Exemple #1
0
static void
build_personal_name (void)
{
	ASN1_TYPE asn1_pkix = NULL, asn;
	guchar buffer[10024];
	int res, len;

	res = asn1_array2tree (pkix_asn1_tab, &asn1_pkix, NULL);
	g_assert (res == ASN1_SUCCESS);

	res = asn1_create_element (asn1_pkix, "PKIX1.PersonalName", &asn);
	g_assert (res == ASN1_SUCCESS);

	asn1_write_value (asn, "surname", "Turanga", 7);
	asn1_write_value (asn, "given-name", "Leela", 5);
	asn1_write_value (asn, "initials", NULL, 0);
	asn1_write_value (asn, "generation-qualifier", "Alien", 5);

	len = sizeof (buffer);
	res = asn1_der_coding (asn, "", buffer, &len, NULL);
	g_assert (res == ASN1_SUCCESS);

	asn1_delete_structure (&asn);
	asn1_delete_structure (&asn1_pkix);

	if (!g_file_set_contents ("/tmp/personal-name.der", (gchar*)buffer, len, NULL))
		g_assert (FALSE);

}
Exemple #2
0
int
main (int argc,
      char *argv[])
{
    char message[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = { 0, };
    node_asn *definitions = NULL;
    node_asn *oid = NULL;
    char *buf;
    int len;
    int ret;

    if (argc != 2) {
        fprintf (stderr, "usage: frob-oid 1.1.1\n");
        return 2;
    }

    ret = asn1_array2tree (pkix_asn1_tab, &definitions, message);
    if (ret != ASN1_SUCCESS) {
        fprintf (stderr, "definitions: %s\n", message);
        return 1;
    }

    /* AttributeType is a OBJECT IDENTIFIER */
    ret = asn1_create_element (definitions, "PKIX1.AttributeType", &oid);
    err_if_fail (ret, "AttributeType");

    ret = asn1_write_value (oid, "", argv[1], strlen (argv[1]));
    err_if_fail (ret, "asn1_write_value");

    len = 0;
    ret = asn1_der_coding (oid, "", NULL, &len, message);
    assert (ret == ASN1_MEM_ERROR);

    buf = malloc (len);
    assert (buf != NULL);
    ret = asn1_der_coding (oid, "", buf, &len, message);
    if (ret != ASN1_SUCCESS) {
        fprintf (stderr, "asn1_der_coding: %s\n", message);
        free (buf);
        return 1;
    }

    fwrite (buf, 1, len, stdout);
    fflush (stdout);
    free (buf);

    asn1_delete_structure (&oid);
    asn1_delete_structure (&definitions);

    return 0;
}
Exemple #3
0
static int      init_asn1(smb_session *s)
{
    int           res;

    assert(s != NULL);

    if (s->spnego_asn1 != NULL)
        return DSM_ERROR_GENERIC;

    res = asn1_array2tree(spnego_asn1_conf, &s->spnego_asn1, NULL);
    if (res != ASN1_SUCCESS)
    {
        asn1_display_error("init_asn1", res);
        return DSM_ERROR_GENERIC;
    }
    else
    {
        BDSM_dbg("init_asn1: ASN.1 parser initialized\n");
        return DSM_SUCCESS;
    }
}
int
main (int argc, char *argv[])
{
  int result, der_len;
  unsigned char der[1024];
  ASN1_TYPE PKIX1Implicit88 = ASN1_TYPE_EMPTY;
  char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];

  if (1)
    result =
      asn1_array2tree (pkix_asn1_tab, &PKIX1Implicit88, errorDescription);
  else
    result =
      asn1_parser2tree ("pkix.asn", &PKIX1Implicit88, errorDescription);

  if (result != ASN1_SUCCESS)
    {
      asn1_perror (result);
      printf ("%s", errorDescription);
      exit (1);
    }


  /* Use the following 3 lines to visit the PKIX1Implicit structures */
  /* printf("-----------------\n");
     asn1_visit_tree(PKIX1Implicit88,"PKIX1Implicit88");
     printf("-----------------\n"); */

  der_len = 1024;
  create_certificate (PKIX1Implicit88, der, &der_len);

  get_certificate (PKIX1Implicit88, der, der_len);

