diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Makefile.am | 3 | ||||
| -rw-r--r-- | lib/dh_compat.c | 148 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 38 | ||||
| -rw-r--r-- | lib/gnutls_dh_primes.c | 259 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 2 | ||||
| -rw-r--r-- | lib/gnutls_rsa_export.c | 140 | ||||
| -rw-r--r-- | lib/gnutls_rsa_export.h | 1 | ||||
| -rw-r--r-- | lib/rsa_compat.c | 290 | ||||
| -rw-r--r-- | lib/x509/mpi.c | 1 |
9 files changed, 640 insertions, 242 deletions
diff --git a/lib/Makefile.am b/lib/Makefile.am index f5a1551640..5f5eeadfce 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -40,7 +40,8 @@ COBJECTS = gnutls_record.c gnutls_compress.c debug.c \ gnutls_dh_primes.c ext_max_record.c gnutls_alert.c gnutls_int_compat.c \ gnutls_str.c gnutls_state.c gnutls_x509.c ext_cert_type.c \ gnutls_rsa_export.c auth_rsa_export.c \ - ext_server_name.c auth_dh_common.c + ext_server_name.c auth_dh_common.c \ + dh_compat.c rsa_compat.c # Separate so we can create the documentation diff --git a/lib/dh_compat.c b/lib/dh_compat.c new file mode 100644 index 0000000000..5394035bd1 --- /dev/null +++ b/lib/dh_compat.c @@ -0,0 +1,148 @@ +/* + * Copyright (C) 2000,2001,2003 Nikos Mavroyanopoulos + * + * This file is part of GNUTLS. + * + * The GNUTLS library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + */ + +#include <gnutls_int.h> +#include <gnutls_errors.h> +#include <gnutls_datum.h> +#include <x509_b64.h> /* for PKCS3 PEM decoding */ +#include <gnutls_global.h> +#include <gnutls_dh.h> +#include "debug.h" + +/* Replaces the prime in the static DH parameters, with a randomly + * generated one. + */ +/*- + * gnutls_dh_params_set - This function will replace the old DH parameters + * @dh_params: Is a structure will hold the prime numbers + * @prime: holds the new prime + * @generator: holds the new generator + * @bits: is the prime's number of bits. This value is ignored. + * + * This function will replace the pair of prime and generator for use in + * the Diffie-Hellman key exchange. The new parameters should be stored in the + * appropriate gnutls_datum. + * + -*/ +int gnutls_dh_params_set(gnutls_dh_params dh_params, gnutls_datum prime, + gnutls_datum generator, int bits) +{ + GNUTLS_MPI tmp_prime, tmp_g; + size_t siz = 0; + + /* sprime is not null, because of the check_bits() + * above. + */ + + siz = prime.size; + if (_gnutls_mpi_scan(&tmp_prime, prime.data, &siz)) { + gnutls_assert(); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = generator.size; + if (_gnutls_mpi_scan(&tmp_g, generator.data, &siz)) { + _gnutls_mpi_release(&tmp_prime); + gnutls_assert(); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + /* copy the generated values to the structure + */ + dh_params->_prime = tmp_prime; + dh_params->_generator = tmp_g; + + return 0; + +} + +/*- + * gnutls_dh_params_generate - This function will generate new DH parameters + * @prime: will hold the new prime + * @generator: will hold the new generator + * @bits: is the prime's number of bits + * + * This function will generate a new pair of prime and generator for use in + * the Diffie-Hellman key exchange. The new parameters will be allocated using + * gnutls_malloc() and will be stored in the appropriate datum. + * This function is normally very slow. An other function + * (gnutls_dh_params_set()) should be called in order to replace the + * included DH primes in the gnutls library. + * + * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096. + * Also note that the generation of new DH parameters is only usefull + * to servers. Clients use the parameters sent by the server, thus it's + * no use calling this in client side. + * + -*/ +int gnutls_dh_params_generate(gnutls_datum * prime, + gnutls_datum * generator, int bits) +{ + + GNUTLS_MPI tmp_prime, tmp_g; + size_t siz; + + if (_gnutls_dh_generate_prime(&tmp_g, &tmp_prime, bits) < 0) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + siz = 0; + _gnutls_mpi_print(NULL, &siz, tmp_g); + + generator->data = gnutls_malloc(siz); + if (generator->data == NULL) { + _gnutls_mpi_release(&tmp_g); + _gnutls_mpi_release(&tmp_prime); + return GNUTLS_E_MEMORY_ERROR; + } + + generator->size = siz; + _gnutls_mpi_print(generator->data, &siz, tmp_g); + + + siz = 0; + _gnutls_mpi_print(NULL, &siz, tmp_prime); + + prime->data = gnutls_malloc(siz); + if (prime->data == NULL) { + gnutls_free(generator->data); + _gnutls_mpi_release(&tmp_g); + _gnutls_mpi_release(&tmp_prime); + return GNUTLS_E_MEMORY_ERROR; + } + prime->size = siz; + _gnutls_mpi_print(prime->data, &siz, tmp_prime); + +#ifdef DEBUG + { + opaque buffer[512]; + + _gnutls_log + ("dh_params_generate: Generated %d bits prime %s, generator %s.