diff options
| -rw-r--r-- | doc/api.tex | 105 | ||||
| -rw-r--r-- | include/init.h | 2 | ||||
| -rw-r--r-- | misc/botan.rc | 225 | ||||
| -rw-r--r-- | src/inifile.cpp | 138 | ||||
| -rw-r--r-- | src/init_opt.cpp | 9 | ||||
| -rw-r--r-- | src/libstate.cpp | 3 |
6 files changed, 0 insertions, 482 deletions
diff --git a/doc/api.tex b/doc/api.tex index 1cd641d48..212db77bb 100644 --- a/doc/api.tex +++ b/doc/api.tex @@ -212,12 +212,6 @@ privileges on many systems. On systems that don't (currently) have any specialized allocators, like MS Windows, this option is ignored. -\option{config=/path/to/configfile}: Process the specified -configuration file. Configuration files can specify things like the -various options, new aliases, and new OIDs for algorithms. An example -can be found in \filename{doc/botan.rc}. Currently only one config= -argument will be processed, the rest will be ignored. - \option{use\_engines}: Use any available ``engine'' modules to speed up processing. Currently Botan has support for engines based on the AEP1000/AEP2000 crypto hardware cards, GNU MP, and OpenSSL's BN @@ -2762,105 +2756,6 @@ in the United States. and much less commonly used. \end{list} -\subsection{Configuration Files} - -Botan has a number of options, which can be configured by calling the -appropriate functions, documented earlier in this section. But this is somewhat -inconvenient for the users of applications which use Botan. So Botan also -supports reading options from a file which looks rather like Windows .INI files -or OpenSSL configurations. You can find an example config (which simply matches -the compiled-in defaults) in \filename{doc/botan.rc} - -Each set of options is part of a 'section', for example, ``base'', ``rng'', or -``x509''. These names are essentially arbitrary, and are (in theory) chosen on -the basis of what the options pertain to. To set the option -``x509/ca/default\_expire'' (which tells \type{X509\_CA} how long newly minted -X.509 certificates should be valid for), you could use either of the following -methods: - -\begin{verbatim} -[x509/ca] # section is x509/ca -default_expire = 1y # x509/ca + default_expire -> x509/ca/default_expire - -# same as above -[x509] # section is x509 -# other x509/ options in here... -ca/default_expire = 1y # x509 + ca/default_expire -> x509/ca/default_expire -\end{verbatim} - -There are also two special sections, ``oids'' and ``aliases''. The aliases -section is easier to understand, and probably more useful for the average user. -By adding a new line in an alias section, \verb|alias = officialname|, you can -create a new way to reference a particular algorithm (in those cases when you -ask for an algorithm object with a string specifying its type). For example, if -the line \verb|MyAlgo = Blowfish| was included in an aliases section, then one -could do this: - -\begin{verbatim} -Pipe pipe(get_cipher(``MyAlgo/CBC/PKCS7'', key, iv, ENCRYPTION)); -\end{verbatim} - -and get a Blowfish CBC encryptor. Initially this was implemented due to the -number of algorithms with multiple names (such as ``SHA1'', ``SHA-1'', and -``SHA-160''), but might also be useful in other, more interesting, contexts. - -The OIDs section gives a mapping between ASN.1 OIDs and the algorithm or object -it represents, in the form \verb|name = oid|, where oid is the usual -decimal-dotted representation. For readability and easy of extension in -configuration files, a simple variable interpolation scheme is also -available. Consider