diff options
Diffstat (limited to 'lib/auth')
| -rw-r--r-- | lib/auth/anon.c | 57 | ||||
| -rw-r--r-- | lib/auth/anon.h | 8 | ||||
| -rw-r--r-- | lib/auth/anon_ecdh.c | 65 | ||||
| -rw-r--r-- | lib/auth/cert.c | 728 | ||||
| -rw-r--r-- | lib/auth/cert.h | 85 | ||||
| -rw-r--r-- | lib/auth/dh_common.c | 236 | ||||
| -rw-r--r-- | lib/auth/dh_common.h | 26 | ||||
| -rw-r--r-- | lib/auth/dhe.c | 39 | ||||
| -rw-r--r-- | lib/auth/dhe_psk.c | 233 | ||||
| -rw-r--r-- | lib/auth/ecdhe.c | 210 | ||||
| -rw-r--r-- | lib/auth/ecdhe.h | 35 | ||||
| -rw-r--r-- | lib/auth/psk.c | 121 | ||||
| -rw-r--r-- | lib/auth/psk.h | 36 | ||||
| -rw-r--r-- | lib/auth/psk_passwd.c | 44 | ||||
| -rw-r--r-- | lib/auth/psk_passwd.h | 11 | ||||
| -rw-r--r-- | lib/auth/rsa.c | 72 | ||||
| -rw-r--r-- | lib/auth/rsa_common.h | 11 | ||||
| -rw-r--r-- | lib/auth/rsa_psk.c | 146 | ||||
| -rw-r--r-- | lib/auth/srp_kx.c | 717 | ||||
| -rw-r--r-- | lib/auth/srp_kx.h | 20 | ||||
| -rw-r--r-- | lib/auth/srp_passwd.c | 89 | ||||
| -rw-r--r-- | lib/auth/srp_passwd.h | 12 | ||||
| -rw-r--r-- | lib/auth/srp_rsa.c | 148 | ||||
| -rw-r--r-- | lib/auth/srp_sb64.c | 132 | ||||
| -rw-r--r-- | lib/auth/vko_gost.c | 87 |
25 files changed, 1492 insertions, 1876 deletions
diff --git a/lib/auth/anon.c b/lib/auth/anon.c index b84a9d098c..24bc5a214c 100644 --- a/lib/auth/anon.c +++ b/lib/auth/anon.c @@ -30,14 +30,14 @@ #if defined(ENABLE_ANON) && defined(ENABLE_DHE) -# include "auth.h" -# include "errors.h" -# include "dh.h" -# include "auth/anon.h" -# include "num.h" -# include "mpi.h" -# include <state.h> -# include <auth/dh_common.h> +#include "auth.h" +#include "errors.h" +#include "dh.h" +#include "auth/anon.h" +#include "num.h" +#include "mpi.h" +#include <state.h> +#include <auth/dh_common.h> static int gen_anon_server_kx(gnutls_session_t, gnutls_buffer_st *); static int proc_anon_client_kx(gnutls_session_t, uint8_t *, size_t); @@ -48,40 +48,38 @@ const mod_auth_st anon_auth_struct = { NULL, NULL, gen_anon_server_kx, - _gnutls_gen_dh_common_client_kx, /* this can be shared */ + _gnutls_gen_dh_common_client_kx, /* this can be shared */ NULL, NULL, NULL, - NULL, /* certificate */ + NULL, /* certificate */ proc_anon_server_kx, proc_anon_client_kx, NULL, NULL }; -static int gen_anon_server_kx(gnutls_session_t session, gnutls_buffer_st * data) +static int gen_anon_server_kx(gnutls_session_t session, gnutls_buffer_st *data) { int ret; gnutls_anon_server_credentials_t cred; - cred = (gnutls_anon_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_ANON); + cred = (gnutls_anon_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_ANON); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, - sizeof(anon_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, + sizeof(anon_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } - ret = - _gnutls_figure_dh_params(session, cred->dh_params, - cred->params_func, cred->dh_sec_param); + ret = _gnutls_figure_dh_params(session, cred->dh_params, + cred->params_func, cred->dh_sec_param); if (ret < 0) { return gnutls_assert_val(ret); } @@ -94,24 +92,21 @@ static int gen_anon_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } -static int -proc_anon_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) +static int proc_anon_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { - return - _gnutls_proc_dh_common_client_kx(session, data, _data_size, NULL); - + return _gnutls_proc_dh_common_client_kx(session, data, _data_size, + NULL); } -int -proc_anon_server_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) +int proc_anon_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { - int ret; /* set auth_info */ - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, - sizeof(anon_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, + sizeof(anon_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } @@ -125,4 +120,4 @@ proc_anon_server_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) return 0; } -#endif /* ENABLE_ANON */ +#endif /* ENABLE_ANON */ diff --git a/lib/auth/anon.h b/lib/auth/anon.h index 943fda97c6..3a8db4b5b3 100644 --- a/lib/auth/anon.h +++ b/lib/auth/anon.h @@ -21,11 +21,11 @@ */ #ifndef GNUTLS_LIB_AUTH_ANON_H -# define GNUTLS_LIB_AUTH_ANON_H +#define GNUTLS_LIB_AUTH_ANON_H /* this is not to be included by gnutls_anon.c */ -# include <auth.h> -# include <auth/dh_common.h> +#include <auth.h> +#include <auth/dh_common.h> typedef struct gnutls_anon_server_credentials_st { gnutls_dh_params_t dh_params; @@ -49,4 +49,4 @@ typedef struct anon_auth_info_st { typedef struct anon_auth_info_st anon_auth_info_st; -#endif /* GNUTLS_LIB_AUTH_ANON_H */ +#endif /* GNUTLS_LIB_AUTH_ANON_H */ diff --git a/lib/auth/anon_ecdh.c b/lib/auth/anon_ecdh.c index 8564532d73..caf26bbe1b 100644 --- a/lib/auth/anon_ecdh.c +++ b/lib/auth/anon_ecdh.c @@ -29,15 +29,15 @@ #if defined(ENABLE_ANON) && defined(ENABLE_ECDHE) -# include "auth.h" -# include "errors.h" -# include "dh.h" -# include "auth/anon.h" -# include "num.h" -# include "mpi.h" -# include <state.h> -# include <auth/ecdhe.h> -# include <ext/supported_groups.h> +#include "auth.h" +#include "errors.h" +#include "dh.h" +#include "auth/anon.h" +#include "num.h" +#include "mpi.h" +#include <state.h> +#include <auth/ecdhe.h> +#include <ext/supported_groups.h> static int gen_anon_ecdh_server_kx(gnutls_session_t, gnutls_buffer_st *); static int proc_anon_ecdh_client_kx(gnutls_session_t, uint8_t *, size_t); @@ -48,41 +48,39 @@ const mod_auth_st anon_ecdh_auth_struct = { NULL, NULL, gen_anon_ecdh_server_kx, - _gnutls_gen_ecdh_common_client_kx, /* this can be shared */ + _gnutls_gen_ecdh_common_client_kx, /* this can be shared */ NULL, NULL, NULL, - NULL, /* certificate */ + NULL, /* certificate */ proc_anon_ecdh_server_kx, proc_anon_ecdh_client_kx, NULL, NULL }; -static int -gen_anon_ecdh_server_kx(gnutls_session_t session, gnutls_buffer_st * data) +static int gen_anon_ecdh_server_kx(gnutls_session_t session, + gnutls_buffer_st *data) { int ret; gnutls_anon_server_credentials_t cred; - cred = (gnutls_anon_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_ANON); + cred = (gnutls_anon_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_ANON); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, - sizeof(anon_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, + sizeof(anon_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } - ret = - _gnutls_ecdh_common_print_server_kx(session, data, - get_group(session)); + ret = _gnutls_ecdh_common_print_server_kx(session, data, + get_group(session)); if (ret < 0) { gnutls_assert(); } @@ -90,35 +88,30 @@ gen_anon_ecdh_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } -static int -proc_anon_ecdh_client_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int proc_anon_ecdh_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { gnutls_anon_server_credentials_t cred; - cred = (gnutls_anon_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_ANON); + cred = (gnutls_anon_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_ANON); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - return _gnutls_proc_ecdh_common_client_kx(session, data, - _data_size, + return _gnutls_proc_ecdh_common_client_kx(session, data, _data_size, get_group(session), NULL); } -int -proc_anon_ecdh_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +int proc_anon_ecdh_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { - int ret; /* set auth_info */ - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, - sizeof(anon_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_ANON, + sizeof(anon_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } @@ -132,4 +125,4 @@ proc_anon_ecdh_server_kx(gnutls_session_t session, uint8_t * data, return 0; } -#endif /* ENABLE_ANON */ +#endif /* ENABLE_ANON */ diff --git a/lib/auth/cert.c b/lib/auth/cert.c index 8b484c1380..d331d44055 100644 --- a/lib/auth/cert.c +++ b/lib/auth/cert.c @@ -47,17 +47,19 @@ #include "abstract_int.h" #include "debug.h" -static void -selected_certs_set(gnutls_session_t session, - gnutls_pcert_st * certs, int ncerts, - gnutls_ocsp_data_st * ocsp, unsigned nocsp, - gnutls_privkey_t key, int need_free, - gnutls_status_request_ocsp_func ocsp_func, - void *ocsp_func_ptr); +static void selected_certs_set(gnutls_session_t session, gnutls_pcert_st *certs, + int ncerts, gnutls_ocsp_data_st *ocsp, + unsigned nocsp, gnutls_privkey_t key, + int need_free, + gnutls_status_request_ocsp_func ocsp_func, + void *ocsp_func_ptr); #define MAX_CLIENT_SIGN_ALGOS 5 -#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS+1) -typedef enum CertificateSigType { RSA_SIGN = 1, DSA_SIGN = 2, ECDSA_SIGN = 64, +#define CERTTYPE_SIZE (MAX_CLIENT_SIGN_ALGOS + 1) +typedef enum CertificateSigType { + RSA_SIGN = 1, + DSA_SIGN = 2, + ECDSA_SIGN = 64, #ifdef ENABLE_GOST GOSTR34102012_256_SIGN = 67, GOSTR34102012_512_SIGN = 68 @@ -78,7 +80,7 @@ enum CertificateSigTypeFlags { * another internal certificate struct (cert_auth_info_t), and deinitializes * the former. */ -int _gnutls_pcert_to_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, +int _gnutls_pcert_to_auth_info(cert_auth_info_t info, gnutls_pcert_st *certs, size_t ncerts) { size_t i, j; @@ -96,7 +98,7 @@ int _gnutls_pcert_to_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, } info->raw_certificate_list = - gnutls_calloc(ncerts, sizeof(gnutls_datum_t)); + gnutls_calloc(ncerts, sizeof(gnutls_datum_t)); if (info->raw_certificate_list == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -119,10 +121,9 @@ int _gnutls_pcert_to_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, /* returns 0 if the algo_to-check exists in the pk_algos list, * -1 otherwise. */ -inline static int -check_pk_algo_in_list(const gnutls_pk_algorithm_t * - pk_algos, int pk_algos_length, - gnutls_pk_algorithm_t algo_to_check) +inline static int check_pk_algo_in_list(const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length, + gnutls_pk_algorithm_t algo_to_check) { int i; for (i = 0; i < pk_algos_length; i++) { @@ -136,14 +137,15 @@ check_pk_algo_in_list(const gnutls_pk_algorithm_t * /* Returns the issuer's Distinguished name in odn, of the certificate * specified in cert. */ -static int cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn) +static int cert_get_issuer_dn(gnutls_pcert_st *cert, gnutls_datum_t *odn) { asn1_node dn; int len, result; int start, end; - if ((result = asn1_create_element - (_gnutls_get_pkix(), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS) { + if ((result = asn1_create_element(_gnutls_get_pkix(), + "PKIX1.Certificate", &dn)) != + ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -156,10 +158,10 @@ static int cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn) return _gnutls_asn2err(result); } - result = - asn1_der_decoding_startEnd(dn, cert->cert.data, - cert->cert.size, - "tbsCertificate.issuer", &start, &end); + result = asn1_der_decoding_startEnd(dn, cert->cert.data, + cert->cert.size, + "tbsCertificate.issuer", &start, + &end); if (result != ASN1_SUCCESS) { /* couldn't decode DER */ @@ -183,12 +185,11 @@ static int cert_get_issuer_dn(gnutls_pcert_st * cert, gnutls_datum_t * odn) * That is to guess which certificate to use, based on the * CAs and sign algorithms supported by the peer server. */ -static int -find_x509_client_cert(gnutls_session_t session, - const gnutls_certificate_credentials_t cred, - const uint8_t * _data, size_t _data_size, - const gnutls_pk_algorithm_t * pk_algos, - int pk_algos_length, int *indx) +static int find_x509_client_cert(gnutls_session_t session, + const gnutls_certificate_credentials_t cred, + const uint8_t *_data, size_t _data_size, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length, int *indx) { unsigned size; gnutls_datum_t odn = { NULL, 0 }, asked_dn; @@ -204,21 +205,18 @@ find_x509_client_cert(gnutls_session_t session, * then send that one. */ if (cred->ncerts == 1 && - (data_size == 0 - || (session->internals.flags & GNUTLS_FORCE_CLIENT_CERT))) { + (data_size == 0 || + (session->internals.flags & GNUTLS_FORCE_CLIENT_CERT))) { if (cred->certs[0].cert_list[0].type == GNUTLS_CRT_X509) { - - key_usage = - get_key_usage(session, - cred->certs[0].cert_list[0].pubkey); + key_usage = get_key_usage( + session, cred->certs[0].cert_list[0].pubkey); /* For client certificates we require signatures */ - result = - _gnutls_check_key_usage_for_sig(session, key_usage, - 1); + result = _gnutls_check_key_usage_for_sig(session, + key_usage, 1); if (result < 0) { - _gnutls_debug_log - ("Client certificate is not suitable for signing\n"); + _gnutls_debug_log( + "Client certificate is not suitable for signing\n"); return gnutls_assert_val(result); } @@ -239,10 +237,9 @@ find_x509_client_cert(gnutls_session_t session, for (i = 0; i < cred->ncerts; i++) { for (j = 0; j < cred->certs[i].cert_list_length; j++) { - if ((result = - cert_get_issuer_dn(&cred->certs - [i].cert_list - [j], &odn)) < 0) { + if ((result = cert_get_issuer_dn( + &cred->certs[i].cert_list[j], + &odn)) < 0) { gnutls_assert(); return result; } @@ -250,16 +247,15 @@ find_x509_client_cert(gnutls_session_t session, if (odn.size == 0 || odn.size != asked_dn.size) continue; - key_usage = - get_key_usage(session, - cred->certs[i]. - cert_list[0].pubkey); + key_usage = get_key_usage( + session, + cred->certs[i].cert_list[0].pubkey); /* For client certificates we require signatures */ - if (_gnutls_check_key_usage_for_sig - (session, key_usage, 1) < 0) { - _gnutls_debug_log - ("Client certificate is not suitable for signing\n"); + if (_gnutls_check_key_usage_for_sig( + session, key_usage, 1) < 0) { + _gnutls_debug_log( + "Client certificate is not suitable for signing\n"); continue; } @@ -267,19 +263,15 @@ find_x509_client_cert(gnutls_session_t session, * the *_SIGN algorithm matches * the cert is our cert! */ - cert_pk = - gnutls_pubkey_get_pk_algorithm(cred->certs - [i].cert_list - [0].pubkey, - NULL); - - if ((memcmp - (odn.data, asked_dn.data, - asked_dn.size) == 0) - && - (check_pk_algo_in_list - (pk_algos, pk_algos_length, - cert_pk) == 0)) { + cert_pk = gnutls_pubkey_get_pk_algorithm( + cred->certs[i].cert_list[0].pubkey, + NULL); + + if ((memcmp(odn.data, asked_dn.data, + asked_dn.size) == 0) && + (check_pk_algo_in_list(pk_algos, + pk_algos_length, + cert_pk) == 0)) { *indx = i; break; } @@ -293,11 +285,9 @@ find_x509_client_cert(gnutls_session_t session, /* move to next record */ data += size; - } - while (1); + } while (1); return 0; - } /* Locates the first raw public-key. @@ -305,11 +295,10 @@ find_x509_client_cert(gnutls_session_t session, * Associating more raw pubkeys with a session has no use because we * don't know how to select the correct one. */ -static int -find_rawpk_client_cert(gnutls_session_t session, - const gnutls_certificate_credentials_t cred, - const gnutls_pk_algorithm_t * pk_algos, - int pk_algos_length, int *indx) +static int find_rawpk_client_cert(gnutls_session_t session, + const gnutls_certificate_credentials_t cred, + const gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length, int *indx) { unsigned i; int ret; @@ -321,33 +310,31 @@ find_rawpk_client_cert(gnutls_session_t session, /* We know that our list length will be 1, therefore we can * ignore the rest. */ - if (cred->certs[i].cert_list_length == 1 - && cred->certs[i].cert_list[0].type == GNUTLS_CRT_RAWPK) { - pk = gnutls_pubkey_get_pk_algorithm(cred-> - certs[i].cert_list - [0].pubkey, NULL); + if (cred->certs[i].cert_list_length == 1 && + cred->certs[i].cert_list[0].type == GNUTLS_CRT_RAWPK) { + pk = gnutls_pubkey_get_pk_algorithm( + cred->certs[i].cert_list[0].pubkey, NULL); /* For client certificates we require signatures */ - ret = - _gnutls_check_key_usage_for_sig(session, - get_key_usage - (session, - cred-> - certs[i].cert_list - [0].pubkey), 1); + ret = _gnutls_check_key_usage_for_sig( + session, + get_key_usage( + session, + cred->certs[i].cert_list[0].pubkey), + 1); if (ret < 0) { /* we return an error instead of skipping so that the user is notified about * the key incompatibility */ - _gnutls_debug_log - ("Client certificate is not suitable for signing\n"); + _gnutls_debug_log( + "Client certificate is not suitable for signing\n"); return gnutls_assert_val(ret); } /* Check whether the public-key algorithm of our credential is in * the list with supported public-key algorithms and whether the * cert type matches. */ - if ((check_pk_algo_in_list - (pk_algos, pk_algos_length, pk) == 0)) { + if ((check_pk_algo_in_list(pk_algos, pk_algos_length, + pk) == 0)) { // We found a compatible credential *indx = i; break; @@ -361,9 +348,8 @@ find_rawpk_client_cert(gnutls_session_t session, /* Returns the number of issuers in the server's * certificate request packet. */ -static int -get_issuers_num(gnutls_session_t session, const uint8_t * data, - ssize_t data_size) +static int get_issuers_num(gnutls_session_t session, const uint8_t *data, + ssize_t data_size) { int issuers_dn_len = 0; unsigned size; @@ -400,10 +386,8 @@ get_issuers_num(gnutls_session_t session, const uint8_t * data, /* Returns the issuers in the server's certificate request * packet. */ -static int -get_issuers(gnutls_session_t session, - gnutls_datum_t * issuers_dn, int issuers_len, - const uint8_t * data, size_t data_size) +static int get_issuers(gnutls_session_t session, gnutls_datum_t *issuers_dn, + int issuers_len, const uint8_t *data, size_t data_size) { int i; unsigned size; @@ -416,7 +400,6 @@ get_issuers(gnutls_session_t session, * of X509 certificates. */ if (issuers_len > 0) { - for (i = 0; i < issuers_len; i++) { /* The checks here for the buffer boundaries * are not needed since the buffer has been @@ -442,11 +425,11 @@ get_issuers(gnutls_session_t session, /* Calls the client or server certificate get callback. */ -static int -call_get_cert_callback(gnutls_session_t session, - const gnutls_datum_t * issuers_dn, - int issuers_dn_length, - gnutls_pk_algorithm_t * pk_algos, int pk_algos_length) +static int call_get_cert_callback(gnutls_session_t session, + const gnutls_datum_t *issuers_dn, + int issuers_dn_length, + gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length) { gnutls_privkey_t local_key = NULL; int ret = GNUTLS_E_INTERNAL_ERROR; @@ -457,8 +440,8 @@ call_get_cert_callback(gnutls_session_t session, unsigned int ocsp_length = 0; unsigned int pcert_length = 0; - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -480,11 +463,10 @@ call_get_cert_callback(gnutls_session_t session, info.cred = cred; /* we avoid all allocations and transformations */ - ret = - cred->get_cert_callback3(session, &info, - &pcert, &pcert_length, - &ocsp, &ocsp_length, - &local_key, &flags); + ret = cred->get_cert_callback3(session, &info, &pcert, + &pcert_length, &ocsp, + &ocsp_length, &local_key, + &flags); if (ret < 0) return gnutls_assert_val(GNUTLS_E_USER_ERROR); @@ -496,12 +478,11 @@ call_get_cert_callback(gnutls_session_t session, local_key = NULL; } - selected_certs_set(session, pcert, pcert_length, - ocsp, ocsp_length, - local_key, - (flags & GNUTLS_CERT_RETR_DEINIT_ALL) ? 1 : - 0, cred->glob_ocsp_func, - cred->glob_ocsp_func_ptr); + selected_certs_set( + session, pcert, pcert_length, ocsp, ocsp_length, + local_key, + (flags & GNUTLS_CERT_RETR_DEINIT_ALL) ? 