.psg.com/lists/netconf/netconf.2008/msg00125.html.
+
+ We summarize them as following:
+
+ 1. Defining <user-login> RPC:
+ --------------------------
+
+ This option relies on JUNOS mechanism to enable an authentication
+ function via third parties. It consists of establishing a TLS with
+ no manager authentication, leaving the <request-login> RPC as the
+ only valid RPC. Anything else is an error.
+
+ Once the TLS session is established, the agent MUST authenticate
+ the manager by emitting the following <rpc> tag element:
+
+ <rpc-reply message-id="101"
+ xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
+ <challenge>Password:</challenge>
+ </rpc-reply>
+
+ In which the manager MUST reply with the following:
+
+ <rpc>
+ <request-login>
+ <challenge-response>password</challenge-response>
+ </request-login>
+ </rpc>
+
+ The rules to handle this were pretty simple:
+
+ - The <request-login> RPC could only be performed if the session
+ wasn't authenticated.
+
+ - No other RPCs could be performed if the session wasn't
+ authenticated.
+
+ - The transport protocol can authenticate the session
+ (internally).
+
+
+
+Badra Expires November 27, 2008 [Page 10]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+
+
+ Pros and cons:
+
+ o is simple to do. But
+
+ o might raise questions from the security ADs; NETCONF assumes
+ the authentication is part of the transport not NETCONF.
+
+ o only works for plaintext passwords (SASL PLAIN).
+
+ 2. Enhancing TLS:
+ --------------
+
+ The second option consists of extending TLS so the manager
+ authentication becomes part of TLS. This extension, detailed in
+ http://tools.ietf.org/id/draft-badra-tls-password-ext-01.txt,
+ defines a new extension and a new TLS message to the TLS protocol
+ to enable TLS client authentication using passwords. The extension
+ is used to convey the manager login, whereas the new message is
+ defined and sent by the manager to prove its knowledge of the
+ password.
+
+ Steps during the TLS negotiation:
+
+ - The manager adds such an extension to its TLS ClientHello.
+
+ - If the agent agrees on using this extension, it will notify
+ the manager and replies with its certificate and/or its
+ authenticated public key.
+
+ - The manager generates a premaster secret and encrypts it
+ using the agent public key.
+
+ - The manager then computes the session key using the premaster
+ secret and encrypts, among others, its password with the
+ computed key.
+
+ - The agent decrypts the premaster secret and computes the same
+ key to decrypt the password.
+
+ - The agent checks with a database (or AAA infrastructures) to
+ verify the password and then to authenticate the manager.
+
+ Pros and cons
+
+ o is simple to do. But
+
+
+Badra Expires November 27, 2008 [Page 11]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+ o It is indeed not easy to convince TLS WG to add password
+ authentication extension to TLS.
+
+ 3. Running BEEP over TLS:
+ ----------------------
+
+ It looks complex for a solution, requires that all implementations
+ do actually support BEEP.
+
+ 4. Extending NETCONF with a message to start TLS:
+ ----------------------------------------------
+
+ This option consists of extending NETCONF with a new message to
+ start the TLS negotiation and to perform an authentication
+ mechanism based on RFC4422 (SASL) or on any similar protocol.
+
+ Pros and cons
+
+ o simple to do. But
+
+ o might raise questions from the security ADs; NETCONF assumes
+ the authentication is part of the transport not NETCONF.
+ Moreover, it adds complexity related to the use of SASL
+ PLAIN.
+
+ 5. Enable SSH (RFC4742 and TLS (as defined through this document:
+ --------------------------------------------------------------
+
+ Since SSH already defines a password-based authentication and
+ because this protocol MUST be implemented as a security protocol
+ for NETCONF, users can rely on SSH for password authentication, and
+ on TLS for authentication using PSK or certificates. This means the
+ agent SHOULD passively listen for the incoming SSH (respectively
+ TLS) connection on port 830 (respectively port <TBA-by-IANA>).
+
+ Pros and cons
+
+ o simple to do.
+
+ o already specified by RFC4742 and by the current document.
+
+B.1. Working Group discussion at the 71st IETF meeting
+
+ Some of the options have been found as not practical in the WG
+ session during 71st meeting.
+
+ Options #2 and #3 have not been supported in the WG session.
+
+
+Badra Expires November 27, 2008 [Page 12]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+ Option #1 and # 4 seems to be against the security design for
+ NETCONF. Whether #5 or other options can be accepted by the WG
+ members needs to be discussed on the mailing list.
+
+Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
+ Housley, R., and W. Polk, "Internet X.509 Public Key
+ Infrastructure Certificate and Certificate Revocation List
+ (CRL) Profile", RFC 5280, May 2008.
+
+ [RFC4086] Eastlake, D., 3rd, Schiller, J., and S. Crocker,
+ "Randomness Requirements for Security", BCP 106, RFC 4086,
+ June 2005.
+
+ [RFC4279] Eronen, P. and H. Tschofenig., "Pre-Shared Key Ciphersuites
+ for Transport Layer Security (TLS)", RFC 4279, December
+ 2005.
+
+ [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security
+ (TLS) Protocol 1.1", RFC 4346, April 2006.
+
+ [RFC4366] Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J.,
+ and T. Wright, "Transport Layer Security (TLS) Extensions",
+ RFC 4366, April 2006.
+
+ [RFC4642] Murchison, K., Vinocur, J., Newman, C., "Using Transport
+ Layer Security (TLS) with Network News Transfer Protocol
+ (NNTP)", RFC 4642, October 2006
+
+ [RFC4741] Enns, R., "NETCONF Configuration Protocol", RFC 4741,
+ December 2006.
+
+ [RFC4742] Wasserman, M. and T. Goddard, "Using the NETCONF
+ Configuration Protocol over Secure Shell (SSH)", RFC 4742,
+ December 2006.
+
+ [I-D.ietf-netconf-notification]
+ Chisholm, S. and H. Trevino, "NETCONF Event Notifications",
+ draft-ietf-netconf-notification-12.txt, (work in progress),
+ February 2008.
+
+
+
+
+
+Badra Expires November 27, 2008 [Page 13]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+Authors' Addresses
+
+ Mohamad Badra
+ LIMOS Laboratory - UMR6158, CNRS
+ France
+
+ Email: badra@isima.fr
+
+Contributors
+
+ Ibrahim Hajjeh
+ INEOVATION
+ France
+
+ Email: hajjeh@ineovation.com
+
+Intellectual Property Statement
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+Disclaimer of Validity
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+
+
+Badra Expires November 27, 2008 [Page 14]
+
+Internet-Draft NETCONF over TLS May 2008
+
+
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Copyright Statement
+
+ Copyright (C) The IETF Trust (2008).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+Acknowledgment
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Badra Expires November 27, 2008 [Page 15]
+
diff --git a/doc/protocol/draft-ietf-tls-ecc-new-mac-06.txt b/doc/protocol/draft-ietf-tls-ecc-new-mac-06.txt
new file mode 100644
index 0000000000..2ac8fcaee7
--- /dev/null
+++ b/doc/protocol/draft-ietf-tls-ecc-new-mac-06.txt
@@ -0,0 +1,392 @@
+
+
+
+Network Working Group E. Rescorla
+Internet-Draft RTFM, Inc.
+Intended status: Informational April 29, 2008
+Expires: October 31, 2008
+
+
+TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter
+ Mode
+ draft-ietf-tls-ecc-new-mac-06.txt
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire on October 31, 2008.
+
+Copyright Notice
+
+ Copyright (C) The IETF Trust (2008).
+
+Abstract
+
+ RFC 4492 describes elliptic curve cipher suites for Transport Layer
+ Security (TLS). However, all those cipher suites use SHA-1 as their
+ MAC algorithm. This document describes sixteen new CipherSuites for
+ TLS/DTLS which specify stronger digest algorithms. Eight use HMAC
+ with SHA-256 or SHA-384 and eight use AES in Galois Counter Mode
+ (GCM).
+
+
+
+
+Rescorla Expires October 31, 2008 [Page 1]
+
+Internet-Draft TLS ECC New MAC April 2008
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 1.1. Conventions Used In This Document . . . . . . . . . . . . . 3
+ 2. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 2.1. HMAC-based Cipher Suites . . . . . . . . . . . . . . . . . 3
+ 2.2. Galois Counter Mode-based Cipher Suites . . . . . . . . . . 4
+ 3. Security Considerations . . . . . . . . . . . . . . . . . . . . 4
+ 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
+ 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5
+ 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5
+ 6.2. Informative References . . . . . . . . . . . . . . . . . . 6
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6
+ Intellectual Property and Copyright Statements . . . . . . . . . . 7
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rescorla Expires October 31, 2008 [Page 2]
+
+Internet-Draft TLS ECC New MAC April 2008
+
+
+1. Introduction
+
+ RFC 4492 [RFC4492] describes Elliptic Curve Cryptography (ECC) cipher
+ suites for Transport Layer Security (TLS). However, all of the RFC
+ 4492 suites use HMAC-SHA1 as their MAC algorithm. Due to recent
+ analytic work on SHA-1 [Wang05], the IETF is gradually moving away
+ from SHA-1 and towards stronger hash algorithms. This document
+ specifies TLS ECC cipher suites which use SHA-256 and SHA-384 rather
+ than SHA-1.
+
+ TLS 1.2 [I-D.ietf-tls-rfc4346-bis], adds support for authenticated
+ encryption with additional data (AEAD) cipher modes [RFC5116]. This
+ document also specifies a set of ECC cipher suites using one such
+ mode, Galois Counter Mode (GCM) [GCM]. Another document
+ [I-D.ietf-tls-rsa-aes-gcm], provides support for GCM with other key
+ establishment methods.
+
+1.1. Conventions Used In This Document
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+
+2. Cipher Suites
+
+ This document defines 8 new cipher suites to be added to TLS. All
+ use Elliptic Curve Cryptography for key exchange and digital
+ signature, as defined in RFC 4492.
+
+2.1. HMAC-based Cipher Suites
+
+ The first eight cipher suites use AES [AES] in CBC [CBC] mode with an
+ HMAC-based MAC:
+
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+
+ These eight cipher suites are the same as the corresponding cipher
+ suites in RFC 4492 (with names ending in "_SHA" in place of "_SHA256"
+ or "_SHA384"), except for the hash and PRF algorithms, which use SHA-
+ 256 and SHA-384 [SHS] as follows.
