diff options
author | Christian Grothoff <christian@grothoff.org> | 2008-11-16 06:50:40 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2008-11-16 06:50:40 +0000 |
commit | 5acebb923438051ccfa4841341ef4fa882e4d480 (patch) | |
tree | ff9330ad341e1af4749485a151d9c6735bba57cb | |
parent | 31ca44a13c054e7b691d8757a79caffb22b31511 (diff) | |
download | libmicrohttpd-5acebb923438051ccfa4841341ef4fa882e4d480.tar.gz libmicrohttpd-5acebb923438051ccfa4841341ef4fa882e4d480.zip |
more DCE
-rw-r--r-- | README | 13 | ||||
-rw-r--r-- | src/daemon/Makefile.am | 49 | ||||
-rw-r--r-- | src/daemon/https/lgl/Makefile.am | 33 | ||||
-rw-r--r-- | src/daemon/https/lgl/des.c | 559 | ||||
-rw-r--r-- | src/daemon/https/lgl/des.h | 113 | ||||
-rw-r--r-- | src/daemon/https/lgl/gc-gnulib.c | 779 | ||||
-rw-r--r-- | src/daemon/https/lgl/gc-libgcrypt.c | 157 | ||||
-rw-r--r-- | src/daemon/https/lgl/memxor.c | 2 | ||||
-rw-r--r-- | src/daemon/https/lgl/memxor.h | 2 | ||||
-rw-r--r-- | src/daemon/https/minitasn1/Makefile.am | 7 | ||||
-rw-r--r-- | src/daemon/https/tls/Makefile.am | 17 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_dh_common.c | 275 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_dh_common.h | 9 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_dhe.c | 277 | ||||
-rw-r--r-- | src/daemon/https/x509/Makefile.am | 35 | ||||
-rw-r--r-- | src/examples/Makefile.am | 4 |
16 files changed, 81 insertions, 2250 deletions
@@ -79,6 +79,9 @@ Missing features: | |||
79 | instead of linking against it | 79 | instead of linking against it |
80 | - Make sure SSL works on non-GNU/Linux platforms | 80 | - Make sure SSL works on non-GNU/Linux platforms |
81 | 81 | ||
82 | - MHD_tls_connection_close is not called in any testcase!??? | ||
83 | (is it used properly in the code!?) | ||
84 | |||
82 | 85 | ||
83 | Untested features: | 86 | Untested features: |
84 | ================== | 87 | ================== |
@@ -94,6 +97,16 @@ Untested features: | |||
94 | - more testing for SSL support | 97 | - more testing for SSL support |
95 | 98 | ||
96 | 99 | ||
100 | Functions not covered by "make check": | ||
101 | ====================================== | ||
102 | - MHD_get_connection_values is not called in any testcase | ||
103 | - MHD_set_connection_value is not called in any testcase | ||
104 | - parse_cookie_header is not tested by any testcase | ||
105 | - parse_arguments is not tested by any testcase | ||
106 | - MHD_del_response_header is not called by any testcase | ||
107 | - MHD_get_response_headers is not called by any testcase | ||
108 | |||
109 | |||
97 | Missing documentation: | 110 | Missing documentation: |
98 | ====================== | 111 | ====================== |
99 | 112 | ||
diff --git a/src/daemon/Makefile.am b/src/daemon/Makefile.am index c52e2610..f3aea3db 100644 --- a/src/daemon/Makefile.am +++ b/src/daemon/Makefile.am | |||
@@ -1,19 +1,11 @@ | |||
1 | # including '.' mixes up build order when HTTPS is enabled. | ||
2 | SUBDIRS = | ||
3 | |||
4 | if USE_COVERAGE | ||
5 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | ||
6 | endif | ||
7 | |||
8 | AM_CPPFLAGS = \ | 1 | AM_CPPFLAGS = \ |
9 | -I$(top_srcdir)/src/include \ | 2 | -I$(top_srcdir)/src/include \ |
10 | -I$(top_srcdir)/src/daemon \ | 3 | -I$(top_srcdir)/src/daemon \ |
11 | -I$(top_srcdir)/src/daemon/https/lgl \ | 4 | -I$(top_srcdir)/src/daemon/https/lgl \ |
12 | -I$(top_srcdir)/src/daemon/https/x509 \ | 5 | -I$(top_srcdir)/src/daemon/https/x509 \ |
13 | -I$(top_srcdir)/src/daemon/https/minitasn1 \ | 6 | -I$(top_srcdir)/src/daemon/https/minitasn1 \ |
14 | -I$(top_srcdir)/src/daemon/https/tls \ | 7 | -I$(top_srcdir)/src/daemon/https/tls \ |
15 | -I$(top_srcdir)/src/daemon/https \ | 8 | -I$(top_srcdir)/src/daemon/https |
16 | -I$(GCRYPT_CPPFLAGS) | ||
17 | 9 | ||
18 | if HAVE_GNU_LD | 10 | if HAVE_GNU_LD |
19 | # If you want to debug with gdb, comment out this line: | 11 | # If you want to debug with gdb, comment out this line: |
@@ -26,20 +18,26 @@ lib_LTLIBRARIES = \ | |||
26 | libmicrohttpd.la | 18 | libmicrohttpd.la |
27 | 19 | ||
28 | libmicrohttpd_la_SOURCES = \ | 20 | libmicrohttpd_la_SOURCES = \ |
29 | connection.c connection.h \ | 21 | connection.c connection.h \ |
30 | reason_phrase.c reason_phrase.h \ | 22 | reason_phrase.c reason_phrase.h \ |
31 | daemon.c \ | 23 | daemon.c \ |
32 | internal.c internal.h \ | 24 | internal.c internal.h \ |
33 | memorypool.c memorypool.h \ | 25 | memorypool.c memorypool.h \ |
34 | postprocessor.c \ | 26 | postprocessor.c \ |
35 | response.c response.h | 27 | response.c response.h |
36 | libmicrohttpd_la_LDFLAGS = \ | 28 | libmicrohttpd_la_LDFLAGS = \ |
37 | -export-dynamic -version-info 4:3:0 $(retaincommand) | 29 | -version-info 4:3:0 \ |
30 | -export-dynamic $(retaincommand) | ||
31 | |||
32 | if USE_COVERAGE | ||
33 | AM_CFLAGS = --coverage | ||
34 | endif | ||
38 | 35 | ||
39 | 36 | ||
40 | if ENABLE_HTTPS | 37 | if ENABLE_HTTPS |
41 | SUBDIRS += https . | 38 | SUBDIRS = https . |
42 | libmicrohttpd_la_SOURCES += connection_https.c connection_https.h | 39 | libmicrohttpd_la_SOURCES += \ |
40 | connection_https.c connection_https.h | ||
43 | libmicrohttpd_la_LIBADD = \ | 41 | libmicrohttpd_la_LIBADD = \ |
44 | https/lgl/liblgl.la \ | 42 | https/lgl/liblgl.la \ |
45 | https/x509/libx509.la \ | 43 | https/x509/libx509.la \ |
@@ -47,7 +45,6 @@ libmicrohttpd_la_LIBADD = \ | |||
47 | https/minitasn1/libasn1.la | 45 | https/minitasn1/libasn1.la |
48 | endif | 46 | endif |
49 | 47 | ||
50 | |||
51 | check_PROGRAMS = \ | 48 | check_PROGRAMS = \ |
52 | postprocessor_test \ | 49 | postprocessor_test \ |
53 | postprocessor_large_test \ | 50 | postprocessor_large_test \ |
diff --git a/src/daemon/https/lgl/Makefile.am b/src/daemon/https/lgl/Makefile.am index 2caab931..bf0faf11 100644 --- a/src/daemon/https/lgl/Makefile.am +++ b/src/daemon/https/lgl/Makefile.am | |||
@@ -1,10 +1,5 @@ | |||
1 | SUBDIRS = . | 1 | AM_CPPFLAGS = \ |
2 | 2 | -I$(top_srcdir)/src/include | |
3 | AM_CPPFLAGS = -std=c99 \ | ||
4 | -I$(top_srcdir)/src/include \ | ||
5 | -I$(GCRYPT_CPPFLAGS) | ||
6 | |||
7 | # gc-gnulib.c | ||
8 | 3 | ||
9 | if USE_COVERAGE | 4 | if USE_COVERAGE |
10 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | 5 | AM_CFLAGS = -fprofile-arcs -ftest-coverage |
@@ -13,18 +8,16 @@ endif | |||
13 | noinst_LTLIBRARIES = liblgl.la | 8 | noinst_LTLIBRARIES = liblgl.la |
14 | 9 | ||
15 | liblgl_la_LDFLAGS = -lgcrypt | 10 | liblgl_la_LDFLAGS = -lgcrypt |
16 | # liblgl_la_LIBADD = ./gc-libgcrypt.lo | ||
17 | |||
18 | liblgl_la_SOURCES = \ | 11 | liblgl_la_SOURCES = \ |
19 | sha1.c sha1.h \ | 12 | sha1.c sha1.h \ |
20 | gc-libgcrypt.c \ | 13 | gc-libgcrypt.c \ |
21 | rijndael-api-fst.c rijndael-api-fst.h \ | 14 | rijndael-api-fst.c rijndael-api-fst.h \ |
22 | gc-pbkdf2-sha1.c gc.h \ | 15 | gc-pbkdf2-sha1.c gc.h \ |
23 | rijndael-alg-fst.c rijndael-alg-fst.h \ | 16 | rijndael-alg-fst.c rijndael-alg-fst.h \ |
24 | hmac-md5.c hmac.h \ | 17 | hmac-md5.c hmac.h \ |
25 | hmac-sha1.c \ | 18 | hmac-sha1.c \ |
26 | memxor.c memxor.h\ | 19 | memxor.c memxor.h\ |
27 | strverscmp.c strverscmp.h \ | 20 | strverscmp.c strverscmp.h \ |
28 | md5.c md5.h \ | 21 | md5.c md5.h |
29 | des.c des.h | 22 | |
30 | 23 | ||
diff --git a/src/daemon/https/lgl/des.c b/src/daemon/https/lgl/des.c deleted file mode 100644 index ecb09e41..00000000 --- a/src/daemon/https/lgl/des.c +++ /dev/null | |||
@@ -1,559 +0,0 @@ | |||
1 | /* des.c --- DES and Triple-DES encryption/decryption Algorithm | ||
2 | * Copyright (C) 1998, 1999, 2001, 2002, 2003, 2004, 2005, 2006, 2007 | ||
3 | * Free Software Foundation, Inc. | ||
4 | * | ||
5 | * This file is free software; you can redistribute it and/or modify | ||
6 | * it under the terms of the GNU Lesser General Public License as published | ||
7 | * by the Free Software Foundation; either version 2.1, or (at your | ||
8 | * option) any later version. | ||
9 | * | ||
10 | * This file is distributed in the hope that it will be useful, but | ||
11 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
13 | * General Public License for more details. | ||
14 | * | ||
15 | * You should have received a copy of the GNU Lesser General Public License | ||
16 | * along with this file; if not, write to the Free Software | ||
17 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
18 | * 02110-1301, USA. | ||
19 | * | ||
20 | */ | ||
21 | |||
22 | /* Adapted for gnulib by Simon Josefsson, based on Libgcrypt. */ | ||
23 | |||
24 | /* | ||
25 | * For a description of triple encryption, see: | ||
26 | * Bruce Schneier: Applied Cryptography. Second Edition. | ||
27 | * John Wiley & Sons, 1996. ISBN 0-471-12845-7. Pages 358 ff. | ||
28 | * This implementation is according to the definition of DES in FIPS | ||
29 | * PUB 46-2 from December 1993. | ||
30 | * | ||
31 | * Written by Michael Roth <mroth@nessie.de>, September 1998 | ||
32 | */ | ||
33 | |||
34 | /* | ||
35 | * U S A G E | ||
36 | * =========== | ||
37 | * | ||
38 | * For DES or Triple-DES encryption/decryption you must initialize a proper | ||
39 | * encryption context with a key. | ||
40 | * | ||
41 | * A DES key is 64bit wide but only 56bits of the key are used. The remaining | ||
42 | * bits are parity bits and they will _not_ checked in this implementation, but | ||
43 | * simply ignored. | ||
44 | * | ||
45 | * For Triple-DES you could use either two 64bit keys or three 64bit keys. | ||
46 | * The parity bits will _not_ checked, too. | ||
47 | * | ||
48 | * After initializing a context with a key you could use this context to | ||
49 | * encrypt or decrypt data in 64bit blocks in Electronic Codebook Mode. | ||
50 | * | ||
51 | * DES Example | ||
52 | * ----------- | ||
53 | * unsigned char key[8]; | ||
54 | * unsigned char plaintext[8]; | ||
55 | * unsigned char ciphertext[8]; | ||
56 | * unsigned char recoverd[8]; | ||
57 | * MHD_gl_des_ctx context; | ||
58 | * | ||
59 | * // Fill 'key' and 'plaintext' with some data | ||
60 | * .... | ||
61 | * | ||
62 | * // Set up the DES encryption context | ||
63 | * MHD_gl_des_setkey(&context, key); | ||
64 | * | ||
65 | * // Encrypt the plaintext | ||
66 | * des_ecb_encrypt(&context, plaintext, ciphertext); | ||
67 | * | ||
68 | * // To recover the orginal plaintext from ciphertext use: | ||
69 | * des_ecb_decrypt(&context, ciphertext, recoverd); | ||
70 | * | ||
71 | * | ||
72 | * Triple-DES Example | ||
73 | * ------------------ | ||
74 | * unsigned char key1[8]; | ||
75 | * unsigned char key2[8]; | ||
76 | * unsigned char key3[8]; | ||
77 | * unsigned char plaintext[8]; | ||
78 | * unsigned char ciphertext[8]; | ||
79 | * unsigned char recoverd[8]; | ||
80 | * MHD_gl_3des_ctx context; | ||
81 | * | ||
82 | * // Encrypting plaintext with Triple-DES | ||
83 | * MHD_gl_3des_ecb_encrypt(&context, plaintext, ciphertext); | ||
84 | * | ||
85 | * // Decrypting ciphertext to recover the plaintext with Triple-DES | ||
86 | * MHD_gl_3des_ecb_decrypt(&context, ciphertext, recoverd); | ||
87 | */ | ||
88 | |||
89 | |||
90 | #include "MHD_config.h" | ||
91 | |||
92 | #include "des.h" | ||
93 | |||
94 | #include <stdio.h> | ||
95 | #include <string.h> /* memcpy, memcmp */ | ||
96 | |||
97 | /* | ||
98 | * The s-box values are permuted according to the 'primitive function P' | ||
