diff options
Diffstat (limited to 'lib/auth/dh_common.c')
-rw-r--r-- | lib/auth/dh_common.c | 236 |
1 files changed, 110 insertions, 126 deletions
diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index e5f8930402..925e98c5d4 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -43,7 +43,7 @@ /* Frees the dh_info_st structure. */ -void _gnutls_free_dh_info(dh_info_st * dh) +void _gnutls_free_dh_info(dh_info_st *dh) { dh->secret_bits = 0; _gnutls_free_datum(&dh->prime); @@ -51,10 +51,8 @@ void _gnutls_free_dh_info(dh_info_st * dh) _gnutls_free_datum(&dh->public_key); } -int -_gnutls_proc_dh_common_client_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size, - gnutls_datum_t * psk_key) +int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size, gnutls_datum_t *psk_key) { uint16_t n_Y; size_t _n_Y; @@ -74,10 +72,10 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, if (data_size != 0) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); - if (_gnutls_mpi_init_scan_nz - (&session->key.proto.tls12.dh.client_Y, &data[2], _n_Y)) { + if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y, + &data[2], _n_Y)) { gnutls_assert(); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */ + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */ } _gnutls_dh_set_peer_public(session, @@ -86,9 +84,8 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y; /* calculate the key after calculating the message */ - ret = - _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, - &session->key.proto.tls12.dh.params, &peer_pub); + ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, + &session->key.proto.tls12.dh.params, &peer_pub); if (ret < 0) { gnutls_assert(); goto error; @@ -97,9 +94,9 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, if (psk_key == NULL) { session->key.key.data = tmp_dh_key.data; session->key.key.size = tmp_dh_key.size; - } else { /* In DHE_PSK the key is set differently */ - ret = - _gnutls_set_psk_session_key(session, psk_key, &tmp_dh_key); + } else { /* In DHE_PSK the key is set differently */ + ret = _gnutls_set_psk_session_key(session, psk_key, + &tmp_dh_key); _gnutls_free_temp_key_datum(&tmp_dh_key); } @@ -109,7 +106,7 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, } ret = 0; - error: +error: _gnutls_mpi_release(&session->key.proto.tls12.dh.client_Y); gnutls_pk_params_clear(&session->key.proto.tls12.dh.params); @@ -117,15 +114,14 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, } int _gnutls_gen_dh_common_client_kx(gnutls_session_t session, - gnutls_buffer_st * data) + gnutls_buffer_st *data) { return _gnutls_gen_dh_common_client_kx_int(session, data, NULL); } -int -_gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, - gnutls_buffer_st * data, - gnutls_datum_t * pskkey) +int _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, + gnutls_buffer_st *data, + gnutls_datum_t *pskkey) { int ret; gnutls_pk_params_st peer_pub; @@ -134,21 +130,18 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, gnutls_pk_params_init(&peer_pub); - ret = - _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, - &session->key.proto.tls12.dh.params, 1); + ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, + &session->key.proto.tls12.dh.params, 1); if (ret < 0) return gnutls_assert_val(ret); - _gnutls_dh_set_secret_bits(session, - _gnutls_mpi_get_nbits(session->key. - proto.tls12.dh. - params.params[DH_X])); + _gnutls_dh_set_secret_bits( + session, + _gnutls_mpi_get_nbits( + session->key.proto.tls12.dh.params.params[DH_X])); - ret = - _gnutls_buffer_append_mpi(data, 16, - session->key.proto.tls12.dh. - params.params[DH_Y], 0); + ret = _gnutls_buffer_append_mpi( + data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0); if (ret < 0) { gnutls_assert(); goto error; @@ -157,18 +150,18 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y; /* calculate the key after calculating the message */ - ret = - _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, - &session->key.proto.tls12.dh.params, &peer_pub); + ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, + &session->key.proto.tls12.dh.params, &peer_pub); if (ret < 0) { gnutls_assert(); goto error; } - if (session->security_parameters.cs->kx_algorithm != GNUTLS_KX_DHE_PSK) { + if (session->security_parameters.cs->kx_algorithm != + GNUTLS_KX_DHE_PSK) { session->key.key.data = tmp_dh_key.data; session->key.key.size = tmp_dh_key.size; - } else { /* In DHE_PSK the key is set differently */ + } else { /* In DHE_PSK the key is set differently */ ret = _gnutls_set_psk_session_key(session, pskkey, &tmp_dh_key); _gnutls_free_temp_key_datum(&tmp_dh_key); } @@ -180,15 +173,14 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, ret = data->length - init_pos; - error: +error: gnutls_pk_params_clear(&session->key.proto.tls12.dh.params); return ret; } /* Returns the bytes parsed */ -int -_gnutls_proc_dh_common_server_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size) +int _gnutls_proc_dh_common_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { uint16_t n_Y, n_g, n_p; size_t _n_Y, _n_g, _n_p, _n_q; @@ -234,8 +226,8 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, _n_g = n_g; _n_p = n_p; - if (_gnutls_mpi_init_scan_nz - (&session->key.proto.tls12.dh.client_Y, data_Y, _n_Y) != 0) { + if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y, + data_Y, _n_Y) != 0) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } @@ -244,77 +236,79 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, if (session->internals.priorities->groups.have_ffdhe != 0) { /* verify whether the received parameters match the advertised, otherwise * log that. */ - for (j = 0; j < session->internals.priorities->groups.size; j++) { - if (session->internals.priorities->groups. - entry[j]->generator - && session->internals.priorities->groups. - entry[j]->generator->size == n_g - && session->internals.priorities->groups. - entry[j]->prime->size == n_p - && memcmp(session->internals.priorities-> - groups.entry[j]->generator->data, data_g, - n_g) == 0 - && memcmp(session->internals.priorities-> - groups.entry[j]->prime->data, data_p, - n_p) == 0) { - + for (j = 0; j < session->internals.priorities->groups.size; + j++) { + if (session->internals.priorities->groups.entry[j] + ->generator && + session->internals.priorities->groups.entry[j] + ->generator->size == n_g && + session->internals.priorities->groups.entry[j] + ->prime->size == n_p && + memcmp(session->internals.priorities->groups + .entry[j] + ->generator->data, + data_g, n_g) == 0 && + memcmp(session->internals.priorities->groups + .entry[j] + ->prime->data, + data_p, n_p) == 0) { session->internals.hsk_flags |= HSK_USED_FFDHE; - _gnutls_session_group_set(session, - session-> - internals.priorities-> - groups.entry[j]); + _gnutls_session_group_set( + session, session->internals.priorities + ->groups.entry[j]); session->key.proto.tls12.dh.params.qbits = - *session->internals.priorities-> - groups.entry[j]->q_bits; - data_q = - session->internals.priorities-> - groups.entry[j]->q->data; - _n_q = - session->internals.priorities-> - groups.entry[j]->q->size; + *session->internals.priorities->groups + .entry[j] + ->q_bits; + data_q = session->internals.priorities->groups + .entry[j] + ->q->data; + _n_q = session->internals.priorities->groups + .entry[j] + ->q->size; break; } } if (!(session->internals.hsk_flags & HSK_USED_FFDHE)) { - _gnutls_audit_log(session, - "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n"); + _gnutls_audit_log( + session, + "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n"); } } -# ifdef ENABLE_FIPS140 +#ifdef ENABLE_FIPS140 if (gnutls_fips140_mode_enabled() && !