  /* Clear the "PKIX1Implicit88" structures */
  asn1_delete_structure (&PKIX1Implicit88);

  return 0;
}
Exemple #5
0
int
main (int argc, char *argv[])
{
  FILE *fpin, *fpout;
  const char *fileNameIn;
  const char *fileNameOut;
  unsigned char  buffer[MAX_LENGTH_INT];
  unsigned char  newBuffer[2*MAX_LENGTH_INT];
  char  params[MAX_LENGTH_CMD];
  char  str[MAX_LENGTH_VAR];	// Number of polynomial or integer of a polynomial
  char  n[MAX_LENGTH_VAR];	// Number of variables as a string
  char  o[MAX_LENGTH_VAR];	// Number of polynomials as a string
  int   nn;			// Number of variables as an integer
  int   oo;			// Number of polynomials as an integer
  int   i, j;
  int   result, der_len;
  unsigned char der[MAX_DER_SIZE], ch[1];

/******* Define input and output files *******/
  if (argc < 3)
  {
    printf("\nusage: %s ASN1BinaryFile PublicKeyIntFile\n\n", argv[0]);
    exit(1);
  }
  else
  {
    fileNameIn   = argv[1];
    fileNameOut  = argv[2];
    fpin = fopen(fileNameIn, "rb");
    if (!fpin) 
    {
      printf("\nError openning file: %s\n\n", fileNameIn);
      exit(1);
    }

    fpout = fopen(fileNameOut, "w");
    if (!fpout)
    {
      fclose(fpin);
      printf("\nError openning file: %s\n\n", fileNameOut);
      exit(1);
    }
  }
  printf("\nDecoding an ASN.1 file (%s), into a text file (%s)\n", fileNameIn, fileNameOut);

/******* ASN.1 initialization *******/

  ASN1_TYPE PK_def = ASN1_TYPE_EMPTY;
  ASN1_TYPE PK_dec = ASN1_TYPE_EMPTY;
  char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];

  // Creates definition structures needed to manage the ASN.1 definitions
  result = asn1_array2tree(pkInt_asn1_tab, &PK_def, errorDescription);

  if (result != ASN1_SUCCESS)
  {
    asn1_perror(result);
    printf ("%s\n", errorDescription);
    exit (1);
  }

  // Creates a structure of type "PKInt" (from *.asn definition file)
  result = asn1_create_element(PK_def, "PKInt.PublicKey", &PK_dec);
  if ( result != ASN1_SUCCESS )
  {
    printf("\nCould not create a new element to DECODE: %d\n", result);
    exit(1);
  }

/******* Read data from input file *******/
  der_len = i = 0;
  while ( 1 == fread(ch, 1, 1, fpin) )
  {
    der[i] = ch[0];
    i++;
    der_len++;
  }

  result = asn1_der_decoding(&PK_dec, der, der_len, errorDescription);
  if ( result != ASN1_SUCCESS )
  {
    printf("\nCould not make a DER decoding: %d\n", result);
    printf("Error description: %s\n", errorDescription);
    asn1_perror(result);
    exit(2);
  }

  /*printf("------------DEC-----------------\n");
  asn1_print_structure(stdout, PK_dec, "", ASN1_PRINT_ALL);
  printf("--------------------------------\n");*/

  clrBuff(buffer, MAX_LENGTH_INT);	// Necesary because asn1 functions just put data in buffer
					// without terminating it with 0x0!!!
  der_len = MAX_LENGTH_INT;
  result = asn1_read_value(PK_dec, "noVars", buffer, &der_len);
  if ( result != ASN1_SUCCESS )
  {
    printf("\nCould not make a DER decoding (noVars): %d\n", result);
    printf("Error description: %s\n", errorDescription);
    exit(1);
  }
  nn = atoi(buffer);

  clrBuff(buffer, MAX_LENGTH_INT);
  der_len = MAX_LENGTH_INT;
  result = asn1_read_value(PK_dec, "noPoly", buffer, &der_len);
  if ( result != ASN1_SUCCESS )
  {
    printf("\nCould not make a DER decoding (noPoly): %d\n", result);
    printf("Error description: %s\n", errorDescription);
    exit(1);
  }
  oo = atoi(buffer);
  printf("Number of variables:   %d\nNumber of polynomials: %d\n", nn, oo);

