[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-25-g1621458
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-25-g1621458 |
|
Date: |
Thu, 04 Aug 2011 18:37:59 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=16214580b35ac3348f1afda0f58b2f1350c040ef
The branch, master has been updated
via 16214580b35ac3348f1afda0f58b2f1350c040ef (commit)
from 6b98dddd3c03340d2a35690516f6f315eeaa0afd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 16214580b35ac3348f1afda0f58b2f1350c040ef
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Thu Aug 4 20:35:21 2011 +0200
Added discussion of the provided cryptographic functions. Internals is now
included in the latex document (needs rewrite though)
-----------------------------------------------------------------------
Summary of changes:
doc/Makefile.am | 12 ++--
doc/cha-gtls-app.texi | 54 +++++++++++++++
doc/cha-internals.texi | 69 ++++++++-----------
...tls-extensions_st.dia => gnutls-extensions.dia} | Bin 1163 -> 1163 bytes
...tls-extensions_st.eps => gnutls-extensions.eps} | 0
...tls-extensions_st.pdf => gnutls-extensions.pdf} | Bin 12372 -> 12372 bytes
...tls-extensions_st.png => gnutls-extensions.png} | Bin 8469 -> 8469 bytes
doc/{gnutls-mod_auth_st.dia => gnutls-modauth.dia} | Bin 1464 -> 1464 bytes
doc/{gnutls-mod_auth_st.eps => gnutls-modauth.eps} | 0
doc/{gnutls-mod_auth_st.pdf => gnutls-modauth.pdf} | Bin 13234 -> 13234 bytes
doc/{gnutls-mod_auth_st.png => gnutls-modauth.png} | Bin 28537 -> 28537 bytes
doc/latex/Makefile.am | 5 +-
doc/latex/gnutls.tex | 2 +
doc/scripts/mytexi2latex | 6 ++
14 files changed, 101 insertions(+), 47 deletions(-)
rename doc/{gnutls-extensions_st.dia => gnutls-extensions.dia} (100%)
rename doc/{gnutls-extensions_st.eps => gnutls-extensions.eps} (100%)
rename doc/{gnutls-extensions_st.pdf => gnutls-extensions.pdf} (100%)
rename doc/{gnutls-extensions_st.png => gnutls-extensions.png} (100%)
rename doc/{gnutls-mod_auth_st.dia => gnutls-modauth.dia} (100%)
rename doc/{gnutls-mod_auth_st.eps => gnutls-modauth.eps} (100%)
rename doc/{gnutls-mod_auth_st.pdf => gnutls-modauth.pdf} (100%)
rename doc/{gnutls-mod_auth_st.png => gnutls-modauth.png} (100%)
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 9fa4137..dad8bd9 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -66,21 +66,21 @@ gnutls_TEXINFOS += gnutls-certificate-user-use-case.dia
\
gnutls_TEXINFOS += gnutls-client-server-use-case.dia \
gnutls-client-server-use-case.eps \
gnutls-client-server-use-case.png
-gnutls_TEXINFOS += gnutls-extensions_st.dia gnutls-extensions_st.eps \
- gnutls-extensions_st.png
+gnutls_TEXINFOS += gnutls-extensions.dia gnutls-extensions.eps \
+ gnutls-extensions.png
gnutls_TEXINFOS += gnutls-handshake-sequence.dia \
gnutls-handshake-sequence.eps gnutls-handshake-sequence.png
gnutls_TEXINFOS += gnutls-handshake-state.dia \
gnutls-handshake-state.eps gnutls-handshake-state.png
-gnutls_TEXINFOS += gnutls-mod_auth_st.dia gnutls-mod_auth_st.eps \
- gnutls-mod_auth_st.png
+gnutls_TEXINFOS += gnutls-modauth.dia gnutls-modauth.eps \
+ gnutls-modauth.png
gnutls_TEXINFOS += gnutls-objects.dia gnutls-objects.eps \
gnutls-objects.png
imagesdir = $(infodir)
images_DATA = gnutls-certificate-user-use-case.png \
- gnutls-extensions_st.png gnutls-handshake-state.png \
- gnutls-layers.png gnutls-mod_auth_st.png gnutls-pgp.png \
+ gnutls-extensions.png gnutls-handshake-state.png \
+ gnutls-layers.png gnutls-modauth.png gnutls-pgp.png \
gnutls-client-server-use-case.png \
gnutls-handshake-sequence.png gnutls-internals.png \
gnutls-logo.png gnutls-objects.png gnutls-x509.png \
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 1b5e47b..d4dec01 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -9,6 +9,7 @@
* Server examples::
* Miscellaneous examples::
* Advanced and other topics::
+* Using the cryptographic library::
@end menu
@node Preparation
@@ -491,3 +492,56 @@ Current limitations imposed by the compatibility layer
include:
@end itemize
address@hidden Using the cryptographic library
address@hidden Using the cryptographic library
+
address@hidden is not a low-level cryptographic library, i.e.,
+it does not provide access to basic cryptographic primitives. However
+it abstracts the internal cryptographic backend (see @ref{Cryptographic
Backend}),
+providing symmetric crypto, hash and HMAC algorithms, as well access
+to the random number generation.
