orbea
/
efl
forked from enlightenment/efl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

eet: add support for GnuTLS 3.x 

SVN revision: 67785
This commit is contained in:
Cedric BAIL 2012-02-09 10:30:04 +00:00
parent edbdd6a1ad
commit 87eb14012b
4 changed files with 146 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
legacy/eet/ChangeLog
View File

@ -547,21 +547,25 @@
noticable quality losses in the chase for speed. It will use noticable quality losses in the chase for speed. It will use
IFAST for quality less than 60 when encoding IFAST for quality less than 60 when encoding
2011-12-02 Carsten Haitzler (The Rasterman) 2011-12-02 Carsten Haitzler (The Rasterman)
1.1.0 release 1.1.0 release
2011-12-02 Mike Blumenkrantz 2011-12-02 Mike Blumenkrantz
* added eet_file_get to return the filename of an Eet_File * added eet_file_get to return the filename of an Eet_File
* Eet_File filenames are now stringshared * Eet_File filenames are now stringshared
* added mempool allocators * added mempool allocators
2011-12-29 Carsten Haitzler (The Rasterman) 2011-12-29 Carsten Haitzler (The Rasterman)
* increase eet_connection packet size to 1Mb - more reasonable. * increase eet_connection packet size to 1Mb - more reasonable.
2012-01-07 Boris Faure (billiob) 2012-01-07 Boris Faure (billiob)
* make eet tool write to standard output if no output file given. * make eet tool write to standard output if no output file given.
2012-02-09 Cedric Bail
* add support for GNUTLS 3.x.

1
legacy/eet/NEWS
View File

@ -9,6 +9,7 @@ Additions:
Improvements: Improvements:
* most allocations moved to mempools * most allocations moved to mempools
* support GNUTLS 3.x
Eet 1.5.0 Eet 1.5.0

