diff options
-rw-r--r-- | NEWS | 3 | ||||
-rw-r--r-- | doc/tex/srp.tex | 3 | ||||
-rw-r--r-- | includes/gnutls/extra.h | 32 | ||||
-rw-r--r-- | lib/gnutls_anon_cred.c | 18 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 10 | ||||
-rw-r--r-- | lib/gnutls_x509.c | 58 | ||||
-rw-r--r-- | lib/libgnutls.vers | 2 | ||||
-rw-r--r-- | lib/x509_b64.c | 6 | ||||
-rw-r--r-- | libextra/auth_srp.c | 16 | ||||
-rw-r--r-- | libextra/auth_srp_sb64.c | 6 | ||||
-rw-r--r-- | libextra/gnutls_openpgp.c | 12 | ||||
-rw-r--r-- | libextra/gnutls_srp.c | 63 | ||||
-rw-r--r-- | libextra/libgnutls-extra.vers | 2 | ||||
-rw-r--r-- | libextra/openpgp/gnutls_openpgp.h | 4 | ||||
-rw-r--r-- | libextra/openpgp/openpgp.c | 4 | ||||
-rw-r--r-- | libextra/openpgp/verify.c | 9 | ||||
-rw-r--r-- | src/common.c | 4 | ||||
-rw-r--r-- | src/crypt.c | 94 |
18 files changed, 170 insertions, 176 deletions
@@ -1,3 +1,6 @@ +Version 1.0.0 +- Exported the static SRP group parameters. + Version 0.9.99 (28/11/2003) - Some fixes in the gnutls.h header for the gnutls_server_name_set() and gnutls_server_name_get() prototypes. diff --git a/doc/tex/srp.tex b/doc/tex/srp.tex index af28f94a74..d25b41a30f 100644 --- a/doc/tex/srp.tex +++ b/doc/tex/srp.tex @@ -57,7 +57,8 @@ Some helper functions such as \item \printfunc{gnutls_srp_base64_decode}{gnutls\_srp\_base64\_decode} \end{itemize} are included in \gnutls{}, and may be used to generate, and maintain -SRP verifiers, and password files. A program to manipulate the required parameters +SRP verifiers, and password files. +A program to manipulate the required parameters for SRP authentication is also included. See section \ref{srpcrypt} on page \pageref{srpcrypt} for more information. diff --git a/includes/gnutls/extra.h b/includes/gnutls/extra.h index 30976eb441..47f5331870 100644 --- a/includes/gnutls/extra.h +++ b/includes/gnutls/extra.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002 Nikos Mavroyanopoulos + * Copyright (C) 2002,2003 Nikos Mavroyanopoulos * * GNUTLS-EXTRA is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -50,6 +50,18 @@ int gnutls_srp_verifier( char* username, char* password, const gnutls_datum *sal const gnutls_datum* g, const gnutls_datum* n, gnutls_datum * res); +/* The static parameters defined in draft-ietf-tls-srp-05 + * Those should be used as input to gnutls_srp_verifier(). + */ +extern const gnutls_datum gnutls_srp_2048_group_prime; +extern const gnutls_datum gnutls_srp_2048_group_generator; + +extern const gnutls_datum gnutls_srp_1536_group_prime; +extern const gnutls_datum gnutls_srp_1536_group_generator; + +extern const gnutls_datum gnutls_srp_1024_group_prime; +extern const gnutls_datum gnutls_srp_1024_group_generator; + typedef int gnutls_srp_server_credentials_function( gnutls_session, const char* username, gnutls_datum* salt, @@ -61,28 +73,32 @@ void gnutls_srp_set_server_credentials_function( gnutls_srp_server_credentials, gnutls_srp_server_credentials_function *); -/* Openpgp certificate stuff */ + +/* Openpgp certificate stuff + */ typedef int (*gnutls_openpgp_recv_key_func)(gnutls_session, const unsigned char *keyfpr, unsigned int keyfpr_length, gnutls_datum *key); void gnutls_openpgp_set_recv_key_function( gnutls_session, gnutls_openpgp_recv_key_func); -int gnutls_certificate_set_openpgp_key_file( gnutls_certificate_credentials res, char *CERTFILE, char* KEYFILE); +int gnutls_certificate_set_openpgp_key_file( gnutls_certificate_credentials res, + const char *CERTFILE, const char* KEYFILE); int gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res, const gnutls_datum* CERT, const gnutls_datum* KEY); int gnutls_certificate_set_openpgp_keyserver(gnutls_certificate_credentials res, - char* keyserver, int port); + const char* keyserver, int port); int gnutls_certificate_set_openpgp_trustdb(gnutls_certificate_credentials res, - char* trustdb); + const char* trustdb); int gnutls_certificate_set_openpgp_keyring_mem( - gnutls_certificate_credentials c, - const unsigned char *data, size_t dlen ); + gnutls_certificate_credentials c, + const unsigned char *data, size_t dlen ); -int gnutls_certificate_set_openpgp_keyring_file( gnutls_certificate_credentials