diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-08 22:14:07 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-11-08 22:17:10 +0100 |
| commit | 76c93d23c073ef8b885503b7d28a31ffe2add6d8 (patch) | |
| tree | 1dd2d22a197bc40c5330e516969a7cb1ae9bc96f /lib/gnutls_pubkey.c | |
| parent | 559a144f6bbcbb611453f82e655dd7438c14d1a7 (diff) | |
| download | gnutls-76c93d23c073ef8b885503b7d28a31ffe2add6d8.tar.gz | |
reindented code
Diffstat (limited to 'lib/gnutls_pubkey.c')
| -rw-r--r-- | lib/gnutls_pubkey.c | 2513 |
1 files changed, 1224 insertions, 1289 deletions
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c index f27caa6477..f2a871ca19 100644 --- a/lib/gnutls_pubkey.c +++ b/lib/gnutls_pubkey.c @@ -42,19 +42,18 @@ #define OPENPGP_KEY_SUBKEY 1 -int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st* params) +int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st * params) { - switch(pk) - { - case GNUTLS_PK_RSA: - return _gnutls_mpi_get_nbits(params->params[0]); - case GNUTLS_PK_DSA: - return _gnutls_mpi_get_nbits(params->params[3]); - case GNUTLS_PK_EC: - return gnutls_ecc_curve_get_size(params->flags)*8; - default: - return 0; - } + switch (pk) { + case GNUTLS_PK_RSA: + return _gnutls_mpi_get_nbits(params->params[0]); + case GNUTLS_PK_DSA: + return _gnutls_mpi_get_nbits(params->params[3]); + case GNUTLS_PK_EC: + return gnutls_ecc_curve_get_size(params->flags) * 8; + default: + return 0; + } } /** @@ -71,13 +70,12 @@ int pubkey_to_bits(gnutls_pk_algorithm_t pk, gnutls_pk_params_st* params) * * Since: 2.12.0 **/ -int -gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits) +int gnutls_pubkey_get_pk_algorithm(gnutls_pubkey_t key, unsigned int *bits) { - if (bits) - *bits = key->bits; + if (bits) + *bits = key->bits; - return key->pk_algorithm; + return key->pk_algorithm; } /** @@ -92,13 +90,12 @@ gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits) * * Since: 2.12.0 **/ -int -gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage) +int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage) { - if (usage) - *usage = key->key_usage; + if (usage) + *usage = key->key_usage; - return 0; + return 0; } /** @@ -112,17 +109,15 @@ gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage) * * Since: 2.12.0 **/ -int -gnutls_pubkey_init (gnutls_pubkey_t * key) +int gnutls_pubkey_init(gnutls_pubkey_t * key) { - *key = gnutls_calloc (1, sizeof (struct gnutls_pubkey_st)); - if (*key == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - return 0; + *key = gnutls_calloc(1, sizeof(struct gnutls_pubkey_st)); + if (*key == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + return 0; } /** @@ -133,13 +128,12 @@ gnutls_pubkey_init (gnutls_pubkey_t * key) * * Since: 2.12.0 **/ -void -gnutls_pubkey_deinit (gnutls_pubkey_t key) +void gnutls_pubkey_deinit(gnutls_pubkey_t key) { - if (!key) - return; - gnutls_pk_params_release (&key->params); - gnutls_free (key); + if (!key) + return; + gnutls_pk_params_release(&key->params); + gnutls_free(key); } /** @@ -157,25 +151,25 @@ gnutls_pubkey_deinit (gnutls_pubkey_t key) * Since: 2.12.0 **/ int -gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, - unsigned int flags) +gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt, + unsigned int flags) { - int ret; + int ret; - key->pk_algorithm = gnutls_x509_crt_get_pk_algorithm (crt, &key->bits); + key->pk_algorithm = + gnutls_x509_crt_get_pk_algorithm(crt, &key->bits); - ret = gnutls_x509_crt_get_key_usage (crt, &key->key_usage, NULL); - if (ret < 0) - key->key_usage = 0; + ret = gnutls_x509_crt_get_key_usage(crt, &key->key_usage, NULL); + if (ret < 0) + key->key_usage = 0; - ret = _gnutls_x509_crt_get_mpis (crt, &key->params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = _gnutls_x509_crt_get_mpis(crt, &key->params); + if (ret < 0) { + gnutls_assert(); + return ret; + } - return 0; + return 0; } /** @@ -193,25 +187,25 @@ gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt, * Since: 3.1.5 **/ int -gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq, - unsigned int flags) +gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, gnutls_x509_crq_t crq, + unsigned int flags) { - int ret; + int ret; - key->pk_algorithm = gnutls_x509_crq_get_pk_algorithm (crq, &key->bits); + key->pk_algorithm = + gnutls_x509_crq_get_pk_algorithm(crq, &key->bits); - ret = gnutls_x509_crq_get_key_usage (crq, &key->key_usage, NULL); - if (ret < 0) - key->key_usage = 0; + ret = gnutls_x509_crq_get_key_usage(crq, &key->key_usage, NULL); + if (ret < 0) + key->key_usage = 0; - ret = _gnutls_x509_crq_get_mpis (crq, &key->params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } + ret = _gnutls_x509_crq_get_mpis(crq, &key->params); + if (ret < 0) { + gnutls_assert(); + return ret; + } - return 0; + return 0; } /** @@ -230,14 +224,15 @@ gnutls_pubkey_import_x509_crq (gnutls_pubkey_t key, gnutls_x509_crq_t crq, * Since: 2.12.0 **/ int -gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey, - unsigned int usage, unsigned int flags) +gnutls_pubkey_import_privkey(gnutls_pubkey_t key, gnutls_privkey_t pkey, + unsigned int usage, unsigned int flags) { - key->pk_algorithm = gnutls_privkey_get_pk_algorithm (pkey, &key->bits); + key->pk_algorithm = + gnutls_privkey_get_pk_algorithm(pkey, &key->bits); - key->key_usage = usage; + key->key_usage = usage; - return _gnutls_privkey_get_public_mpis (pkey, &key->params); + return _gnutls_privkey_get_public_mpis(pkey, &key->params); } /** @@ -259,23 +254,21 @@ gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey, * Since: 2.12.0 **/ int -gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, - gnutls_digest_algorithm_t * - hash, unsigned int *mand) +gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key, + gnutls_digest_algorithm_t * + hash, unsigned int *mand) { - int ret; + int ret; - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - ret = _gnutls_pk_get_hash_algorithm (key->pk_algorithm, - &key->params, - hash, mand); + ret = _gnutls_pk_get_hash_algorithm(key->pk_algorithm, + &key->params, hash, mand); - return ret; + return ret; } #ifdef ENABLE_PKCS11 @@ -295,83 +288,78 @@ gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key, * Since: 2.12.0 **/ int -gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key, - gnutls_pkcs11_obj_t obj, unsigned int flags) +gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, + gnutls_pkcs11_obj_t obj, unsigned int flags) { - int ret, type; - - type = gnutls_pkcs11_obj_get_type (obj); - if (type != GNUTLS_PKCS11_OBJ_PUBKEY && type != GNUTLS_PKCS11_OBJ_X509_CRT) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (type == GNUTLS_PKCS11_OBJ_X509_CRT) - { - gnutls_x509_crt_t xcrt; - - ret = gnutls_x509_crt_init (&xcrt); - if (ret < 0) - { - gnutls_assert() - return ret; - } - - ret = gnutls_x509_crt_import_pkcs11 (xcrt, obj); - if (ret < 0) - { - gnutls_assert(); - goto cleanup_crt; - } - - ret = gnutls_pubkey_import_x509 (key, xcrt, 0); - if (ret < 0) - { - gnutls_assert(); - goto cleanup_crt; - } - - gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage, NULL); - - ret = 0; -cleanup_crt: - gnutls_x509_crt_deinit(xcrt); - return ret; - } - - key->key_usage = obj->key_usage; - - switch (obj->pk_algorithm) - { - case GNUTLS_PK_RSA: - ret = gnutls_pubkey_import_rsa_raw (key, &obj->pubkey[0], - &obj->pubkey[1]); - break; - case GNUTLS_PK_DSA: - ret = gnutls_pubkey_import_dsa_raw (key, &obj->pubkey[0], - &obj->pubkey[1], - &obj->pubkey[2], &obj->pubkey[3]); - break; - case