Previouly we used the CKM_EDDSA mechanism to generate key pair, though
the mechanism can only be used for signing and verification as
specified in PKCS#11 3.1 section 6.3. For key generation, the
CKM_EC_EDWARDS_KEY_PAIR_GEN mechanism (or
CKM_EC_MONTGOMERY_KEY_PAIR_GEN, if the point is represented in the
Montgomery form) needs to be used.
This adds gnutls_pubkey_export_dh_raw, a public key counterpart of
gnutls_privkey_export_dh_raw. This also replaces the P, Q, G
parameters with gnutls_dh_params_t in the function signatures to avoid
unnecessary serialization of bignums.
This adds a couple of new cipher algorithms GNUTLS_CIPHER_AES_128_SIV_GCM
and GNUTLS_CIPHER_AES_256_SIV_GCM, exposing nettle_siv_gcm_aes{128,256}*
functions.
This imports SIV-GCM implementation from Nettle 3.9.1, while still
assuming Nettle 3.6 as the baseline. As such, only non-optimized
implementation is imported. Performance critical applications are
advised to build GnuTLS with Nettle 3.9.1 or later.
This adds a new function gnutls_privkey_derive_secret, which can be
used in conjunction with the other key import or key generation API to
calculate shared secret.
Key import can be done with gnutls_{pubkey,privkey}_import_ecc_raw for
ECDH and gnutls_{pubkey,privkey}_import_dh_raw for FFDH, while key
generation could be done with gnutls_privkey_generate2 with respective
algorithms (e.g., GNUTLS_PK_ECDH_X25519) and key generation parameters
in gnutls_keygen_data_st format.
Daiki Ueno [Thu, 31 Aug 2023 04:55:58 +0000 (13:55 +0900)]
abstract, x509: add functions to import and export DH keys
This adds a couple of functions to import and export Diffie-Hellman
private keys. While it shares the structure as DSA, it differs in q
parameter which is optional in Diffie-Hellman and the algorithm
ID: GNUTLS_PK_DH vs GNUTLS_PK_DSA.
```c
size_t siz = prime->size;
if (_gnutls_mpi_init_scan_nz(&tmp_prime, prime->data, siz)) {
...
}
```
was previously written as:
```c
size_t siz = prime->size;
if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, &siz))
...
}
```
Now that _gnutls_mpi_init_scan_nz takes an immediate integer instead
of a pointer, we don't need to account for the integere size and thus
no conversion should be necessary.
Daiki Ueno [Thu, 31 Aug 2023 00:21:23 +0000 (09:21 +0900)]
gnutls_privkey_generate2: accept DH parameters
This adds a new GNUTLS_KEYGEN_DH type for gnutls_keygen_data_st, so
gnutls_privkey_generate2 can use pre-generated DH parameters instead
of newly generated ones.
Daiki Ueno [Mon, 28 Aug 2023 06:47:04 +0000 (15:47 +0900)]
tests: ignore SIGPIPE in forking tests if the parent is TLS client
If the tests are forking and the parent process is a client, care must
be taken to handle SIGPIPE reported by the child process (server) when
the client closes the connection.
This hadn't been exposed until commit dd79ac9bcf90012e090726adf7c1940bcce8333f, thanks to the fact that the
parent process kept the other pipe end which effectively prevented a
"broken pipe".
Daiki Ueno [Wed, 23 Aug 2023 01:43:54 +0000 (10:43 +0900)]
benchmark: use fallback gettime provided by Gnulib's timespec module
If CLOCK_PROCESS_CPUTIME_ID is not defined, a fallback gettime
function was defined as an inline function. Given that "timespec.h"
from Gnulib already defines such a fallback function with the same
name, it's not necessary to redefine it. This should fix the build
issue with Clang:
In file included from ../../gnutls-3.8.1/src/cli.c:65:
../../gnutls-3.8.1/src/benchmark.h:38:20: error: static declaration of 'gettime' follows non-static declaration
inline static void gettime(struct timespec *ts)
^
../../gnutls-3.8.1/src/gl/timespec.h:93:6: note: previous declaration is here
void gettime (struct timespec *) _GL_ARG_NONNULL ((1));
^
Sam James [Mon, 7 Aug 2023 07:23:50 +0000 (08:23 +0100)]
configure.ac: Avoid noise when faketime is not available
We already checked for whether faketime is installed, so don't try to call it
if we couldn't find a path to it.
