diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-04-16 18:42:31 +0000 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-04-16 18:42:31 +0000 |
commit | 8bbf1227eb34f774f0fe1778f7ad917cc0a692db (patch) | |
tree | b767b55e39997f106ab78cb2565cd3e5a0b39264 /lib | |
parent | f0eb96e3762d825c9e0d30e6d93601c75fe1dab4 (diff) | |
download | gnutls-8bbf1227eb34f774f0fe1778f7ad917cc0a692db.tar.gz |
*** empty log message ***
Diffstat (limited to 'lib')
-rw-r--r-- | lib/pkix.asn | 84 | ||||
-rw-r--r-- | lib/x509/Makefile.am | 4 | ||||
-rw-r--r-- | lib/x509/common.h | 1 | ||||
-rw-r--r-- | lib/x509/pkcs7.c | 4 | ||||
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 20 |
5 files changed, 57 insertions, 56 deletions
diff --git a/lib/pkix.asn b/lib/pkix.asn index 044b028d4b..c74bd4702c 100644 --- a/lib/pkix.asn +++ b/lib/pkix.asn @@ -1026,26 +1026,26 @@ Pkcs9challengePassword ::= CHOICE { -- Private-key information syntax -PrivateKeyInfo ::= SEQUENCE { - version Version, +pkcs-8-PrivateKeyInfo ::= SEQUENCE { + version pkcs-8-Version, privateKeyAlgorithm AlgorithmIdentifier, - privateKey PrivateKey, + privateKey pkcs-8-PrivateKey, attributes [0] Attributes OPTIONAL } -Version ::= INTEGER {v1(0)} +pkcs-8-Version ::= INTEGER {v1(0)} -PrivateKey ::= OCTET STRING +pkcs-8-PrivateKey ::= OCTET STRING -Attributes ::= SET OF Attribute +pkcs-8-Attributes ::= SET OF Attribute -- Encrypted private-key information syntax -EncryptedPrivateKeyInfo ::= SEQUENCE { +pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE { encryptionAlgorithm AlgorithmIdentifier, - encryptedData EncryptedData + encryptedData pkcs-8-EncryptedData } -EncryptedData ::= OCTET STRING +pkcs-8-EncryptedData ::= OCTET STRING -- PKCS #5 stuff @@ -1088,13 +1088,13 @@ pkcs-5-PBKDF2-params ::= SEQUENCE { pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} -PFX ::= SEQUENCE { +pkcs-12-PFX ::= SEQUENCE { version INTEGER {v3(3)}, authSafe ContentInfo, - macData MacData OPTIONAL + macData pkcs-12-MacData OPTIONAL } -MacData ::= ANY +pkcs-12-MacData ::= ANY -- we don't use it -- SEQUENCE { -- mac ANY, --DigestInfo, @@ -1104,53 +1104,53 @@ MacData ::= ANY -- deprecated. A higher value, like 1024 is recommended. --} -AuthenticatedSafe ::= SEQUENCE OF ContentInfo +pkcs-12-AuthenticatedSafe ::= SEQUENCE OF ContentInfo -- Data if unencrypted -- EncryptedData if password-encrypted -- EnvelopedData if public key-encrypted -SafeContents ::= SEQUENCE OF SafeBag +pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag -- To replace TYPE-IDENTIFIER -BAG-TYPE ::= SEQUENCE { +pkcs-12-BAG-TYPE ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } -SafeBag ::= SEQUENCE { - bagId BAG-TYPE, +pkcs-12-SafeBag ::= SEQUENCE { + bagId pkcs-12-BAG-TYPE, bagValue [0] EXPLICIT ANY DEFINED BY badId, - bagAttributes SET OF PKCS12Attribute OPTIONAL + bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL } -- Bag types -bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} +pkcs-12-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} -keyBag OBJECT IDENTIFIER ::= {bagtypes 1} -pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {bagtypes 2} -certBag OBJECT IDENTIFIER ::= {bagtypes 3} -crlBag OBJECT IDENTIFIER ::= {bagtypes 4} +pkcs-12-keyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 1} +pkcs-12-pkcs8ShroudedKeyBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 2} +pkcs-12-certBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 3} +pkcs-12-crlBag OBJECT IDENTIFIER ::= {pkcs-12-bagtypes 4} -KeyBag ::= PrivateKeyInfo +pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo -- Shrouded KeyBag -PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo +pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo -- CertBag -CertBag ::= SEQUENCE { - certId BAG-TYPE, +pkcs-12-CertBag ::= SEQUENCE { + certId pkcs-12-BAG-TYPE, certValue [0] EXPLICIT ANY DEFINED BY certId } -- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}} -- DER-encoded X.509 certificate stored in OCTET STRING -CRLBag ::= SEQUENCE { - crlId BAG-TYPE, +pkcs-12-CRLBag ::= SEQUENCE { + crlId pkcs-12-BAG-TYPE, crlValue [0] EXPLICIT ANY DEFINED BY crlId } @@ -1158,32 +1158,32 @@ CRLBag ::= SEQUENCE { -- {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}} -- DER-encoded X.509 CRL stored in OCTET STRING -PKCS12Attribute ::= ANY +pkcs-12-PKCS12Attribute ::= ANY -- PKCS #7 stuff (needed in PKCS 12) -id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) +pkcs-7-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } -id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +pkcs-7-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } -Data ::= OCTET STRING +pkcs-7-Data ::= OCTET STRING -EncryptedData ::= SEQUENCE { +pkcs-7-EncryptedData ::= SEQUENCE { version CMSVersion, - encryptedContentInfo EncryptedContentInfo, - unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } + encryptedContentInfo pkcs-7-EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL } -EncryptedContentInfo ::= SEQUENCE { +pkcs-7-EncryptedContentInfo ::= SEQUENCE { contentType ContentType, - contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, - encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL } + contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier, + encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL } -ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier +pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier -EncryptedContent ::= OCTET STRING +pkcs-7-EncryptedContent ::= OCTET STRING -UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute +pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute END diff --git a/lib/x509/Makefile.am b/lib/x509/Makefile.am index e823c8d068..2867cd0533 100644 --- a/lib/x509/Makefile.am +++ b/lib/x509/Makefile.am @@ -1,14 +1,14 @@ INCLUDES = -I../ -I../minitasn1/ -I../../includes/ EXTRA_DIST = dn.h common.h x509.h extensions.h pkcs7.h \ x509-api.tex compat.h verify.h mpi.h crq.h sign.h pkcs5.h \ - privkey.h + privkey.h pkcs12.h noinst_LTLIBRARIES = libx509.la #lib_LTLIBRARIES = libgnutls-x509.la COBJECTS = crl.c dn.c common.c x509.c extensions.c \ rfc2818_hostname.c verify.c mpi.c privkey.c pkcs7.c \ - crq.c xml.c sign.c pkcs5.c privkey_pkcs8.c + crq.c xml.c sign.c pkcs5.c privkey_pkcs8.c pkcs12.c COMPAT_OBJECTS = compat.c diff --git a/lib/x509/common.h b/lib/x509/common.h index cd4154f244..07e2edc1c1 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -8,6 +8,7 @@ void _gnutls_int2str(unsigned int k, char *data); #define PEM_X509_CERT "X509 CERTIFICATE" #define PEM_X509_CERT2 "CERTIFICATE" #define PEM_PKCS7 "PKCS7" +#define PEM_PKCS12 "PKCS12" #define PKIX1_RSA_OID "1.2.840.113549.1.1.1" #define DSA_OID "1.2.840.10040.4.1" diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 3e5e230096..78f0ad6751 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -59,7 +59,7 @@ int tmp_size, len, result; if ( strcmp( oid, SIGNED_DATA_OID) != 0) { gnutls_assert(); _gnutls_x509_log( "Unknown PKCS7 Content OID '%s'\n", oid); - return GNUTLS_E_UNKNOWN_PKCS7_CONTENT_TYPE; + return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE; } if ((result=asn1_create_element @@ -371,7 +371,7 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7) * GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. * * If the structure is PEM encoded, it will have a header - * of "BEGIN CERTIFICATE". + * of "BEGIN PKCS7". * * In case of failure a negative value will be returned, and * 0 on success. diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index 0be9bdff6c..9fc1809c7b 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -65,7 +65,7 @@ static int read_pbkdf2_params( ASN1_TYPE pbes2_asn, const gnutls_datum* der, struct pbkdf2_params* params); static int read_pbe_enc_params( ASN1_TYPE pbes2_asn, const gnutls_datum* der, struct pbe_enc_params* params); -static int decrypt_data( ASN1_TYPE pkcs8_asn, char* password, +static int decrypt_data( ASN1_TYPE pkcs8_asn, const char* password, const struct pbkdf2_params* kdf_params, const struct pbe_enc_params *enc_params, gnutls_datum* decrypted_data); static ASN1_TYPE decode_private_key_info( const gnutls_datum* der, gnutls_x509_privkey pkey); @@ -98,7 +98,7 @@ static int encode_to_private_key_info( gnutls_x509_privkey pkey, gnutls_datum* d if ((result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.PrivateKeyInfo", pkey_info + "PKIX1.pkcs-8-PrivateKeyInfo", pkey_info )) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -212,7 +212,7 @@ static int encode_to_private_key_info( gnutls_x509_privkey pkey, gnutls_datum* d * a PKCS #8 EncryptedPrivateKeyInfo. */ static ASN1_TYPE encode_to_pkcs8_key( const gnutls_datum *raw_key, - char* password, unsigned int flags) + const char* password, unsigned int flags) { int result; gnutls_datum key = {NULL, 0}; @@ -224,7 +224,7 @@ static ASN1_TYPE encode_to_pkcs8_key( const gnutls_datum *raw_key, if ((result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.EncryptedPrivateKeyInfo", &pkcs8_asn + "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", &pkcs8_asn )) != ASN1_SUCCESS) { gnutls_assert(); goto error; @@ -306,7 +306,7 @@ static ASN1_TYPE encode_to_pkcs8_key( const gnutls_datum *raw_key, * **/ int gnutls_x509_privkey_export_pkcs8( gnutls_x509_privkey key, - gnutls_x509_crt_fmt format, char* password, unsigned int flags, + gnutls_x509_crt_fmt format, const char* password, unsigned int flags, unsigned char* output_data, int* output_data_size) { ASN1_TYPE pkcs8_asn, pkey_info; @@ -357,7 +357,7 @@ gnutls_datum tmp; * (normally a PKCS #1 encoded RSA key) */ static ASN1_TYPE decode_pkcs8_key( const gnutls_datum *raw_key, - char* password, gnutls_x509_privkey pkey) + const char* password, gnutls_x509_privkey pkey) { int result, len; opaque enc_oid[64]; @@ -371,7 +371,7 @@ static ASN1_TYPE decode_pkcs8_key( const gnutls_datum *raw_key, if ((result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.EncryptedPrivateKeyInfo", &pkcs8_asn + "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", &pkcs8_asn )) != ASN1_SUCCESS) { gnutls_assert(); goto error; @@ -481,7 +481,7 @@ static ASN1_TYPE decode_private_key_info( const gnutls_datum* der, gnutls_x509_p if ((result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.PrivateKeyInfo", &pkcs8_asn + "PKIX1.pkcs-8-PrivateKeyInfo", &pkcs8_asn )) != ASN1_SUCCESS) { gnutls_assert(); goto error; @@ -575,7 +575,7 @@ static ASN1_TYPE decode_private_key_info( const gnutls_datum* der, gnutls_x509_p * **/ int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey key, const gnutls_datum * data, - gnutls_x509_crt_fmt format, char * password, unsigned int flags) + gnutls_x509_crt_fmt format, const char * password, unsigned int flags) { int result = 0, need_free = 0; gnutls_datum _data = { data->data, data->size }; @@ -803,7 +803,7 @@ char oid[64]; } -static int decrypt_data( ASN1_TYPE pkcs8_asn, char* password, +static int decrypt_data( ASN1_TYPE pkcs8_asn, const char* password, const struct pbkdf2_params *kdf_params, const struct pbe_enc_params *enc_params, gnutls_datum* decrypted_data) { |