diff options
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | configure.in | 2 | ||||
-rw-r--r-- | lib/debug.c | 2 | ||||
-rw-r--r-- | lib/gnutls_mpi.h | 1 | ||||
-rw-r--r-- | lib/gnutls_record.c | 37 | ||||
-rw-r--r-- | libextra/auth_srp.c | 29 |
6 files changed, 52 insertions, 20 deletions
@@ -3,6 +3,7 @@ Version 0.6.1 distinguished name in a single string. - Added gnutls_openpgp_extract_key_name_string() which returns an openpgp user ID in a single string. +- Added SRP-6 support. Follows draft-ietf-tls-srp-04. Version 0.6.0 (8/12/2002) - Added "gnutls/compat4.h" header. This is included in gnutls.h diff --git a/configure.in b/configure.in index 9aa94b428f..a16e5de184 100644 --- a/configure.in +++ b/configure.in @@ -12,7 +12,7 @@ AC_DEFINE_UNQUOTED(T_OS, "$target_os", [OS name]) dnl Gnutls Version GNUTLS_MAJOR_VERSION=0 GNUTLS_MINOR_VERSION=6 -GNUTLS_MICRO_VERSION=0 +GNUTLS_MICRO_VERSION=1 GNUTLS_VERSION=$GNUTLS_MAJOR_VERSION.$GNUTLS_MINOR_VERSION.$GNUTLS_MICRO_VERSION AC_DEFINE_UNQUOTED(GNUTLS_VERSION, "$GNUTLS_VERSION", [version of gnutls]) diff --git a/lib/debug.c b/lib/debug.c index 7047bcefc1..18e9a1f137 100644 --- a/lib/debug.c +++ b/lib/debug.c @@ -28,7 +28,7 @@ void _gnutls_dump_mpi(char* prefix, GNUTLS_MPI a) { - char buf[400]; + char buf[1024]; size_t n = sizeof buf; if (gcry_mpi_print(GCRYMPI_FMT_HEX, buf, &n, a)) diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h index 20299db27d..37d1963b2e 100644 --- a/lib/gnutls_mpi.h +++ b/lib/gnutls_mpi.h @@ -20,6 +20,7 @@ #define _gnutls_mpi_mulm gcry_mpi_mulm #define _gnutls_mpi_mul gcry_mpi_mul #define _gnutls_mpi_add gcry_mpi_add +#define _gnutls_mpi_mul_ui gcry_mpi_mul_ui # define _gnutls_mpi_alloc_like(x) _gnutls_mpi_new(_gnutls_mpi_get_nbits(x)) diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 3c386c40c7..92a23b3c43 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -327,8 +327,8 @@ ssize_t gnutls_send_int( gnutls_session session, ContentType type, HandshakeType headers[1]=_gnutls_version_get_major( lver); headers[2]=_gnutls_version_get_minor( lver); - _gnutls_record_log( "REC: Sending Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, sizeofdata); + _gnutls_record_log( "REC[%x]: Sending Packet[%d] %s(%d) with length: %d\n", + session, (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, sizeofdata); if ( sizeofdata > MAX_RECORD_SEND_SIZE) data2send_size = MAX_RECORD_SEND_SIZE; @@ -428,8 +428,8 @@ ssize_t gnutls_send_int( gnutls_session session, ContentType type, HandshakeType session->internals.record_send_buffer_user_size = 0; - _gnutls_record_log( "REC: Sent Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, cipher_size); + _gnutls_record_log( "REC[%x]: Sent Packet[%d] %s(%d) with length: %d\n", + session, (int) _gnutls_uint64touint32(&session->connection_state.write_sequence_number), _gnutls_packet2str(type), type, cipher_size); return retval; } @@ -441,7 +441,7 @@ ssize_t _gnutls_send_change_cipher_spec( gnutls_session session, int again) { opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC }; - _gnutls_handshake_log( "REC: Sent ChangeCipherSpec\n"); + _gnutls_handshake_log( "REC[%x]: Sent ChangeCipherSpec\n", session); if (again==0) return gnutls_send_int( session, GNUTLS_CHANGE_CIPHER_SPEC, -1, data, 1); @@ -522,7 +522,7 @@ static int _gnutls_check_record_headers( gnutls_session session, uint8 headers[R */ session->internals.v2_hello = *length; - _gnutls_record_log( "REC: V2 packet received. Length: %d\n", *length); + _gnutls_record_log( "REC[%x]: V2 packet received. Length: %d\n", session, *length); } else { /* version 3.x @@ -550,7 +550,8 @@ static int _gnutls_check_record_version( gnutls_session session, HandshakeType h if ( (htype!=GNUTLS_CLIENT_HELLO && htype!=GNUTLS_SERVER_HELLO) && gnutls_protocol_get_version(session) != version) { gnutls_assert(); - _gnutls_record_log( "REC: INVALID VERSION PACKET: (%d) %d.%d\n", htype, _gnutls_version_get_major(version), _gnutls_version_get_minor(version)); + _gnutls_record_log( "REC[%x]: INVALID VERSION PACKET: (%d) %d.