res, const char *name); +int gnutls_certificate_set_openpgp_keyring_file( gnutls_certificate_credentials res, + const char *name); int gnutls_global_init_extra(void); diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c index a52c64c737..578aef62af 100644 --- a/lib/gnutls_anon_cred.c +++ b/lib/gnutls_anon_cred.c @@ -30,15 +30,14 @@ #include "gnutls_num.h" #include "gnutls_mpi.h" -static int anon_tmp; +static const int anon_dummy; /** * gnutls_anon_free_server_credentials - Used to free an allocated gnutls_anon_server_credentials structure * @sc: is an &gnutls_anon_server_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to free (deallocate) - * the structure. + * this helper function is provided in order to free (deallocate) it. **/ void gnutls_anon_free_server_credentials( gnutls_anon_server_credentials sc) { @@ -50,8 +49,7 @@ void gnutls_anon_free_server_credentials( gnutls_anon_server_credentials sc) { * @sc: is a pointer to an &gnutls_anon_server_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to allocate - * the structure. + * this helper function is provided in order to allocate it. **/ int gnutls_anon_allocate_server_credentials( gnutls_anon_server_credentials *sc) { @@ -66,8 +64,7 @@ int gnutls_anon_allocate_server_credentials( gnutls_anon_server_credentials *sc) * @sc: is an &gnutls_anon_client_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to free (deallocate) - * the structure. + * this helper function is provided in order to free (deallocate) it. **/ void gnutls_anon_free_client_credentials( gnutls_anon_client_credentials sc) { } @@ -77,15 +74,14 @@ void gnutls_anon_free_client_credentials( gnutls_anon_client_credentials sc) { * @sc: is a pointer to an &gnutls_anon_client_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to allocate - * the structure. + * this helper function is provided in order to allocate it. **/ int gnutls_anon_allocate_client_credentials( gnutls_anon_client_credentials *sc) { - /* anon_tmp is only there for *sc not to be null. + /* anon_dummy is only there for *sc not to be null. * it is not used at all; */ - *sc = (void*) &anon_tmp; + *sc = (void*) &anon_dummy; return 0; } diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index b239d07faa..b65789e524 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -111,8 +111,7 @@ void gnutls_certificate_free_cas(gnutls_certificate_credentials sc) * @sc: is an &gnutls_certificate_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to free (deallocate) - * the structure. + * this helper function is provided in order to free (deallocate) it. * * This function does not free any temporary parameters associated * with this structure (ie RSA and DH parameters are not freed by @@ -137,8 +136,9 @@ void gnutls_certificate_free_credentials(gnutls_certificate_credentials sc) * @res: is a pointer to an &gnutls_certificate_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to allocate - * the structure. + * this helper function is provided in order to allocate it. + * + * Returns 0 on success. **/ int gnutls_certificate_allocate_credentials(gnutls_certificate_credentials * res) { @@ -220,6 +220,7 @@ void gnutls_certificate_server_set_request(gnutls_session session, * @session: is a &gnutls_session structure. * @func: is the callback function * + * This function sets a callback to be called while selecting the (client) certificate. * The callback's function prototype is: * int (*callback)(gnutls_session, const gnutls_datum *client_cert, int ncerts, const gnutls_datum* req_ca_dn, int nreqs); * @@ -261,6 +262,7 @@ void gnutls_certificate_client_set_select_function(gnutls_session session, * @session: is a &gnutls_session structure. * @func: is the callback function * + * This function sets a callback to be called while selecting the (server) certificate. * The callback's function form is: * int (*callback)(gnutls_session, gnutls_datum *server_cert, int ncerts); * diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index b09f4df2fa..6ee494064b 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -1158,12 +1158,18 @@ static int