GNUTLS_PK_EC: - ret = gnutls_pubkey_import_ecc_x962 (key, &obj->pubkey[0], - &obj->pubkey[1]); - break; - default: - gnutls_assert (); - return GNUTLS_E_UNIMPLEMENTED_FEATURE; - } - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return 0; + int ret, type; + + type = gnutls_pkcs11_obj_get_type(obj); + if (type != GNUTLS_PKCS11_OBJ_PUBKEY + && type != GNUTLS_PKCS11_OBJ_X509_CRT) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (type == GNUTLS_PKCS11_OBJ_X509_CRT) { + gnutls_x509_crt_t xcrt; + + ret = gnutls_x509_crt_init(&xcrt); + if (ret < 0) { + gnutls_assert() + return ret; + } + + ret = gnutls_x509_crt_import_pkcs11(xcrt, obj); + if (ret < 0) { + gnutls_assert(); + goto cleanup_crt; + } + + ret = gnutls_pubkey_import_x509(key, xcrt, 0); + if (ret < 0) { + gnutls_assert(); + goto cleanup_crt; + } + + gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage, NULL); + + ret = 0; + cleanup_crt: + gnutls_x509_crt_deinit(xcrt); + return ret; + } + + key->key_usage = obj->key_usage; + + switch (obj->pk_algorithm) { + case GNUTLS_PK_RSA: + ret = gnutls_pubkey_import_rsa_raw(key, &obj->pubkey[0], + &obj->pubkey[1]); + break; + case GNUTLS_PK_DSA: + ret = gnutls_pubkey_import_dsa_raw(key, &obj->pubkey[0], + &obj->pubkey[1], + &obj->pubkey[2], + &obj->pubkey[3]); + break; + case GNUTLS_PK_EC: + ret = gnutls_pubkey_import_ecc_x962(key, &obj->pubkey[0], + &obj->pubkey[1]); + break; + default: + gnutls_assert(); + return GNUTLS_E_UNIMPLEMENTED_FEATURE; + } + + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return 0; } -#endif /* ENABLE_PKCS11 */ +#endif /* ENABLE_PKCS11 */ #ifdef ENABLE_OPENPGP @@ -392,69 +380,75 @@ cleanup_crt: * Since: 2.12.0 **/ int -gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, - gnutls_openpgp_crt_t crt, - unsigned int flags) +gnutls_pubkey_import_openpgp(gnutls_pubkey_t key, + gnutls_openpgp_crt_t crt, unsigned int flags) { - int ret, idx; - uint32_t kid32[2]; - uint32_t *k; - uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; - size_t len; - - len = sizeof(key->openpgp_key_fpr); - ret = gnutls_openpgp_crt_get_fingerprint(crt, key->openpgp_key_fpr, &len); - if (ret < 0) - return gnutls_assert_val(ret); - key->openpgp_key_fpr_set = 1; - - ret = gnutls_openpgp_crt_get_preferred_key_id (crt, keyid); - if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR) - { - key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt, &key->bits); - key->openpgp_key_id_set = OPENPGP_KEY_PRIMARY; - - ret = gnutls_openpgp_crt_get_key_id(crt, key->openpgp_key_id); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage); - if (ret < 0) - key->key_usage = 0; - - k = NULL; - } - else - { - if (ret < 0) - { - gnutls_assert (); - return ret; - } - key->openpgp_key_id_set = OPENPGP_KEY_SUBKEY; - - KEYID_IMPORT (kid32, keyid); - k = kid32; - - idx = gnutls_openpgp_crt_get_subkey_idx (crt, keyid); - - ret = gnutls_openpgp_crt_get_subkey_id(crt, idx, key->openpgp_key_id); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = gnutls_openpgp_crt_get_subkey_usage (crt, idx, &key->key_usage); - if (ret < 0) - key->key_usage = 0; - - key->pk_algorithm = gnutls_openpgp_crt_get_subkey_pk_algorithm (crt, idx, NULL); - } - - ret = - _gnutls_openpgp_crt_get_mpis (crt, k, &key->params); - if (ret < 0) - return gnutls_assert_val(ret); - - return 0; + int ret, idx; + uint32_t kid32[2]; + uint32_t *k; + uint8_t keyid[GNUTLS_OPENPGP_KEYID_SIZE]; + size_t len; + + len = sizeof(key->openpgp_key_fpr); + ret = + gnutls_openpgp_crt_get_fingerprint(crt, key->openpgp_key_fpr, + &len); + if (ret < 0) + return gnutls_assert_val(ret); + key->openpgp_key_fpr_set = 1; + + ret = gnutls_openpgp_crt_get_preferred_key_id(crt, keyid); + if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR) { + key->pk_algorithm = + gnutls_openpgp_crt_get_pk_algorithm(crt, &key->bits); + key->openpgp_key_id_set = OPENPGP_KEY_PRIMARY; + + ret = + gnutls_openpgp_crt_get_key_id(crt, + key->openpgp_key_id); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = + gnutls_openpgp_crt_get_key_usage(crt, &key->key_usage); + if (ret < 0) + key->key_usage = 0; + + k = NULL; + } else { + if (ret < 0) { + gnutls_assert(); + return ret; + } + key->openpgp_key_id_set = OPENPGP_KEY_SUBKEY; + + KEYID_IMPORT(kid32, keyid); + k = kid32; + + idx = gnutls_openpgp_crt_get_subkey_idx(crt, keyid); + + ret = + gnutls_openpgp_crt_get_subkey_id(crt, idx, + key->openpgp_key_id); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = + gnutls_openpgp_crt_get_subkey_usage(crt, idx, + &key->key_usage); + if (ret < 0) + key->key_usage = 0; + + key->pk_algorithm = + gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, idx, + NULL); + } + + ret = _gnutls_openpgp_crt_get_mpis(crt, k, &key->params); + if (ret < 0) + return gnutls_assert_val(ret); + + return 0; } /** @@ -483,54 +477,54 @@ gnutls_pubkey_import_openpgp (gnutls_pubkey_t key, * Since: 3.0 **/ int -gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size, - unsigned int *subkey) +gnutls_pubkey_get_openpgp_key_id(gnutls_pubkey_t key, unsigned int flags, + unsigned char *output_data, + size_t * output_data_size, + unsigned int *subkey) { - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (flags & GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT) - { - if (*output_data_size < sizeof(key->openpgp_key_fpr)) - { - *output_data_size = sizeof(key->openpgp_key_fpr); - return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); - } - - if (key->openpgp_key_fpr_set == 0) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - if (output_data) - memcpy(output_data, key->openpgp_key_fpr, sizeof(key->openpgp_key_fpr)); - *output_data_size = sizeof(key->openpgp_key_fpr); - - return 0; - } - - if (*output_data_size < sizeof(key->openpgp_key_id)) - { - *output_data_size = sizeof(key->openpgp_key_id); - return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); - } - - if (key->openpgp_key_id_set == 0) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - if (key->openpgp_key_id_set == OPENPGP_KEY_SUBKEY) - if (subkey) *subkey = 1; - - if (output_data) - { - memcpy(output_data, key->openpgp_key_id, sizeof(key->openpgp_key_id)); - } - *output_data_size = sizeof(key->openpgp_key_id); - - return 0; + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (flags & GNUTLS_PUBKEY_GET_OPENPGP_FINGERPRINT) { + if (*output_data_size < sizeof(key->openpgp_key_fpr)) { + *output_data_size = sizeof(key->openpgp_key_fpr); + return + gnutls_assert_val + (GNUTLS_E_SHORT_MEMORY_BUFFER); + } + + if (key->openpgp_key_fpr_set == 0) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + if (output_data) + memcpy(output_data, key->openpgp_key_fpr, + sizeof(key->openpgp_key_fpr)); + *output_data_size = sizeof(key->openpgp_key_fpr); + + return 0; + } + + if (*output_data_size < sizeof(key->openpgp_key_id)) { + *output_data_size = sizeof(key->openpgp_key_id); + return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER); + } + + if (key->openpgp_key_id_set == 0) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + if (key->openpgp_key_id_set == OPENPGP_KEY_SUBKEY) + if (subkey) + *subkey = 1; + + if (output_data) { + memcpy(output_data, key->openpgp_key_id, + sizeof(key->openpgp_key_id)); + } + *output_data_size = sizeof(key->openpgp_key_id); + + return 0; } /** @@ -549,49 +543,46 @@ gnutls_pubkey_get_openpgp_key_id (gnutls_pubkey_t key, unsigned int flags, * * Since: 3.1.3 **/ -int gnutls_pubkey_import_openpgp_raw (gnutls_pubkey_t pkey, - const gnutls_datum_t * data, - gnutls_openpgp_crt_fmt_t format, - const gnutls_openpgp_keyid_t keyid, - unsigned int flags) +int gnutls_pubkey_import_openpgp_raw(gnutls_pubkey_t pkey, + const gnutls_datum_t * data, + gnutls_openpgp_crt_fmt_t format, + const gnutls_openpgp_keyid_t keyid, + unsigned int flags) { - gnutls_openpgp_crt_t xpriv; - int ret; - - ret = gnutls_openpgp_crt_init(&xpriv); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = gnutls_openpgp_crt_import(xpriv, data, format); - if (ret < 0) - { - gnutls_assert(); - goto cleanup; - } - - if(keyid) - { - ret = gnutls_openpgp_crt_set_preferred_key_id(xpriv, keyid); - if (ret < 0) - { - gnutls_assert(); - goto cleanup; - } - } - - ret = gnutls_pubkey_import_openpgp(pkey, xpriv, flags); - if (ret < 0) - { - gnutls_assert(); - goto cleanup; - } - - ret = 0; - -cleanup: - gnutls_openpgp_crt_deinit(xpriv); - - return ret; + gnutls_openpgp_crt_t xpriv; + int ret; + + ret = gnutls_openpgp_crt_init(&xpriv); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = gnutls_openpgp_crt_import(xpriv, data, format); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + if (keyid) { + ret = + gnutls_openpgp_crt_set_preferred_key_id(xpriv, keyid); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + } + + ret = gnutls_pubkey_import_openpgp(pkey, xpriv, flags); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = 0; + + cleanup: + gnutls_openpgp_crt_deinit(xpriv); + + return ret; } #endif @@ -621,52 +612,49 @@ cleanup: * Since: 2.12.0 **/ int -gnutls_pubkey_export (gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, void *output_data, - size_t * output_data_size) +gnutls_pubkey_export(gnutls_pubkey_t key, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if ((result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk)) - != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - result = - _gnutls_x509_encode_and_copy_PKI_params (spk, "", - key->pk_algorithm, - &key->params); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } - - result = _gnutls_x509_export_int_named (spk, "", - format, PK_PEM_HEADER, - output_data, output_data_size); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } - - result = 0; - -cleanup: - asn1_delete_structure (&spk); - - return result; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if ((result = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk)) + != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = + _gnutls_x509_encode_and_copy_PKI_params(spk, "", + key->pk_algorithm, + &key->params); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + result = _gnutls_x509_export_int_named(spk, "", + format, PK_PEM_HEADER, + output_data, + output_data_size); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + result = 0; + + cleanup: + asn1_delete_structure(&spk); + + return result; } /** @@ -690,51 +678,47 @@ cleanup: * Since: 3.1.3 **/ int -gnutls_pubkey_export2 (gnutls_pubkey_t key, - gnutls_x509_crt_fmt_t format, - gnutls_datum_t * out) +gnutls_pubkey_export2(gnutls_pubkey_t key, + gnutls_x509_crt_fmt_t format, gnutls_datum_t * out) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if ((result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk)) - != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - result = - _gnutls_x509_encode_and_copy_PKI_params (spk, "", - key->pk_algorithm, - &key->params); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } - - result = _gnutls_x509_export_int_named2 (spk, "", - format, PK_PEM_HEADER, out); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } - - result = 0; - -cleanup: - asn1_delete_structure (&spk); - - return result; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if ((result = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk)) + != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = + _gnutls_x509_encode_and_copy_PKI_params(spk, "", + key->pk_algorithm, + &key->params); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + result = _gnutls_x509_export_int_named2(spk, "", + format, PK_PEM_HEADER, + out); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + result = 0; + + cleanup: + asn1_delete_structure(&spk); + + return result; } /** @@ -760,28 +744,26 @@ cleanup: * Since: 2.12.0 **/ int -gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) +gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags, + unsigned char *output_data, + size_t * output_data_size) { - int ret = 0; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = - _gnutls_get_key_id (key->pk_algorithm, &key->params, - output_data, output_data_size); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - return 0; + int ret = 0; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = + _gnutls_get_key_id(key->pk_algorithm, &key->params, + output_data, output_data_size); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + return 0; } /** @@ -799,39 +781,35 @@ gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags, * Since: 2.12.0 **/ int -gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e) +gnutls_pubkey_get_pk_rsa_raw(gnutls_pubkey_t key, + gnutls_datum_t * m, gnutls_datum_t * e) { - int ret; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (key->pk_algorithm != GNUTLS_PK_RSA) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_mpi_dprint_lz (key->params.params[0], m); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = _gnutls_mpi_dprint_lz (key->params.params[1], e); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (m); - return ret; - } - - return 0; + int ret; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (key->pk_algorithm != GNUTLS_PK_RSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_mpi_dprint_lz(key->params.params[0], m); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + ret = _gnutls_mpi_dprint_lz(key->params.params[1], e); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(m); + return ret; + } + + return 0; } /** @@ -851,65 +829,59 @@ gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key, * Since: 2.12.0 **/ int -gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y) +gnutls_pubkey_get_pk_dsa_raw(gnutls_pubkey_t key, + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y) { - int ret; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (key->pk_algorithm != GNUTLS_PK_DSA) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - /* P */ - ret = _gnutls_mpi_dprint_lz (key->params.params[0], p); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - /* Q */ - ret = _gnutls_mpi_dprint_lz (key->params.params[1], q); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - return ret; - } - - - /* G */ - ret = _gnutls_mpi_dprint_lz (key->params.params[2], g); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (q); - return ret; - } - - - /* Y */ - ret = _gnutls_mpi_dprint_lz (key->params.params[3], y); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (g); - _gnutls_free_datum (q); - return ret; - } - - return 0; + int ret; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (key->pk_algorithm != GNUTLS_PK_DSA) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + /* P */ + ret = _gnutls_mpi_dprint_lz(key->params.params[0], p); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + /* Q */ + ret = _gnutls_mpi_dprint_lz(key->params.params[1], q); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + return ret; + } + + + /* G */ + ret = _gnutls_mpi_dprint_lz(key->params.params[2], g); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(q); + return ret; + } + + + /* Y */ + ret = _gnutls_mpi_dprint_lz(key->params.params[3], y); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(p); + _gnutls_free_datum(g); + _gnutls_free_datum(q); + return ret; + } + + return 0; } /** @@ -928,43 +900,40 @@ gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key, * Since: 3.0 **/ int -gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve, - gnutls_datum_t * x, gnutls_datum_t * y) +gnutls_pubkey_get_pk_ecc_raw(gnutls_pubkey_t key, + gnutls_ecc_curve_t * curve, + gnutls_datum_t * x, gnutls_datum_t * y) { - int ret; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (key->pk_algorithm != GNUTLS_PK_EC) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - *curve = key->params.flags; - - /* X */ - ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_X], x); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - /* Y */ - ret = _gnutls_mpi_dprint_lz (key->params.params[ECC_Y], y); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (x); - return ret; - } - - return 0; + int ret; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (key->pk_algorithm != GNUTLS_PK_EC) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + *curve = key->params.flags; + + /* X */ + ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_X], x); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + /* Y */ + ret = _gnutls_mpi_dprint_lz(key->params.params[ECC_Y], y); + if (ret < 0) { + gnutls_assert(); + _gnutls_free_datum(x); + return ret; + } + + return 0; } /** @@ -981,26 +950,26 @@ gnutls_pubkey_get_pk_ecc_raw (gnutls_pubkey_t key, gnutls_ecc_curve_t *curve, * * Since: 3.0 **/ -int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key, gnutls_datum_t* parameters, - gnutls_datum_t * ecpoint) +int gnutls_pubkey_get_pk_ecc_x962(gnutls_pubkey_t key, + gnutls_datum_t * parameters, + gnutls_datum_t * ecpoint) { - int ret; - - if (key == NULL || key->pk_algorithm != GNUTLS_PK_EC) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - ret = _gnutls_x509_write_ecc_pubkey(&key->params, ecpoint); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = _gnutls_x509_write_ecc_params(&key->params, parameters); - if (ret < 0) - { - _gnutls_free_datum(ecpoint); - return gnutls_assert_val(ret); - } - - return 0; + int ret; + + if (key == NULL || key->pk_algorithm != GNUTLS_PK_EC) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + ret = _gnutls_x509_write_ecc_pubkey(&key->params, ecpoint); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = _gnutls_x509_write_ecc_params(&key->params, parameters); + if (ret < 0) { + _gnutls_free_datum(ecpoint); + return gnutls_assert_val(ret); + } + + return 0; } /** @@ -1021,78 +990,73 @@ int gnutls_pubkey_get_pk_ecc_x962 (gnutls_pubkey_t key, gnutls_datum_t* paramete * Since: 2.12.0 **/ int -gnutls_pubkey_import (gnutls_pubkey_t key, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format) +gnutls_pubkey_import(gnutls_pubkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { - int result = 0, need_free = 0; - gnutls_datum_t _data; - ASN1_TYPE spk; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - _data.data = data->data; - _data.size = data->size; - - /* If the Certificate is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) - { - /* Try the first header */ - result = - _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &_data); - - if (result < 0) - { - gnutls_assert (); - return result; - } - - need_free = 1; - } - - if ((result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk)) - != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } - - result = asn1_der_decoding (&spk, _data.data, _data.size, NULL); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = _gnutls_asn2err (result); - goto cleanup; - } - - result = _gnutls_get_asn_mpis (spk, "", &key->params); - if (result < 0) - { - gnutls_assert (); - goto cleanup; - } - - /* this has already been called by get_asn_mpis() thus it cannot - * fail. - */ - key->pk_algorithm = _gnutls_x509_get_pk_algorithm (spk, "", NULL); - key->bits = pubkey_to_bits(key->pk_algorithm, &key->params); - - result = 0; - -cleanup: - asn1_delete_structure (&spk); - - if (need_free) - _gnutls_free_datum (&_data); - return result; + int result = 0, need_free = 0; + gnutls_datum_t _data; + ASN1_TYPE spk; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + _data.data = data->data; + _data.size = data->size; + + /* If the Certificate is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) { + /* Try the first header */ + result = + _gnutls_fbase64_decode(PK_PEM_HEADER, data->data, + data->size, &_data); + + if (result < 0) { + gnutls_assert(); + return result; + } + + need_free = 1; + } + + if ((result = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk)) + != ASN1_SUCCESS) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + result = asn1_der_decoding(&spk, _data.data, _data.size, NULL); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + result = _gnutls_asn2err(result); + goto cleanup; + } + + result = _gnutls_get_asn_mpis(spk, "", &key->params); + if (result < 0) { + gnutls_assert(); + goto cleanup; + } + + /* this has already been called by get_asn_mpis() thus it cannot + * fail. + */ + key->pk_algorithm = _gnutls_x509_get_pk_algorithm(spk, "", NULL); + key->bits = pubkey_to_bits(key->pk_algorithm, &key->params); + + result = 0; + + cleanup: + asn1_delete_structure(&spk); + + if (need_free) + _gnutls_free_datum(&_data); + return result; } /** @@ -1108,32 +1072,29 @@ cleanup: * * Since: 2.12.0 **/ -int -gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key) +int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key) { - int result; + int result; - if (crt == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (crt == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert, - "tbsCertificate.subjectPublicKeyInfo", - key->pk_algorithm, - &key->params); + result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert, + "tbsCertificate.subjectPublicKeyInfo", + key->pk_algorithm, + &key->params); - if (result < 0) - { - gnutls_assert (); - return result; - } + if (result < 0) { + gnutls_assert(); + return result; + } - if (key->key_usage) - gnutls_x509_crt_set_key_usage (crt, key->key_usage); + if (key->key_usage) + gnutls_x509_crt_set_key_usage(crt, key->key_usage); - return 0; + return 0; } /** @@ -1149,32 +1110,29 @@ gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key) * * Since: 2.12.0 **/ -int -gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key) +int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key) { - int result; + int result; - if (crq == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (crq == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - result = _gnutls_x509_encode_and_copy_PKI_params - (crq->crq, - "certificationRequestInfo.subjectPKInfo", - key->pk_algorithm, &key->params); + result = _gnutls_x509_encode_and_copy_PKI_params + (crq->crq, + "certificationRequestInfo.subjectPKInfo", + key->pk_algorithm, &key->params); - if (result < 0) - { - gnutls_assert (); - return result; - } + if (result < 0) { + gnutls_assert(); + return result; + } - if (key->key_usage) - gnutls_x509_crq_set_key_usage (crq, key->key_usage); + if (key->key_usage) + gnutls_x509_crq_set_key_usage(crq, key->key_usage); - return 0; + return 0; } /** @@ -1191,12 +1149,11 @@ gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key) * * Since: 2.12.0 **/ -int -gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage) +int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage) { - key->key_usage = usage; + key->key_usage = usage; - return 0; + return 0; } #ifdef ENABLE_PKCS11 @@ -1216,45 +1173,43 @@ gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage) * Since: 2.12.0 **/ int -gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url, - unsigned int flags) +gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url, + unsigned int flags) { - gnutls_pkcs11_obj_t pcrt; - int ret; - - ret = gnutls_pkcs11_obj_init (&pcrt); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - if (key->pin.cb) - gnutls_pkcs11_obj_set_pin_function(pcrt, key->pin.cb, key->pin.data); - - ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = gnutls_pubkey_import_pkcs11 (key, pcrt, 0); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = 0; -cleanup: - - gnutls_pkcs11_obj_deinit (pcrt); - - return ret; + gnutls_pkcs11_obj_t pcrt; + int ret; + + ret = gnutls_pkcs11_obj_init(&pcrt); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + if (key->pin.cb) + gnutls_pkcs11_obj_set_pin_function(pcrt, key->pin.cb, + key->pin.data); + + ret = gnutls_pkcs11_obj_import_url(pcrt, url, flags); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = gnutls_pubkey_import_pkcs11(key, pcrt, 0); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = 0; + cleanup: + + gnutls_pkcs11_obj_deinit(pcrt); + + return ret; } -#endif /* ENABLE_PKCS11 */ +#endif /* ENABLE_PKCS11 */ /** * gnutls_pubkey_import_url: @@ -1271,24 +1226,24 @@ cleanup: * Since: 3.1.0 **/ int -gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url, - unsigned int flags) +gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url, + unsigned int flags) { - if (strncmp(url, "pkcs11:", 7) == 0) + if (strncmp(url, "pkcs11:", 7) == 0) #ifdef ENABLE_PKCS11 - return gnutls_pubkey_import_pkcs11_url(key, url, flags); + return gnutls_pubkey_import_pkcs11_url(key, url, flags); #else - return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); #endif - if (strncmp(url, "tpmkey:", 7) == 0) + if (strncmp(url, "tpmkey:", 7) == 0) #ifdef HAVE_TROUSERS - return gnutls_pubkey_import_tpm_url(key, url, NULL, 0); + return gnutls_pubkey_import_tpm_url(key, url, NULL, 0); #else - return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); #endif - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } /** @@ -1306,40 +1261,37 @@ gnutls_pubkey_import_url (gnutls_pubkey_t key, const char *url, * Since: 2.12.0 **/ int -gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key, - const gnutls_datum_t * m, - const gnutls_datum_t * e) +gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e) { - size_t siz = 0; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - gnutls_pk_params_init(&key->params); - - siz = m->size; - if (_gnutls_mpi_scan_nz (&key->params.params[0], m->data, siz)) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = e->size; - if (_gnutls_mpi_scan_nz (&key->params.params[1], e->data, siz)) - { - gnutls_assert (); - _gnutls_mpi_release (&key->params.params[0]); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - key->params.params_nr = RSA_PUBLIC_PARAMS; - key->pk_algorithm = GNUTLS_PK_RSA; - key->bits = pubkey_to_bits(GNUTLS_PK_RSA, &key->params); - - return 0; + size_t siz = 0; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + gnutls_pk_params_init(&key->params); + + siz = m->size; + if (_gnutls_mpi_scan_nz(&key->params.params[0], m->data, siz)) { + gnutls_assert(); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = e->size; + if (_gnutls_mpi_scan_nz(&key->params.params[1], e->data, siz)) { + gnutls_assert(); + _gnutls_mpi_release(&key->params.params[0]); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + key->params.params_nr = RSA_PUBLIC_PARAMS; + key->pk_algorithm = GNUTLS_PK_RSA; + key->bits = pubkey_to_bits(GNUTLS_PK_RSA, &key->params); + + return 0; } /** @@ -1358,43 +1310,42 @@ gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key, * Since: 3.0 **/ int -gnutls_pubkey_import_ecc_raw (gnutls_pubkey_t key, - gnutls_ecc_curve_t curve, - const gnutls_datum_t * x, - const gnutls_datum_t * y) +gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, + gnutls_ecc_curve_t curve, + const gnutls_datum_t * x, + const gnutls_datum_t * y) { - int ret; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - key->params.flags = curve; - - if (_gnutls_mpi_scan_nz (&key->params.params[ECC_X], x->data, x->size)) - { - gnutls_assert (); - ret = GNUTLS_E_MPI_SCAN_FAILED; - goto cleanup; - } - key->params.params_nr++; - - if (_gnutls_mpi_scan_nz (&key->params.params[ECC_Y], y->data, y->size)) - { - gnutls_assert (); - ret = GNUTLS_E_MPI_SCAN_FAILED; - goto cleanup; - } - key->params.params_nr++; - key->pk_algorithm = GNUTLS_PK_EC; - - return 0; - -cleanup: - gnutls_pk_params_release(&key->params); - return ret; + int ret; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + key->params.flags = curve; + + if (_gnutls_mpi_scan_nz + (&key->params.params[ECC_X], x->data, x->size)) { + gnutls_assert(); + ret = GNUTLS_E_MPI_SCAN_FAILED; + goto cleanup; + } + key->params.params_nr++; + + if (_gnutls_mpi_scan_nz + (&key->params.params[ECC_Y], y->data, y->size)) { + gnutls_assert(); + ret = GNUTLS_E_MPI_SCAN_FAILED; + goto cleanup; + } + key->params.params_nr++; + key->pk_algorithm = GNUTLS_PK_EC; + + return 0; + + cleanup: + gnutls_pk_params_release(&key->params); + return ret; } /** @@ -1412,43 +1363,42 @@ cleanup: * Since: 3.0 **/ int -gnutls_pubkey_import_ecc_x962 (gnutls_pubkey_t key, - const gnutls_datum_t * parameters, - const gnutls_datum_t * ecpoint) +gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, + const gnutls_datum_t * parameters, + const gnutls_datum_t * ecpoint) { - int ret; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - key->params.params_nr = 0; - - ret = _gnutls_x509_read_ecc_params(parameters->data, parameters->size, - &key->params); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - - ret = _gnutls_ecc_ansi_x963_import(ecpoint->data, ecpoint->size, - &key->params.params[ECC_X], &key->params.params[ECC_Y]); - if (ret < 0) - { - gnutls_assert (); - goto cleanup; - } - key->params.params_nr+=2; - key->pk_algorithm = GNUTLS_PK_EC; - - return 0; - -cleanup: - gnutls_pk_params_release(&key->params); - return ret; + int ret; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + key->params.params_nr = 0; + + ret = + _gnutls_x509_read_ecc_params(parameters->data, + parameters->size, &key->params); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = _gnutls_ecc_ansi_x963_import(ecpoint->data, ecpoint->size, + &key->params.params[ECC_X], + &key->params.params[ECC_Y]); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + key->params.params_nr += 2; + key->pk_algorithm = GNUTLS_PK_EC; + + return 0; + + cleanup: + gnutls_pk_params_release(&key->params); + return ret; } /** @@ -1469,61 +1419,56 @@ cleanup: * Since: 2.12.0 **/ int -gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key, - const gnutls_datum_t * p, - const gnutls_datum_t * q, - const gnutls_datum_t * g, - const gnutls_datum_t * y) +gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y) { - size_t siz = 0; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - gnutls_pk_params_init(&key->params); - - siz = p->size; - if (_gnutls_mpi_scan_nz (&key->params.params[0], p->data, siz)) - { - gnutls_assert (); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = q->size; - if (_gnutls_mpi_scan_nz (&key->params.params[1], q->data, siz)) - { - gnutls_assert (); - _gnutls_mpi_release (&key->params.params[0]); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = g->size; - if (_gnutls_mpi_scan_nz (&key->params.params[2], g->data, siz)) - { - gnutls_assert (); - _gnutls_mpi_release (&key->params.params[1]); - _gnutls_mpi_release (&key->params.params[0]); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = y->size; - if (_gnutls_mpi_scan_nz (&key->params.params[3], y->data, siz)) - { - gnutls_assert (); - _gnutls_mpi_release (&key->params.params[2]); - _gnutls_mpi_release (&key->params.params[1]); - _gnutls_mpi_release (&key->params.params[0]); - return GNUTLS_E_MPI_SCAN_FAILED; - } - - key->params.params_nr = DSA_PUBLIC_PARAMS; - key->pk_algorithm = GNUTLS_PK_DSA; - key->bits = pubkey_to_bits(GNUTLS_PK_DSA, &key->params); - - return 0; + size_t siz = 0; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + gnutls_pk_params_init(&key->params); + + siz = p->size; + if (_gnutls_mpi_scan_nz(&key->params.params[0], p->data, siz)) { + gnutls_assert(); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = q->size; + if (_gnutls_mpi_scan_nz(&key->params.params[1], q->data, siz)) { + gnutls_assert(); + _gnutls_mpi_release(&key->params.params[0]); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = g->size; + if (_gnutls_mpi_scan_nz(&key->params.params[2], g->data, siz)) { + gnutls_assert(); + _gnutls_mpi_release(&key->params.params[1]); + _gnutls_mpi_release(&key->params.params[0]); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = y->size; + if (_gnutls_mpi_scan_nz(&key->params.params[3], y->data, siz)) { + gnutls_assert(); + _gnutls_mpi_release(&key->params.params[2]); + _gnutls_mpi_release(&key->params.params[1]); + _gnutls_mpi_release(&key->params.params[0]); + return GNUTLS_E_MPI_SCAN_FAILED; + } + + key->params.params_nr = DSA_PUBLIC_PARAMS; + key->pk_algorithm = GNUTLS_PK_DSA; + key->bits = pubkey_to_bits(GNUTLS_PK_DSA, &key->params); + + return 0; } @@ -1546,34 +1491,32 @@ gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key, * Since: 2.12.0 **/ int -gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) +gnutls_pubkey_verify_data(gnutls_pubkey_t pubkey, unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature) { - int ret; - gnutls_digest_algorithm_t hash; - - if (pubkey == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - ret = gnutls_pubkey_get_verify_algorithm (pubkey, signature, &hash); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = pubkey_verify_data( pubkey->pk_algorithm, mac_to_entry(hash), - data, signature, &pubkey->params); - if (ret < 0) - { - gnutls_assert(); - } - - return ret; + int ret; + gnutls_digest_algorithm_t hash; + + if (pubkey == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + ret = gnutls_pubkey_get_verify_algorithm(pubkey, signature, &hash); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = pubkey_verify_data(pubkey->pk_algorithm, mac_to_entry(hash), + data, signature, &pubkey->params); + if (ret < 0) { + gnutls_assert(); + } + + return ret; } /** @@ -1593,33 +1536,31 @@ gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, unsigned int flags, * Since: 3.0 **/ int -gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey, - gnutls_sign_algorithm_t algo, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) +gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey, + gnutls_sign_algorithm_t algo, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature) { - int ret; - const mac_entry_st* me; - - if (pubkey == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo)); - ret = pubkey_verify_data( pubkey->pk_algorithm, me, - data, signature, &pubkey->params); - if (ret < 0) - { - gnutls_assert(); - } - - return ret; + int ret; + const mac_entry_st *me; + + if (pubkey == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo)); + ret = pubkey_verify_data(pubkey->pk_algorithm, me, + data, signature, &pubkey->params); + if (ret < 0) { + gnutls_assert(); + } + + return ret; } @@ -1642,19 +1583,22 @@ gnutls_pubkey_verify_data2 (gnutls_pubkey_t pubkey, * Since: 2.12.0 **/ int -gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) +gnutls_pubkey_verify_hash(gnutls_pubkey_t key, unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature) { -gnutls_digest_algorithm_t algo; -int ret; - - ret = gnutls_pubkey_get_verify_algorithm (key, signature, &algo); - if (ret < 0) - return gnutls_assert_val(ret); - - return gnutls_pubkey_verify_hash2(key, gnutls_pk_to_sign(key->pk_algorithm, algo), - flags, hash, signature); + gnutls_digest_algorithm_t algo; + int ret; + + ret = gnutls_pubkey_get_verify_algorithm(key, signature, &algo); + if (ret < 0) + return gnutls_assert_val(ret); + + return gnutls_pubkey_verify_hash2(key, + gnutls_pk_to_sign(key-> + pk_algorithm, + algo), flags, + hash, signature); } /** @@ -1674,30 +1618,28 @@ int ret; * Since: 3.0 **/ int -gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key, - gnutls_sign_algorithm_t algo, - unsigned int flags, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature) +gnutls_pubkey_verify_hash2(gnutls_pubkey_t key, + gnutls_sign_algorithm_t algo, + unsigned int flags, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature) { - const mac_entry_st* me; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) - { - return _gnutls_pk_verify (GNUTLS_PK_RSA, hash, signature, &key->params); - } - else - { - me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo)); - return pubkey_verify_hashed_data (key->pk_algorithm, me, - hash, signature, &key->params); - } + const mac_entry_st *me; + + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + if (flags & GNUTLS_PUBKEY_VERIFY_FLAG_TLS1_RSA) { + return _gnutls_pk_verify(GNUTLS_PK_RSA, hash, signature, + &key->params); + } else { + me = mac_to_entry(gnutls_sign_get_hash_algorithm(algo)); + return pubkey_verify_hashed_data(key->pk_algorithm, me, + hash, signature, + &key->params); + } } /** @@ -1716,18 +1658,17 @@ gnutls_pubkey_verify_hash2 (gnutls_pubkey_t key, * Since: 3.0 **/ int -gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags, - const gnutls_datum_t * plaintext, - gnutls_datum_t * ciphertext) +gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags, + const gnutls_datum_t * plaintext, + gnutls_datum_t * ciphertext) { - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - return _gnutls_pk_encrypt (key->pk_algorithm, ciphertext, - plaintext, &key->params); + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + return _gnutls_pk_encrypt(key->pk_algorithm, ciphertext, + plaintext, &key->params); } /** @@ -1745,19 +1686,18 @@ gnutls_pubkey_encrypt_data (gnutls_pubkey_t key, unsigned int flags, * Since: 2.12.0 **/ int -gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, - const gnutls_datum_t * signature, - gnutls_digest_algorithm_t * hash) +gnutls_pubkey_get_verify_algorithm(gnutls_pubkey_t key, + const gnutls_datum_t * signature, + gnutls_digest_algorithm_t * hash) { - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } + if (key == NULL) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } - return _gnutls_x509_verify_algorithm (hash, signature, - key->pk_algorithm, - &key->params); + return _gnutls_x509_verify_algorithm(hash, signature, + key->pk_algorithm, + &key->params); } @@ -1766,68 +1706,75 @@ gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key, * it may be null. */ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session, - gnutls_pubkey_t pubkey, - const version_entry_st* ver, - gnutls_sign_algorithm_t sign) + gnutls_pubkey_t pubkey, + const version_entry_st * ver, + gnutls_sign_algorithm_t sign) { -unsigned int hash_size; -unsigned int sig_hash_size; -const mac_entry_st* me; - - if (pubkey->pk_algorithm == GNUTLS_PK_DSA) - { - me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size); - - /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */ - if (!