99 | * and are rotated one bit to the left. | ||
100 | */ | ||
101 | static const uint32_t sbox1[64] = { | ||
102 | 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, | ||
103 | 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, | ||
104 | 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400, | ||
105 | 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, | ||
106 | 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, | ||
107 | 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000, | ||
108 | 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000, | ||
109 | 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, | ||
110 | 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, | ||
111 | 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000, | ||
112 | 0x00010004, 0x00010400, 0x00000000, 0x01010004 | ||
113 | }; | ||
114 | |||
115 | static const uint32_t sbox2[64] = { | ||
116 | 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, | ||
117 | 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, | ||
118 | 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020, | ||
119 | 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, | ||
120 | 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, | ||
121 | 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000, | ||
122 | 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000, | ||
123 | 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, | ||
124 | 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, | ||
125 | 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020, | ||
126 | 0x80000000, 0x80100020, 0x80108020, 0x00108000 | ||
127 | }; | ||
128 | |||
129 | static const uint32_t sbox3[64] = { | ||
130 | 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, | ||
131 | 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, | ||
132 | 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008, | ||
133 | 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, | ||
134 | 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, | ||
135 | 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208, | ||
136 | 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008, | ||
137 | 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, | ||
138 | 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, | ||
139 | 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000, | ||
140 | 0x00020208, 0x00000008, 0x08020008, 0x00020200 | ||
141 | }; | ||
142 | |||
143 | static const uint32_t sbox4[64] = { | ||
144 | 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, | ||
145 | 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, | ||
146 | 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000, | ||
147 | 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, | ||
148 | 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, | ||
149 | 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081, | ||
150 | 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080, | ||
151 | 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, | ||
152 | 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, | ||
153 | 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001, | ||
154 | 0x00000080, 0x00800000, 0x00002000, 0x00802080 | ||
155 | }; | ||
156 | |||
157 | static const uint32_t sbox5[64] = { | ||
158 | 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, | ||
159 | 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, | ||
160 | 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000, | ||
161 | 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, | ||
162 | 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, | ||
163 | 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000, | ||
164 | 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000, | ||
165 | 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, | ||
166 | 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, | ||
167 | 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000, | ||
168 | 0x00000000, 0x40080000, 0x02080100, 0x40000100 | ||
169 | }; | ||
170 | |||
171 | static const uint32_t sbox6[64] = { | ||
172 | 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, | ||
173 | 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, | ||
174 | 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010, | ||
175 | 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, | ||
176 | 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, | ||
177 | 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000, | ||
178 | 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000, | ||
179 | 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, | ||
180 | 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, | ||
181 | 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000, | ||
182 | 0x20404000, 0x20000000, 0x00400010, 0x20004010 | ||
183 | }; | ||
184 | |||
185 | static const uint32_t sbox7[64] = { | ||
186 | 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, | ||
187 | 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, | ||
188 | 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802, | ||
189 | 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, | ||
190 | 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, | ||
191 | 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802, | ||
192 | 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000, | ||
193 | 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, | ||
194 | 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, | ||
195 | 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800, | ||
196 | 0x04000002, 0x04000800, 0x00000800, 0x00200002 | ||
197 | }; | ||
198 | |||
199 | static const uint32_t sbox8[64] = { | ||
200 | 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, | ||
201 | 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, | ||
202 | 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040, | ||
203 | 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, | ||
204 | 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, | ||
205 | 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000, | ||
206 | 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040, | ||
207 | 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, | ||
208 | 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, | ||
209 | 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040, | ||
210 | 0x00001040, 0x00040040, 0x10000000, 0x10041000 | ||
211 | }; | ||
212 | |||
213 | /* | ||
214 | * These two tables are part of the 'permuted choice 1' function. | ||
215 | * In this implementation several speed improvements are done. | ||
216 | */ | ||
217 | static const uint32_t leftkey_swap[16] = { | ||
218 | 0x00000000, 0x00000001, 0x00000100, 0x00000101, | ||
219 | 0x00010000, 0x00010001, 0x00010100, 0x00010101, | ||
220 | 0x01000000, 0x01000001, 0x01000100, 0x01000101, | ||
221 | 0x01010000, 0x01010001, 0x01010100, 0x01010101 | ||
222 | }; | ||
223 | |||
224 | static const uint32_t rightkey_swap[16] = { | ||
225 | 0x00000000, 0x01000000, 0x00010000, 0x01010000, | ||
226 | 0x00000100, 0x01000100, 0x00010100, 0x01010100, | ||
227 | 0x00000001, 0x01000001, 0x00010001, 0x01010001, | ||
228 | 0x00000101, 0x01000101, 0x00010101, 0x01010101, | ||
229 | }; | ||
230 | |||
231 | /* | ||
232 | * Numbers of left shifts per round for encryption subkeys. To | ||
233 | * calculate the decryption subkeys we just reverse the ordering of | ||
234 | * the calculated encryption subkeys, so there is no need for a | ||
235 | * decryption rotate tab. | ||
236 | */ | ||
237 | static const unsigned char encrypt_rotate_tab[16] = { | ||
238 | 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 | ||
239 | }; | ||
240 | |||
241 | /* | ||
242 | * Table with weak DES keys sorted in ascending order. In DES there | ||
243 | * are 64 known keys which are weak. They are weak because they | ||
244 | * produce only one, two or four different subkeys in the subkey | ||
245 | * scheduling process. The keys in this table have all their parity | ||
246 | * bits cleared. | ||
247 | */ | ||
248 | static const unsigned char weak_keys[64][8] = { | ||
249 | {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /*w */ | ||
250 | {0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e}, | ||
251 | {0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0}, | ||
252 | {0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe}, | ||
253 | {0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e}, /*sw */ | ||
254 | {0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00}, | ||
255 | {0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe}, | ||
256 | {0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0}, | ||
257 | {0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0}, /*sw */ | ||
258 | {0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe}, | ||
259 | {0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00}, | ||
260 | {0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e}, | ||
261 | {0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe}, /*sw */ | ||
262 | {0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0}, | ||
263 | {0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e}, | ||
264 | {0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00}, | ||
265 | {0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e}, | ||
266 | {0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00}, /*sw */ | ||
267 | {0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe}, | ||
268 | {0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0}, | ||
269 | {0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00}, | ||
270 | {0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e}, /*w */ | ||
271 | {0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0}, | ||
272 | {0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe}, | ||
273 | {0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe}, | ||
274 | {0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0}, /*sw */ | ||
275 | {0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e}, | ||
276 | {0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00}, | ||
277 | {0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0}, | ||
278 | {0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe}, /*sw */ | ||
279 | {0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00}, | ||
280 | {0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e}, | ||
281 | {0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0}, | ||
282 | {0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe}, | ||
283 | {0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00}, /*sw */ | ||
284 | {0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e}, | ||
285 | {0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe}, | ||
286 | {0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0}, | ||
287 | {0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e}, /*sw */ | ||
288 | {0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00}, | ||
289 | {0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00}, | ||
290 | {0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e}, | ||
291 | {0xe0, 0xe0, 0xe0, 0xe0, 0xf0, 0xf0, 0xf0, 0xf0}, /*w */ | ||