+
+
+
+Rescorla Expires October 31, 2008 [Page 3]
+
+Internet-Draft TLS ECC New MAC April 2008
+
+
+ Cipher Suite MAC PRF
+ ------------ --- ---
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 HMAC-SHA-256 P_SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 HMAC-SHA-384 P_SHA384
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 HMAC-SHA-256 P_SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 HMAC-SHA-384 P_SHA384
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 HMAC-SHA-256 P_SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 HMAC-SHA-384 P_SHA384
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 HMAC-SHA-256 P_SHA256
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 HMAC-SHA-384 P_SHA384
+
+2.2. Galois Counter Mode-based Cipher Suites
+
+ The second eight cipher suites use the same asymmetric algorithms as
+ those in the previous section but use the new authenticated
+ encryption modes defined in TLS 1.2 with AES in Galois Counter Mode
+ (GCM) [GCM]:
+
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+
+ These cipher suites use authenticated encryption with additional data
+ algorithms AEAD_AES_128_GCM and AEAD_AES_256_GCM described in
+ [RFC5116]. GCM is used as described in [I-D.ietf-tls-rsa-aes-gcm].
+
+
+ Cipher Suite PRF
+ ------------ ---
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 P_SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 P_SHA384
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 P_SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 P_SHA384
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 P_SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 P_SHA384
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 P_SHA256
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 P_SHA384
+
+
+3. Security Considerations
+
+ The security considerations in RFC 4346, RFC 4492, and
+ [I-D.ietf-tls-rsa-aes-gcm] apply to this document as well. In
+
+
+
+Rescorla Expires October 31, 2008 [Page 4]
+
+Internet-Draft TLS ECC New MAC April 2008
+
+
+ addition, as described in [I-D.ietf-tls-rsa-aes-gcm], these cipher
+ suites may only be used with TLS 1.2 or greater.
+
+
+4. IANA Considerations
+
+ IANA has assigned the following values for these cipher suites:
+
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+
+
+5. Acknowledgements
+
+ This work was supported by the US Department of Defense.
+
+ David McGrew contributed substantual sections of the GCM nonce text
+ as well as providing a review of this document.
+
+
+6. References
+
+6.1. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B.
+ Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites
+ for Transport Layer Security (TLS)", RFC 4492, May 2006.
+
+ [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated
+ Encryption", RFC 5116, January 2008.
+
+
+
+
+Rescorla Expires October 31, 2008 [Page 5]
+
+Internet-Draft TLS ECC New MAC April 2008
+
+
+ [I-D.ietf-tls-rfc4346-bis]
+ Dierks, T. and E. Rescorla, "The Transport Layer Security
+ (TLS) Protocol Version 1.2", draft-ietf-tls-rfc4346-bis-10
+ (work in progress), March 2008.
+
+ [AES] National Institute of Standards and Technology,
+ "Specification for the Advanced Encryption Standard
+ (AES)", FIPS 197, November 2001.
+
+ [SHS] National Institute of Standards and Technology, "Secure
+ Hash Standard", FIPS 180-2, August 2002.
+
+ [CBC] National Institute of Standards and Technology,
+ "Recommendation for Block Cipher Modes of Operation -
+ Methods and Techniques", SP 800-38A, December 2001.
+
+ [GCM] National Institute of Standards and Technology,
+ "Recommendation for Block Cipher Modes of Operation:
+ Galois;/Counter Mode (GCM) for Confidentiality and
+ Authentication", SP 800-38D, November 2007.
+
+6.2. Informative References
+
+ [Wang05] Wang, X., Yin, Y., and H. Yu, "Finding Collisions in the
+ Full SHA-1", CRYPTO 2005, August 2005.
+
+ [I-D.ietf-tls-rsa-aes-gcm]
+ Salowey, J., Choudhury, A., and D. McGrew, "AES-GCM Cipher
+ Suites for TLS", draft-ietf-tls-rsa-aes-gcm-03 (work in
+ progress), April 2008.
+
+
+Author's Address
+
+ Eric Rescorla
+ RTFM, Inc.
+ 2064 Edgewood Drive
+ Palo Alto 94303
+ USA
+
+ Email: ekr@rtfm.com
+
+
+
+
+
+
+
+
+
+
+Rescorla Expires October 31, 2008 [Page 6]
+
+Internet-Draft TLS ECC New MAC April 2008
+
+
+Full Copyright Statement
+
+ Copyright (C) The IETF Trust (2008).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+
+Acknowledgment
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+Rescorla Expires October 31, 2008 [Page 7]
+
diff --git a/doc/protocol/draft-ietf-tls-ecc-new-mac-07.txt b/doc/protocol/draft-ietf-tls-ecc-new-mac-07.txt
new file mode 100644
index 0000000000..774b8737f8
--- /dev/null
+++ b/doc/protocol/draft-ietf-tls-ecc-new-mac-07.txt
@@ -0,0 +1,392 @@
+
+
+
+Network Working Group E. Rescorla
+Internet-Draft RTFM, Inc.
+Intended status: Informational May 9, 2008
+Expires: November 10, 2008
+
+
+TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter
+ Mode
+ draft-ietf-tls-ecc-new-mac-07.txt
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire on November 10, 2008.
+
+Copyright Notice
+
+ Copyright (C) The IETF Trust (2008).
+
+Abstract
+
+ RFC 4492 describes elliptic curve cipher suites for Transport Layer
+ Security (TLS). However, all those cipher suites use SHA-1 as their
+ MAC algorithm. This document describes sixteen new cipher suites for
+ TLS which specify stronger digest algorithms. Eight use HMAC with
+ SHA-256 or SHA-384 and eight use AES in Galois Counter Mode (GCM).
+
+
+
+
+
+Rescorla Expires November 10, 2008 [Page 1]
+
+Internet-Draft TLS ECC New MAC May 2008
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 2. Conventions Used In This Document . . . . . . . . . . . . . . . 3
+ 3. Cipher Suites . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 3.1. HMAC-based Cipher Suites . . . . . . . . . . . . . . . . . 3
+ 3.2. Galois Counter Mode-based Cipher Suites . . . . . . . . . . 4
+ 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 4
+ 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4
+ 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5
+ 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5
+ 7.1. Normative References . . . . . . . . . . . . . . . . . . . 5
+ 7.2. Informative References . . . . . . . . . . . . . . . . . . 6
+ Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6
+ Intellectual Property and Copyright Statements . . . . . . . . . . 7
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rescorla Expires November 10, 2008 [Page 2]
+
+Internet-Draft TLS ECC New MAC May 2008
+
+
+1. Introduction
+
+ RFC 4492 [RFC4492] describes Elliptic Curve Cryptography (ECC) cipher
+ suites for Transport Layer Security (TLS). However, all of the RFC
+ 4492 suites use HMAC-SHA1 as their MAC algorithm. Due to recent
+ analytic work on SHA-1 [Wang05], the IETF is gradually moving away
+ from SHA-1 and towards stronger hash algorithms. This document
+ specifies TLS ECC cipher suites which use SHA-256 and SHA-384 [SHS]
+ rather than SHA-1.
+
+ TLS 1.2 [I-D.ietf-tls-rfc4346-bis], adds support for authenticated
+ encryption with additional data (AEAD) cipher modes [RFC5116]. This
+ document also specifies a set of ECC cipher suites using one such
+ mode, Galois Counter Mode (GCM) [GCM]. Another document
+ [I-D.ietf-tls-rsa-aes-gcm], provides support for GCM with other key
+ establishment methods.
+
+
+2. Conventions Used In This Document
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+
+3. Cipher Suites
+
+ This document defines 16 new cipher suites to be added to TLS. All
+ use Elliptic Curve Cryptography for key exchange and digital
+ signature, as defined in RFC 4492.
+
+3.1. HMAC-based Cipher Suites
+
+ The first eight cipher suites use AES [AES] in CBC [CBC] mode with an
+ HMAC-based MAC:
+
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+
+ These eight cipher suites are the same as the corresponding cipher
+ suites in RFC 4492 (with names ending in "_SHA" in place of "_SHA256"
+ or "_SHA384"), except for the hash and PRF algorithms.
+
+
+
+Rescorla Expires November 10, 2008 [Page 3]
+
+Internet-Draft TLS ECC New MAC May 2008
+
+
+ These SHALL be as follows:
+
+ o For cipher suites ending with _SHA256, the PRF is the TLS PRF
+ [I-D.ietf-tls-rfc4346-bis] with SHA-256 as the hash function. The
+ MAC is HMAC [RFC2104] with SHA-256 as the hash function.
+ o For cipher suites ending with _SHA384, the PRF is the TLS PRF
+ [I-D.ietf-tls-rfc4346-bis] with SHA-384 as the hash function. The
+ MAC is HMAC [RFC2104] with SHA-384 as the hash function.
+
+3.2. Galois Counter Mode-based Cipher Suites
+
+ The second eight cipher suites use the same asymmetric algorithms as
+ those in the previous section but use the new authenticated
+ encryption modes defined in TLS 1.2 with AES in Galois Counter Mode
+ (GCM) [GCM]:
+
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+
+ These cipher suites use authenticated encryption with additional data
+ algorithms AEAD_AES_128_GCM and AEAD_AES_256_GCM described in
+ [RFC5116]. GCM is used as described in [I-D.ietf-tls-rsa-aes-gcm].
+
+ The PRFs SHALL be as follows:
+
+ o For cipher suites ending with _SHA256, the PRF is the TLS PRF
+ [I-D.ietf-tls-rfc4346-bis] with SHA-256 as the hash function.
+ o For cipher suites ending with _SHA384, the PRF is the TLS PRF
+ [I-D.ietf-tls-rfc4346-bis] with SHA-384 as the hash function.
+
+
+4. Security Considerations
+
+ The security considerations in RFC 4346, RFC 4492, and
+ [I-D.ietf-tls-rsa-aes-gcm] apply to this document as well. In
+ addition, as described in [I-D.ietf-tls-rsa-aes-gcm], these cipher
+ suites may only be used with TLS 1.2 or greater.
+
+
+5. IANA Considerations
+
+ IANA has assigned the following values for these cipher suites:
+
+
+
+Rescorla Expires November 10, 2008 [Page 4]
+
+Internet-Draft TLS ECC New MAC May 2008
+
+
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = {0xXX,XX};
+ CipherSuite TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = {0xXX,XX};
+
+
+6. Acknowledgements
+
+ This work was supported by the US Department of Defense.
+
+ David McGrew, Pasi Eronen, and Alfred Hoenes provided reviews of this
+ document.
+
+
+7. References
+
+7.1. Normative References
+
+ [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
+ Hashing for Message Authentication", RFC 2104,
+ February 1997.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC4492] Blake-Wilson, S., Bolyard, N., Gupta, V., Hawk, C., and B.
+ Moeller, "Elliptic Curve Cryptography (ECC) Cipher Suites
+ for Transport Layer Security (TLS)", RFC 4492, May 2006.
+
+ [RFC5116] McGrew, D., "An Interface and Algorithms for Authenticated
+ Encryption", RFC 5116, January 2008.
+
+ [I-D.ietf-tls-rfc4346-bis]
+ Dierks, T. and E. Rescorla, "The Transport Layer Security
+ (TLS) Protocol Version 1.2", draft-ietf-tls-rfc4346-bis-10
+ (work in progress), March 2008.
