summaryrefslogtreecommitdiff
path: root/lib/algorithms/publickey.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/algorithms/publickey.c')
-rw-r--r--lib/algorithms/publickey.c135
1 files changed, 70 insertions, 65 deletions
diff --git a/lib/algorithms/publickey.c b/lib/algorithms/publickey.c
index caf53972ab..010fabd7d5 100644
--- a/lib/algorithms/publickey.c
+++ b/lib/algorithms/publickey.c
@@ -26,7 +26,6 @@
#include <x509/common.h>
#include "pk.h"
-
/* KX mappings to PK algorithms */
typedef struct {
gnutls_kx_algorithm_t kx_algorithm;
@@ -71,13 +70,16 @@ static const gnutls_pk_map pk_mappings[] = {
#define GNUTLS_PK_MAP_ALG_LOOP(a) \
GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
-
unsigned
_gnutls_kx_supports_pk(gnutls_kx_algorithm_t kx_algorithm,
gnutls_pk_algorithm_t pk_algorithm)
{
- GNUTLS_PK_MAP_LOOP(if (p->kx_algorithm == kx_algorithm && p->pk_algorithm == pk_algorithm) { return 1; })
- return 0;
+ GNUTLS_PK_MAP_LOOP(if
+ (p->kx_algorithm == kx_algorithm
+ && p->pk_algorithm == pk_algorithm) {
+ return 1;}
+ )
+ return 0;
}
unsigned
@@ -87,13 +89,16 @@ _gnutls_kx_supports_pk_usage(gnutls_kx_algorithm_t kx_algorithm,
{
const gnutls_pk_map *p;
- for(p = pk_mappings; p->kx_algorithm != 0; p++) {
- if (p->kx_algorithm == kx_algorithm && p->pk_algorithm == pk_algorithm) {
+ for (p = pk_mappings; p->kx_algorithm != 0; p++) {
+ if (p->kx_algorithm == kx_algorithm
+ && p->pk_algorithm == pk_algorithm) {
if (key_usage == 0)
return 1;
- else if (p->encipher_type == CIPHER_SIGN && (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
+ else if (p->encipher_type == CIPHER_SIGN
+ && (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
return 1;
- else if (p->encipher_type == CIPHER_ENCRYPT && (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT))
+ else if (p->encipher_type == CIPHER_ENCRYPT
+ && (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT))
return 1;
else
return 0;
@@ -109,50 +114,57 @@ struct gnutls_pk_entry {
const char *name;
const char *oid;
gnutls_pk_algorithm_t id;
- gnutls_ecc_curve_t curve; /* to map PK to specific OID, we need to know the curve for EdDSA */
- bool no_prehashed; /* non-zero if the algorithm cannot sign pre-hashed data */
+ gnutls_ecc_curve_t curve; /* to map PK to specific OID, we need to know the curve for EdDSA */
+ bool no_prehashed; /* non-zero if the algorithm cannot sign pre-hashed data */
};
typedef struct gnutls_pk_entry gnutls_pk_entry;
static const gnutls_pk_entry pk_algorithms[] = {
/* having duplicate entries is ok, as long as the one
* we want to return OID from is first */
- { .name = "RSA", .oid = PK_PKIX1_RSA_OID, .id = GNUTLS_PK_RSA,
- .curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "RSA-PSS", .oid = PK_PKIX1_RSA_PSS_OID, .id = GNUTLS_PK_RSA_PSS,
- .curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "RSA (X.509)", .oid = PK_X509_RSA_OID, .id = GNUTLS_PK_RSA,
- .curve = GNUTLS_ECC_CURVE_INVALID }, /* some certificates use this OID for RSA */
- { .name = "RSA-MD5", .oid = SIG_RSA_MD5_OID, .id = GNUTLS_PK_RSA,