292 | {0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe}, | ||
293 | {0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e}, | ||
294 | {0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00}, | ||
295 | {0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe}, /*sw */ | ||
296 | {0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0}, | ||
297 | {0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe}, | ||
298 | {0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0}, | ||
299 | {0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e}, | ||
300 | {0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00}, /*sw */ | ||
301 | {0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0}, | ||
302 | {0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe}, | ||
303 | {0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00}, | ||
304 | {0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e}, /*sw */ | ||
305 | {0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e}, | ||
306 | {0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00}, | ||
307 | {0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe}, | ||
308 | {0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0}, /*sw */ | ||
309 | {0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00}, | ||
310 | {0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e}, | ||
311 | {0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0}, | ||
312 | {0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe} /*w */ | ||
313 | }; | ||
314 | |||
315 | /* | ||
316 | * Macro to swap bits across two words. | ||
317 | */ | ||
318 | #define DO_PERMUTATION(a, temp, b, offset, mask) \ | ||
319 | temp = ((a>>offset) ^ b) & mask; \ | ||
320 | b ^= temp; \ | ||
321 | a ^= temp<<offset; | ||
322 | |||
323 | |||
324 | /* | ||
325 | * This performs the 'initial permutation' of the data to be encrypted | ||
326 | * or decrypted. Additionally the resulting two words are rotated one bit | ||
327 | * to the left. | ||
328 | */ | ||
329 | #define INITIAL_PERMUTATION(left, temp, right) \ | ||
330 | DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) \ | ||
331 | DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \ | ||
332 | DO_PERMUTATION(right, temp, left, 2, 0x33333333) \ | ||
333 | DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \ | ||
334 | right = (right << 1) | (right >> 31); \ | ||
335 | temp = (left ^ right) & 0xaaaaaaaa; \ | ||
336 | right ^= temp; \ | ||
337 | left ^= temp; \ | ||
338 | left = (left << 1) | (left >> 31); | ||
339 | |||
340 | /* | ||
341 | * The 'inverse initial permutation'. | ||
342 | */ | ||
343 | #define FINAL_PERMUTATION(left, temp, right) \ | ||
344 | left = (left << 31) | (left >> 1); \ | ||
345 | temp = (left ^ right) & 0xaaaaaaaa; \ | ||
346 | left ^= temp; \ | ||
347 | right ^= temp; \ | ||
348 | right = (right << 31) | (right >> 1); \ | ||
349 | DO_PERMUTATION(right, temp, left, 8, 0x00ff00ff) \ | ||
350 | DO_PERMUTATION(right, temp, left, 2, 0x33333333) \ | ||
351 | DO_PERMUTATION(left, temp, right, 16, 0x0000ffff) \ | ||
352 | DO_PERMUTATION(left, temp, right, 4, 0x0f0f0f0f) | ||
353 | |||
354 | |||
355 | /* | ||
356 | * A full DES round including 'expansion function', 'sbox substitution' | ||
357 | * and 'primitive function P' but without swapping the left and right word. | ||
358 | * Please note: The data in 'from' and 'to' is already rotated one bit to | ||
359 | * the left, done in the initial permutation. | ||
360 | */ | ||
361 | #define DES_ROUND(from, to, work, subkey) \ | ||
362 | work = from ^ *subkey++; \ | ||
363 | to ^= sbox8[ work & 0x3f ]; \ | ||
364 | to ^= sbox6[ (work>>8) & 0x3f ]; \ | ||
365 | to ^= sbox4[ (work>>16) & 0x3f ]; \ | ||
366 | to ^= sbox2[ (work>>24) & 0x3f ]; \ | ||
367 | work = ((from << 28) | (from >> 4)) ^ *subkey++; \ | ||
368 | to ^= sbox7[ work & 0x3f ]; \ | ||
369 | to ^= sbox5[ (work>>8) & 0x3f ]; \ | ||
370 | to ^= sbox3[ (work>>16) & 0x3f ]; \ | ||
371 | to ^= sbox1[ (work>>24) & 0x3f ]; | ||
372 | |||
373 | /* | ||
374 | * Macros to convert 8 bytes from/to 32bit words. | ||
375 | */ | ||
376 | #define READ_64BIT_DATA(data, left, right) \ | ||
377 | left = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]; \ | ||
378 | right = (data[4] << 24) | (data[5] << 16) | (data[6] << 8) | data[7]; | ||
379 | |||
380 | #define WRITE_64BIT_DATA(data, left, right) \ | ||
381 | data[0] = (left >> 24) &0xff; data[1] = (left >> 16) &0xff; \ | ||
382 | data[2] = (left >> 8) &0xff; data[3] = left &0xff; \ | ||
383 | data[4] = (right >> 24) &0xff; data[5] = (right >> 16) &0xff; \ | ||
384 | data[6] = (right >> 8) &0xff; data[7] = right &0xff; | ||
385 | |||
386 | /* | ||
387 | * des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for | ||
388 | * 16 encryption rounds. | ||
389 | * To calculate subkeys for decryption the caller | ||
390 | * have to reorder the generated subkeys. | ||
391 | * | ||
392 | * rawkey: 8 Bytes of key data | ||
393 | * subkey: Array of at least 32 uint32_ts. Will be filled | ||
394 | * with calculated subkeys. | ||
395 | * | ||
396 | */ | ||
397 | static void | ||
398 | des_key_schedule (const char *_rawkey, uint32_t * subkey) | ||
399 | { | ||
400 | const unsigned char *rawkey = (const unsigned char *) _rawkey; | ||
401 | uint32_t left, right, work; | ||
402 | int round; | ||
403 | |||
404 | READ_64BIT_DATA (rawkey, left, right) | ||
405 | DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f) | ||
406 | DO_PERMUTATION (right, work, left, 0, 0x10101010) | ||
407 | left = ((leftkey_swap[(left >> 0) & 0xf] << 3) | ||
408 | | (leftkey_swap[(left >> 8) & 0xf] << 2) | ||
409 | | (leftkey_swap[(left >> 16) & 0xf] << 1) | ||
410 | | (leftkey_swap[(left >> 24) & 0xf]) | ||
411 | | (leftkey_swap[(left >> 5) & 0xf] << 7) | ||
412 | | (leftkey_swap[(left >> 13) & 0xf] << 6) | ||
413 | | (leftkey_swap[(left >> 21) & 0xf] << 5) | ||
414 | | (leftkey_swap[(left >> 29) & 0xf] << 4)); | ||
415 | |||
416 | left &= 0x0fffffff; | ||
417 | |||
418 | right = ((rightkey_swap[(right >> 1) & 0xf] << 3) | ||
419 | | (rightkey_swap[(right >> 9) & 0xf] << 2) | ||
420 | | (rightkey_swap[(right >> 17) & 0xf] << 1) | ||
421 | | (rightkey_swap[(right >> 25) & 0xf]) | ||
422 | | (rightkey_swap[(right >> 4) & 0xf] << 7) | ||
423 | | (rightkey_swap[(right >> 12) & 0xf] << 6) | ||
424 | | (rightkey_swap[(right >> 20) & 0xf] << 5) | ||
425 | | (rightkey_swap[(right >> 28) & 0xf] << 4)); | ||
426 | |||
427 | right &= 0x0fffffff; | ||
428 | |||
429 | for (round = 0; round < 16; ++round) | ||
430 | { | ||
431 | left = ((left << encrypt_rotate_tab[round]) | ||
432 | | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff; | ||
433 | right = ((right << encrypt_rotate_tab[round]) | ||
434 | | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff; | ||
435 | |||
436 | *subkey++ = (((left << 4) & 0x24000000) | ||
437 | | ((left << 28) & 0x10000000) | ||
438 | | ((left << 14) & 0x08000000) | ||
439 | | ((left << 18) & 0x02080000) | ||
440 | | ((left << 6) & 0x01000000) | ||
441 | | ((left << 9) & 0x00200000) | ||
442 | | ((left >> 1) & 0x00100000) | ||
443 | | ((left << 10) & 0x00040000) | ||
444 | | ((left << 2) & 0x00020000) | ||
445 | | ((left >> 10) & 0x00010000) | ||
446 | | ((right >> 13) & 0x00002000) | ||
447 | | ((right >> 4) & 0x00001000) | ||
448 | | ((right << 6) & 0x00000800) | ||
449 | | ((right >> 1) & 0x00000400) | ||
450 | | ((right >> 14) & 0x00000200) | ||
451 | | (right & 0x00000100) | ||
452 | | ((right >> 5) & 0x00000020) | ||
453 | | ((right >> 10) & 0x00000010) | ||
454 | | ((right >> 3) & 0x00000008) | ||
455 | | ((right >> 18) & 0x00000004) | ||
456 | | ((right >> 26) & 0x00000002) | ||
457 | | ((right >> 24) & 0x00000001)); | ||
458 | |||
459 | *subkey++ = (((left << 15) & 0x20000000) | ||
460 | | ((left << 17) & 0x10000000) | ||
461 | | ((left << 10) & 0x08000000) | ||
462 | | ((left << 22) & 0x04000000) | ||
463 | | ((left >> 2) & 0x02000000) | ||
464 | | ((left << 1) & 0x01000000) | ||
465 | | ((left << 16) & 0x00200000) | ||
466 | | ((left << 11) & 0x00100000) | ||
467 | | ((left << 3) & 0x00080000) | ||
468 | | ((left >> 6) & 0x00040000) | ||
469 | | ((left << 15) & 0x00020000) | ||
470 | | ((left >> 4) & 0x00010000) | ||
471 | | ((right >> 2) & 0x00002000) | ||
472 | | ((right << 8) & 0x00001000) | ||
473 | | ((right >> 14) & 0x00000808) | ||
474 | | ((right >> 9) & 0x00000400) | ||
475 | | ((right) & 0x00000200) | ||
476 | | ((right << 7) & 0x00000100) | ||
477 | | ((right >> 7) & 0x00000020) | ||
478 | | ((right >> 3) & 0x00000011) | ||
479 | | ((right << 2) & 0x00000004) | ||
480 | | ((right >> 21) & 0x00000002)); | ||
481 | } | ||
482 | } | ||
483 | |||
484 | void | ||
485 | MHD_gl_des_setkey (MHD_gl_des_ctx * ctx, const char *key) | ||
486 | { | ||
487 | int i; | ||
488 | |||
489 | des_key_schedule (key, ctx->encrypt_subkeys); | ||
490 | |||
491 | for (i = 0; i < 32; i += 2) | ||
492 | { | ||
493 | ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30 - i]; | ||
494 | ctx->decrypt_subkeys[i + 1] = ctx->encrypt_subkeys[31 - i]; | ||
495 | } | ||
496 | } | ||
497 | |||
498 | void | ||
499 | MHD_gl_des_ecb_crypt (MHD_gl_des_ctx * ctx, const char *_from, char *_to, | ||
500 | int mode) | ||
501 | { | ||
502 | const unsigned char *from = (const unsigned char *) _from; | ||
503 | unsigned char *to = (unsigned char *) _to; | ||
504 | uint32_t left, right, work; | ||
505 | uint32_t *keys; | ||
506 | |||
507 | keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys; | ||
508 | |||
509 | READ_64BIT_DATA (from, left, right) | ||
510 | INITIAL_PERMUTATION (left, work, right) | ||
511 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
512 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
513 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
514 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
515 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
516 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
517 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
518 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
519 | FINAL_PERMUTATION (right, work, left) WRITE_64BIT_DATA (to, right, left)} | ||
520 | |||
521 | void | ||
522 | MHD_gl_3des_ecb_crypt (MHD_gl_3des_ctx * ctx, const char *_from, char *_to, | ||
523 | int mode) | ||
524 | { | ||
525 | const unsigned char *from = (const unsigned char *) _from; | ||
526 | unsigned char *to = (unsigned char *) _to; | ||
527 | uint32_t left, right, work; | ||
528 | uint32_t *keys; | ||
529 | |||
530 | keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys; | ||
531 | |||
532 | READ_64BIT_DATA (from, left, right) | ||
533 | INITIAL_PERMUTATION (left, work, right) | ||
534 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
535 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
536 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
537 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
538 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
539 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
540 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
541 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
542 | DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) | ||
543 | DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) | ||