1 : 0, + cred->glob_ocsp_func, cred->glob_ocsp_func_ptr); return 0; } else { @@ -516,11 +497,10 @@ call_get_cert_callback(gnutls_session_t session, * 20020128: added ability to select a certificate depending on the SIGN * algorithm (only in automatic mode). */ -int -_gnutls_select_client_cert(gnutls_session_t session, - const uint8_t * _data, size_t _data_size, - gnutls_pk_algorithm_t * pk_algos, - int pk_algos_length) +int _gnutls_select_client_cert(gnutls_session_t session, const uint8_t *_data, + size_t _data_size, + gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length) { int result; int indx = -1; @@ -531,8 +511,8 @@ _gnutls_select_client_cert(gnutls_session_t session, gnutls_datum_t *issuers_dn = NULL; gnutls_certificate_type_t cert_type; - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -541,12 +521,11 @@ _gnutls_select_client_cert(gnutls_session_t session, cert_type = get_certificate_type(session, GNUTLS_CTYPE_CLIENT); if (cred->get_cert_callback3 != NULL) { - /* use a callback to get certificate */ if (cert_type == GNUTLS_CRT_X509) { issuers_dn_length = - get_issuers_num(session, data, data_size); + get_issuers_num(session, data, data_size); if (issuers_dn_length < 0) { gnutls_assert(); return issuers_dn_length; @@ -554,17 +533,16 @@ _gnutls_select_client_cert(gnutls_session_t session, if (issuers_dn_length > 0) { issuers_dn = - gnutls_malloc(sizeof(gnutls_datum_t) * - issuers_dn_length); + gnutls_malloc(sizeof(gnutls_datum_t) * + issuers_dn_length); if (issuers_dn == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - result = - get_issuers(session, issuers_dn, - issuers_dn_length, data, - data_size); + result = get_issuers(session, issuers_dn, + issuers_dn_length, data, + data_size); if (result < 0) { gnutls_assert(); goto cleanup; @@ -574,10 +552,9 @@ _gnutls_select_client_cert(gnutls_session_t session, issuers_dn_length = 0; } - result = - call_get_cert_callback(session, issuers_dn, - issuers_dn_length, pk_algos, - pk_algos_length); + result = call_get_cert_callback(session, issuers_dn, + issuers_dn_length, pk_algos, + pk_algos_length); goto cleanup; } else { @@ -590,8 +567,7 @@ _gnutls_select_client_cert(gnutls_session_t session, pk_algos_length, &indx); break; case GNUTLS_CRT_RAWPK: - result = find_rawpk_client_cert(session, cred, - pk_algos, + result = find_rawpk_client_cert(session, cred, pk_algos, pk_algos_length, &indx); break; default: @@ -609,25 +585,24 @@ _gnutls_select_client_cert(gnutls_session_t session, cred->certs[indx].cert_list_length, cred->certs[indx].ocsp_data, cred->certs[indx].ocsp_data_length, - cred->certs[indx].pkey, 0, - NULL, NULL); + cred->certs[indx].pkey, 0, NULL, + NULL); } else { - selected_certs_set(session, NULL, 0, NULL, 0, - NULL, 0, NULL, NULL); + selected_certs_set(session, NULL, 0, NULL, 0, NULL, 0, + NULL, NULL); } result = 0; } - cleanup: +cleanup: gnutls_free(issuers_dn); return result; - } /* Generate certificate message */ -static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) +static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st *data) { int ret, i; gnutls_pcert_st *apr_cert_list; @@ -637,9 +612,9 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) /* find the appropriate certificate */ - if ((ret = - _gnutls_get_selected_cert(session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) { + if ((ret = _gnutls_get_selected_cert(session, &apr_cert_list, + &apr_cert_list_length, + &apr_pkey)) < 0) { gnutls_assert(); return ret; } @@ -665,12 +640,9 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) return gnutls_assert_val(ret); for (i = 0; i < apr_cert_list_length; i++) { - ret = - _gnutls_buffer_append_data_prefix(data, 24, - apr_cert_list[i]. - cert.data, - apr_cert_list[i]. - cert.size); + ret = _gnutls_buffer_append_data_prefix( + data, 24, apr_cert_list[i].cert.data, + apr_cert_list[i].cert.size); if (ret < 0) return gnutls_assert_val(ret); } @@ -683,7 +655,7 @@ static int gen_x509_crt(gnutls_session_t session, gnutls_buffer_st * data) * * Returns the number of bytes sent or a negative error code. */ -int _gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st * data) +int _gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st *data) { int ret; gnutls_pcert_st *apr_cert_list; @@ -712,11 +684,9 @@ int _gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st * data) if (apr_cert_list_length == 0) { ret = _gnutls_buffer_append_prefix(data, 24, 0); } else { - ret = _gnutls_buffer_append_data_prefix(data, 24, - apr_cert_list[0]. - cert.data, - apr_cert_list[0]. - cert.size); + ret = _gnutls_buffer_append_data_prefix( + data, 24, apr_cert_list[0].cert.data, + apr_cert_list[0].cert.size); } if (ret < 0) @@ -725,8 +695,8 @@ int _gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st * data) return data->length; } -int -_gnutls_gen_cert_client_crt(gnutls_session_t session, gnutls_buffer_st * data) +int _gnutls_gen_cert_client_crt(gnutls_session_t session, + gnutls_buffer_st *data) { gnutls_certificate_type_t cert_type; @@ -743,8 +713,8 @@ _gnutls_gen_cert_client_crt(gnutls_session_t session, gnutls_buffer_st * data) } } -int -_gnutls_gen_cert_server_crt(gnutls_session_t session, gnutls_buffer_st * data) +int _gnutls_gen_cert_server_crt(gnutls_session_t session, + gnutls_buffer_st *data) { gnutls_certificate_type_t cert_type; @@ -761,8 +731,7 @@ _gnutls_gen_cert_server_crt(gnutls_session_t session, gnutls_buffer_st * data) } } -static -int check_pk_compat(gnutls_session_t session, gnutls_pubkey_t pubkey) +static int check_pk_compat(gnutls_session_t session, gnutls_pubkey_t pubkey) { unsigned cert_pk; unsigned kx; @@ -789,10 +758,11 @@ int check_pk_compat(gnutls_session_t session, gnutls_pubkey_t pubkey) /* Process server certificate */ -#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) gnutls_pcert_deinit(&peer_certificate_list[x]) -static int -_gnutls_proc_x509_crt(gnutls_session_t session, - uint8_t * data, size_t data_size) +#define CLEAR_CERTS \ + for (x = 0; x < peer_certificate_list_size; x++) \ + gnutls_pcert_deinit(&peer_certificate_list[x]) +static int _gnutls_proc_x509_crt(gnutls_session_t session, uint8_t *data, + size_t data_size) { int size, len, ret; uint8_t *p = data; @@ -804,16 +774,15 @@ _gnutls_proc_x509_crt(gnutls_session_t session, size_t peer_certificate_list_size = 0, j, x; gnutls_datum_t tmp; - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, - sizeof(cert_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, + sizeof(cert_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } @@ -870,10 +839,8 @@ _gnutls_proc_x509_crt(gnutls_session_t session, * certificate list */ - peer_certificate_list = - gnutls_calloc(1, - sizeof(gnutls_pcert_st) * - (peer_certificate_list_size)); + peer_certificate_list = gnutls_calloc( + 1, sizeof(gnutls_pcert_st) * (peer_certificate_list_size)); if (peer_certificate_list == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; @@ -893,10 +860,9 @@ _gnutls_proc_x509_crt(gnutls_session_t session, tmp.size = len; tmp.data = p; - ret = - gnutls_pcert_import_x509_raw(&peer_certificate_list - [j], &tmp, - GNUTLS_X509_FMT_DER, 0); + ret = gnutls_pcert_import_x509_raw(&peer_certificate_list[j], + &tmp, GNUTLS_X509_FMT_DER, + 0); if (ret < 0) { gnutls_assert(); peer_certificate_list_size = j; @@ -913,10 +879,8 @@ _gnutls_proc_x509_crt(gnutls_session_t session, goto cleanup; } - ret = - _gnutls_pcert_to_auth_info(info, - peer_certificate_list, - peer_certificate_list_size); + ret = _gnutls_pcert_to_auth_info(info, peer_certificate_list, + peer_certificate_list_size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -924,15 +888,14 @@ _gnutls_proc_x509_crt(gnutls_session_t session, return 0; - cleanup: +cleanup: CLEAR_CERTS; gnutls_free(peer_certificate_list); return ret; - } -int _gnutls_proc_rawpk_crt(gnutls_session_t session, - uint8_t * data, size_t data_size) +int _gnutls_proc_rawpk_crt(gnutls_session_t session, uint8_t *data, + size_t data_size) { int cert_size, ret; cert_auth_info_t info; @@ -978,9 +941,8 @@ int _gnutls_proc_rawpk_crt(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); } // Import our raw certificate holding only a raw public key into this pcert - ret = - gnutls_pcert_import_rawpk_raw(peer_certificate, &tmp_cert, - GNUTLS_X509_FMT_DER, 0, 0); + ret = gnutls_pcert_import_rawpk_raw(peer_certificate, &tmp_cert, + GNUTLS_X509_FMT_DER, 0, 0); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1016,7 +978,7 @@ int _gnutls_proc_rawpk_crt(gnutls_session_t session, return GNUTLS_E_SUCCESS; - cleanup: +cleanup: if (peer_certificate != NULL) { gnutls_pcert_deinit(peer_certificate); gnutls_free(peer_certificate); @@ -1025,14 +987,13 @@ int _gnutls_proc_rawpk_crt(gnutls_session_t session, return ret; } -int _gnutls_proc_crt(gnutls_session_t session, uint8_t * data, size_t data_size) +int _gnutls_proc_crt(gnutls_session_t session, uint8_t *data, size_t data_size) { gnutls_certificate_credentials_t cred; gnutls_certificate_type_t cert_type; - cred = - (gnutls_certificate_credentials_t) _gnutls_get_cred(session, - GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -1076,9 +1037,8 @@ inline static int _gnutls_check_supported_sign_algo(CertificateSigType algo) return -1; } -int -_gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data, - size_t data_size) +int _gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t *data, + size_t data_size) { int size, ret; uint8_t *p; @@ -1092,16 +1052,15 @@ _gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data, if (unlikely(ver == NULL)) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, - sizeof(cert_auth_info_st), 0)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_CERTIFICATE, + sizeof(cert_auth_info_st), 0)) < 0) { gnutls_assert(); return ret; } @@ -1161,9 +1120,8 @@ _gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data, /* now we ask the user to tell which one * he wants to use. */ - if ((ret = - _gnutls_select_client_cert(session, p, size, pk_algos, - pk_algos_length)) < 0) { + if ((ret = _gnutls_select_client_cert(session, p, size, pk_algos, + pk_algos_length)) < 0) { gnutls_assert(); return ret; } @@ -1171,9 +1129,8 @@ _gnutls_proc_cert_cert_req(gnutls_session_t session, uint8_t * data, return 0; } -int -_gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session, - gnutls_buffer_st * data) +int _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session, + gnutls_buffer_st *data) { int ret; gnutls_pcert_st *apr_cert_list; @@ -1188,19 +1145,17 @@ _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); /* find the appropriate certificate */ - if ((ret = - _gnutls_get_selected_cert(session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) { + if ((ret = _gnutls_get_selected_cert(session, &apr_cert_list, + &apr_cert_list_length, + &apr_pkey)) < 0) { gnutls_assert(); return ret; } if (apr_cert_list_length > 0) { - if ((ret = - _gnutls_handshake_sign_crt_vrfy(session, - &apr_cert_list[0], - apr_pkey, - &signature)) < 0) { + if ((ret = _gnutls_handshake_sign_crt_vrfy( + session, &apr_cert_list[0], apr_pkey, + &signature)) < 0) { gnutls_assert(); return ret; } @@ -1226,9 +1181,8 @@ _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session, } } - ret = - _gnutls_buffer_append_data_prefix(data, 16, signature.data, - signature.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, signature.data, + signature.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1236,21 +1190,20 @@ _gnutls_gen_cert_client_crt_vrfy(gnutls_session_t session, ret = data->length - init_pos; - cleanup: +cleanup: _gnutls_free_datum(&signature); return ret; } -int -_gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session, - uint8_t * data, size_t data_size) +int _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session, uint8_t *data, + size_t data_size) { int size, ret; ssize_t dsize = data_size; uint8_t *pdata = data; gnutls_datum_t sig; cert_auth_info_t info = - _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); + _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); gnutls_pcert_st peer_cert; gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN; const version_entry_st *ver = get_version(session); @@ -1263,15 +1216,15 @@ _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session, return GNUTLS_E_INTERNAL_ERROR; } - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - vflags = - cred->verify_flags | session->internals.additional_verify_flags; + vflags = cred->verify_flags | + session->internals.additional_verify_flags; if (_gnutls_version_has_selectable_sighash(ver)) { DECR_LEN(dsize, 2); @@ -1286,8 +1239,8 @@ _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session, ret = _gnutls_session_sign_algo_enabled(session, sign_algo); if (ret < 0) - return - gnutls_assert_val(GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); + return gnutls_assert_val( + GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM); DECR_LEN(dsize, 2); size = _gnutls_read_uint16(pdata); @@ -1298,18 +1251,16 @@ _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session, sig.data = pdata; sig.size = size; - ret = _gnutls_get_auth_info_pcert(&peer_cert, - session->security_parameters. - client_ctype, info); + ret = _gnutls_get_auth_info_pcert( + &peer_cert, session->security_parameters.client_ctype, info); if (ret < 0) { gnutls_assert(); return ret; } - if ((ret = - _gnutls_handshake_verify_crt_vrfy(session, vflags, &peer_cert, - &sig, sign_algo)) < 0) { + if ((ret = _gnutls_handshake_verify_crt_vrfy( + session, vflags, &peer_cert, &sig, sign_algo)) < 0) { gnutls_assert(); gnutls_pcert_deinit(&peer_cert); return ret; @@ -1319,9 +1270,8 @@ _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t session, return 0; } -int -_gnutls_gen_cert_server_cert_req(gnutls_session_t session, - gnutls_buffer_st * data) +int _gnutls_gen_cert_server_cert_req(gnutls_session_t session, + gnutls_buffer_st *data) { gnutls_certificate_credentials_t cred; int ret, i; @@ -1338,8 +1288,8 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, * performance. */ - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -1349,9 +1299,10 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, size_t j; flags = 0; - for (j = 0; j < session->internals.priorities->sigalg.size; j++) { + for (j = 0; j < session->internals.priorities->sigalg.size; + j++) { const gnutls_sign_entry_st *se = - session->internals.priorities->sigalg.entry[j]; + session->internals.priorities->sigalg.entry[j]; switch (se->pk) { case GNUTLS_PK_RSA: case GNUTLS_PK_RSA_PSS: @@ -1373,19 +1324,18 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, #endif default: gnutls_assert(); - _gnutls_debug_log - ("%s is unsupported for cert request\n", - gnutls_pk_get_name(se->pk)); + _gnutls_debug_log( + "%s is unsupported for cert request\n", + gnutls_pk_get_name(se->pk)); } } } else { #ifdef ENABLE_GOST - if (_gnutls_kx_is_vko_gost - (session->security_parameters.cs->kx_algorithm)) { - flags = - GOSTR34102012_256_SIGN_FLAG | - GOSTR34102012_512_SIGN_FLAG; + if (_gnutls_kx_is_vko_gost( + session->security_parameters.cs->kx_algorithm)) { + flags = GOSTR34102012_256_SIGN_FLAG | + GOSTR34102012_512_SIGN_FLAG; } else #endif { @@ -1427,15 +1377,9 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, if (session->security_parameters.client_ctype == GNUTLS_CRT_X509 && session->internals.ignore_rdn_sequence == 0) { - - ret = - _gnutls_buffer_append_data_prefix(data, 16, - cred-> - tlist->x509_rdn_sequence. - data, - cred-> - tlist->x509_rdn_sequence. - size); + ret = _gnutls_buffer_append_data_prefix( + data, 16, cred->tlist->x509_rdn_sequence.data, + cred->tlist->x509_rdn_sequence.size); if (ret < 0) return gnutls_assert_val(ret); } else { @@ -1454,32 +1398,29 @@ _gnutls_gen_cert_server_cert_req(gnutls_session_t session, * It is normal to return 0 with no certificates in client side. * */ -int -_gnutls_get_selected_cert(gnutls_session_t session, - gnutls_pcert_st ** apr_cert_list, - int *apr_cert_list_length, - gnutls_privkey_t * apr_pkey) +int _gnutls_get_selected_cert(gnutls_session_t session, + gnutls_pcert_st **apr_cert_list, + int *apr_cert_list_length, + gnutls_privkey_t *apr_pkey) { if (session->security_parameters.entity == GNUTLS_SERVER) { - *apr_cert_list = session->internals.selected_cert_list; *apr_pkey = session->internals.selected_key; *apr_cert_list_length = - session->internals.selected_cert_list_length; + session->internals.selected_cert_list_length; if (*apr_cert_list_length == 0 || *apr_cert_list == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - } else { /* CLIENT SIDE */ + } else { /* CLIENT SIDE */ /* _gnutls_select_client_cert() must have been called before. */ *apr_cert_list = session->internals.selected_cert_list; *apr_cert_list_length = - session->internals.selected_cert_list_length; + session->internals.selected_cert_list_length; *apr_pkey = session->internals.selected_key; - } return 0; @@ -1490,16 +1431,16 @@ void _gnutls_selected_certs_deinit(gnutls_session_t session) if (session->internals.selected_need_free != 0) { int i; - for (i = 0; - i < session->internals.selected_cert_list_length; i++) { - gnutls_pcert_deinit(&session->internals. - selected_cert_list[i]); + for (i = 0; i < session->internals.selected_cert_list_length; + i++) { + gnutls_pcert_deinit( + &session->internals.selected_cert_list[i]); } gnutls_free(session->internals.selected_cert_list); for (i = 0; i < session->internals.selected_ocsp_length; i++) { - _gnutls_free_datum(&session->internals. - selected_ocsp[i].response); + _gnutls_free_datum( + &session->internals.selected_ocsp[i].response); } gnutls_free(session->internals.selected_ocsp); @@ -1515,13 +1456,12 @@ void _gnutls_selected_certs_deinit(gnutls_session_t session) return; } -static void -selected_certs_set(gnutls_session_t session, - gnutls_pcert_st * certs, int ncerts, - gnutls_ocsp_data_st * ocsp, unsigned nocsp, - gnutls_privkey_t key, int need_free, - gnutls_status_request_ocsp_func ocsp_func, - void *ocsp_func_ptr) +static void selected_certs_set(gnutls_session_t session, gnutls_pcert_st *certs, + int ncerts, gnutls_ocsp_data_st *ocsp, + unsigned nocsp, gnutls_privkey_t key, + int need_free, + gnutls_status_request_ocsp_func ocsp_func, + void *ocsp_func_ptr) { _gnutls_selected_certs_deinit(session); @@ -1538,7 +1478,7 @@ selected_certs_set(gnutls_session_t session, session->internals.selected_ocsp_func_ptr = ocsp_func_ptr; } -static void get_server_name(gnutls_session_t session, uint8_t * name, +static void get_server_name(gnutls_session_t session, uint8_t *name, size_t max_name_size) { int ret, i; @@ -1548,8 +1488,8 @@ static void get_server_name(gnutls_session_t session, uint8_t * name, ret = 0; for (i = 0; !(ret < 0); i++) { max_name = max_name_size; - ret = - gnutls_server_name_get(session, name, &max_name, &type, i); + ret = gnutls_server_name_get(session, name, &max_name, &type, + i); if (ret >= 0 && type == GNUTLS_NAME_DNS) return; } @@ -1571,11 +1511,10 @@ static void get_server_name(gnutls_session_t session, uint8_t * name, * If, in the future, this routine is called at the client then we * need to adapt the implementation accordingly. */ -static -int cert_select_sign_algorithm(gnutls_session_t session, - gnutls_pcert_st * cert, - gnutls_privkey_t pkey, - const gnutls_cipher_suite_entry_st * cs) +static int cert_select_sign_algorithm(gnutls_session_t session, + gnutls_pcert_st *cert, + gnutls_privkey_t pkey, + const gnutls_cipher_suite_entry_st *cs) { gnutls_pubkey_t pubkey = cert->pubkey; gnutls_certificate_type_t cert_type = cert->type; @@ -1597,32 +1536,30 @@ int cert_select_sign_algorithm(gnutls_session_t session, key_usage = get_key_usage(session, pubkey); /* In TLS1.3 we support only signatures; ensure the selected key supports them */ - if (ver->tls13_sem - && _gnutls_check_key_usage_for_sig(session, key_usage, 1) < 0) + if (ver->tls13_sem && + _gnutls_check_key_usage_for_sig(session, key_usage, 1) < 0) return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); - if (!ver->tls13_sem - && !