- .curve = GNUTLS_ECC_CURVE_INVALID }, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
- { .name = "RSA-SHA1", .oid = SIG_RSA_SHA1_OID, .id = GNUTLS_PK_RSA,
- .curve = GNUTLS_ECC_CURVE_INVALID }, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
- { .name = "RSA-SHA1", .oid = ISO_SIG_RSA_SHA1_OID, .id = GNUTLS_PK_RSA,
- .curve = GNUTLS_ECC_CURVE_INVALID }, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
- { .name = "DSA", .oid = PK_DSA_OID, .id = GNUTLS_PK_DSA,
- .curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "GOST R 34.10-2012-512", .oid = PK_GOST_R3410_2012_512_OID, .id = GNUTLS_PK_GOST_12_512,
- .curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "GOST R 34.10-2012-256", .oid = PK_GOST_R3410_2012_256_OID, .id = GNUTLS_PK_GOST_12_256,
- .curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "GOST R 34.10-2001", .oid = PK_GOST_R3410_2001_OID, .id = GNUTLS_PK_GOST_01,
- .curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "GOST R 34.10-94", .oid = PK_GOST_R3410_94_OID, .id = GNUTLS_PK_UNKNOWN,
- .curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "EC/ECDSA", .oid = "1.2.840.10045.2.1", .id = GNUTLS_PK_ECDSA,
- .curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "EdDSA (Ed25519)", .oid = SIG_EDDSA_SHA512_OID, .id = GNUTLS_PK_EDDSA_ED25519,
- .curve = GNUTLS_ECC_CURVE_ED25519, .no_prehashed = 1 },
- { .name = "EdDSA (Ed448)", .oid = SIG_ED448_OID, .id = GNUTLS_PK_EDDSA_ED448,
- .curve = GNUTLS_ECC_CURVE_ED448, .no_prehashed = 1 },
- { .name = "DH", .oid = NULL, .id = GNUTLS_PK_DH,
- .curve = GNUTLS_ECC_CURVE_INVALID },
- { .name = "ECDH (X25519)", .oid = ECDH_X25519_OID, .id = GNUTLS_PK_ECDH_X25519,
- .curve = GNUTLS_ECC_CURVE_X25519 },
- { .name = "ECDH (X448)", .oid = ECDH_X448_OID, .id = GNUTLS_PK_ECDH_X448,
- .curve = GNUTLS_ECC_CURVE_X448 },
- { .name = "UNKNOWN", .oid = NULL, .id = GNUTLS_PK_UNKNOWN,
- .curve = GNUTLS_ECC_CURVE_INVALID },
+ {.name = "RSA",.oid = PK_PKIX1_RSA_OID,.id = GNUTLS_PK_RSA,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
+ {.name = "RSA-PSS",.oid = PK_PKIX1_RSA_PSS_OID,.id = GNUTLS_PK_RSA_PSS,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
+ {.name = "RSA (X.509)",.oid = PK_X509_RSA_OID,.id = GNUTLS_PK_RSA,
+ .curve = GNUTLS_ECC_CURVE_INVALID}, /* some certificates use this OID for RSA */
+ {.name = "RSA-MD5",.oid = SIG_RSA_MD5_OID,.id = GNUTLS_PK_RSA,
+ .curve = GNUTLS_ECC_CURVE_INVALID}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
+ {.name = "RSA-SHA1",.oid = SIG_RSA_SHA1_OID,.id = GNUTLS_PK_RSA,
+ .curve = GNUTLS_ECC_CURVE_INVALID}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {.name = "RSA-SHA1",.oid = ISO_SIG_RSA_SHA1_OID,.id = GNUTLS_PK_RSA,
+ .curve = GNUTLS_ECC_CURVE_INVALID}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {.name = "DSA",.oid = PK_DSA_OID,.id = GNUTLS_PK_DSA,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
+ {.name = "GOST R 34.10-2012-512",.oid = PK_GOST_R3410_2012_512_OID,.id =
+ GNUTLS_PK_GOST_12_512,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