/******* Write 'n' and 'o' to output file ******/
  sprintf(str, "%d", nn);
  fprintf(fpout, "%s\n", str);
  sprintf(str, "%d", oo);
  fprintf(fpout, "%s\n", str);

// ******* Read all integers representing the polynomials *******
  nn = nn + 2;			// +2 because of linear terms vector and constant term
  for ( i=0; i<oo; i++ )
  {
    for ( j=0; j<nn; j++)
    {
      der_len = MAX_LENGTH_INT;
      sprintf(o, "%d", i+1);		// Number of polynomial as string in 'o'
      sprintf(n, "%d", j+1);		// Number of integer as string in 'n'
      strcpy(params, "polys.?");
      strcat(params, o);
      strcat(params, ".intData.?");
      strcat(params, n);
      clrBuff(buffer, MAX_LENGTH_INT);
      result = asn1_read_value(PK_dec, params, buffer, &der_len);

      /******* Write that integer (as a string) to output file *******/
      fprintf(fpout, "%s", buffer);
      fprintf(fpout, " ");
      if ( j == nn - 1 )
        fprintf(fpout, "\n");

      if ( result != ASN1_SUCCESS )
      {
        asn1_perror(result);
        printf("Could not write value in 'intData', i: %d\n", i);
        exit(4);
      }
    }
  }

  printf("...Done!\n\n");

/******* Closing program *******/
  asn1_delete_structure(&PK_dec);
  asn1_delete_structure(&PK_def);

  fclose(fpin);
  fclose(fpout);
  return 0;
}
Exemple #6
0
/**
 * gnutls_global_init:
 *
 * This function initializes the global data to defaults.  Every
 * gnutls application has a global data which holds common parameters
 * shared by gnutls session structures.  You should call
 * gnutls_global_deinit() when gnutls usage is no longer needed
 *
 * Note that this function will also initialize libgcrypt, if it has
 * not been initialized before.  Thus if you want to manually
 * initialize libgcrypt you must do it before calling this function.
 * This is useful in cases you want to disable libgcrypt's internal
 * lockings etc.
 *
 * This function increment a global counter, so that
 * gnutls_global_deinit() only releases resources when it has been
 * called as many times as gnutls_global_init().  This is useful when
 * GnuTLS is used by more than one library in an application.  This
 * function can be called many times, but will only do something the
 * first time.
 *
 * Note!  This function is not thread safe.  If two threads call this
 * function simultaneously, they can cause a race between checking
 * the global counter and incrementing it, causing both threads to
 * execute the library initialization code.  That would lead to a
 * memory leak.  To handle this, your application could invoke this
 * function after aquiring a thread mutex.  To ignore the potential
 * memory leak is also an option.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
 *   otherwise an error code is returned.
 **/
int
gnutls_global_init (void)
{
  int result = 0;
  int res;

  if (_gnutls_init++)
    goto out;

  if (gl_sockets_startup (SOCKETS_1_1))
    return GNUTLS_E_LIBRARY_VERSION_MISMATCH;

  bindtextdomain (PACKAGE, LOCALEDIR);

  /* Initialize libgcrypt if it hasn't already been initialized. */
  if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0)
    {
      const char *p;

      p = gcry_check_version (GNUTLS_MIN_LIBGCRYPT_VERSION);

      if (p == NULL)
	{
	  gnutls_assert ();
	  _gnutls_debug_log ("Checking for libgcrypt failed: %s < %s\n",
			     gcry_check_version (NULL),
			     GNUTLS_MIN_LIBGCRYPT_VERSION);
	  return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
	}

