summaryrefslogtreecommitdiff
path: root/lib/gnutls_pk.c
diff options
context:
space:
mode:
authorSimon Josefsson <simon@josefsson.org>2005-11-07 23:27:56 +0000
committerSimon Josefsson <simon@josefsson.org>2005-11-07 23:27:56 +0000
commita5891d75997c9529b9fc5c273df8bd0df4093cd0 (patch)
treefd6eec448a88c5eb891cc145921c5793662da604 /lib/gnutls_pk.c
parentaf21484a8daf15da48f7d00c4fe632708a757a64 (diff)
downloadgnutls-a5891d75997c9529b9fc5c273df8bd0df4093cd0.tar.gz
Use GNU coding style.
Diffstat (limited to 'lib/gnutls_pk.c')
-rw-r--r--lib/gnutls_pk.c1108
1 files changed, 599 insertions, 509 deletions
diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c
index 4db5c0c048..8dfc8e38ea 100644
--- a/lib/gnutls_pk.c
+++ b/lib/gnutls_pk.c
@@ -38,148 +38,165 @@
#include <x509/common.h>
#include <gc.h>
-static int _gnutls_pk_encrypt(int algo, mpi_t * resarr, mpi_t data,
- mpi_t * pkey, int pkey_len);
-static int _gnutls_pk_sign(int algo, mpi_t * data, mpi_t hash,
- mpi_t * pkey, int);
-static int _gnutls_pk_verify(int algo, mpi_t hash, mpi_t * data,
- mpi_t * pkey, int);
-static int _gnutls_pk_decrypt(int algo, mpi_t * resarr, mpi_t data,
+static int _gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data,
+ mpi_t * pkey, int pkey_len);
+static int _gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash,
+ mpi_t * pkey, int);
+static int _gnutls_pk_verify (int algo, mpi_t hash, mpi_t * data,
mpi_t * pkey, int);
+static int _gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data,
+ mpi_t * pkey, int);
/* Do PKCS-1 RSA encryption.
* params is modulus, public exp.
*/
-int _gnutls_pkcs1_rsa_encrypt(gnutls_datum_t * ciphertext,
- const gnutls_datum_t * plaintext,
- mpi_t * params, uint params_len, uint btype)
+int
+_gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ mpi_t * params, uint params_len, uint btype)
{
- unsigned int i, pad;
- int ret;
- mpi_t m, res;
- opaque *edata, *ps;
- size_t k, psize;
- size_t mod_bits;
-
- mod_bits = _gnutls_mpi_get_nbits(params[0]);
- k = mod_bits / 8;
- if (mod_bits % 8 != 0)
- k++;
-
- if (plaintext->size > k - 11) {
- gnutls_assert();
- return GNUTLS_E_PK_ENCRYPTION_FAILED;
- }
-
- edata = gnutls_alloca(k);
- if (edata == NULL) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
- }
-
- /* EB = 00||BT||PS||00||D
- * (use block type 'btype')
- */
-
- edata[0] = 0;
- edata[1] = btype;
- psize = k - 3 - plaintext->size;
-
- ps = &edata[2];
- switch (btype) {
+ unsigned int i, pad;
+ int ret;
+ mpi_t m, res;
+ opaque *edata, *ps;
+ size_t k, psize;
+ size_t mod_bits;
+
+ mod_bits = _gnutls_mpi_get_nbits (params[0]);
+ k = mod_bits / 8;
+ if (mod_bits % 8 != 0)
+ k++;
+
+ if (plaintext->size > k - 11)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_ENCRYPTION_FAILED;
+ }
+
+ edata = gnutls_alloca (k);
+ if (edata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* EB = 00||BT||PS||00||D
+ * (use block type 'btype')
+ */
+
+ edata[0] = 0;
+ edata[1] = btype;
+ psize = k - 3 - plaintext->size;
+
+ ps = &edata[2];
+ switch (btype)
+ {
case 2:
- /* using public key */
- if (params_len < RSA_PUBLIC_PARAMS) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_INTERNAL_ERROR;
+ /* using public key */
+ if (params_len < RSA_PUBLIC_PARAMS)
+ {
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- if (gc_pseudo_random (ps, psize) != GC_OK) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_RANDOM_FAILED;
