[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libfints] branch master updated: Fix keys import logic.
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [libfints] branch master updated: Fix keys import logic. |
|
Date: |
Fri, 12 Oct 2018 12:47:14 +0200 |
This is an automated email from the git hooks/post-receive script.
marcello pushed a commit to branch master
in repository libfints.
The following commit(s) were added to refs/heads/master by this push:
new 9f41c67 Fix keys import logic.
9f41c67 is described below
commit 9f41c6739ebeadbc7f0bd512db807ce7d09754b9
Author: Marcello Stanisci <address@hidden>
AuthorDate: Fri Oct 12 12:46:20 2018 +0200
Fix keys import logic.
Opted for first convering the x509 private key
to the "abstract" key type, and then extract the
public key from this latter.
---
src/libebics.c | 90 ++++++++++++++++++++++++++++++++++++++++++-------------
src/libebics.h | 5 +++-
src/xmlmessages.c | 13 ++++----
3 files changed, 81 insertions(+), 27 deletions(-)
diff --git a/src/libebics.c b/src/libebics.c
index 3af8d4c..e6456dc 100644
--- a/src/libebics.c
+++ b/src/libebics.c
@@ -31,8 +31,13 @@
#include <gnunet/platform.h>
#include <gnunet/gnunet_util_lib.h>
-#define LOG(level,...) EBICS_util_log_from (__LINE__,__FILE__,__func__,level,
"libebics",__VA_ARGS__)
-
+#define LOG(level,...) \
+ EBICS_util_log_from (__LINE__, \
+ __FILE__, \
+ __func__, \
+ level, \
+ "libebics", \
+ __VA_ARGS__)
static const struct GNUNET_OS_ProjectData libebics_pd = {
.libname = "libebics",
@@ -265,7 +270,9 @@ free_zlib ()
*
* @param keyList Will contain the initialized keys.
* @param keyDir directory hosting the keys.
- * @param keyFiles names of the files with key material.
+ * @param keyFiles names of the files with key material,
+ * ".pem" suffix NOT required.
+ * EBICS_KEY_MAX_ENTRIES is the maximum size admitted.
*
* @returns EBICS_SUCCESS on success,
* EBICS_ERROR on non critical errors
@@ -356,31 +363,66 @@ init_keymaterial (struct EBICS_Key keyList[],
gnutls_x509_privkey_init (&privkey);
gnutls_pubkey_init (&pubkey);
- retv = gnutls_x509_privkey_import (privkey,
- &rawkey,
- GNUTLS_X509_FMT_PEM);
- if (GNUTLS_E_SUCCESS != retv)
- LOG (EBICS_LOGLEVEL_ERROR,
- "Could not import a private key. GnuTLS Error: %s",
- gnutls_strerror (retv));
- else
+ if (GNUTLS_E_SUCCESS == (
+ retv = gnutls_x509_privkey_import (privkey,
+ &rawkey,
+ GNUTLS_X509_FMT_PEM)))
{
+ gnutls_privkey_t abspriv;
+
+ key->privatekey = privkey;
+ key->type |= EBICS_KEY_RSA_PRIVATE;
+
LOG (EBICS_LOGLEVEL_DEBUG,
"Found private key in %s!",
filepath);
- key->privatekey = privkey;
- key->type |= EBICS_KEY_RSA_PRIVATE;
+
+ /* convert x509 priv to abstract type first. */
+ GNUNET_assert
+ (GNUTLS_E_SUCCESS == (gnutls_privkey_import_x509 (abspriv,
+ privkey,
+ 0)));
+ if (GNUTLS_E_SUCCESS != (
+ retv = gnutls_pubkey_import_privkey (pubkey,
+ abspriv,
+ /* XXX: POTENTIALLY WRONG; TO
REVIEW.*/
+ GNUTLS_KEY_DIGITAL_SIGNATURE,
+ 0))) // docs dictates 0 here.