+
+
+
+Rescorla Expires November 10, 2008 [Page 5]
+
+Internet-Draft TLS ECC New MAC May 2008
+
+
+ [I-D.ietf-tls-rsa-aes-gcm]
+ Salowey, J., Choudhury, A., and D. McGrew, "AES-GCM Cipher
+ Suites for TLS", draft-ietf-tls-rsa-aes-gcm-03 (work in
+ progress), April 2008.
+
+ [AES] National Institute of Standards and Technology,
+ "Specification for the Advanced Encryption Standard
+ (AES)", FIPS 197, November 2001.
+
+ [SHS] National Institute of Standards and Technology, "Secure
+ Hash Standard", FIPS 180-2, August 2002.
+
+ [CBC] National Institute of Standards and Technology,
+ "Recommendation for Block Cipher Modes of Operation -
+ Methods and Techniques", SP 800-38A, December 2001.
+
+ [GCM] National Institute of Standards and Technology,
+ "Recommendation for Block Cipher Modes of Operation:
+ Galois/Counter Mode (GCM) for Confidentiality and
+ Authentication", SP 800-38D, November 2007.
+
+7.2. Informative References
+
+ [Wang05] Wang, X., Yin, Y., and H. Yu, "Finding Collisions in the
+ Full SHA-1", CRYPTO 2005, August 2005.
+
+
+Author's Address
+
+ Eric Rescorla
+ RTFM, Inc.
+ 2064 Edgewood Drive
+ Palo Alto 94303
+ USA
+
+ Email: ekr@rtfm.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rescorla Expires November 10, 2008 [Page 6]
+
+Internet-Draft TLS ECC New MAC May 2008
+
+
+Full Copyright Statement
+
+ Copyright (C) The IETF Trust (2008).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+
+Acknowledgment
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+Rescorla Expires November 10, 2008 [Page 7]
+
diff --git a/doc/protocol/draft-rescorla-tls-extended-random-00.txt b/doc/protocol/draft-rescorla-tls-extended-random-00.txt
new file mode 100644
index 0000000000..5b33f74178
--- /dev/null
+++ b/doc/protocol/draft-rescorla-tls-extended-random-00.txt
@@ -0,0 +1,448 @@
+
+
+
+Network Working Group E. Rescorla
+Internet-Draft RTFM, Inc.
+Intended status: Informational M. Salter
+Expires: October 31, 2008 National Security Agency
+ April 29, 2008
+
+
+ Extended Random Values for TLS
+ draft-rescorla-tls-extended-random-00.txt
+
+Status of this Memo
+
+ By submitting this Internet-Draft, each author represents that any
+ applicable patent or other IPR claims of which he or she is aware
+ have been or will be disclosed, and any of which he or she becomes
+ aware will be disclosed, in accordance with Section 6 of BCP 79.
+
+ Internet-Drafts are working documents of the Internet Engineering
+ Task Force (IETF), its areas, and its working groups. Note that
+ other groups may also distribute working documents as Internet-
+ Drafts.
+
+ Internet-Drafts are draft documents valid for a maximum of six months
+ and may be updated, replaced, or obsoleted by other documents at any
+ time. It is inappropriate to use Internet-Drafts as reference
+ material or to cite them other than as "work in progress."
+
+ The list of current Internet-Drafts can be accessed at
+ http://www.ietf.org/ietf/1id-abstracts.txt.
+
+ The list of Internet-Draft Shadow Directories can be accessed at
+ http://www.ietf.org/shadow.html.
+
+ This Internet-Draft will expire on October 31, 2008.
+
+Copyright Notice
+
+ Copyright (C) The IETF Trust (2008).
+
+Abstract
+
+ This document describes an extension for using larger client and
+ server Random values with Transport Layer Security (TLS) and Datagram
+ TLS (DTLS).
+
+
+
+
+
+
+
+Rescorla & Salter Expires October 31, 2008 [Page 1]
+
+Internet-Draft Extended TLS Random April 2008
+
+
+Table of Contents
+
+ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
+ 2. Conventions Used In This Document . . . . . . . . . . . . . . . 3
+ 3. The ExtendedRandom Extension . . . . . . . . . . . . . . . . . 3
+ 3.1. Negotiating the ExtendedRandom Extension . . . . . . . . . 4
+ 3.2. PRF Modifications . . . . . . . . . . . . . . . . . . . . . 4
+ 4. Security Considerations . . . . . . . . . . . . . . . . . . . . 5
+ 4.1. Threats to TLS . . . . . . . . . . . . . . . . . . . . . . 5
+ 4.2. Scope of Randomness . . . . . . . . . . . . . . . . . . . . 5
+ 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5
+ 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 6
+ 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
+ 7.1. Normative References . . . . . . . . . . . . . . . . . . . 6
+ 7.2. Informative References . . . . . . . . . . . . . . . . . . 6
+ Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 6
+ Intellectual Property and Copyright Statements . . . . . . . . . . 8
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rescorla & Salter Expires October 31, 2008 [Page 2]
+
+Internet-Draft Extended TLS Random April 2008
+
+
+1. Introduction
+
+ TLS [I-D.ietf-tls-rfc4346-bis] and DTLS [RFC4347] use a 32-byte
+ "Random" value consisting of a 32-bit time value time and 28 randomly
+ generated bytes:
+
+ struct {
+ uint32 gmt_unix_time;
+ opaque random_bytes[28];
+ } Random;
+
+ The client and server each contribute a Random value which is then
+ mixed with secret keying material to produce the final per-
+ association keying material.
+
+ The United States Department of Defense has requested a TLS mode
+ which allows the use of longer public randomness values for use with
+ high security level cipher suites like those specified in Suite B
+ [I-D.rescorla-tls-suiteb]. The rationale for this as stated by DoD
+ is that the public randomness for each side should be at least twice
+ as long as the security level for cryptographic parity, which makes
+ the 224 bits of randomness provided by the current TLS random values
+ insufficient.
+
+ This document specifies an extension which allows for additional
+ randomness to be exchanged in the Hello messages.
+
+
+2. Conventions Used In This Document
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+
+3. The ExtendedRandom Extension
+
+ This document defines a new TLS extension called "extended_random".
+
+ The "extended_random" extension carried in a new TLS extension called
+ "ExtendedRandom".
+
+ struct {
+ opaque extended_random_value<0..2^16-1>;
+ } ExtendedRandom;
+
+ The extended_random_value MUST be a randomly generated byte string.
+ A cryptographically secure PRNG [RFC4086] SHOULD be used.
+
+
+
+Rescorla & Salter Expires October 31, 2008 [Page 3]
+
+Internet-Draft Extended TLS Random April 2008
+
+
+3.1. Negotiating the ExtendedRandom Extension
+
+ The client requests support for the extended randomness feature by
+ sending an "extended_random" extension in its ClientHello. The
+ "extension_data" field contains an ExtendedRandom value.
+
+ When a server which does not recognize the "extended_random"
+ extension receives one, it will ignore it as required. A server
+ which recognizes the extension MAY choose to ignore it, in which case
+ it SHOULD continue with the exchange as if it had not received the
+ extension.
+
+ If the server wishes to use the extended randomness feature, it MUST
+ send its own "extended_random" extension with an
+ extended_random_value equal in length to the client's
+ extended_random_value. Clients SHOULD check the length of the
+ server's extended_random_value and generate a fatal
+ "illegal_parameter" error if it is present but does does not match
+ the length that was transmitted in the ClientHello.
+
+ Because TLS does not permit servers to request extensions which the
+ client did not offer, the client may not offer the "extended_random"
+ extension even if the server requires it. In this case, the server
+ should generate a fatal "handshake_failure" alert.
+
+ Because there is no way to mark extensions as critical, the server
+ may ignore the "extended_random" extension even though the client
+ requires it. If a client requires the extended randomness input
+ feature but the server does not negotiate it, the client SHOULD
+ generate a fatal "handshake_failure" alert.
+
+3.2. PRF Modifications
+
+ When the extended randomness feature is in use, the extended random
+ values MUST be mixed into the PRF along with the client and server
+ random values during the PMS->MS conversion. Thus, the PRF becomes:
+
+ master_secret = PRF(pre_master_secret, "master secret",
+ ClientHello.random +
+ ClientHello.extended_random_value +
+ ServerHello.random +
+ ServerHello.extended_random_value)[0..47];
+
+ Because new extensions may not be introduced in resumed handshakes,
+ mixing in the extended inputs during the MS->keying material
+ conversion would simply involve mixing in the same material twice.
+ Therefore, the extended random inputs are only used when the PMS is
+ converted into the MS.
+
+
+
+Rescorla & Salter Expires October 31, 2008 [Page 4]
+
+Internet-Draft Extended TLS Random April 2008
+
+
+4. Security Considerations
+
+4.1. Threats to TLS
+
+ When this extension is in use it increases the amount of data that an
+ attacker can inject into the PRF. This potentially would allow an
+ attacker who had partially compromised the PRF greater scope for
+ influencing the output. Hash-based PRFs like the one in TLS are
+ designed to be fairly indifferent to the input size (the input is
+ already greater than the block size of most hash functions), however
+ there is currently no proof that a larger input space would not make
+ attacks easier.
+
+ Another concern is that bad implementations might generate low
+ entropy extented random values. TLS is designed to function
+ correctly even when fed low-entropy random values because they are
+ primarily used to generate distinct keying material for each
+ connection.
+
+4.2. Scope of Randomness
+
+ TLS specifies that when a session is resumed the extensions from the
+ original connection are used:
+
+ If, on the other hand, the older session is resumed, then the
+ server MUST ignore the extensions and send a server hello
+ containing none of the extension types. In this case, the
+ functionality of these extensions negotiated during the original
+ session initiation is applied to the resumed session.
+
+ This motivates why the the extended randomness does not get mixed
+ into the PRF when generating the keying material from the master
+ secret. Because the same values would be used for every connection
+ in a session, they would not provide any differentiation in the
+ keying material between the connections.
+
+
+5. IANA Considerations
+
+ This document defines an extension to TLS, in accordance with
+ [I-D.ietf-tls-rfc4366-bis]:
+
+ enum { extended_random (??) } ExtensionType;
+
+ [[ NOTE: These values need to be assigned by IANA ]]
+
+
+
+
+
+
+Rescorla & Salter Expires October 31, 2008 [Page 5]
+
+Internet-Draft Extended TLS Random April 2008
+
+
+6. Acknowledgements
+
+ This work was supported by the US Department of Defense.
+
+
+7. References
+
+7.1. Normative References
+
+ [I-D.ietf-tls-rfc4346-bis]
+ Dierks, T. and E. Rescorla, "The Transport Layer Security
+ (TLS) Protocol Version 1.2", draft-ietf-tls-rfc4346-bis-10
+ (work in progress), March 2008.
+
+ [RFC4086] Eastlake, D., Schiller, J., and S. Crocker, "Randomness
+ Requirements for Security", BCP 106, RFC 4086, June 2005.