_gnutls_kx_supports_pk_usage(cs->kx_algorithm, pk, key_usage)) { + if (!ver->tls13_sem && + !_gnutls_kx_supports_pk_usage(cs->kx_algorithm, pk, key_usage)) { return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); } - if (!ver->tls13_sem - && _gnutls_kx_encipher_type(cs->kx_algorithm) != CIPHER_SIGN) + if (!ver->tls13_sem && + _gnutls_kx_encipher_type(cs->kx_algorithm) != CIPHER_SIGN) return 0; if (!_gnutls_version_has_selectable_sighash(ver)) { /* For SSL3.0 and TLS1.0 we lie as we cannot express md5-sha1 as * signature algorithm. */ - algo = - gnutls_pk_to_sign(cert->pubkey->params.algo, - GNUTLS_DIG_SHA1); + algo = gnutls_pk_to_sign(cert->pubkey->params.algo, + GNUTLS_DIG_SHA1); gnutls_sign_algorithm_set_server(session, algo); return 0; } - algo = - _gnutls_session_get_sign_algo(session, cert, pkey, 0, - cs->kx_algorithm); + algo = _gnutls_session_get_sign_algo(session, cert, pkey, 0, + cs->kx_algorithm); if (algo == GNUTLS_SIGN_UNKNOWN) return gnutls_assert_val(GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY); @@ -1643,19 +1580,18 @@ int cert_select_sign_algorithm(gnutls_session_t session, * selected certificate will be in session->internals.selected_*. * */ -int -_gnutls_select_server_cert(gnutls_session_t session, - const gnutls_cipher_suite_entry_st * cs) +int _gnutls_select_server_cert(gnutls_session_t session, + const gnutls_cipher_suite_entry_st *cs) { unsigned i, j; int idx, ret; gnutls_certificate_credentials_t cred; char server_name[MAX_CN]; - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { - gnutls_assert(); /* we don't need to select a cert */ + gnutls_assert(); /* we don't need to select a cert */ return 0; } @@ -1670,34 +1606,29 @@ _gnutls_select_server_cert(gnutls_session_t session, return gnutls_assert_val(ret); if (session->internals.selected_cert_list_length == 0) - return - gnutls_assert_val - (GNUTLS_E_INSUFFICIENT_CREDENTIALS); - - if (unlikely - (session->internals.selected_cert_list == NULL)) { - return - gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); + return gnutls_assert_val( + GNUTLS_E_INSUFFICIENT_CREDENTIALS); + + if (unlikely(session->internals.selected_cert_list == + NULL)) { + return gnutls_assert_val( + GNUTLS_E_INTERNAL_ERROR); } - _gnutls_debug_log("Selected (%s) cert\n", - gnutls_pk_get_name(session-> - internals.selected_cert_list - [0].pubkey-> - params.algo)); + _gnutls_debug_log( + "Selected (%s) cert\n", + gnutls_pk_get_name( + session->internals.selected_cert_list[0] + .pubkey->params.algo)); } if (session->internals.selected_key == NULL) - return - gnutls_assert_val - (GNUTLS_E_INSUFFICIENT_CREDENTIALS); + return gnutls_assert_val( + GNUTLS_E_INSUFFICIENT_CREDENTIALS); - ret = cert_select_sign_algorithm(session, - &session-> - internals.selected_cert_list - [0], - session-> - internals.selected_key, cs); + ret = cert_select_sign_algorithm( + session, &session->internals.selected_cert_list[0], + session->internals.selected_key, cs); if (ret < 0) return gnutls_assert_val(ret); @@ -1710,9 +1641,9 @@ _gnutls_select_server_cert(gnutls_session_t session, get_server_name(session, (unsigned char *)server_name, sizeof(server_name)); - _gnutls_handshake_log("HSK[%p]: Requested server name: '%s'\n", - session, server_name); - idx = -1; /* default is use no certificate */ + _gnutls_handshake_log("HSK[%p]: Requested server name: '%s'\n", session, + server_name); + idx = -1; /* default is use no certificate */ /* find certificates that match the requested server_name */ @@ -1721,28 +1652,25 @@ _gnutls_select_server_cert(gnutls_session_t session, for (j = 0; j < cred->ncerts; j++) { i = cred->sorted_cert_idx[j]; - if (cred->certs[i].names != NULL - && _gnutls_str_array_match(cred->certs[i].names, - server_name) != 0) { + if (cred->certs[i].names != NULL && + _gnutls_str_array_match(cred->certs[i].names, + server_name) != 0) { /* if requested algorithms are also compatible select it */ - ret = cert_select_sign_algorithm(session, - &cred->certs - [i].cert_list - [0], - cred-> - certs[i].pkey, - cs); + ret = cert_select_sign_algorithm( + session, &cred->certs[i].cert_list[0], + cred->certs[i].pkey, cs); if (ret >= 0) { idx = i; - _gnutls_debug_log - ("Selected (%s) cert based on ciphersuite %x.%x: %s\n", - gnutls_pk_get_name(cred->certs - [i].cert_list - [0].pubkey-> - params.algo), - (unsigned)cs->id[0], - (unsigned)cs->id[1], cs->name); + _gnutls_debug_log( + "Selected (%s) cert based on ciphersuite %x.%x: %s\n", + gnutls_pk_get_name( + cred->certs[i] + .cert_list[0] + .pubkey->params + .algo), + (unsigned)cs->id[0], + (unsigned)cs->id[1], cs->name); /* found */ goto finished; } @@ -1754,25 +1682,27 @@ _gnutls_select_server_cert(gnutls_session_t session, for (j = 0; j < cred->ncerts; j++) { i = cred->sorted_cert_idx[j]; - _gnutls_handshake_log - ("HSK[%p]: checking compat of %s with certificate[%d] (%s/%s)\n", - session, cs->name, i, - gnutls_pk_get_name(cred->certs[i].cert_list[0].pubkey-> - params.algo), - gnutls_certificate_type_get_name(cred->certs[i]. - cert_list[0].type)); + _gnutls_handshake_log( + "HSK[%p]: checking compat of %s with certificate[%d] (%s/%s)\n", + session, cs->name, i, + gnutls_pk_get_name( + cred->certs[i].cert_list[0].pubkey->params.algo), + gnutls_certificate_type_get_name( + cred->certs[i].cert_list[0].type)); ret = cert_select_sign_algorithm(session, &cred->certs[i].cert_list[0], cred->certs[i].pkey, cs); if (ret >= 0) { idx = i; - _gnutls_debug_log - ("Selected (%s) cert based on ciphersuite %x.%x: %s\n", - gnutls_pk_get_name(cred->certs[i]. - cert_list[0].pubkey->params. - algo), (unsigned)cs->id[0], - (unsigned)cs->id[1], cs->name); + _gnutls_debug_log( + "Selected (%s) cert based on ciphersuite %x.%x: %s\n", + gnutls_pk_get_name( + cred->certs[i] + .cert_list[0] + .pubkey->params.algo), + (unsigned)cs->id[0], (unsigned)cs->id[1], + cs->name); /* found */ goto finished; } @@ -1781,7 +1711,7 @@ _gnutls_select_server_cert(gnutls_session_t session, /* store the certificate pointer for future use, in the handshake. * (This will allow not calling this callback again.) */ - finished: +finished: if (idx >= 0) { gnutls_status_request_ocsp_func ocsp_func = NULL; void *ocsp_ptr = NULL; @@ -1799,12 +1729,10 @@ _gnutls_select_server_cert(gnutls_session_t session, ocsp_ptr = cred->certs[idx].ocsp_func_ptr; } - selected_certs_set(session, - &cred->certs[idx].cert_list[0], - cred->certs[idx].cert_list_length, - ocsp, nocsp, - cred->certs[idx].pkey, 0, - ocsp_func, ocsp_ptr); + selected_certs_set(session, &cred->certs[idx].cert_list[0], + cred->certs[idx].cert_list_length, ocsp, + nocsp, cred->certs[idx].pkey, 0, ocsp_func, + ocsp_ptr); } else { /* Certificate does not support REQUESTED_ALGO. */ return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); @@ -1813,9 +1741,8 @@ _gnutls_select_server_cert(gnutls_session_t session, return 0; } -int _gnutls_gen_dhe_signature(gnutls_session_t session, - gnutls_buffer_st * data, uint8_t * plain, - unsigned plain_size) +int _gnutls_gen_dhe_signature(gnutls_session_t session, gnutls_buffer_st *data, + uint8_t *plain, unsigned plain_size) { gnutls_pcert_st *apr_cert_list; gnutls_privkey_t apr_pkey; @@ -1832,25 +1759,23 @@ int _gnutls_gen_dhe_signature(gnutls_session_t session, ddata.size = plain_size; /* find the appropriate certificate */ - if ((ret = - _gnutls_get_selected_cert(session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) { + if ((ret = _gnutls_get_selected_cert(session, &apr_cert_list, + &apr_cert_list_length, + &apr_pkey)) < 0) { gnutls_assert(); return ret; } if (apr_cert_list_length > 0) { - if ((ret = - _gnutls_handshake_sign_data(session, - &apr_cert_list[0], - apr_pkey, &ddata, - &signature, &sign_algo)) < 0) { + if ((ret = _gnutls_handshake_sign_data( + session, &apr_cert_list[0], apr_pkey, &ddata, + &signature, &sign_algo)) < 0) { gnutls_assert(); goto cleanup; } } else { gnutls_assert(); - ret = 0; /* ANON-DH, do not put a signature - ILLEGAL! */ + ret = 0; /* ANON-DH, do not put a signature - ILLEGAL! */ goto cleanup; } @@ -1880,29 +1805,27 @@ int _gnutls_gen_dhe_signature(gnutls_session_t session, } } - ret = - _gnutls_buffer_append_data_prefix(data, 16, signature.data, - signature.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, signature.data, + signature.size); if (ret < 0) { gnutls_assert(); } ret = 0; - cleanup: +cleanup: _gnutls_free_datum(&signature); return ret; } -int -_gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data, - size_t _data_size, gnutls_datum_t * vparams) +int _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t *data, + size_t _data_size, gnutls_datum_t *vparams) { int sigsize; gnutls_datum_t signature; int ret; cert_auth_info_t info = - _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); + _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); ssize_t data_size = _data_size; gnutls_pcert_st peer_cert; gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN; @@ -1917,15 +1840,15 @@ _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data, return GNUTLS_E_INTERNAL_ERROR; } - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - vflags = - cred->verify_flags | session->internals.additional_verify_flags; + vflags = cred->verify_flags | + session->internals.additional_verify_flags; /* VERIFY SIGNATURE */ if (_gnutls_version_has_selectable_sighash(ver)) { @@ -1955,15 +1878,14 @@ _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data, // Retrieve the negotiated certificate type cert_type = get_certificate_type(session, GNUTLS_CTYPE_SERVER); - if ((ret = - _gnutls_get_auth_info_pcert(&peer_cert, cert_type, info)) < 0) { + if ((ret = _gnutls_get_auth_info_pcert(&peer_cert, cert_type, info)) < + 0) { gnutls_assert(); return ret; } - ret = - _gnutls_handshake_verify_data(session, vflags, &peer_cert, vparams, - &signature, sign_algo); + ret = _gnutls_handshake_verify_data(session, vflags, &peer_cert, + vparams, &signature, sign_algo); gnutls_pcert_deinit(&peer_cert); if (ret < 0) { diff --git a/lib/auth/cert.h b/lib/auth/cert.h index d571526c3f..aec0bc327e 100644 --- a/lib/auth/cert.h +++ b/lib/auth/cert.h @@ -22,17 +22,17 @@ */ #ifndef GNUTLS_LIB_AUTH_CERT_H -# define GNUTLS_LIB_AUTH_CERT_H +#define GNUTLS_LIB_AUTH_CERT_H -# include "auth.h" -# include <auth/dh_common.h> -# include <x509/x509_int.h> -# include <gnutls/abstract.h> -# include <gnutls/compat.h> -# include <str_array.h> -# include "abstract_int.h" +#include "auth.h" +#include <auth/dh_common.h> +#include <x509/x509_int.h> +#include <gnutls/abstract.h> +#include <gnutls/compat.h> +#include <str_array.h> +#include "abstract_int.h" -# define MAX_OCSP_RESPONSES 8 +#define MAX_OCSP_RESPONSES 8 /* We use the structure below to hold a certificate chain * with corresponding public/private key pair. This structure will @@ -41,12 +41,12 @@ * the list length is always 1. */ typedef struct { - gnutls_pcert_st *cert_list; /* a certificate chain */ - unsigned int cert_list_length; /* its length */ - gnutls_str_array_t names; /* the names in the first certificate */ + gnutls_pcert_st *cert_list; /* a certificate chain */ + unsigned int cert_list_length; /* its length */ + gnutls_str_array_t names; /* the names in the first certificate */ gnutls_status_request_ocsp_func ocsp_func; - void *ocsp_func_ptr; /* corresponding OCSP response function + ptr */ + void *ocsp_func_ptr; /* corresponding OCSP response function + ptr */ gnutls_ocsp_data_st ocsp_data[MAX_OCSP_RESPONSES]; unsigned int ocsp_data_length; @@ -60,8 +60,8 @@ typedef struct { */ typedef struct gnutls_certificate_credentials_st { gnutls_dh_params_t dh_params; - unsigned deinit_dh_params; /* if the internal values are set */ - gnutls_sec_param_t dh_sec_param; /* used in RFC7919 negotiation */ + unsigned deinit_dh_params; /* if the internal values are set */ + gnutls_sec_param_t dh_sec_param; /* used in RFC7919 negotiation */ /* this callback is used to retrieve the DH or RSA * parameters. @@ -69,7 +69,7 @@ typedef struct gnutls_certificate_credentials_st { gnutls_params_function *params_func; certs_st *certs; - unsigned ncerts; /* the number of certs */ + unsigned ncerts; /* the number of certs */ /* contains sorted index values for certs. Sorted in a way * that RSA-PSS keys always take precedence over plain RSA keys @@ -80,8 +80,8 @@ typedef struct gnutls_certificate_credentials_st { /* X509 specific stuff */ gnutls_x509_trust_list_t tlist; - unsigned flags; /* gnutls_certificate_flags */ - unsigned int verify_flags; /* flags to be used at + unsigned flags; /* gnutls_certificate_flags */ + unsigned int verify_flags; /* flags to be used at * certificate verification. */ unsigned int verify_depth; @@ -89,7 +89,7 @@ typedef struct gnutls_certificate_credentials_st { /* It's a mess here. However we need to keep the old 3 functions * for compatibility */ - gnutls_certificate_retrieve_function *legacy_cert_cb1; /* deprecated */ + gnutls_certificate_retrieve_function *legacy_cert_cb1; /* deprecated */ gnutls_certificate_retrieve_function2 *legacy_cert_cb2; gnutls_certificate_retrieve_function3 *get_cert_callback3; @@ -101,7 +101,7 @@ typedef struct gnutls_certificate_credentials_st { /* OCSP */ gnutls_status_request_ocsp_func glob_ocsp_func; - void *glob_ocsp_func_ptr; /* corresponding OCSP response function */ + void *glob_ocsp_func_ptr; /* corresponding OCSP response function */ /* This is only used by server to indicate whether this * credentials can be used for signing in TLS 1.3. */ @@ -141,53 +141,50 @@ int _gnutls_proc_cert_cert_req(gnutls_session_t, uint8_t *, size_t); int _gnutls_proc_cert_client_crt_vrfy(gnutls_session_t, uint8_t *, size_t); int _gnutls_proc_crt(gnutls_session_t, uint8_t *, size_t); int _gnutls_get_selected_cert(gnutls_session_t session, - gnutls_pcert_st ** apr_cert_list, + gnutls_pcert_st **apr_cert_list, int *apr_cert_list_length, - gnutls_privkey_t * apr_pkey); + gnutls_privkey_t *apr_pkey); -int -_gnutls_select_client_cert(gnutls_session_t session, - const uint8_t * _data, size_t _data_size, - gnutls_pk_algorithm_t * pk_algos, - int pk_algos_length); +int _gnutls_select_client_cert(gnutls_session_t session, const uint8_t *_data, + size_t _data_size, + gnutls_pk_algorithm_t *pk_algos, + int pk_algos_length); -int _gnutls_pcert_to_auth_info(cert_auth_info_t info, gnutls_pcert_st * certs, +int _gnutls_pcert_to_auth_info(cert_auth_info_t info, gnutls_pcert_st *certs, size_t ncerts); -int -_gnutls_select_server_cert(gnutls_session_t session, - const gnutls_cipher_suite_entry_st * cs); +int _gnutls_select_server_cert(gnutls_session_t session, + const gnutls_cipher_suite_entry_st *cs); void _gnutls_selected_certs_deinit(gnutls_session_t session); -int _gnutls_get_auth_info_pcert(gnutls_pcert_st * gcert, +int _gnutls_get_auth_info_pcert(gnutls_pcert_st *gcert, gnutls_certificate_type_t type, cert_auth_info_t info); int _gnutls_selected_cert_supported_kx(struct gnutls_session_int *session, - gnutls_kx_algorithm_t * alg, + gnutls_kx_algorithm_t *alg, int *alg_size); int _gnutls_check_key_cert_match(gnutls_certificate_credentials_t res); -int _gnutls_gen_dhe_signature(gnutls_session_t session, - gnutls_buffer_st * data, uint8_t * plain, - unsigned plain_size); -int _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t * data, - size_t _data_size, gnutls_datum_t * vparams); +int _gnutls_gen_dhe_signature(gnutls_session_t session, gnutls_buffer_st *data, + uint8_t *plain, unsigned plain_size); +int _gnutls_proc_dhe_signature(gnutls_session_t session, uint8_t *data, + size_t _data_size, gnutls_datum_t *vparams); -int _gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st * data); -int _gnutls_proc_rawpk_crt(gnutls_session_t session, - uint8_t * data, size_t data_size); +int _gnutls_gen_rawpk_crt(gnutls_session_t session, gnutls_buffer_st *data); +int _gnutls_proc_rawpk_crt(gnutls_session_t session, uint8_t *data, + size_t data_size); inline static unsigned get_key_usage(gnutls_session_t session, gnutls_pubkey_t pubkey) { if (unlikely(session->internals.priorities && - session->internals. - priorities->allow_server_key_usage_violation)) + session->internals.priorities + ->allow_server_key_usage_violation)) return 0; else return pubkey->key_usage; } -#endif /* GNUTLS_LIB_AUTH_CERT_H */ +#endif /* GNUTLS_LIB_AUTH_CERT_H */ diff --git a/lib/auth/dh_common.c b/lib/auth/dh_common.c index e5f8930402..925e98c5d4 100644 --- a/lib/auth/dh_common.c +++ b/lib/auth/dh_common.c @@ -43,7 +43,7 @@ /* Frees the dh_info_st structure. */ -void _gnutls_free_dh_info(dh_info_st * dh) +void _gnutls_free_dh_info(dh_info_st *dh) { dh->secret_bits = 0; _gnutls_free_datum(&dh->prime); @@ -51,10 +51,8 @@ void _gnutls_free_dh_info(dh_info_st * dh) _gnutls_free_datum(&dh->public_key); } -int -_gnutls_proc_dh_common_client_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size, - gnutls_datum_t * psk_key) +int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size, gnutls_datum_t *psk_key) { uint16_t n_Y; size_t _n_Y; @@ -74,10 +72,10 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, if (data_size != 0) return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); - if (_gnutls_mpi_init_scan_nz - (&session->key.proto.tls12.dh.client_Y, &data[2], _n_Y)) { + if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y, + &data[2], _n_Y)) { gnutls_assert(); - return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */ + return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; /* most likely zero or illegal size */ } _gnutls_dh_set_peer_public(session, @@ -86,9 +84,8 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y; /* calculate the key after calculating the message */ - ret = - _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, - &session->key.proto.tls12.dh.params, &peer_pub); + ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, + &session->key.proto.tls12.dh.params, &peer_pub); if (ret < 0) { gnutls_assert(); goto error; @@ -97,9 +94,9 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, if (psk_key == NULL) { session->key.key.data = tmp_dh_key.data; session->key.key.size = tmp_dh_key.size; - } else { /* In DHE_PSK the key is set differently */ - ret = - _gnutls_set_psk_session_key(session, psk_key, &tmp_dh_key); + } else { /* In DHE_PSK the key is set differently */ + ret = _gnutls_set_psk_session_key(session, psk_key, + &tmp_dh_key); _gnutls_free_temp_key_datum(&tmp_dh_key); } @@ -109,7 +106,7 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, } ret = 0; - error: +error: _gnutls_mpi_release(&session->key.proto.tls12.dh.client_Y); gnutls_pk_params_clear(&session->key.proto.tls12.dh.params); @@ -117,15 +114,14 @@ _gnutls_proc_dh_common_client_kx(gnutls_session_t session, } int _gnutls_gen_dh_common_client_kx(gnutls_session_t session, - gnutls_buffer_st * data) + gnutls_buffer_st *data) { return _gnutls_gen_dh_common_client_kx_int(session, data, NULL); } -int -_gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, - gnutls_buffer_st * data, - gnutls_datum_t * pskkey) +int _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, + gnutls_buffer_st *data, + gnutls_datum_t *pskkey) { int