      /* for gcrypt in order to be able to allocate memory */
      gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0);

      gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
    }

  /* initialize ASN.1 parser
   * This should not deal with files in the final
   * version.
   */
  if (asn1_check_version (GNUTLS_MIN_LIBTASN1_VERSION) == NULL)
    {
      gnutls_assert ();
      _gnutls_debug_log ("Checking for libtasn1 failed: %s < %s\n",
			 asn1_check_version (NULL),
			 GNUTLS_MIN_LIBTASN1_VERSION);
      return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
    }

  res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
  if (res != ASN1_SUCCESS)
    {
      result = _gnutls_asn2err (res);
      goto out;
    }

  res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
  if (res != ASN1_SUCCESS)
    {
      asn1_delete_structure (&_gnutls_pkix1_asn);
      result = _gnutls_asn2err (res);
      goto out;
    }

  /* Initialize the random generator */
  result = _gnutls_rnd_init ();
  if (result < 0)
    {
      gnutls_assert ();
      goto out;
    }

  /* Initialize the default TLS extensions */
  result = _gnutls_ext_init ();
  if (result < 0)
    {
      gnutls_assert ();
      goto out;
    }

  _gnutls_cryptodev_init ();

out:
  return result;
}
Exemple #7
0
static int _gnutls_global_init(unsigned constructor)
{
	int ret = 0, res;
	int level;
	const char* e;

	if (!constructor) {
		GNUTLS_STATIC_MUTEX_LOCK(global_init_mutex);
	}

	_gnutls_init++;
	if (_gnutls_init > 1) {
		if (_gnutls_init == 2 && _gnutls_init_ret == 0) {
			/* some applications may close the urandom fd 
			 * before calling gnutls_global_init(). in that
			 * case reopen it */
			ret = _gnutls_rnd_check();
			if (ret < 0) {
				gnutls_assert();
				goto out;
			}
		}
		ret = _gnutls_init_ret;
		goto out;
	}

	_gnutls_switch_lib_state(LIB_STATE_INIT);

	e = secure_getenv("GNUTLS_DEBUG_LEVEL");
	if (e != NULL) {
		level = atoi(e);
		gnutls_global_set_log_level(level);
		if (_gnutls_log_func == NULL)
			gnutls_global_set_log_function(default_log_func);
		_gnutls_debug_log("Enabled GnuTLS "VERSION" logging...\n");
	}

#ifdef HAVE_DCGETTEXT
	bindtextdomain(PACKAGE, LOCALEDIR);
#endif

	res = gnutls_crypto_init();
	if (res != 0) {
		gnutls_assert();
		ret = GNUTLS_E_CRYPTO_INIT_FAILED;
		goto out;
	}

	ret = _gnutls_system_key_init();
	if (ret != 0) {
		gnutls_assert();
	}

	/* initialize ASN.1 parser
	 */
	if (asn1_check_version(GNUTLS_MIN_LIBTASN1_VERSION) == NULL) {
		gnutls_assert();
		_gnutls_debug_log
		    ("Checking for libtasn1 failed: %s < %s\n",
		     asn1_check_version(NULL),
		     GNUTLS_MIN_LIBTASN1_VERSION);
		ret = GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
		goto out;
	}

	_gnutls_pkix1_asn = ASN1_TYPE_EMPTY;
	res = asn1_array2tree(pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
	if (res != ASN1_SUCCESS) {
		gnutls_assert();
		ret = _gnutls_asn2err(res);
		goto out;
	}

	res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
	if (res != ASN1_SUCCESS) {
		gnutls_assert();
		ret = _gnutls_asn2err(res);
		goto out;
	}

	/* Initialize the random generator */
	ret = _gnutls_rnd_preinit();
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

	/* Initialize the default TLS extensions */
	ret = _gnutls_ext_init();
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

	ret = gnutls_mutex_init(&_gnutls_file_mutex);
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

	ret = gnutls_mutex_init(&_gnutls_pkcs11_mutex);
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

	ret = gnutls_system_global_init();
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

#ifndef _WIN32
	ret = _gnutls_register_fork_handler();
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}
#endif

#ifdef ENABLE_FIPS140
	res = _gnutls_fips_mode_enabled();
	/* res == 1 -> fips140-2 mode enabled
	 * res == 2 -> only self checks performed - but no failure
	 * res == not in fips140 mode
	 */
	if (res != 0) {
		_gnutls_debug_log("FIPS140-2 mode: %d\n", res);
		_gnutls_priority_update_fips();