+
+7.2. Informative References
+
+ [I-D.ietf-tls-rfc4366-bis]
+ 3rd, D., "Transport Layer Security (TLS) Extensions:
+ Extension Definitions", draft-ietf-tls-rfc4366-bis-02
+ (work in progress), February 2008.
+
+ [I-D.rescorla-tls-suiteb]
+ Salter, M. and E. Rescorla, "Suite B Cipher Suites for
+ TLS", draft-rescorla-tls-suiteb-02 (work in progress),
+ April 2008.
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
+ Security", RFC 4347, April 2006.
+
+
+Authors' Addresses
+
+ Eric Rescorla
+ RTFM, Inc.
+ 2064 Edgewood Drive
+ Palo Alto, CA 94303
+ USA
+
+ Email: ekr@rtfm.com
+
+
+
+
+
+
+Rescorla & Salter Expires October 31, 2008 [Page 6]
+
+Internet-Draft Extended TLS Random April 2008
+
+
+ Margaret Salter
+ National Security Agency
+ 9800 Savage Rd.
+ Fort Meade 20755-6709
+ USA
+
+ Email: msalter@restarea.ncsc.mil
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Rescorla & Salter Expires October 31, 2008 [Page 7]
+
+Internet-Draft Extended TLS Random April 2008
+
+
+Full Copyright Statement
+
+ Copyright (C) The IETF Trust (2008).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+ THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+ OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+ THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at
+ ietf-ipr@ietf.org.
+
+
+Acknowledgment
+
+ Funding for the RFC Editor function is provided by the IETF
+ Administrative Support Activity (IASA).
+
+
+
+
+
+Rescorla & Salter Expires October 31, 2008 [Page 8]
+
diff --git a/doc/reference/gnutls-docs.sgml b/doc/reference/gnutls-docs.sgml
index cbd9951a91..c418ae9f1e 100644
--- a/doc/reference/gnutls-docs.sgml
+++ b/doc/reference/gnutls-docs.sgml
@@ -33,4 +33,10 @@
<index>
<title>Index</title>
</index>
+ <index role="deprecated">
+ <title>Index of deprecated symbols</title>
+ </index>
+ <index role="2.4.0">
+ <title>Index of new symbols in 2.4.0</title>
+ </index>
</book>
diff --git a/gl/gnulib.mk b/gl/gnulib.mk
index fe4f35bb7a..36476a121e 100644
--- a/gl/gnulib.mk
+++ b/gl/gnulib.mk
@@ -9,8 +9,7 @@
# the same distribution terms as the rest of that program.
#
# Generated by gnulib-tool.
-# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --aux-dir=build-aux --avoid=fseeko --avoid=gettext-h --avoid=malloc-posix --avoid=realloc-posix --avoid=snprintf --avoid=stdbool --avoid=stdio --avoid=string --avoid=sys_socket --avoid=unistd --avoid=vasnprintf --makefile-name=gnulib.mk --libtool --macro-prefix=gl --no-vc-files arpa_inet error fdl gendocs getaddrinfo getline getpass gnupload gpl-3.0 inet_ntop inet_pton lgpl-2.1 maintainer-makefile progname readline version-etc-fsf
-
+# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --aux-dir=build-aux --avoid=fseeko --avoid=gettext-h --avoid=malloc-posix --avoid=realloc-posix --avoid=snprintf --avoid=stdbool --avoid=stdio --avoid=string --avoid=sys_socket --avoid=unistd --avoid=vasnprintf --makefile-name=gnulib.mk --libtool --macro-prefix=gl --no-vc-files arpa_inet autobuild error fdl gendocs getaddrinfo getline getpass-gnu gnupload gpl-3.0 inet_ntop inet_pton lgpl-2.1 maintainer-makefile progname readline version-etc-fsf
MOSTLYCLEANFILES += core *.stackdump
@@ -32,9 +31,13 @@ arpa/inet.h:
@MKDIR_P@ arpa
rm -f $@-t $@
{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
- sed \
+ sed -e 's/@''INCLUDE_NEXT''@/$(INCLUDE_NEXT)/g' \
+ -e 's|@''NEXT_ARPA_INET_H''@|$(NEXT_ARPA_INET_H)|g' \
+ -e 's|@''HAVE_ARPA_INET_H''@|$(HAVE_ARPA_INET_H)|g' \
-e 's|@''GNULIB_INET_NTOP''@|$(GNULIB_INET_NTOP)|g' \
-e 's|@''GNULIB_INET_PTON''@|$(GNULIB_INET_PTON)|g' \
+ -e 's|@''HAVE_DECL_INET_NTOP''@|$(HAVE_DECL_INET_NTOP)|g' \
+ -e 's|@''HAVE_DECL_INET_PTON''@|$(HAVE_DECL_INET_PTON)|g' \
< $(srcdir)/arpa_inet.in.h; \
} > $@-t
mv $@-t $@
@@ -88,14 +91,14 @@ EXTRA_libgnu_la_SOURCES += getline.c
## end gnulib module getline
-## begin gnulib module getpass
+## begin gnulib module getpass-gnu
EXTRA_DIST += getpass.c getpass.h
EXTRA_libgnu_la_SOURCES += getpass.c
-## end gnulib module getpass
+## end gnulib module getpass-gnu
## begin gnulib module gnumakefile
@@ -124,7 +127,7 @@ EXTRA_DIST += $(top_srcdir)/build-aux/config.rpath
## begin gnulib module inet_ntop
-EXTRA_DIST += inet_ntop.c inet_ntop.h
+EXTRA_DIST += inet_ntop.c
EXTRA_libgnu_la_SOURCES += inet_ntop.c
@@ -133,7 +136,7 @@ EXTRA_libgnu_la_SOURCES += inet_ntop.c
## begin gnulib module inet_pton
-EXTRA_DIST += inet_pton.c inet_pton.h
+EXTRA_DIST += inet_pton.c
EXTRA_libgnu_la_SOURCES += inet_pton.c
diff --git a/gl/inet_ntop.h b/gl/inet_ntop.h
deleted file mode 100644
index 2897bb4069..0000000000
--- a/gl/inet_ntop.h
+++ /dev/null
@@ -1,42 +0,0 @@
-/* Convert internet address from internal to printable, presentable format.
- Copyright (C) 2005, 2006 Free Software Foundation, Inc.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3, or (at your option)
- any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software Foundation,
- Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-/* Converts an internet address from internal format to a printable,
- presentable format.
- AF is an internet address family, such as AF_INET or AF_INET6.
- SRC points to a 'struct in_addr' (for AF_INET) or 'struct in6_addr'
- (for AF_INET6).
- DST points to a buffer having room for CNT bytes.
- The printable representation of the address (in numeric form, not
- surrounded by [...], no reverse DNS is done) is placed in DST, and
- DST is returned. If an error occurs, the return value is NULL and
- errno is set. If CNT bytes are not sufficient to hold the result,
- the return value is NULL and errno is set to ENOSPC. A good value
- for CNT is 46.
-
- For more details, see the POSIX:2001 specification
- <http://www.opengroup.org/susv3xsh/inet_ntop.html>. */
-
-#if !HAVE_DECL_INET_NTOP
-extern const char *inet_ntop (int af, const void *restrict src,
- char *restrict dst, socklen_t cnt);
-#endif
diff --git a/gl/inet_pton.h b/gl/inet_pton.h
deleted file mode 100644
index 3335cb8cfa..0000000000
--- a/gl/inet_pton.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/* Convert internet address from text to binary format.
- Copyright (C) 2005, 2006 Free Software Foundation, Inc.
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>. */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#if !HAVE_DECL_INET_PTON
-extern int inet_pton (int af, const char *restrict src, void *restrict dst);
-#endif
diff --git a/gl/m4/autobuild.m4 b/gl/m4/autobuild.m4
new file mode 100644
index 0000000000..70505c61da
--- /dev/null
+++ b/gl/m4/autobuild.m4
@@ -0,0 +1,39 @@
+# autobuild.m4 serial 5
+dnl Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Simon Josefsson
+
+# Usage: AB_INIT([MODE]).
+AC_DEFUN([AB_INIT],
+[
+ AC_REQUIRE([AC_CANONICAL_BUILD])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+
+ if test -z "$AB_PACKAGE"; then
+ AB_PACKAGE=${PACKAGE_NAME:-$PACKAGE}
+ fi
+ AC_MSG_NOTICE([autobuild project... $AB_PACKAGE])
+
+ if test -z "$AB_VERSION"; then
+ AB_VERSION=${PACKAGE_VERSION:-$VERSION}
+ fi
+ AC_MSG_NOTICE([autobuild revision... $AB_VERSION])
+
+ hostname=`hostname`
+ if test "$hostname"; then
+ AC_MSG_NOTICE([autobuild hostname... $hostname])
+ fi
+
+ ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])])
+
+ date=`date +%Y%m%d-%H%M%S`
+ if test "$?" != 0; then
+ date=`date`
+ fi
+ if test "$date"; then
+ AC_MSG_NOTICE([autobuild timestamp... $date])
+ fi
+])
diff --git a/guile/src/core.c b/guile/src/core.c
index ca544d4a6b..fdaca363f9 100644
--- a/guile/src/core.c
+++ b/guile/src/core.c
@@ -578,6 +578,7 @@ SCM_DEFINE (scm_gnutls_set_session_credentials_x, "set-session-credentials!",
FUNC_NAME);
err = gnutls_credentials_set (c_session, GNUTLS_CRD_ANON, c_cred);
}
+#ifdef ENABLE_SRP
else if (SCM_SMOB_PREDICATE (scm_tc16_gnutls_srp_client_credentials,
cred))
{
@@ -596,6 +597,7 @@ SCM_DEFINE (scm_gnutls_set_session_credentials_x, "set-session-credentials!",
FUNC_NAME);
err = gnutls_credentials_set (c_session, GNUTLS_CRD_SRP, c_cred);
}
+#endif
else if (SCM_SMOB_PREDICATE (scm_tc16_gnutls_psk_client_credentials,
cred))
{
@@ -1751,6 +1753,7 @@ SCM_DEFINE (scm_gnutls_peer_certificate_status, "peer-certificate-status",
/* SRP credentials. */
+#ifdef ENABLE_SRP
SCM_DEFINE (scm_gnutls_make_srp_server_credentials,
"make-srp-server-credentials",
0, 0, 0,
@@ -1990,6 +1993,7 @@ SCM_DEFINE (scm_gnutls_srp_base64_decode, "srp-base64-decode",
return (scm_from_locale_string (c_result));