ret; gnutls_pk_params_st peer_pub; @@ -134,21 +130,18 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, gnutls_pk_params_init(&peer_pub); - ret = - _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, - &session->key.proto.tls12.dh.params, 1); + ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, 0, + &session->key.proto.tls12.dh.params, 1); if (ret < 0) return gnutls_assert_val(ret); - _gnutls_dh_set_secret_bits(session, - _gnutls_mpi_get_nbits(session->key. - proto.tls12.dh. - params.params[DH_X])); + _gnutls_dh_set_secret_bits( + session, + _gnutls_mpi_get_nbits( + session->key.proto.tls12.dh.params.params[DH_X])); - ret = - _gnutls_buffer_append_mpi(data, 16, - session->key.proto.tls12.dh. - params.params[DH_Y], 0); + ret = _gnutls_buffer_append_mpi( + data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0); if (ret < 0) { gnutls_assert(); goto error; @@ -157,18 +150,18 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, peer_pub.params[DH_Y] = session->key.proto.tls12.dh.client_Y; /* calculate the key after calculating the message */ - ret = - _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, - &session->key.proto.tls12.dh.params, &peer_pub); + ret = _gnutls_pk_derive(GNUTLS_PK_DH, &tmp_dh_key, + &session->key.proto.tls12.dh.params, &peer_pub); if (ret < 0) { gnutls_assert(); goto error; } - if (session->security_parameters.cs->kx_algorithm != GNUTLS_KX_DHE_PSK) { + if (session->security_parameters.cs->kx_algorithm != + GNUTLS_KX_DHE_PSK) { session->key.key.data = tmp_dh_key.data; session->key.key.size = tmp_dh_key.size; - } else { /* In DHE_PSK the key is set differently */ + } else { /* In DHE_PSK the key is set differently */ ret = _gnutls_set_psk_session_key(session, pskkey, &tmp_dh_key); _gnutls_free_temp_key_datum(&tmp_dh_key); } @@ -180,15 +173,14 @@ _gnutls_gen_dh_common_client_kx_int(gnutls_session_t session, ret = data->length - init_pos; - error: +error: gnutls_pk_params_clear(&session->key.proto.tls12.dh.params); return ret; } /* Returns the bytes parsed */ -int -_gnutls_proc_dh_common_server_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size) +int _gnutls_proc_dh_common_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { uint16_t n_Y, n_g, n_p; size_t _n_Y, _n_g, _n_p, _n_q; @@ -234,8 +226,8 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, _n_g = n_g; _n_p = n_p; - if (_gnutls_mpi_init_scan_nz - (&session->key.proto.tls12.dh.client_Y, data_Y, _n_Y) != 0) { + if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh.client_Y, + data_Y, _n_Y) != 0) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } @@ -244,77 +236,79 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, if (session->internals.priorities->groups.have_ffdhe != 0) { /* verify whether the received parameters match the advertised, otherwise * log that. */ - for (j = 0; j < session->internals.priorities->groups.size; j++) { - if (session->internals.priorities->groups. - entry[j]->generator - && session->internals.priorities->groups. - entry[j]->generator->size == n_g - && session->internals.priorities->groups. - entry[j]->prime->size == n_p - && memcmp(session->internals.priorities-> - groups.entry[j]->generator->data, data_g, - n_g) == 0 - && memcmp(session->internals.priorities-> - groups.entry[j]->prime->data, data_p, - n_p) == 0) { - + for (j = 0; j < session->internals.priorities->groups.size; + j++) { + if (session->internals.priorities->groups.entry[j] + ->generator && + session->internals.priorities->groups.entry[j] + ->generator->size == n_g && + session->internals.priorities->groups.entry[j] + ->prime->size == n_p && + memcmp(session->internals.priorities->groups + .entry[j] + ->generator->data, + data_g, n_g) == 0 && + memcmp(session->internals.priorities->groups + .entry[j] + ->prime->data, + data_p, n_p) == 0) { session->internals.hsk_flags |= HSK_USED_FFDHE; - _gnutls_session_group_set(session, - session-> - internals.priorities-> - groups.entry[j]); + _gnutls_session_group_set( + session, session->internals.priorities + ->groups.entry[j]); session->key.proto.tls12.dh.params.qbits = - *session->internals.priorities-> - groups.entry[j]->q_bits; - data_q = - session->internals.priorities-> - groups.entry[j]->q->data; - _n_q = - session->internals.priorities-> - groups.entry[j]->q->size; + *session->internals.priorities->groups + .entry[j] + ->q_bits; + data_q = session->internals.priorities->groups + .entry[j] + ->q->data; + _n_q = session->internals.priorities->groups + .entry[j] + ->q->size; break; } } if (!(session->internals.hsk_flags & HSK_USED_FFDHE)) { - _gnutls_audit_log(session, - "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n"); + _gnutls_audit_log( + session, + "FFDHE groups advertised, but server didn't support it; falling back to server's choice\n"); } } -# ifdef ENABLE_FIPS140 +#ifdef ENABLE_FIPS140 if (gnutls_fips140_mode_enabled() && !_gnutls_dh_prime_match_fips_approved(data_p, n_p, data_g, n_g, NULL, NULL)) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } -# endif +#endif - if (_gnutls_mpi_init_scan_nz - (&session->key.proto.tls12.dh.params.params[DH_G], data_g, - _n_g) != 0) { + if (_gnutls_mpi_init_scan_nz( + &session->key.proto.tls12.dh.params.params[DH_G], data_g, + _n_g) != 0) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } - if (_gnutls_mpi_init_scan_nz - (&session->key.proto.tls12.dh.params.params[DH_P], data_p, - _n_p) != 0) { + if (_gnutls_mpi_init_scan_nz( + &session->key.proto.tls12.dh.params.params[DH_P], data_p, + _n_p) != 0) { gnutls_assert(); /* we release now because session->key.proto.tls12.dh.params.params_nr is not yet set */ - _gnutls_mpi_release(&session->key.proto.tls12.dh. - params.params[DH_G]); + _gnutls_mpi_release( + &session->key.proto.tls12.dh.params.params[DH_G]); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } - if (data_q - && _gnutls_mpi_init_scan_nz(&session->key.proto.tls12.dh. - params.params[DH_Q], data_q, - _n_q) != 0) { + if (data_q && _gnutls_mpi_init_scan_nz( + &session->key.proto.tls12.dh.params.params[DH_Q], + data_q, _n_q) != 0) { /* we release now because params_nr is not yet set */ - _gnutls_mpi_release(&session->key.proto.tls12.dh. - params.params[DH_P]); - _gnutls_mpi_release(&session->key.proto.tls12.dh. - params.params[DH_G]); + _gnutls_mpi_release( + &session->key.proto.tls12.dh.params.params[DH_P]); + _gnutls_mpi_release( + &session->key.proto.tls12.dh.params.params[DH_G]); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } @@ -329,29 +323,27 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, return bits; } - p_bits = - _gnutls_mpi_get_nbits(session->key.proto.tls12.dh. - params.params[DH_P]); + p_bits = _gnutls_mpi_get_nbits( + session->key.proto.tls12.dh.params.params[DH_P]); if (p_bits < bits) { /* the prime used by the peer is not acceptable */ gnutls_assert(); - _gnutls_debug_log - ("Received a prime of %u bits, limit is %u\n", - (unsigned)_gnutls_mpi_get_nbits(session->key. - proto.tls12.dh. - params.params - [DH_P]), - (unsigned)bits); + _gnutls_debug_log( + "Received a prime of %u bits, limit is %u\n", + (unsigned)_gnutls_mpi_get_nbits( + session->key.proto.tls12.dh.params + .params[DH_P]), + (unsigned)bits); return GNUTLS_E_DH_PRIME_UNACCEPTABLE; } if (p_bits >= DEFAULT_MAX_VERIFY_BITS) { gnutls_assert(); - _gnutls_debug_log - ("Received a prime of %u bits, limit is %u\n", - (unsigned)p_bits, - (unsigned)DEFAULT_MAX_VERIFY_BITS); + _gnutls_debug_log( + "Received a prime of %u bits, limit is %u\n", + (unsigned)p_bits, + (unsigned)DEFAULT_MAX_VERIFY_BITS); return GNUTLS_E_DH_PRIME_UNACCEPTABLE; } } @@ -367,9 +359,8 @@ _gnutls_proc_dh_common_server_kx(gnutls_session_t session, return ret; } -int -_gnutls_dh_common_print_server_kx(gnutls_session_t session, - gnutls_buffer_st * data) +int _gnutls_dh_common_print_server_kx(gnutls_session_t session, + gnutls_buffer_st *data) { int ret; unsigned q_bits = session->key.proto.tls12.dh.params.qbits; @@ -379,43 +370,36 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session, gnutls_assert(); _gnutls_debug_log("too small q_bits value for DH: %u\n", q_bits); - q_bits = 0; /* auto-detect */ + q_bits = 0; /* auto-detect */ } /* Y=g^x mod p */ - ret = - _gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits, - &session->key.proto.tls12.dh.params, 1); + ret = _gnutls_pk_generate_keys(GNUTLS_PK_DH, q_bits, + &session->key.proto.tls12.dh.params, 1); if (ret < 0) return gnutls_assert_val(ret); - _gnutls_dh_set_secret_bits(session, - _gnutls_mpi_get_nbits(session->key. - proto.tls12.dh. - params.params[DH_X])); + _gnutls_dh_set_secret_bits( + session, + _gnutls_mpi_get_nbits( + session->key.proto.tls12.dh.params.params[DH_X])); - ret = - _gnutls_buffer_append_mpi(data, 16, - session->key.proto.tls12.dh. - params.params[DH_P], 0); + ret = _gnutls_buffer_append_mpi( + data, 16, session->key.proto.tls12.dh.params.params[DH_P], 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_buffer_append_mpi(data, 16, - session->key.proto.tls12.dh. - params.params[DH_G], 0); + ret = _gnutls_buffer_append_mpi( + data, 16, session->key.proto.tls12.dh.params.params[DH_G], 0); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_buffer_append_mpi(data, 16, - session->key.proto.tls12.dh. - params.params[DH_Y], 0); + ret = _gnutls_buffer_append_mpi( + data, 16, session->key.proto.tls12.dh.params.params[DH_Y], 0); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -423,7 +407,7 @@ _gnutls_dh_common_print_server_kx(gnutls_session_t session, ret = data->length - init_pos; - cleanup: +cleanup: return ret; } diff --git a/lib/auth/dh_common.h b/lib/auth/dh_common.h index cc523d633e..cb93f9f5f5 100644 --- a/lib/auth/dh_common.h +++ b/lib/auth/dh_common.h @@ -21,9 +21,9 @@ */ #ifndef GNUTLS_LIB_AUTH_DH_COMMON_H -# define GNUTLS_LIB_AUTH_DH_COMMON_H +#define GNUTLS_LIB_AUTH_DH_COMMON_H -# include <auth.h> +#include <auth.h> typedef struct { int secret_bits; @@ -33,18 +33,16 @@ typedef struct { gnutls_datum_t public_key; } dh_info_st; -void _gnutls_free_dh_info(dh_info_st * dh); +void _gnutls_free_dh_info(dh_info_st *dh); -int _gnutls_gen_dh_common_client_kx_int(gnutls_session_t, - gnutls_buffer_st *, - gnutls_datum_t * pskkey); +int _gnutls_gen_dh_common_client_kx_int(gnutls_session_t, gnutls_buffer_st *, + gnutls_datum_t *pskkey); int _gnutls_gen_dh_common_client_kx(gnutls_session_t, gnutls_buffer_st *); -int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size, - gnutls_datum_t * psk_key); -int _gnutls_dh_common_print_server_kx(gnutls_session_t, - gnutls_buffer_st * data); -int _gnutls_proc_dh_common_server_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size); +int _gnutls_proc_dh_common_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size, + gnutls_datum_t *psk_key); +int _gnutls_dh_common_print_server_kx(gnutls_session_t, gnutls_buffer_st *data); +int _gnutls_proc_dh_common_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size); -#endif /* GNUTLS_LIB_AUTH_DH_COMMON_H */ +#endif /* GNUTLS_LIB_AUTH_DH_COMMON_H */ diff --git a/lib/auth/dhe.c b/lib/auth/dhe.c index 5a01457675..eeaf831c7f 100644 --- a/lib/auth/dhe.c +++ b/lib/auth/dhe.c @@ -52,15 +52,15 @@ const mod_auth_st dhe_rsa_auth_struct = { _gnutls_gen_cert_client_crt, gen_dhe_server_kx, _gnutls_gen_dh_common_client_kx, - _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */ - _gnutls_gen_cert_server_cert_req, /* server cert request */ + _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */ + _gnutls_gen_cert_server_cert_req, /* server cert request */ _gnutls_proc_crt, _gnutls_proc_crt, proc_dhe_server_kx, proc_dhe_client_kx, - _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */ - _gnutls_proc_cert_cert_req /* proc server cert request */ + _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */ + _gnutls_proc_cert_cert_req /* proc server cert request */ }; const mod_auth_st dhe_dss_auth_struct = { @@ -69,27 +69,27 @@ const mod_auth_st dhe_dss_auth_struct = { _gnutls_gen_cert_client_crt, gen_dhe_server_kx, _gnutls_gen_dh_common_client_kx, - _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */ - _gnutls_gen_cert_server_cert_req, /* server cert request */ + _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */ + _gnutls_gen_cert_server_cert_req, /* server cert request */ _gnutls_proc_crt, _gnutls_proc_crt, proc_dhe_server_kx, proc_dhe_client_kx, - _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */ - _gnutls_proc_cert_cert_req /* proc server cert request */ + _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */ + _gnutls_proc_cert_cert_req /* proc server cert request */ }; #endif -static int gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) +static int gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st *data) { int ret = 0; gnutls_certificate_credentials_t cred; unsigned sig_pos; - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -101,9 +101,8 @@ static int gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } - ret = - _gnutls_figure_dh_params(session, cred->dh_params, - cred->params_func, cred->dh_sec_param); + ret = _gnutls_figure_dh_params(session, cred->dh_params, + cred->params_func, cred->dh_sec_param); if (ret < 0) { return gnutls_assert_val(ret); } @@ -121,8 +120,8 @@ static int gen_dhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) data->length - sig_pos); } -static int -proc_dhe_server_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) +static int proc_dhe_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { gnutls_datum_t vdata; int ret; @@ -134,12 +133,12 @@ proc_dhe_server_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) vdata.data = data; vdata.size = ret; - return _gnutls_proc_dhe_signature(session, data + ret, - _data_size - ret, &vdata); + return _gnutls_proc_dhe_signature(session, data + ret, _data_size - ret, + &vdata); } -static int -proc_dhe_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) +static int proc_dhe_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { return _gnutls_proc_dh_common_client_kx(session, data, _data_size, NULL); diff --git a/lib/auth/dhe_psk.c b/lib/auth/dhe_psk.c index 6ff31012db..ab5eddd16a 100644 --- a/lib/auth/dhe_psk.c +++ b/lib/auth/dhe_psk.c @@ -32,78 +32,73 @@ /* Contains PSK code for DHE and ECDHE */ -# include "auth.h" -# include "errors.h" -# include "dh.h" -# include <auth/psk.h> -# include "num.h" -# include "mpi.h" -# include <state.h> -# include <auth/dh_common.h> -# include <auth/ecdhe.h> -# include <datum.h> -# include <auth/psk_passwd.h> - -static int -proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size); +#include "auth.h" +#include "errors.h" +#include "dh.h" +#include <auth/psk.h> +#include "num.h" +#include "mpi.h" +#include <state.h> +#include <auth/dh_common.h> +#include <auth/ecdhe.h> +#include <datum.h> +#include <auth/psk_passwd.h> + +static int proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size); static int gen_dhe_psk_server_kx(gnutls_session_t, gnutls_buffer_st *); static int gen_dhe_psk_client_kx(gnutls_session_t, gnutls_buffer_st *); static int gen_ecdhe_psk_client_kx(gnutls_session_t, gnutls_buffer_st *); static int proc_ecdhe_psk_client_kx(gnutls_session_t, uint8_t *, size_t); static int proc_dhe_psk_server_kx(gnutls_session_t, uint8_t *, size_t); static int gen_ecdhe_psk_server_kx(gnutls_session_t session, - gnutls_buffer_st * data); -static int proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data, + gnutls_buffer_st *data); +static int proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t *data, size_t _data_size); -# ifdef ENABLE_DHE -const mod_auth_st dhe_psk_auth_struct = { - "DHE PSK", - NULL, - NULL, - gen_dhe_psk_server_kx, - gen_dhe_psk_client_kx, - NULL, - NULL, - - NULL, - NULL, /* certificate */ - proc_dhe_psk_server_kx, - proc_dhe_psk_client_kx, - NULL, - NULL -}; -# endif - -# ifdef ENABLE_ECDHE -const mod_auth_st ecdhe_psk_auth_struct = { - "ECDHE PSK", - NULL, - NULL, - gen_ecdhe_psk_server_kx, - gen_ecdhe_psk_client_kx, - NULL, - NULL, - - NULL, - NULL, /* certificate */ - proc_ecdhe_psk_server_kx, - proc_ecdhe_psk_client_kx, - NULL, - NULL -}; -# endif - -static int -gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) +#ifdef ENABLE_DHE +const mod_auth_st dhe_psk_auth_struct = { "DHE PSK", + NULL, + NULL, + gen_dhe_psk_server_kx, + gen_dhe_psk_client_kx, + NULL, + NULL, + + NULL, + NULL, /* certificate */ + proc_dhe_psk_server_kx, + proc_dhe_psk_client_kx, + NULL, + NULL }; +#endif + +#ifdef ENABLE_ECDHE +const mod_auth_st ecdhe_psk_auth_struct = { "ECDHE PSK", + NULL, + NULL, + gen_ecdhe_psk_server_kx, + gen_ecdhe_psk_client_kx, + NULL, + NULL, + + NULL, + NULL, /* certificate */ + proc_ecdhe_psk_server_kx, + proc_ecdhe_psk_client_kx, + NULL, + NULL }; +#endif + +static int gen_ecdhe_psk_client_kx(gnutls_session_t session, + gnutls_buffer_st *data) { int ret, free; gnutls_psk_client_credentials_t cred; gnutls_datum_t username, key; unsigned init_pos = data->length; - cred = (gnutls_psk_client_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_client_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); @@ -112,9 +107,8 @@ gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) if (ret < 0) return gnutls_assert_val(ret); - ret = - _gnutls_buffer_append_data_prefix(data, 16, username.data, - username.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, + username.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -129,7 +123,7 @@ gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) ret = data->length - init_pos; - cleanup: +cleanup: if (free) { _gnutls_free_datum(&username); _gnutls_free_temp_key_datum(&key); @@ -138,16 +132,16 @@ gen_ecdhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } -static int -gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) +static int gen_dhe_psk_client_kx(gnutls_session_t session, + gnutls_buffer_st *data) { int ret, free; gnutls_psk_client_credentials_t cred; gnutls_datum_t username, key; unsigned init_pos = data->length; - cred = (gnutls_psk_client_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_client_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); @@ -156,9 +150,8 @@ gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) if (ret < 0) return gnutls_assert_val(ret); - ret = - _gnutls_buffer_append_data_prefix(data, 16, username.data, - username.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, + username.