%d\n", + session, htype, _gnutls_version_get_major(version), _gnutls_version_get_minor(version)); return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; } @@ -573,7 +574,8 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t switch (recv_type) { case GNUTLS_ALERT: - _gnutls_record_log( "REC: Alert[%d|%d] - %s - was received\n", data[0], data[1], gnutls_alert_get_name((int)data[1])); + _gnutls_record_log( "REC[%x]: Alert[%d|%d] - %s - was received\n", + session, data[0], data[1], gnutls_alert_get_name((int)data[1])); session->internals.last_alert = data[1]; @@ -649,7 +651,8 @@ static int _gnutls_record_check_type( gnutls_session session, ContentType recv_t break; default: - _gnutls_record_log( "REC: Received Unknown packet %d expecting %d\n", recv_type, type); + _gnutls_record_log( "REC[%x]: Received Unknown packet %d expecting %d\n", + session, recv_type, type); gnutls_assert(); return GNUTLS_E_INTERNAL_ERROR; @@ -746,14 +749,14 @@ ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType return ret; } - _gnutls_record_log( "REC: Expected Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata); - _gnutls_record_log( "REC: Received Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, length); + _gnutls_record_log( "REC[%x]: Expected Packet[%d] %s(%d) with length: %d\n", + session, (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(type), type, sizeofdata); + _gnutls_record_log( "REC[%x]: Received Packet[%d] %s(%d) with length: %d\n", + session, (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, length); if (length > MAX_RECV_SIZE) { - _gnutls_record_log( "REC: FATAL ERROR: Received packet with length: %d\n", length); + _gnutls_record_log( "REC[%x]: FATAL ERROR: Received packet with length: %d\n", session, length); _gnutls_session_unresumable( session); _gnutls_session_invalidate( session); @@ -802,7 +805,7 @@ ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType */ if (type == GNUTLS_CHANGE_CIPHER_SPEC && recv_type == GNUTLS_CHANGE_CIPHER_SPEC) { - _gnutls_record_log( "REC: ChangeCipherSpec Packet was received\n"); + _gnutls_record_log( "REC[%x]: ChangeCipherSpec Packet was received\n", session); if ((size_t)tmplen!=sizeofdata) { /* sizeofdata should be 1 */ gnutls_assert(); @@ -815,8 +818,8 @@ ssize_t gnutls_recv_int( gnutls_session session, ContentType type, HandshakeType return tmplen; } - _gnutls_record_log( "REC: Decrypted Packet[%d] %s(%d) with length: %d\n", - (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, tmplen); + _gnutls_record_log( "REC[%x]: Decrypted Packet[%d] %s(%d) with length: %d\n", + session, (int) _gnutls_uint64touint32(&session->connection_state.read_sequence_number), _gnutls_packet2str(recv_type), recv_type, tmplen); /* increase sequence number */ if (_gnutls_uint64pp( &session->connection_state.read_sequence_number)!=0) { diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index cb033b5511..1b268b797b 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -177,6 +177,8 @@ int _gnutls_gen_srp_server_kx0(gnutls_session state, opaque ** data) return GNUTLS_E_MPI_PRINT_FAILED; _gnutls_write_uint16( n_b, data_b); + _gnutls_hard_log( "INT: SRP B[%d]: %s\n", n_b, _gnutls_bin2hex(&data_b[2], n_b)); + _gnutls_srp_entry_free( pwd_entry); return data_size; @@ -229,12 +231,20 @@ int _gnutls_gen_srp_client_kx0(gnutls_session state, opaque ** data) return GNUTLS_E_MEMORY_ERROR; } +#ifdef HARD_DEBUG + _gnutls_dump_mpi( "SRP U: ", state->key->u); +#endif + /* S = (B - g^x) ^ (a + u * x) % N */ S = _gnutls_calc_srp_S2( B, G, state->key->x, _a, state->key->u, N); if (S==NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } + +#ifdef HARD_DEBUG + _gnutls_dump_mpi( "SRP B: ", B); +#endif _gnutls_mpi_release(&_b); _gnutls_mpi_release(&V); @@ -264,6 +274,8 @@ int _gnutls_gen_srp_client_kx0(gnutls_session state, opaque ** data) gnutls_free( *data); return GNUTLS_E_MPI_PRINT_FAILED; } + _gnutls_hard_log( "INT: SRP A[%d]: %s\n", n_a, _gnutls_bin2hex(&data_a[2], n_a)); + _gnutls_mpi_release(&A); _gnutls_write_uint16( n_a, data_a); @@ -288,6 +300,13 @@ int _gnutls_proc_srp_client_kx0(gnutls_session state, opaque * data, size_t _dat return GNUTLS_E_MPI_SCAN_FAILED; } +#ifdef HARD_DEBUG + _gnutls_dump_mpi( "SRP A: ", A); +#endif +#ifdef HARD_DEBUG + _gnutls_dump_mpi( "SRP B: ", B); +#endif + /* Start the SRP calculations. * - Calculate u */ @@ -297,6 +316,10 @@ int _gnutls_proc_srp_client_kx0(gnutls_session state, opaque * data, size_t _dat return GNUTLS_E_MEMORY_ERROR; } +#ifdef HARD_DEBUG + _gnutls_dump_mpi( "SRP U: ", state->key->u); +#endif + /* S = (A * v^u) ^ b % N */ S = _gnutls_calc_srp_S1( A, _b, state->key->u, V, N); @@ -305,6 +328,10 @@ int _gnutls_proc_srp_client_kx0(gnutls_session state, opaque * data, size_t _dat return GNUTLS_E_MEMORY_ERROR; } +#ifdef HARD_DEBUG + _gnutls_dump_mpi( "SRP S: ", S); +#endif + _gnutls_mpi_release(&A); _gnutls_mpi_release(&_b); _gnutls_mpi_release(&V); @@ -389,7 +416,7 @@ int _gnutls_proc_srp_server_kx0(gnutls_session state, opaque * data, size_t _dat /* Read B */ DECR_LEN( data_size, 2); - n_b = data[i]; + n_b = _gnutls_read_uint16( &data[i]); i += 2; DECR_LEN( data_size, n_b); |