}
#undef FUNC_NAME
+#endif /* ENABLE_SRP */
/* PSK credentials. */
diff --git a/guile/tests/Makefile.am b/guile/tests/Makefile.am
index b0109217f4..ce597290c2 100644
--- a/guile/tests/Makefile.am
+++ b/guile/tests/Makefile.am
@@ -1,5 +1,5 @@
# GNUTLS -- Guile bindings for GnuTLS.
-# Copyright (C) 2007 Free Software Foundation
+# Copyright (C) 2007, 2008 Free Software Foundation
#
# GNUTLS is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -17,10 +17,17 @@
TESTS = anonymous-auth.scm session-record-port.scm \
pkcs-import-export.scm \
- openpgp-keys.scm openpgp-keyring.scm openpgp-auth.scm \
- srp-base64.scm errors.scm \
+ errors.scm \
x509-certificates.scm x509-auth.scm
+if ENABLE_OPENPGP
+TESTS += openpgp-keys.scm openpgp-keyring.scm openpgp-auth.scm
+endif
+
+if ENABLE_SRP
+TESTS += srp-base64.scm
+endif
+
TESTS_ENVIRONMENT = $(top_builddir)/guile/pre-inst-guile -L $(srcdir)
diff --git a/includes/gnutls/crypto.h b/includes/gnutls/crypto.h
index a94eef62e7..6c501cd9bc 100644
--- a/includes/gnutls/crypto.h
+++ b/includes/gnutls/crypto.h
@@ -92,6 +92,7 @@ typedef enum
{
GNUTLS_MPI_FORMAT_USG = 0, /* raw unsigned integer format */
GNUTLS_MPI_FORMAT_STD = 1, /* raw signed integer format - always a leading zero when positive */
+ GNUTLS_MPI_FORMAT_PGP = 2, /* the pgp integer format */
} gnutls_bigint_format_t;
typedef struct
diff --git a/lgl/m4/strcase.m4 b/lgl/m4/strcase.m4
new file mode 100644
index 0000000000..79c525c110
--- /dev/null
+++ b/lgl/m4/strcase.m4
@@ -0,0 +1,44 @@
+# strcase.m4 serial 9
+dnl Copyright (C) 2002, 2005-2008 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_STRCASE],
+[
+ gl_FUNC_STRCASECMP
+ gl_FUNC_STRNCASECMP
+])
+
+AC_DEFUN([gl_FUNC_STRCASECMP],
+[
+ AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+ AC_REPLACE_FUNCS(strcasecmp)
+ if test $ac_cv_func_strcasecmp = no; then
+ HAVE_STRCASECMP=0
+ gl_PREREQ_STRCASECMP
+ fi
+])
+
+AC_DEFUN([gl_FUNC_STRNCASECMP],
+[
+ AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+ AC_REPLACE_FUNCS(strncasecmp)
+ if test $ac_cv_func_strncasecmp = no; then
+ gl_PREREQ_STRNCASECMP
+ fi
+ AC_CHECK_DECLS(strncasecmp)
+ if test $ac_cv_have_decl_strncasecmp = no; then
+ HAVE_DECL_STRNCASECMP=0
+ fi
+])
+
+# Prerequisites of lib/strcasecmp.c.
+AC_DEFUN([gl_PREREQ_STRCASECMP], [
+ :
+])
+
+# Prerequisites of lib/strncasecmp.c.
+AC_DEFUN([gl_PREREQ_STRNCASECMP], [
+ :
+])
diff --git a/lgl/m4/strings_h.m4 b/lgl/m4/strings_h.m4
new file mode 100644
index 0000000000..03ac182f33
--- /dev/null
+++ b/lgl/m4/strings_h.m4
@@ -0,0 +1,33 @@
+# Configure a replacement for <string.h>.
+
+# Copyright (C) 2007 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_HEADER_STRINGS_H],
+[
+ dnl Use AC_REQUIRE here, so that the default behavior below is expanded
+ dnl once only, before all statements that occur in other macros.
+ AC_REQUIRE([gl_HEADER_STRINGS_H_BODY])
+])
+
+AC_DEFUN([gl_HEADER_STRINGS_H_BODY],
+[
+ AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+ gl_CHECK_NEXT_HEADERS([strings.h])
+])
+
+AC_DEFUN([gl_STRINGS_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+ GNULIB_[]m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./-],[ABCDEFGHIJKLMNOPQRSTUVWXYZ___])=1
+])
+
+AC_DEFUN([gl_HEADER_STRINGS_H_DEFAULTS],
+[
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE_STRCASECMP=1; AC_SUBST([HAVE_STRCASECMP])
+ HAVE_DECL_STRNCASECMP=1; AC_SUBST([HAVE_DECL_STRNCASECMP])
+])
diff --git a/lgl/stdio-impl.h b/lgl/stdio-impl.h
new file mode 100644
index 0000000000..e52a7d8840
--- /dev/null
+++ b/lgl/stdio-impl.h
@@ -0,0 +1,94 @@
+/* Implementation details of FILE streams.
+ Copyright (C) 2007-2008 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Many stdio implementations have the same logic and therefore can share
+ the same implementation of stdio extension API, except that some fields
+ have different naming conventions, or their access requires some casts. */
+
+
+/* BSD stdio derived implementations. */
+
+#if defined __sferror || defined __DragonFly__ /* FreeBSD, NetBSD, OpenBSD, DragonFly, MacOS X, Cygwin */
+
+# if defined __DragonFly__ /* DragonFly */
+ /* See <http://www.dragonflybsd.org/cvsweb/src/lib/libc/stdio/priv_stdio.h?rev=HEAD&content-type=text/x-cvsweb-markup>. */
+# define fp_ ((struct { struct __FILE_public pub; \
+ struct { unsigned char *_base; int _size; } _bf; \
+ void *cookie; \
+ void *_close; \
+ void *_read; \
+ void *_seek; \
+ void *_write; \
+ struct { unsigned char *_base; int _size; } _ub; \
+ int _ur; \
+ unsigned char _ubuf[3]; \
+ unsigned char _nbuf[1]; \
+ struct { unsigned char *_base; int _size; } _lb; \
+ int _blksize; \
+ fpos_t _offset; \
+ /* More fields, not relevant here. */ \
+ } *) fp)
+ /* See <http://www.dragonflybsd.org/cvsweb/src/include/stdio.h?rev=HEAD&content-type=text/x-cvsweb-markup>. */
+# define _p pub._p
+# define _flags pub._flags
+# define _r pub._r
+# define _w pub._w
+# else
+# define fp_ fp
+# endif
+
+# if defined __NetBSD__ || defined __OpenBSD__ /* NetBSD, OpenBSD */
+ /* See <http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdio/fileext.h?rev=HEAD&content-type=text/x-cvsweb-markup>
+ and <http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdio/fileext.h?rev=HEAD&content-type=text/x-cvsweb-markup> */
+ struct __sfileext
+ {
+ struct __sbuf _ub; /* ungetc buffer */
+ /* More fields, not relevant here. */
+ };
+# define fp_ub ((struct __sfileext *) fp->_ext._base)->_ub
+# else /* FreeBSD, DragonFly, MacOS X, Cygwin */
+# define fp_ub fp_->_ub
+# endif
+
+# define HASUB(fp) (fp_ub._base != NULL)
+
+#endif
+
+
+/* SystemV derived implementations. */
+
+#if defined _IOERR
+
+# if defined __sun && defined _LP64 /* Solaris/{SPARC,AMD64} 64-bit */
+# define fp_ ((struct { unsigned char *_ptr; \
+ unsigned char *_base; \
+ unsigned char *_end; \
+ long _cnt; \
+ int _file; \
+ unsigned int _flag; \
+ } *) fp)
+# else
+# define fp_ fp
+# endif
+
+# if defined _SCO_DS /* OpenServer */
+# define _cnt __cnt
+# define _ptr __ptr
+# define _base __base
+# define _flag __flag
+# endif
+
+#endif
diff --git a/lgl/strcasecmp.c b/lgl/strcasecmp.c
new file mode 100644
index 0000000000..065c9e378d
--- /dev/null
+++ b/lgl/strcasecmp.c
@@ -0,0 +1,63 @@
+/* Case-insensitive string comparison function.
+ Copyright (C) 1998-1999, 2005-2007 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#include <string.h>
+
+#include <ctype.h>
+#include <limits.h>
+
+#define TOLOWER(Ch) (isupper (Ch) ? tolower (Ch) : (Ch))
+
+/* Compare strings S1 and S2, ignoring case, returning less than, equal to or
+ greater than zero if S1 is lexicographically less than, equal to or greater
+ than S2.
+ Note: This function does not work with multibyte strings! */
+
+int
+strcasecmp (const char *s1, const char *s2)
+{
+ const unsigned char *p1 = (const unsigned char *) s1;
+ const unsigned char *p2 = (const unsigned char *) s2;
+ unsigned char c1, c2;
+
+ if (p1 == p2)
+ return 0;
+
+ do
+ {
+ c1 = TOLOWER (*p1);
+ c2 = TOLOWER (*p2);
+
+ if (c1 == '\0')
+ break;
+
+ ++p1;
+ ++p2;
+ }
+ while (c1 == c2);
+
+ if (UCHAR_MAX <= INT_MAX)
+ return c1 - c2;
+ else
+ /* On machines where 'char' and 'int' are types of the same size, the
+ difference of two 'unsigned char' values - including the sign bit -
+ doesn't fit in an 'int'. */
+ return (c1 > c2 ? 1 : c1 < c2 ? -1 : 0);
+}
diff --git a/lgl/strings.in.h b/lgl/strings.in.h
new file mode 100644
index 0000000000..9f023eb34e
--- /dev/null
+++ b/lgl/strings.in.h
@@ -0,0 +1,86 @@
+/* A substitute <strings.h>.
+
+ Copyright (C) 2007 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _GL_STRINGS_H
+
+/* The include_next requires a split double-inclusion guard. */
+#@INCLUDE_NEXT@ @NEXT_STRINGS_H@
+
+#ifndef _GL_STRINGS_H
+#define _GL_STRINGS_H
+
+
+/* The definition of GL_LINK_WARNING is copied here. */
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/* Compare strings S1 and S2, ignoring case, returning less than, equal to or
+ greater than zero if S1 is lexicographically less than, equal to or greater
+ than S2.
+ Note: This function does not work in multibyte locales. */
+#if ! @HAVE_STRCASECMP@
+extern int strcasecmp (char const *s1, char const *s2);
+#endif
+#if defined GNULIB_POSIXCHECK
+/* strcasecmp() does not work with multibyte strings:
+ POSIX says that it operates on "strings", and "string" in POSIX is defined
+ as a sequence of bytes, not of characters. */
+# undef strcasecmp
+# define strcasecmp(a,b) \
+ (GL_LINK_WARNING ("strcasecmp cannot work correctly on character strings " \
+ "in multibyte locales - " \
+ "use mbscasecmp if you care about " \
+ "internationalization, or use c_strcasecmp (from " \
+ "gnulib module c-strcase) if you want a locale " \
+ "independent function"), \
+ strcasecmp (a, b))
+#endif
+
+/* Compare no more than N bytes of strings S1 and S2, ignoring case,
+ returning less than, equal to or greater than zero if S1 is
+ lexicographically less than, equal to or greater than S2.