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -173,7 +166,7 @@ gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) ret = data->length - init_pos; - cleanup: +cleanup: if (free) { _gnutls_free_datum(&username); _gnutls_free_temp_key_datum(&key); @@ -182,37 +175,35 @@ gen_dhe_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } -static int -gen_dhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) +static int gen_dhe_psk_server_kx(gnutls_session_t session, + gnutls_buffer_st *data) { int ret; gnutls_psk_server_credentials_t cred; gnutls_datum_t hint = { NULL, 0 }; - cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, - sizeof(psk_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, + sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } - ret = - _gnutls_figure_dh_params(session, cred->dh_params, - cred->params_func, cred->dh_sec_param); + ret = _gnutls_figure_dh_params(session, cred->dh_params, + cred->params_func, cred->dh_sec_param); if (ret < 0) { gnutls_assert(); return ret; } if (cred->hint) { - hint.data = (uint8_t *) cred->hint; + hint.data = (uint8_t *)cred->hint; hint.size = strlen(cred->hint); } @@ -227,22 +218,21 @@ gen_dhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } -static int -gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) +static int gen_ecdhe_psk_server_kx(gnutls_session_t session, + gnutls_buffer_st *data) { int ret; gnutls_psk_server_credentials_t cred; gnutls_datum_t hint = { NULL, 0 }; - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, - sizeof(psk_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, + sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } - cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); @@ -250,7 +240,7 @@ gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) } if (cred->hint) { - hint.data = (uint8_t *) cred->hint; + hint.data = (uint8_t *)cred->hint; hint.size = strlen(cred->hint); } @@ -266,9 +256,8 @@ gen_ecdhe_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } -static int -proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { int ret; gnutls_datum_t psk_key; @@ -277,17 +266,16 @@ proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data, gnutls_datum_t username; ssize_t data_size = _data_size; - cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, - sizeof(psk_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, + sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } @@ -319,9 +307,8 @@ proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data, /* Adjust the data */ data += username.size + 2; - ret = - _gnutls_psk_pwd_find_entry(session, info->username, - info->username_len, &psk_key); + ret = _gnutls_psk_pwd_find_entry(session, info->username, + info->username_len, &psk_key); if (ret < 0) return gnutls_assert_val(ret); @@ -331,12 +318,10 @@ proc_dhe_psk_client_kx(gnutls_session_t session, uint8_t * data, _gnutls_free_key_datum(&psk_key); return ret; - } -static int -proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { int ret; gnutls_psk_server_credentials_t cred; @@ -345,17 +330,16 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data, gnutls_datum_t username; ssize_t data_size = _data_size; - cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, - sizeof(psk_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, + sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } @@ -389,9 +373,8 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data, /* should never fail. It will always return a key even if it is * a random one */ - ret = - _gnutls_psk_pwd_find_entry(session, info->username, - info->username_len, &psk_key); + ret = _gnutls_psk_pwd_find_entry(session, info->username, + info->username_len, &psk_key); if (ret < 0) return gnutls_assert_val(ret); @@ -403,20 +386,17 @@ proc_ecdhe_psk_client_kx(gnutls_session_t session, uint8_t * data, return ret; } -static int -proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { - int ret; ssize_t data_size = _data_size; psk_auth_info_t info; gnutls_datum_t hint; /* set auth_info */ - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, - sizeof(psk_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, + sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } @@ -451,20 +431,17 @@ proc_dhe_psk_server_kx(gnutls_session_t session, uint8_t * data, return 0; } -static int -proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { - int ret; ssize_t data_size = _data_size; psk_auth_info_t info; gnutls_datum_t hint; /* set auth_info */ - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, - sizeof(psk_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, + sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } @@ -499,4 +476,4 @@ proc_ecdhe_psk_server_kx(gnutls_session_t session, uint8_t * data, return 0; } -#endif /* ENABLE_PSK */ +#endif /* ENABLE_PSK */ diff --git a/lib/auth/ecdhe.c b/lib/auth/ecdhe.c index 350cb27da7..b69323c539 100644 --- a/lib/auth/ecdhe.c +++ b/lib/auth/ecdhe.c @@ -44,12 +44,10 @@ #include <pk.h> static int gen_ecdhe_server_kx(gnutls_session_t, gnutls_buffer_st *); -static int -proc_ecdhe_server_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size); -static int -proc_ecdhe_client_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size); +static int proc_ecdhe_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size); +static int proc_ecdhe_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size); #if defined(ENABLE_ECDHE) const mod_auth_st ecdhe_ecdsa_auth_struct = { @@ -57,7 +55,7 @@ const mod_auth_st ecdhe_ecdsa_auth_struct = { _gnutls_gen_cert_server_crt, _gnutls_gen_cert_client_crt, gen_ecdhe_server_kx, - _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */ + _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */ _gnutls_gen_cert_client_crt_vrfy, _gnutls_gen_cert_server_cert_req, @@ -74,7 +72,7 @@ const mod_auth_st ecdhe_rsa_auth_struct = { _gnutls_gen_cert_server_crt, _gnutls_gen_cert_client_crt, gen_ecdhe_server_kx, - _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */ + _gnutls_gen_ecdh_common_client_kx, /* This is the only difference */ _gnutls_gen_cert_client_crt_vrfy, _gnutls_gen_cert_server_cert_req, @@ -86,9 +84,8 @@ const mod_auth_st ecdhe_rsa_auth_struct = { _gnutls_proc_cert_cert_req }; -static int calc_ecdh_key(gnutls_session_t session, - gnutls_datum_t * psk_key, - const gnutls_ecc_curve_entry_st * ecurve) +static int calc_ecdh_key(gnutls_session_t session, gnutls_datum_t *psk_key, + const gnutls_ecc_curve_entry_st *ecurve) { gnutls_pk_params_st pub; int ret; @@ -101,9 +98,8 @@ static int calc_ecdh_key(gnutls_session_t session, pub.raw_pub.size = session->key.proto.tls12.ecdh.raw.size; pub.curve = ecurve->id; - ret = - _gnutls_pk_derive(ecurve->pk, &tmp_dh_key, - &session->key.proto.tls12.ecdh.params, &pub); + ret = _gnutls_pk_derive(ecurve->pk, &tmp_dh_key, + &session->key.proto.tls12.ecdh.params, &pub); if (ret < 0) { ret = gnutls_assert_val(ret); goto cleanup; @@ -111,10 +107,10 @@ static int calc_ecdh_key(gnutls_session_t session, if (psk_key == NULL) { memcpy(&session->key.key, &tmp_dh_key, sizeof(gnutls_datum_t)); - tmp_dh_key.data = NULL; /* no longer needed */ + tmp_dh_key.data = NULL; /* no longer needed */ } else { - ret = - _gnutls_set_psk_session_key(session, psk_key, &tmp_dh_key); + ret = _gnutls_set_psk_session_key(session, psk_key, + &tmp_dh_key); _gnutls_free_temp_key_datum(&tmp_dh_key); if (ret < 0) { @@ -125,7 +121,7 @@ static int calc_ecdh_key(gnutls_session_t session, ret = 0; - cleanup: +cleanup: /* no longer needed */ _gnutls_mpi_release(&session->key.proto.tls12.ecdh.x); _gnutls_mpi_release(&session->key.proto.tls12.ecdh.y); @@ -134,10 +130,9 @@ static int calc_ecdh_key(gnutls_session_t session, return ret; } -int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size, - const struct gnutls_group_entry_st - *group, gnutls_datum_t * psk_key) +int _gnutls_proc_ecdh_common_client_kx( + gnutls_session_t session, uint8_t *data, size_t _data_size, + const struct gnutls_group_entry_st *group, gnutls_datum_t *psk_key) { ssize_t data_size = _data_size; int ret, i = 0; @@ -163,12 +158,9 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, DECR_LEN(data_size, point_size); if (ecurve->pk == GNUTLS_PK_EC) { - ret = - _gnutls_ecc_ansi_x962_import(&data[i], point_size, - &session->key.proto.tls12. - ecdh.x, - &session->key.proto.tls12. - ecdh.y); + ret = _gnutls_ecc_ansi_x962_import( + &data[i], point_size, &session->key.proto.tls12.ecdh.x, + &session->key.proto.tls12.ecdh.y); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -176,9 +168,8 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519 || ecurve->pk == GNUTLS_PK_ECDH_X448) { if (ecurve->size != point_size) - return - gnutls_assert_val - (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + return gnutls_assert_val( + GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); ret = _gnutls_set_datum(&session->key.proto.tls12.ecdh.raw, &data[i], point_size); @@ -190,8 +181,8 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, /* RFC7748 requires to mask the MSB in the final byte * for X25519 (not X448) */ if (ecurve->id == GNUTLS_ECC_CURVE_X25519) { - session->key.proto.tls12.ecdh.raw.data[point_size - - 1] &= 0x7f; + session->key.proto.tls12.ecdh.raw.data[point_size - 1] &= + 0x7f; } } else { return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); @@ -208,7 +199,7 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, gnutls_assert(); goto cleanup; } - cleanup: +cleanup: _gnutls_mpi_release(&session->key.proto.tls12.ecdh.x); _gnutls_mpi_release(&session->key.proto.tls12.ecdh.y); _gnutls_free_datum(&session->key.proto.tls12.ecdh.raw); @@ -216,35 +207,31 @@ int _gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, return ret; } -static int -proc_ecdhe_client_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size) +static int proc_ecdhe_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { gnutls_certificate_credentials_t cred; - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - return _gnutls_proc_ecdh_common_client_kx(session, data, - _data_size, + return _gnutls_proc_ecdh_common_client_kx(session, data, _data_size, get_group(session), NULL); } -int -_gnutls_gen_ecdh_common_client_kx(gnutls_session_t session, - gnutls_buffer_st * data) +int _gnutls_gen_ecdh_common_client_kx(gnutls_session_t session, + gnutls_buffer_st *data) { return _gnutls_gen_ecdh_common_client_kx_int(session, data, NULL); } -int -_gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, - gnutls_buffer_st * data, - gnutls_datum_t * psk_key) +int _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, + gnutls_buffer_st *data, + gnutls_datum_t *psk_key) { int ret; gnutls_datum_t out; @@ -263,31 +250,27 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, pk = ecurve->pk; /* generate temporal key */ - ret = - _gnutls_pk_generate_keys(pk, ecurve->id, - &session->key.proto.tls12.ecdh.params, 1); + ret = _gnutls_pk_generate_keys( + pk, ecurve->id, &session->key.proto.tls12.ecdh.params, 1); if (ret < 0) return gnutls_assert_val(ret); if (pk == GNUTLS_PK_EC) { - ret = - _gnutls_ecc_ansi_x962_export(ecurve->id, - session->key.proto.tls12. - ecdh.params. - params[ECC_X] /* x */ , - session->key.proto.tls12. - ecdh.params. - params[ECC_Y] /* y */ , - &out); + ret = _gnutls_ecc_ansi_x962_export( + ecurve->id, + session->key.proto.tls12.ecdh.params + .params[ECC_X] /* x */, + session->key.proto.tls12.ecdh.params + .params[ECC_Y] /* y */, + &out); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_buffer_append_data_prefix(data, 8, out.data, - out.size); + ret = _gnutls_buffer_append_data_prefix(data, 8, out.data, + out.size); _gnutls_free_datum(&out); @@ -296,14 +279,10 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, goto cleanup; } } else if (pk == GNUTLS_PK_ECDH_X25519 || pk == GNUTLS_PK_ECDH_X448) { - ret = - _gnutls_buffer_append_data_prefix(data, 8, - session->key.proto. - tls12.ecdh.params.raw_pub. - data, - session->key.proto. - tls12.ecdh.params.raw_pub. - size); + ret = _gnutls_buffer_append_data_prefix( + data, 8, + session->key.proto.tls12.ecdh.params.raw_pub.data, + session->key.proto.tls12.ecdh.params.raw_pub.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -318,14 +297,13 @@ _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, } ret = data->length - init_pos; - cleanup: +cleanup: gnutls_pk_params_clear(&session->key.proto.tls12.ecdh.params); return ret; } -static int -proc_ecdhe_server_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size) +static int proc_ecdhe_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { int ret; gnutls_datum_t vparams; @@ -337,13 +315,12 @@ proc_ecdhe_server_kx(gnutls_session_t session, vparams.data = data; vparams.size = ret; - return _gnutls_proc_dhe_signature(session, data + ret, - _data_size - ret, &vparams); + return _gnutls_proc_dhe_signature(session, data + ret, _data_size - ret, + &vparams); } -int -_gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size) +int _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { int i, ret; unsigned point_size; @@ -392,21 +369,17 @@ _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, DECR_LEN(data_size, point_size); if (ecurve->pk == GNUTLS_PK_EC) { - ret = - _gnutls_ecc_ansi_x962_import(&data[i], point_size, - &session->key.proto.tls12. - ecdh.x, - &session->key.proto.tls12. - ecdh.y); + ret = _gnutls_ecc_ansi_x962_import( + &data[i], point_size, &session->key.proto.tls12.ecdh.x, + &session->key.proto.tls12.ecdh.y); if (ret < 0) return gnutls_assert_val(ret); } else if (ecurve->pk == GNUTLS_PK_ECDH_X25519 || ecurve->pk == GNUTLS_PK_ECDH_X448) { if (ecurve->size != point_size) - return - gnutls_assert_val - (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); + return gnutls_assert_val( + GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); ret = _gnutls_set_datum(&session->key.proto.tls12.ecdh.raw, &data[i], point_size); @@ -416,8 +389,8 @@ _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, /* RFC7748 requires to mask the MSB in the final byte * for X25519 (not X448) */ if (ecurve->id == GNUTLS_ECC_CURVE_X25519) { - session->key.proto.tls12.ecdh.raw.data[point_size - - 1] &= 0x7f; + session->key.proto.tls12.ecdh.raw.data[point_size - 1] &= + 0x7f; } } else { return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); @@ -431,8 +404,8 @@ _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, /* If the psk flag is set, then an empty psk_identity_hint will * be inserted */ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, - gnutls_buffer_st * data, - const gnutls_group_entry_st * group) + gnutls_buffer_st *data, + const gnutls_group_entry_st *group) { uint8_t p; int ret; @@ -459,28 +432,25 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, return gnutls_assert_val(ret); /* generate temporal key */ - ret = - _gnutls_pk_generate_keys(group->pk, group->curve, - &session->key.proto.tls12.ecdh.params, 1); + ret = _gnutls_pk_generate_keys(group->pk, group->curve, + &session->key.proto.tls12.ecdh.params, + 1); if (ret < 0) return gnutls_assert_val(ret); if (group->pk == GNUTLS_PK_EC) { - ret = - _gnutls_ecc_ansi_x962_export(group->curve, - session->key.proto.tls12. - ecdh.params. - params[ECC_X] /* x */ , - session->key.proto.tls12. - ecdh.params. - params[ECC_Y] /* y */ , - &out); + ret = _gnutls_ecc_ansi_x962_export( + group->curve, + session->key.proto.tls12.ecdh.params + .params[ECC_X] /* x */, + session->key.proto.tls12.ecdh.params + .params[ECC_Y] /* y */, + &out); if (ret < 0) return gnutls_assert_val(ret); - ret = - _gnutls_buffer_append_data_prefix(data, 8, out.data, - out.size); + ret = _gnutls_buffer_append_data_prefix(data, 8, out.data, + out.size); _gnutls_free_datum(&out); @@ -489,14 +459,10 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, } else if (group->pk == GNUTLS_PK_ECDH_X25519 || group->pk == GNUTLS_PK_ECDH_X448) { - ret = - _gnutls_buffer_append_data_prefix(data, 8, - session->key.proto. - tls12.ecdh.params.raw_pub. - data, - session->key.proto. - tls12.ecdh.params.raw_pub. - size); + ret = _gnutls_buffer_append_data_prefix( + data, 8, + session->key.proto.tls12.ecdh.params.raw_pub.data, + session->key.proto.tls12.ecdh.params.raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); } else { @@ -506,15 +472,14 @@ int _gnutls_ecdh_common_print_server_kx(gnutls_session_t session, return data->length - init_pos; } -static int -gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) +static int gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st *data) { int ret = 0; gnutls_certificate_credentials_t cred; unsigned sig_pos; - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -528,9 +493,8 @@ gen_ecdhe_server_kx(gnutls_session_t session, gnutls_buffer_st * data) sig_pos = data->length; - ret = - _gnutls_ecdh_common_print_server_kx(session, data, - get_group(session)); + ret = _gnutls_ecdh_common_print_server_kx(session, data, + get_group(session)); if (ret < 0) { gnutls_assert(); return ret; diff --git a/lib/auth/ecdhe.h b/lib/auth/ecdhe.h index a691360b7f..d0eba71506 100644 --- a/lib/auth/ecdhe.h +++ b/lib/auth/ecdhe.h @@ -22,30 +22,25 @@ */ #ifndef GNUTLS_LIB_AUTH_ECDHE_H -# define GNUTLS_LIB_AUTH_ECDHE_H +#define GNUTLS_LIB_AUTH_ECDHE_H -# include <auth.h> +#include <auth.h> -int -_gnutls_gen_ecdh_common_client_kx(gnutls_session_t session, - gnutls_buffer_st * data); +int _gnutls_gen_ecdh_common_client_kx(gnutls_session_t session, + gnutls_buffer_st *data); -int -_gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, - gnutls_buffer_st * data, - gnutls_datum_t * psk_key); +int _gnutls_gen_ecdh_common_client_kx_int(gnutls_session_t session, + gnutls_buffer_st *data, + gnutls_datum_t *psk_key); -int -_gnutls_proc_ecdh_common_client_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size, - const struct gnutls_group_entry_st *group, - gnutls_datum_t * psk_key); +int _gnutls_proc_ecdh_common_client_kx( + gnutls_session_t session, uint8_t *data, size_t _data_size, + const struct gnutls_group_entry_st *group, gnutls_datum_t *psk_key); -int _gnutls_ecdh_common_print_server_kx(gnutls_session_t, - gnutls_buffer_st * data, - const struct gnutls_group_entry_st - *group); -int _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, uint8_t * data, +int _gnutls_ecdh_common_print_server_kx( + gnutls_session_t, gnutls_buffer_st *data, + const struct gnutls_group_entry_st *group); +int _gnutls_proc_ecdh_common_server_kx(gnutls_session_t session, uint8_t *data, size_t _data_size); -#endif /* GNUTLS_LIB_AUTH_ECDHE_H */ +#endif /* GNUTLS_LIB_AUTH_ECDHE_H */ diff --git a/lib/auth/psk.c b/lib/auth/psk.c index 25eea8785d..17206f69c5 100644 --- a/lib/auth/psk.c +++ b/lib/auth/psk.c @@ -24,43 +24,39 @@ #ifdef ENABLE_PSK -# include "errors.h" -# include "auth.h" -# include "debug.h" -# include "num.h" -# include <auth/psk.h> -# include <auth/psk_passwd.h> -# include <str.h> -# include <datum.h> +#include "errors.h" +#include "auth.h" +#include "debug.h" +#include "num.h" +#include <auth/psk.h> +#include <auth/psk_passwd.h> +#include <str.h> +#include <datum.h> static int _gnutls_proc_psk_client_kx(gnutls_session_t, uint8_t *, size_t); -static int -_gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size); - -const mod_auth_st psk_auth_struct = { - "PSK", - NULL, - NULL, - _gnutls_gen_psk_server_kx, - _gnutls_gen_psk_client_kx, - NULL, - NULL, - - NULL, - NULL, /* certificate */ - _gnutls_proc_psk_server_kx, - _gnutls_proc_psk_client_kx, - NULL, - NULL -}; +static int _gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size); + +const mod_auth_st psk_auth_struct = { "PSK", + NULL, + NULL, + _gnutls_gen_psk_server_kx, + _gnutls_gen_psk_client_kx, + NULL, + NULL, + + NULL, + NULL, /* certificate */ + _gnutls_proc_psk_server_kx, + _gnutls_proc_psk_client_kx, + NULL, + NULL }; /* Set the PSK premaster secret. */ -int -_gnutls_set_psk_session_key(gnutls_session_t session, - gnutls_datum_t * ppsk /* key */ , - gnutls_datum_t * dh_secret) +int _gnutls_set_psk_session_key(gnutls_session_t session, + gnutls_datum_t *ppsk /* key */, + gnutls_datum_t *dh_secret) { gnutls_datum_t pwd_psk = { NULL, 0 }; size_t dh_secret_size; @@ -103,7 +99,7 @@ _gnutls_set_psk_session_key(gnutls_session_t session, ret = 0; - error: +error: _gnutls_free_temp_key_datum(&pwd_psk); return ret; } @@ -118,7 +114,7 @@ _gnutls_set_psk_session_key(gnutls_session_t session, * } ClientKeyExchange; * */ -int _gnutls_gen_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) +int _gnutls_gen_psk_client_kx(gnutls_session_t session, gnutls_buffer_st *data) { int ret, free; gnutls_datum_t username = { NULL, 0 }; @@ -126,8 +122,8 @@ int _gnutls_gen_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) gnutls_psk_client_credentials_t cred; psk_auth_info_t info; - cred = (gnutls_psk_client_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_client_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); @@ -150,9 +146,8 @@ int _gnutls_gen_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) goto cleanup; } - ret = - _gnutls_buffer_append_data_prefix(data, 16, username.data, - username.