* guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob): Remove.
(%gnutls-smobs): Remove it.
* guile/src/core.c (scm_gnutls_make_rsa_parameters,
scm_gnutls_pkcs1_import_rsa_parameters,
scm_gnutls_pkcs1_export_rsa_parameters,
scm_gnutls_set_certificate_credentials_rsa_export_params_x): Remove.
* guile/modules/gnutls.in: Adjust export list.
* guile/tests/openpgp-auth.scm (import-rsa-params): Remove.
Remove references to it and to
'set-certificate-credentials-rsa-export-parameters!'.
* guile/tests/x509-auth.scm: Likewise.
* doc/gnutls-guile.texi (Representation of Binary Data): Remove
references to RSA parameters. Adjust example accordingly.
(OpenPGP Authentication Guile Example): Likewise.
@section Representation of Binary Data
Many procedures operate on binary data. For instance,
-@code{pkcs3-import-dh-parameters} expects binary data as input and,
-similarly, procedures like @code{pkcs1-export-rsa-parameters} return
-binary data.
+@code{pkcs3-import-dh-parameters} expects binary data as input.
@cindex SRFI-4
@cindex homogeneous vector
Although any type of homogeneous vector may be used, @code{u8vector}s
(i.e., vectors of bytes) are highly recommended.
-As an example, generating and then exporting RSA parameters in the PEM
-format can be done as follows:
+As an example, generating and then exporting Diffie-Hellman parameters
+in the PEM format can be done as follows:
-@findex make-rsa-parameters
-@findex pkcs1-export-rsa-parameters
+@findex make-dh-parameters
+@findex pkcs3-export-dh-parameters
@vindex x509-certificate-format/pem
@example
-(let* ((rsa-params (make-rsa-parameters 1024))
- (raw-data
- (pkcs1-export-rsa-parameters rsa-params
- x509-certificate-format/pem)))
- (uniform-vector-write raw-data (open-output-file "some-file.pem")))
+(let* ((dh (make-dh-parameters 1024))
+ (pem (pkcs3-export-dh-parameters dh
+ x509-certificate-format/pem)))
+ (call-with-output-file "some-file.pem"
+ (lambda (port)
+ (uniform-vector-write pem port))))
@end example
For an example of OpenPGP key import from a file, see @ref{Importing
(define %certs (list certificate-type/openpgp))
(let ((server (make-session connection-end/server))
- (rsa (make-rsa-parameters 1024))
(dh (make-dh-parameters 1024)))
(set-session-default-priority! server)
(set-session-certificate-type-priority! server %certs)
(let ((cred (make-certificate-credentials)))
- ;; Prepare credentials with RSA and Diffie-Hellman parameters.
+ ;; Prepare credentials with Diffie-Hellman parameters.
(set-certificate-credentials-dh-parameters! cred dh)
- (set-certificate-credentials-rsa-export-parameters! cred rsa)
(set-certificate-credentials-openpgp-keys! cred pub sec)
(set-session-credentials! server cred))
(bye server close-request/rdwr)))
@end example
-In practice, generating RSA parameters (and Diffie-Hellman parameters)
-can time a long time. Thus, you may want to generate them once and
-store them in a file for future re-use (@pxref{Guile Reference,
-@code{pkcs1-export-rsa-parameters} and @code{pkcs1-import-rsa-parameters}}).
@node Importing OpenPGP Keys Guile Example
@section Importing OpenPGP Keys Guile Example
;; certificate credentials
certificate-credentials? make-certificate-credentials
set-certificate-credentials-dh-parameters!
- set-certificate-credentials-rsa-export-parameters!
set-certificate-credentials-x509-key-files!
set-certificate-credentials-x509-trust-file!
set-certificate-credentials-x509-crl-file!
make-dh-parameters dh-parameters?
pkcs3-import-dh-parameters pkcs3-export-dh-parameters
- ;; RSA
- make-rsa-parameters rsa-parameters?
- pkcs1-import-rsa-parameters pkcs1-export-rsa-parameters
-
;; X.509
x509-certificate? x509-private-key?
import-x509-certificate x509-certificate-matches-hostname?
;;; Help produce Guile wrappers for GnuTLS types.
;;;
;;; GnuTLS --- Guile bindings for GnuTLS.
-;;; Copyright (C) 2007-2012 Free Software Foundation, Inc.