114
legacy/eet/configure.ac
View File

@ -1,4 +1,4 @@
y##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--## ##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--## ##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##--##
m4_define([v_maj], [1]) m4_define([v_maj], [1])
m4_define([v_min], [5]) m4_define([v_min], [5])
@ -110,39 +110,6 @@ else
AC_DEFINE(EET_OLD_EET_FILE_FORMAT, 0, [support old eet file format]) AC_DEFINE(EET_OLD_EET_FILE_FORMAT, 0, [support old eet file format])
fi fi
# Gnutls support
AC_ARG_ENABLE([gnutls],
[AC_HELP_STRING([--disable-gnutls], [disable gnutls eet support])],
[want_gnutls=$enableval]
)
AC_MSG_CHECKING([whether to use Gnutls])
AC_MSG_RESULT([${want_gnutls}])
# Specific GNUTLS improvement
new_gnutls_api="yes"
AC_ARG_ENABLE(new-gnutls-api,
[AC_HELP_STRING(
[--disable-new-gnutls-api],
[enable use of gnutls_x509_crt_verify_hash. [[default=enable]]]
)],
[new_gnutls_api=$enableval]
)
AC_MSG_CHECKING([whether to use gnutls_x509_crt_verify_hash])
AC_MSG_RESULT([${new_gnutls_api}])
if test "x${new_gnutls_api}" = "xyes" ; then
AC_CHECK_LIB(gnutls, gnutls_x509_crt_verify_hash,
[ new_gnutls_api="yes" ],
[ new_gnutls_api="no" ]
)
if test "x${new_gnutls_api}" = "xyes"; then
AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
fi
fi
# Openssl support # Openssl support
AC_ARG_ENABLE([openssl], AC_ARG_ENABLE([openssl],
@ -267,6 +234,15 @@ AC_SUBST(EET_LIBS)
PKG_CHECK_MODULES(EINA, [eina >= 1.1.0]) PKG_CHECK_MODULES(EINA, [eina >= 1.1.0])
requirement_eet="eina >= 1.1.0 ${requirement_eet}" requirement_eet="eina >= 1.1.0 ${requirement_eet}"
# Gnutls support
AC_ARG_ENABLE([gnutls],
[AC_HELP_STRING([--disable-gnutls], [disable gnutls eet support])],
[want_gnutls=$enableval]
)
AC_MSG_CHECKING([whether to use Gnutls])
AC_MSG_RESULT([${want_gnutls}])
# Gnutls library # Gnutls library
have_gnutls="no" have_gnutls="no"
if test "x${want_gnutls}" = "xyes" || test "x${want_gnutls}" = "xauto" ; then if test "x${want_gnutls}" = "xyes" || test "x${want_gnutls}" = "xauto" ; then
@ -287,6 +263,76 @@ if test "x${want_gnutls}" = "xyes" || test "x${want_gnutls}" = "xauto" ; then
fi fi
fi fi
# Specific GNUTLS improvement
new_gnutls_api="yes"
AC_ARG_ENABLE(new-gnutls-api,
[AC_HELP_STRING(
[--disable-new-gnutls-api],
[enable use of gnutls_x509_crt_verify_hash. [[default=enable]]]
)],
[new_gnutls_api=$enableval]
)
AC_MSG_CHECKING([whether to use gnutls_x509_crt_verify_hash])
AC_MSG_RESULT([${new_gnutls_api}])
if test "x${new_gnutls_api}" = "xyes" ; then
tmp_CFLAGS="${CFLAGS}"
tmp_LIBS="${LIBS}"
CFLAGS="${GNUTLS_CFLAGS}"
LIBS="${GNUTLS_LIBS}"
AC_CHECK_LIB(gnutls, gnutls_x509_crt_verify_hash,
[ new_gnutls_api="yes" ],
[ new_gnutls_api="no" ]
)
CFLAGS="${tmp_CFLAGS}"
LIBS="${tmp_LIBS}"
if test "x${new_gnutls_api}" = "xyes"; then
AC_DEFINE(EET_USE_NEW_GNUTLS_API, 1, [use gnutls_x509_crt_verify_hash])
fi
fi
use_gnutls_privkey_sign_data="no"
if test "x${want_gnutls}" = "xyes" -o "x${want_gnutls}" = "xauto"; then
tmp_CFLAGS="${CFLAGS}"
tmp_LIBS="${LIBS}"
CFLAGS="${GNUTLS_CFLAGS}"
LIBS="${GNUTLS_LIBS}"
AC_CHECK_LIB(gnutls, gnutls_privkey_sign_data,
[ use_gnutls_privkey_sign_data="yes" ],
[ use_gnutls_privkey_sign_data="no" ]
)
CFLAGS="${tmp_CFLAGS}"
LIBS="${tmp_LIBS}"
if test "x${use_gnutls_privkey_sign_data}" = "xyes"; then
AC_DEFINE(EET_USE_NEW_PRIVKEY_SIGN_DATA, 1, [use gnutls_privkey_sign_data])
fi
fi
AC_MSG_CHECKING([whether to use gnutls_privkey_sign_data])
AC_MSG_RESULT([${use_gnutls_privkey_sign_data}])
use_gnutls_pubkey_verify_hash="no"
if test "x${want_gnutls}" = "xyes" -o "x${want_gnutls}" = "xauto"; then
tmp_CFLAGS="${CFLAGS}"
tmp_LIBS="${LIBS}"
CFLAGS="${GNUTLS_CFLAGS}"
LIBS="${GNUTLS_LIBS}"
AC_CHECK_LIB(gnutls, gnutls_pubkey_verify_hash,
[ use_gnutls_pubkey_verify_hash="yes" ],
[ use_gnutls_pubkey_verify_hash="no" ]
)
CFLAGS="${tmp_CFLAGS}"
LIBS="${tmp_LIBS}"
if test "x${use_gnutls_pubkey_verify_hash}" = "xyes"; then
AC_DEFINE(EET_USE_NEW_PUBKEY_VERIFY_HASH, 1, [use gnutls_pubkey_verify_hash])
fi
fi
AC_MSG_CHECKING([whether to use gnutls_pubkey_verify_hash])
AC_MSG_RESULT([${use_gnutls_pubkey_verify_hash}])
# Openssl library # Openssl library
have_openssl="no" have_openssl="no"
if test "x${want_openssl}" = "xyes" || test "x${want_openssl}" = "xauto" ; then if test "x${want_openssl}" = "xyes" || test "x${want_openssl}" = "xauto" ; then