parse_der_ca_mem( gnutls_x509_crt** cert_list, uint* ncerts, * @type: is DER or PEM * * This function adds the trusted CAs in order to verify client - * certificates. This function may be called multiple times. + * or server certificates. In case of a client this is not required + * to be called if the certificates are not verified using + * gnutls_certificate_verify_peers(). + * This function may be called multiple times. * * In case of a server the CAs set here will be sent to the client * if a certificate request is sent. This can be disabled using * gnutls_certificate_send_x509_rdn_sequence(). * + * Returns the number of certificates processed or a negative + * value on error. + * **/ int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials res, const gnutls_datum *ca, gnutls_x509_crt_fmt type) @@ -1190,12 +1196,17 @@ int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials res, * @ca_list_size: holds the size of the CA list * * This function adds the trusted CAs in order to verify client - * certificates. This function may be called multiple times. + * or server certificates. In case of a client this is not required + * to be called if the certificates are not verified using + * gnutls_certificate_verify_peers(). + * This function may be called multiple times. * * In case of a server the CAs set here will be sent to the client * if a certificate request is sent. This can be disabled using * gnutls_certificate_send_x509_rdn_sequence(). * + * Returns 0 on success. + * **/ int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials res, gnutls_x509_crt * ca_list, int ca_list_size) @@ -1231,10 +1242,18 @@ int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials res, * @cafile: is a file containing the list of trusted CAs (DER or PEM list) * @type: is PEM or DER * - * This function sets the trusted CAs in order to verify client - * certificates. This function may be called multiple times, and the - * given certificates will be appended to the trusted certificate list. - * Returns the number of certificate processed. + * This function adds the trusted CAs in order to verify client + * or server certificates. In case of a client this is not required + * to be called if the certificates are not verified using + * gnutls_certificate_verify_peers(). + * This function may be called multiple times. + * + * In case of a server the CAs set here will be sent to the client + * if a certificate request is sent. This can be disabled using + * gnutls_certificate_send_x509_rdn_sequence(). + * + * Returns the number of certificates processed or a negative + * value on error. * **/ int gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials res, @@ -1429,7 +1448,13 @@ int read_crl_mem(gnutls_certificate_credentials res, const void *crl, int crl_si * @type: is DER or PEM * * This function adds the trusted CRLs in order to verify client or server - * certificates. This function may be called multiple times. + * certificates. In case of a client this is not required + * to be called if the certificates are not verified using + * gnutls_certificate_verify_peers(). + * This function may be called multiple times. + * + * Returns the number of CRLs processed or a negative value + * on error. * **/ int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials res, @@ -1450,7 +1475,12 @@ int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials res, * @crl_list_size: holds the size of the crl_list * * This function adds the trusted CRLs in order to verify client or server - * certificates. This function may be called multiple times. + * certificates. In case of a client this is not required + * to be called if the certificates are not verified using + * gnutls_certificate_verify_peers(). + * This function may be called multiple times. + * + * Returns 0 on success. * **/ int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials res, @@ -1484,10 +1514,14 @@ int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials res, * @crlfile: is a file containing the list of verified CRLs (DER or PEM list) * @type: is PEM or DER * - * This function sets the trusted CRLs in order to verify client