		/* first round of self checks, these are done on the
		 * nettle algorithms which are used internally */
		ret = _gnutls_fips_perform_self_checks1();
		if (res != 2) {
			if (ret < 0) {
				gnutls_assert();
				goto out;
			}
		}
	}
#endif

	_gnutls_register_accel_crypto();
	_gnutls_cryptodev_init();
	_gnutls_load_system_priorities();

#ifdef ENABLE_FIPS140
	/* These self tests are performed on the overriden algorithms
	 * (e.g., AESNI overriden AES). They are after _gnutls_register_accel_crypto()
	 * intentionally */
	if (res != 0) {
		ret = _gnutls_fips_perform_self_checks2();
		if (res != 2) {
			if (ret < 0) {
				gnutls_assert();
				goto out;
			}
		}
		_gnutls_fips_mode_reset_zombie();
	}
#endif
	_gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
	ret = 0;

      out:
	_gnutls_init_ret = ret;
	if (!constructor) {
		GNUTLS_STATIC_MUTEX_UNLOCK(global_init_mutex);
	}
	return ret;
}
Exemple #8
0
/**
 * gnutls_global_init:
 *
 * This function performs any required precalculations, detects
 * the supported CPU capabilities and initializes the underlying
 * cryptographic backend. In order to free any resources 
 * taken by this call you should gnutls_global_deinit() 
 * when gnutls usage is no longer needed.
 *
 * This function increments a global counter, so that
 * gnutls_global_deinit() only releases resources when it has been
 * called as many times as gnutls_global_init().  This is useful when
 * GnuTLS is used by more than one library in an application.  This
 * function can be called many times, but will only do something the
 * first time.
 *
 * Since GnuTLS 3.3.0 this function is only required in systems that
 * do not support library constructors and static linking. This
 * function also became thread safe.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
 *   otherwise a negative error code is returned.
 **/
int gnutls_global_init(void)
{
	int ret = 0, res;
	int level;
	const char* e;
	
	GNUTLS_STATIC_MUTEX_LOCK(global_init_mutex);

	_gnutls_init++;
	if (_gnutls_init > 1) {
		ret = 0;
		goto out;
	}

	_gnutls_switch_lib_state(LIB_STATE_INIT);

	e = getenv("GNUTLS_DEBUG_LEVEL");
	if (e != NULL) {
		level = atoi(e);
		gnutls_global_set_log_level(level);
		if (_gnutls_log_func == NULL)
			gnutls_global_set_log_function(default_log_func);
		_gnutls_debug_log("Enabled GnuTLS logging...\n");
	}

	bindtextdomain(PACKAGE, LOCALEDIR);

	res = gnutls_crypto_init();
	if (res != 0) {
		gnutls_assert();
		ret = GNUTLS_E_CRYPTO_INIT_FAILED;
		goto out;
	}

	/* initialize ASN.1 parser
	 */
	if (asn1_check_version(GNUTLS_MIN_LIBTASN1_VERSION) == NULL) {
		gnutls_assert();
		_gnutls_debug_log
		    ("Checking for libtasn1 failed: %s < %s\n",
		     asn1_check_version(NULL),
		     GNUTLS_MIN_LIBTASN1_VERSION);
		ret = GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
		goto out;
	}

	res = asn1_array2tree(pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
	if (res != ASN1_SUCCESS) {
		ret = _gnutls_asn2err(res);
		goto out;
	}

	res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
	if (res != ASN1_SUCCESS) {
		ret = _gnutls_asn2err(res);
		goto out;
	}

	/* Initialize the random generator */
	ret = _gnutls_rnd_init();
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

	/* Initialize the default TLS extensions */
	ret = _gnutls_ext_init();
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

	ret = gnutls_mutex_init(&_gnutls_file_mutex);
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

	ret = gnutls_mutex_init(&_gnutls_pkcs11_mutex);
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

	ret = gnutls_system_global_init();
	if (ret < 0) {
		gnutls_assert();
		goto out;
	}

	_gnutls_register_accel_crypto();
	_gnutls_cryptodev_init();