544 | DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) | ||
545 | DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) | ||
546 | DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) | ||
547 | DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) | ||
548 | DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) | ||
549 | DES_ROUND (left, right, work, keys) DES_ROUND (right, left, work, keys) | ||
550 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
551 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
552 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
553 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
554 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
555 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
556 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
557 | DES_ROUND (right, left, work, keys) DES_ROUND (left, right, work, keys) | ||
558 | FINAL_PERMUTATION (right, work, left) WRITE_64BIT_DATA (to, right, left)} | ||
559 | |||
diff --git a/src/daemon/https/lgl/des.h b/src/daemon/https/lgl/des.h deleted file mode 100644 index d2ad058e..00000000 --- a/src/daemon/https/lgl/des.h +++ /dev/null | |||
@@ -1,113 +0,0 @@ | |||
1 | /* des.h --- DES cipher implementation. | ||
2 | * Copyright (C) 2005, 2007 Free Software Foundation, Inc. | ||
3 | * | ||
4 | * This file is free software; you can redistribute it and/or modify | ||
5 | * it under the terms of the GNU Lesser General Public License as published | ||
6 | * by the Free Software Foundation; either version 2.1, or (at your | ||
7 | * option) any later version. | ||
8 | * | ||
9 | * This file is distributed in the hope that it will be useful, but | ||
10 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
12 | * General Public License for more details. | ||
13 | * | ||
14 | * You should have received a copy of the GNU Lesser General Public License | ||
15 | * along with this file; if not, write to the Free Software | ||
16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
17 | * 02110-1301, USA. | ||
18 | * | ||
19 | */ | ||
20 | |||
21 | /* Adapted for gnulib by Simon Josefsson, based on Libgcrypt. */ | ||
22 | |||
23 | #ifndef DES_H | ||
24 | # define DES_H | ||
25 | |||
26 | #include <stddef.h> | ||
27 | #include <stdint.h> | ||
28 | #include <stdbool.h> | ||
29 | |||
30 | /* | ||
31 | * Encryption/Decryption context of DES | ||
32 | */ | ||
33 | typedef struct | ||
34 | { | ||
35 | uint32_t encrypt_subkeys[32]; | ||
36 | uint32_t decrypt_subkeys[32]; | ||
37 | } MHD_gl_des_ctx; | ||
38 | |||
39 | /* | ||
40 | * Encryption/Decryption context of Triple-DES | ||
41 | */ | ||
42 | typedef struct | ||
43 | { | ||
44 | uint32_t encrypt_subkeys[96]; | ||
45 | uint32_t decrypt_subkeys[96]; | ||
46 | } MHD_gl_3des_ctx; | ||
47 | |||
48 | /* Check whether the 8 byte key is weak. Does not check the parity | ||
49 | * bits of the key but simple ignore them. */ | ||
50 | extern bool MHD_gl_des_is_weak_key (const char *key); | ||
51 | |||
52 | /* | ||
53 | * DES | ||
54 | * --- | ||
55 | */ | ||
56 | |||
57 | /* Fill a DES context CTX with subkeys calculated from 64bit KEY. | ||
58 | * Does not check parity bits, but simply ignore them. Does not check | ||
59 | * for weak keys. */ | ||
60 | extern void MHD_gl_des_setkey (MHD_gl_des_ctx * ctx, const char *key); | ||
61 | |||
62 | /* Fill a DES context CTX with subkeys calculated from 64bit KEY, with | ||
63 | * weak key checking. Does not check parity bits, but simply ignore | ||
64 | * them. */ | ||
65 | extern bool MHD_gl_des_makekey (MHD_gl_des_ctx * ctx, const char *key, | ||
66 | size_t keylen); | ||
67 | |||
68 | /* Electronic Codebook Mode DES encryption/decryption of data | ||
69 | * according to 'mode'. */ | ||
70 | extern void | ||
71 | MHD_gl_des_ecb_crypt (MHD_gl_des_ctx * ctx, const char *from, char *to, | ||
72 | int mode); | ||
73 | |||
74 | #define MHD_gl_des_ecb_encrypt(ctx, from, to) MHD_gl_des_ecb_crypt(ctx, from, to, 0) | ||
75 | #define MHD_gl_des_ecb_decrypt(ctx, from, to) MHD_gl_des_ecb_crypt(ctx, from, to, 1) | ||
76 | |||
77 | /* Triple-DES | ||
78 | * ---------- | ||
79 | */ | ||
80 | |||
81 | /* Fill a Triple-DES context CTX with subkeys calculated from two | ||
82 | * 64bit keys in KEY1 and KEY2. Does not check the parity bits of the | ||
83 | * keys, but simply ignore them. Does not check for weak keys. */ | ||
84 | extern void | ||
85 | MHD_gl_3des_set2keys (MHD_gl_3des_ctx * ctx, const char *key1, | ||
86 | const char *key2); | ||
87 | |||
88 | /* | ||
89 | * Fill a Triple-DES context CTX with subkeys calculated from three | ||
90 | * 64bit keys in KEY1, KEY2 and KEY3. Does not check the parity bits | ||
91 | * of the keys, but simply ignore them. Does not check for weak | ||
92 | * keys. */ | ||
93 | extern void | ||
94 | MHD_gl_3des_set3keys (MHD_gl_3des_ctx * ctx, | ||
95 | const char *key1, const char *key2, const char *key3); | ||
96 | |||
97 | /* Fill a Triple-DES context CTX with subkeys calculated from three | ||
98 | * concatenated 64bit keys in KEY, with weak key checking. Does not | ||
99 | * check the parity bits of the keys, but simply ignore them. */ | ||
100 | extern bool | ||
101 | MHD_gl_3des_makekey (MHD_gl_3des_ctx * ctx, const char *key, size_t keylen); | ||
102 | |||
103 | /* Electronic Codebook Mode Triple-DES encryption/decryption of data | ||
104 | * according to 'mode'. Sometimes this mode is named 'EDE' mode | ||
105 | * (Encryption-Decryption-Encryption). */ | ||
106 | extern void | ||
107 | MHD_gl_3des_ecb_crypt (MHD_gl_3des_ctx * ctx, const char *from, char *to, | ||
108 | int mode); | ||
109 | |||
110 | #define MHD_gl_3des_ecb_encrypt(ctx, from, to) MHD_gl_3des_ecb_crypt(ctx,from,to,0) | ||
111 | #define MHD_gl_3des_ecb_decrypt(ctx, from, to) MHD_gl_3des_ecb_crypt(ctx,from,to,1) | ||
112 | |||
113 | #endif /* DES_H */ | ||
diff --git a/src/daemon/https/lgl/gc-gnulib.c b/src/daemon/https/lgl/gc-gnulib.c deleted file mode 100644 index d5478fa9..00000000 --- a/src/daemon/https/lgl/gc-gnulib.c +++ /dev/null | |||
@@ -1,779 +0,0 @@ | |||
1 | /* gc-gnulib.c --- Common gnulib internal crypto interface functions | ||
2 | * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007 Simon Josefsson | ||
3 | * | ||
4 | * This file is free software; you can redistribute it and/or modify | ||
5 | * it under the terms of the GNU Lesser General Public License as published | ||
6 | * by the Free Software Foundation; either version 2.1, or (at your | ||
7 | * option) any later version. | ||
8 | * | ||
9 | * This file is distributed in the hope that it will be useful, but | ||
10 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
11 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
12 | * General Public License for more details. | ||
13 | * | ||
14 | * You should have received a copy of the GNU Lesser General Public License | ||
15 | * along with this file; if not, write to the Free Software | ||
16 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||
17 | * 02110-1301, USA. | ||
18 | * | ||
19 | */ | ||
20 | |||
21 | /* Note: This file is only built if GC uses internal functions. */ | ||
22 | |||
23 | #include "MHD_config.h" | ||
24 | |||
25 | /* Get prototype. */ | ||
26 | #include "gc.h" | ||
27 | |||
28 | #include <stdlib.h> | ||
29 | #include <string.h> | ||
30 | |||
31 | /* For randomize. */ | ||
32 | #ifdef GNULIB_GC_RANDOM | ||
33 | # include <unistd.h> | ||
34 | # include <sys/types.h> | ||
35 | # include <sys/stat.h> | ||
36 | # include <fcntl.h> | ||
37 | # include <errno.h> | ||
38 | #endif | ||
39 | |||
40 | /* Hashes. */ | ||
41 | #ifdef GNULIB_GC_MD5 | ||
42 | # include "md5.h" | ||
43 | #endif | ||
44 | #ifdef GNULIB_GC_SHA1 | ||
45 | # include "sha1.h" | ||
46 | #endif | ||
47 | #if defined(GNULIB_GC_HMAC_MD5) || defined(GNULIB_GC_HMAC_SHA1) | ||
48 | # include "hmac.h" | ||
49 | #endif | ||
50 | |||
51 | /* Ciphers. */ | ||
52 | #ifdef GNULIB_GC_ARCFOUR | ||
53 | # include "arcfour.h" | ||
54 | #endif | ||
55 | #ifdef GNULIB_GC_ARCTWO | ||
56 | # include "arctwo.h" | ||
57 | #endif | ||
58 | #ifdef GNULIB_GC_DES | ||
59 | # include "des.h" | ||
60 | #endif | ||
61 | #ifdef GNULIB_GC_RIJNDAEL | ||
62 | # include "rijndael-api-fst.h" | ||
63 | #endif | ||
64 | |||
65 | /* The results of open() in this file are not used with fchdir, | ||
66 | therefore save some unnecessary work in fchdir.c. */ | ||
67 | #undef open | ||
68 | #undef close | ||
69 | |||
70 | Gc_rc | ||
71 | MHD_gc_init (void) | ||
72 | { | ||
73 | return GC_OK; | ||
74 | } | ||
75 | |||
76 | void | ||
77 | MHD_gc_done (void) | ||
78 | { | ||
79 | return; | ||
80 | } | ||
81 | |||
82 | #ifdef GNULIB_GC_RANDOM | ||
83 | |||
84 | /* Randomness. */ | ||
85 | |||
86 | static Gc_rc | ||
87 | randomize (int level, char *data, size_t datalen) | ||
88 | { | ||
89 | int fd; | ||
90 | const char *device; | ||
91 | size_t len = 0; | ||
92 | int rc; | ||
93 | |||
94 | switch (level) | ||
95 | { | ||
96 | case 0: | ||
97 | device = NAME_OF_NONCE_DEVICE; | ||
98 | break; | ||
99 | |||
100 | case 1: | ||
101 | device = NAME_OF_PSEUDO_RANDOM_DEVICE; | ||
102 | break; | ||
103 | |||
104 | default: | ||
105 | device = NAME_OF_RANDOM_DEVICE; | ||
106 | break; | ||
107 | } | ||
108 | |||
109 | if (strcmp (device, "no") == 0) | ||
110 | return GC_RANDOM_ERROR; | ||
111 | |||
112 | fd = open (device, O_RDONLY); | ||
113 | if (fd < 0) | ||
114 | return GC_RANDOM_ERROR; | ||
115 | |||
116 | do | ||
117 | { | ||
118 | ssize_t tmp; | ||
119 | |||
120 | tmp = read (fd, data, datalen); | ||
121 | |||
122 | if (tmp < 0) | ||
123 | { | ||
124 | int save_errno = errno; | ||
125 | close (fd); | ||
126 | errno = save_errno; | ||
127 | return GC_RANDOM_ERROR; | ||
128 | } | ||
129 | |||
130 | len += tmp; | ||
131 | } | ||
132 | while (len < datalen); | ||
133 | |||
134 | rc = close (fd); | ||
135 | if (rc < 0) | ||
136 | return GC_RANDOM_ERROR; | ||
137 | |||
138 | return GC_OK; | ||
139 | } | ||
140 | |||
141 | Gc_rc | ||
142 | MHD_gc_nonce (char *data, size_t datalen) | ||
143 | { | ||
144 | return randomize (0, data, datalen); | ||
145 | } | ||
146 | |||
147 | Gc_rc | ||
148 | MHD_gc_pseudo_random (char *data, size_t datalen) | ||
149 | { | ||
150 | return randomize (1, data, datalen); | ||
151 | } | ||
152 | |||
153 | #endif | ||
154 | /* Ciphers. */ | ||
155 | |||
156 | typedef struct _MHD_gc_cipher_ctx | ||
157 | { | ||
158 | Gc_cipher alg; | ||
159 | Gc_cipher_mode mode; | ||
160 | #ifdef GNULIB_GC_ARCTWO | ||
161 | arctwo_context arctwoContext; | ||
162 | char arctwoIV[ARCTWO_BLOCK_SIZE]; | ||
163 | #endif | ||
164 | #ifdef GNULIB_GC_ARCFOUR | ||
165 | arcfour_context arcfourContext; | ||
166 | #endif | ||
167 | #ifdef GNULIB_GC_DES | ||
168 | MHD_gl_des_ctx desContext; | ||
169 | #endif | ||
170 | #ifdef GNULIB_GC_RIJNDAEL | ||
171 | rijndaelKeyInstance aesEncKey; | ||
172 | rijndaelKeyInstance aesDecKey; | ||
173 | rijndaelCipherInstance aesContext; | ||
174 | #endif | ||
175 | } _MHD_gc_cipher_ctx; | ||
176 | |||
177 | Gc_rc | ||
178 | MHD_gc_cipher_open (Gc_cipher alg, | ||
179 | Gc_cipher_mode mode, MHD_gc_cipher_handle * outhandle) | ||
180 | { | ||
181 | _MHD_gc_cipher_ctx *ctx; | ||
182 | Gc_rc rc = GC_OK; | ||
183 | |||
184 | ctx = calloc (sizeof (*ctx), 1); | ||