+ Note: This function cannot work correctly in multibyte locales. */
+#if ! @HAVE_DECL_STRNCASECMP@
+extern int strncasecmp (char const *s1, char const *s2, size_t n);
+#endif
+#if defined GNULIB_POSIXCHECK
+/* strncasecmp() does not work with multibyte strings:
+ POSIX says that it operates on "strings", and "string" in POSIX is defined
+ as a sequence of bytes, not of characters. */
+# undef strncasecmp
+# define strncasecmp(a,b,n) \
+ (GL_LINK_WARNING ("strncasecmp cannot work correctly on character " \
+ "strings in multibyte locales - " \
+ "use mbsncasecmp or mbspcasecmp if you care about " \
+ "internationalization, or use c_strncasecmp (from " \
+ "gnulib module c-strcase) if you want a locale " \
+ "independent function"), \
+ strncasecmp (a, b, n))
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _GL_STRING_H */
+#endif /* _GL_STRING_H */
diff --git a/lgl/strncasecmp.c b/lgl/strncasecmp.c
new file mode 100644
index 0000000000..5b2af35fd9
--- /dev/null
+++ b/lgl/strncasecmp.c
@@ -0,0 +1,63 @@
+/* strncasecmp.c -- case insensitive string comparator
+ Copyright (C) 1998-1999, 2005-2007 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#include <string.h>
+
+#include <ctype.h>
+#include <limits.h>
+
+#define TOLOWER(Ch) (isupper (Ch) ? tolower (Ch) : (Ch))
+
+/* Compare no more than N bytes of strings S1 and S2, ignoring case,
+ returning less than, equal to or greater than zero if S1 is
+ lexicographically less than, equal to or greater than S2.
+ Note: This function cannot work correctly in multibyte locales. */
+
+int
+strncasecmp (const char *s1, const char *s2, size_t n)
+{
+ register const unsigned char *p1 = (const unsigned char *) s1;
+ register const unsigned char *p2 = (const unsigned char *) s2;
+ unsigned char c1, c2;
+
+ if (p1 == p2 || n == 0)
+ return 0;
+
+ do
+ {
+ c1 = TOLOWER (*p1);
+ c2 = TOLOWER (*p2);
+
+ if (--n == 0 || c1 == '\0')
+ break;
+
+ ++p1;
+ ++p2;
+ }
+ while (c1 == c2);
+
+ if (UCHAR_MAX <= INT_MAX)
+ return c1 - c2;
+ else
+ /* On machines where 'char' and 'int' are types of the same size, the
+ difference of two 'unsigned char' values - including the sign bit -
+ doesn't fit in an 'int'. */
+ return (c1 > c2 ? 1 : c1 < c2 ? -1 : 0);
+}
diff --git a/m4/autobuild.m4 b/m4/autobuild.m4
deleted file mode 100644
index bd1f4dc1b0..0000000000
--- a/m4/autobuild.m4
+++ /dev/null
@@ -1,34 +0,0 @@
-# autobuild.m4 serial 2 (autobuild-3.3)
-# Copyright (C) 2004 Simon Josefsson
-#
-# This file is free software, distributed under the terms of the GNU
-# General Public License. As a special exception to the GNU General
-# Public License, this file may be distributed as part of a program
-# that contains a configuration script generated by Autoconf, under
-# the same distribution terms as the rest of that program.
-#
-# This file can can be used in projects which are not available under
-# the GNU General Public License or the GNU Library General Public
-# License but which still want to provide support for Autobuild.
-
-# Usage: AB_INIT([MODE]).
-AC_DEFUN([AB_INIT],
-[
- AC_REQUIRE([AC_CANONICAL_BUILD])
- AC_REQUIRE([AC_CANONICAL_HOST])
-
- AC_MSG_NOTICE([autobuild project... ${PACKAGE_NAME:-$PACKAGE}])
- AC_MSG_NOTICE([autobuild revision... ${PACKAGE_VERSION:-$VERSION}])
- hostname=`hostname`
- if test "$hostname"; then
- AC_MSG_NOTICE([autobuild hostname... $hostname])
- fi
- ifelse([$1],[],,[AC_MSG_NOTICE([autobuild mode... $1])])
- date=`date +%Y%m%d-%H%M%S`
- if test "$?" != 0; then
- date=`date`
- fi
- if test "$date"; then
- AC_MSG_NOTICE([autobuild timestamp... $date])
- fi
-])
diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
index 20bd105561..854eaaa8cc 100644
--- a/m4/libgcrypt.m4
+++ b/m4/libgcrypt.m4
@@ -74,7 +74,7 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
fi
fi
if test $ok = yes; then
- AC_MSG_RESULT(yes)
+ AC_MSG_RESULT([yes ($libgcrypt_config_version)])
else
AC_MSG_RESULT(no)
fi
@@ -86,10 +86,10 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
if test "$tmp" -gt 0 ; then
AC_MSG_CHECKING([LIBGCRYPT API version])
if test "$req_libgcrypt_api" -eq "$tmp" ; then
- AC_MSG_RESULT(okay)
+ AC_MSG_RESULT([okay])
else
ok=no
- AC_MSG_RESULT([does not match (want=$req_libgcrypt_api got=$tmp)])
+ AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
fi
fi
fi
diff --git a/maint.mk b/maint.mk
index 662b37174f..4d74e19efc 100644
--- a/maint.mk
+++ b/maint.mk
@@ -20,7 +20,7 @@
ME := maint.mk
# List of all C-like source code files that will be tested for
-# stylistic "errors". You may want to define this to something
+# stylistic "errors". You may want to define this to something
# more complex in Makefile.cfg.
C_SOURCES ?= $(shell find . -name '*.[chly]')
diff --git a/po/LINGUAS b/po/LINGUAS
index 60321cc3c6..8ad4382b4e 100644
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -5,3 +5,4 @@ ms
nl
pl
sv
+vi
diff --git a/po/POTFILES.in b/po/POTFILES.in
index ea547192de..0e8e53f22b 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -1,3 +1,4 @@
# List of source files which contain translatable strings.
lib/gnutls_errors.c
lib/x509/output.c
+lib/openpgp/output.c
diff --git a/po/vi.po.in b/po/vi.po.in
new file mode 100644
index 0000000000..7b71fa38b0
--- /dev/null
+++ b/po/vi.po.in
@@ -0,0 +1,756 @@
+# Vietnamese translation for GnuTLS.
+# Copyright © 2008 Free Software Foundation, Inc.
+# This file is distributed under the same license as the gnutls-2.3.8 package.
+# Clytie Siddall <clytie@riverland.net.au>, 2008.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnutls 2.3.8\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2008-04-29 12:24+0200\n"
+"PO-Revision-Date: 2008-05-02 16:39+0930\n"
+"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
+"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: LocFactoryEditor 1.7b3\n"
+
+#: lib/gnutls_errors.c:53
+msgid "Success."
+msgstr "Thành công."
+
+#: lib/gnutls_errors.c:54
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Không thể thỏa thuận một bộ ứng dụng mật mã được hỗ trợ."
+
+#: lib/gnutls_errors.c:56
+msgid "The cipher type is unsupported."
+msgstr "Không hỗ trợ kiểu mật mã."
+
+#: lib/gnutls_errors.c:58
+msgid "The certificate and the given key do not match."
+msgstr "Dãy chứng nhận và khoá đã cho không tương ứng với nhau."
+
+#: lib/gnutls_errors.c:60
+msgid "Could not negotiate a supported compression method."
+msgstr "Không thể thỏa thuận một phương pháp nén được hỗ trợ."
+
+#: lib/gnutls_errors.c:62
+msgid "An unknown public key algorithm was encountered."
+msgstr "Gặp một thuật toán khoá công không rõ."
+
+#: lib/gnutls_errors.c:65
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "Đã thỏa thuận một thuật toán chưa được hiệu lực."
+
+#: lib/gnutls_errors.c:67
+msgid "A large TLS record packet was received."
+msgstr "Nhận được một gói tin mục ghi TLS lớn."
+
+#: lib/gnutls_errors.c:69
+msgid "A record packet with illegal version was received."
+msgstr "Nhận được một gói tin mục ghi có phiên bản cấm."
+
+#: lib/gnutls_errors.c:71
+msgid "The Diffie Hellman prime sent by the server is not acceptable (not long enough)."
+msgstr "Máy phục vụ đã gửi một nguyên tố Diffie Hellman không thích hợp (quá ngắn)."
+
+#: lib/gnutls_errors.c:73
+msgid "A TLS packet with unexpected length was received."
+msgstr "Nhận được một gói tin TLS lớn có chiều dài bất thường."
+
+#: lib/gnutls_errors.c:75
+msgid "The specified session has been invalidated for some reason."
+msgstr "Phiên chạy đã ghi rõ cũng bị tắt vì lý do nào."
+
+#: lib/gnutls_errors.c:78
+msgid "GnuTLS internal error."
+msgstr "Lỗi nội bộ GnuTLS."
+
+#: lib/gnutls_errors.c:79
+msgid "An illegal TLS extension was received."
+msgstr "Nhận được một phần mở rộng TLS cấm."
+
+#: lib/gnutls_errors.c:81
+msgid "A TLS fatal alert has been received."
+msgstr "Nhận được một cảnh giác nghiêm trọng TLS cấm."
+
+#: lib/gnutls_errors.c:83
+msgid "An unexpected TLS packet was received."
+msgstr "Nhận được một gói tin TLS bất thường."
+
+#: lib/gnutls_errors.c:85
+msgid "A TLS warning alert has been received."
+msgstr "Nhận được một cảnh giác báo trước TLS cấm."
+
+#: lib/gnutls_errors.c:87
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "Gặp lỗi trong phép tính gói tin đã kết thúc TLS."
+
+#: lib/gnutls_errors.c:89
+msgid "The peer did not send any certificate."
+msgstr "Đồng đẳng chưa gửi chứng nhận."
+
+#: lib/gnutls_errors.c:92
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "Đã có một thuật toán mã hoá có mức ưu tiên thấp hơn."
+
+#: lib/gnutls_errors.c:95
+msgid "No temporary RSA parameters were found."
+msgstr "Không tìm thấy tham số RSA tạm thời."
+
+#: lib/gnutls_errors.c:97
+msgid "No temporary DH parameters were found."
+msgstr "Không tìm thấy tham số DH tạm thời."
+
+#: lib/gnutls_errors.c:99
+msgid "An unexpected TLS handshake packet was received."
+msgstr "Nhận được một gói tin thiết lập quan hệ TLS bất thường."
+
+#: lib/gnutls_errors.c:101
+msgid "The scanning of a large integer has failed."
+msgstr "Lỗi quét một số nguyên lớn."
+
+#: lib/gnutls_errors.c:103
+msgid "Could not export a large integer."