\n", + bits, _gnutls_bin2hex(prime->data, prime->size, buffer, sizeof(buffer)), + _gnutls_bin2hex(generator->data, generator->size, buffer, sizeof(buffer))); + } +#endif + + return 0; + +} diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index a54a9e35e6..4fe134389c 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -343,24 +343,36 @@ extern gnutls_free_function gnutls_free; typedef void (*gnutls_log_func)( const char*); void gnutls_global_set_log_function( gnutls_log_func log_func); -/* DH params */ -int gnutls_dh_params_set( gnutls_dh_params, gnutls_datum prime, gnutls_datum generator, int bits); +/* Diffie Hellman parameter handling. + */ int gnutls_dh_params_init( gnutls_dh_params*); void gnutls_dh_params_deinit( gnutls_dh_params); -int gnutls_dh_params_generate( gnutls_datum* prime, gnutls_datum* generator, int bits); - -/* RSA params */ -int gnutls_rsa_params_set(gnutls_rsa_params rsa_params, - gnutls_datum m, gnutls_datum e, gnutls_datum d, - gnutls_datum p, gnutls_datum q, gnutls_datum u, - int bits); -int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, - gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, - gnutls_datum* u, int bits); +int gnutls_dh_params_import_raw(gnutls_dh_params dh_params, const gnutls_datum *prime, + const gnutls_datum* generator); +int gnutls_dh_params_import_pkcs3(gnutls_dh_params params, + const gnutls_datum * pkcs3_params, gnutls_x509_crt_fmt format); +int gnutls_dh_params_generate2(gnutls_dh_params params, int bits); +int gnutls_dh_params_export_pkcs3( gnutls_dh_params params, + gnutls_x509_crt_fmt format, unsigned char* params_data, int* params_data_size); +int gnutls_dh_params_export_raw(gnutls_dh_params params, + gnutls_datum * prime, gnutls_datum * generator, int *bits); + + +/* RSA params + */ int gnutls_rsa_params_init(gnutls_rsa_params * rsa_params); void gnutls_rsa_params_deinit(gnutls_rsa_params rsa_params); +int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params, + gnutls_datum m, gnutls_datum e, + gnutls_datum d, gnutls_datum p, gnutls_datum q, gnutls_datum u); +int gnutls_rsa_params_generate2(gnutls_rsa_params params, int bits); +int gnutls_rsa_params_export_raw(gnutls_rsa_params params, + gnutls_datum * m, gnutls_datum *e, + gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, + gnutls_datum* u, int *bits); - +/* Session stuff + */ typedef ssize_t (*gnutls_pull_func)(gnutls_transport_ptr, void*, size_t); typedef ssize_t (*gnutls_push_func)(gnutls_transport_ptr, const void*, size_t); void gnutls_transport_set_ptr(gnutls_session session, gnutls_transport_ptr ptr); diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index 473bbf1821..865b93d178 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -24,33 +24,9 @@ #include <gnutls_datum.h> #include <x509_b64.h> /* for PKCS3 PEM decoding */ #include <gnutls_global.h> +#include <gnutls_dh.h> #include "debug.h" -/* This function takes a number of bits and returns a supported - * number of bits. Ie a number of bits that we have a prime in the - * dh_primes structure. - */ -static int normalize_bits(int bits) -{ - if (bits >= 4096) - bits = 4096; - else if (bits < 256) - bits = 128; - else if (bits < 700) - bits = 512; - else if (bits < 1000) - bits = 768; - else if (bits < 2000) - bits = 1024; - else if (bits < 3000) - bits = 2048; - else if (bits < 4000) - bits = 3072; - else - bits = 4096; - - return bits; -} /* returns the prime and the generator of DH params. */ @@ -131,35 +107,30 @@ int _gnutls_dh_generate_prime(GNUTLS_MPI * ret_g, GNUTLS_MPI * ret_n, * generated one. */ /** - * gnutls_dh_params_set - This function will replace the old DH parameters - * @dh_params: Is a structure will hold the prime numbers + * gnutls_dh_import_raw - This function will import DH parameters + * @dh_params: Is a structure that will hold the prime numbers * @prime: holds the new prime * @generator: holds the new generator - * @bits: is the prime's number of bits. This value is ignored. * * This