_gnutls_version_has_selectable_sighash (ver)) - { - if (me->id != GNUTLS_MAC_SHA1) - return gnutls_assert_val(GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL); - } - else if (sign != GNUTLS_SIGN_UNKNOWN) - { - me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign)); - sig_hash_size = _gnutls_hash_get_algo_len(me); - if (sig_hash_size < hash_size) - _gnutls_audit_log(session, "The hash size used in signature (%u) is less than the expected (%u)\n", sig_hash_size, hash_size); - } - - } - else if (pubkey->pk_algorithm == GNUTLS_PK_EC) - { - if (_gnutls_version_has_selectable_sighash (ver) && sign != GNUTLS_SIGN_UNKNOWN) - { - me = _gnutls_dsa_q_to_hash (pubkey->pk_algorithm, &pubkey->params, &hash_size); - - me = mac_to_entry(gnutls_sign_get_hash_algorithm(sign)); - sig_hash_size = _gnutls_hash_get_algo_len(me); - - if (sig_hash_size < hash_size) - _gnutls_audit_log(session, "The hash size used in signature (%u) is less than the expected (%u)\n", sig_hash_size, hash_size); - } - - } - - return 0; + unsigned int hash_size; + unsigned int sig_hash_size; + const mac_entry_st *me; + + if (pubkey->pk_algorithm == GNUTLS_PK_DSA) { + me = _gnutls_dsa_q_to_hash(pubkey->pk_algorithm, + &pubkey->params, &hash_size); + + /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */ + if (!_gnutls_version_has_selectable_sighash(ver)) { + if (me->id != GNUTLS_MAC_SHA1) + return + gnutls_assert_val + (GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL); + } else if (sign != GNUTLS_SIGN_UNKNOWN) { + me = mac_to_entry(gnutls_sign_get_hash_algorithm + (sign)); + sig_hash_size = _gnutls_hash_get_algo_len(me); + if (sig_hash_size < hash_size) + _gnutls_audit_log(session, + "The hash size used in signature (%u) is less than the expected (%u)\n", + sig_hash_size, + hash_size); + } + + } else if (pubkey->pk_algorithm == GNUTLS_PK_EC) { + if (_gnutls_version_has_selectable_sighash(ver) + && sign != GNUTLS_SIGN_UNKNOWN) { + me = _gnutls_dsa_q_to_hash(pubkey->pk_algorithm, + &pubkey->params, + &hash_size); + + me = mac_to_entry(gnutls_sign_get_hash_algorithm + (sign)); + sig_hash_size = _gnutls_hash_get_algo_len(me); + + if (sig_hash_size < hash_size) + _gnutls_audit_log(session, + "The hash size used in signature (%u) is less than the expected (%u)\n", + sig_hash_size, + hash_size); + } + + } + + return 0; } /* Returns zero if the public key has more than 512 bits */ int _gnutls_pubkey_is_over_rsa_512(gnutls_pubkey_t pubkey) { - if (pubkey->pk_algorithm == GNUTLS_PK_RSA && _gnutls_mpi_get_nbits (pubkey->params.params[0]) > 512) - return 0; - else - return GNUTLS_E_INVALID_REQUEST; /* doesn't matter */ + if (pubkey->pk_algorithm == GNUTLS_PK_RSA + && _gnutls_mpi_get_nbits(pubkey->params.params[0]) > 512) + return 0; + else + return GNUTLS_E_INVALID_REQUEST; /* doesn't matter */ } /* Returns the public key. */ int -_gnutls_pubkey_get_mpis (gnutls_pubkey_t key, - gnutls_pk_params_st * params) +_gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st * params) { - return _gnutls_pk_params_copy(params, &key->params); + return _gnutls_pk_params_copy(params, &key->params); } /* if hash==MD5 then we do RSA-MD5 @@ -1836,252 +1783,242 @@ _gnutls_pubkey_get_mpis (gnutls_pubkey_t key, * params[1] is public key */ static int -_pkcs1_rsa_verify_sig (const mac_entry_st* me, - const gnutls_datum_t * text, - const gnutls_datum_t * prehash, - const gnutls_datum_t * signature, - gnutls_pk_params_st * params) +_pkcs1_rsa_verify_sig(const mac_entry_st * me, + const gnutls_datum_t * text, + const gnutls_datum_t * prehash, + const gnutls_datum_t * signature, + gnutls_pk_params_st * params) { - int ret; - uint8_t md[MAX_HASH_SIZE], *cmp; - unsigned int digest_size; - gnutls_datum_t d, di; - digest_hd_st hd; - - digest_size = _gnutls_hash_get_algo_len (me); - if (prehash) - { - if (prehash->data == NULL || prehash->size != digest_size) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - - cmp = prehash->data; - } - else - { - if (!text) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - ret = _gnutls_hash_init (&hd, me); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - _gnutls_hash (&hd, text->data, text->size); - _gnutls_hash_deinit (&hd, md); - - cmp = md; - } - - d.data = cmp; - d.size = digest_size; - - /* decrypted is a BER encoded data of type DigestInfo - */ - ret = encode_ber_digest_info (me, &d, &di); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = _gnutls_pk_verify (GNUTLS_PK_RSA, &di, signature, params); - _gnutls_free_datum (&di); - - return ret; + int ret; + uint8_t md[MAX_HASH_SIZE], *cmp; + unsigned int digest_size; + gnutls_datum_t d, di; + digest_hd_st hd; + + digest_size = _gnutls_hash_get_algo_len(me); + if (prehash) { + if (prehash->data == NULL || prehash->size != digest_size) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + + cmp = prehash->data; + } else { + if (!text) { + gnutls_assert(); + return GNUTLS_E_INVALID_REQUEST; + } + + ret = _gnutls_hash_init(&hd, me); + if (ret < 0) { + gnutls_assert(); + return ret; + } + + _gnutls_hash(&hd, text->data, text->size); + _gnutls_hash_deinit(&hd, md); + + cmp = md; + } + + d.data = cmp; + d.size = digest_size; + + /* decrypted is a BER encoded data of type DigestInfo + */ + ret = encode_ber_digest_info(me, &d, &di); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = _gnutls_pk_verify(GNUTLS_PK_RSA, &di, signature, params); + _gnutls_free_datum(&di); + + return ret; } /* Hashes input data and verifies a signature. */ static int -dsa_verify_hashed_data (gnutls_pk_algorithm_t pk, - const mac_entry_st* algo, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_params_st* params) +dsa_verify_hashed_data(gnutls_pk_algorithm_t pk, + const mac_entry_st * algo, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature, + gnutls_pk_params_st * params) { - gnutls_datum_t digest; - unsigned int hash_len; - - if (algo == NULL) - algo = _gnutls_dsa_q_to_hash(pk, params, &hash_len); - else - hash_len = _gnutls_hash_get_algo_len(algo); - - /* SHA1 or better allowed */ - if (!hash->data || hash->size < hash_len) - { - gnutls_assert(); - _gnutls_debug_log("Hash size (%d) does not correspond to hash %s(%d) or better.\n", - (int)hash->size, _gnutls_mac_get_name(algo), hash_len); - - if (hash->size != 20) /* SHA1 is allowed */ - return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED); - } - - digest.data = hash->data; - digest.size = hash->size; - - return _gnutls_pk_verify (pk, &digest, signature, params); + gnutls_datum_t digest; + unsigned int hash_len; + + if (algo == NULL) + algo = _gnutls_dsa_q_to_hash(pk, params, &hash_len); + else + hash_len = _gnutls_hash_get_algo_len(algo); + + /* SHA1 or better allowed */ + if (!hash->data || hash->size < hash_len) { + gnutls_assert(); + _gnutls_debug_log + ("Hash size (%d) does not correspond to hash %s(%d) or better.