summaryrefslogtreecommitdiff
path: root/lib/auth/dh_common.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/auth/dh_common.c')
-rw-r--r--lib/auth/dh_common.c236
1 files changed, 110 insertions, 126 deletions
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c
index e5f8930402..925e98c5d4 100644
--- a/lib/auth/dh_common.c
+++ b/lib/auth/dh_common.c
@@ -43,7 +43,7 @@
/* Frees the dh_info_st structure.
*/
-void _gnutls_free_dh_info(dh_info_st * dh)
+void _gnutls_free_dh_info(dh_info_st *dh)
{
dh->secret_bits = 0;
_gnutls_free_datum(&dh->prime);
@@ -51,10 +51,8 @@ void _gnutls_free_dh_info(dh_info_st * dh)
_gnutls_free_datum(&dh->public_key);
}
-int
-_gnutls_proc_dh_common_client_kx(gnutls_session_t session,
- uint8_t * data, size_t _data_size,
- gnutls_datum_t * psk_key)
+int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, uint8_t *data,
+ size_t _data_size, gnutls_datum_t *psk_key)
{
uint16_t n_Y;
size_t _n_Y;
@@ -74,10 +72,10 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
if (data_size != 0)
return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
- if (_gnutls_mpi_init_scan_nz
- (&session->key.proto.tls12.dh.client_Y, &data[2], _n_Y)) {
+ if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y,
+ &data[2], _n_Y)) {
gnutls_assert();
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */
}
_gnutls_dh_set_peer_public(session,
@@ -86,9 +84,8 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y;
/* calculate the key after calculating the message */
- ret =
- _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key,
- &session->key.proto.tls12.dh.params, &peer_pub);
+ ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key,
+ &session->key.proto.tls12.dh.params, &peer_pub);
if (ret < 0) {
gnutls_assert();
goto error;
@@ -97,9 +94,9 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
if (psk_key == NULL) {
session->key.key.data = tmp_dh_key.data;
session->key.key.size = tmp_dh_key.size;
- } else { /* In DHE_PSK the key is set differently */
- ret =
- _gnutls_set_psk_session_key(session, psk_key, &tmp_dh_key);
+ } else { /* In DHE_PSK the key is set differently */
+ ret = _gnutls_set_psk_session_key(session, psk_key,
+ &tmp_dh_key);
_gnutls_free_temp_key_datum(&tmp_dh_key);
}
@@ -109,7 +106,7 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
}
ret = 0;
- error:
+error:
_gnutls_mpi_release(&session->key.proto.tls12.dh.client_Y);
gnutls_pk_params_clear(&session->key.proto.tls12.dh.params);
@@ -117,15 +114,14 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session,
}
int _gnutls_gen_dh_common_client_kx(gnutls_session_t session,
- gnutls_buffer_st * data)
+ gnutls_buffer_st *data)
{
return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
}
-int
-_gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
- gnutls_buffer_st * data,
- gnutls_datum_t * pskkey)
+int _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
+ gnutls_buffer_st *data,
+ gnutls_datum_t *pskkey)
{
int ret;
gnutls_pk_params_st peer_pub;
@@ -134,21 +130,18 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
gnutls_pk_params_init(&peer_pub);
- ret =
- _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0,
- &session->key.proto.tls12.dh.params, 1);
+ ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0,
+ &session->key.proto.tls12.dh.params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_dh_set_secret_bits(session,
- _gnutls_mpi_get_nbits(session->key.
- proto.tls12.dh.
- params.params[DH_X]));
+ _gnutls_dh_set_secret_bits(
+ session,
+ _gnutls_mpi_get_nbits(
+ session->key.proto.tls12.dh.params.params[DH_X]));
- ret =
- _gnutls_buffer_append_mpi(data, 16,
- session->key.proto.tls12.dh.