function will replace the pair of prime and generator for use in * the Diffie-Hellman key exchange. The new parameters should be stored in the * appropriate gnutls_datum. * **/ -int gnutls_dh_params_set(gnutls_dh_params dh_params, gnutls_datum prime, - gnutls_datum generator, int bits) +int gnutls_dh_params_import_raw(gnutls_dh_params dh_params, const gnutls_datum *prime, + const gnutls_datum* generator) { GNUTLS_MPI tmp_prime, tmp_g; size_t siz = 0; - /* sprime is not null, because of the check_bits() - * above. - */ - - siz = prime.size; - if (_gnutls_mpi_scan(&tmp_prime, prime.data, &siz)) { + siz = prime->size; + if (_gnutls_mpi_scan(&tmp_prime, prime->data, &siz)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - siz = generator.size; - if (_gnutls_mpi_scan(&tmp_g, generator.data, &siz)) { + siz = generator->size; + if (_gnutls_mpi_scan(&tmp_g, generator->data, &siz)) { _gnutls_mpi_release(&tmp_prime); gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; @@ -217,85 +188,38 @@ void gnutls_dh_params_deinit(gnutls_dh_params dh_params) * numbers. */ /** - * gnutls_dh_params_generate - This function will generate new DH parameters - * @prime: will hold the new prime - * @generator: will hold the new generator + * gnutls_dh_params_generate2 - This function will generate new DH parameters + * @params: Is the structure that the DH parameters will be stored * @bits: is the prime's number of bits * * This function will generate a new pair of prime and generator for use in * the Diffie-Hellman key exchange. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. - * This function is normally very slow. An other function - * (gnutls_dh_params_set()) should be called in order to replace the - * included DH primes in the gnutls library. + * This function is normally slow. * * Note that the bits value should be one of 768, 1024, 2048, 3072 or 4096. - * Also note that the generation of new DH parameters is only usefull - * to servers. Clients use the parameters sent by the server, thus it's + * Also note that the DH parameters are only usefull to servers. + * Since clients use the parameters sent by the server, thus it's * no use calling this in client side. * **/ -int gnutls_dh_params_generate(gnutls_datum * prime, - gnutls_datum * generator, int bits) +int gnutls_dh_params_generate2(gnutls_dh_params params, int bits) { - GNUTLS_MPI tmp_prime, tmp_g; - size_t siz; - - if (_gnutls_dh_generate_prime(&tmp_g, &tmp_prime, bits) < 0) { + if (_gnutls_dh_generate_prime(¶ms->_generator, + ¶ms->_prime, bits) < 0) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - siz = 0; - _gnutls_mpi_print(NULL, &siz, tmp_g); - - generator->data = gnutls_malloc(siz); - if (generator->data == NULL) { - _gnutls_mpi_release(&tmp_g); - _gnutls_mpi_release(&tmp_prime); - return GNUTLS_E_MEMORY_ERROR; - } - - generator->size = siz; - _gnutls_mpi_print(generator->data, &siz, tmp_g); - - - siz = 0; - _gnutls_mpi_print(NULL, &siz, tmp_prime); - - prime->data = gnutls_malloc(siz); - if (prime->data == NULL) { - gnutls_free(generator->data); - _gnutls_mpi_release(&tmp_g); - _gnutls_mpi_release(&tmp_prime); - return GNUTLS_E_MEMORY_ERROR; - } - prime->size = siz; - _gnutls_mpi_print(prime->data, &siz, tmp_prime); - -#ifdef DEBUG - { - opaque buffer[512]; - - _gnutls_log - ("dh_params_generate: Generated %d bits prime %s, generator %s.\n", - bits, _gnutls_bin2hex(prime->data, prime->size, buffer, sizeof(buffer)), - _gnutls_bin2hex(generator->data, generator->size, buffer, sizeof(buffer))); - } -#endif - return 0; - } /** - * gnutls_pkcs3_extract_dh_params - This function will extract DH params from a pkcs3 structure - * @params: should contain a PKCS3 DHParams structure PEM or DER encoded + * gnutls_dh_params_import_pkcs3 - This function will import DH params from a pkcs3 structure + * @params: A structure were the parameters will be copied to + * @pkcs3_params: should contain a PKCS3 DHParams structure PEM or DER encoded * @format: the format of params. PEM or DER. - * @prime: will hold the prime found - * @generator: will hold the generator - * @bits: the number of bits of prime (not with precision) * * This function will extract the DHParams found in a PKCS3 formatted * structure. This is the format generated by "openssl dhparam" tool. @@ -309,10 +233,8 @@ int gnutls_dh_params_generate(gnutls_datum * prime, * 