+ {.name = "GOST R 34.10-2012-256",.oid = PK_GOST_R3410_2012_256_OID,.id =
+ GNUTLS_PK_GOST_12_256,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
+ {.name = "GOST R 34.10-2001",.oid = PK_GOST_R3410_2001_OID,.id =
+ GNUTLS_PK_GOST_01,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
+ {.name = "GOST R 34.10-94",.oid = PK_GOST_R3410_94_OID,.id =
+ GNUTLS_PK_UNKNOWN,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
+ {.name = "EC/ECDSA",.oid = "1.2.840.10045.2.1",.id = GNUTLS_PK_ECDSA,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
+ {.name = "EdDSA (Ed25519)",.oid = SIG_EDDSA_SHA512_OID,.id =
+ GNUTLS_PK_EDDSA_ED25519,
+ .curve = GNUTLS_ECC_CURVE_ED25519,.no_prehashed = 1},
+ {.name = "EdDSA (Ed448)",.oid = SIG_ED448_OID,.id =
+ GNUTLS_PK_EDDSA_ED448,
+ .curve = GNUTLS_ECC_CURVE_ED448,.no_prehashed = 1},
+ {.name = "DH",.oid = NULL,.id = GNUTLS_PK_DH,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
+ {.name = "ECDH (X25519)",.oid = ECDH_X25519_OID,.id =
+ GNUTLS_PK_ECDH_X25519,
+ .curve = GNUTLS_ECC_CURVE_X25519},
+ {.name = "ECDH (X448)",.oid = ECDH_X448_OID,.id = GNUTLS_PK_ECDH_X448,
+ .curve = GNUTLS_ECC_CURVE_X448},
+ {.name = "UNKNOWN",.oid = NULL,.id = GNUTLS_PK_UNKNOWN,
+ .curve = GNUTLS_ECC_CURVE_INVALID},
{0, 0, 0, 0}
};
@@ -160,7 +172,6 @@ static const gnutls_pk_entry pk_algorithms[] = {
{ const gnutls_pk_entry *p; \
for(p = pk_algorithms; p->name != NULL; p++) { b ; } }
-
/**
* gnutls_pk_algorithm_get_name:
* @algorithm: is a pk algorithm
@@ -174,12 +185,9 @@ const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm)
{
const char *ret = NULL;
- GNUTLS_PK_LOOP(
- if (p->id == algorithm) {
- ret = p->name;
- break;
- }
- );
+ GNUTLS_PK_LOOP(if (p->id == algorithm) {
+ ret = p->name; break;}
+ ) ;
return ret;
}
@@ -203,13 +211,11 @@ const gnutls_pk_algorithm_t *gnutls_pk_list(void)
if (supported_pks[0] == 0) {
int i = 0;
- GNUTLS_PK_LOOP(
- if (p->id != GNUTLS_PK_UNKNOWN &&
- supported_pks[i > 0 ? (i - 1) : 0] != p->id &&
- _gnutls_pk_exists(p->id)) {
- supported_pks[i++] = p->id;
- }
- );
+ GNUTLS_PK_LOOP(if (p->id != GNUTLS_PK_UNKNOWN &&
+ supported_pks[i > 0 ? (i - 1) : 0] != p->id
+ && _gnutls_pk_exists(p->id)) {
+ supported_pks[i++] = p->id;}
+ ) ;
supported_pks[i++] = 0;
}
@@ -354,7 +360,8 @@ const char *gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm)
*
* Since: 3.6.0
-*/
-gnutls_pk_algorithm_t _gnutls_oid_to_pk_and_curve(const char *oid, gnutls_ecc_curve_t *curve)
+gnutls_pk_algorithm_t _gnutls_oid_to_pk_and_curve(const char *oid,
+ gnutls_ecc_curve_t * curve)
{
gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
const gnutls_pk_entry *p;
@@ -378,13 +385,11 @@ gnutls_pk_algorithm_t _gnutls_oid_to_pk_and_curve(const char *oid, gnutls_ecc_cu
*
* ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
*/
-enum encipher_type
-_gnutls_kx_encipher_type(gnutls_kx_algorithm_t kx_algorithm)
+enum encipher_type _gnutls_kx_encipher_type(gnutls_kx_algorithm_t kx_algorithm)
{
int ret = CIPHER_IGN;
GNUTLS_PK_MAP_ALG_LOOP(ret = p->encipher_type)
-
- return ret;
+ return ret;
}
View Lorry Controller Status