+
address@hidden
+* Symmetric cryptography::
+* Hash and HMAC functions::
+* Random number generation::
address@hidden menu
+
address@hidden Symmetric cryptography
address@hidden Symmetric cryptography
address@hidden Symmetric cryptography
+
+The available functions to access symmetric crypto algorithms operations
+are shown below. The supported algorithms are the algorithms required by the
TLS protocol.
+They are listed in @ref{tab:ciphers}.
+
address@hidden,gnutls_cipher_encrypt2,gnutls_cipher_decrypt2,gnutls_cipher_set_iv,gnutls_cipher_deinit}
+
+In order to support authenticated encryption with associated data (AEAD)
algoritms the following
+functions are provided to set the associated data and retrieve the
authentication tag.
+
address@hidden,gnutls_cipher_tag}
+
address@hidden Hash and HMAC functions
address@hidden Hash and HMAC functions
address@hidden Hash functions
address@hidden HMAC functions
+
+The available operations to access hash functions and hash-MAC (HMAC)
algorithms
+are shown below. HMAC algorithms provided keyed hash functionality. They
supported HMAC algorithms are listed in @ref{tab:macs}.
+
address@hidden,gnutls_hmac,gnutls_hmac_output,gnutls_hmac_deinit,gnutls_hmac_get_len,gnutls_hmac_fast}
+
+The available functions to access hash functions are shown below. The
supported hash functions
+are the same as the HMAC algorithms.
+
address@hidden,gnutls_hash,gnutls_hash_output,gnutls_hash_deinit,gnutls_hash_get_len,gnutls_hash_fast}
+
address@hidden Random number generation
address@hidden Random number generation
address@hidden Random numbers
+
+Access to the random number generator is provided using the
@funcref{gnutls_rnd}
+function.
+
address@hidden
diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi
index a889a04..7f7a414 100644
--- a/doc/cha-internals.texi
+++ b/doc/cha-internals.texi
@@ -77,7 +77,7 @@ address@hidden as the
such as certificates, usernames etc. to @code{auth_info_t} structures.
@float Figure,fig:gnutls-mod-auth
address@hidden,12cm}
address@hidden,12cm}
@caption{GnuTLS authentication method structure.}
@end float
@@ -93,7 +93,7 @@ As with authentication methods, the TLS extensions handlers
can be
implemented using the interface shown in @ref{fig:gnutls-ext}.
@float Figure,fig:gnutls-ext
address@hidden,12cm}
address@hidden,12cm}
@caption{GnuTLS extensions structure.}
@end float
@@ -114,9 +114,7 @@ follow if you wish to do this yourself. For sake of
discussion, let's
consider adding support for the hypothetical TLS extension
@code{foobar}.
address@hidden
-
address@hidden Add @code{configure} option like @code{--enable-foobar} or
@code{--disable-foobar}.
address@hidden Add @code{configure} option like @code{--enable-foobar} or
@code{--disable-foobar}.
This step is useful when the extension code is large and it might be desirable
to disable the extension under some circumstances. Otherwise it can be safely
@@ -144,7 +142,7 @@ AM_CONDITIONAL(ENABLE_FOOBAR, test "$ac_enable_foobar" !=
"no")
These lines should go in @code{lib/m4/hooks.m4}.
address@hidden Add IANA extension value to @code{extensions_t} in
@code{gnutls_int.h}.
address@hidden Add IANA extension value to @code{extensions_t} in
@code{gnutls_int.h}.
A good name for the value would be GNUTLS_EXTENSION_FOOBAR. Check
with @url{http://www.iana.org/assignments/tls-extensiontype-values}
@@ -154,7 +152,7 @@ version since it will lead to interoperability problems in
the future
when the IANA allocates that number to someone else, or when the
foobar protocol is allocated another number.
address@hidden Add an entry to @code{_gnutls_extensions} in
@code{gnutls_extensions.c}.
address@hidden Add an entry to @code{_gnutls_extensions} in
@code{gnutls_extensions.c}.
A typical entry would be:
@@ -198,7 +196,7 @@ will be called to deinitialize the extension's private
parameters, if any.