185 | if (!ctx) | ||
186 | return GC_MALLOC_ERROR; | ||
187 | |||
188 | ctx->alg = alg; | ||
189 | ctx->mode = mode; | ||
190 | |||
191 | switch (alg) | ||
192 | { | ||
193 | #ifdef GNULIB_GC_ARCTWO | ||
194 | case GC_ARCTWO40: | ||
195 | switch (mode) | ||
196 | { | ||
197 | case GC_ECB: | ||
198 | case GC_CBC: | ||
199 | break; | ||
200 | |||
201 | default: | ||
202 | rc = GC_INVALID_CIPHER; | ||
203 | } | ||
204 | break; | ||
205 | #endif | ||
206 | |||
207 | #ifdef GNULIB_GC_ARCFOUR | ||
208 | case GC_ARCFOUR128: | ||
209 | case GC_ARCFOUR40: | ||
210 | switch (mode) | ||
211 | { | ||
212 | case GC_STREAM: | ||
213 | break; | ||
214 | |||
215 | default: | ||
216 | rc = GC_INVALID_CIPHER; | ||
217 | } | ||
218 | break; | ||
219 | #endif | ||
220 | |||
221 | #ifdef GNULIB_GC_DES | ||
222 | case GC_DES: | ||
223 | switch (mode) | ||
224 | { | ||
225 | case GC_ECB: | ||
226 | break; | ||
227 | |||
228 | default: | ||
229 | rc = GC_INVALID_CIPHER; | ||
230 | } | ||
231 | break; | ||
232 | #endif | ||
233 | |||
234 | #ifdef GNULIB_GC_RIJNDAEL | ||
235 | case GC_AES128: | ||
236 | case GC_AES192: | ||
237 | case GC_AES256: | ||
238 | switch (mode) | ||
239 | { | ||
240 | case GC_ECB: | ||
241 | case GC_CBC: | ||
242 | break; | ||
243 | |||
244 | default: | ||
245 | rc = GC_INVALID_CIPHER; | ||
246 | } | ||
247 | break; | ||
248 | #endif | ||
249 | |||
250 | default: | ||
251 | rc = GC_INVALID_CIPHER; | ||
252 | } | ||
253 | |||
254 | if (rc == GC_OK) | ||
255 | *outhandle = ctx; | ||
256 | else | ||
257 | free (ctx); | ||
258 | |||
259 | return rc; | ||
260 | } | ||
261 | |||
262 | Gc_rc | ||
263 | MHD_gc_cipher_setkey (MHD_gc_cipher_handle handle, size_t keylen, | ||
264 | const char *key) | ||
265 | { | ||
266 | _MHD_gc_cipher_ctx *ctx = handle; | ||
267 | |||
268 | switch (ctx->alg) | ||
269 | { | ||
270 | #ifdef GNULIB_GC_ARCTWO | ||
271 | case GC_ARCTWO40: | ||
272 | arctwo_setkey (&ctx->arctwoContext, keylen, key); | ||
273 | break; | ||
274 | #endif | ||
275 | |||
276 | #ifdef GNULIB_GC_ARCFOUR | ||
277 | case GC_ARCFOUR128: | ||
278 | case GC_ARCFOUR40: | ||
279 | arcfour_setkey (&ctx->arcfourContext, key, keylen); | ||
280 | break; | ||
281 | #endif | ||
282 | |||
283 | #ifdef GNULIB_GC_DES | ||
284 | case GC_DES: | ||
285 | if (keylen != 8) | ||
286 | return GC_INVALID_CIPHER; | ||
287 | MHD_gl_des_setkey (&ctx->desContext, key); | ||
288 | break; | ||
289 | #endif | ||
290 | |||
291 | #ifdef GNULIB_GC_RIJNDAEL | ||
292 | case GC_AES128: | ||
293 | case GC_AES192: | ||
294 | case GC_AES256: | ||
295 | { | ||
296 | rijndael_rc rc; | ||
297 | size_t i; | ||
298 | char keyMaterial[RIJNDAEL_MAX_KEY_SIZE + 1]; | ||
299 | |||
300 | for (i = 0; i < keylen; i++) | ||
301 | sprintf (&keyMaterial[2 * i], "%02x", key[i] & 0xFF); | ||
302 | |||
303 | rc = MHD_rijndaelMakeKey (&ctx->aesEncKey, RIJNDAEL_DIR_ENCRYPT, | ||
304 | keylen * 8, keyMaterial); | ||
305 | if (rc < 0) | ||
306 | return GC_INVALID_CIPHER; | ||
307 | |||
308 | rc = MHD_rijndaelMakeKey (&ctx->aesDecKey, RIJNDAEL_DIR_DECRYPT, | ||
309 | keylen * 8, keyMaterial); | ||
310 | if (rc < 0) | ||
311 | return GC_INVALID_CIPHER; | ||
312 | |||
313 | rc = | ||
314 | MHD_MHD_rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_ECB, | ||
315 | NULL); | ||
316 | if (rc < 0) | ||
317 | return GC_INVALID_CIPHER; | ||
318 | } | ||
319 | break; | ||
320 | #endif | ||
321 | |||
322 | default: | ||
323 | return GC_INVALID_CIPHER; | ||
324 | } | ||
325 | |||
326 | return GC_OK; | ||
327 | } | ||
328 | |||
329 | Gc_rc | ||
330 | MHD_gc_cipher_setiv (MHD_gc_cipher_handle handle, size_t ivlen, | ||
331 | const char *iv) | ||
332 | { | ||
333 | _MHD_gc_cipher_ctx *ctx = handle; | ||
334 | |||
335 | switch (ctx->alg) | ||
336 | { | ||
337 | #ifdef GNULIB_GC_ARCTWO | ||
338 | case GC_ARCTWO40: | ||
339 | if (ivlen != ARCTWO_BLOCK_SIZE) | ||
340 | return GC_INVALID_CIPHER; | ||
341 | memcpy (ctx->arctwoIV, iv, ivlen); | ||
342 | break; | ||
343 | #endif | ||
344 | |||
345 | #ifdef GNULIB_GC_RIJNDAEL | ||
346 | case GC_AES128: | ||
347 | case GC_AES192: | ||
348 | case GC_AES256: | ||
349 | switch (ctx->mode) | ||
350 | { | ||
351 | case GC_ECB: | ||
352 | /* Doesn't use IV. */ | ||
353 | break; | ||
354 | |||
355 | case GC_CBC: | ||
356 | { | ||
357 | rijndael_rc rc; | ||
358 | size_t i; | ||
359 | char ivMaterial[2 * RIJNDAEL_MAX_IV_SIZE + 1]; | ||
360 | |||
361 | for (i = 0; i < ivlen; i++) | ||
362 | sprintf (&ivMaterial[2 * i], "%02x", iv[i] & 0xFF); | ||
363 | |||
364 | rc = | ||
365 | MHD_MHD_rijndaelCipherInit (&ctx->aesContext, RIJNDAEL_MODE_CBC, | ||
366 | ivMaterial); | ||
367 | if (rc < 0) | ||
368 | return GC_INVALID_CIPHER; | ||
369 | } | ||
370 | break; | ||
371 | |||
372 | default: | ||
373 | return GC_INVALID_CIPHER; | ||
374 | } | ||
375 | break; | ||
376 | #endif | ||
377 | |||
378 | default: | ||
379 | return GC_INVALID_CIPHER; | ||
380 | } | ||
381 | |||
382 | return GC_OK; | ||
383 | } | ||
384 | |||
385 | Gc_rc | ||
386 | MHD_gc_cipher_encrypt_inline (MHD_gc_cipher_handle handle, size_t len, | ||
387 | char *data) | ||
388 | { | ||
389 | _MHD_gc_cipher_ctx *ctx = handle; | ||
390 | |||
391 | switch (ctx->alg) | ||
392 | { | ||
393 | #ifdef GNULIB_GC_ARCTWO | ||
394 | case GC_ARCTWO40: | ||
395 | switch (ctx->mode) | ||
396 | { | ||
397 | case GC_ECB: | ||
398 | arctwo_encrypt (&ctx->arctwoContext, data, data, len); | ||
399 | break; | ||
400 | |||
401 | case GC_CBC: | ||
402 | for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE, | ||
403 | data += ARCTWO_BLOCK_SIZE) | ||
404 | { | ||
405 | size_t i; | ||
406 | for (i = 0; i < ARCTWO_BLOCK_SIZE; i++) | ||
407 | data[i] ^= ctx->arctwoIV[i]; | ||
408 | arctwo_encrypt (&ctx->arctwoContext, data, data, | ||
409 | ARCTWO_BLOCK_SIZE); | ||
410 | memcpy (ctx->arctwoIV, data, ARCTWO_BLOCK_SIZE); | ||
411 | } | ||
412 | break; | ||
413 | |||
414 | default: | ||
415 | return GC_INVALID_CIPHER; | ||
416 | } | ||
417 | break; | ||
418 | #endif | ||
419 | |||
420 | #ifdef GNULIB_GC_ARCFOUR | ||
421 | case GC_ARCFOUR128: | ||
422 | case GC_ARCFOUR40: | ||
423 | arcfour_stream (&ctx->arcfourContext, data, data, len); | ||
424 | break; | ||
425 | #endif | ||
426 | |||
427 | #ifdef GNULIB_GC_DES | ||
428 | case GC_DES: | ||
429 | for (; len >= 8; len -= 8, data += 8) | ||
430 | MHD_gl_des_ecb_encrypt (&ctx->desContext, data, data); | ||
431 | break; | ||
432 | #endif | ||
433 | |||
434 | #ifdef GNULIB_GC_RIJNDAEL | ||
435 | case GC_AES128: | ||
436 | case GC_AES192: | ||
437 | case GC_AES256: | ||
438 | { | ||
439 | int nblocks; | ||
440 | |||
441 | nblocks = MHD_rijndaelBlockEncrypt (&ctx->aesContext, &ctx->aesEncKey, | ||
442 | data, 8 * len, data); | ||
443 | if (nblocks < 0) | ||
444 | return GC_INVALID_CIPHER; | ||
445 | } | ||
446 | break; | ||
447 | #endif | ||
448 | |||
449 | default: | ||
450 | return GC_INVALID_CIPHER; | ||
451 | } | ||
452 | |||
453 | return GC_OK; | ||
454 | } | ||
455 | |||
456 | Gc_rc | ||
457 | MHD_gc_cipher_decrypt_inline (MHD_gc_cipher_handle handle, size_t len, | ||
458 | char *data) | ||
459 | { | ||
460 | _MHD_gc_cipher_ctx *ctx = handle; | ||
461 | |||
462 | switch (ctx->alg) | ||
463 | { | ||
464 | #ifdef GNULIB_GC_ARCTWO | ||
465 | case GC_ARCTWO40: | ||
466 | switch (ctx->mode) | ||
467 | { | ||
468 | case GC_ECB: | ||
469 | arctwo_decrypt (&ctx->arctwoContext, data, data, len); | ||
470 | break; | ||
471 | |||
472 | case GC_CBC: | ||
473 | for (; len >= ARCTWO_BLOCK_SIZE; len -= ARCTWO_BLOCK_SIZE, | ||
474 | data += ARCTWO_BLOCK_SIZE) | ||
475 | { | ||
476 | char tmpIV[ARCTWO_BLOCK_SIZE]; | ||
477 | size_t i; | ||
478 | memcpy (tmpIV, data, ARCTWO_BLOCK_SIZE); | ||
479 | arctwo_decrypt (&ctx->arctwoContext, data, data, | ||
480 | ARCTWO_BLOCK_SIZE); | ||
481 | for (i = 0; i < ARCTWO_BLOCK_SIZE; i++) | ||
482 | data[i] ^= ctx->arctwoIV[i]; | ||
483 | memcpy (ctx->arctwoIV, tmpIV, ARCTWO_BLOCK_SIZE); | ||
484 | } | ||
485 | break; | ||
486 | |||
487 | default: | ||
488 | return GC_INVALID_CIPHER; | ||
489 | } | ||
490 | break; | ||
491 | #endif | ||
492 | |||
493 | #ifdef GNULIB_GC_ARCFOUR | ||
494 | case GC_ARCFOUR128: | ||
495 | case GC_ARCFOUR40: | ||
496 | arcfour_stream (&ctx->arcfourContext, data, data, len); | ||
497 | break; | ||
498 | #endif | ||
499 | |||
500 | #ifdef GNULIB_GC_DES | ||
501 | case GC_DES: | ||
502 | for (; len >= 8; len -= 8, data += 8) | ||
503 | MHD_gl_des_ecb_decrypt (&ctx->desContext, data, data); | ||
504 | break; | ||
505 | #endif | ||
506 | |||
507 | #ifdef GNULIB_GC_RIJNDAEL | ||
508 | case GC_AES128: | ||
509 | case GC_AES192: | ||
510 | case GC_AES256: | ||
511 | { | ||
512 | int nblocks; | ||
513 | |||
514 | nblocks = MHD_rijndaelBlockDecrypt (&ctx->aesContext, &ctx->aesDecKey, | ||
515 | data, 8 * len, data); | ||
516 | if (nblocks < 0) | ||
517 | return GC_INVALID_CIPHER; | ||
518 | } | ||
519 | break; | ||
520 | #endif | ||
521 | |||
522 | default: | ||
523 | return GC_INVALID_CIPHER; | ||
524 | } | ||
525 | |||
526 | return GC_OK; | ||
527 | } | ||
528 | |||
529 | Gc_rc | ||
530 | MHD_gc_cipher_close (MHD_gc_cipher_handle handle) | ||
531 | { | ||
532 | _MHD_gc_cipher_ctx *ctx = handle; | ||
533 | |||
534 | if (ctx) | ||
535 | free (ctx); | ||
536 | |||
537 | return GC_OK; | ||
538 | } | ||
539 | |||
540 | /* Hashes. */ | ||
541 | |||
542 | #define MAX_DIGEST_SIZE 20 | ||
543 | |||
544 | typedef struct _MHD_gc_hash_ctx | ||
545 | { | ||
546 | Gc_hash alg; | ||
547 | Gc_hash_mode mode; | ||
548 | char hash[MAX_DIGEST_SIZE]; | ||
549 | #ifdef GNULIB_GC_MD5 | ||
550 | struct MHD_md5_ctx md5Context; | ||
551 | #endif | ||
552 | #ifdef GNULIB_GC_SHA1 | ||
553 | struct MHD_sha1_ctx sha1Context; | ||
554 | #endif | ||
555 | } _MHD_gc_hash_ctx; | ||
556 | |||
557 | Gc_rc | ||
558 | MHD_gc_hash_open (Gc_hash hash, Gc_hash_mode mode, | ||
559 | MHD_gc_hash_handle * outhandle) | ||
560 | { | ||
561 | _MHD_gc_hash_ctx *ctx; | ||
562 | Gc_rc rc = GC_OK; | ||
563 | |||
564 | ctx = calloc (sizeof (*ctx), 1); | ||
565 | if (!ctx) | ||
566 | return GC_MALLOC_ERROR; | ||
567 | |||
568 | ctx->alg = hash; | ||
569 | ctx->mode = mode; | ||
570 | |||
571 | switch (hash) | ||
572 | { | ||
573 | #ifdef GNULIB_GC_MD5 | ||
574 | case GC_MD5: | ||
575 | MHD_md5_init_ctx (&ctx->md5Context); | ||
576 | break; | ||
577 | #endif | ||
578 | |||
579 | #ifdef GNULIB_GC_SHA1 | ||
580 | case GC_SHA1: | ||
581 | MHD_sha1_init_ctx (&ctx->sha1Context); | ||
582 | break; | ||
583 | #endif | ||
584 | |||
585 | default: | ||
586 | rc = GC_INVALID_HASH; | ||
587 | break; | ||
588 | } | ||
589 | |||
590 | switch (mode) | ||
591 | { | ||
592 | case 0: | ||
593 | break; | ||
594 | |||
595 | default: | ||
596 | rc = GC_INVALID_HASH; | ||
597 | break; | ||
598 | } | ||
599 | |||
600 | if (rc == GC_OK) | ||
601 | *outhandle = ctx; | ||
602 | else | ||
603 | free (ctx); | ||
604 | |||
605 | return rc; | ||
606 | } | ||
607 | |||
608 | Gc_rc | ||
609 | MHD_gc_hash_clone (MHD_gc_hash_handle handle, MHD_gc_hash_handle * outhandle) | ||
610 | { | ||
611 | _MHD_gc_hash_ctx *in = handle; | ||
612 | _MHD_gc_hash_ctx *out; | ||
613 | |||
614 | *outhandle = out = calloc (sizeof (*out), 1); | ||
615 | if (!out) | ||
616 | return GC_MALLOC_ERROR; | ||
617 | |||
618 | memcpy (out, in, sizeof (*out)); | ||
619 | |||