the following: - -\begin{verbatim} -[oids] -ISO_MEMBER = 1.2 -US_BODY = ISO_MEMBER.840 # US_BODY = 1.2.840 -RSA_DSI = US_BODY.113549 # RSA_DSI = 1.2.840.113549 -\end{verbatim} - -This only works when the variable name is at the start of the string; since the -primary reason for its inclusion is for with OIDs, this is acceptable. In some -cases, adding a new OID in is sufficient for code to work with new algorithms -(though not always). For example, by setting the proper OIDs, you can make it -possible to import, export, create, and process X.509 certificates that use -Rabin-Williams. - -\subsubsection{Syntax} - -Each line is either a comment, blank, a section name, or a name/value pair -separated by a '='. Comments start with the '\#' character and continue to the -end of line. The reader allows escaping, so if you wanted to include an actual -\# sign you could use \verb|\#|, or include it in a string ('\#' or ``\#''). A -section name is specified by \verb|[somename]|; a section name must have at -least one character, and a section must appear before any name/value pairs. A -name must be alphanumeric, but a value can contain spaces or other strange -things (you must either enclose the argument in quotes or escape each space -with a backslash). An example showing some of the trickier parts of how input -is interpreted follows (but the reader is cautioned that relying on this -behavior is not a good idea): - -\begin{verbatim} -[examples] -foo1 = a b c # stored as abc (not quoted, ws removed) -foo2 = 'a b c' # stored as a b c (quoted, keep ws) -foo3 = "a b c" # stored as a b c (quoted, keep ws) -tricky = "Jack \"I like pie\" Lloyd" # stored as Jack "I like pie" Lloyd -simpler = "Jack 'I like pie' Lloyd" # no escapes needed - -hashmark = "#" # set to a hash -hashmark2 = \# # also set to a hash - -[oids] -RW = 1.2.3.4.5.6 # Now RW keys can be imported/exported! -NR = 1.2.3.4.5.7 # Now NR can be imported/exported too. - # Note these OIDs are *not* allocated for RW/NR, in fact I have no idea who - # owns that section of the OID space, but it's certainly not me. Someone will - # have to allocate OIDs for RW/NR before this is 'legal' - -some_thing = 1.2.3 # some OID -another_thing = some_thing.4.5 # another_thing = 1.2.3.4.5 -\end{verbatim} - - \pagebreak \section{Botan's Modules} diff --git a/include/init.h b/include/init.h index 9936b8c6f..5a9181c8d 100644 --- a/include/init.h +++ b/include/init.h @@ -24,8 +24,6 @@ class InitializerOptions bool fips_mode() const; bool self_test() const; - std::string config_file() const; - InitializerOptions(const std::string&); private: std::map<std::string, std::string> args; diff --git a/misc/botan.rc b/misc/botan.rc deleted file mode 100644 index aaa1b3f91..000000000 --- a/misc/botan.rc +++ /dev/null @@ -1,225 +0,0 @@ -# Botan configuration (v1.4.2) - -# This config, as shipped, matches the library defaults, but is much easier to -# tweak than recompiling everything. You can use it as a base for your own -# configurations. Read section 10.4 "Configuration Files" in the API doc for -# more information. - -[base] -memory_chunk = 32*1024 # size of the chunk of memory allocated at once -default_pbe = PBE-PKCS5v20(SHA-1,TripleDES/CBC) -pkcs8_tries = 3 - -[pk] -blinder_size = 64 -test/public = basic -test/private = basic -test/private_gen = all - -[pem] -search = 4*1024 -forgive = 8 -width = 64 - -[rng] -# LibraryInitializer will try to acquire at least this many bits of entropy -min_entropy = 384 -es_files = /dev/urandom:/dev/random # path for random devices -egd_path = /var/run/egd-pool:/dev/egd-pool # path to search for an EGD socket -ms_capi_prov_type = INTEL_SEC:RSA_FULL # prefered MS CryptoAPI providers -unix_path = /usr/ucb:/usr/etc:/etc - -[x509] -validity_slack = 24h # how much wiggle room is given when checking validity -v1_assume_ca = false # should v1/v2 certificates be considered CA certs? -cache_verify_results = 30m # how long to cache verification results - -[x509/ca] -allow_ca = false # should PKCS #10 requests be able to ask to be a CA? - # should basic_constraints be included in all certs, including end-user? -basic_constraints = always -default_expire = 1y # default expire time for new certs -signing_offset = 30s # offset the PKCS #10 validity times by this amount -rsa_hash = SHA-1 # what hash to use when using RSA to sign new certs -str_type = latin1 # default string encoding (latin1 or utf8) - -[x509/crl] -# can be 'ignore' or 'throw': ignore matches X.509-2000 behavior, throw is PKIX -unknown_critical = ignore - -# When generating a new CRL, this is the default next update time. Can also be -# set in the call to X509_CA::update_crl/X509_CA::new_crl as the last arg -next_update = 7d - -[x509/exts] -# Each of these can be one of: -# - critical: Extension is marked as critical, if we have the info for it -# - yes or noncritical: Extension is included if needed, but not critical -# - no: Extension is not included, even if the information is available -basic_constraints = critical -subject_key_id = yes -authority_key_id = yes -subject_alternative_name = yes -issuer_alternative_name = yes -key_usage = critical -extended_key_usage = yes -crl_number = yes - -[aliases] -Rijndael = AES -3DES = TripleDES -DES-EDE = TripleDES -CAST5 = CAST-128 -3-Way = ThreeWay -SHARK = SHARK-E -SEAL = SEAL-3.0-BE -SHA1 = SHA-160 -SHA-1 = SHA-160 # Don't change or remove this -MARK-4 = ARC4(256) - -OpenPGP.Cipher.1 = IDEA -OpenPGP.Cipher.2 = TripleDES -OpenPGP.Cipher.3 = CAST-128 -OpenPGP.Cipher.4 = Blowfish -OpenPGP.Cipher.5 = SAFER-SK(13) -OpenPGP.Cipher.7 = AES-128 -OpenPGP.Cipher.8 = AES-192 -OpenPGP.Cipher.9 = AES-256 -OpenPGP.Cipher.10 = Twofish - -OpenPGP.Digest.1 = MD5 -OpenPGP.Digest.2 = SHA-1 -OpenPGP.Digest.3 = RIPEMD-160 -OpenPGP.Digest.5 = MD2 -OpenPGP.Digest.6 = Tiger(24,3) -OpenPGP.Digest.7 = HAVAL(20,5) -OpenPGP.Digest.8 = SHA-256 - -TLS.Digest.0 = Parallel(MD5,SHA-1) - -EME-PKCS1-v1_5 = PKCS1v15 -OAEP-MGF1 = EME1 -EME-OAEP = EME1 -X9.31 = EMSA2 -EMSA-PKCS1-v1_5 = EMSA3 -PSS-MGF1 = EMSA4 -EMSA-PSS = EMSA4 - -[oids] -ISO_MEMBER = 1.2 -US_BODY = ISO_MEMBER.840 -X500 = 2.5 - -RSA_DSI = US_BODY.113549 -ANSI_X957 = US_BODY.10040 -ANSI_X942 = US_BODY.10046 -NIST_ALGO = 2.16.840.1.101.3.4 -PKIX_USAGE = 1.3.6.1.5.5.7.3 -GNU_PROJECT = 1.3.6.1.4.1.11591 -OIW_ALGO = 1.3.14.3.2 -DN_ATTR = X500.4 -X509_KU = X500.29 - -PKCS = RSA_DSI.1 -PKCS1 = PKCS.1 -PKCS5 = PKCS.5 -PKCS7 = PKCS.7 -PKCS9 = PKCS.9 - -DES/CBC = OIW_ALGO.7 -TripleDES/CBC = RSA_DSI.3.7 -RC2/CBC = RSA_DSI.3.2 -CAST-128/CBC = US_BODY.113533.7.66.10 -AES-128/CBC = NIST_ALGO.1.2 -AES-192/CBC = NIST_ALGO.1.22 -AES-256/CBC = NIST_ALGO.1.42 - -MD5 = RSA_DSI.2.5 -SHA-160 = OIW_ALGO.26 -Tiger(24,3) = GNU_PROJECT.12.2 - -KeyWrap.TripleDES = PKCS9.16.3.6 -KeyWrap.RC2 = PKCS9.16.3.7 -KeyWrap.CAST-128 = US_BODY.113533.7.66.15 -KeyWrap.AES-128 = NIST_ALGO.1.5 -KeyWrap.AES-192 = NIST_ALGO.1.25 -KeyWrap.AES-256 = NIST_ALGO.1.45 - -Compression.Zlib = PKCS9.16.3.8 - -RSA = PKCS1.1 -RSA = X500.8.1.1 -DSA = ANSI_X957.4.1 -DH = ANSI_X942.2.1 - -DSA/EMSA1(SHA-160)/DER = ANSI_X957.4.3 -DSA/EMSA1(SHA-160) = ANSI_X957.4.3 -RSA/EMSA3(MD2) = PKCS1.2 -RSA/EMSA3(MD5) = PKCS1.4 -RSA/EMSA3(SHA-160) = PKCS1.5 -RSA/EMSA3(SHA-256) = PKCS1.11 -RSA/EMSA3(SHA-384) = PKCS1.12 -RSA/EMSA3(SHA-512) = PKCS1.13 -RSA/EMSA3(RIPEMD-160) = 1.3.36.3.3.1.2 - -PBE-PKCS5v15(MD2,DES/CBC) = PKCS5.1 -PBE-PKCS5v15(MD2,RC2/CBC) = PKCS5.4 -PBE-PKCS5v15(MD5,DES/CBC) = PKCS5.3 -PBE-PKCS5v15(MD5,RC2/CBC) = PKCS5.6 -PBE-PKCS5v15(SHA-160,DES/CBC) = PKCS5.10 -PBE-PKCS5v15(SHA-160,RC2/CBC) = PKCS5.11 -PBE-PKCS5v20 = PKCS5.13 -PKCS5.PBKDF2 = PKCS5.12 - -CMS.DataContent = PKCS7.1 -CMS.SignedData = PKCS7.2 -CMS.EnvelopedData = PKCS7.3 -CMS.DigestedData = PKCS7.5 -CMS.EncryptedData = PKCS7.6 -CMS.AuthenticatedData = PKCS9.16.1.2 -CMS.CompressedData = PKCS9.16.1.9 - -PKCS9.EmailAddress = PKCS9.1 -PKCS9.UnstructuredName = PKCS9.2 -PKCS9.ContentType = PKCS9.3 -PKCS9.MessageDigest = PKCS9.4 -PKCS9.ChallengePassword = PKCS9.7 -PKCS9.ExtensionRequest = PKCS9.14 - -X520.CommonName = DN_ATTR.3 -X520.Surname = DN_ATTR.4 -X520.SerialNumber = DN_ATTR.5 -X520.Country = DN_ATTR.6 -X520.Locality = DN_ATTR.7 -X520.State = DN_ATTR.8 -X520.Organization = DN_ATTR.10 -X520.OrganizationalUnit = DN_ATTR.11 -X520.Title = DN_ATTR.12 -X520.GivenName = DN_ATTR.42 -X520.Initials = DN_ATTR.43 -X520.GenerationalQualifier = DN_ATTR.44 -X520.DNQualifier = DN_ATTR.46 -X520.Pseudonym = DN_ATTR.65 - -X509v3.SubjectKeyIdentifier = X509_KU.14 -X509v3.KeyUsage = X509_KU.15 -X509v3.SubjectAlternativeName = X509_KU.17 -X509v3.IssuerAlternativeName = X509_KU.18 -X509v3.BasicConstraints = X509_KU.19 -X509v3.CRLNumber = X509_KU.20 -X509v3.ReasonCode = X509_KU.21 -X509v3.HoldInstructionCode = X509_KU.23 -X509v3.InvalidityDate = X509_KU.24 -X509v3.CertificatePolicies = X509_KU.32 -X509v3.AuthorityKeyIdentifier = X509_KU.35 -X509v3.PolicyConstraints = X509_KU.36 -X509v3.ExtendedKeyUsage = X509_KU.37 - -PKIX.ServerAuth = PKIX_USAGE.1 -PKIX.ClientAuth = PKIX_USAGE.2 -PKIX.CodeSigning = PKIX_USAGE.3 -PKIX.EmailProtection = PKIX_USAGE.4 -PKIX.IPsecEndSystem = PKIX_USAGE.5 -PKIX.IPsecTunnel = PKIX_USAGE.6 -PKIX.IPsecUser = PKIX_USAGE.7 -PKIX.TimeStamping = PKIX_USAGE.8 diff --git a/src/inifile.cpp b/src/inifile.cpp deleted file mode 100644 index a75ca654f..000000000 --- a/src/inifile.cpp +++ /dev/null @@ -1,138 +0,0 @@ -/************************************************* -* Configuration Reader Source File * -* (C) 1999-2007 The Botan Project * -*************************************************/ - -#include <botan/config.h> -#include <botan/charset.h> -#include <botan/parsing.h> -#include <botan/exceptn.h> -#include <fstream> -#include <map> - -namespace Botan { - -namespace { - -/************************************************* -* Strip comments and whitespace from line * -*************************************************/ -std::string strip_whitespace(const std::string& line) - { - bool is_escaped = false, in_quote = false, in_string = false; - std::string new_line; - - for(std::string::const_iterator j = line.begin(); j != line.end(); ++j) - { - const char c = *j; - - if(c == '"' && !is_escaped && !in_string) - { in_quote = !in_quote; continue; } - if(c == '\'' && !is_escaped && !in_quote) - { in_string = !in_string; continue; } - if(c == '#' && !is_escaped && !in_quote && !in_string) - return new_line; - if(c == '\\' && !is_escaped) { is_escaped = true; continue; } - - if(Charset::is_space(c) && !in_quote && !in_string && !is_escaped) - continue; - - new_line += c; - is_escaped = false; - } - - return new_line; - } - -/************************************************* -* Do variable interpolation * -*************************************************/ -std::string interpolate(const std::string& value, - const std::map<std::string, std::string>& variables) - { - std::string variable, suffix; - - if(value.find('.') == std::string::npos) - variable = value; - else - { - variable = value.substr(0, value.find('.')); - suffix = value.substr(value.find('.'), std::string::npos); - } - - if(variables.find(variable) != variables.end()) - { - const std::string result = variables.find(variable)->second; - if(variable == result) - return value; - return interpolate(result, variables) + suffix; - } - return value; - } - -} - -/************************************************* -* Load a configuration file * -*************************************************/ -void Config::load_inifile(const std::string& fsname) - { - std::ifstream config(fsname.c_str()); - - if(!config) - throw Config_Error("Could not open config file " + fsname); - - u32bit line_no = 0; - std::string line, section; - std::map<std::string, std::string> variables; - - while(std::getline(config, line)) - { - ++line_no; - - line = strip_whitespace(line); - - if(line == "") - continue; - - if(line[0] == '[' && line[line.size()-1] == ']') - { - section = line.substr(1, line.size() - 2); - if(section == "") - throw Config_Error("Empty section name", line_no); - continue; - } - - if(section == "") - throw Config_Error("Section must be set before assignment", line_no); - - std::vector<std::string> name_and_value; - try { - name_and_value = split_on(line, '='); - } - catch(Format_Error) - { - throw Config_Error("Bad assignment: " + line, line_no); - } - - if(name_and_value.size() != 2) - throw Config_Error("Bad line: " + line, line_no); - const std::string name = name_and_value[0]; - const std::string value = interpolate(name_and_value[1], variables); - - if(variables.find(name) == variables.end()) - variables[name] = value; - - if(section == "oids") - { - set("oid2str", name, value, false); - set("str2oid", value, name, false); - } - else if(section == "aliases") - set("alias", name, value); - else - set("conf", section + '/' + name, value); - } - } - -} diff --git a/src/init_opt.cpp b/src/init_opt.cpp index a92d795b0..48dd00967 100644 --- a/src/init_opt.cpp +++ b/src/init_opt.cpp @@ -86,15 +86,6 @@ bool InitializerOptions::self_test() const } /************************************************* -* Return the config file to load, if any * -*************************************************/ -std::string InitializerOptions::config_file() const - { - std::map<std::string, std::string>::const_iterator i = args.find("config"); - return (i != args.end()) ? i->second : ""; - } - -/************************************************* * Setup an InitializerOptions * *************************************************/ InitializerOptions::InitializerOptions(const std::string& arg_string) diff --git a/src/libstate.cpp b/src/libstate.cpp index 9dda38b1f..7b6a929c5 100644 --- a/src/libstate.cpp +++ b/src/libstate.cpp @@ -340,9 +340,6 @@ void Library_State::initialize(const InitializerOptions& args, timer = modules.timer(); transcoder = modules.transcoder(); - if(args.config_file() != "") - config().load_inifile(args.config_file()); - locks["settings"] = get_mutex(); locks["allocator"] = get_mutex(); locks["rng"] = get_mutex(); |