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, + username.size); if (ret < 0) { gnutls_assert(); } @@ -170,7 +165,7 @@ int _gnutls_gen_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) goto cleanup; } - cleanup: +cleanup: if (free) { gnutls_free(username.data); _gnutls_free_temp_key_datum(&key); @@ -181,9 +176,8 @@ int _gnutls_gen_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) /* just read the username from the client key exchange. */ -static int -_gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { ssize_t data_size = _data_size; int ret; @@ -191,17 +185,16 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, gnutls_psk_server_credentials_t cred; psk_auth_info_t info; - cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, - sizeof(psk_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, + sizeof(psk_auth_info_st), 1)) < 0) { gnutls_assert(); return ret; } @@ -230,9 +223,8 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, if (ret < 0) return gnutls_assert_val(ret); - ret = - _gnutls_psk_pwd_find_entry(session, info->username, - info->username_len, &psk_key); + ret = _gnutls_psk_pwd_find_entry(session, info->username, + info->username_len, &psk_key); if (ret < 0) return gnutls_assert_val(ret); @@ -244,7 +236,7 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, ret = 0; - error: +error: _gnutls_free_key_datum(&psk_key); return ret; @@ -261,13 +253,13 @@ _gnutls_proc_psk_client_kx(gnutls_session_t session, uint8_t * data, * } ServerKeyExchange; * */ -int _gnutls_gen_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) +int _gnutls_gen_psk_server_kx(gnutls_session_t session, gnutls_buffer_st *data) { gnutls_psk_server_credentials_t cred; gnutls_datum_t hint; - cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); @@ -280,7 +272,7 @@ int _gnutls_gen_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) return GNUTLS_E_INT_RET_0; } - hint.data = (uint8_t *) cred->hint; + hint.data = (uint8_t *)cred->hint; hint.size = strlen(cred->hint); return _gnutls_buffer_append_data_prefix(data, 16, hint.data, @@ -288,9 +280,8 @@ int _gnutls_gen_psk_server_kx(gnutls_session_t session, gnutls_buffer_st * data) } /* Read the hint from the server key exchange */ -static int -_gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int _gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { int ret; ssize_t data_size = _data_size; @@ -298,15 +289,13 @@ _gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data, psk_auth_info_t info; gnutls_datum_t hint; - cred = - (gnutls_psk_client_credentials_t) _gnutls_get_cred(session, - GNUTLS_CRD_PSK); + cred = (gnutls_psk_client_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS); - ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, - sizeof(psk_auth_info_st), 1); + ret = _gnutls_auth_info_init(session, GNUTLS_CRD_PSK, + sizeof(psk_auth_info_st), 1); if (ret < 0) return gnutls_assert_val(ret); @@ -327,4 +316,4 @@ _gnutls_proc_psk_server_kx(gnutls_session_t session, uint8_t * data, return ret; } -#endif /* ENABLE_PSK */ +#endif /* ENABLE_PSK */ diff --git a/lib/auth/psk.h b/lib/auth/psk.h index d5a55f58bc..06d7913c85 100644 --- a/lib/auth/psk.h +++ b/lib/auth/psk.h @@ -21,15 +21,16 @@ */ #ifndef GNUTLS_LIB_AUTH_PSK_H -# define GNUTLS_LIB_AUTH_PSK_H +#define GNUTLS_LIB_AUTH_PSK_H -# include <auth.h> -# include <auth/dh_common.h> +#include <auth.h> +#include <auth/dh_common.h> -# define _gnutls_copy_psk_username(info, datum) \ - _gnutls_copy_psk_string(&(info)->username, &(info)->username_len, (datum)) +#define _gnutls_copy_psk_username(info, datum) \ + _gnutls_copy_psk_string(&(info)->username, &(info)->username_len, \ + (datum)) -# define _gnutls_copy_psk_hint(info, datum) \ +#define _gnutls_copy_psk_hint(info, datum) \ _gnutls_copy_psk_string(&(info)->hint, &(info)->hint_len, (datum)) typedef struct gnutls_psk_client_credentials_st { @@ -74,9 +75,8 @@ typedef struct psk_auth_info_st { typedef struct psk_auth_info_st psk_auth_info_st; -inline static int -_gnutls_copy_psk_string(char **dest, uint16_t * dest_len, - const gnutls_datum_t str) +inline static int _gnutls_copy_psk_string(char **dest, uint16_t *dest_len, + const gnutls_datum_t str) { char *_tmp; @@ -95,17 +95,15 @@ _gnutls_copy_psk_string(char **dest, uint16_t * dest_len, return GNUTLS_E_SUCCESS; } -# ifdef ENABLE_PSK +#ifdef ENABLE_PSK -int -_gnutls_set_psk_session_key(gnutls_session_t session, gnutls_datum_t * key, - gnutls_datum_t * psk2); -int _gnutls_gen_psk_server_kx(gnutls_session_t session, - gnutls_buffer_st * data); +int _gnutls_set_psk_session_key(gnutls_session_t session, gnutls_datum_t *key, + gnutls_datum_t *psk2); +int _gnutls_gen_psk_server_kx(gnutls_session_t session, gnutls_buffer_st *data); int _gnutls_gen_psk_client_kx(gnutls_session_t, gnutls_buffer_st *); -# else -# define _gnutls_set_psk_session_key(x,y,z) GNUTLS_E_UNIMPLEMENTED_FEATURE -# endif /* ENABLE_PSK */ +#else +#define _gnutls_set_psk_session_key(x, y, z) GNUTLS_E_UNIMPLEMENTED_FEATURE +#endif /* ENABLE_PSK */ -#endif /* GNUTLS_LIB_AUTH_PSK_H */ +#endif /* GNUTLS_LIB_AUTH_PSK_H */ diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index 35cfff311d..70f59c7738 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -39,7 +39,7 @@ /* this function parses passwd.psk file. Format is: * string(username):hex(passwd) */ -static int pwd_put_values(gnutls_datum_t * psk, char *str) +static int pwd_put_values(gnutls_datum_t *psk, char *str) { char *p; int len, ret; @@ -74,8 +74,8 @@ static int pwd_put_values(gnutls_datum_t * psk, char *str) return 0; } -static bool username_matches(const gnutls_datum_t * username, - const char *line, size_t line_size) +static bool username_matches(const gnutls_datum_t *username, const char *line, + size_t line_size) { int retval; unsigned i; @@ -94,8 +94,7 @@ static bool username_matches(const gnutls_datum_t * username, /* move to first ':' */ i = 0; - while ((i < line_size) && (line[i] != '\0') - && (line[i] != ':')) { + while ((i < line_size) && (line[i] != '\0') && (line[i] != ':')) { i++; } @@ -108,17 +107,15 @@ static bool username_matches(const gnutls_datum_t * username, return gnutls_assert_val(0); if (hex_username.size == username->size) - retval = - memcmp(username->data, hex_username.data, - username->size); + retval = memcmp(username->data, hex_username.data, + username->size); else retval = -1; _gnutls_free_datum(&hex_username); } else { - retval = - strncmp((const char *)username->data, line, - MAX(i, username->size)); + retval = strncmp((const char *)username->data, line, + MAX(i, username->size)); } return (retval == 0); @@ -127,7 +124,7 @@ static bool username_matches(const gnutls_datum_t * username, /* Randomizes the given password entry. It actually sets a random password. * Returns 0 on success. */ -static int _randomize_psk(gnutls_datum_t * psk) +static int _randomize_psk(gnutls_datum_t *psk) { int ret; @@ -151,23 +148,19 @@ static int _randomize_psk(gnutls_datum_t * psk) /* Returns the PSK key of the given user. * If the user doesn't exist a random password is returned instead. */ -int -_gnutls_psk_pwd_find_entry(gnutls_session_t session, - const char *username, uint16_t username_len, - gnutls_datum_t * psk) +int _gnutls_psk_pwd_find_entry(gnutls_session_t session, const char *username, + uint16_t username_len, gnutls_datum_t *psk) { gnutls_psk_server_credentials_t cred; FILE *fp; char *line = NULL; size_t line_size = 0; int ret; - gnutls_datum_t username_datum = { - .data = (unsigned char *)username, - .size = username_len - }; + gnutls_datum_t username_datum = { .data = (unsigned char *)username, + .size = username_len }; - cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -179,7 +172,7 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, if (cred->pwd_callback != NULL) { ret = cred->pwd_callback(session, &username_datum, psk); - if (ret == 1) { /* the user does not exist */ + if (ret == 1) { /* the user does not exist */ ret = _randomize_psk(psk); if (ret < 0) { gnutls_assert(); @@ -232,7 +225,7 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, } ret = 0; - cleanup: +cleanup: if (fp != NULL) fclose(fp); @@ -240,7 +233,6 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, free(line); return ret; - } /* returns the username and they key for the PSK session. @@ -248,7 +240,7 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, */ int _gnutls_find_psk_key(gnutls_session_t session, gnutls_psk_client_credentials_t cred, - gnutls_datum_t * username, gnutls_datum_t * key, + gnutls_datum_t *username, gnutls_datum_t *key, int *free) { int ret; diff --git a/lib/auth/psk_passwd.h b/lib/auth/psk_passwd.h index a1a1d8d83b..18ac72b34b 100644 --- a/lib/auth/psk_passwd.h +++ b/lib/auth/psk_passwd.h @@ -21,16 +21,15 @@ */ #ifndef GNUTLS_LIB_AUTH_PSK_PASSWD_H -# define GNUTLS_LIB_AUTH_PSK_PASSWD_H +#define GNUTLS_LIB_AUTH_PSK_PASSWD_H /* this is locally allocated. It should be freed using the provided function */ -int _gnutls_psk_pwd_find_entry(gnutls_session_t, - const char *username, uint16_t username_len, - gnutls_datum_t * key); +int _gnutls_psk_pwd_find_entry(gnutls_session_t, const char *username, + uint16_t username_len, gnutls_datum_t *key); int _gnutls_find_psk_key(gnutls_session_t session, gnutls_psk_client_credentials_t cred, - gnutls_datum_t * username, gnutls_datum_t * key, + gnutls_datum_t *username, gnutls_datum_t *key, int *free); -#endif /* GNUTLS_LIB_AUTH_PSK_PASSWD_H */ +#endif /* GNUTLS_LIB_AUTH_PSK_PASSWD_H */ diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c index 492ec119fa..a11c33fd86 100644 --- a/lib/auth/rsa.c +++ b/lib/auth/rsa.c @@ -49,33 +49,34 @@ const mod_auth_st rsa_auth_struct = { "RSA", _gnutls_gen_cert_server_crt, _gnutls_gen_cert_client_crt, - NULL, /* gen server kx */ + NULL, /* gen server kx */ _gnutls_gen_rsa_client_kx, - _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */ - _gnutls_gen_cert_server_cert_req, /* server cert request */ + _gnutls_gen_cert_client_crt_vrfy, /* gen client cert vrfy */ + _gnutls_gen_cert_server_cert_req, /* server cert request */ _gnutls_proc_crt, _gnutls_proc_crt, - NULL, /* proc server kx */ - proc_rsa_client_kx, /* proc client kx */ - _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */ - _gnutls_proc_cert_cert_req /* proc server cert request */ + NULL, /* proc server kx */ + proc_rsa_client_kx, /* proc client kx */ + _gnutls_proc_cert_client_crt_vrfy, /* proc client cert vrfy */ + _gnutls_proc_cert_cert_req /* proc server cert request */ }; -static -int check_key_usage_for_enc(gnutls_session_t session, unsigned key_usage) +static int check_key_usage_for_enc(gnutls_session_t session, unsigned key_usage) { if (key_usage != 0) { - if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT) - && !(key_usage & GNUTLS_KEY_KEY_AGREEMENT)) { + if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT) && + !(key_usage & GNUTLS_KEY_KEY_AGREEMENT)) { gnutls_assert(); if (session->internals.allow_key_usage_violation == 0) { - _gnutls_audit_log(session, - "Peer's certificate does not allow encryption. Key usage violation detected.\n"); + _gnutls_audit_log( + session, + "Peer's certificate does not allow encryption. Key usage violation detected.\n"); return GNUTLS_E_KEY_USAGE_VIOLATION; } else { - _gnutls_audit_log(session, - "Peer's certificate does not allow encryption. Key usage violation detected (ignored).\n"); + _gnutls_audit_log( + session, + "Peer's certificate does not allow encryption. Key usage violation detected (ignored).\n"); } } } @@ -96,9 +97,8 @@ int check_key_usage_for_enc(gnutls_session_t session, unsigned key_usage) * checks need to be build in order to retrieve the correct * certificate type. */ -int -_gnutls_get_public_rsa_params(gnutls_session_t session, - gnutls_pk_params_st * params) +int _gnutls_get_public_rsa_params(gnutls_session_t session, + gnutls_pk_params_st *params) { int ret; cert_auth_info_t info; @@ -145,14 +145,14 @@ _gnutls_get_public_rsa_params(gnutls_session_t session, gnutls_pcert_deinit(&peer_cert); return 0; - cleanup2: +cleanup2: gnutls_pcert_deinit(&peer_cert); return ret; } -static int -proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) +static int proc_rsa_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { gnutls_datum_t ciphertext; int ret, dsize; @@ -201,8 +201,8 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) return ret; } - gnutls_privkey_decrypt_data2(session->internals.selected_key, - 0, &ciphertext, session->key.key.data, + gnutls_privkey_decrypt_data2(session->internals.selected_key, 0, + &ciphertext, session->key.key.data, session->key.key.size); /* After this point, any conditional on failure that cause differences * in execution may create a timing or cache access pattern side @@ -230,10 +230,10 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data, size_t _data_size) /* return RSA(random) using the peers public key */ -int _gnutls_gen_rsa_client_kx(gnutls_session_t session, gnutls_buffer_st * data) +int _gnutls_gen_rsa_client_kx(gnutls_session_t session, gnutls_buffer_st *data) { cert_auth_info_t auth = session->key.auth_info; - gnutls_datum_t sdata; /* data to send */ + gnutls_datum_t sdata; /* data to send */ gnutls_pk_params_st params; int ret; @@ -262,14 +262,14 @@ int _gnutls_gen_rsa_client_kx(gnutls_session_t session, gnutls_buffer_st * data) if (session->internals.rsa_pms_version[0] == 0) { session->key.key.data[0] = - _gnutls_get_adv_version_major(session); + _gnutls_get_adv_version_major(session); session->key.key.data[1] = - _gnutls_get_adv_version_minor(session); - } else { /* use the version provided */ + _gnutls_get_adv_version_minor(session); + } else { /* use the version provided */ session->key.key.data[0] = - session->internals.rsa_pms_version[0]; + session->internals.rsa_pms_version[0]; session->key.key.data[1] = - session->internals.rsa_pms_version[1]; + session->internals.rsa_pms_version[1]; } /* move RSA parameters to key (session). @@ -279,9 +279,8 @@ int _gnutls_gen_rsa_client_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } - ret = - _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key, - ¶ms); + ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &session->key.key, + ¶ms); gnutls_pk_params_release(¶ms); @@ -297,10 +296,9 @@ int _gnutls_gen_rsa_client_kx(gnutls_session_t session, gnutls_buffer_st * data) return ret; } else #endif - { /* TLS 1.x */ - ret = - _gnutls_buffer_append_data_prefix(data, 16, sdata.data, - sdata.size); + { /* TLS 1.x */ + ret = _gnutls_buffer_append_data_prefix(data, 16, sdata.data, + sdata.size); _gnutls_free_datum(&sdata); return ret; diff --git a/lib/auth/rsa_common.h b/lib/auth/rsa_common.h index e56b095d7e..8a68bc0bfa 100644 --- a/lib/auth/rsa_common.h +++ b/lib/auth/rsa_common.h @@ -28,12 +28,11 @@ */ #ifndef GNUTLS_LIB_AUTH_RSA_COMMON_H -# define GNUTLS_LIB_AUTH_RSA_COMMON_H +#define GNUTLS_LIB_AUTH_RSA_COMMON_H -# include <abstract_int.h> +#include <abstract_int.h> -int -_gnutls_get_public_rsa_params(gnutls_session_t session, - gnutls_pk_params_st * params); +int _gnutls_get_public_rsa_params(gnutls_session_t session, + gnutls_pk_params_st *params); -#endif /* GNUTLS_LIB_AUTH_RSA_COMMON_H */ +#endif /* GNUTLS_LIB_AUTH_RSA_COMMON_H */ diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c index c1e9ac4dab..e9e99761cf 100644 --- a/lib/auth/rsa_psk.c +++ b/lib/auth/rsa_psk.c @@ -29,52 +29,51 @@ #ifdef ENABLE_PSK -# include "auth.h" -# include "dh.h" -# include "errors.h" -# include "mpi.h" -# include "num.h" -# include "gnutls_int.h" -# include "pk.h" -# include "random.h" -# include <abstract_int.h> -# include <algorithms.h> -# include <auth/dh_common.h> -# include <auth/psk.h> -# include <auth/psk_passwd.h> -# include <auth/rsa_common.h> -# include <cert.h> -# include <datum.h> -# include <state.h> +#include "auth.h" +#include "dh.h" +#include "errors.h" +#include "mpi.h" +#include "num.h" +#include "gnutls_int.h" +#include "pk.h" +#include "random.h" +#include <abstract_int.h> +#include <algorithms.h> +#include <auth/dh_common.h> +#include <auth/psk.h> +#include <auth/psk_passwd.h> +#include <auth/rsa_common.h> +#include <cert.h> +#include <datum.h> +#include <state.h> static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, - gnutls_buffer_st * data); + gnutls_buffer_st *data); static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t, uint8_t *, size_t); -static int -_gnutls_proc_rsa_psk_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size); +static int _gnutls_proc_rsa_psk_server_kx(gnutls_session_t session, + uint8_t *data, size_t _data_size); const mod_auth_st rsa_psk_auth_struct = { "RSA PSK", _gnutls_gen_cert_server_crt, - NULL, /* generate_client_certificate */ + NULL, /* generate_client_certificate */ _gnutls_gen_psk_server_kx, _gnutls_gen_rsa_psk_client_kx, - NULL, /* generate_client_cert_vrfy */ - NULL, /* generate_server_certificate_request */ + NULL, /* generate_client_cert_vrfy */ + NULL, /* generate_server_certificate_request */ _gnutls_proc_crt, - NULL, /* process_client_certificate */ + NULL, /* process_client_certificate */ _gnutls_proc_rsa_psk_server_kx, _gnutls_proc_rsa_psk_client_kx, - NULL, /* process_client_cert_vrfy */ - NULL /* process_server_certificate_reuqest */ + NULL, /* process_client_cert_vrfy */ + NULL /* process_server_certificate_reuqest */ }; /* Set the PSK premaster secret. */ -static int -set_rsa_psk_session_key(gnutls_session_t session, - gnutls_datum_t * ppsk, gnutls_datum_t * rsa_secret) +static int set_rsa_psk_session_key(gnutls_session_t session, + gnutls_datum_t *ppsk, + gnutls_datum_t *rsa_secret) { unsigned char *p; size_t rsa_secret_size; @@ -107,7 +106,7 @@ set_rsa_psk_session_key(gnutls_session_t session, ret = 0; - error: +error: return ret; } @@ -121,11 +120,11 @@ set_rsa_psk_session_key(gnutls_session_t session, * } exchange_keys; * } ClientKeyExchange; */ -static int -_gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) +static int _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, + gnutls_buffer_st *data) { cert_auth_info_t auth = session->key.auth_info; - gnutls_datum_t sdata; /* data to send */ + gnutls_datum_t sdata; /* data to send */ gnutls_pk_params_st params; gnutls_psk_client_credentials_t cred; gnutls_datum_t username, key; @@ -160,14 +159,14 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) /* Set version */ if (session->internals.rsa_pms_version[0] == 0) { premaster_secret.data[0] = - _gnutls_get_adv_version_major(session); + _gnutls_get_adv_version_major(session); premaster_secret.data[1] = - _gnutls_get_adv_version_minor(session); - } else { /* use the version provided */ + _gnutls_get_adv_version_minor(session); + } else { /* use the version provided */ premaster_secret.data[0] = - session->internals.rsa_pms_version[0]; + session->internals.rsa_pms_version[0]; premaster_secret.data[1] = - session->internals.rsa_pms_version[1]; + session->internals.rsa_pms_version[1]; } /* move RSA parameters to key (session). @@ -178,17 +177,16 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) } /* Encrypt premaster secret */ - if ((ret = - _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &premaster_secret, - ¶ms)) < 0) { + if ((ret = _gnutls_pk_encrypt(GNUTLS_PK_RSA, &sdata, &premaster_secret, + ¶ms)) < 0) { gnutls_assert(); return ret; } gnutls_pk_params_release(¶ms); - cred = (gnutls_psk_client_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_client_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); @@ -218,16 +216,15 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) /* Write psk_identity and EncryptedPreMasterSecret into data stream */ - ret = - _gnutls_buffer_append_data_prefix(data, 16, - username.data, username.