+ {
+
+ LOG (EBICS_LOGLEVEL_ERROR,
+ "Could not extract public key from"
+ " private at %s. GnuTLS Error: %s",
+ filepath,
+ gnutls_strerror (retv));
+ }
+ else
+ {
+ LOG (EBICS_LOGLEVEL_DEBUG,
+ "Succefully extracted public key from private at %s\n",
+ filepath);
+
+ key->publickey = pubkey;
+ key->type |= EBICS_KEY_RSA_PUBLIC;
+ }
+ }
+ else
+ {
+ LOG (EBICS_LOGLEVEL_ERROR,
+ "Could not import private key at %s. GnuTLS Error: %s",
+ filepath,
+ gnutls_strerror (retv));
}
- retv = gnutls_pubkey_import (pubkey,
- &rawkey,
- GNUTLS_X509_FMT_PEM);
+ if (GNUTLS_E_SUCCESS != (
+ retv = gnutls_pubkey_import (pubkey,
+ &rawkey,
+ GNUTLS_X509_FMT_PEM)))
- if (GNUTLS_E_SUCCESS != retv)
{
LOG (EBICS_LOGLEVEL_ERROR,
- "Could not import the publickey. GnuTLS Error: %s",
+ "Could not import publickey from file %s. GnuTLS Error: %s",
gnutls_strerror (retv));
}
else
@@ -516,10 +558,16 @@ free_genex_documents (struct EBICS_genex_document
genexList[])
*
* @param key_dir directory where keys to be imported
* are located.
+ * @param key_files array of filenames indicating PEM
+ * formatted files on disk; last entry must be NULL.
+ * ".pem" suffix NOT required.
+ * EBICS_KEY_MAX_ENTRIES is the maximum size admitted.
+ *
* @return EBICS_SUCCESS or EBICS_ERROR.
- */
+ **/
int
-EBICS_init_library (const char *key_dir)
+EBICS_init_library (const char *key_dir,
+ const char *key_files[])
{
int retv;
@@ -580,7 +628,7 @@ EBICS_init_library (const char *key_dir)
if (EBICS_SUCCESS != init_keymaterial
(keyList,
key_dir,
- keyFilenames))
+ key_files))
{
GNUNET_break (0);
return EBICS_ERROR;
diff --git a/src/libebics.h b/src/libebics.h
index 57cce3a..0bb3e14 100644
--- a/src/libebics.h
+++ b/src/libebics.h
@@ -54,10 +54,13 @@
*
* @param key_dir directory where keys to be imported
* are located.
+ * @param key_files array of filenames indicating PEM
+ * formatted files on disk; last entry must be NULL.
* @return EBICS_SUCCESS or EBICS_ERROR.
*/
int
-EBICS_init_library (const char *key_dir);
+EBICS_init_library (const char *key_dir,
+ const char *key_files[]);
/**
diff --git a/src/xmlmessages.c b/src/xmlmessages.c
index 208b8cc..df8e28a 100644
--- a/src/xmlmessages.c
+++ b/src/xmlmessages.c
@@ -528,7 +528,12 @@ EBICS_build_auth_signature (void *cls,
}
/**
- * Sign a ebics message
+ * Sign a EBICS message.
+ *
+ * @param bankAuthentication fixme UNUSED.
+ * @param bankEncryption fixme UNUSED.
+ * @param userAuthentication has the sign key.
+ * @param document the document to equip with signature.
*/
void
EBICS_sign_message (const struct EBICS_Key *bankAuthentication,
@@ -626,7 +631,8 @@ EBICS_sign_message (const struct EBICS_Key
*bankAuthentication,
GNUNET_assert (0);
}
- if (xmlSecDSigCtxSign (dsigCtx, node) < 0)
+ if (0 > xmlSecDSigCtxSign (dsigCtx,
+ node))
{
LOG (EBICS_LOGLEVEL_FATAL,"Error: signature failed.");
// xmlSecDSigCtxDebugXmlDump (dsigCtx, stdout);
@@ -648,8 +654,6 @@ EBICS_sign_message (const struct EBICS_Key
*bankAuthentication,
LOG (EBICS_LOGLEVEL_DEBUG,
"Error is Above me!");
-
-
/**
* Rename ds:Signature so the
* message validates with ebics schema
@@ -672,7 +676,6 @@ EBICS_sign_message (const struct EBICS_Key
*bankAuthentication,
ns = xmlSearchNsByHref (document->document,
node,
BAD_CAST "urn:org:ebics:H004");
-
xmlNodeSetName (node,
BAD_CAST "AuthSignature");
node->ns = ns;
--
To stop receiving notification emails like this one, please contact
address@hidden
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [libfints] branch master updated: Fix keys import logic.,
gnunet <=