0 on success. * **/ -int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, - gnutls_x509_crt_fmt format, - gnutls_datum * prime, - gnutls_datum * generator, int *bits) +int gnutls_dh_params_import_pkcs3(gnutls_dh_params params, + const gnutls_datum * pkcs3_params, gnutls_x509_crt_fmt format) { ASN1_TYPE c2; int result, need_free = 0; @@ -324,7 +246,7 @@ int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, opaque *out; result = _gnutls_fbase64_decode("DH PARAMETERS", - params->data, params->size, + pkcs3_params->data, pkcs3_params->size, &out); if (result <= 0) { @@ -339,8 +261,8 @@ int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, need_free = 1; } else { - _params.data = params->data; - _params.size = params->size; + _params.data = pkcs3_params->data; + _params.size = pkcs3_params->size; } if ((result = asn1_create_element @@ -367,42 +289,23 @@ int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, /* Read PRIME */ len = sizeof(str) - 1; - if ((result = asn1_read_value(c2, "prime", - str, &len)) != ASN1_SUCCESS) - { - gnutls_assert(); + result = _gnutls_x509_read_int( c2, "prime", str, len, ¶ms->_prime); + if ( result < 0) { asn1_delete_structure(&c2); - return _gnutls_asn2err(result); - } - - prime->data = gnutls_malloc(len); - prime->size = len; - if (prime->data == NULL) { gnutls_assert(); - return GNUTLS_E_MEMORY_ERROR; + return result; } - memcpy( prime->data, str, len); - *bits = normalize_bits( len*8); - /* Read the GENERATOR + /* read the generator */ len = sizeof(str) - 1; - if ((result = asn1_read_value(c2, "base", - str, &len)) != ASN1_SUCCESS) { - gnutls_assert(); - gnutls_free( prime->data); + result = _gnutls_x509_read_int( c2, "base", str, len, ¶ms->_generator); + if ( result < 0) { asn1_delete_structure(&c2); - return _gnutls_asn2err(result); - } - - generator->data = gnutls_malloc(len); - generator->size = len; - if (generator->data == NULL) { + _gnutls_mpi_release( ¶ms->_prime); gnutls_assert(); - gnutls_free( prime->data); - return GNUTLS_E_MEMORY_ERROR; + return result; } - memcpy( generator->data, str, len); asn1_delete_structure(&c2); @@ -410,9 +313,8 @@ int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, } /** - * gnutls_pkcs3_export_dh_params - This function will export DH params to a pkcs3 structure - * @prime: will hold the prime found - * @generator: will hold the generator + * gnutls_dh_params_export_pkcs3 - This function will export DH params to a pkcs3 structure + * @params: Holds the DH parameters * @format: the format of output params. One of PEM or DER. * @params_data: will contain a PKCS3 DHParams structure PEM or DER encoded * @params_data_size: holds the size of params_data (and will be replaced by the actual size of parameters) @@ -429,27 +331,48 @@ int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, * 0 on success. * **/ -int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, - const gnutls_datum * generator, - gnutls_x509_crt_fmt format, - unsigned char* params_data, int* params_data_size) +int gnutls_dh_params_export_pkcs3( gnutls_dh_params params, + gnutls_x509_crt_fmt format, unsigned char* params_data, int* params_data_size) { ASN1_TYPE c2; int result; + size_t g_size, p_size; + opaque * p_data, *g_data; + opaque * all_data; + + _gnutls_mpi_print( NULL, &g_size, params->_generator); + _gnutls_mpi_print( NULL, &p_size, params->_prime); + + all_data = gnutls_alloca( g_size + p_size); + if (all_data == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + p_data = &all_data[0]; + g_data = &all_data[p_size]; + + _gnutls_mpi_print( p_data, &p_size, params->_prime); + _gnutls_mpi_print( g_data, &g_size, params->_generator); + + /* Ok. Now we have the data. Create the asn1 structures + */ if ((result = asn1_create_element (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2)) != ASN1_SUCCESS) { gnutls_assert(); + gnutls_afree(all_data); return _gnutls_asn2err(result); } /* Write PRIME */ if ((result = asn1_write_value(c2, "prime", - prime->data, prime->size)) != ASN1_SUCCESS) + p_data, p_size)) != ASN1_SUCCESS) { gnutls_assert(); + gnutls_afree(all_data); asn1_delete_structure(&c2); return _gnutls_asn2err(result); } @@ -457,12 +380,15 @@ int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, /* Write the GENERATOR */ if ((result = asn1_write_value(c2, "base", - generator->data, generator->size)) != ASN1_SUCCESS) { + g_data, g_size)) != ASN1_SUCCESS) { gnutls_assert(); + gnutls_afree(all_data); asn1_delete_structure(&c2); return _gnutls_asn2err(result); } + gnutls_afree(all_data); + if ((result = asn1_write_value(c2, "privateValueLength", NULL, 0)) != ASN1_SUCCESS) { gnutls_assert(); @@ -517,11 +443,62 @@ int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, } *params_data_size = result; - memcpy( params_data, out, result); - params_data[result] = 0; + + if (params_data) { + memcpy( params_data, out, result); + params_data[result] = 0; + } gnutls_free( out); } return 0; } + +/** + * gnutls_dh_params_export_raw - This function will export the raw DH parameters + * @params: Holds the DH parameters + * @prime: will hold the new prime + * @generator: will hold the new generator + * @bits: if non null will hold is the prime's number of bits + * + * This function will export the pair of prime and generator for use in + * the Diffie-Hellman key exchange. The new parameters will be allocated using + * gnutls_malloc() and will be stored in the appropriate datum. + * + **/ +int gnutls_dh_params_export_raw(gnutls_dh_params params, + gnutls_datum * prime, gnutls_datum * generator, int *bits) +{ + + size_t size; + + size = 0; + _gnutls_mpi_print(NULL, &size, params->_generator); + + generator->data = gnutls_malloc(size); + if (generator->data == NULL) { + return GNUTLS_E_MEMORY_ERROR; + } + + generator->size = size; + _gnutls_mpi_print(generator->data, &size, params->_generator); + + + size = 0; + _gnutls_mpi_print(NULL, &size, params->_prime); + + prime->data = gnutls_malloc(size); + if (prime->data == NULL) { + gnutls_free(generator->data); + return GNUTLS_E_MEMORY_ERROR; + } + prime->size = size; + _gnutls_mpi_print(prime->data, &size, params->_prime); + + if (bits) + *bits = _gnutls_mpi_get_nbits( params->_prime); + + return 0; + +} diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index b99d7c8234..9999498fa5 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000,2001,2002 Nikos Mavroyanopoulos + * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos * * This file is part of GNUTLS. * diff --git a/lib/gnutls_rsa_export.c b/lib/gnutls_rsa_export.c index d1049123b5..ecf03e6c6e 100644 --- a/lib/gnutls_rsa_export.c +++ b/lib/gnutls_rsa_export.c @@ -26,6 +26,7 @@ #include <gnutls_int.h> #include <gnutls_errors.h> #include <gnutls_datum.h> +#include <gnutls_rsa_export.h> #include "debug.h" /* This function takes a number of bits and returns a supported @@ -152,22 +153,12 @@ int _gnutls_rsa_generate_params(GNUTLS_MPI* resarr, int bits) } -/* returns a negative value if the bits size is not supported - */ -static int check_bits(int bits) -{ - if (bits > MAX_SUPPORTED_BITS) - return GNUTLS_E_INVALID_REQUEST; - - return 0; -} - #define FREE_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \ _gnutls_mpi_release(&rsa_params->params[i]) /** - * gnutls_rsa_params_set - This function will replace the old RSA parameters + * gnutls_rsa_params_import_raw - This function will replace the old RSA parameters * @rsa_params: Is a structure will hold the parameters * @m: holds the modulus * @e: holds the public exponent @@ -175,30 +166,18 @@ static int check_bits(int bits) * @p: holds the first prime (p) * @q: holds the second prime (q) * @u: holds the coefficient - * @bits: is the modulus's number of bits * - * This function will replace the parameters used in the RSA-EXPORT key - * exchange. The new parameters should be stored in the - * appropriate gnutls_datum. + * This function will replace the parameters in the given structure. + * The new parameters should be stored in the appropriate gnutls_datum. * - * Note that the bits value should only be less than 512. That is because - * the RSA-EXPORT ciphersuites are only allowed to sign a modulus of 512 - * bits. - * **/ -int gnutls_rsa_params_set(gnutls_rsa_params rsa_params, +int gnutls_rsa_params_import_raw(gnutls_rsa_params rsa_params, gnutls_datum m, gnutls_datum e, - gnutls_datum d, gnutls_datum p, gnutls_datum q, gnutls_datum u, - int bits) + gnutls_datum d, gnutls_datum p, gnutls_datum q, gnutls_datum u) { int i = 0; size_t siz = 0; - if (check_bits(bits) < 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - for (i=0;i<RSA_PRIVATE_PARAMS;i++) { _gnutls_mpi_release(&rsa_params->params[i]); } @@ -290,101 +269,103 @@ int i; } -#define FREE_ALL_MPIS for (i=0;i<sizeof(rsa_params)/sizeof(GNUTLS_MPI);i++) \ - _gnutls_mpi_release( &rsa_params[i]) \ - /** - * gnutls_rsa_params_generate - This function will generate temporary RSA parameters - * @m: will hold the modulus - * @e: will hold the public exponent - * @d: will hold the private exponent - * @p: will hold the first prime (p) - * @q: will hold the second prime (q) - * @u: will hold the coefficient + * gnutls_rsa_params_generate2 - This function will generate temporary RSA parameters + * @params: The structure where the parameters will be stored * @bits: is the prime's number of bits * * This function will generate new temporary RSA parameters for use in - * RSA-EXPORT ciphersuites. The new parameters will be allocated using - * gnutls_malloc() and will be stored in the appropriate datum. - * This function is normally slow. An other function - * (gnutls_rsa_params_set()) should be called in order to use the - * generated RSA parameters. + * RSA-EXPORT ciphersuites. This function is normally slow. * - * Note that the bits value should be 512. + * Note that if the parameters are to be used in export cipher suites the + * bits value should be 512 or less. * Also note that the generation of new RSA parameters is only usefull * to servers. Clients use the parameters sent by the server, thus it's * no use calling this in client side. * **/ -int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, - gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, - gnutls_datum* u, int bits) +int gnutls_rsa_params_generate2(gnutls_rsa_params params, int bits) { - GNUTLS_MPI rsa_params[RSA_PRIVATE_PARAMS]; - size_t siz; - uint i; int ret; - if (check_bits(bits) < 0) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_rsa_generate_params( rsa_params, bits); + ret = _gnutls_rsa_generate_params( params->params, bits); if (ret < 0) { gnutls_assert(); return ret; } + return 0; + +} + +/** + * gnutls_rsa_params_export_raw - This function will export the RSA parameters + * @params: a structure that holds the rsa parameters + * @m: will hold the modulus + * @e: will hold the public exponent + * @d: will hold the private exponent + * @p: will hold the first prime (p) + * @q: will hold the second prime (q) + * @u: will hold the coefficient + * @bits: if non null will hold the prime's number of bits + * + * This function will export the RSA parameters found in the given + * structure. The new parameters will be allocated using + * gnutls_malloc() and will be stored in the appropriate datum. + * + **/ +int gnutls_rsa_params_export_raw(gnutls_rsa_params params, + gnutls_datum * m, gnutls_datum *e, + gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, + gnutls_datum* u, int *bits) +{ + size_t siz; + siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[0]); + _gnutls_mpi_print(NULL, &siz, params->params[0]); m->data = gnutls_malloc(siz); if (m->data == NULL) { - FREE_ALL_MPIS; return GNUTLS_E_MEMORY_ERROR; } m->size = siz; - _gnutls_mpi_print( m->data, &siz, rsa_params[0]); + _gnutls_mpi_print( m->data, &siz, params->params[0]); /* E */ siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[1]); + _gnutls_mpi_print(NULL, &siz, params->params[1]); e->data = gnutls_malloc(siz); if (e->data == NULL) { - FREE_ALL_MPIS; _gnutls_free_datum( m); return GNUTLS_E_MEMORY_ERROR; } e->size = siz; - _gnutls_mpi_print( e->data, &siz, rsa_params[1]); + _gnutls_mpi_print( e->data, &siz, params->params[1]); /* D */ siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[2]); + _gnutls_mpi_print(NULL, &siz, params->params[2]); d->data = gnutls_malloc(siz); if (d->data == NULL) { - FREE_ALL_MPIS; _gnutls_free_datum( m); _gnutls_free_datum( e); return GNUTLS_E_MEMORY_ERROR; } d->size = siz; - _gnutls_mpi_print( d->data, &siz, rsa_params[2]); + _gnutls_mpi_print( d->data, &siz, params->params[2]); /* P */ siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[3]); + _gnutls_mpi_print(NULL, &siz, params->params[3]); p->data = gnutls_malloc(siz); if (p->data == NULL) { - FREE_ALL_MPIS; _gnutls_free_datum( m); _gnutls_free_datum( e); _gnutls_free_datum( d); @@ -392,15 +373,14 @@ int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, } p->size = siz; - _gnutls_mpi_print(p->data, &siz, rsa_params[3]); + _gnutls_mpi_print(p->data, &siz, params->params[3]); /* Q */ siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[4]); + _gnutls_mpi_print(NULL, &siz, params->params[4]); q->data = gnutls_malloc(siz); if (q->data == NULL) { - FREE_ALL_MPIS; _gnutls_free_datum( m); _gnutls_free_datum( e); _gnutls_free_datum( d); @@ -409,15 +389,14 @@ int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, } q->size = siz; - _gnutls_mpi_print(q->data, &siz, rsa_params[4]); + _gnutls_mpi_print(q->data, &siz, params->params[4]); /* U */ siz = 0; - _gnutls_mpi_print(NULL, &siz, rsa_params[5]); + _gnutls_mpi_print(NULL, &siz, params->params[5]); u->data = gnutls_malloc(siz); if (u->data == NULL) { - FREE_ALL_MPIS; _gnutls_free_datum( m); _gnutls_free_datum( e); _gnutls_free_datum( d); @@ -427,19 +406,10 @@ int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, } u->size = siz; - _gnutls_mpi_print(u->data, &siz, rsa_params[5]); - - FREE_ALL_MPIS; - -#ifdef DEBUG - { - opaque buffer[512]; - - _gnutls_log("rsa_params_generate: Generated %d bits modulus %s, exponent %s.\n", - bits, _gnutls_bin2hex(m->data, m->size, buffer, sizeof(buffer)), - _gnutls_bin2hex( e->data, e->size, buffer, sizeof(buffer))); - } -#endif + _gnutls_mpi_print(u->data, &siz, params->params[5]); + + if (bits) + *bits = _gnutls_mpi_get_nbits(params->params[3]); return 0; diff --git a/lib/gnutls_rsa_export.h b/lib/gnutls_rsa_export.h index ca9ee7780c..71126d425d 100644 --- a/lib/gnutls_rsa_export.h +++ b/lib/gnutls_rsa_export.h @@ -20,4 +20,5 @@ const GNUTLS_MPI* _gnutls_get_rsa_params(gnutls_rsa_params, int bits); int _gnutls_peers_cert_less_512( gnutls_session session); +int _gnutls_rsa_generate_params(GNUTLS_MPI* resarr, int bits); diff --git a/lib/rsa_compat.c b/lib/rsa_compat.c new file mode 100644 index 0000000000..43922e1a50 --- /dev/null +++ b/lib/rsa_compat.c @@ -0,0 +1,290 @@ +/* + * Copyright (C) 2002,2003 Nikos Mavroyanopoulos + * + * This file is part of GNUTLS. + * + * The GNUTLS library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + */ + +/* This file contains code for RSA temporary keys. These keys are + * only used in export cipher suites. + */ + +#include <gnutls_int.h> +#include <gnutls_errors.h> +#include <gnutls_datum.h> +#include <gnutls_rsa_export.h> +#include "debug.h" + +/* This function takes a number of bits and returns a supported + * number of bits. Ie a number of bits that we have a prime in the + * dh_primes structure. + */ + +#define MAX_SUPPORTED_BITS 512 + +/* returns a negative value if the bits size is not supported + */ +static int check_bits(int bits) +{ + if (bits > MAX_SUPPORTED_BITS) + return GNUTLS_E_INVALID_REQUEST; + + return 0; +} + +#define FREE_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \ + _gnutls_mpi_release(&rsa_params->params[i]) + + +/*- + * gnutls_rsa_params_set - This function will replace the old RSA parameters + * @rsa_params: Is a structure will hold the parameters + * @m: holds the modulus + * @e: holds the public exponent + * @d: holds the private exponent + * @p: holds the first prime (p) + * @q: holds the second prime (q) + * @u: holds the coefficient + * @bits: is the modulus's number of bits + * + * This function will replace the parameters used in the RSA-EXPORT key + * exchange. The new parameters should be stored in the + * appropriate gnutls_datum. + * + * Note that the bits value should only be less than 512. That is because + * the RSA-EXPORT ciphersuites are only allowed to sign a modulus of 512 + * bits. + * + -*/ +int gnutls_rsa_params_set(gnutls_rsa_params rsa_params, + gnutls_datum m, gnutls_datum e, + gnutls_datum d, gnutls_datum p, gnutls_datum q, gnutls_datum u, + int bits) +{ + int i = 0; + size_t siz = 0; + + if (check_bits(bits) < 0) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + for (i=0;i<RSA_PRIVATE_PARAMS;i++) { + _gnutls_mpi_release(&rsa_params->params[i]); + } + + siz = m.size; + if (_gnutls_mpi_scan(&rsa_params->params[0], m.data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = e.size; + if (_gnutls_mpi_scan(&rsa_params->params[1], e.data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = d.size; + if (_gnutls_mpi_scan(&rsa_params->params[2], d.data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = p.size; + if (_gnutls_mpi_scan(&rsa_params->params[3], p.data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = q.size; + if (_gnutls_mpi_scan(&rsa_params->params[4], q.data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = u.size; + if (_gnutls_mpi_scan(&rsa_params->params[5], u.data, &siz)) { + gnutls_assert(); + FREE_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + return 0; + +} + + +#define FREE_ALL_MPIS for (i=0;i<sizeof(rsa_params)/sizeof(GNUTLS_MPI);i++) \ + _gnutls_mpi_release( &rsa_params[i]) \ + +/*- + * gnutls_rsa_params_generate - This function will generate temporary RSA parameters + * @m: will hold the modulus + * @e: will hold the public exponent + * @d: will hold the private exponent + * @p: will hold the first prime (p) + * @q: will hold the second prime (q) + * @u: will hold the coefficient + * @bits: is the prime's number of bits + * + * This function will generate new temporary RSA parameters for use in + * RSA-EXPORT ciphersuites. The new parameters will be allocated using + * gnutls_malloc() and will be stored in the appropriate datum. + * This function is normally slow. An other function + * (gnutls_rsa_params_set()) should be called in order to use the + * generated RSA parameters. + * + * Note that the bits value should be 512. + * Also note that the generation of new RSA parameters is only usefull + * to servers. Clients use the parameters sent by the server, thus it's + * no use calling this in client side. + * + -*/ +int gnutls_rsa_params_generate(gnutls_datum * m, gnutls_datum *e, + gnutls_datum *d, gnutls_datum *p, gnutls_datum* q, + gnutls_datum* u, int bits) +{ + + GNUTLS_MPI rsa_params[RSA_PRIVATE_PARAMS]; + size_t siz; + uint i; + int ret; + + if (check_bits(bits) < 0) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_rsa_generate_params( rsa_params, bits); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + siz = 0; + _gnutls_mpi_print(NULL, &siz, rsa_params[0]); + + m->data = gnutls_malloc(siz); + if (m->data == NULL) { + FREE_ALL_MPIS; + return GNUTLS_E_MEMORY_ERROR; + } + + m->size = siz; + _gnutls_mpi_print( m->data, &siz, rsa_params[0]); + + /* E */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, rsa_params[1]); + + e->data = gnutls_malloc(siz); + if (e->data == NULL) { + FREE_ALL_MPIS; + _gnutls_free_datum( m); + return GNUTLS_E_MEMORY_ERROR; + } + + e->size = siz; + _gnutls_mpi_print( e->data, &siz, rsa_params[1]); + + /* D */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, rsa_params[2]); + + d->data = gnutls_malloc(siz); + if (d->data == NULL) { + FREE_ALL_MPIS; + _gnutls_free_datum( m); + _gnutls_free_datum( e); + return GNUTLS_E_MEMORY_ERROR; + } + + d->size = siz; + _gnutls_mpi_print( d->data, &siz, rsa_params[2]); + + /* P */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, rsa_params[3]); + + p->data = gnutls_malloc(siz); + if (p->data == NULL) { + FREE_ALL_MPIS; + _gnutls_free_datum( m); + _gnutls_free_datum( e); + _gnutls_free_datum( d); + return GNUTLS_E_MEMORY_ERROR; + } + + p->size = siz; + _gnutls_mpi_print(p->data, &siz, rsa_params[3]); + + /* Q */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, rsa_params[4]); + + q->data = gnutls_malloc(siz); + if (q->data == NULL) { + FREE_ALL_MPIS; + _gnutls_free_datum( m); + _gnutls_free_datum( e); + _gnutls_free_datum( d); + _gnutls_free_datum( p); + return GNUTLS_E_MEMORY_ERROR; + } + + q->size = siz; + _gnutls_mpi_print(q->data, &siz, rsa_params[4]); + + /* U */ + siz = 0; + _gnutls_mpi_print(NULL, &siz, rsa_params[5]); + + u->data = gnutls_malloc(siz); + if (u->data == NULL) { + FREE_ALL_MPIS; + _gnutls_free_datum( m); + _gnutls_free_datum( e); + _gnutls_free_datum( d); + _gnutls_free_datum( p); + _gnutls_free_datum( q); + return GNUTLS_E_MEMORY_ERROR; + } + + u->size = siz; + _gnutls_mpi_print(u->data, &siz, rsa_params[5]); + + FREE_ALL_MPIS; + +#ifdef DEBUG + { + opaque buffer[512]; + + _gnutls_log("rsa_params_generate: Generated %d bits modulus %s, exponent %s.\n", + bits, _gnutls_bin2hex(m->data, m->size, buffer, sizeof(buffer)), + _gnutls_bin2hex( e->data, e->size, buffer, sizeof(buffer))); + } +#endif + + return 0; + +} diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index c954706aef..a515e03318 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -165,7 +165,6 @@ int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params) /* Read p */ -#warning CHECK IT if ( (result=_gnutls_x509_read_int( spk, "", str, sizeof(str)-1, ¶ms[3])) < 0) { gnutls_assert(); asn1_delete_structure(&spk); |