or server - * certificates. This function may be called multiple times, and the - * given CRLs will be appended to the crl list. - * Returns the number of certificate processed. + * This function adds the trusted CRLs in order to verify client or server + * certificates. In case of a client this is not required + * to be called if the certificates are not verified using + * gnutls_certificate_verify_peers(). + * This function may be called multiple times. + * + * Returns the number of CRLs processed or a negative value + * on error. * **/ int gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials res, diff --git a/lib/libgnutls.vers b/lib/libgnutls.vers index 89a60f8556..798c683500 100644 --- a/lib/libgnutls.vers +++ b/lib/libgnutls.vers @@ -1,4 +1,4 @@ -GNUTLS_1_0_0 +GNUTLS_REL_1_0 { global: _gnutls*; gnutls*; _E_*; local: *; diff --git a/lib/x509_b64.c b/lib/x509_b64.c index c5ff04cd6f..7156bd2fb9 100644 --- a/lib/x509_b64.c +++ b/lib/x509_b64.c @@ -313,8 +313,7 @@ int size; * encoding. This is the encoding used in PEM messages. This function will * allocate the required memory to hold the encoded data. * - * You should use the function gnutls_free() to - * free the returned data. + * You should use gnutls_free() to free the returned data. * **/ int gnutls_pem_base64_encode_alloc( const char* msg, const gnutls_datum *data, @@ -524,8 +523,7 @@ int size; * "-----BEGIN header" and decode only this part. Otherwise it will decode the * first PEM packet found. * - * You should use the function gnutls_free() to - * free the returned data. + * You should use gnutls_free() to free the returned data. * **/ int gnutls_pem_base64_decode_alloc( const char* header, const gnutls_datum *b64_data, diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index a3879ca8dc..4bb8c432d3 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -384,6 +384,11 @@ static const unsigned char srp_params_1024[] = { static const unsigned char srp_generator = 0x02; +const gnutls_datum gnutls_srp_1024_group_prime = { + srp_params_1024, sizeof(srp_params_1024) }; +const gnutls_datum gnutls_srp_1024_group_generator = { + &srp_generator, sizeof(srp_generator) }; + static const unsigned char srp_params_1536[] = { 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1, 0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5, @@ -409,6 +414,11 @@ static const unsigned char srp_params_1536[] = { 0x35, 0xF9, 0xBB }; +const gnutls_datum gnutls_srp_1536_group_prime = { + srp_params_1536, sizeof(srp_params_1536) }; +const gnutls_datum gnutls_srp_1536_group_generator = { + &srp_generator, sizeof(srp_generator) }; + static const unsigned char srp_params_2048[] = { 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1, 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72, @@ -441,6 +451,12 @@ static const unsigned char srp_params_2048[] = { 0x9E, 0x4A, 0xFF, 0x73 }; +const gnutls_datum gnutls_srp_2048_group_prime = { + srp_params_2048, sizeof(srp_params_2048) }; +const gnutls_datum gnutls_srp_2048_group_generator = { + &srp_generator, sizeof(srp_generator) }; + + /* Check if G and N are parameters from the SRP draft. */ static int check_g_n( const opaque* g, size_t n_g, diff --git a/libextra/auth_srp_sb64.c b/libextra/auth_srp_sb64.c index fc9df545a3..9011ec1843 100644 --- a/libextra/auth_srp_sb64.c +++ b/libextra/auth_srp_sb64.c @@ -315,8 +315,7 @@ int size; * encoding. This is the encoding used in SRP password files. This function will * allocate the required memory to hold the encoded data. * - * You should use the function returned by gnutls_free() to - * free the returned data. + * You should use gnutls_free() to free the returned data. * **/ int gnutls_srp_base64_encode_alloc( const gnutls_datum *data, @@ -385,8 +384,7 @@ int size; * will be allocated, and stored into result. * It will decode using the base64 algorithm found in libsrp. * - * You should use the function returned by gnutls_free() to - * free the returned data. + * You should use gnutls_free() to free the returned data. * **/ int gnutls_srp_base64_decode_alloc( const gnutls_datum *b64_data, diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c