summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2003-04-16 18:42:31 +0000
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2003-04-16 18:42:31 +0000
commit8bbf1227eb34f774f0fe1778f7ad917cc0a692db (patch)
treeb767b55e39997f106ab78cb2565cd3e5a0b39264 /lib
parentf0eb96e3762d825c9e0d30e6d93601c75fe1dab4 (diff)
downloadgnutls-8bbf1227eb34f774f0fe1778f7ad917cc0a692db.tar.gz
*** empty log message ***
Diffstat (limited to 'lib')
-rw-r--r--lib/pkix.asn84
-rw-r--r--lib/x509/Makefile.am4
-rw-r--r--lib/x509/common.h1
-rw-r--r--lib/x509/pkcs7.c4
-rw-r--r--lib/x509/privkey_pkcs8.c20
5 files changed, 57 insertions, 56 deletions
diff --git a/lib/pkix.asn b/lib/pkix.asn
index 044b028d4b..c74bd4702c 100644
--- a/lib/pkix.asn
+++ b/lib/pkix.asn
@@ -1026,26 +1026,26 @@ Pkcs9challengePassword ::= CHOICE {
-- Private-key information syntax
-PrivateKeyInfo ::= SEQUENCE {
- version Version,
+pkcs-8-PrivateKeyInfo ::= SEQUENCE {
+ version pkcs-8-Version,
privateKeyAlgorithm AlgorithmIdentifier,
- privateKey PrivateKey,
+ privateKey pkcs-8-PrivateKey,
attributes [0] Attributes OPTIONAL }
-Version ::= INTEGER {v1(0)}
+pkcs-8-Version ::= INTEGER {v1(0)}
-PrivateKey ::= OCTET STRING
+pkcs-8-PrivateKey ::= OCTET STRING
-Attributes ::= SET OF Attribute
+pkcs-8-Attributes ::= SET OF Attribute
-- Encrypted private-key information syntax
-EncryptedPrivateKeyInfo ::= SEQUENCE {
+pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE {
encryptionAlgorithm AlgorithmIdentifier,
- encryptedData EncryptedData
+ encryptedData pkcs-8-EncryptedData
}
-EncryptedData ::= OCTET STRING
+pkcs-8-EncryptedData ::= OCTET STRING
-- PKCS #5 stuff
@@ -1088,13 +1088,13 @@ pkcs-5-PBKDF2-params ::= SEQUENCE {
pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12}
-PFX ::= SEQUENCE {
+pkcs-12-PFX ::= SEQUENCE {
version INTEGER {v3(3)},
authSafe ContentInfo,
- macData MacData OPTIONAL
+ macData pkcs-12-MacData OPTIONAL
}
-MacData ::= ANY
+pkcs-12-MacData ::= ANY
-- we don't use it
-- SEQUENCE {
-- mac ANY, --DigestInfo,
@@ -1104,53 +1104,53 @@ MacData ::= ANY
-- deprecated. A higher value, like 1024 is recommended.
--}
-AuthenticatedSafe ::= SEQUENCE OF ContentInfo
+pkcs-12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo
-- Data if unencrypted
-- EncryptedData if password-encrypted
-- EnvelopedData if public key-encrypted
-SafeContents ::= SEQUENCE OF SafeBag
+pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
-- To replace TYPE-IDENTIFIER
-BAG-TYPE ::= SEQUENCE {
+pkcs-12-BAG-TYPE ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
-SafeBag ::= SEQUENCE {
- bagId BAG-TYPE,
+pkcs-12-SafeBag ::= SEQUENCE {
+ bagId pkcs-12-BAG-TYPE,
bagValue [0] EXPLICIT ANY DEFINED BY badId,
- bagAttributes SET OF PKCS12Attribute OPTIONAL
+ bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL
}
-- Bag types
-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
+pkcs-12-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
-keyBag OBJECT IDENTIFIER ::= {bagtypes 1}
-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {bagtypes 2}
-certBag OBJECT IDENTIFIER ::= {bagtypes 3}
-crlBag OBJECT IDENTIFIER ::= {bagtypes 4}
+pkcs-12-keyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 1}
+pkcs-12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 2}
+pkcs-12-certBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 3}
+pkcs-12-crlBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 4}
-KeyBag ::= PrivateKeyInfo
+pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo
-- Shrouded KeyBag
-PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
+pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo
-- CertBag
-CertBag ::= SEQUENCE {