_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } -# endif +#endif - if (_gnutls_mpi_init_scan_nz - (&session->key.proto.tls12.dh.params.params[DH_G], data_g, - _n_g) != 0) { + if (_gnutls_mpi_init_scan_nz( + &session->key.proto.tls12.dh.params.params[DH_G], data_g, + _n_g) != 0) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } - if (_gnutls_mpi_init_scan_nz - (&session->key.proto.tls12.dh.params.params[DH_P], data_p, - _n_p) != 0) { + if (_gnutls_mpi_init_scan_nz( + &session->key.proto.tls12.dh.params.params[DH_P], data_p, + _n_p) != 0) { gnutls_assert(); /* we release now because session->key.proto.tls12.dh.params.params_nr is not yet set */ - _gnutls_mpi_release(&session->key.proto.tls12.dh. - params.params[DH_G]); + _gnutls_mpi_release( + &session->key.proto.tls12.dh.params.params[DH_G]); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } - if (data_q - && _gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh. - params.params[DH_Q], data_q, - _n_q) != 0) { + if (data_q && _gnutls_mpi_init_scan_nz( + &session->key.proto.tls12.dh.params.params[DH_Q], + data_q, _n_q) != 0) { /* we release now because params_nr is not yet set */ - _gnutls_mpi_release(&session->key.proto.tls12.dh. - params.params[DH_P]); - _gnutls_mpi_release(&session->key.proto.tls12.dh. - params.params[DH_G]); + _gnutls_mpi_release( + &session->key.proto.tls12.dh.params.params[DH_P]); + _gnutls_mpi_release( + &session->key.proto.tls12.dh.params.params[DH_G]); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } @@ -329,29 +323,27 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, return bits; } - p_bits = - _gnutls_mpi_get_nbits(session->key.proto.tls12.dh. - params.params[DH_P]); + p_bits = _gnutls_mpi_get_nbits( + session->key.proto.tls12.dh.params.params[DH_P]); if (p_bits < bits) { /* the prime used by the peer is not acceptable */ gnutls_assert(); - _gnutls_debug_log - ("Received a prime of %u bits, limit is %u\n", - (unsigned)_gnutls_mpi_get_nbits(session->key. - proto.tls12.dh. - params.params - [DH_P]), - (unsigned)bits); + _gnutls_debug_log( + "Received a prime of %u bits, limit is %u\n", + (unsigned)_gnutls_mpi_get_nbits( + session->key.proto.tls12.dh.params + .params[DH_P]), + (unsigned)bits); return GNUTLS_E_DH_PRIME_UNACCEPTABLE; } if (p_bits >= DEFAULT_MAX_VERIFY_BITS) { gnutls_assert(); - _gnutls_debug_log - ("Received a prime of %u bits, limit is %u\n", - (unsigned)p_bits, - (unsigned)DEFAULT_MAX_VERIFY_BITS); + _gnutls_debug_log( + "Received a prime of %u bits, limit is %u\n", + (unsigned)p_bits, + (unsigned)DEFAULT_MAX_VERIFY_BITS); return GNUTLS_E_DH_PRIME_UNACCEPTABLE; } } @@ -367,9 +359,8 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, return ret; } -int -_gnutls_dh_common_print_server_kx(gnutls_session_t session, - gnutls_buffer_st * data) +int _gnutls_dh_common_print_server_kx(gnutls_session_t session, + gnutls_buffer_st *data) { int ret; unsigned q_bits = session->key.proto.tls12.dh.params.qbits; @@ -379,43 +370,36 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session, gnutls_assert(); _gnutls_debug_log("too small q_bits value for DH: %u\n", q_bits); - q_bits = 0; /* auto-detect */ + q_bits = 0; /* auto-detect */ } /* Y=g^x mod p */ - ret = - _gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits, - &session->key.proto.tls12.dh.params, 1); + ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits, + &session->key.proto.tls12.dh.params, 1); if (ret < 0) return gnutls_assert_val(ret); - _gnutls_dh_set_secret_bits(session, - _gnutls_mpi_get_nbits(session->key. - proto.tls12.dh. - params.params[DH_X])); + _gnutls_dh_set_secret_bits( + session, + _gnutls_mpi_get_nbits( + session->key.proto.tls12.dh.params.params[DH_X])); - ret = - _gnutls_buffer_append_mpi(data, 16, - session->key.proto.tls12.dh. - params.params[DH_P], 0); + ret = _gnutls_buffer_append_mpi( + data, 16, session->key.proto.tls12.dh.params.params[DH_P], 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_buffer_append_mpi(data, 16, - session->key.proto.tls12.dh. - params.params[DH_G], 0); + ret = _gnutls_buffer_append_mpi( + data, 16, session->key.proto.tls12.dh.params.params[DH_G], 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_buffer_append_mpi(data, 16, - session->key.proto.tls12.dh. - params.params[DH_Y], 0); + ret = _gnutls_buffer_append_mpi( + data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -423,7 +407,7 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session, ret = data->length - init_pos; - cleanup: +cleanup: return ret; } |