+ if (gc_pseudo_random (ps, psize) != GC_OK)
+ {
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_RANDOM_FAILED;
}
- for (i = 0; i < psize; i++)
- while (ps[i] == 0) {
- if (gc_pseudo_random (&ps[i], 1) != GC_OK) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_RANDOM_FAILED;
- }
- }
- break;
+ for (i = 0; i < psize; i++)
+ while (ps[i] == 0)
+ {
+ if (gc_pseudo_random (&ps[i], 1) != GC_OK)
+ {
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_RANDOM_FAILED;
+ }
+ }
+ break;
case 1:
- /* using private key */
+ /* using private key */
- if (params_len < RSA_PRIVATE_PARAMS) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_INTERNAL_ERROR;
+ if (params_len < RSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- for (i = 0; i < psize; i++)
- ps[i] = 0xff;
- break;
+ for (i = 0; i < psize; i++)
+ ps[i] = 0xff;
+ break;
default:
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- ps[psize] = 0;
- memcpy(&ps[psize + 1], plaintext->data, plaintext->size);
+ ps[psize] = 0;
+ memcpy (&ps[psize + 1], plaintext->data, plaintext->size);
- if (_gnutls_mpi_scan_nz(&m, edata, &k) != 0) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_MPI_SCAN_FAILED;
+ if (_gnutls_mpi_scan_nz (&m, edata, &k) != 0)
+ {
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
- gnutls_afree(edata);
+ gnutls_afree (edata);
- if (btype == 2) /* encrypt */
- ret = _gnutls_pk_encrypt(GCRY_PK_RSA, &res, m, params, params_len);
- else /* sign */
- ret = _gnutls_pk_sign(GCRY_PK_RSA, &res, m, params, params_len);
+ if (btype == 2) /* encrypt */
+ ret = _gnutls_pk_encrypt (GCRY_PK_RSA, &res, m, params, params_len);
+ else /* sign */
+ ret = _gnutls_pk_sign (GCRY_PK_RSA, &res, m, params, params_len);
- _gnutls_mpi_release(&m);
+ _gnutls_mpi_release (&m);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- _gnutls_mpi_print(NULL, &psize, res);
+ _gnutls_mpi_print (NULL, &psize, res);
- if (psize < k) {
- /* padding psize */
- pad = k - psize;
- psize = k;
- } else if (psize == k) {
- pad = 0;
- } else { /* psize > k !!! */
- /* This is an impossible situation */
- gnutls_assert();
- _gnutls_mpi_release(&res);
- return GNUTLS_E_INTERNAL_ERROR;
+ if (psize < k)
+ {
+ /* padding psize */
+ pad = k - psize;
+ psize = k;
+ }
+ else if (psize == k)
+ {
+ pad = 0;
+ }
+ else
+ { /* psize > k !!! */
+ /* This is an impossible situation */
+ gnutls_assert ();
+ _gnutls_mpi_release (&res);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- ciphertext->data = gnutls_malloc(psize);
- if (ciphertext->data == NULL) {
- gnutls_assert();
- _gnutls_mpi_release(&res);
- return GNUTLS_E_MEMORY_ERROR;
+ ciphertext->data = gnutls_malloc (psize);
+ if (ciphertext->data == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&res);
+ return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_mpi_print(&ciphertext->data[pad], &psize, res);
- for (i = 0; i < pad; i++)
- ciphertext->data[i] = 0;
+ _gnutls_mpi_print (&ciphertext->data[pad], &psize, res);
+ for (i = 0; i < pad; i++)
+ ciphertext->data[i] = 0;
- ciphertext->size = k;
+ ciphertext->size = k;
- _gnutls_mpi_release(&res);
+ _gnutls_mpi_release (&res);
- return 0;
+ return 0;
}
@@ -187,324 +204,361 @@ int _gnutls_pkcs1_rsa_encrypt(gnutls_datum_t * ciphertext,
* params is modulus, public exp., private key
* Can decrypt block type 1 and type 2 packets.