#ifdef ENABLE_FIPS140
	/* Perform FIPS140 checks last, so that all modules
	 * have been loaded */
	res = _gnutls_fips_mode_enabled();
	/* res == 1 -> fips140-2 mode enabled
	 * res == 2 -> only self checks performed - but no failure
	 * res == not in fips140 mode
	 */
	if (res != 0) {
		_gnutls_priority_update_fips();

		ret = _gnutls_fips_perform_self_checks();
		if (res != 2) {
			if (ret < 0) {
				gnutls_assert();
				goto out;
			}
		}
	}
#endif
	_gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);
	ret = 0;

      out:
	GNUTLS_STATIC_MUTEX_UNLOCK(global_init_mutex);
	return ret;
}
Exemple #9
0
/**
  * gnutls_global_init - This function initializes the global data to defaults.
  *
  * This function initializes the global data to defaults.
  * Every gnutls application has a global data which holds common parameters
  * shared by gnutls session structures.
  * You must call gnutls_global_deinit() when gnutls usage is no longer needed
  * Returns zero on success.
  *
  * Note that this function will also initialize libgcrypt, if it has not
  * been initialized before. Thus if you want to manually initialize libgcrypt
  * you must do it before calling this function. This is useful in cases you 
  * want to disable libgcrypt's internal lockings etc.
  *
  * This function increment a global counter, so that
  * gnutls_global_deinit() only releases resources when it has been
  * called as many times as gnutls_global_init().  This is useful when
  * GnuTLS is used by more than one library in an application.  This
  * function can be called many times, but will only do something the
  * first time.
  *
  * Note!  This function is not thread safe.  If two threads call this
  * function simultaneously, they can cause a race between checking
  * the global counter and incrementing it, causing both threads to
  * execute the library initialization code.  That would lead to a
  * memory leak.  To handle this, your application could invoke this
  * function after aquiring a thread mutex.  To ignore the potential
  * memory leak is also an option.
  *
  **/
int
gnutls_global_init (void)
{
  int result = 0;
  int res;
  char c;

  if (_gnutls_init++)
    goto out;

#if HAVE_WINSOCK
  {
    WORD requested;
    WSADATA data;
    int err;

    requested = MAKEWORD (1, 1);
    err = WSAStartup (requested, &data);
    if (err != 0)
      {
	_gnutls_debug_log ("WSAStartup failed: %d.\n", err);
	return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
      }

    if (data.wVersion < requested)
      {
	_gnutls_debug_log ("WSAStartup version check failed (%d < %d).\n",
			   data.wVersion, requested);
	WSACleanup ();
	return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
      }
  }
#endif

  bindtextdomain (PACKAGE, LOCALEDIR);

  if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0)
    {
      const char *p;
      p = strchr (GNUTLS_GCRYPT_VERSION, ':');
      if (p == NULL)
	p = GNUTLS_GCRYPT_VERSION;
      else
	p++;

      if (gcry_check_version (p) == NULL)
	{
	  gnutls_assert ();
	  _gnutls_debug_log ("Checking for libgcrypt failed '%s'\n", p);
	  return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
	}

      /* for gcrypt in order to be able to allocate memory */
      gcry_set_allocation_handler (gnutls_malloc, gnutls_secure_malloc,
				   _gnutls_is_secure_memory, gnutls_realloc,
				   gnutls_free);

      /* gcry_control (GCRYCTL_DISABLE_INTERNAL_LOCKING, NULL, 0); */

      gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);

#ifdef DEBUG
      /* applications may want to override that, so we only use
       * it in debugging mode.
       */
      gcry_set_log_handler (_gnutls_gcry_log_handler, NULL);
#endif
    }

  if (gc_init () != GC_OK)
    {
      gnutls_assert ();
      _gnutls_debug_log ("Initializing crypto backend failed\n");
      return GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY;
    }

  /* for gcrypt in order to be able to allocate memory */
  gc_set_allocators (gnutls_malloc, gnutls_secure_malloc,
		     _gnutls_is_secure_memory, gnutls_realloc, gnutls_free);