Note that the conditional @code{ENABLE_FOOBAR} definition should only be
used if step 1 with the @code{configure} options has taken place.
address@hidden Add new files @code{ext_foobar.c} and @code{ext_foobar.h} that
implement the extension.
address@hidden Add new files @code{ext_foobar.c} and @code{ext_foobar.h} that
implement the extension.
The functions you are responsible to add are those mentioned in the
previous step. As a starter, you could add this:
@@ -247,15 +245,15 @@ The @code{_foobar_unpack} function is responsible for
restoring session data from the session storage.
If you receive length fields that doesn't match, return
address@hidden If you receive invalid
-data, return @code{GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER}. You can use
address@hidden If you receive invalid
+data, return @code{GNUTLS_E_\-RECEIVED_\-ILLEGAL_\-PARAMETER}. You can use
other error codes too. Return 0 on success.
The function could store some information in the @code{session}
variable for later usage. That can be done using the functions
address@hidden and
address@hidden You can check simple examples
-at @code{ext_max_record.c} and @code{ext_server_name.c} extensions.
address@hidden and
address@hidden You can check simple examples
+at @code{ext_\-max_\-record.c} and @code{ext_\-server_\-name.c} extensions.
Recall that both the client and server both send and receives
parameters, and your code most likely will need to do different things
@@ -299,7 +297,7 @@ HFILES += ext_foobar.h
endif
@end example
address@hidden Add API functions to enable/disable the extension.
address@hidden Add API functions to enable/disable the extension.
Normally the client will have one API to request use of the extension,
and setting some extension specific data. The server will have one
@@ -307,26 +305,25 @@ API to let the library know that it is willing to accept
the
extension, often this is implemented through a callback but it doesn't
have to.
-The APIs need to be added to @code{includes/gnutls/gnutls.h} or
address@hidden/gnutls/extra.h} as appropriate. It is recommended that
-if you don't have a requirement to use the LGPLv2.1+ license for your
+The APIs need to be added to @code{includes/\-gnutls/\-gnutls.h} or
address@hidden/\-gnutls/\-extra.h} as appropriate. It is recommended that
+if you don't have a requirement to use the LGPLv3+ license for your
extension, that you place your work under the GPLv3+ license and thus
in the libgnutls-extra library.
You can implement the API function in the @code{ext_foobar.c} file, or
if that file ends up becoming rather larger, add a
address@hidden file.
address@hidden file.
To make the API available in the shared library you need to add the
-symbol in @code{lib/libgnutls.map} or
address@hidden/libgnutls-extra.map} as appropriate, so that the symbol
+symbol in @code{lib/\-libgnutls.map} or
address@hidden/\-libgnutls-\-extra.map} as appropriate, so that the symbol
is exported properly.
When writing GTK-DOC style documentation for your new APIs, don't
forget to add @code{Since:} tags to indicate the GnuTLS version the
API was introduced in.
address@hidden enumerate
@node Certificate Handling
@section Certificate Handling
@@ -358,17 +355,10 @@ The TLS layer uses a cryptographic provider layer, that
will in turn either
use the default crypto provider - a crypto library, or use an external
crypto provider, if available.
address@hidden Cryptographic Library layer
-The Cryptographic Library layer, can currently be used either with
-libgcrypt or libnettle, each of one has its advantages and some
-disadvantages. Libgcrypt is a self-contained library, pretty broad
-in scope that supports many algorithms. In some processors like VIA,
-it will also use the available crypto instruction set hence providing
-performance benefit comparing to plain software implementation.
-Libnettle provides only software implementation
-of the basic algorithms required in TLS, and is on average 30% faster
-that libgcrypt on almost all algorithms. For
-this reason libnettle is library used by default in GnuTLS.
address@hidden Cryptographic library layer
+The Cryptographic library layer, currently supports only
+libnettle. Other cryptographic libraries might be supported
+in the future.
@subsection External cryptography provider
Systems that include a cryptographic co-processor, typically come with
@@ -403,10 +393,10 @@ following functions can be used to register those
algorithms.
@itemize
address@hidden @refint{gnutls_crypto_single_cipher_register}
address@hidden @code{gnutls_crypto_single_cipher_register}
To register a cipher algorithm.
address@hidden
address@hidden @code{gnutls_crypto_single_digest_register}
To register a hash (digest) or MAC algorithm.
@end itemize
@@ -421,23 +411,22 @@ them. For this reason the following functions are
provided.