*/
-int _gnutls_pkcs1_rsa_decrypt(gnutls_datum_t * plaintext,
- const gnutls_datum_t * ciphertext,
- mpi_t * params, uint params_len, uint btype)
+int
+_gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ mpi_t * params, uint params_len, uint btype)
{
- uint k, i;
- int ret;
- mpi_t c, res;
- opaque *edata;
- size_t esize, mod_bits;
+ uint k, i;
+ int ret;
+ mpi_t c, res;
+ opaque *edata;
+ size_t esize, mod_bits;
- mod_bits = _gnutls_mpi_get_nbits(params[0]);
- k = mod_bits / 8;
- if (mod_bits % 8 != 0)
- k++;
+ mod_bits = _gnutls_mpi_get_nbits (params[0]);
+ k = mod_bits / 8;
+ if (mod_bits % 8 != 0)
+ k++;
- esize = ciphertext->size;
+ esize = ciphertext->size;
- if (esize != k) {
- gnutls_assert();
- return GNUTLS_E_PK_DECRYPTION_FAILED;
+ if (esize != k)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_DECRYPTION_FAILED;
}
- if (_gnutls_mpi_scan_nz(&c, ciphertext->data, &esize) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
+ if (_gnutls_mpi_scan_nz (&c, ciphertext->data, &esize) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
- /* we can use btype to see if the private key is
- * available.
- */
- if (btype == 2)
- ret = _gnutls_pk_decrypt(GCRY_PK_RSA, &res, c, params, params_len);
- else {
- ret = _gnutls_pk_encrypt(GCRY_PK_RSA, &res, c, params, params_len);
+ /* we can use btype to see if the private key is
+ * available.
+ */
+ if (btype == 2)
+ ret = _gnutls_pk_decrypt (GCRY_PK_RSA, &res, c, params, params_len);
+ else
+ {
+ ret = _gnutls_pk_encrypt (GCRY_PK_RSA, &res, c, params, params_len);
}
- _gnutls_mpi_release(&c);
+ _gnutls_mpi_release (&c);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- _gnutls_mpi_print(NULL, &esize, res);
- edata = gnutls_alloca(esize + 1);
- if (edata == NULL) {
- gnutls_assert();
- _gnutls_mpi_release(&res);
- return GNUTLS_E_MEMORY_ERROR;
+ _gnutls_mpi_print (NULL, &esize, res);
+ edata = gnutls_alloca (esize + 1);
+ if (edata == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&res);
+ return GNUTLS_E_MEMORY_ERROR;
}
- _gnutls_mpi_print(&edata[1], &esize, res);
+ _gnutls_mpi_print (&edata[1], &esize, res);
- _gnutls_mpi_release(&res);
+ _gnutls_mpi_release (&res);
- /* EB = 00||BT||PS||00||D
- * (use block type 'btype')
- */
+ /* EB = 00||BT||PS||00||D
+ * (use block type 'btype')
+ */
- edata[0] = 0;
- esize++;
+ edata[0] = 0;
+ esize++;
- if (edata[0] != 0 || edata[1] != btype) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_DECRYPTION_FAILED;
+ if (edata[0] != 0 || edata[1] != btype)
+ {
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_DECRYPTION_FAILED;
}
- ret = GNUTLS_E_DECRYPTION_FAILED;
- switch (btype) {
+ ret = GNUTLS_E_DECRYPTION_FAILED;
+ switch (btype)
+ {
case 2:
- for (i = 2; i < esize; i++) {
- if (edata[i] == 0) {
- ret = 0;
- break;
+ for (i = 2; i < esize; i++)
+ {
+ if (edata[i] == 0)
+ {
+ ret = 0;
+ break;
}
}
- break;
+ break;
case 1:
- for (i = 2; i < esize; i++) {
- if (edata[i] == 0 && i > 2) {
- ret = 0;
- break;
+ for (i = 2; i < esize; i++)
+ {
+ if (edata[i] == 0 && i > 2)
+ {
+ ret = 0;
+ break;
}
- if (edata[i] != 0xff) {
- _gnutls_handshake_log("PKCS #1 padding error");
- ret = GNUTLS_E_PKCS1_WRONG_PAD;
- break;
+ if (edata[i] != 0xff)
+ {
+ _gnutls_handshake_log ("PKCS #1 padding error");
+ ret = GNUTLS_E_PKCS1_WRONG_PAD;
+ break;
}
}
- break;
+ break;
default:
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- i++;
+ i++;
- if (ret < 0) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_DECRYPTION_FAILED;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_DECRYPTION_FAILED;
}
- if (_gnutls_sset_datum(plaintext, &edata[i], esize - i) < 0) {
- gnutls_assert();
- gnutls_afree(edata);
- return GNUTLS_E_MEMORY_ERROR;
+ if (_gnutls_sset_datum (plaintext, &edata[i], esize - i) < 0)
+ {
+ gnutls_assert ();
+ gnutls_afree (edata);
+ return GNUTLS_E_MEMORY_ERROR;
}
- gnutls_afree(edata);
+ gnutls_afree (edata);
- return 0;
+ return 0;
}
-int _gnutls_rsa_verify(const gnutls_datum_t * vdata,
- const gnutls_datum_t * ciphertext, mpi_t * params,
- int params_len, int btype)
+int
+_gnutls_rsa_verify (const gnutls_datum_t * vdata,
+ const gnutls_datum_t * ciphertext, mpi_t * params,
+ int params_len, int btype)
{
- gnutls_datum_t plain;
- int ret;
+ gnutls_datum_t plain;
+ int ret;
- /* decrypt signature */
- if ((ret =
- _gnutls_pkcs1_rsa_decrypt(&plain, ciphertext, params, params_len,
- btype)) < 0) {
- gnutls_assert();
- return ret;
+ /* decrypt signature */
+ if ((ret =
+ _gnutls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len,
+ btype)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- if (plain.size != vdata->size) {
- gnutls_assert();
- _gnutls_free_datum(&plain);
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ if (plain.size != vdata->size)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&plain);
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
- if (memcmp(plain.data, vdata->data, plain.size) != 0) {
- gnutls_assert();
- _gnutls_free_datum(&plain);
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ if (memcmp (plain.data, vdata->data, plain.size) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&plain);
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
- _gnutls_free_datum(&plain);
+ _gnutls_free_datum (&plain);
- return 0; /* ok */
+ return 0; /* ok */
}
/* encodes the Dss-Sig-Value structure
*/
-static int encode_ber_rs(gnutls_datum_t * sig_value, mpi_t r, mpi_t s)
+static int
+encode_ber_rs (gnutls_datum_t * sig_value, mpi_t r, mpi_t s)
{
- ASN1_TYPE sig;
- int result, tot_len;
+ ASN1_TYPE sig;
+ int result, tot_len;
- if ((result =
- asn1_create_element(_gnutls_get_gnutls_asn(),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
+ if ((result =
+ asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
}
- result = _gnutls_x509_write_int(sig, "r", r, 1);
- if (result < 0) {
- gnutls_assert();
- asn1_delete_structure(&sig);
- return result;
+ result = _gnutls_x509_write_int (sig, "r", r, 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return result;
}
- result = _gnutls_x509_write_int(sig, "s", s, 1);
- if (result < 0) {
- gnutls_assert();
- asn1_delete_structure(&sig);
- return result;
+ result = _gnutls_x509_write_int (sig, "s", s, 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return result;
}
- tot_len = 0;
+ tot_len = 0;
- result = _gnutls_x509_der_encode(sig, "", sig_value, 0);
+ result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
- asn1_delete_structure(&sig);
+ asn1_delete_structure (&sig);
- if (result < 0) {
- gnutls_assert();
- return result;
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
}
- return 0;
+ return 0;
}
/* Do DSA signature calculation. params is p, q, g, y, x in that order.