#ifdef DEBUG
  gnutls_global_set_log_function (dlog);
#endif

  /* initialize parser 
   * This should not deal with files in the final
   * version.
   */

  if (asn1_check_version (GNUTLS_LIBTASN1_VERSION) == NULL)
    {
      gnutls_assert ();
      return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
    }

  res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
  if (res != ASN1_SUCCESS)
    {
      result = _gnutls_asn2err (res);
      goto out;
    }

  res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
  if (res != ASN1_SUCCESS)
    {
      asn1_delete_structure (&_gnutls_pkix1_asn);
      result = _gnutls_asn2err (res);
      goto out;
    }
    
  /* Initialize the gcrypt (if used random generator) */
  gc_pseudo_random (&c, 1);

out:
  return result;
}
Exemple #10
0
static gnutls_pubkey_t
create_rsa_from_modulus(unsigned char *modulus, unsigned int modulus_len,
                        uint32_t exponent)
{
    unsigned char exp_array[4];
    uint32_t exponent_no = htonl(exponent);
    gnutls_pubkey_t rsa = NULL;
    gnutls_datum_t mod;
    gnutls_datum_t exp = {
        .data = exp_array,
        .size = sizeof(exp_array),
    };
    int err;

    memcpy(exp_array, &exponent_no, sizeof(exp_array));

    err = gnutls_pubkey_init(&rsa);
    if (err < 0) {
        fprintf(stderr, "Could not initialized public key structure : %s\n",
                gnutls_strerror(err));
        return NULL;
    }

    mod.data = modulus;
    mod.size = modulus_len;

    err = gnutls_pubkey_import_rsa_raw(rsa, &mod, &exp);
    if (err < 0) {
        fprintf(stderr, "Could not set modulus and exponent on RSA key : %s\n",
                gnutls_strerror(err));
        gnutls_pubkey_deinit(rsa);
        rsa = NULL;
    }

    return rsa;
}

static int
asn_init()
{
    static bool inited;
    int err;

    if (inited)
        return ASN1_SUCCESS;

    err = asn1_array2tree(tpm_asn1_tab, &_tpm_asn, NULL);
    if (err != ASN1_SUCCESS) {
        fprintf(stderr, "array2tree error: %d", err);
        goto cleanup;
    }

    inited = true;

cleanup:

    return err;
}

static int
create_tpm_manufacturer_info(const char *manufacturer,
                             const char *tpm_model,
                             const char *tpm_version,
                             gnutls_datum_t *asn1)
{
    ASN1_TYPE at = ASN1_TYPE_EMPTY;
    int err;

    err = asn_init();
    if (err != ASN1_SUCCESS) {
        goto cleanup;
    }

    err = asn1_create_element(_tpm_asn, "TPM.TPMManufacturerInfo", &at);
    if (err != ASN1_SUCCESS) {
        fprintf(stderr, "asn1_create_element error: %d\n", err);
        goto cleanup;
    }

    err = asn1_write_value(at, "tpmManufacturer.id", "2.23.133.2.1", 0);
    if (err != ASN1_SUCCESS) {
        fprintf(stderr, "1. asn1_write_value error: %d\n", err);
        goto cleanup;
    }

    err = asn1_write_value(at, "tpmManufacturer.manufacturer",
                           manufacturer, 0);
    if (err != ASN1_SUCCESS) {
        fprintf(stderr, "2. asn1_write_value error: %d\n", err);
        goto cleanup;
    }
    
    err = asn1_write_value(at, "tpmModel.id", "2.23.133.2.2", 0);
    if (err != ASN1_SUCCESS) {
        fprintf(stderr, "3. asn1_write_value error: %d\n", err);
        goto cleanup;
    }

    err = asn1_write_value(at, "tpmModel.model", manufacturer, 0);
    if (err != ASN1_SUCCESS) {
        fprintf(stderr, "4. asn1_write_value error: %d\n", err);
        goto cleanup;
    }
    
    err = asn1_write_value(at, "tpmVersion.id", "2.23.133.2.3", 0);
    if (err != ASN1_SUCCESS) {
        fprintf(stderr, "5. asn1_write_value error: %d\n", err);
        goto cleanup;
    }

    err = asn1_write_value(at, "tpmVersion.version", manufacturer, 0);
    if (err != ASN1_SUCCESS) {
        fprintf(stderr, "6. asn1_write_value error: %d\n", err);
        goto cleanup;
    }
    