+;;; Copyright (C) 2007-2012, 2014 Free Software Foundation, Inc.
;;;
;;; GnuTLS is free software; you can redistribute it and/or
;;; modify it under the terms of the GNU Lesser General Public
(make-smob-type "gnutls_dh_params_t" 'dh-parameters
"gnutls_dh_params_deinit"))
-(define %rsa-parameters-smob
- (make-smob-type "gnutls_rsa_params_t" 'rsa-parameters
- "gnutls_rsa_params_deinit"))
-
(define %certificate-credentials-smob
(make-smob-type "gnutls_certificate_credentials_t" 'certificate-credentials
"gnutls_certificate_free_credentials"))
;; All SMOB types.
(list %session-smob %anonymous-client-credentials-smob
%anonymous-server-credentials-smob %dh-parameters-smob
- %rsa-parameters-smob
%certificate-credentials-smob
%srp-server-credentials-smob %srp-client-credentials-smob
%psk-server-credentials-smob %psk-client-credentials-smob
}
#undef FUNC_NAME
-\f
-
-/* RSA parameters. */
-
-SCM_DEFINE (scm_gnutls_make_rsa_parameters, "make-rsa-parameters", 1, 0, 0,
- (SCM bits), "Return new RSA parameters.")
-#define FUNC_NAME s_scm_gnutls_make_rsa_parameters
-{
- int err;
- unsigned c_bits;
- gnutls_rsa_params_t c_rsa_params;
-
- c_bits = scm_to_uint (bits);
-
- err = gnutls_rsa_params_init (&c_rsa_params);
- if (EXPECT_FALSE (err))
- scm_gnutls_error (err, FUNC_NAME);
-
- err = gnutls_rsa_params_generate2 (c_rsa_params, c_bits);
- if (EXPECT_FALSE (err))
- {
- gnutls_rsa_params_deinit (c_rsa_params);
- scm_gnutls_error (err, FUNC_NAME);
- }
-
- return (scm_from_gnutls_rsa_parameters (c_rsa_params));
-}
-
-#undef FUNC_NAME
-
-SCM_DEFINE (scm_gnutls_pkcs1_import_rsa_parameters,
- "pkcs1-import-rsa-parameters",
- 2, 0, 0,
- (SCM array, SCM format),
- "Import Diffie-Hellman parameters in PKCS1 format (further "
- "specified by @var{format}, an @code{x509-certificate-format} "
- "value) from @var{array} (a homogeneous array) and return a "
- "new @code{rsa-params} object.")
-#define FUNC_NAME s_scm_gnutls_pkcs1_import_rsa_parameters
-{
- int err;
- gnutls_x509_crt_fmt_t c_format;
- gnutls_rsa_params_t c_rsa_params;
- scm_t_array_handle c_handle;
- const char *c_array;
- size_t c_len;
- gnutls_datum_t c_datum;
-
- c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME);
-
- c_array = scm_gnutls_get_array (array, &c_handle, &c_len, FUNC_NAME);
- c_datum.data = (unsigned char *) c_array;
- c_datum.size = c_len;
-
- err = gnutls_rsa_params_init (&c_rsa_params);
- if (EXPECT_FALSE (err))
- {
- scm_gnutls_release_array (&c_handle);
- scm_gnutls_error (err, FUNC_NAME);
- }
-
- err = gnutls_rsa_params_import_pkcs1 (c_rsa_params, &c_datum, c_format);
- scm_gnutls_release_array (&c_handle);
-
- if (EXPECT_FALSE (err))
- {
- gnutls_rsa_params_deinit (c_rsa_params);
- scm_gnutls_error (err, FUNC_NAME);
- }
-
- return (scm_from_gnutls_rsa_parameters (c_rsa_params));
-}
-
-#undef FUNC_NAME
-
-SCM_DEFINE (scm_gnutls_pkcs1_export_rsa_parameters,
- "pkcs1-export-rsa-parameters",
- 2, 0, 0,
- (SCM rsa_params, SCM format),
- "Export Diffie-Hellman parameters @var{rsa_params} in PKCS1 "
- "format according for @var{format} (an "
- "@code{x509-certificate-format} value). Return a "
- "@code{u8vector} containing the result.")