*/
-int _gnutls_dsa_sign(gnutls_datum_t * signature,
- const gnutls_datum_t * hash, mpi_t * params,
- uint params_len)
+int
+_gnutls_dsa_sign (gnutls_datum_t * signature,
+ const gnutls_datum_t * hash, mpi_t * params,
+ uint params_len)
{
- mpi_t rs[2], mdata;
- int ret;
- size_t k;
+ mpi_t rs[2], mdata;
+ int ret;
+ size_t k;
- k = hash->size;
- if (k != 20) { /* SHA only */
- gnutls_assert();
- return GNUTLS_E_PK_SIGN_FAILED;
+ k = hash->size;
+ if (k != 20)
+ { /* SHA only */
+ gnutls_assert ();
+ return GNUTLS_E_PK_SIGN_FAILED;
}
- if (_gnutls_mpi_scan_nz(&mdata, hash->data, &k) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
+ if (_gnutls_mpi_scan_nz (&mdata, hash->data, &k) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
- ret = _gnutls_pk_sign(GCRY_PK_DSA, rs, mdata, params, params_len);
- /* rs[0], rs[1] now hold r,s */
- _gnutls_mpi_release(&mdata);
+ ret = _gnutls_pk_sign (GCRY_PK_DSA, rs, mdata, params, params_len);
+ /* rs[0], rs[1] now hold r,s */
+ _gnutls_mpi_release (&mdata);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- ret = encode_ber_rs(signature, rs[0], rs[1]);
+ ret = encode_ber_rs (signature, rs[0], rs[1]);
- /* free r,s */
- _gnutls_mpi_release(&rs[0]);
- _gnutls_mpi_release(&rs[1]);
+ /* free r,s */
+ _gnutls_mpi_release (&rs[0]);
+ _gnutls_mpi_release (&rs[1]);
- if (ret != 0) {
- gnutls_assert();
- return GNUTLS_E_MEMORY_ERROR;
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
}
- return 0;
+ return 0;
}
/* decodes the Dss-Sig-Value structure
*/
-static int decode_ber_rs(const gnutls_datum_t * sig_value, mpi_t * r,
- mpi_t * s)
+static int
+decode_ber_rs (const gnutls_datum_t * sig_value, mpi_t * r, mpi_t * s)
{
- ASN1_TYPE sig;
- int result;
+ ASN1_TYPE sig;
+ int result;
- if ((result =
- asn1_create_element(_gnutls_get_gnutls_asn(),
- "GNUTLS.DSASignatureValue",
- &sig)) != ASN1_SUCCESS) {
- gnutls_assert();
- return _gnutls_asn2err(result);
+ if ((result =
+ asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
}
- result =
- asn1_der_decoding(&sig, sig_value->data, sig_value->size, NULL);
- if (result != ASN1_SUCCESS) {
- gnutls_assert();
- asn1_delete_structure(&sig);
- return _gnutls_asn2err(result);
+ result = asn1_der_decoding (&sig, sig_value->data, sig_value->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return _gnutls_asn2err (result);
}
- result = _gnutls_x509_read_int(sig, "r", r);
- if (result < 0) {
- gnutls_assert();
- asn1_delete_structure(&sig);
- return result;
+ result = _gnutls_x509_read_int (sig, "r", r);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return result;
}
- result = _gnutls_x509_read_int(sig, "s", s);
- if (result < 0) {
- gnutls_assert();
- _gnutls_mpi_release(s);
- asn1_delete_structure(&sig);
- return result;
+ result = _gnutls_x509_read_int (sig, "s", s);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (s);
+ asn1_delete_structure (&sig);
+ return result;
}
- asn1_delete_structure(&sig);
+ asn1_delete_structure (&sig);
- return 0;
+ return 0;
}
/* params is p, q, g, y in that order
*/
-int _gnutls_dsa_verify(const gnutls_datum_t * vdata,
- const gnutls_datum_t * sig_value, mpi_t * params,
- int params_len)
+int
+_gnutls_dsa_verify (const gnutls_datum_t * vdata,
+ const gnutls_datum_t * sig_value, mpi_t * params,
+ int params_len)
{
- mpi_t mdata;
- int ret;
- size_t k;
- mpi_t rs[2];
+ mpi_t mdata;
+ int ret;
+ size_t k;
+ mpi_t rs[2];
- if (vdata->size != 20) { /* sha-1 only */
- gnutls_assert();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ if (vdata->size != 20)
+ { /* sha-1 only */
+ gnutls_assert ();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
- if (decode_ber_rs(sig_value, &rs[0], &rs[1]) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
+ if (decode_ber_rs (sig_value, &rs[0], &rs[1]) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
- k = vdata->size;
- if (_gnutls_mpi_scan_nz(&mdata, vdata->data, &k) != 0) {
- gnutls_assert();
- return GNUTLS_E_MPI_SCAN_FAILED;
+ k = vdata->size;
+ if (_gnutls_mpi_scan_nz (&mdata, vdata->data, &k) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
}
- /* decrypt signature */
- ret = _gnutls_pk_verify(GCRY_PK_DSA, mdata, rs, params, params_len);
- _gnutls_mpi_release(&mdata);
+ /* decrypt signature */
+ ret = _gnutls_pk_verify (GCRY_PK_DSA, mdata, rs, params, params_len);
+ _gnutls_mpi_release (&mdata);
- if (ret < 0) {
- gnutls_assert();
- return ret;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
}
- return 0; /* ok */
+ return 0; /* ok */
}
@@ -515,297 +569,333 @@ int _gnutls_dsa_verify(const gnutls_datum_t * vdata,
* Emulate our old PK interface here - sometime in the future we might
* change the internal design to directly fit to libgcrypt.