620 | return GC_OK; | ||
621 | } | ||
622 | |||
623 | size_t | ||
624 | MHD_gc_hash_digest_length (Gc_hash hash) | ||
625 | { | ||
626 | size_t len; | ||
627 | |||
628 | switch (hash) | ||
629 | { | ||
630 | case GC_MD2: | ||
631 | len = GC_MD2_DIGEST_SIZE; | ||
632 | break; | ||
633 | |||
634 | case GC_MD4: | ||
635 | len = GC_MD4_DIGEST_SIZE; | ||
636 | break; | ||
637 | |||
638 | case GC_MD5: | ||
639 | len = GC_MD5_DIGEST_SIZE; | ||
640 | break; | ||
641 | |||
642 | case GC_RMD160: | ||
643 | len = GC_RMD160_DIGEST_SIZE; | ||
644 | break; | ||
645 | |||
646 | case GC_SHA1: | ||
647 | len = GC_SHA1_DIGEST_SIZE; | ||
648 | break; | ||
649 | |||
650 | default: | ||
651 | return 0; | ||
652 | } | ||
653 | |||
654 | return len; | ||
655 | } | ||
656 | |||
657 | void | ||
658 | MHD_gc_hash_write (MHD_gc_hash_handle handle, size_t len, const char *data) | ||
659 | { | ||
660 | _MHD_gc_hash_ctx *ctx = handle; | ||
661 | |||
662 | switch (ctx->alg) | ||
663 | { | ||
664 | #ifdef GNULIB_GC_MD5 | ||
665 | case GC_MD5: | ||
666 | MHD_md5_process_bytes (data, len, &ctx->md5Context); | ||
667 | break; | ||
668 | #endif | ||
669 | |||
670 | #ifdef GNULIB_GC_SHA1 | ||
671 | case GC_SHA1: | ||
672 | MHD_sha1_process_bytes (data, len, &ctx->sha1Context); | ||
673 | break; | ||
674 | #endif | ||
675 | |||
676 | default: | ||
677 | break; | ||
678 | } | ||
679 | } | ||
680 | |||
681 | const char * | ||
682 | MHD_gc_hash_read (MHD_gc_hash_handle handle) | ||
683 | { | ||
684 | _MHD_gc_hash_ctx *ctx = handle; | ||
685 | const char *ret = NULL; | ||
686 | |||
687 | switch (ctx->alg) | ||
688 | { | ||
689 | #ifdef GNULIB_GC_MD5 | ||
690 | case GC_MD5: | ||
691 | MHD_md5_finish_ctx (&ctx->md5Context, ctx->hash); | ||
692 | ret = ctx->hash; | ||
693 | break; | ||
694 | #endif | ||
695 | |||
696 | #ifdef GNULIB_GC_SHA1 | ||
697 | case GC_SHA1: | ||
698 | MHD_sha1_finish_ctx (&ctx->sha1Context, ctx->hash); | ||
699 | ret = ctx->hash; | ||
700 | break; | ||
701 | #endif | ||
702 | |||
703 | default: | ||
704 | return NULL; | ||
705 | } | ||
706 | |||
707 | return ret; | ||
708 | } | ||
709 | |||
710 | void | ||
711 | MHD_gc_hash_close (MHD_gc_hash_handle handle) | ||
712 | { | ||
713 | _MHD_gc_hash_ctx *ctx = handle; | ||
714 | |||
715 | free (ctx); | ||
716 | } | ||
717 | |||
718 | Gc_rc | ||
719 | MHD_gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf) | ||
720 | { | ||
721 | switch (hash) | ||
722 | { | ||
723 | #ifdef GNULIB_GC_MD5 | ||
724 | case GC_MD5: | ||
725 | MHD_md5_buffer (in, inlen, resbuf); | ||
726 | break; | ||
727 | #endif | ||
728 | |||
729 | #ifdef GNULIB_GC_SHA1 | ||
730 | case GC_SHA1: | ||
731 | MHD_sha1_buffer (in, inlen, resbuf); | ||
732 | break; | ||
733 | #endif | ||
734 | |||
735 | default: | ||
736 | return GC_INVALID_HASH; | ||
737 | } | ||
738 | |||
739 | return GC_OK; | ||
740 | } | ||
741 | |||
742 | #ifdef GNULIB_GC_MD5 | ||
743 | Gc_rc | ||
744 | MHD_gc_md5 (const void *in, size_t inlen, void *resbuf) | ||
745 | { | ||
746 | MHD_md5_buffer (in, inlen, resbuf); | ||
747 | return GC_OK; | ||
748 | } | ||
749 | #endif | ||
750 | |||
751 | #ifdef GNULIB_GC_SHA1 | ||
752 | Gc_rc | ||
753 | MHD_gc_sha1 (const void *in, size_t inlen, void *resbuf) | ||
754 | { | ||
755 | MHD_sha1_buffer (in, inlen, resbuf); | ||
756 | return GC_OK; | ||
757 | } | ||
758 | #endif | ||
759 | |||
760 | #ifdef GNULIB_GC_HMAC_MD5 | ||
761 | Gc_rc | ||
762 | MHD_gc_MHD_hmac_md5 (const void *key, size_t keylen, | ||
763 | const void *in, size_t inlen, char *resbuf) | ||
764 | { | ||
765 | MHD_hmac_md5 (key, keylen, in, inlen, resbuf); | ||
766 | return GC_OK; | ||
767 | } | ||
768 | #endif | ||
769 | |||
770 | #ifdef GNULIB_GC_HMAC_SHA1 | ||
771 | Gc_rc | ||
772 | MHD_gc_MHD_hmac_sha1 (const void *key, | ||
773 | size_t keylen, const void *in, size_t inlen, | ||
774 | char *resbuf) | ||
775 | { | ||
776 | MHD_hmac_sha1 (key, keylen, in, inlen, resbuf); | ||
777 | return GC_OK; | ||
778 | } | ||
779 | #endif | ||
diff --git a/src/daemon/https/lgl/gc-libgcrypt.c b/src/daemon/https/lgl/gc-libgcrypt.c index 9d91c45c..3653f0fc 100644 --- a/src/daemon/https/lgl/gc-libgcrypt.c +++ b/src/daemon/https/lgl/gc-libgcrypt.c | |||
@@ -416,163 +416,6 @@ MHD_gc_hash_close (MHD_gc_hash_handle handle) | |||
416 | free (ctx); | 416 | free (ctx); |
417 | } | 417 | } |
418 | 418 | ||
419 | Gc_rc | ||
420 | MHD_gc_hash_buffer (Gc_hash hash, const void *in, size_t inlen, char *resbuf) | ||
421 | { | ||
422 | int gcryalg; | ||
423 | |||
424 | switch (hash) | ||
425 | { | ||
426 | #ifdef GNULIB_GC_MD5 | ||
427 | case GC_MD5: | ||
428 | gcryalg = GCRY_MD_MD5; | ||
429 | break; | ||
430 | #endif | ||
431 | |||
432 | #ifdef GNULIB_GC_SHA1 | ||
433 | case GC_SHA1: | ||
434 | gcryalg = GCRY_MD_SHA1; | ||
435 | break; | ||
436 | #endif | ||
437 | |||
438 | #ifdef GNULIB_GC_SHA256 | ||
439 | case GC_SHA256: | ||
440 | gcryalg = GCRY_MD_SHA256; | ||
441 | break; | ||
442 | #endif | ||
443 | |||
444 | #ifdef GNULIB_GC_SHA384 | ||
445 | case GC_SHA384: | ||
446 | gcryalg = GCRY_MD_SHA384; | ||
447 | break; | ||
448 | #endif | ||
449 | |||
450 | #ifdef GNULIB_GC_SHA512 | ||
451 | case GC_SHA512: | ||
452 | gcryalg = GCRY_MD_SHA512; | ||
453 | break; | ||
454 | #endif | ||
455 | |||
456 | #ifdef GNULIB_GC_RMD160 | ||
457 | case GC_RMD160: | ||
458 | gcryalg = GCRY_MD_RMD160; | ||
459 | break; | ||
460 | #endif | ||
461 | |||
462 | default: | ||
463 | return GC_INVALID_HASH; | ||
464 | } | ||
465 | |||
466 | gcry_md_hash_buffer (gcryalg, resbuf, in, inlen); | ||
467 | |||
468 | return GC_OK; | ||
469 | } | ||
470 | |||
471 | /* One-call interface. */ | ||
472 | #ifdef GNULIB_GC_MD5 | ||
473 | Gc_rc | ||
474 | MHD_gc_md5 (const void *in, size_t inlen, void *resbuf) | ||
475 | { | ||
476 | size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_MD5); | ||
477 | gcry_md_hd_t hd; | ||
478 | gpg_error_t err; | ||
479 | unsigned char *p; | ||
480 | |||
481 | assert (outlen == GC_MD5_DIGEST_SIZE); | ||
482 | |||
483 | err = gcry_md_open (&hd, GCRY_MD_MD5, 0); | ||
484 | if (err != GPG_ERR_NO_ERROR) | ||
485 | return GC_INVALID_HASH; | ||
486 | |||
487 | gcry_md_write (hd, in, inlen); | ||
488 | |||
489 | p = gcry_md_read (hd, GCRY_MD_MD5); | ||
490 | if (p == NULL) | ||
491 | { | ||
492 | gcry_md_close (hd); | ||
493 | return GC_INVALID_HASH; | ||
494 | } | ||
495 | |||
496 | memcpy (resbuf, p, outlen); | ||
497 | |||
498 | gcry_md_close (hd); | ||
499 | |||
500 | return GC_OK; | ||
501 | } | ||
502 | #endif | ||
503 | |||
504 | #ifdef GNULIB_GC_SHA1 | ||
505 | Gc_rc | ||
506 | MHD_gc_sha1 (const void *in, size_t inlen, void *resbuf) | ||
507 | { | ||
508 | size_t outlen = gcry_md_get_algo_dlen (GCRY_MD_SHA1); | ||
509 | gcry_md_hd_t hd; | ||
510 | gpg_error_t err; | ||
511 | unsigned char *p; | ||
512 | |||
513 | assert (outlen == GC_SHA1_DIGEST_SIZE); | ||
514 | |||
515 | err = gcry_md_open (&hd, GCRY_MD_SHA1, 0); | ||
516 | if (err != GPG_ERR_NO_ERROR) | ||
517 | return GC_INVALID_HASH; | ||
518 | |||
519 | gcry_md_write (hd, in, inlen); | ||
520 | |||
521 | p = gcry_md_read (hd, GCRY_MD_SHA1); | ||
522 | if (p == NULL) | ||
523 | { | ||
524 | gcry_md_close (hd); | ||
525 | return GC_INVALID_HASH; | ||
526 | } | ||
527 | |||
528 | memcpy (resbuf, p, outlen); | ||
529 | |||
530 | gcry_md_close (hd); | ||
531 | |||
532 | return GC_OK; | ||
533 | } | ||
534 | #endif | ||
535 | |||
536 | #ifdef GNULIB_GC_HMAC_MD5 | ||
537 | Gc_rc | ||
538 | MHD_gc_MHD_hmac_md5 (const void *key, size_t keylen, | ||
539 | const void *in, size_t inlen, char *resbuf) | ||
540 | { | ||
541 | size_t hlen = gcry_md_get_algo_dlen (GCRY_MD_MD5); | ||
542 | gcry_md_hd_t mdh; | ||
543 | unsigned char *hash; | ||
544 | gpg_error_t err; | ||
545 | |||
546 | assert (hlen == 16); | ||
547 | |||
548 | err = gcry_md_open (&mdh, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC); | ||
549 | if (err != GPG_ERR_NO_ERROR) | ||
550 | return GC_INVALID_HASH; | ||
551 | |||
552 | err = gcry_md_setkey (mdh, key, keylen); | ||
553 | if (err != GPG_ERR_NO_ERROR) | ||
554 | { | ||
555 | gcry_md_close (mdh); | ||
556 | return GC_INVALID_HASH; | ||
557 | } | ||
558 | |||
559 | gcry_md_write (mdh, in, inlen); | ||
560 | |||
561 | hash = gcry_md_read (mdh, GCRY_MD_MD5); | ||
562 | if (hash == NULL) | ||
563 | { | ||
564 | gcry_md_close (mdh); | ||
565 | return GC_INVALID_HASH; | ||
566 | } | ||
567 | |||
568 | memcpy (resbuf, hash, hlen); | ||
569 | |||
570 | gcry_md_close (mdh); | ||
571 | |||
572 | return GC_OK; | ||
573 | } | ||
574 | #endif | ||
575 | |||
576 | #ifdef GNULIB_GC_HMAC_SHA1 | 419 | #ifdef GNULIB_GC_HMAC_SHA1 |
577 | Gc_rc | 420 | Gc_rc |
578 | MHD_gc_MHD_hmac_sha1 (const void *key, | 421 | MHD_gc_MHD_hmac_sha1 (const void *key, |
diff --git a/src/daemon/https/lgl/memxor.c b/src/daemon/https/lgl/memxor.c index a1921494..46c6542e 100644 --- a/src/daemon/https/lgl/memxor.c +++ b/src/daemon/https/lgl/memxor.c | |||
@@ -23,7 +23,7 @@ | |||
23 | #include "memxor.h" | 23 | #include "memxor.h" |
24 | 24 | ||
25 | void * | 25 | void * |
26 | MHD_memxor (void *restrict dest, const void *restrict src, size_t n) | 26 | MHD_memxor (void * dest, const void * src, size_t n) |
27 | { | 27 | { |
28 | char const *s = src; | 28 | char const *s = src; |
29 | char *d = dest; | 29 | char *d = dest; |
diff --git a/src/daemon/https/lgl/memxor.h b/src/daemon/https/lgl/memxor.h index 47e6b3fa..6ccb3ba6 100644 --- a/src/daemon/https/lgl/memxor.h +++ b/src/daemon/https/lgl/memxor.h | |||
@@ -26,6 +26,6 @@ | |||
26 | /* Compute binary exclusive OR of memory areas DEST and SRC, putting | 26 | /* Compute binary exclusive OR of memory areas DEST and SRC, putting |
27 | the result in DEST, of length N bytes. Returns a pointer to | 27 | the result in DEST, of length N bytes. Returns a pointer to |
28 | DEST. */ | 28 | DEST. */ |
29 | void *MHD_memxor (void *restrict dest, const void *restrict src, size_t n); | 29 | void *MHD_memxor (void * dest, const void * src, size_t n); |
30 | 30 | ||
31 | #endif /* MEMXOR_H */ | 31 | #endif /* MEMXOR_H */ |
diff --git a/src/daemon/https/minitasn1/Makefile.am b/src/daemon/https/minitasn1/Makefile.am index 16ba08b2..1d5c68d9 100644 --- a/src/daemon/https/minitasn1/Makefile.am +++ b/src/daemon/https/minitasn1/Makefile.am | |||
@@ -1,8 +1,7 @@ | |||
1 | |||
2 | AM_CPPFLAGS = \ | 1 | AM_CPPFLAGS = \ |
3 | -I$(top_srcdir)/src/include \ | 2 | -I$(top_srcdir)/src/include \ |
4 | -I$(top_srcdir)/src/daemon/https/lgl \ | 3 | -I$(top_srcdir)/src/daemon/https/lgl \ |
5 | -I$(top_srcdir)/src/daemon/https/tls | 4 | -I$(top_srcdir)/src/daemon/https/tls |
6 | 5 | ||
7 | if USE_COVERAGE | 6 | if USE_COVERAGE |
8 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | 7 | AM_CFLAGS = -fprofile-arcs -ftest-coverage |
diff --git a/src/daemon/https/tls/Makefile.am b/src/daemon/https/tls/Makefile.am index 23ec8d7b..c807d1c7 100644 --- a/src/daemon/https/tls/Makefile.am +++ b/src/daemon/https/tls/Makefile.am | |||
@@ -1,9 +1,3 @@ | |||
1 | SUBDIRS = . | ||
2 | |||
3 | if USE_COVERAGE | ||
4 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | ||
5 | endif | ||
6 | |||
7 | AM_CPPFLAGS = \ | 1 | AM_CPPFLAGS = \ |
8 | -I$(top_srcdir)/src/include \ | 2 | -I$(top_srcdir)/src/include \ |
9 | -I$(top_srcdir)/src/daemon/ \ | 3 | -I$(top_srcdir)/src/daemon/ \ |