- params.params[DH_Y], 0);
+ ret = _gnutls_buffer_append_mpi(
+ data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0);
if (ret < 0) {
gnutls_assert();
goto error;
@@ -157,18 +150,18 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y;
/* calculate the key after calculating the message */
- ret =
- _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key,
- &session->key.proto.tls12.dh.params, &peer_pub);
+ ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key,
+ &session->key.proto.tls12.dh.params, &peer_pub);
if (ret < 0) {
gnutls_assert();
goto error;
}
- if (session->security_parameters.cs->kx_algorithm != GNUTLS_KX_DHE_PSK) {
+ if (session->security_parameters.cs->kx_algorithm !=
+ GNUTLS_KX_DHE_PSK) {
session->key.key.data = tmp_dh_key.data;
session->key.key.size = tmp_dh_key.size;
- } else { /* In DHE_PSK the key is set differently */
+ } else { /* In DHE_PSK the key is set differently */
ret = _gnutls_set_psk_session_key(session, pskkey, &tmp_dh_key);
_gnutls_free_temp_key_datum(&tmp_dh_key);
}
@@ -180,15 +173,14 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session,
ret = data->length - init_pos;
- error:
+error:
gnutls_pk_params_clear(&session->key.proto.tls12.dh.params);
return ret;
}
/* Returns the bytes parsed */
-int
-_gnutls_proc_dh_common_server_kx(gnutls_session_t session,
- uint8_t * data, size_t _data_size)
+int _gnutls_proc_dh_common_server_kx(gnutls_session_t session, uint8_t *data,
+ size_t _data_size)
{
uint16_t n_Y, n_g, n_p;
size_t _n_Y, _n_g, _n_p, _n_q;
@@ -234,8 +226,8 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
_n_g = n_g;
_n_p = n_p;
- if (_gnutls_mpi_init_scan_nz
- (&session->key.proto.tls12.dh.client_Y, data_Y, _n_Y) != 0) {
+ if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y,
+ data_Y, _n_Y) != 0) {
gnutls_assert();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
@@ -244,77 +236,79 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
if (session->internals.priorities->groups.have_ffdhe != 0) {
/* verify whether the received parameters match the advertised, otherwise
* log that. */
- for (j = 0; j < session->internals.priorities->groups.size; j++) {
- if (session->internals.priorities->groups.
- entry[j]->generator
- && session->internals.priorities->groups.
- entry[j]->generator->size == n_g
- && session->internals.priorities->groups.
- entry[j]->prime->size == n_p
- && memcmp(session->internals.priorities->
- groups.entry[j]->generator->data, data_g,
- n_g) == 0
- && memcmp(session->internals.priorities->
- groups.entry[j]->prime->data, data_p,
- n_p) == 0) {
-
+ for (j = 0; j < session->internals.priorities->groups.size;
+ j++) {
+ if (session->internals.priorities->groups.entry[j]
+ ->generator &&
+ session->internals.priorities->groups.entry[j]
+ ->generator->size == n_g &&
+ session->internals.priorities->groups.entry[j]
+ ->prime->size == n_p &&
+ memcmp(session->internals.priorities->groups
+ .entry[j]
+ ->generator->data,
+ data_g, n_g) == 0 &&
+ memcmp(session->internals.priorities->groups
+ .entry[j]
+ ->prime->data,
+ data_p, n_p) == 0) {
session->internals.hsk_flags |= HSK_USED_FFDHE;
- _gnutls_session_group_set(session,
- session->
- internals.priorities->
- groups.entry[j]);
+ _gnutls_session_group_set(
+ session, session->internals.priorities
+ ->groups.entry[j]);
session->key.proto.tls12.dh.params.qbits =
- *session->internals.priorities->
- groups.entry[j]->q_bits;
- data_q =
- session->internals.priorities->
- groups.entry[j]->q->data;
- _n_q =
- session->internals.priorities->
- groups.entry[j]->q->size;
+ *session->internals.priorities->groups
+ .entry[j]
+ ->q_bits;
+ data_q = session->internals.priorities->groups
+ .entry[j]
+ ->q->data;
+ _n_q = session->internals.priorities->groups
+ .entry[j]
+ ->q->size;
break;
}
}
if (!(session->internals.hsk_flags & HSK_USED_FFDHE)) {
- _gnutls_audit_log(session,
- "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n");
+ _gnutls_audit_log(
+ session,
+ "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n");
}
}
-# ifdef ENABLE_FIPS140
+#ifdef ENABLE_FIPS140
if (gnutls_fips140_mode_enabled() &&
!_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g,
NULL, NULL)) {
gnutls_assert();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
-# endif
+#endif
- if (_gnutls_mpi_init_scan_nz
- (&session->key.proto.tls12.dh.params.params[DH_G], data_g,
- _n_g) != 0) {
+ if (_gnutls_mpi_init_scan_nz(
+ &session->key.proto.tls12.dh.params.params[DH_G], data_g,
+ _n_g) != 0) {
gnutls_assert();
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
- if (_gnutls_mpi_init_scan_nz
- (&session->key.proto.tls12.dh.params.params[DH_P], data_p,
- _n_p) != 0) {
+ if (_gnutls_mpi_init_scan_nz(
+ &session->key.proto.tls12.dh.params.params[DH_P], data_p,
+ _n_p) != 0) {
gnutls_assert();
/* we release now because session->key.proto.tls12.dh.params.params_nr is not yet set */
- _gnutls_mpi_release(&session->key.proto.tls12.dh.