- certId BAG-TYPE,
+pkcs-12-CertBag ::= SEQUENCE {
+ certId pkcs-12-BAG-TYPE,
certValue [0] EXPLICIT ANY DEFINED BY certId
}
-- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}}
-- DER-encoded X.509 certificate stored in OCTET STRING
-CRLBag ::= SEQUENCE {
- crlId BAG-TYPE,
+pkcs-12-CRLBag ::= SEQUENCE {
+ crlId pkcs-12-BAG-TYPE,
crlValue [0] EXPLICIT ANY DEFINED BY crlId
}
@@ -1158,32 +1158,32 @@ CRLBag ::= SEQUENCE {
-- {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}}
-- DER-encoded X.509 CRL stored in OCTET STRING
-PKCS12Attribute ::= ANY
+pkcs-12-PKCS12Attribute ::= ANY
-- PKCS #7 stuff (needed in PKCS 12)
-id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+pkcs-7-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
-id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+pkcs-7-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
-Data ::= OCTET STRING
+pkcs-7-Data ::= OCTET STRING
-EncryptedData ::= SEQUENCE {
+pkcs-7-EncryptedData ::= SEQUENCE {
version CMSVersion,
- encryptedContentInfo EncryptedContentInfo,
- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
+ encryptedContentInfo pkcs-7-EncryptedContentInfo,
+ unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
-EncryptedContentInfo ::= SEQUENCE {
+pkcs-7-EncryptedContentInfo ::= SEQUENCE {
contentType ContentType,
- contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
- encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
+ contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
+ encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL }
-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-EncryptedContent ::= OCTET STRING
+pkcs-7-EncryptedContent ::= OCTET STRING
-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
+pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
END
diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am
index e823c8d068..2867cd0533 100644
--- a/lib/x509/Makefile.am
+++ b/lib/x509/Makefile.am
@@ -1,14 +1,14 @@
INCLUDES = -I../ -I../minitasn1/ -I../../includes/
EXTRA_DIST = dn.h common.h x509.h extensions.h pkcs7.h \
x509-api.tex compat.h verify.h mpi.h crq.h sign.h pkcs5.h \
- privkey.h
+ privkey.h pkcs12.h
noinst_LTLIBRARIES = libx509.la
#lib_LTLIBRARIES = libgnutls-x509.la
COBJECTS = crl.c dn.c common.c x509.c extensions.c \
rfc2818_hostname.c verify.c mpi.c privkey.c pkcs7.c \
- crq.c xml.c sign.c pkcs5.c privkey_pkcs8.c
+ crq.c xml.c sign.c pkcs5.c privkey_pkcs8.c pkcs12.c
COMPAT_OBJECTS = compat.c
diff --git a/lib/x509/common.h b/lib/x509/common.h
index cd4154f244..07e2edc1c1 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -8,6 +8,7 @@ void _gnutls_int2str(unsigned int k, char *data);
#define PEM_X509_CERT "X509 CERTIFICATE"
#define PEM_X509_CERT2 "CERTIFICATE"
#define PEM_PKCS7 "PKCS7"
+#define PEM_PKCS12 "PKCS12"
#define PKIX1_RSA_OID "1.2.840.113549.1.1.1"
#define DSA_OID "1.2.840.10040.4.1"
diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
index 3e5e230096..78f0ad6751 100644
--- a/lib/x509/pkcs7.c
+++ b/lib/x509/pkcs7.c
@@ -59,7 +59,7 @@ int tmp_size, len, result;
if ( strcmp( oid, SIGNED_DATA_OID) != 0) {
gnutls_assert();
_gnutls_x509_log( "Unknown PKCS7 Content OID '%s'\n", oid);
- return GNUTLS_E_UNKNOWN_PKCS7_CONTENT_TYPE;
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
}
if ((result=asn1_create_element
@@ -371,7 +371,7 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7)
* GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
*
* If the structure is PEM encoded, it will have a header
- * of "BEGIN CERTIFICATE".
+ * of "BEGIN PKCS7".
*
* In case of failure a negative value will be returned, and
* 0 on success.