This avoids noise like:
```
checking for faketime... no
checking for datefudge... no
checking whether faketime program works... 1691391464
/var/tmp/portage/net-libs/gnutls-3.8.1/work/gnutls-3.8.1/configure: line 11540: 2006-09-23 00:00:00: command not found
/var/tmp/portage/net-libs/gnutls-3.8.1/work/gnutls-3.8.1/configure: line 11540: test: =: unary operator expected
no
```
Bug: https://bugs.gentoo.org/911833 Signed-off-by: Sam James <sam@gentoo.org>
The examples under doc/examples/ are compiled with Gnulib, which
overrides write if it's not available, as a macro. This conflicts
with the usage of std::iostream::write in ex-cxx.cpp. To avoid the
build issue, use a custom namespace to hide it, as suggested in:
https://www.gnu.org/software/gnulib/manual/html_node/A-C_002b_002b-namespace-for-gnulib.html
Due to licensing concern, we had to remove the Debian-based CI images
for cross compilation. Some of them are already covered by the
Fedora-based CI images, though it would be nice if the following are
added back:
- x86 (32-bit): maybe we could just use -m32 on Fedora image,
similarly to mingw targets
- Arm (32-bit)
.gitlab-ci.yml: enable use of Fedora cross toolchain
This adds new tests for cross-compiling to AArch64, PowerPC 64 (LE),
and s390x through the CI image based on Fedora 38. The main advantage
of doing this is that the toolchain version is in sync with the
current Fedora native builds.
Previously, the test suite checked the existence of faketime or
datefudge at "make check", multiple times when it is needed. This
moves the check to configure and check it only once.
Signed-off-by: Daiki Ueno <ueno@gnu.org> Co-authored-by: Andreas Metzler <ametzler@bebt.de>
This adds a new keyword in the configuration file, "tls-session-hash",
which shall appear in the [overrides] section and takes either
"request" or "require" as the argument. This is particularly useful
when reverting the EMS requirement in FIPS mode for interoperability
reasons.
Daiki Ueno [Thu, 29 Jun 2023 08:04:51 +0000 (10:04 +0200)]
tls1-prf: mark use of non-EMS PRF non-approved in FIPS
This adds service indicator transitions around the use of TLS 1.2 PRF.
As of May 16, 2023, the use of extended master secret is mandatory
according to FIPS 140-3 IG. This patch detects the usage of non-EMS
KDF by checking the label: if it is "master secret", the service
indicator transitions to a non-approved state.
Andreas Metzler [Sun, 4 Jun 2023 11:53:43 +0000 (13:53 +0200)]
Automate and fix manpage copyright year update
Handle manpage copyright year update in update-copyright-year
target, and fix the library manpage copyright year statement, $(YEAR)
expanded to an empty string
Daiki Ueno [Thu, 1 Jun 2023 14:08:24 +0000 (16:08 +0200)]
tests: update tests/suite/ciphersuite after a96b04ff
The commit a96b04ffcf8fd7375dc3c0f90602bf679f5a9791 introduced a new
field in gnutls_cipher_suite_entry_st for gnutls_ciphersuite_get. The
scan-gnutls.sh script needs to be updated to correctly parse the
ciphersuites list. This also fixes the include path so the test
doesn't require gnutls to be installed on the system.
tests: make testcompat-openssl-tls13-serv.sh less flaky
Bash has a special variable GROUPS[1] which clashes with our use in
testcompat-openssl-tls13-serv.sh as a list of key exchange groups.
This avoids using it as well as expands the logging message to
indicate what is tested.
pkcs11.c: In function 'gnutls_pkcs11_token_get_info':
pkcs11.c:2535:25: error: 'str' may be used uninitialized [-Werror=maybe-uninitialized]
2535 | memcpy(output, str, len);
| ^~~~~~~~~~~~~~~~~~~~~~~~
GCC analyzer from GCC 13 reports an error when a pointer dereference
followed by a memcpy:
x509_dn.c:54:17: error: check of '*name.data' for NULL after already dereferencing it [-Werror=analyzer-deref-before-check]
54 | memcpy(_oid, name->data, name->size);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This is a false-positive, because we check name->size is > 0 on a
previous line.
Asterisk sometimes generates this, and it seems like a valid case. If
the first fragment is 1 byte then subsequent fragments will still try to
merge into it so it needs to have a big enough buffer for this to happen.
Signed-off-by: Stephen Paul Weber <singpolyma@singpolyma.net>
Daiki Ueno [Thu, 11 May 2023 00:52:20 +0000 (09:52 +0900)]
crypto-selftests: mark CFB8 block sizes tests optional
It was not obvious that the second function supplied to CASE2 macro
was only called when GNUTLS_SELF_TEST_FLAG_ALL is set. This splits
the macro into two: the one to be required and the other to be
optional.
Daiki Ueno [Mon, 1 May 2023 23:41:08 +0000 (08:41 +0900)]
psk: Add basic support for RFC 9258 external PSK importer interface
This adds a minimal, callback-based API to import external PSK,
following RFC 9258. The client and the server importing external PSK
are supposed to set a callback to retrieve PSK, which returns flags
that may indicate the PSK is imported, along with the key:
Those callbacks are responsible to call
gnutls_psk_format_imported_identity() for external PSKs to build a
serialized PSK identity, and set GNUTLS_PSK_KEY_EXT in flags if the
identity is an imported one.
projects / thirdparty / gnutls.git / log