69
legacy/eet/src/lib/eet_cipher.c
View File

@ -56,6 +56,9 @@ void *alloca(size_t);
#ifdef HAVE_CIPHER #ifdef HAVE_CIPHER
# ifdef HAVE_GNUTLS # ifdef HAVE_GNUTLS
# if defined EET_USE_NEW_PUBKEY_VERIFY_HASH || defined EET_USE_NEW_PRIVKEY_SIGN_DATA
# include <gnutls/abstract.h>
# endif
# include <gnutls/x509.h> # include <gnutls/x509.h>
# include <gcrypt.h> # include <gcrypt.h>
# else /* ifdef HAVE_GNUTLS */ # else /* ifdef HAVE_GNUTLS */
@ -497,6 +500,10 @@ eet_identity_sign(FILE *fp,
gnutls_datum_t datum = { NULL, 0 }; gnutls_datum_t datum = { NULL, 0 };
size_t sign_len = 0; size_t sign_len = 0;
size_t cert_len = 0; size_t cert_len = 0;
#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
gnutls_datum_t signum = { NULL, 0 };
gnutls_privkey_t privkey;
#endif
# else /* ifdef HAVE_GNUTLS */ # else /* ifdef HAVE_GNUTLS */
EVP_MD_CTX md_ctx; EVP_MD_CTX md_ctx;
unsigned int sign_len = 0; unsigned int sign_len = 0;
@ -528,6 +535,28 @@ eet_identity_sign(FILE *fp,
datum.size = st_buf.st_size; datum.size = st_buf.st_size;
/* Get the signature length */ /* Get the signature length */
#ifdef EET_USE_NEW_PRIVKEY_SIGN_DATA
if (gnutls_privkey_init(&privkey) < 0)
{
err = EET_ERROR_SIGNATURE_FAILED;
goto on_error;
}
if (gnutls_privkey_import_x509(privkey, key->private_key, 0) < 0)
{
err = EET_ERROR_SIGNATURE_FAILED;
goto on_error;
}
if (gnutls_privkey_sign_data(privkey, GNUTLS_DIG_SHA1, 0, &datum, &signum) < 0)
{
err = EET_ERROR_SIGNATURE_FAILED;
goto on_error;
}
sign = signum.data;
sign_len = signum.size;
#else
if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0, if (gnutls_x509_privkey_sign_data(key->private_key, GNUTLS_DIG_SHA1, 0,
&datum, sign, &sign_len) && &datum, sign, &sign_len) &&
!sign_len) !sign_len)
@ -550,6 +579,7 @@ eet_identity_sign(FILE *fp,
goto on_error; goto on_error;
} }
#endif
/* Get the certificate length */ /* Get the certificate length */
if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert, if (gnutls_x509_crt_export(key->certificate, GNUTLS_X509_FMT_DER, cert,
@ -696,6 +726,10 @@ eet_identity_check(const void *data_base,
gnutls_datum_t datum; gnutls_datum_t datum;
gnutls_datum_t signature; gnutls_datum_t signature;
# if EET_USE_NEW_GNUTLS_API # if EET_USE_NEW_GNUTLS_API
# if EET_USE_NEW_PUBKEY_VERIFY_HASH
gnutls_pubkey_t pubkey;
gnutls_digest_algorithm_t hash_algo;
# endif
unsigned char *hash; unsigned char *hash;
gcry_md_hd_t md; gcry_md_hd_t md;
int err; int err;
@ -724,28 +758,32 @@ eet_identity_check(const void *data_base,
hash = gcry_md_read(md, GCRY_MD_SHA1); hash = gcry_md_read(md, GCRY_MD_SHA1);
if (!hash) if (!hash)
{ goto on_error;
gcry_md_close(md);
return NULL;
}
datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1); datum.size = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
datum.data = hash; datum.data = hash;
# ifdef EET_USE_NEW_PUBKEY_VERIFY_HASH
if (gnutls_pubkey_init(&pubkey) < 0)
goto on_error;
if (gnutls_pubkey_import_x509(pubkey, cert, 0) < 0)
goto on_error;
if (gnutls_pubkey_get_verify_algorithm(pubkey, &signature, &hash_algo) < 0)
goto on_error;
if (gnutls_pubkey_verify_hash(pubkey, 0, &datum, &signature) < 0)
goto on_error;
# else
if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature)) if (!gnutls_x509_crt_verify_hash(cert, 0, &datum, &signature))
{ goto on_error;
gcry_md_close(md); # endif
return NULL;
}
if (sha1) if (sha1)
{ {
*sha1 = malloc(datum.size); *sha1 = malloc(datum.size);
if (!*sha1) if (!*sha1) goto on_error;
{
gcry_md_close(md);
return NULL;
}
memcpy(*sha1, hash, datum.size); memcpy(*sha1, hash, datum.size);
*sha1_length = datum.size; *sha1_length = datum.size;
@ -818,6 +856,11 @@ eet_identity_check(const void *data_base,
*raw_signature_length = sign_len; *raw_signature_length = sign_len;
return cert_der; return cert_der;
# ifdef HAVE_GNUTLS
on_error:
gcry_md_close(md);
return NULL;
# endif
#else /* ifdef HAVE_SIGNATURE */ #else /* ifdef HAVE_SIGNATURE */
data_base = NULL; data_base = NULL;
data_length = 0; data_length = 0;