*/
-static int _gnutls_pk_encrypt(int algo, mpi_t * resarr, mpi_t data,
- mpi_t * pkey, int pkey_len)
+static int
+_gnutls_pk_encrypt (int algo, mpi_t * resarr, mpi_t data,
+ mpi_t * pkey, int pkey_len)
{
- gcry_sexp_t s_ciph, s_data, s_pkey;
- int rc = -1;
+ gcry_sexp_t s_ciph, s_data, s_pkey;
+ int rc = -1;
- /* make a sexp from pkey */
- switch (algo) {
+ /* make a sexp from pkey */
+ switch (algo)
+ {
case GCRY_PK_RSA:
- if (pkey_len >= 2)
- rc = gcry_sexp_build(&s_pkey, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- pkey[0], pkey[1]);
- break;
+ if (pkey_len >= 2)
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ pkey[0], pkey[1]);
+ break;
default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* put the data into a simple list */
- if (gcry_sexp_build(&s_data, NULL, "%m", data)) {
- gnutls_assert();
- gcry_sexp_release(s_pkey);
- return GNUTLS_E_INTERNAL_ERROR;
+ /* put the data into a simple list */
+ if (gcry_sexp_build (&s_data, NULL, "%m", data))
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_pkey);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* pass it to libgcrypt */
- rc = gcry_pk_encrypt(&s_ciph, s_data, s_pkey);
- gcry_sexp_release(s_data);
- gcry_sexp_release(s_pkey);
+ /* pass it to libgcrypt */
+ rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+ gcry_sexp_release (s_data);
+ gcry_sexp_release (s_pkey);
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_PK_ENCRYPTION_FAILED;
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_ENCRYPTION_FAILED;
- } else { /* add better error handling or make gnupg use S-Exp directly */
- gcry_sexp_t list = gcry_sexp_find_token(s_ciph, "a", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_ciph);
- return GNUTLS_E_INTERNAL_ERROR;
+ }
+ else
+ { /* add better error handling or make gnupg use S-Exp directly */
+ gcry_sexp_t list = gcry_sexp_find_token (s_ciph, "a", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_ciph);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- resarr[0] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
+ resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
- if (resarr[0] == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_ciph);
- return GNUTLS_E_INTERNAL_ERROR;
+ if (resarr[0] == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_ciph);
+ return GNUTLS_E_INTERNAL_ERROR;
}
}
- gcry_sexp_release(s_ciph);
- return rc;
+ gcry_sexp_release (s_ciph);
+ return rc;
}
-static
-int _gnutls_pk_decrypt(int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey,
- int pkey_len)
+static int
+_gnutls_pk_decrypt (int algo, mpi_t * resarr, mpi_t data, mpi_t * pkey,
+ int pkey_len)
{
- gcry_sexp_t s_plain, s_data, s_pkey;
- int rc = -1;
+ gcry_sexp_t s_plain, s_data, s_pkey;
+ int rc = -1;
- /* make a sexp from pkey */
- switch (algo) {
+ /* make a sexp from pkey */
+ switch (algo)
+ {
case GCRY_PK_RSA:
- if (pkey_len >= 6)
- rc = gcry_sexp_build(&s_pkey, NULL,
- "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
- pkey[0], pkey[1], pkey[2], pkey[3],
- pkey[4], pkey[5]);
- break;
+ if (pkey_len >= 6)
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ pkey[0], pkey[1], pkey[2], pkey[3],
+ pkey[4], pkey[5]);
+ break;
default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* put the data into a simple list */
- if (gcry_sexp_build(&s_data, NULL, "(enc-val(rsa(a%m)))", data)) {
- gnutls_assert();
- gcry_sexp_release(s_pkey);
- return GNUTLS_E_INTERNAL_ERROR;
+ /* put the data into a simple list */
+ if (gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data))
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_pkey);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* pass it to libgcrypt */