-#define FUNC_NAME s_scm_gnutls_pkcs1_export_rsa_parameters
-{
- SCM result;
- gnutls_rsa_params_t c_rsa_params;
- gnutls_x509_crt_fmt_t c_format;
- c_rsa_params = scm_to_gnutls_rsa_parameters (rsa_params, 1, FUNC_NAME);
- c_format = scm_to_gnutls_x509_certificate_format (format, 2, FUNC_NAME);
-
- result = pkcs_export_parameters ((pkcs_export_function_t)
- gnutls_rsa_params_export_pkcs1,
- (void *) c_rsa_params,
- c_format, FUNC_NAME);
-
- return (result);
-}
-
-#undef FUNC_NAME
\f
/* Certificate credentials. */
#undef FUNC_NAME
-SCM_DEFINE (scm_gnutls_set_certificate_credentials_rsa_export_params_x,
- "set-certificate-credentials-rsa-export-parameters!",
- 2, 0, 0,
- (SCM cred, SCM rsa_params),
- "Use RSA parameters @var{rsa_params} for certificate "
- "credentials @var{cred}.")
-#define FUNC_NAME s_scm_gnutls_set_certificate_credentials_rsa_export_params_x
-{
- gnutls_rsa_params_t c_rsa_params;
- gnutls_certificate_credentials_t c_cred;
-
- c_cred = scm_to_gnutls_certificate_credentials (cred, 1, FUNC_NAME);
- c_rsa_params = scm_to_gnutls_rsa_parameters (rsa_params, 2, FUNC_NAME);
-
- gnutls_certificate_set_rsa_export_params (c_cred, c_rsa_params);
- register_weak_reference (cred, rsa_params);
-
- return SCM_UNSPECIFIED;
-}
-
-#undef FUNC_NAME
-
SCM_DEFINE (scm_gnutls_set_certificate_credentials_x509_key_files_x,
"set-certificate-credentials-x509-key-files!",
4, 0, 0,
;;; GnuTLS-extra --- Guile bindings for GnuTLS-EXTRA.
-;;; Copyright (C) 2007-2013 Free Software Foundation, Inc.
+;;; Copyright (C) 2007-2014 Free Software Foundation, Inc.
;;;
;;; GnuTLS-extra is free software; you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
(define (import-key import-proc file)
(import-something import-proc file openpgp-certificate-format/base64))
-(define (import-rsa-params file)
- (import-something pkcs1-import-rsa-parameters file
- x509-certificate-format/pem))
-
(define (import-dh-params file)
(import-something pkcs3-import-dh-parameters file
x509-certificate-format/pem))
(primitive-exit))
(let ((server (make-session connection-end/server))
- (rsa (import-rsa-params "rsa-parameters.pem"))
(dh (import-dh-params "dh-parameters.pem")))
;; server-side
(set-session-priorities! server priorities)
(set-session-transport-fd! server (port->fdes (cdr socket-pair)))
(let ((cred (make-certificate-credentials)))
(set-certificate-credentials-dh-parameters! cred dh)
- (set-certificate-credentials-rsa-export-parameters! cred rsa)
(set-certificate-credentials-openpgp-keys! cred pub sec)
(set-session-credentials! server cred))
(set-session-dh-prime-bits! server 1024)
;;; GnuTLS --- Guile bindings for GnuTLS.
-;;; Copyright (C) 2007-2013 Free Software Foundation, Inc.
+;;; Copyright (C) 2007-2014 Free Software Foundation, Inc.
;;;
;;; GnuTLS is free software; you can redistribute it and/or
;;; modify it under the terms of the GNU Lesser General Public
(define (import-key import-proc file)
(import-something import-proc file x509-certificate-format/pem))
-(define (import-rsa-params file)
- (import-something pkcs1-import-rsa-parameters file
- x509-certificate-format/pem))
-
(define (import-dh-params file)
(import-something pkcs3-import-dh-parameters file
x509-certificate-format/pem))
(primitive-exit))
(let ((server (make-session connection-end/server))
- (rsa (import-rsa-params "rsa-parameters.pem"))
(dh (import-dh-params "dh-parameters.pem")))
;; server-side
(set-session-default-priority! server)
"x509-certificate.pem"))
(trust-fmt x509-certificate-format/pem))
(set-certificate-credentials-dh-parameters! cred dh)
- (set-certificate-credentials-rsa-export-parameters! cred rsa)
(set-certificate-credentials-x509-keys! cred (list pub) sec)
(set-certificate-credentials-x509-trust-file! cred
trust-file