index a8f5c86c57..b307e42783 100644 --- a/libextra/gnutls_openpgp.c +++ b/libextra/gnutls_openpgp.c @@ -519,8 +519,8 @@ stream_to_datum( cdk_stream_t inp, gnutls_datum *raw ) **/ int gnutls_certificate_set_openpgp_key_mem( gnutls_certificate_credentials res, - gnutls_datum *cert, - gnutls_datum *key ) + const gnutls_datum *cert, + const gnutls_datum *key ) { gnutls_datum raw; cdk_kbnode_t knode = NULL, ctx = NULL, p; @@ -652,8 +652,8 @@ leave: **/ int gnutls_certificate_set_openpgp_key_file( gnutls_certificate_credentials res, - char* certfile, - char* keyfile ) + const char* certfile, + const char* keyfile ) { struct stat statbuf; int rc = 0; @@ -940,7 +940,7 @@ _gnutls_openpgp_request_key( gnutls_session session, gnutls_datum* ret, **/ int gnutls_certificate_set_openpgp_keyserver(gnutls_certificate_credentials res, - char* keyserver, + const char* keyserver, int port) { if( !res || !keyserver ) { @@ -972,7 +972,7 @@ gnutls_certificate_set_openpgp_keyserver(gnutls_certificate_credentials res, **/ int gnutls_certificate_set_openpgp_trustdb( gnutls_certificate_credentials res, - char* trustdb ) + const char* trustdb ) { if( !res || !trustdb ) { gnutls_assert( ); diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c index 0082e128ce..feb64d2448 100644 --- a/libextra/gnutls_srp.c +++ b/libextra/gnutls_srp.c @@ -246,7 +246,7 @@ GNUTLS_MPI _gnutls_calc_srp_A(GNUTLS_MPI * a, GNUTLS_MPI g, GNUTLS_MPI n) /* generate x = SHA(s | SHA(U | ":" | p)) * The output is exactly 20 bytes */ -int _gnutls_calc_srp_sha(char *username, char *password, opaque * salt, +int _gnutls_calc_srp_sha(const char *username, const char *password, opaque * salt, int salt_size, size_t *size, void* digest) { GNUTLS_HASH_HANDLE td; @@ -338,8 +338,8 @@ GNUTLS_MPI _gnutls_calc_srp_S2(GNUTLS_MPI B, GNUTLS_MPI g, GNUTLS_MPI x, GNUTLS_ * @sc: is an &gnutls_srp_client_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to free (deallocate) - * the structure. + * this helper function is provided in order to free (deallocate) it. + * **/ void gnutls_srp_free_client_credentials( gnutls_srp_client_credentials sc) { gnutls_free( sc->username); @@ -352,8 +352,9 @@ void gnutls_srp_free_client_credentials( gnutls_srp_client_credentials sc) { * @sc: is a pointer to an &gnutls_srp_server_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to allocate - * the structure. + * this helper function is provided in order to allocate it. + * + * Returns 0 on success. **/ int gnutls_srp_allocate_client_credentials( gnutls_srp_client_credentials *sc) { *sc = gnutls_calloc( 1, sizeof(SRP_CLIENT_CREDENTIALS_INT)); @@ -369,8 +370,13 @@ int gnutls_srp_allocate_client_credentials( gnutls_srp_client_credentials *sc) { * @username: is the user's userid * @password: is the user's password * + * This function sets the username and password, in a gnutls_srp_client_credentials structure. + * Those will be used in SRP authentication. + * + * Returns 0 on success. **/ -int gnutls_srp_set_client_credentials( gnutls_srp_client_credentials res, char *username, char * password) { +int gnutls_srp_set_client_credentials( gnutls_srp_client_credentials res, char *username, char * password) +{ if (username==NULL || password == NULL) { gnutls_assert(); @@ -394,8 +400,8 @@ int gnutls_srp_set_client_credentials( gnutls_srp_client_credentials res, char * * @sc: is an &gnutls_srp_server_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to free (deallocate) - * the structure. + * this helper function is provided in order to free (deallocate) it. + * **/ void gnutls_srp_free_server_credentials( gnutls_srp_server_credentials sc) { int i; @@ -414,8 +420,9 @@ int i; * @sc: is a pointer to an &gnutls_srp_server_credentials structure. * * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to allocate - * the structure. + * this helper function is provided in order to allocate it. + * + * Returns 0 on success. **/ int gnutls_srp_allocate_server_credentials( gnutls_srp_server_credentials *sc) { *sc = gnutls_calloc( 1, sizeof(SRP_SERVER_CREDENTIALS_INT)); @@ -442,6 +449,11 @@ FILE* fd; * @password_file: is the SRP password file (tpasswd) * @password_conf_file: is the SRP password conf file (tpasswd.conf) * + * This function sets the password files, in a gnutls_srp_server_credentials structure. + * Those password files hold usernames and verifiers and will be used for SRP authentication. + * + * Returns 0 on success. + * **/ int gnutls_srp_set_server_credentials_file( gnutls_srp_server_credentials res, char *password_file, char * password_conf_file) { int i; @@ -504,7 +516,8 @@ int i; * @session: is a &gnutls_session structure. * @func: is the callback function * - * The callback's function form is: + * This function sets a callback to assist in selecting the proper password file, + * in case there are more than one. The callback's function form is: * int (*callback)(gnutls_session, const char** pfiles, const char** pconffiles, int npfiles); * * @pfiles contains @npfiles char* structures which hold @@ -536,6 +549,7 @@ void gnutls_srp_server_set_select_function(gnutls_session session, * @cred: is a &gnutls_srp_server_credentials structure. * @func: is the callback function * + * This function can be used to set a callback to retrieve the user's SRP credentials. * The callback's function form is: * int (*callback)(gnutls_session, const char* username, * gnutls_datum* salt, gnutls_datum *verifier, gnutls_datum* g, @@ -592,24 +606,27 @@ const char *gnutls_srp_server_get_username(gnutls_session session) * @username: is the user's name * @password: is the user's password * @salt: should be some randomly generated bytes - * @g: is a generator - * @n: is a prime + * @generator: is the generator of the group + * @prime: is the group's prime * @res: where the verifier will be stored. * * This function will create an SRP verifier, as specified in RFC2945. - * The prime and generator may be generated using the gnutls_dh_params_generate() - * function. The verifier will be allocated with @malloc and will be stored in @res using binary format. + * The @prime and @generator should be one of the static parameters defined + * in gnutls/extra.h or may be generated using the GCRYPT functions + * gcry_prime_generate() and gcry_prime_group_generator(). + * The verifier will be allocated with @malloc and will be stored in @res using + * binary format. * **/ -int gnutls_srp_verifier( char* username, char* password, const gnutls_datum *salt, - const gnutls_datum* g, const gnutls_datum* n, +int gnutls_srp_verifier( const char* username, const char* password, + const gnutls_datum *salt, + const gnutls_datum* generator, const gnutls_datum* prime, gnutls_datum * res) { GNUTLS_MPI _n, _g; int ret; -size_t digest_size = 20; +size_t digest_size = 20, size; opaque digest[20]; -size_t size; ret = _gnutls_calc_srp_sha( username, password, salt->data, salt->size, &digest_size, digest); @@ -618,14 +635,14 @@ size_t size; return ret; } - size = n->size; - if (_gnutls_mpi_scan(&_n, n->data, &size)) { + size = prime->size; + if (_gnutls_mpi_scan(&_n, prime->data, &size)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - size = g->size; - if (_gnutls_mpi_scan(&_g, g->data, &size)) { + size = generator->size; + if (_gnutls_mpi_scan(&_g, generator->data, &size)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } diff --git a/libextra/libgnutls-extra.vers b/libextra/libgnutls-extra.vers index 1af9b6888a..40f5531ac9 100644 --- a/libextra/libgnutls-extra.vers +++ b/libextra/libgnutls-extra.vers @@ -1,4 +1,4 @@ -GNUTLS_1_0_0 +GNUTLS_REL_1_0 { global: gnutls*; local: *; diff --git a/libextra/openpgp/gnutls_openpgp.h b/libextra/openpgp/gnutls_openpgp.h index a6c5af575f..23a974b328 100644 --- a/libextra/openpgp/gnutls_openpgp.h +++ b/libextra/openpgp/gnutls_openpgp.h @@ -31,8 +31,8 @@ typedef enum { int gnutls_certificate_set_openpgp_key_file( gnutls_certificate_credentials res, - char* CERTFILE, - char* KEYFILE); + const char* CERTFILE, + const char* KEYFILE); int gnutls_openpgp_count_key_names( const gnutls_datum *cert ); diff --git a/libextra/openpgp/openpgp.c b/libextra/openpgp/openpgp.c index cb2525aa14..4813424fbf 100644 --- a/libextra/openpgp/openpgp.c +++ b/libextra/openpgp/openpgp.c @@ -57,7 +57,7 @@ int gnutls_openpgp_key_init(gnutls_openpgp_key * key) * gnutls_openpgp_key_deinit - This function deinitializes memory used by a gnutls_openpgp_key structure * @key: The structure to be initialized * - * This function will deinitialize a CRL structure. + * This function will deinitialize a key structure. * **/ void gnutls_openpgp_key_deinit(gnutls_openpgp_key key) @@ -200,7 +200,7 @@ size_t input_data_size = *output_data_size; * @fpr: the buffer to save the fingerprint. * @fprlen: the integer to save the length of the fingerprint. * - * Returns the fingerprint of the OpenPGP key. Depence on the algorithm, + * Returns the fingerprint of the OpenPGP key. Depends on the algorithm, * the fingerprint can be 16 or 20 bytes. **/ int diff --git a/libextra/openpgp/verify.c b/libextra/openpgp/verify.c index 98eac30585..764fe761a1 100644 --- a/libextra/openpgp/verify.c +++ b/libextra/openpgp/verify.c @@ -85,7 +85,7 @@ leave: * Verify all signatures in the key, using the given set of keys (keyring). * If a signer key is not available, the signature is skipped. * - * The certificate verification output will be put in 'verify' and will be + * The key verification output will be put in @verify and will be * one or more of the gnutls_certificate_status enumerated elements bitwise or'd. * * GNUTLS_CERT_INVALID\: A signature on the key is invalid. @@ -145,9 +145,8 @@ void cdk_md_close( cdk_md_hd_t hd ); * @flags: unused (should be 0) * @verify: will hold the key verification output. * - * Verify the self signature in the key. - * - * The certificate verification output will be put in 'verify' and will be + * Verifies the self signature in the key. + * The key verification output will be put in @verify and will be * one or more of the gnutls_certificate_status enumerated elements bitwise or'd. * * GNUTLS_CERT_INVALID\: The self signature on the key is invalid. @@ -233,7 +232,7 @@ int gnutls_openpgp_key_verify_self( gnutls_openpgp_key key, * @verify: will hold the certificate verification output. * * Checks if the key is revoked or disabled, in the trustdb. - * The verification output will be put in 'verify' and will be + * The verification output will be put in @verify and will be * one or more of the gnutls_certificate_status enumerated elements bitwise or'd. * * GNUTLS_CERT_INVALID\: A signature on the key is invalid. diff --git a/src/common.c b/src/common.c index d25588f01b..c62fd312f9 100644 --- a/src/common.c +++ b/src/common.c @@ -481,7 +481,6 @@ void print_list(void) printf("Ciphers:"); printf(" AES-128-CBC"); - printf(", TWOFISH-128-CBC"); printf(", 3DES-CBC"); printf(", ARCFOUR\n"); printf(", ARCFOUR-40\n"); @@ -548,9 +547,6 @@ void parse_ciphers(char **ciphers, int nciphers, int *cipher_priority) if (strncasecmp(ciphers[i], "AES", 3) == 0) cipher_priority[j++] = GNUTLS_CIPHER_AES_128_CBC; - if (strncasecmp(ciphers[i], "TWO", 3) == 0) - cipher_priority[j++] = - GNUTLS_CIPHER_TWOFISH_128_CBC; if (strncasecmp(ciphers[i], "3DE", 3) == 0) cipher_priority[j++] = GNUTLS_CIPHER_3DES_CBC; diff --git a/src/crypt.c b/src/crypt.c index acd77d77cb..893804f338 100644 --- a/src/crypt.c +++ b/src/crypt.c @@ -81,85 +81,6 @@ static int read_conf_values(gnutls_datum * g, gnutls_datum * n, char *str); static int _verify_passwd_int(char* username, char* passwd, char* verifier, char* salt, const gnutls_datum* g, const gnutls_datum* n); -/* Static parameters according to draft-ietf-tls-srp-05 - */ -static const unsigned char srp_params_1024[] = { - 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, - 0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8, - 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B, - 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76, - 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3, - 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0, - 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4, - 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1, - 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, - 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49, - 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85, - 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC, - 