@@ -11,18 +5,19 @@ AM_CPPFLAGS = \ | |||
11 | -I$(top_srcdir)/src/daemon/https/tls \ | 5 | -I$(top_srcdir)/src/daemon/https/tls \ |
12 | -I$(top_srcdir)/src/daemon/https/lgl \ | 6 | -I$(top_srcdir)/src/daemon/https/lgl \ |
13 | -I$(top_srcdir)/src/daemon/https/minitasn1 \ | 7 | -I$(top_srcdir)/src/daemon/https/minitasn1 \ |
14 | -I$(top_srcdir)/src/daemon/https/x509 \ | 8 | -I$(top_srcdir)/src/daemon/https/x509 |
15 | -I$(GCRYPT_CPPFLAGS) | 9 | |
10 | if USE_COVERAGE | ||
11 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | ||
12 | endif | ||
16 | 13 | ||
17 | noinst_LTLIBRARIES = libtls.la | 14 | noinst_LTLIBRARIES = libtls.la |
18 | 15 | ||
19 | libtls_la_LDFLAGS = \ | 16 | libtls_la_LDFLAGS = -lgcrypt |
20 | -L$(GCRYPT_LIB_PATH) | ||
21 | 17 | ||
22 | libtls_la_SOURCES = \ | 18 | libtls_la_SOURCES = \ |
23 | auth_cert.c \ | 19 | auth_cert.c \ |
24 | auth_dh_common.c \ | 20 | auth_dh_common.c \ |
25 | auth_dhe.c \ | ||
26 | auth_rsa.c \ | 21 | auth_rsa.c \ |
27 | auth_rsa_export.c \ | 22 | auth_rsa_export.c \ |
28 | debug.c \ | 23 | debug.c \ |
diff --git a/src/daemon/https/tls/auth_dh_common.c b/src/daemon/https/tls/auth_dh_common.c index 8fc6e391..0957f81b 100644 --- a/src/daemon/https/tls/auth_dh_common.c +++ b/src/daemon/https/tls/auth_dh_common.c | |||
@@ -50,278 +50,3 @@ MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh) | |||
50 | MHD__gnutls_free_datum (&dh->public_key); | 50 | MHD__gnutls_free_datum (&dh->public_key); |
51 | } | 51 | } |
52 | 52 | ||
53 | int | ||
54 | MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session, | ||
55 | opaque * data, size_t _data_size, | ||
56 | mpi_t g, mpi_t p) | ||
57 | { | ||
58 | uint16_t n_Y; | ||
59 | size_t _n_Y; | ||
60 | int ret; | ||
61 | ssize_t data_size = _data_size; | ||
62 | |||
63 | |||
64 | DECR_LEN (data_size, 2); | ||
65 | n_Y = MHD_gtls_read_uint16 (&data[0]); | ||
66 | _n_Y = n_Y; | ||
67 | |||
68 | DECR_LEN (data_size, n_Y); | ||
69 | if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, &data[2], &_n_Y)) | ||
70 | { | ||
71 | MHD_gnutls_assert (); | ||
72 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
73 | } | ||
74 | |||
75 | MHD_gtls_dh_set_peer_public (session, session->key->client_Y); | ||
76 | |||
77 | session->key->KEY = | ||
78 | MHD_gtls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p); | ||
79 | |||
80 | if (session->key->KEY == NULL) | ||
81 | { | ||
82 | MHD_gnutls_assert (); | ||
83 | return GNUTLS_E_MEMORY_ERROR; | ||
84 | } | ||
85 | |||
86 | MHD_gtls_mpi_release (&session->key->client_Y); | ||
87 | MHD_gtls_mpi_release (&session->key->dh_secret); | ||
88 | |||
89 | ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY); | ||
90 | |||
91 | MHD_gtls_mpi_release (&session->key->KEY); | ||
92 | |||
93 | if (ret < 0) | ||
94 | { | ||
95 | return ret; | ||
96 | } | ||
97 | |||
98 | return 0; | ||
99 | } | ||
100 | |||
101 | int | ||
102 | MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t session, opaque ** data) | ||
103 | { | ||
104 | mpi_t x = NULL, X = NULL; | ||
105 | size_t n_X; | ||
106 | int ret; | ||
107 | |||
108 | *data = NULL; | ||
109 | |||
110 | X = MHD_gtls_calc_dh_secret (&x, session->key->client_g, | ||
111 | session->key->client_p); | ||
112 | if (X == NULL || x == NULL) | ||
113 | { | ||
114 | MHD_gnutls_assert (); | ||
115 | ret = GNUTLS_E_MEMORY_ERROR; | ||
116 | goto error; | ||
117 | } | ||
118 | |||
119 | MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x)); | ||
120 | |||
121 | MHD_gtls_mpi_print (NULL, &n_X, X); | ||
122 | (*data) = MHD_gnutls_malloc (n_X + 2); | ||
123 | if (*data == NULL) | ||
124 | { | ||
125 | ret = GNUTLS_E_MEMORY_ERROR; | ||
126 | goto error; | ||
127 | } | ||
128 | |||
129 | MHD_gtls_mpi_print (&(*data)[2], &n_X, X); | ||
130 | MHD_gtls_mpi_release (&X); | ||
131 | |||
132 | MHD_gtls_write_uint16 (n_X, &(*data)[0]); | ||
133 | |||
134 | /* calculate the key after calculating the message */ | ||
135 | session->key->KEY = | ||
136 | MHD_gtls_calc_dh_key (session->key->client_Y, x, session->key->client_p); | ||
137 | |||
138 | MHD_gtls_mpi_release (&x); | ||
139 | if (session->key->KEY == NULL) | ||
140 | { | ||
141 | MHD_gnutls_assert (); | ||
142 | ret = GNUTLS_E_MEMORY_ERROR; | ||
143 | goto error; | ||
144 | } | ||
145 | |||
146 | /* THESE SHOULD BE DISCARDED */ | ||
147 | MHD_gtls_mpi_release (&session->key->client_Y); | ||
148 | MHD_gtls_mpi_release (&session->key->client_p); | ||
149 | MHD_gtls_mpi_release (&session->key->client_g); | ||
150 | |||
151 | ret = MHD_gtls_mpi_dprint (&session->key->key, session->key->KEY); | ||
152 | |||
153 | MHD_gtls_mpi_release (&session->key->KEY); | ||
154 | |||
155 | if (ret < 0) | ||
156 | { | ||
157 | MHD_gnutls_assert (); | ||
158 | goto error; | ||
159 | } | ||
160 | |||
161 | return n_X + 2; | ||
162 | |||
163 | error: | ||
164 | MHD_gtls_mpi_release (&x); | ||
165 | MHD_gtls_mpi_release (&X); | ||
166 | MHD_gnutls_free (*data); | ||
167 | *data = NULL; | ||
168 | return ret; | ||
169 | } | ||
170 | |||
171 | int | ||
172 | MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session, | ||
173 | opaque * data, size_t _data_size, int psk) | ||
174 | { | ||
175 | uint16_t n_Y, n_g, n_p; | ||
176 | size_t _n_Y, _n_g, _n_p; | ||
177 | uint8_t *data_p; | ||
178 | uint8_t *data_g; | ||
179 | uint8_t *data_Y; | ||
180 | int i, bits, psk_size, ret; | ||
181 | ssize_t data_size = _data_size; | ||
182 | |||
183 | i = 0; | ||
184 | |||
185 | if (psk != 0) | ||
186 | { | ||
187 | DECR_LEN (data_size, 2); | ||
188 | psk_size = MHD_gtls_read_uint16 (&data[i]); | ||
189 | DECR_LEN (data_size, psk_size); | ||
190 | i += 2 + psk_size; | ||
191 | } | ||
192 | |||
193 | DECR_LEN (data_size, 2); | ||
194 | n_p = MHD_gtls_read_uint16 (&data[i]); | ||
195 | i += 2; | ||
196 | |||
197 | DECR_LEN (data_size, n_p); | ||
198 | data_p = &data[i]; | ||
199 | i += n_p; | ||
200 | |||
201 | DECR_LEN (data_size, 2); | ||
202 | n_g = MHD_gtls_read_uint16 (&data[i]); | ||
203 | i += 2; | ||
204 | |||
205 | DECR_LEN (data_size, n_g); | ||
206 | data_g = &data[i]; | ||
207 | i += n_g; | ||
208 | |||
209 | DECR_LEN (data_size, 2); | ||
210 | n_Y = MHD_gtls_read_uint16 (&data[i]); | ||
211 | i += 2; | ||
212 | |||
213 | DECR_LEN (data_size, n_Y); | ||
214 | data_Y = &data[i]; | ||
215 | i += n_Y; | ||
216 | |||
217 | _n_Y = n_Y; | ||
218 | _n_g = n_g; | ||
219 | _n_p = n_p; | ||
220 | |||
221 | if (MHD_gtls_mpi_scan_nz (&session->key->client_Y, data_Y, &_n_Y) != 0) | ||
222 | { | ||
223 | MHD_gnutls_assert (); | ||
224 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
225 | } | ||
226 | |||
227 | if (MHD_gtls_mpi_scan_nz (&session->key->client_g, data_g, &_n_g) != 0) | ||
228 | { | ||
229 | MHD_gnutls_assert (); | ||
230 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
231 | } | ||
232 | if (MHD_gtls_mpi_scan_nz (&session->key->client_p, data_p, &_n_p) != 0) | ||
233 | { | ||
234 | MHD_gnutls_assert (); | ||
235 | return GNUTLS_E_MPI_SCAN_FAILED; | ||
236 | } | ||
237 | |||
238 | bits = MHD_gtls_dh_get_allowed_prime_bits (session); | ||
239 | if (bits < 0) | ||
240 | { | ||
241 | MHD_gnutls_assert (); | ||
242 | return bits; | ||
243 | } | ||
244 | |||
245 | if (MHD__gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits) | ||
246 | { | ||
247 | /* the prime used by the peer is not acceptable | ||
248 | */ | ||
249 | MHD_gnutls_assert (); | ||
250 | return GNUTLS_E_DH_PRIME_UNACCEPTABLE; | ||
251 | } | ||
252 | |||
253 | MHD_gtls_dh_set_group (session, session->key->client_g, | ||
254 | session->key->client_p); | ||
255 | MHD_gtls_dh_set_peer_public (session, session->key->client_Y); | ||
256 | |||
257 | ret = n_Y + n_p + n_g + 6; | ||
258 | if (psk != 0) | ||
259 | ret += 2; | ||
260 | |||
261 | return ret; | ||
262 | } | ||
263 | |||
264 | /* If the psk flag is set, then an empty psk_identity_hint will | ||
265 | * be inserted */ | ||
266 | int | ||
267 | MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t session, | ||
268 | mpi_t g, mpi_t p, opaque ** data, int psk) | ||
269 | { | ||
270 | mpi_t x, X; | ||
271 | size_t n_X, n_g, n_p; | ||
272 | int ret, data_size, pos; | ||
273 | uint8_t *pdata; | ||
274 | |||
275 | X = MHD_gtls_calc_dh_secret (&x, g, p); | ||
276 | if (X == NULL || x == NULL) | ||
277 | { | ||
278 | MHD_gnutls_assert (); | ||
279 | return GNUTLS_E_MEMORY_ERROR; | ||
280 | } | ||
281 | |||
282 | session->key->dh_secret = x; | ||
283 | MHD_gtls_dh_set_secret_bits (session, MHD__gnutls_mpi_get_nbits (x)); | ||
284 | |||
285 | MHD_gtls_mpi_print (NULL, &n_g, g); | ||
286 | MHD_gtls_mpi_print (NULL, &n_p, p); | ||
287 | MHD_gtls_mpi_print (NULL, &n_X, X); | ||
288 | |||
289 | data_size = n_g + n_p + n_X + 6; | ||
290 | if (psk != 0) | ||
291 | data_size += 2; | ||
292 | |||
293 | (*data) = MHD_gnutls_malloc (data_size); | ||
294 | if (*data == NULL) | ||
295 | { | ||
296 | MHD_gtls_mpi_release (&X); | ||
297 | return GNUTLS_E_MEMORY_ERROR; | ||
298 | } | ||
299 | |||
300 | pos = 0; | ||
301 | pdata = *data; | ||
302 | |||
303 | if (psk != 0) | ||
304 | { | ||
305 | MHD_gtls_write_uint16 (0, &pdata[pos]); | ||
306 | pos += 2; | ||
307 | } | ||
308 | |||
309 | MHD_gtls_mpi_print (&pdata[pos + 2], &n_p, p); | ||
310 | MHD_gtls_write_uint16 (n_p, &pdata[pos]); | ||
311 | |||
312 | pos += n_p + 2; | ||
313 | |||
314 | MHD_gtls_mpi_print (&pdata[pos + 2], &n_g, g); | ||
315 | MHD_gtls_write_uint16 (n_g, &pdata[pos]); | ||
316 | |||
317 | pos += n_g + 2; | ||
318 | |||
319 | MHD_gtls_mpi_print (&pdata[pos + 2], &n_X, X); | ||
320 | MHD_gtls_mpi_release (&X); | ||
321 | |||
322 | MHD_gtls_write_uint16 (n_X, &pdata[pos]); | ||
323 | |||
324 | ret = data_size; | ||
325 | |||
326 | return ret; | ||
327 | } | ||
diff --git a/src/daemon/https/tls/auth_dh_common.h b/src/daemon/https/tls/auth_dh_common.h index f09ce6dc..eb779a8b 100644 --- a/src/daemon/https/tls/auth_dh_common.h +++ b/src/daemon/https/tls/auth_dh_common.h | |||
@@ -35,14 +35,5 @@ typedef struct | |||
35 | } MHD_gtls_dh_info_st; | 35 | } MHD_gtls_dh_info_st; |
36 | 36 | ||
37 | void MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh); | 37 | void MHD_gtls_free_dh_info (MHD_gtls_dh_info_st * dh); |
38 | int MHD_gtls_gen_dh_common_client_kx (MHD_gtls_session_t, opaque **); | ||
39 | int MHD_gtls_proc_dh_common_client_kx (MHD_gtls_session_t session, | ||
40 | opaque * data, size_t _data_size, | ||
41 | mpi_t p, mpi_t g); | ||
42 | int MHD_gtls_dh_common_print_server_kx (MHD_gtls_session_t, mpi_t g, mpi_t p, | ||
43 | opaque ** data, int psk); | ||
44 | int MHD_gtls_proc_dh_common_server_kx (MHD_gtls_session_t session, | ||
45 | opaque * data, size_t _data_size, | ||
46 | int psk); | ||
47 | 38 | ||
48 | #endif | 39 | #endif |
diff --git a/src/daemon/https/tls/auth_dhe.c b/src/daemon/https/tls/auth_dhe.c deleted file mode 100644 index fa535e55..00000000 --- a/src/daemon/https/tls/auth_dhe.c +++ /dev/null | |||
@@ -1,277 +0,0 @@ | |||
1 | /* | ||
2 | * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007 Free Software Foundation | ||
3 | * | ||
4 | * Author: Nikos Mavrogiannopoulos | ||
5 | * | ||
6 | * This file is part of GNUTLS. | ||
7 | * | ||
8 | * The GNUTLS library is free software; you can redistribute it and/or | ||
9 | * modify it under the terms of the GNU Lesser General Public License | ||