    /* determine needed size of byte array */
    asn1->size = 0;
    err = asn1_der_coding(at, "", NULL, (int *)&asn1->size, NULL);
    if (err != ASN1_MEM_ERROR) {
        fprintf(stderr, "1. asn1_der_coding error: %d\n", err);
        goto cleanup;
    }
    //fprintf(stderr, "size=%d\n", asn1->size);
    asn1->data = gnutls_malloc(asn1->size + 16);
    err = asn1_der_coding(at, "", asn1->data, (int *)&asn1->size, NULL);

    if (err != ASN1_SUCCESS) {
        fprintf(stderr, "2. asn1_der_coding error: %d\n", err);
        gnutls_free(asn1->data);
        asn1->data = NULL;
        goto cleanup;
    }

#if 0
    fprintf(stderr, "size=%d\n", asn1->size);
    unsigned int i = 0;
    for (i = 0; i < asn1->size; i++) {
        fprintf(stderr, "%02x ", asn1->data[i]);
    }
    fprintf(stderr, "\n");
#endif

 cleanup:    
    asn1_delete_structure(&at);
    
    return err;
}
Exemple #11
0
/**
 * gnutls_global_init:
 *
 * This function performs any required precalculations, detects
 * the supported CPU capabilities and initializes the underlying
 * cryptographic backend. In order to free any resources 
 * taken by this call you should gnutls_global_deinit() 
 * when gnutls usage is no longer needed.
 *
 * This function increments a global counter, so that
 * gnutls_global_deinit() only releases resources when it has been
 * called as many times as gnutls_global_init().  This is useful when
 * GnuTLS is used by more than one library in an application.  This
 * function can be called many times, but will only do something the
 * first time.
 *
 * Note!  This function is not thread safe.  If two threads call this
 * function simultaneously, they can cause a race between checking
 * the global counter and incrementing it, causing both threads to
 * execute the library initialization code.  That would lead to a
 * memory leak.  To handle this, your application could invoke this
 * function after aquiring a thread mutex.  To ignore the potential
 * memory leak is also an option.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned,
 *   otherwise a negative error code is returned.
 **/
int
gnutls_global_init (void)
{
  int result = 0;
  int res;

  if (_gnutls_init++)
    goto out;

  if (gl_sockets_startup (SOCKETS_1_1))
    return gnutls_assert_val(GNUTLS_E_FILE_ERROR);

  bindtextdomain (PACKAGE, LOCALEDIR);

  res = gnutls_crypto_init ();
  if (res != 0)
    {
      gnutls_assert ();
      return GNUTLS_E_CRYPTO_INIT_FAILED;
    }

  _gnutls_register_accel_crypto();

  /* initialize ASN.1 parser
   * This should not deal with files in the final
   * version.
   */
  if (asn1_check_version (GNUTLS_MIN_LIBTASN1_VERSION) == NULL)
    {
      gnutls_assert ();
      _gnutls_debug_log ("Checking for libtasn1 failed: %s < %s\n",
                         asn1_check_version (NULL),
                         GNUTLS_MIN_LIBTASN1_VERSION);
      return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
    }

  res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
  if (res != ASN1_SUCCESS)
    {
      result = _gnutls_asn2err (res);
      goto out;
    }

  res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
  if (res != ASN1_SUCCESS)
    {
      result = _gnutls_asn2err (res);
      goto out;
    }

  /* Initialize the random generator */
  result = _gnutls_rnd_init ();
  if (result < 0)
    {
      gnutls_assert ();
      goto out;
    }

  /* Initialize the default TLS extensions */
  result = _gnutls_ext_init ();
  if (result < 0)
    {
      gnutls_assert ();
      goto out;
    }

  result = gnutls_mutex_init(&_gnutls_file_mutex);
  if (result < 0)
    {
      gnutls_assert();
      goto out;
    }

  result = gnutls_system_global_init ();
  if (result < 0)
    {
      gnutls_assert ();
      goto out;
    }

#ifdef ENABLE_PKCS11
  gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
#endif

  _gnutls_cryptodev_init ();

out:
  return result;
}