@itemize
address@hidden @refint{gnutls_crypto_cipher_register}
address@hidden @code{gnutls_crypto_cipher_register}
To override the cryptographic algorithms backend.
address@hidden @refint{gnutls_crypto_digest_register}
address@hidden @code{gnutls_crypto_digest_register}
To override the digest algorithms backend.
address@hidden @refint{gnutls_crypto_rnd_register}
address@hidden @code{gnutls_crypto_rnd_register}
To override the random number generator backend.
address@hidden @refint{gnutls_crypto_bigint_register}
address@hidden @code{gnutls_crypto_bigint_register}
To override the big number number operations backend.
address@hidden @refint{gnutls_crypto_pk_register}
address@hidden @code{gnutls_crypto_pk_register}
To override the public key encryption backend. This is tight to the
big number operations so either both of them should be updated or care
must be taken to use the same format.
@end itemize
-If all of them are used then GnuTLS will no longer use libgcrypt.
diff --git a/doc/gnutls-extensions_st.dia b/doc/gnutls-extensions.dia
similarity index 100%
rename from doc/gnutls-extensions_st.dia
rename to doc/gnutls-extensions.dia
diff --git a/doc/gnutls-extensions_st.eps b/doc/gnutls-extensions.eps
similarity index 100%
rename from doc/gnutls-extensions_st.eps
rename to doc/gnutls-extensions.eps
diff --git a/doc/gnutls-extensions_st.pdf b/doc/gnutls-extensions.pdf
similarity index 100%
rename from doc/gnutls-extensions_st.pdf
rename to doc/gnutls-extensions.pdf
diff --git a/doc/gnutls-extensions_st.png b/doc/gnutls-extensions.png
similarity index 100%
rename from doc/gnutls-extensions_st.png
rename to doc/gnutls-extensions.png
diff --git a/doc/gnutls-mod_auth_st.dia b/doc/gnutls-modauth.dia
similarity index 100%
rename from doc/gnutls-mod_auth_st.dia
rename to doc/gnutls-modauth.dia
diff --git a/doc/gnutls-mod_auth_st.eps b/doc/gnutls-modauth.eps
similarity index 100%
rename from doc/gnutls-mod_auth_st.eps
rename to doc/gnutls-modauth.eps
diff --git a/doc/gnutls-mod_auth_st.pdf b/doc/gnutls-modauth.pdf
similarity index 100%
rename from doc/gnutls-mod_auth_st.pdf
rename to doc/gnutls-modauth.pdf
diff --git a/doc/gnutls-mod_auth_st.png b/doc/gnutls-modauth.png
similarity index 100%
rename from doc/gnutls-mod_auth_st.png
rename to doc/gnutls-modauth.png
diff --git a/doc/latex/Makefile.am b/doc/latex/Makefile.am
index 2c01e88..a4c2d43 100644
--- a/doc/latex/Makefile.am
+++ b/doc/latex/Makefile.am
@@ -3,7 +3,7 @@ TEX_OBJECTS = gnutls.tex macros.tex fdl.tex cover.tex gnutls.bib
GEN_TEX_OBJECTS = cha-preface.tex cha-library.tex cha-intro-tls.tex
cha-auth.tex \
cha-cert-auth.tex cha-gtls-app.tex cha-tls-app.tex cha-programs.tex
cha-support.tex \
cha-functions.tex error_codes.tex cha-ciphersuites.tex algorithms.tex \
- cha-errors.tex alerts.tex
+ cha-errors.tex alerts.tex cha-internals.tex
cha-preface.tex: ../cha-preface.texi
../scripts/mytexi2latex $< > $@
@@ -35,6 +35,9 @@ cha-support.tex: ../cha-support.texi
cha-functions.tex: ../cha-functions.texi
../scripts/mytexi2latex $< > $@
+cha-internals.tex: ../cha-internals.texi
+ ../scripts/mytexi2latex $< > $@
+
cha-errors.tex: ../cha-errors.texi
../scripts/mytexi2latex $< > $@
diff --git a/doc/latex/gnutls.tex b/doc/latex/gnutls.tex
index 44a008f..8617349 100644
--- a/doc/latex/gnutls.tex
+++ b/doc/latex/gnutls.tex
@@ -61,6 +61,8 @@
\input{cha-programs}
+\input{cha-internals}
+
\appendix
\input{cha-support}
diff --git a/doc/scripts/mytexi2latex b/doc/scripts/mytexi2latex
index 7d842df..ad61af7 100755
--- a/doc/scripts/mytexi2latex
+++ b/doc/scripts/mytexi2latex
@@ -200,6 +200,12 @@ multitable:
}
}
+ if ($line =~ s/address@hidden (.+)/\\subsubsection{$1}/g) {
+ if ($label ne '') {
+ $line .= "\\label{$label}\n";
+ }
+ }
+
if ($line =~ s/address@hidden (.+)/\\section{$1}/g) {
if ($label ne '') {
$line .= "\\label{$label}\n";
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_0_0-25-g1621458,
Nikos Mavrogiannopoulos <=