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, username.data, + username.size); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_buffer_append_data_prefix(data, 16, sdata.data, sdata.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, sdata.data, + sdata.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -235,7 +232,7 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) ret = data->length - init_pos; - cleanup: +cleanup: _gnutls_free_datum(&sdata); _gnutls_free_temp_key_datum(&premaster_secret); if (free) { @@ -249,9 +246,8 @@ _gnutls_gen_rsa_psk_client_kx(gnutls_session_t session, gnutls_buffer_st * data) /* Process the client key exchange message */ -static int -_gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, + uint8_t *data, size_t _data_size) { gnutls_datum_t username; psk_auth_info_t info; @@ -264,8 +260,8 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, gnutls_psk_server_credentials_t cred; gnutls_datum_t premaster_secret = { NULL, 0 }; - cred = (gnutls_psk_server_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_PSK); + cred = (gnutls_psk_server_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_PSK); if (cred == NULL) { gnutls_assert(); @@ -279,7 +275,7 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, return ret; } - /*** 1. Extract user psk_identity ***/ + /*** 1. Extract user psk_identity ***/ DECR_LEN(data_size, 2); username.size = _gnutls_read_uint16(&data[0]); @@ -308,7 +304,7 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, /* Adjust data so it points to EncryptedPreMasterSecret */ data += username.size + 2; - /*** 2. Decrypt and extract EncryptedPreMasterSecret ***/ + /*** 2. Decrypt and extract EncryptedPreMasterSecret ***/ DECR_LEN(data_size, 2); ciphertext.data = &data[2]; @@ -320,17 +316,16 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, } ciphertext.size = dsize; - ret = - gnutls_privkey_decrypt_data(session->internals.selected_key, 0, - &ciphertext, &plaintext); + ret = gnutls_privkey_decrypt_data(session->internals.selected_key, 0, + &ciphertext, &plaintext); if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) { /* In case decryption fails then don't inform * the peer. Just use a random key. (in order to avoid * attack against pkcs-1 formatting). */ gnutls_assert(); - _gnutls_debug_log - ("auth_rsa_psk: Possible PKCS #1 format attack\n"); + _gnutls_debug_log( + "auth_rsa_psk: Possible PKCS #1 format attack\n"); if (ret >= 0) { gnutls_free(plaintext.data); } @@ -339,10 +334,11 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, /* If the secret was properly formatted, then * check the version number. */ - if (_gnutls_get_adv_version_major(session) != plaintext.data[0] - || (session->internals.allow_wrong_pms == 0 - && _gnutls_get_adv_version_minor(session) != - plaintext.data[1])) { + if (_gnutls_get_adv_version_major(session) != + plaintext.data[0] || + (session->internals.allow_wrong_pms == 0 && + _gnutls_get_adv_version_minor(session) != + plaintext.data[1])) { /* No error is returned here, if the version number check * fails. We proceed normally. * That is to defend against the attack described in the paper @@ -350,8 +346,8 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, * Ondej Pokorny and Tomas Rosa. */ gnutls_assert(); - _gnutls_debug_log - ("auth_rsa: Possible PKCS #1 version check format attack\n"); + _gnutls_debug_log( + "auth_rsa: Possible PKCS #1 version check format attack\n"); } } @@ -385,9 +381,8 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, /* find the key of this username */ - ret = - _gnutls_psk_pwd_find_entry(session, info->username, - strlen(info->username), &pwd_psk); + ret = _gnutls_psk_pwd_find_entry(session, info->username, + strlen(info->username), &pwd_psk); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -400,16 +395,15 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data, } ret = 0; - cleanup: +cleanup: _gnutls_free_key_datum(&pwd_psk); _gnutls_free_temp_key_datum(&premaster_secret); return ret; } -static int -_gnutls_proc_rsa_psk_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int _gnutls_proc_rsa_psk_server_kx(gnutls_session_t session, + uint8_t *data, size_t _data_size) { /* In RSA-PSK the key is calculated elsewhere. * Moreover, since we only keep a single auth info structure, we cannot @@ -421,4 +415,4 @@ _gnutls_proc_rsa_psk_server_kx(gnutls_session_t session, uint8_t * data, return 0; } -#endif /* ENABLE_PSK */ +#endif /* ENABLE_PSK */ diff --git a/lib/auth/srp_kx.c b/lib/auth/srp_kx.c index ed27b47caf..8658c81eb5 100644 --- a/lib/auth/srp_kx.c +++ b/lib/auth/srp_kx.c @@ -24,41 +24,39 @@ #ifdef ENABLE_SRP -# include "errors.h" -# include <auth/srp_passwd.h> -# include "auth.h" -# include "srp.h" -# include "num.h" -# include <auth/srp_kx.h> -# include <str.h> -# include <datum.h> -# include <ext/srp.h> - -const mod_auth_st srp_auth_struct = { - "SRP", - NULL, - NULL, - _gnutls_gen_srp_server_kx, - _gnutls_gen_srp_client_kx, - NULL, - NULL, - - NULL, - NULL, /* certificate */ - _gnutls_proc_srp_server_kx, - _gnutls_proc_srp_client_kx, - NULL, - NULL -}; - -# define _b session->key.proto.tls12.srp.b -# define B session->key.proto.tls12.srp.B -# define _a session->key.proto.tls12.srp.a -# define A session->key.proto.tls12.srp.A -# define N session->key.proto.tls12.srp.srp_p -# define G session->key.proto.tls12.srp.srp_g -# define V session->key.proto.tls12.srp.x -# define S session->key.proto.tls12.srp.srp_key +#include "errors.h" +#include <auth/srp_passwd.h> +#include "auth.h" +#include "srp.h" +#include "num.h" +#include <auth/srp_kx.h> +#include <str.h> +#include <datum.h> +#include <ext/srp.h> + +const mod_auth_st srp_auth_struct = { "SRP", + NULL, + NULL, + _gnutls_gen_srp_server_kx, + _gnutls_gen_srp_client_kx, + NULL, + NULL, + + NULL, + NULL, /* certificate */ + _gnutls_proc_srp_server_kx, + _gnutls_proc_srp_client_kx, + NULL, + NULL }; + +#define _b session->key.proto.tls12.srp.b +#define B session->key.proto.tls12.srp.B +#define _a session->key.proto.tls12.srp.a +#define A session->key.proto.tls12.srp.A +#define N session->key.proto.tls12.srp.srp_p +#define G session->key.proto.tls12.srp.srp_g +#define V session->key.proto.tls12.srp.x +#define S session->key.proto.tls12.srp.srp_key /* Checks if a%n==0,+1,-1%n which is a fatal srp error. * Returns a proper error code in that case, and 0 when @@ -112,7 +110,7 @@ inline static int check_param_mod_n(bigint_t a, bigint_t n, int is_a) /* Send the first key exchange message ( g, n, s) and append the verifier algorithm number * Data is allocated by the caller, and should have data_size size. */ -int _gnutls_gen_srp_server_kx(gnutls_session_t session, gnutls_buffer_st * data) +int _gnutls_gen_srp_server_kx(gnutls_session_t session, gnutls_buffer_st *data) { int ret; SRP_PWD_ENTRY *pwd_entry; @@ -123,15 +121,15 @@ int _gnutls_gen_srp_server_kx(gnutls_session_t session, gnutls_buffer_st * data) unsigned init_pos; ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_SRP, &epriv); - if (ret < 0) { /* peer didn't send a username */ + if (ret < 0) { /* peer didn't send a username */ gnutls_assert(); return GNUTLS_E_UNKNOWN_SRP_USERNAME; } priv = epriv; - if ((ret = - _gnutls_auth_info_init(session, GNUTLS_CRD_SRP, - sizeof(srp_server_auth_info_st), 1)) < 0) { + if ((ret = _gnutls_auth_info_init(session, GNUTLS_CRD_SRP, + sizeof(srp_server_auth_info_st), 1)) < + 0) { gnutls_assert(); return ret; } @@ -190,9 +188,8 @@ int _gnutls_gen_srp_server_kx(gnutls_session_t session, gnutls_buffer_st * data) /* copy N (mod n) */ - ret = - _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->n.data, - pwd_entry->n.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->n.data, + pwd_entry->n.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -200,9 +197,8 @@ int _gnutls_gen_srp_server_kx(gnutls_session_t session, gnutls_buffer_st * data) /* copy G (generator) to data */ - ret = - _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->g.data, - pwd_entry->g.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, pwd_entry->g.data, + pwd_entry->g.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -210,10 +206,8 @@ int _gnutls_gen_srp_server_kx(gnutls_session_t session, gnutls_buffer_st * data) /* copy the salt */ - ret = - _gnutls_buffer_append_data_prefix(data, 8, - pwd_entry->salt.data, - pwd_entry->salt.size); + ret = _gnutls_buffer_append_data_prefix(data, 8, pwd_entry->salt.data, + pwd_entry->salt.size); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -232,13 +226,13 @@ int _gnutls_gen_srp_server_kx(gnutls_session_t session, gnutls_buffer_st * data) ret = data->length - init_pos; - cleanup: +cleanup: _gnutls_srp_entry_free(pwd_entry); return ret; } /* return A = g^a % N */ -int _gnutls_gen_srp_client_kx(gnutls_session_t session, gnutls_buffer_st * data) +int _gnutls_gen_srp_client_kx(gnutls_session_t session, gnutls_buffer_st *data) { int ret; char *username, *password; @@ -247,14 +241,14 @@ int _gnutls_gen_srp_client_kx(gnutls_session_t session, gnutls_buffer_st * data) srp_ext_st *priv; ret = _gnutls_hello_ext_get_priv(session, GNUTLS_EXTENSION_SRP, &epriv); - if (ret < 0) { /* peer didn't send a username */ + if (ret < 0) { /* peer didn't send a username */ gnutls_assert(); return GNUTLS_E_UNKNOWN_SRP_USERNAME; } priv = epriv; - cred = (gnutls_srp_client_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_SRP); + cred = (gnutls_srp_client_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_SRP); if (cred == NULL) { gnutls_assert(); @@ -265,7 +259,6 @@ int _gnutls_gen_srp_client_kx(gnutls_session_t session, gnutls_buffer_st * data) username = cred->username; password = cred->password; } else { - username = priv->username; password = priv->password; } @@ -315,9 +308,8 @@ int _gnutls_gen_srp_client_kx(gnutls_session_t session, gnutls_buffer_st * data) zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u); zrelease_temp_mpi_key(&B); - ret = - _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key, - &session->key.key); + ret = _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key, + &session->key.key); zrelease_temp_mpi_key(&S); if (ret < 0) { @@ -337,9 +329,8 @@ int _gnutls_gen_srp_client_kx(gnutls_session_t session, gnutls_buffer_st * data) } /* just read A and put it to session */ -int -_gnutls_proc_srp_client_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +int _gnutls_proc_srp_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { ssize_t _n_A; ssize_t data_size = _data_size; @@ -391,9 +382,8 @@ _gnutls_proc_srp_client_kx(gnutls_session_t session, uint8_t * data, zrelease_temp_mpi_key(&session->key.proto.tls12.srp.u); zrelease_temp_mpi_key(&B); - ret = - _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key, - &session->key.key); + ret = _gnutls_mpi_dprint(session->key.proto.tls12.srp.srp_key, + &session->key.key); zrelease_temp_mpi_key(&S); if (ret < 0) { @@ -404,28 +394,23 @@ _gnutls_proc_srp_client_kx(gnutls_session_t session, uint8_t * data, return 0; } -#endif /* ENABLE_SRP */ +#endif /* ENABLE_SRP */ /* Static parameters according to draft-ietf-tls-srp-07 * Note that if more parameters are added check_g_n() * and _gnutls_srp_entry_free() should be changed. */ static const unsigned char srp_params_1024[] = { - 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, - 0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8, - 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B, - 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76, - 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3, - 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0, - 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4, - 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1, - 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, - 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49, - 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85, - 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC, - 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0, - 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A, - 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, + 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, 0x9C, 0x33, 0xF8, 0x0A, + 0xFA, 0x8F, 0xC5, 0xE8, 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B, + 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76, 0xD6, 0x74, 0xDF, 0x74, + 0x96, 0xEA, 0x81, 0xD3, 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0, + 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4, 0x8E, 0x49, 0x5C, 0x1D, + 0x60, 0x89, 0xDA, 0xD1, 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, + 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49, 0x82, 0x55, 0x9B, 0x29, + 0x7B, 0xCF, 0x18, 0x85, 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC, + 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0, 0x2F, 0xD4, 0xCB, 0xF4, + 0x97, 0x6E, 0xAA, 0x9A, 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, 0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3 }; @@ -433,226 +418,156 @@ static const unsigned char srp_generator = 0x02; static const unsigned char srp3072_generator = 0x05; static const unsigned char srp8192_generator = 19; -const gnutls_datum_t gnutls_srp_1024_group_prime = { - (void *)srp_params_1024, sizeof(srp_params_1024) -}; +const gnutls_datum_t gnutls_srp_1024_group_prime = { (void *)srp_params_1024, + sizeof(srp_params_1024) }; const gnutls_datum_t gnutls_srp_1024_group_generator = { (void *)&srp_generator, sizeof(srp_generator) }; static const unsigned char srp_params_1536[] = { - 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1, - 0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5, - 0x1D, 0xF4, 0x99, 0xAC, 0x4C, 0x80, 0xBE, 0xEE, 0xA9, - 0x61, 0x4B, 0x19, 0xCC, 0x4D, 0x5F, 0x4F, 0x5F, 0x55, - 0x6E, 0x27, 0xCB, 0xDE, 0x51, 0xC6, 0xA9, 0x4B, 0xE4, - 0x60, 0x7A, 0x29, 0x15, 0x58, 0x90, 0x3B, 0xA0, 0xD0, - 0xF8, 0x43, 0x80, 0xB6, 0x55, 0xBB, 0x9A, 0x22, 0xE8, - 0xDC, 0xDF, 0x02, 0x8A, 0x7C, 0xEC, 0x67, 0xF0, 0xD0, - 0x81, 0x34, 0xB1, 0xC8, 0xB9, 0x79, 0x89, 0x14, 0x9B, - 0x60, 0x9E, 0x0B, 0xE3, 0xBA, 0xB6, 0x3D, 0x47, 0x54, - 0x83, 0x81, 0xDB, 0xC5, 0xB1, 0xFC, 0x76, 0x4E, 0x3F, - 0x4B, 0x53, 0xDD, 0x9D, 0xA1, 0x15, 0x8B, 0xFD, 0x3E, - 0x2B, 0x9C, 0x8C, 0xF5, 0x6E, 0xDF, 0x01, 0x95, 0x39, - 0x34, 0x96, 0x27, 0xDB, 0x2F, 0xD5, 0x3D, 0x24, 0xB7, - 0xC4, 0x86, 0x65, 0x77, 0x2E, 0x43, 0x7D, 0x6C, 0x7F, - 0x8C, 0xE4, 0x42, 0x73, 0x4A, 0xF7, 0xCC, 0xB7, 0xAE, - 0x83, 0x7C, 0x26, 0x4A, 0xE3, 0xA9, 0xBE, 0xB8, 0x7F, - 0x8A, 0x2F, 0xE9, 0xB8, 0xB5, 0x29, 0x2E, 0x5A, 0x02, - 0x1F, 0xFF, 0x5E, 0x91, 0x47, 0x9E, 0x8C, 0xE7, 0xA2, - 0x8C, 0x24, 0x42, 0xC6, 0xF3, 0x15, 0x18, 0x0F, 0x93, - 0x49, 0x9A, 0x23, 0x4D, 0xCF, 0x76, 0xE3, 0xFE, 0xD1, - 0x35, 0xF9, 0xBB + 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1, 0xF1, 0x2A, 0x86, + 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5, 0x1D, 0xF4, 0x99, 0xAC, 0x4C, 0x80, + 0xBE, 0xEE, 0xA9, 0x61, 0x4B, 0x19, 0xCC, 0x4D, 0x5F, 0x4F, 0x5F, 0x55, + 0x6E, 0x27, 0xCB, 0xDE, 0x51, 0xC6, 0xA9, 0x4B, 0xE4, 0x60, 0x7A, 0x29, + 0x15, 0x58, 0x90, 0x3B, 0xA0, 0xD0, 0xF8, 0x43, 0x80, 0xB6, 0x55, 0xBB, + 0x9A, 0x22, 0xE8, 0xDC, 0xDF, 0x02, 0x8A, 0x7C, 0xEC, 0x67, 0xF0, 0xD0, + 0x81, 0x34, 0xB1, 0xC8, 0xB9, 0x79, 0x89, 0x14, 0x9B, 0x60, 0x9E, 0x0B, + 0xE3, 0xBA, 0xB6, 0x3D, 0x47, 0x54, 0x83, 0x81, 0xDB, 0xC5, 0xB1, 0xFC, + 0x76, 0x4E, 0x3F, 0x4B, 0x53, 0xDD, 0x9D, 0xA1, 0x15, 0x8B, 0xFD, 0x3E, + 0x2B, 0x9C, 0x8C, 0xF5, 0x6E, 0xDF, 0x01, 0x95, 0x39, 0x34, 0x96, 0x27, + 0xDB, 0x2F, 0xD5, 0x3D, 0x24, 0xB7, 0xC4, 0x86, 0x65, 0x77, 0x2E, 0x43, + 0x7D, 0x6C, 0x7F, 0x8C, 0xE4, 0x42, 0x73, 0x4A, 0xF7, 0xCC, 0xB7, 0xAE, + 0x83, 0x7C, 0x26, 0x4A, 0xE3, 0xA9, 0xBE, 0xB8, 0x7F, 0x8A, 0x2F, 0xE9, + 0xB8, 0xB5, 0x29, 0x2E, 0x5A, 0x02, 0x1F, 0xFF, 0x5E, 0x91, 0x47, 0x9E, + 0x8C, 0xE7, 0xA2, 0x8C, 0x24, 0x42, 0xC6, 0xF3, 0x15, 0x18, 0x0F, 0x93, + 0x49, 0x9A, 0x23, 0x4D, 0xCF, 0x76, 0xE3, 0xFE, 0xD1, 0x35, 0xF9, 0xBB }; -const gnutls_datum_t gnutls_srp_1536_group_prime = { - (void *)srp_params_1536, sizeof(srp_params_1536) -}; +const gnutls_datum_t gnutls_srp_1536_group_prime = { (void *)srp_params_1536, + sizeof(srp_params_1536) }; const gnutls_datum_t gnutls_srp_1536_group_generator = { (void *)&srp_generator, sizeof(srp_generator) }; static const unsigned char srp_params_2048[] = { - 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1, - 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72, - 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, 0xFC, 0x31, 0x92, - 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB, - 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77, - 0x67, 0xA1, 0x3D, 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, - 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD, - 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0, - 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66, - 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18, - 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, 0x55, 0xF9, 0x79, - 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A, - 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5, - 0xC3, 0x3E, 0xA7, 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, - 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80, - 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81, - 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B, - 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45, - 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, 0x5E, 0xA7, 0x7A, - 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB, - 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04, - 0xE5, 0x7A, 0xE6, 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, - 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08, - 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82, - 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94, - 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE, - 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, 0x9B, 0x65, 0xE3, - 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F, + 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1, 0x66, 0xDE, 0x5E, + 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72, 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, + 0xFC, 0x31, 0x92, 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB, + 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77, 0x67, 0xA1, 0x3D, + 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, + 0xDA, 0x04, 0xFD, 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0, + 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66, 0x1A, 0x05, 