- rc = gcry_pk_decrypt(&s_plain, s_data, s_pkey);
- gcry_sexp_release(s_data);
- gcry_sexp_release(s_pkey);
+ /* pass it to libgcrypt */
+ rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey);
+ gcry_sexp_release (s_data);
+ gcry_sexp_release (s_pkey);
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_PK_DECRYPTION_FAILED;
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_DECRYPTION_FAILED;
- } else { /* add better error handling or make gnupg use S-Exp directly */
- resarr[0] = gcry_sexp_nth_mpi(s_plain, 0, 0);
+ }
+ else
+ { /* add better error handling or make gnupg use S-Exp directly */
+ resarr[0] = gcry_sexp_nth_mpi (s_plain, 0, 0);
- if (resarr[0] == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_plain);
- return GNUTLS_E_INTERNAL_ERROR;
+ if (resarr[0] == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_plain);
+ return GNUTLS_E_INTERNAL_ERROR;
}
}
- gcry_sexp_release(s_plain);
- return rc;
+ gcry_sexp_release (s_plain);
+ return rc;
}
/* in case of DSA puts into data, r,s
*/
-static
-int _gnutls_pk_sign(int algo, mpi_t * data, mpi_t hash, mpi_t * pkey,
- int pkey_len)
+static int
+_gnutls_pk_sign (int algo, mpi_t * data, mpi_t hash, mpi_t * pkey,
+ int pkey_len)
{
- gcry_sexp_t s_hash, s_key, s_sig;
- int rc = -1;
+ gcry_sexp_t s_hash, s_key, s_sig;
+ int rc = -1;
- /* make a sexp from pkey */
- switch (algo) {
+ /* make a sexp from pkey */
+ switch (algo)
+ {
case GCRY_PK_DSA:
- if (pkey_len >= 5)
- rc = gcry_sexp_build(&s_key, NULL,
- "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
- pkey[0], pkey[1], pkey[2],
- pkey[3], pkey[4]);
- else {
- gnutls_assert();
+ if (pkey_len >= 5)
+ rc = gcry_sexp_build (&s_key, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
+ pkey[0], pkey[1], pkey[2], pkey[3], pkey[4]);
+ else
+ {
+ gnutls_assert ();
}
- break;
+ break;
case GCRY_PK_RSA:
- if (pkey_len >= 6)
- rc = gcry_sexp_build(&s_key, NULL,
- "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
- pkey[0], pkey[1], pkey[2], pkey[3],
- pkey[4], pkey[5]);
- else {
- gnutls_assert();
+ if (pkey_len >= 6)
+ rc = gcry_sexp_build (&s_key, NULL,
+ "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ pkey[0], pkey[1], pkey[2], pkey[3],
+ pkey[4], pkey[5]);
+ else
+ {
+ gnutls_assert ();
}
- break;
+ break;
default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* put the data into a simple list */
- if (gcry_sexp_build(&s_hash, NULL, "%m", hash)) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ /* put the data into a simple list */
+ if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* pass it to libgcrypt */
- rc = gcry_pk_sign(&s_sig, s_hash, s_key);
- gcry_sexp_release(s_hash);
- gcry_sexp_release(s_key);
+ /* pass it to libgcrypt */
+ rc = gcry_pk_sign (&s_sig, s_hash, s_key);
+ gcry_sexp_release (s_hash);
+ gcry_sexp_release (s_key);
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_PK_SIGN_FAILED;
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_SIGN_FAILED;
- } else {
- gcry_sexp_t list;
+ }
+ else
+ {
+ gcry_sexp_t list;
- if (algo == GCRY_PK_DSA) {
- list = gcry_sexp_find_token(s_sig, "r", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_sig);
- return GNUTLS_E_INTERNAL_ERROR;
+ if (algo == GCRY_PK_DSA)
+ {
+ list = gcry_sexp_find_token (s_sig, "r", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_sig);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- data[0] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
+ data[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
- list = gcry_sexp_find_token(s_sig, "s", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_sig);