\n", + (int) hash->size, _gnutls_mac_get_name(algo), + hash_len); + + if (hash->size != 20) /* SHA1 is allowed */ + return + gnutls_assert_val + (GNUTLS_E_PK_SIG_VERIFY_FAILED); + } + + digest.data = hash->data; + digest.size = hash->size; + + return _gnutls_pk_verify(pk, &digest, signature, params); } static int -dsa_verify_data (gnutls_pk_algorithm_t pk, - const mac_entry_st* algo, - const gnutls_datum_t * data, - const gnutls_datum_t * signature, - gnutls_pk_params_st* params) +dsa_verify_data(gnutls_pk_algorithm_t pk, + const mac_entry_st * algo, + const gnutls_datum_t * data, + const gnutls_datum_t * signature, + gnutls_pk_params_st * params) { - int ret; - uint8_t _digest[MAX_HASH_SIZE]; - gnutls_datum_t digest; - digest_hd_st hd; + int ret; + uint8_t _digest[MAX_HASH_SIZE]; + gnutls_datum_t digest; + digest_hd_st hd; - if (algo == NULL) - algo = _gnutls_dsa_q_to_hash (pk, params, NULL); + if (algo == NULL) + algo = _gnutls_dsa_q_to_hash(pk, params, NULL); - ret = _gnutls_hash_init (&hd, algo); - if (ret < 0) - return gnutls_assert_val(ret); + ret = _gnutls_hash_init(&hd, algo); + if (ret < 0) + return gnutls_assert_val(ret); - _gnutls_hash (&hd, data->data, data->size); - _gnutls_hash_deinit (&hd, _digest); + _gnutls_hash(&hd, data->data, data->size); + _gnutls_hash_deinit(&hd, _digest); - digest.data = _digest; - digest.size = _gnutls_hash_get_algo_len(algo); + digest.data = _digest; + digest.size = _gnutls_hash_get_algo_len(algo); - return _gnutls_pk_verify (pk, &digest, signature, params); + return _gnutls_pk_verify(pk, &digest, signature, params); } /* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if * not verified, or 1 otherwise. */ int -pubkey_verify_hashed_data (gnutls_pk_algorithm_t pk, - const mac_entry_st* hash_algo, - const gnutls_datum_t * hash, - const gnutls_datum_t * signature, - gnutls_pk_params_st * issuer_params) +pubkey_verify_hashed_data(gnutls_pk_algorithm_t pk, + const mac_entry_st * hash_algo, + const gnutls_datum_t * hash, + const gnutls_datum_t * signature, + gnutls_pk_params_st * issuer_params) { - switch (pk) - { - case GNUTLS_PK_RSA: - - if (_pkcs1_rsa_verify_sig - (hash_algo, NULL, hash, signature, issuer_params) != 0) - { - gnutls_assert (); - return GNUTLS_E_PK_SIG_VERIFY_FAILED; - } - - return 1; - break; - - case GNUTLS_PK_EC: - case GNUTLS_PK_DSA: - if (dsa_verify_hashed_data(pk, hash_algo, hash, signature, issuer_params) != 0) - { - gnutls_assert (); - return GNUTLS_E_PK_SIG_VERIFY_FAILED; - } - - return 1; - break; - default: - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - - } + switch (pk) { + case GNUTLS_PK_RSA: + + if (_pkcs1_rsa_verify_sig + (hash_algo, NULL, hash, signature, issuer_params) != 0) + { + gnutls_assert(); + return GNUTLS_E_PK_SIG_VERIFY_FAILED; + } + + return 1; + break; + + case GNUTLS_PK_EC: + case GNUTLS_PK_DSA: + if (dsa_verify_hashed_data + (pk, hash_algo, hash, signature, issuer_params) != 0) { + gnutls_assert(); + return GNUTLS_E_PK_SIG_VERIFY_FAILED; + } + + return 1; + break; + default: + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + + } } /* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if * not verified, or 1 otherwise. */ int -pubkey_verify_data (gnutls_pk_algorithm_t pk, - const mac_entry_st* me, - const gnutls_datum_t * data, - const gnutls_datum_t * signature, - gnutls_pk_params_st * issuer_params) +pubkey_verify_data(gnutls_pk_algorithm_t pk, + const mac_entry_st * me, + const gnutls_datum_t * data, + const gnutls_datum_t * signature, + gnutls_pk_params_st * issuer_params) { - switch (pk) - { - case GNUTLS_PK_RSA: - - if (_pkcs1_rsa_verify_sig - (me, data, NULL, signature, issuer_params) != 0) - { - gnutls_assert (); - return GNUTLS_E_PK_SIG_VERIFY_FAILED; - } - - return 1; - break; - - case GNUTLS_PK_EC: - case GNUTLS_PK_DSA: - if (dsa_verify_data(pk, me, data, signature, issuer_params) != 0) - { - gnutls_assert (); - return GNUTLS_E_PK_SIG_VERIFY_FAILED; - } - - return 1; - break; - default: - gnutls_assert (); - return GNUTLS_E_INTERNAL_ERROR; - - } + switch (pk) { + case GNUTLS_PK_RSA: + + if (_pkcs1_rsa_verify_sig + (me, data, NULL, signature, issuer_params) != 0) { + gnutls_assert(); + return GNUTLS_E_PK_SIG_VERIFY_FAILED; + } + + return 1; + break; + + case GNUTLS_PK_EC: + case GNUTLS_PK_DSA: + if (dsa_verify_data(pk, me, data, signature, issuer_params) + != 0) { + gnutls_assert(); + return GNUTLS_E_PK_SIG_VERIFY_FAILED; + } + + return 1; + break; + default: + gnutls_assert(); + return GNUTLS_E_INTERNAL_ERROR; + + } } -const mac_entry_st* -_gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* params, - unsigned int* hash_len) +const mac_entry_st *_gnutls_dsa_q_to_hash(gnutls_pk_algorithm_t algo, + const gnutls_pk_params_st * + params, unsigned int *hash_len) { - int bits = 0; - int ret; - - if (algo == GNUTLS_PK_DSA) - bits = _gnutls_mpi_get_nbits (params->params[1]); - else if (algo == GNUTLS_PK_EC) - bits = gnutls_ecc_curve_get_size(params->flags)*8; - - if (bits <= 160) - { - if (hash_len) *hash_len = 20; - ret = GNUTLS_DIG_SHA1; - } - else if (bits <= 192) - { - if (hash_len) *hash_len = 24; - ret = GNUTLS_DIG_SHA256; - } - else if (bits <= 224) - { - if (hash_len) *hash_len = 28; - ret = GNUTLS_DIG_SHA256; - } - else if (bits <= 256) - { - if (hash_len) *hash_len = 32; - ret = GNUTLS_DIG_SHA256; - } - else if (bits <= 384) - { - if (hash_len) *hash_len = 48; - ret = GNUTLS_DIG_SHA384; - } - else - { - if (hash_len) *hash_len = 64; - ret = GNUTLS_DIG_SHA512; - } - - return mac_to_entry(ret); + int bits = 0; + int ret; + + if (algo == GNUTLS_PK_DSA) + bits = _gnutls_mpi_get_nbits(params->params[1]); + else if (algo == GNUTLS_PK_EC) + bits = gnutls_ecc_curve_get_size(params->flags) * 8; + + if (bits <= 160) { + if (hash_len) + *hash_len = 20; + ret = GNUTLS_DIG_SHA1; + } else if (bits <= 192) { + if (hash_len) + *hash_len = 24; + ret = GNUTLS_DIG_SHA256; + } else if (bits <= 224) { + if (hash_len) + *hash_len = 28; + ret = GNUTLS_DIG_SHA256; + } else if (bits <= 256) { + if (hash_len) + *hash_len = 32; + ret = GNUTLS_DIG_SHA256; + } else if (bits <= 384) { + if (hash_len) + *hash_len = 48; + ret = GNUTLS_DIG_SHA384; + } else { + if (hash_len) + *hash_len = 64; + ret = GNUTLS_DIG_SHA512; + } + + return mac_to_entry(ret); } /** @@ -2100,11 +2037,12 @@ _gnutls_dsa_q_to_hash (gnutls_pk_algorithm_t algo, const gnutls_pk_params_st* pa * Since: 3.1.0 * **/ -void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key, - gnutls_pin_callback_t fn, void *userdata) +void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key, + gnutls_pin_callback_t fn, + void *userdata) { - key->pin.cb = fn; - key->pin.data = userdata; + key->pin.cb = fn; + key->pin.data = userdata; } /** @@ -2122,37 +2060,34 @@ void gnutls_pubkey_set_pin_function (gnutls_pubkey_t key, * * Since: 3.1.3 **/ -int gnutls_pubkey_import_x509_raw (gnutls_pubkey_t pkey, - const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, - unsigned int flags) +int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags) { - gnutls_x509_crt_t xpriv; - int ret; - - ret = gnutls_x509_crt_init(&xpriv); - if (ret < 0) - return gnutls_assert_val(ret); - - ret = gnutls_x509_crt_import(xpriv, data, format); - if (ret < 0) - { - gnutls_assert(); - goto cleanup; - } - - ret = gnutls_pubkey_import_x509(pkey, xpriv, flags); - if (ret < 0) - { - gnutls_assert(); - goto cleanup; - } - - return 0; - -cleanup: - gnutls_x509_crt_deinit(xpriv); - - return ret; -} + gnutls_x509_crt_t xpriv; + int ret; + ret = gnutls_x509_crt_init(&xpriv); + if (ret < 0) + return gnutls_assert_val(ret); + + ret = gnutls_x509_crt_import(xpriv, data, format); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + ret = gnutls_pubkey_import_x509(pkey, xpriv, flags); + if (ret < 0) { + gnutls_assert(); + goto cleanup; + } + + return 0; + + cleanup: + gnutls_x509_crt_deinit(xpriv); + + return ret; +} |