+msgstr "Không thể xuất một số nguyên lớn."
+
+#: lib/gnutls_errors.c:105
+msgid "Decryption has failed."
+msgstr "Lỗi giải mã."
+
+#: lib/gnutls_errors.c:106
+msgid "Encryption has failed."
+msgstr "Lỗi mã hoá."
+
+#: lib/gnutls_errors.c:107
+msgid "Public key decryption has failed."
+msgstr "Lỗi giải mã khoá công."
+
+#: lib/gnutls_errors.c:109
+msgid "Public key encryption has failed."
+msgstr "Lỗi mã hoá khoá công."
+
+#: lib/gnutls_errors.c:111
+msgid "Public key signing has failed."
+msgstr "Lỗi ký khoá công."
+
+#: lib/gnutls_errors.c:113
+msgid "Public key signature verification has failed."
+msgstr "Lỗi thẩm tra chữ ký khoá công."
+
+#: lib/gnutls_errors.c:115
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Lỗi giải nén gói tin mục ghi TLS."
+
+#: lib/gnutls_errors.c:117
+msgid "Compression of the TLS record packet has failed."
+msgstr "Lỗi nén gói tin mục ghi TLS."
+
+#: lib/gnutls_errors.c:120
+msgid "Internal error in memory allocation."
+msgstr "Gặp lỗi nội bộ trong khi cấp phát bộ nhớ."
+
+#: lib/gnutls_errors.c:122
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "Đã yêu cầu một tính năng bị tắt hoặc chưa được thực hiện."
+
+#: lib/gnutls_errors.c:124
+msgid "Insufficient credentials for that request."
+msgstr "Không đủ thông tin xác thực cho yêu cầu đó."
+
+#: lib/gnutls_errors.c:126
+msgid "Error in password file."
+msgstr "Gặp lỗi trong tập tin mật khẩu."
+
+#: lib/gnutls_errors.c:127
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Sai đệm gói tin PKCS1."
+
+#: lib/gnutls_errors.c:129
+msgid "The requested session has expired."
+msgstr "Đã yêu cầu một hiên chạy đã hết hạn."
+
+#: lib/gnutls_errors.c:130
+msgid "Hashing has failed."
+msgstr "Lỗi chuyển đổi chuỗi sang một mẫu duy nhất."
+
+#: lib/gnutls_errors.c:131
+msgid "Base64 decoding error."
+msgstr "Lỗi giải mã Base64."
+
+#: lib/gnutls_errors.c:133
+msgid "Base64 unexpected header error."
+msgstr "Lỗi phần đầu bất thường Base64."
+
+#: lib/gnutls_errors.c:135
+msgid "Base64 encoding error."
+msgstr "Lỗi mã hoá Base64."
+
+#: lib/gnutls_errors.c:137
+msgid "Parsing error in password file."
+msgstr "Lỗi phân tích ngữ pháp trong tập tin mật khẩu."
+
+#: lib/gnutls_errors.c:139
+msgid "The requested data were not available."
+msgstr "Đã yêu cầu dữ liệu không sẵn sàng."
+
+#: lib/gnutls_errors.c:141
+msgid "Error in the pull function."
+msgstr "Gặp lỗi trong hàm pull."
+
+#: lib/gnutls_errors.c:142
+msgid "Error in the push function."
+msgstr "Gặp lỗi trong hàm push."
+
+#: lib/gnutls_errors.c:143
+msgid "The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr "Mới tới giới hạn trên của số thứ tự gói tin mục ghi."
+
+#: lib/gnutls_errors.c:145
+msgid "Error in the certificate."
+msgstr "Gặp lỗi trong chứng nhận."
+
+#: lib/gnutls_errors.c:147
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Gặp tên Người dân Xen kẽ không rõ trong chứng nhận X.509."
+
+#: lib/gnutls_errors.c:150
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Gặp phần mở rộng nghiêm trọng không được hỗ trợ trong chứng nhận X.509."
+
+#: lib/gnutls_errors.c:152
+msgid "Key usage violation in certificate has been detected."
+msgstr "Đã phát hiện sự vi phạm cách sử dụng khoá trong chứng nhận."
+
+#: lib/gnutls_errors.c:154 lib/gnutls_errors.c:155
+msgid "Function was interrupted."
+msgstr "Hàm đã bị gián đoạn."
+
+#: lib/gnutls_errors.c:156
+msgid "Rehandshake was requested by the peer."
+msgstr "Đồng đẳng đã yêu cầu thiết lập lại quan hệ."
+
+#: lib/gnutls_errors.c:158
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr "Nhận được dữ liệu Ứng dụng TLS, còn đợi dữ liệu thiết lập quan hệ."
+
+#: lib/gnutls_errors.c:160
+msgid "Error in Database backend."
+msgstr "Gặp lỗi trong hậu phương cơ sở dữ liệu."
+
+#: lib/gnutls_errors.c:161
+msgid "The certificate type is not supported."
+msgstr "Kiểu chứng nhận không được hỗ trợ."
+
+#: lib/gnutls_errors.c:163
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "Đã đưa ra một vùng đệm bộ nhớ quá ngắn để chứa các tham số."
+
+#: lib/gnutls_errors.c:165
+msgid "The request is invalid."
+msgstr "Yêu cầu không hợp lệ."
+
+#: lib/gnutls_errors.c:166
+msgid "An illegal parameter has been received."
+msgstr "Nhận được một tham số cấm."
+
+#: lib/gnutls_errors.c:168
+msgid "Error while reading file."
+msgstr "Gặp lỗi khi đọc tập tin."
+
+#: lib/gnutls_errors.c:170
+msgid "ASN1 parser: Element was not found."
+msgstr "Bộ phân tích ASN1: không tìm thấy phần tử."
+
+#: lib/gnutls_errors.c:172
+msgid "ASN1 parser: Identifier was not found"
+msgstr "Bộ phân tích ASN1: không tìm thấy đồ nhận diện."
+
+#: lib/gnutls_errors.c:174
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "Bộ phân tích ASN1: gặp lỗi trong sự phân tích ngữ cảnh DER."
+
+#: lib/gnutls_errors.c:176
+msgid "ASN1 parser: Value was not found."
+msgstr "Bộ phân tích ASN1: không tìm thấy giá trị."
+
+#: lib/gnutls_errors.c:178
+msgid "ASN1 parser: Generic parsing error."
+msgstr "Bộ phân tích ASN1: lỗi phân tích ngữ cảnh chung."
+
+#: lib/gnutls_errors.c:180
+msgid "ASN1 parser: Value is not valid."
+msgstr "Bộ phân tích ASN1: giá trị không hợp lệ."
+
+#: lib/gnutls_errors.c:182
+msgid "ASN1 parser: Error in TAG."
+msgstr "Bộ phân tích ASN1: gặp lỗi trong TAG (thẻ)."
+
+#: lib/gnutls_errors.c:183
+msgid "ASN1 parser: error in implicit tag"
+msgstr "Bộ phân tích ASN1: gặp lỗi trong thẻ dứt khoát."
+
+#: lib/gnutls_errors.c:185
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "Bộ phân tích ASN1: gặp lỗi trong kiểu « ANY » (bất kỳ)."
+
+#: lib/gnutls_errors.c:187
+msgid "ASN1 parser: Syntax error."
+msgstr "Bộ phân tích ASN1: lỗi cú pháp."
+
+#: lib/gnutls_errors.c:189
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "Bộ phân tích ASN1: tràn sự phân tích ngữ cảnh DER."
+
+#: lib/gnutls_errors.c:192
+msgid "Too many empty record packets have been received."
+msgstr "Nhận được quá nhiều gói tin mục ghi rỗng."
+
+#: lib/gnutls_errors.c:194
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "Lỗi sơ khởi GnuTLS-extra."
+
+#: lib/gnutls_errors.c:196
+msgid "The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr "Phiên bản thư viện GnuTLS không tương ứng với phiên bản thư viện GnuTLS-extra."
+
+#: lib/gnutls_errors.c:198
+msgid "The gcrypt library version is too old."
+msgstr "Phiên bản thư viện gcrypt là quá cũ."
+
+#: lib/gnutls_errors.c:201
+msgid "The tasn1 library version is too old."
+msgstr "Phiên bản thư viện tasn1 là quá cũ."
+
+#: lib/gnutls_errors.c:203
+msgid "The OpenPGP User ID is revoked."
+msgstr "Mã số người dùng OpenPGP bị thu hồi."
+
+#: lib/gnutls_errors.c:205
+msgid "Error loading the keyring."
+msgstr "Gặp lỗi khi nạp vòng khoá."
+
+#: lib/gnutls_errors.c:207
+msgid "The initialization of LZO has failed."
+msgstr "Lỗi sơ khởi LZO."
+
+#: lib/gnutls_errors.c:209
+msgid "No supported compression algorithms have been found."
+msgstr "Không tìm thấy thuật toán nén được hỗ trợ."
+
+#: lib/gnutls_errors.c:211
+msgid "No supported cipher suites have been found."
+msgstr "Không tìm thấy bộ ứng dụng mật mã được hỗ trợ."
+
+#: lib/gnutls_errors.c:213
+msgid "Could not get OpenPGP key."
+msgstr "Không thể lấy khoá OpenPGP."
+
+#: lib/gnutls_errors.c:215
+msgid "Could not find OpenPGP subkey."
+msgstr "Không tìm thấy khoá phụ OpenPGP."
+
+#: lib/gnutls_errors.c:218
+msgid "The SRP username supplied is illegal."
+msgstr "Đã cung cấp một tên người dùng SRP cấm."
+
+#: lib/gnutls_errors.c:221
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "Dấu tay OpenPGP không phải được hỗ trợ."
+
+#: lib/gnutls_errors.c:223
+msgid "The certificate has unsupported attributes."
+msgstr "Chứng nhận có thuộc tính không được hỗ trợ."
+
+#: lib/gnutls_errors.c:225
+msgid "The OID is not supported."
+msgstr "IOD không được hỗ trợ."
+
+#: lib/gnutls_errors.c:227
+msgid "The hash algorithm is unknown."
+msgstr "Không rõ thuật toán chuyển đổi chuỗi sang mẫu duy nhất."
+
+#: lib/gnutls_errors.c:229
+msgid "The PKCS structure's content type is unknown."
+msgstr "Không rõ kiểu nội dung của cấu trúc PKCS."
+
+#: lib/gnutls_errors.c:231
+msgid "The PKCS structure's bag type is unknown."
+msgstr "Không rõ kiểu bao của cấu trúc PKC"
+
+#: lib/gnutls_errors.c:233
+msgid "The given password contains invalid characters."
+msgstr "Đã đưa ra một mật khẩu chứa ký tự không hợp lệ."
+
+#: lib/gnutls_errors.c:235
+msgid "The Message Authentication Code verification failed."
+msgstr "Lỗi thẩm tra Mã Xác Thực Thông Điệp."