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index 0be9bdff6c..9fc1809c7b 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -65,7 +65,7 @@ static int read_pbkdf2_params( ASN1_TYPE pbes2_asn, const gnutls_datum* der,
struct pbkdf2_params* params);
static int read_pbe_enc_params( ASN1_TYPE pbes2_asn, const gnutls_datum* der,
struct pbe_enc_params* params);
-static int decrypt_data( ASN1_TYPE pkcs8_asn, char* password,
+static int decrypt_data( ASN1_TYPE pkcs8_asn, const char* password,
const struct pbkdf2_params* kdf_params, const struct pbe_enc_params *enc_params,
gnutls_datum* decrypted_data);
static ASN1_TYPE decode_private_key_info( const gnutls_datum* der, gnutls_x509_privkey pkey);
@@ -98,7 +98,7 @@ static int encode_to_private_key_info( gnutls_x509_privkey pkey, gnutls_datum* d
if ((result =
asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.PrivateKeyInfo", pkey_info
+ "PKIX1.pkcs-8-PrivateKeyInfo", pkey_info
)) != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
@@ -212,7 +212,7 @@ static int encode_to_private_key_info( gnutls_x509_privkey pkey, gnutls_datum* d
* a PKCS #8 EncryptedPrivateKeyInfo.
*/
static ASN1_TYPE encode_to_pkcs8_key( const gnutls_datum *raw_key,
- char* password, unsigned int flags)
+ const char* password, unsigned int flags)
{
int result;
gnutls_datum key = {NULL, 0};
@@ -224,7 +224,7 @@ static ASN1_TYPE encode_to_pkcs8_key( const gnutls_datum *raw_key,
if ((result =
asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.EncryptedPrivateKeyInfo", &pkcs8_asn
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", &pkcs8_asn
)) != ASN1_SUCCESS) {
gnutls_assert();
goto error;
@@ -306,7 +306,7 @@ static ASN1_TYPE encode_to_pkcs8_key( const gnutls_datum *raw_key,
*
**/
int gnutls_x509_privkey_export_pkcs8( gnutls_x509_privkey key,
- gnutls_x509_crt_fmt format, char* password, unsigned int flags,
+ gnutls_x509_crt_fmt format, const char* password, unsigned int flags,
unsigned char* output_data, int* output_data_size)
{
ASN1_TYPE pkcs8_asn, pkey_info;
@@ -357,7 +357,7 @@ gnutls_datum tmp;
* (normally a PKCS #1 encoded RSA key)
*/
static ASN1_TYPE decode_pkcs8_key( const gnutls_datum *raw_key,
- char* password, gnutls_x509_privkey pkey)
+ const char* password, gnutls_x509_privkey pkey)
{
int result, len;
opaque enc_oid[64];
@@ -371,7 +371,7 @@ static ASN1_TYPE decode_pkcs8_key( const gnutls_datum *raw_key,
if ((result =
asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.EncryptedPrivateKeyInfo", &pkcs8_asn
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", &pkcs8_asn
)) != ASN1_SUCCESS) {
gnutls_assert();
goto error;
@@ -481,7 +481,7 @@ static ASN1_TYPE decode_private_key_info( const gnutls_datum* der, gnutls_x509_p
if ((result =
asn1_create_element(_gnutls_get_pkix(),
- "PKIX1.PrivateKeyInfo", &pkcs8_asn
+ "PKIX1.pkcs-8-PrivateKeyInfo", &pkcs8_asn
)) != ASN1_SUCCESS) {
gnutls_assert();
goto error;
@@ -575,7 +575,7 @@ static ASN1_TYPE decode_private_key_info( const gnutls_datum* der, gnutls_x509_p
*
**/
int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey key, const gnutls_datum * data,
- gnutls_x509_crt_fmt format, char * password, unsigned int flags)
+ gnutls_x509_crt_fmt format, const char * password, unsigned int flags)
{
int result = 0, need_free = 0;
gnutls_datum _data = { data->data, data->size };
@@ -803,7 +803,7 @@ char oid[64];
}
-static int decrypt_data( ASN1_TYPE pkcs8_asn, char* password,
+static int decrypt_data( ASN1_TYPE pkcs8_asn, const char* password,
const struct pbkdf2_params *kdf_params, const struct pbe_enc_params *enc_params,
gnutls_datum* decrypted_data)
{