- params.params[DH_G]);
+ _gnutls_mpi_release(
+ &session->key.proto.tls12.dh.params.params[DH_G]);
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
- if (data_q
- && _gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.
- params.params[DH_Q], data_q,
- _n_q) != 0) {
+ if (data_q && _gnutls_mpi_init_scan_nz(
+ &session->key.proto.tls12.dh.params.params[DH_Q],
+ data_q, _n_q) != 0) {
/* we release now because params_nr is not yet set */
- _gnutls_mpi_release(&session->key.proto.tls12.dh.
- params.params[DH_P]);
- _gnutls_mpi_release(&session->key.proto.tls12.dh.
- params.params[DH_G]);
+ _gnutls_mpi_release(
+ &session->key.proto.tls12.dh.params.params[DH_P]);
+ _gnutls_mpi_release(
+ &session->key.proto.tls12.dh.params.params[DH_G]);
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
@@ -329,29 +323,27 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
return bits;
}
- p_bits =
- _gnutls_mpi_get_nbits(session->key.proto.tls12.dh.
- params.params[DH_P]);
+ p_bits = _gnutls_mpi_get_nbits(
+ session->key.proto.tls12.dh.params.params[DH_P]);
if (p_bits < bits) {
/* the prime used by the peer is not acceptable
*/
gnutls_assert();
- _gnutls_debug_log
- ("Received a prime of %u bits, limit is %u\n",
- (unsigned)_gnutls_mpi_get_nbits(session->key.
- proto.tls12.dh.
- params.params
- [DH_P]),
- (unsigned)bits);
+ _gnutls_debug_log(
+ "Received a prime of %u bits, limit is %u\n",
+ (unsigned)_gnutls_mpi_get_nbits(
+ session->key.proto.tls12.dh.params
+ .params[DH_P]),
+ (unsigned)bits);
return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
}
if (p_bits >= DEFAULT_MAX_VERIFY_BITS) {
gnutls_assert();
- _gnutls_debug_log
- ("Received a prime of %u bits, limit is %u\n",
- (unsigned)p_bits,
- (unsigned)DEFAULT_MAX_VERIFY_BITS);
+ _gnutls_debug_log(
+ "Received a prime of %u bits, limit is %u\n",
+ (unsigned)p_bits,
+ (unsigned)DEFAULT_MAX_VERIFY_BITS);
return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
}
}
@@ -367,9 +359,8 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session,
return ret;
}
-int
-_gnutls_dh_common_print_server_kx(gnutls_session_t session,
- gnutls_buffer_st * data)
+int _gnutls_dh_common_print_server_kx(gnutls_session_t session,
+ gnutls_buffer_st *data)
{
int ret;
unsigned q_bits = session->key.proto.tls12.dh.params.qbits;
@@ -379,43 +370,36 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session,
gnutls_assert();
_gnutls_debug_log("too small q_bits value for DH: %u\n",
q_bits);
- q_bits = 0; /* auto-detect */
+ q_bits = 0; /* auto-detect */
}
/* Y=g^x mod p */
- ret =
- _gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits,
- &session->key.proto.tls12.dh.params, 1);
+ ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits,
+ &session->key.proto.tls12.dh.params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
- _gnutls_dh_set_secret_bits(session,
- _gnutls_mpi_get_nbits(session->key.
- proto.tls12.dh.
- params.params[DH_X]));
+ _gnutls_dh_set_secret_bits(
+ session,
+ _gnutls_mpi_get_nbits(
+ session->key.proto.tls12.dh.params.params[DH_X]));
- ret =
- _gnutls_buffer_append_mpi(data, 16,
- session->key.proto.tls12.dh.
- params.params[DH_P], 0);
+ ret = _gnutls_buffer_append_mpi(
+ data, 16, session->key.proto.tls12.dh.params.params[DH_P], 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret =
- _gnutls_buffer_append_mpi(data, 16,
- session->key.proto.tls12.dh.
- params.params[DH_G], 0);
+ ret = _gnutls_buffer_append_mpi(
+ data, 16, session->key.proto.tls12.dh.params.params[DH_G], 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret =
- _gnutls_buffer_append_mpi(data, 16,
- session->key.proto.tls12.dh.
- params.params[DH_Y], 0);
+ ret = _gnutls_buffer_append_mpi(
+ data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -423,7 +407,7 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session,
ret = data->length - init_pos;
- cleanup:
+cleanup:
return ret;
}
View Lorry Controller Status