10 | * as published by the Free Software Foundation; either version 2.1 of | ||
11 | * the License, or (at your option) any later version. | ||
12 | * | ||
13 | * This library is distributed in the hope that it will be useful, but | ||
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | ||
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
16 | * Lesser General Public License for more details. | ||
17 | * | ||
18 | * You should have received a copy of the GNU Lesser General Public | ||
19 | * License along with this library; if not, write to the Free Software | ||
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, | ||
21 | * USA | ||
22 | * | ||
23 | */ | ||
24 | |||
25 | /* This file contains everything for the Ephemeral Diffie Hellman (DHE) | ||
26 | * key exchange. This is used in the handshake procedure of the certificate | ||
27 | * authentication. | ||
28 | */ | ||
29 | |||
30 | #include "gnutls_int.h" | ||
31 | #include "gnutls_auth_int.h" | ||
32 | #include "gnutls_errors.h" | ||
33 | #include "gnutls_dh.h" | ||
34 | #include "gnutls_num.h" | ||
35 | #include "gnutls_sig.h" | ||
36 | #include <gnutls_datum.h> | ||
37 | #include <auth_cert.h> | ||
38 | #include <gnutls_x509.h> | ||
39 | #include <gnutls_state.h> | ||
40 | #include <auth_dh_common.h> | ||
41 | |||
42 | static int gen_dhe_server_kx (MHD_gtls_session_t, opaque **); | ||
43 | static int proc_dhe_server_kx (MHD_gtls_session_t, opaque *, size_t); | ||
44 | static int proc_dhe_client_kx (MHD_gtls_session_t, opaque *, size_t); | ||
45 | |||
46 | const MHD_gtls_mod_auth_st MHD_gtls_dhe_rsa_auth_struct = { | ||
47 | "DHE_RSA", | ||
48 | MHD_gtls_gen_cert_server_certificate, | ||
49 | MHD_gtls_gen_cert_client_certificate, | ||
50 | gen_dhe_server_kx, | ||
51 | MHD_gtls_gen_dh_common_client_kx, | ||
52 | MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | ||
53 | MHD_gtls_gen_cert_server_cert_req, /* server cert request */ | ||
54 | |||
55 | MHD_gtls_proc_cert_server_certificate, | ||
56 | MHD__gnutls_proc_cert_client_certificate, | ||
57 | proc_dhe_server_kx, | ||
58 | proc_dhe_client_kx, | ||
59 | MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | ||
60 | MHD_gtls_proc_cert_cert_req /* proc server cert request */ | ||
61 | }; | ||
62 | |||
63 | const MHD_gtls_mod_auth_st MHD_gtls_dhe_dss_auth_struct = { | ||
64 | "DHE_DSS", | ||
65 | MHD_gtls_gen_cert_server_certificate, | ||
66 | MHD_gtls_gen_cert_client_certificate, | ||
67 | gen_dhe_server_kx, | ||
68 | MHD_gtls_gen_dh_common_client_kx, | ||
69 | MHD_gtls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */ | ||
70 | MHD_gtls_gen_cert_server_cert_req, /* server cert request */ | ||
71 | |||
72 | MHD_gtls_proc_cert_server_certificate, | ||
73 | MHD__gnutls_proc_cert_client_certificate, | ||
74 | proc_dhe_server_kx, | ||
75 | proc_dhe_client_kx, | ||
76 | MHD_gtls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */ | ||
77 | MHD_gtls_proc_cert_cert_req /* proc server cert request */ | ||
78 | }; | ||
79 | |||
80 | |||
81 | static int | ||
82 | gen_dhe_server_kx (MHD_gtls_session_t session, opaque ** data) | ||
83 | { | ||
84 | mpi_t g, p; | ||
85 | const mpi_t *mpis; | ||
86 | int ret = 0, data_size; | ||
87 | int bits; | ||
88 | MHD_gnutls_cert *apr_cert_list; | ||
89 | MHD_gnutls_privkey *apr_pkey; | ||
90 | int apr_cert_list_length; | ||
91 | MHD_gnutls_datum_t signature, ddata; | ||
92 | MHD_gtls_cert_credentials_t cred; | ||
93 | MHD_gtls_dh_params_t dh_params; | ||
94 | |||
95 | cred = (MHD_gtls_cert_credentials_t) | ||
96 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
97 | if (cred == NULL) | ||
98 | { | ||
99 | MHD_gnutls_assert (); | ||
100 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
101 | } | ||
102 | |||
103 | bits = MHD_gtls_dh_get_allowed_prime_bits (session); | ||
104 | |||
105 | /* find the appropriate certificate */ | ||
106 | if ((ret = | ||
107 | MHD_gtls_get_selected_cert (session, &apr_cert_list, | ||
108 | &apr_cert_list_length, &apr_pkey)) < 0) | ||
109 | { | ||
110 | MHD_gnutls_assert (); | ||
111 | return ret; | ||
112 | } | ||
113 | |||
114 | dh_params = | ||
115 | MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); | ||
116 | mpis = MHD_gtls_dh_params_to_mpi (dh_params); | ||
117 | if (mpis == NULL) | ||
118 | { | ||
119 | MHD_gnutls_assert (); | ||
120 | return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; | ||
121 | } | ||
122 | |||
123 | p = mpis[0]; | ||
124 | g = mpis[1]; | ||
125 | |||
126 | if ((ret = MHD_gtls_auth_info_set (session, MHD_GNUTLS_CRD_CERTIFICATE, | ||
127 | sizeof (cert_auth_info_st), 0)) < 0) | ||
128 | { | ||
129 | MHD_gnutls_assert (); | ||
130 | return ret; | ||
131 | } | ||
132 | |||
133 | MHD_gtls_dh_set_group (session, g, p); | ||
134 | |||
135 | ret = MHD_gtls_dh_common_print_server_kx (session, g, p, data, 0); | ||
136 | if (ret < 0) | ||
137 | { | ||
138 | MHD_gnutls_assert (); | ||
139 | return ret; | ||
140 | } | ||
141 | data_size = ret; | ||
142 | |||
143 | /* Generate the signature. */ | ||
144 | |||
145 | ddata.data = *data; | ||
146 | ddata.size = data_size; | ||
147 | |||
148 | if (apr_cert_list_length > 0) | ||
149 | { | ||
150 | if ((ret = | ||
151 | MHD_gtls_tls_sign_params (session, &apr_cert_list[0], | ||
152 | apr_pkey, &ddata, &signature)) < 0) | ||
153 | { | ||
154 | MHD_gnutls_assert (); | ||
155 | MHD_gnutls_free (*data); | ||
156 | return ret; | ||
157 | } | ||
158 | } | ||
159 | else | ||
160 | { | ||
161 | MHD_gnutls_assert (); | ||
162 | return data_size; /* do not put a signature - ILLEGAL! */ | ||
163 | } | ||
164 | |||
165 | *data = MHD_gtls_realloc_fast (*data, data_size + signature.size + 2); | ||
166 | if (*data == NULL) | ||
167 | { | ||
168 | MHD__gnutls_free_datum (&signature); | ||
169 | MHD_gnutls_assert (); | ||
170 | return GNUTLS_E_MEMORY_ERROR; | ||
171 | } | ||
172 | |||
173 | MHD_gtls_write_datum16 (&(*data)[data_size], signature); | ||
174 | data_size += signature.size + 2; | ||
175 | |||
176 | MHD__gnutls_free_datum (&signature); | ||
177 | |||
178 | return data_size; | ||
179 | } | ||
180 | |||
181 | static int | ||
182 | proc_dhe_server_kx (MHD_gtls_session_t session, opaque * data, | ||
183 | size_t _data_size) | ||
184 | { | ||
185 | int sigsize; | ||
186 | MHD_gnutls_datum_t vparams, signature; | ||
187 | int ret; | ||
188 | cert_auth_info_t info = MHD_gtls_get_auth_info (session); | ||
189 | ssize_t data_size = _data_size; | ||
190 | MHD_gnutls_cert peer_cert; | ||
191 | |||
192 | if (info == NULL || info->ncerts == 0) | ||
193 | { | ||
194 | MHD_gnutls_assert (); | ||
195 | /* we need this in order to get peer's certificate */ | ||
196 | return GNUTLS_E_INTERNAL_ERROR; | ||
197 | } | ||
198 | |||
199 | ret = MHD_gtls_proc_dh_common_server_kx (session, data, _data_size, 0); | ||
200 | if (ret < 0) | ||
201 | { | ||
202 | MHD_gnutls_assert (); | ||
203 | return ret; | ||
204 | } | ||
205 | |||
206 | /* VERIFY SIGNATURE */ | ||
207 | |||
208 | vparams.size = ret; | ||
209 | vparams.data = data; | ||
210 | |||
211 | DECR_LEN (data_size, 2); | ||
212 | sigsize = MHD_gtls_read_uint16 (&data[vparams.size]); | ||
213 | |||
214 | DECR_LEN (data_size, sigsize); | ||
215 | signature.data = &data[vparams.size + 2]; | ||
216 | signature.size = sigsize; | ||
217 | |||
218 | if ((ret = | ||
219 | MHD_gtls_raw_cert_to_gcert (&peer_cert, | ||
220 | session->security_parameters.cert_type, | ||
221 | &info->raw_certificate_list[0], | ||
222 | CERT_NO_COPY)) < 0) | ||
223 | { | ||
224 | MHD_gnutls_assert (); | ||
225 | return ret; | ||
226 | } | ||
227 | |||
228 | ret = | ||
229 | MHD_gtls_verify_sig_params (session, &peer_cert, &vparams, &signature); | ||
230 | |||
231 | MHD_gtls_gcert_deinit (&peer_cert); | ||
232 | if (ret < 0) | ||
233 | { | ||
234 | MHD_gnutls_assert (); | ||
235 | return ret; | ||
236 | } | ||
237 | |||
238 | return ret; | ||
239 | } | ||
240 | |||
241 | |||
242 | |||
243 | static int | ||
244 | proc_dhe_client_kx (MHD_gtls_session_t session, opaque * data, | ||
245 | size_t _data_size) | ||
246 | { | ||
247 | MHD_gtls_cert_credentials_t cred; | ||
248 | int ret; | ||
249 | mpi_t p, g; | ||
250 | const mpi_t *mpis; | ||
251 | MHD_gtls_dh_params_t dh_params; | ||
252 | |||
253 | cred = (MHD_gtls_cert_credentials_t) | ||
254 | MHD_gtls_get_cred (session->key, MHD_GNUTLS_CRD_CERTIFICATE, NULL); | ||
255 | if (cred == NULL) | ||
256 | { | ||
257 | MHD_gnutls_assert (); | ||
258 | return GNUTLS_E_INSUFFICIENT_CREDENTIALS; | ||
259 | } | ||
260 | |||
261 | dh_params = | ||
262 | MHD_gtls_get_dh_params (cred->dh_params, cred->params_func, session); | ||
263 | mpis = MHD_gtls_dh_params_to_mpi (dh_params); | ||
264 | if (mpis == NULL) | ||
265 | { | ||
266 | MHD_gnutls_assert (); | ||
267 | return GNUTLS_E_NO_TEMPORARY_DH_PARAMS; | ||
268 | } | ||
269 | |||
270 | p = mpis[0]; | ||
271 | g = mpis[1]; | ||
272 | |||
273 | ret = MHD_gtls_proc_dh_common_client_kx (session, data, _data_size, g, p); | ||
274 | |||
275 | return ret; | ||
276 | |||
277 | } | ||
diff --git a/src/daemon/https/x509/Makefile.am b/src/daemon/https/x509/Makefile.am index d5f64286..eef43e18 100644 --- a/src/daemon/https/x509/Makefile.am +++ b/src/daemon/https/x509/Makefile.am | |||
@@ -1,26 +1,25 @@ | |||
1 | SUBDIRS = . | ||
2 | |||
3 | if USE_COVERAGE | ||
4 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | ||
5 | endif | ||
6 | |||
7 | AM_CPPFLAGS = \ | 1 | AM_CPPFLAGS = \ |
8 | -I$(top_srcdir)/src/include \ | 2 | -I$(top_srcdir)/src/include \ |
9 | -I$(top_srcdir)/src/daemon/https \ | 3 | -I$(top_srcdir)/src/daemon/https \ |
10 | -I$(top_srcdir)/src/daemon/https/minitasn1 \ | 4 | -I$(top_srcdir)/src/daemon/https/minitasn1 \ |
11 | -I$(top_srcdir)/src/daemon/https/lgl \ | 5 | -I$(top_srcdir)/src/daemon/https/lgl \ |
12 | -I$(top_srcdir)/src/daemon/https/x509 \ | 6 | -I$(top_srcdir)/src/daemon/https/tls \ |
13 | -I$(top_srcdir)/src/daemon/https/tls | 7 | -I$(top_srcdir)/src/daemon/https/x509 |
14 | 8 | ||
15 | noinst_LTLIBRARIES = libx509.la | 9 | noinst_LTLIBRARIES = libx509.la |
16 | 10 | ||
17 | libx509_la_LDFLAGS = -lgcrypt | 11 | libx509_la_LDFLAGS = -lgcrypt |
18 | 12 | ||
13 | if USE_COVERAGE | ||
14 | AM_CFLAGS = -fprofile-arcs -ftest-coverage | ||
15 | endif | ||
16 | |||
17 | |||
19 | libx509_la_SOURCES = \ | 18 | libx509_la_SOURCES = \ |
20 | common.c common.h \ | 19 | common.c common.h \ |
21 | extensions.c extensions.h \ | 20 | extensions.c extensions.h \ |
22 | mpi.c mpi.h \ | 21 | mpi.c mpi.h \ |
23 | pkcs12.h \ | 22 | pkcs12.h \ |
24 | x509_privkey.c privkey.h \ | 23 | x509_privkey.c privkey.h \ |
25 | x509.c x509.h | 24 | x509.c x509.h |
26 | 25 | ||
diff --git a/src/examples/Makefile.am b/src/examples/Makefile.am index f175915b..9d2f2014 100644 --- a/src/examples/Makefile.am +++ b/src/examples/Makefile.am | |||
@@ -4,6 +4,10 @@ AM_CPPFLAGS = \ | |||
4 | -I$(top_srcdir)/src/include \ | 4 | -I$(top_srcdir)/src/include \ |
5 | -I$(top_srcdir)/src/daemon/https | 5 | -I$(top_srcdir)/src/daemon/https |
6 | 6 | ||
7 | if USE_COVERAGE | ||
8 | AM_CFLAGS = --coverage | ||
9 | endif | ||
10 | |||
7 | # example programs | 11 | # example programs |
8 | noinst_PROGRAMS = \ | 12 | noinst_PROGRAMS = \ |
9 | authorization_example \ | 13 | authorization_example \ |