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0, - 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A, - 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, - 0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3 -}; - -static const unsigned char srp_generator = 0x02; - -static const unsigned char srp_params_1536[] = { - 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1, - 0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5, - 0x1D, 0xF4, 0x99, 0xAC, 0x4C, 0x80, 0xBE, 0xEE, 0xA9, - 0x61, 0x4B, 0x19, 0xCC, 0x4D, 0x5F, 0x4F, 0x5F, 0x55, - 0x6E, 0x27, 0xCB, 0xDE, 0x51, 0xC6, 0xA9, 0x4B, 0xE4, - 0x60, 0x7A, 0x29, 0x15, 0x58, 0x90, 0x3B, 0xA0, 0xD0, - 0xF8, 0x43, 0x80, 0xB6, 0x55, 0xBB, 0x9A, 0x22, 0xE8, - 0xDC, 0xDF, 0x02, 0x8A, 0x7C, 0xEC, 0x67, 0xF0, 0xD0, - 0x81, 0x34, 0xB1, 0xC8, 0xB9, 0x79, 0x89, 0x14, 0x9B, - 0x60, 0x9E, 0x0B, 0xE3, 0xBA, 0xB6, 0x3D, 0x47, 0x54, - 0x83, 0x81, 0xDB, 0xC5, 0xB1, 0xFC, 0x76, 0x4E, 0x3F, - 0x4B, 0x53, 0xDD, 0x9D, 0xA1, 0x15, 0x8B, 0xFD, 0x3E, - 0x2B, 0x9C, 0x8C, 0xF5, 0x6E, 0xDF, 0x01, 0x95, 0x39, - 0x34, 0x96, 0x27, 0xDB, 0x2F, 0xD5, 0x3D, 0x24, 0xB7, - 0xC4, 0x86, 0x65, 0x77, 0x2E, 0x43, 0x7D, 0x6C, 0x7F, - 0x8C, 0xE4, 0x42, 0x73, 0x4A, 0xF7, 0xCC, 0xB7, 0xAE, - 0x83, 0x7C, 0x26, 0x4A, 0xE3, 0xA9, 0xBE, 0xB8, 0x7F, - 0x8A, 0x2F, 0xE9, 0xB8, 0xB5, 0x29, 0x2E, 0x5A, 0x02, - 0x1F, 0xFF, 0x5E, 0x91, 0x47, 0x9E, 0x8C, 0xE7, 0xA2, - 0x8C, 0x24, 0x42, 0xC6, 0xF3, 0x15, 0x18, 0x0F, 0x93, - 0x49, 0x9A, 0x23, 0x4D, 0xCF, 0x76, 0xE3, 0xFE, 0xD1, - 0x35, 0xF9, 0xBB -}; - -static const unsigned char srp_params_2048[] = { - 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1, - 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72, - 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, 0xFC, 0x31, 0x92, - 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB, - 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77, - 0x67, 0xA1, 0x3D, 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, - 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD, - 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0, - 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66, - 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18, - 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, 0x55, 0xF9, 0x79, - 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A, - 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5, - 0xC3, 0x3E, 0xA7, 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, - 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80, - 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81, - 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B, - 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45, - 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, 0x5E, 0xA7, 0x7A, - 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB, - 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04, - 0xE5, 0x7A, 0xE6, 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, - 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08, - 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82, - 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94, - 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE, - 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, 0x9B, 0x65, 0xE3, - 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F, - 0x9E, 0x4A, 0xFF, 0x73 -}; static void print_num( const char* msg, const gnutls_datum * num) { @@ -192,18 +113,15 @@ int generate_create_conf(char *tpasswd_conf) for (index = 1; index <= 3; index++) { - g.data = (void*) &srp_generator; - g.size = 1; - if (index == 1) { - n.data = (void*) srp_params_1024; - n.size = sizeof(srp_params_1024); + n = gnutls_srp_1024_group_prime; + g = gnutls_srp_1024_group_generator; } else if (index==2) { - n.data = (void*) srp_params_1536; - n.size = sizeof(srp_params_1536); + n = gnutls_srp_1536_group_prime; + g = gnutls_srp_1536_group_generator; } else { - n.data = (void*) srp_params_2048; - n.size = sizeof(srp_params_2048); + n = gnutls_srp_2048_group_prime; + g = gnutls_srp_2048_group_generator; } printf("\nGroup %d, of %d bits:\n", index, n.size*8); |