+
+#: lib/gnutls_errors.c:237
+msgid "Some constraint limits were reached."
+msgstr "Đã tới một số giới hạn ràng buộc."
+
+#: lib/gnutls_errors.c:239
+msgid "Failed to acquire random data."
+msgstr "Lỗi lấy dữ liệu ngẫu nhiên. "
+
+#: lib/gnutls_errors.c:242
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Nhận được một thông điệp Giải đoạn Trung gian đã Kết thúc TLS/IA."
+
+#: lib/gnutls_errors.c:244
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Nhận được một thông điệp Giải đoạn Cuối cùng đã Kết thúc TLS/IA."
+
+#: lib/gnutls_errors.c:246
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Lỗi thẩm tra tổng kiểm của giải đoạn TLS/IA."
+
+#: lib/gnutls_errors.c:249
+msgid "The specified algorithm or protocol is unknown."
+msgstr "Không rõ thuật toán hoặc giao thức đã ghi rõ."
+
+#: lib/gnutls_errors.c:252
+msgid "The handshake data size is too large (DoS?), check gnutls_handshake_set_max_packet_length()."
+msgstr "Dữ liệu thiết lập quan hệ có kích cỡ quá lớn (DoS?), hãy kiểm tra lại gnutls_handshake_set_max_packet_length()."
+
+#: lib/x509/output.c:113 lib/x509/output.c:384
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tRàng buộc chiều dài đường dẫn: %d\n"
+
+#: lib/x509/output.c:114
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tNgôn ngữ chính sách: %s"
+
+#: lib/x509/output.c:123
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tChính sách:\n"
+"\t\t\t\tASCII: "
+
+#: lib/x509/output.c:125
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tĐổ thập lục: "
+
+#: lib/x509/output.c:217
+msgid "\t\t\tDigital signature.\n"
+msgstr "\t\t\tChữ ký dạng số.\n"
+
+#: lib/x509/output.c:219
+msgid "\t\t\tNon repudiation.\n"
+msgstr "\t\t\tKhông từ chối.\n"
+
+#: lib/x509/output.c:221
+msgid "\t\t\tKey encipherment.\n"
+msgstr "\t\t\tMã hoá khoá.\n"
+
+#: lib/x509/output.c:223
+msgid "\t\t\tData encipherment.\n"
+msgstr "\t\t\tMã hoá dữ liệu.\n"
+
+#: lib/x509/output.c:225
+msgid "\t\t\tKey agreement.\n"
+msgstr "\t\t\tChấp thuận khoá.\n"
+
+#: lib/x509/output.c:227
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tKý chứng nhận.\n"
+
+#: lib/x509/output.c:229
+msgid "\t\t\tCRL signing.\n"
+msgstr "\t\t\tKý CRL.\n"
+
+#: lib/x509/output.c:231
+msgid "\t\t\tKey encipher only.\n"
+msgstr "\t\t\tChỉ mã hoá khoá.\n"
+
+#: lib/x509/output.c:233
+msgid "\t\t\tKey decipher only.\n"
+msgstr "\t\t\tChỉ giải mã khoá.\n"
+
+#: lib/x509/output.c:345
+msgid "\t\t\tTLS WWW Server.\n"
+msgstr "\t\t\tMáy phục vụ WWW TLS.\n"
+
+#: lib/x509/output.c:347
+msgid "\t\t\tTLS WWW Client.\n"
+msgstr "\t\t\tỨng dụng khách WWW TLS.\n"
+
+#: lib/x509/output.c:349
+msgid "\t\t\tCode signing.\n"
+msgstr "\t\t\tKý mã.\n"
+
+#: lib/x509/output.c:351
+msgid "\t\t\tEmail protection.\n"
+msgstr "\t\t\tBảo vệ thư điện tử.\n"
+
+#: lib/x509/output.c:353
+msgid "\t\t\tTime stamping.\n"
+msgstr "\t\t\tGhi thời gian.\n"
+
+#: lib/x509/output.c:355
+msgid "\t\t\tOCSP signing.\n"
+msgstr "\t\t\tKý OCSP.\n"
+
+#: lib/x509/output.c:357
+msgid "\t\t\tAny purpose.\n"
+msgstr "\t\t\tBất cứ mục đích nào.\n"
+
+#: lib/x509/output.c:379
+msgid "\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "\t\t\tNhà cầm quyền chứng nhận (CA): SAI\n"
+
+#: lib/x509/output.c:381
+msgid "\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "\t\t\tNhà cầm quyền chứng nhận (CA): ĐÚNG\n"
+
+#: lib/x509/output.c:484
+#, c-format
+msgid "\t\t\tXMPP Address: %.*s\n"
+msgstr "\t\t\tĐịa chỉ XMPP: %.*s\n"
+
+#: lib/x509/output.c:487
+#, c-format
+msgid "\t\t\totherName OID: %.*s\n"
+msgstr "\t\t\tOID tên khác: %.*s\n"
+
+#: lib/x509/output.c:488
+msgid "\t\t\totherName DER: "
+msgstr "\t\t\tDER tên khác: "
+
+#: lib/x509/output.c:490
+msgid ""
+"\n"
+"\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"\t\t\tASCII tên khác: "
+
+#: lib/x509/output.c:516 lib/x509/output.c:1181
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tPhiên bản %d\n"
+
+#: lib/x509/output.c:530
+msgid "\tSerial Number (hex): "
+msgstr "\tSố sản xuất (thập lục): "
+
+#: lib/x509/output.c:547 lib/x509/output.c:1195
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tNhà cấp: %s\n"
+
+#: lib/x509/output.c:554
+msgid "\tValidity:\n"
+msgstr "\tHợp lệ:\n"
+
+#: lib/x509/output.c:567
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tKhông phải trước: %s\n"
+
+#: lib/x509/output.c:581
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tKhông phải sau : %s\n"
+
+#: lib/x509/output.c:595
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tNgười dân: %s\n"
+
+#: lib/x509/output.c:612
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tThuật toán khoá công người dân: %s\n"
+
+#: lib/x509/output.c:625
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tGiá trị tuyệt đối (%d bit):\n"
+
+#: lib/x509/output.c:627
+msgid "\t\tExponent:\n"
+msgstr "\t\tMũ :\n"
+
+#: lib/x509/output.c:646
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tKhoá công (%d bit):\n"
+
+#: lib/x509/output.c:648
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: lib/x509/output.c:650
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: lib/x509/output.c:652
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: lib/x509/output.c:697
+msgid "\tExtensions:\n"
+msgstr "\tPhần mở rộng:\n"
+
+#: lib/x509/output.c:707
+#, c-format
+msgid "\t\tBasic Constraints (%s):\n"
+msgstr "\t\tRàng buộc cơ bản (%s):\n"
+
+#: lib/x509/output.c:708 lib/x509/output.c:723 lib/x509/output.c:738
+#: lib/x509/output.c:753 lib/x509/output.c:768 lib/x509/output.c:783
+#: lib/x509/output.c:798 lib/x509/output.c:813 lib/x509/output.c:825
+msgid "critical"
+msgstr "tới hạn"
+
+#: lib/x509/output.c:708 lib/x509/output.c:723 lib/x509/output.c:738
+#: lib/x509/output.c:753 lib/x509/output.c:768 lib/x509/output.c:783
+#: lib/x509/output.c:798 lib/x509/output.c:813 lib/x509/output.c:825
+msgid "not critical"
+msgstr "không tới hạn"
+
+#: lib/x509/output.c:722
+#, c-format
+msgid "\t\tSubject Key Identifier (%s):\n"
+msgstr "\tĐồ nhận diện khoá người dân (%s):\n"
+
+#: lib/x509/output.c:737
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tĐồ nhận diện khoá nhà cầm quyền (%s):\n"
+
+#: lib/x509/output.c:752
+#, c-format
+msgid "\t\tKey Usage (%s):\n"
+msgstr "\t\tSử dụng khoá (%s):\n"
+
+#: lib/x509/output.c:767
+#, c-format
+msgid "\t\tKey Purpose (%s):\n"
+msgstr "\t\tMục đích khoá (%s):\n"
+
+#: lib/x509/output.c:782
+#, c-format
+msgid "\t\tSubject Alternative Name (%s):\n"
+msgstr "\t\tTên xen kẽ người dân (%s):\n"
+
+#: lib/x509/output.c:797
+#, c-format
+msgid "\t\tCRL Distribution points (%s):\n"
+msgstr "\t\tĐiểm phân phối CRL (%s):\n"
+
+#: lib/x509/output.c:812
+#, c-format
+msgid "\t\tProxy Certificate Information (%s):\n"
+msgstr "\t\tThông tin chứng nhận ủy nhiệm (%s):\n"
+
+#: lib/x509/output.c:824
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tPhần mở rộng lạ %s (%s):\n"
+
+#: lib/x509/output.c:853
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: lib/x509/output.c:857
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tĐổ thập lục: "
+
+#: lib/x509/output.c:882 lib/x509/output.c:1292
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tThuật toán chữ ký: %s\n"
+
+#: lib/x509/output.c:886 lib/x509/output.c:1296
+msgid "warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr "cảnh báo : đã ký dùng một thuật toán chữ ký bị hỏng có thể bị giả mạo.\n"
+
+#: lib/x509/output.c:911 lib/x509/output.c:1321
+msgid "\tSignature:\n"
+msgstr "\tChữ ký:\n"
+
+#: lib/x509/output.c:934
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tDấu tay MD5:\n"
+"\t\t"
+
+#: lib/x509/output.c:936
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tDấu tay SHA1:\n"
+"\t\t"
+
+#: lib/x509/output.c:970
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tMã số khoá công:\n"
+"\t\t"
+
+#: lib/x509/output.c:1137
+msgid "X.509 Certificate Information:\n"
+msgstr "Thông tin chứng nhận X.509:\n"
+
+#: lib/x509/output.c:1141
+msgid "Other Information:\n"
+msgstr "Thông tin khác:\n"
+
+#: lib/x509/output.c:1177
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tPhiên bản: 1 (mặc định)\n"
+
+#: lib/x509/output.c:1202
+msgid "\tUpdate dates:\n"
+msgstr "\tNgày cập nhật:\n"
+
+#: lib/x509/output.c:1215
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tCấp: %s\n"
+
+#: lib/x509/output.c:1231
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tLần sau vào : %s\n"
+
+#: lib/x509/output.c:1241
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tChứng nhận bị thu hồi (%d):\n"
+
+#: lib/x509/output.c:1243
+msgid "\tNo revoked certificates.\n"
+msgstr "\tKhông có chứng nhận bị thu hồi.\n"
+
+#: lib/x509/output.c:1262
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tSố sản xuất (thập lục): "
+
+#: lib/x509/output.c:1271
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tThu hồi vào : %s\n"
+
+#: lib/x509/output.c:1352
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "Danh sách Thu hồi Chứng nhận X.509:\n"
View Lorry Controller Status