- return GNUTLS_E_INTERNAL_ERROR;
+ list = gcry_sexp_find_token (s_sig, "s", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_sig);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- data[1] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
- } else { /* GCRY_PK_RSA */
- list = gcry_sexp_find_token(s_sig, "s", 0);
- if (list == NULL) {
- gnutls_assert();
- gcry_sexp_release(s_sig);
- return GNUTLS_E_INTERNAL_ERROR;
+ data[1] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+ }
+ else
+ { /* GCRY_PK_RSA */
+ list = gcry_sexp_find_token (s_sig, "s", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_sig);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- data[0] = gcry_sexp_nth_mpi(list, 1, 0);
- gcry_sexp_release(list);
+ data[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
}
}
- gcry_sexp_release(s_sig);
- return 0;
+ gcry_sexp_release (s_sig);
+ return 0;
}
-static int _gnutls_pk_verify(int algo, mpi_t hash, mpi_t * data,
- mpi_t * pkey, int pkey_len)
+static int
+_gnutls_pk_verify (int algo, mpi_t hash, mpi_t * data,
+ mpi_t * pkey, int pkey_len)
{
- gcry_sexp_t s_sig, s_hash, s_pkey;
- int rc = -1;
+ gcry_sexp_t s_sig, s_hash, s_pkey;
+ int rc = -1;
- /* make a sexp from pkey */
- switch (algo) {
+ /* make a sexp from pkey */
+ switch (algo)
+ {
case GCRY_PK_DSA:
- if (pkey_len >= 4)
- rc = gcry_sexp_build(&s_pkey, NULL,
- "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
- pkey[0], pkey[1], pkey[2], pkey[3]);
- break;
+ if (pkey_len >= 4)
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ pkey[0], pkey[1], pkey[2], pkey[3]);
+ break;
case GCRY_PK_RSA:
- if (pkey_len >= 2)
- rc = gcry_sexp_build(&s_pkey, NULL,
- "(public-key(rsa(n%m)(e%m)))",
- pkey[0], pkey[1]);
- break;
+ if (pkey_len >= 2)
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ pkey[0], pkey[1]);
+ break;
default:
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_INTERNAL_ERROR;
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
}
- /* put the data into a simple list */
- if (gcry_sexp_build(&s_hash, NULL, "%m", hash)) {
- gnutls_assert();
- gcry_sexp_release(s_pkey);
- return GNUTLS_E_INTERNAL_ERROR;
+ /* put the data into a simple list */
+ if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_pkey);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- switch (algo) {
+ switch (algo)
+ {
case GCRY_PK_DSA:
- rc = gcry_sexp_build(&s_sig, NULL,
- "(sig-val(dsa(r%m)(s%m)))", data[0], data[1]);
- break;
+ rc = gcry_sexp_build (&s_sig, NULL,
+ "(sig-val(dsa(r%m)(s%m)))", data[0], data[1]);
+ break;
case GCRY_PK_RSA:
- rc = gcry_sexp_build(&s_sig, NULL, "(sig-val(rsa(s%m)))", data[0]);
- break;
+ rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", data[0]);
+ break;
default:
- gnutls_assert();
- gcry_sexp_release(s_pkey);
- gcry_sexp_release(s_hash);
- return GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ gcry_sexp_release (s_pkey);
+ gcry_sexp_release (s_hash);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- if (rc != 0) {
- gnutls_assert();
- gcry_sexp_release(s_pkey);
- gcry_sexp_release(s_hash);
- return GNUTLS_E_INTERNAL_ERROR;
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (s_pkey);
+ gcry_sexp_release (s_hash);
+ return GNUTLS_E_INTERNAL_ERROR;
}
- rc = gcry_pk_verify(s_sig, s_hash, s_pkey);
+ rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
- gcry_sexp_release(s_sig);
- gcry_sexp_release(s_hash);
- gcry_sexp_release(s_pkey);
+ gcry_sexp_release (s_sig);
+ gcry_sexp_release (s_hash);
+ gcry_sexp_release (s_pkey);
- if (rc != 0) {
- gnutls_assert();
- return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
- return 0;
+ return 0;
}
View Lorry Controller Status