0xFB, + 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18, 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, + 0x55, 0xF9, 0x79, 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A, + 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5, 0xC3, 0x3E, 0xA7, + 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, + 0x23, 0xFB, 0x80, 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81, + 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B, 0x9D, 0x32, 0xE6, + 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45, 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, + 0x5E, 0xA7, 0x7A, 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB, + 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04, 0xE5, 0x7A, 0xE6, + 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, + 0x7B, 0xC3, 0x08, 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82, + 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94, 0xB5, 0xC8, 0x03, + 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE, 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, + 0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73 }; -const gnutls_datum_t gnutls_srp_2048_group_prime = { - (void *)srp_params_2048, sizeof(srp_params_2048) -}; +const gnutls_datum_t gnutls_srp_2048_group_prime = { (void *)srp_params_2048, + sizeof(srp_params_2048) }; const gnutls_datum_t gnutls_srp_2048_group_generator = { (void *)&srp_generator, sizeof(srp_generator) }; static const unsigned char srp_params_3072[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, - 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, - 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, - 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, - 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, - 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, - 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, - 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, - 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, - 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, - 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, - 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, - 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, - 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, - 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, - 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, - 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, - 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, - 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, - 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, - 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, - 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, - 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, - 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, 0x8E, - 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, - 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, - 0x1C, 0xBA, 0x64, 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, - 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, - 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, - 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, - 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, - 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, - 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, - 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, - 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, - 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, - 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; const gnutls_datum_t gnutls_srp_3072_group_generator = { (void *)&srp3072_generator, sizeof(srp3072_generator) }; -const gnutls_datum_t gnutls_srp_3072_group_prime = { - (void *)srp_params_3072, sizeof(srp_params_3072) -}; +const gnutls_datum_t gnutls_srp_3072_group_prime = { (void *)srp_params_3072, + sizeof(srp_params_3072) }; static const unsigned char srp_params_4096[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, - 0xA2, - 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, - 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, - 0xA6, - 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, - 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, - 0x6D, - 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, - 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, - 0xE9, - 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, - 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, - 0x11, - 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, - 0x3D, - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, - 0x36, - 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, - 0x5F, - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, - 0x56, - 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, - 0x6D, - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, - 0x08, - 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, - 0x3B, - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, - 0xA2, - 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, - 0xC9, - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, - 0x7C, - 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, - 0x10, - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, - 0x0D, - 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, - 0x64, - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, - 0x57, - 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, - 0xC7, - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, - 0xE0, - 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, - 0x6B, - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, - 0x73, - 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, - 0x0C, - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, - 0xC0, - 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, - 0x31, - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, - 0x20, - 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, - 0xD7, - 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, - 0x18, - 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, - 0xDA, - 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, - 0xDB, - 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, - 0xA6, - 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, - 0x4F, - 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, - 0xED, - 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, - 0x76, - 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, - 0xA9, - 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, - 0xDC, - 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, - 0x99, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, + 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, + 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, + 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, + 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, + 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, + 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, + 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, + 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, + 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, + 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; @@ -660,144 +575,100 @@ const gnutls_datum_t gnutls_srp_4096_group_generator = { (void *)&srp3072_generator, sizeof(srp3072_generator) }; -const gnutls_datum_t gnutls_srp_4096_group_prime = { - (void *)srp_params_4096, sizeof(srp_params_4096) -}; +const gnutls_datum_t gnutls_srp_4096_group_prime = { (void *)srp_params_4096, + sizeof(srp_params_4096) }; static const unsigned char srp_params_8192[] = { - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, - 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, - 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, - 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, - 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, - 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, - 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, - 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, - 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, - 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, - 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, - 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, - 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, - 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, - 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, - 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, - 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, - 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, - 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, - 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, - 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, - 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, - 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, - 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, - 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, - 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, - 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, - 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, - 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, - 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, - 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, - 0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, - 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, - 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, - 0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, - 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, - 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, - 0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, - 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, - 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, - 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, - 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, - 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, - 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, - 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, - 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, - 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01, - 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, - 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, - 0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C, - 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, - 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, - 0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, - 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, - 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, - 0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, - 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, - 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, - 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, - 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, - 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, - 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F, - 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, - 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, - 0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE, - 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, - 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, - 0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE, - 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, - 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, - 0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED, - 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, - 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, - 0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42, - 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, - 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, - 0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03, - 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, - 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, - 0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E, - 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, - 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, - 0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5, - 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, - 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, - 0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0, - 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, - 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, - 0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0, - 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, - 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, - 0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68, - 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, - 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, - 0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59, - 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, - 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, - 0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA, - 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, - 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, - 0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66, - 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, - 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, - 0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D, - 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, - 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, - 0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7, - 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, - 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, - 0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8, - 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, - 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, - 0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D, - 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, - 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, - 0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D, - 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, - 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, - 0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68, - 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, - 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, - 0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B, - 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, - 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, - 0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF, - 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, - 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, - 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, + 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, + 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, + 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, + 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, + 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, + 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, + 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, + 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, + 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, + 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, + 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, + 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, + 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, + 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, + 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, + 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, + 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, + 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, + 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, + 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, + 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, + 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, + 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, + 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, + 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, + 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, + 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, + 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, + 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, + 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, + 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, + 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, + 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0, + 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, + 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93, + 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, + 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB, + 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, + 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8, + 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, + 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F, + 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, + 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8, + 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, + 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, + 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, + 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3, + 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, + 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, + 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, + 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2, + 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, + 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF }; -const gnutls_datum_t gnutls_srp_8192_group_prime = { - (void *)srp_params_8192, sizeof(srp_params_8192) -}; +const gnutls_datum_t gnutls_srp_8192_group_prime = { (void *)srp_params_8192, + sizeof(srp_params_8192) }; const gnutls_datum_t gnutls_srp_8192_group_generator = { (void *)&srp8192_generator, sizeof(srp8192_generator) @@ -807,27 +678,25 @@ const gnutls_datum_t gnutls_srp_8192_group_generator = { /* Check if G and N are parameters from the SRP draft. */ -static int -check_g_n(const uint8_t * g, size_t n_g, const uint8_t * n, size_t n_n) +static int check_g_n(const uint8_t *g, size_t n_g, const uint8_t *n, size_t n_n) { - if (n_n == sizeof(srp_params_8192)) { - if (memcmp(srp_params_8192, n, n_n) == 0 && - n_g == 1 && g[0] == srp8192_generator) + if (memcmp(srp_params_8192, n, n_n) == 0 && n_g == 1 && + g[0] == srp8192_generator) return 0; return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); } if (n_n == sizeof(srp_params_4096)) { - if (memcmp(srp_params_4096, n, n_n) == 0 && - n_g == 1 && g[0] == srp3072_generator) + if (memcmp(srp_params_4096, n, n_n) == 0 && n_g == 1 && + g[0] == srp3072_generator) return 0; return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); } if (n_n == sizeof(srp_params_3072)) { - if (memcmp(srp_params_3072, n, n_n) == 0 && - n_g == 1 && g[0] == srp3072_generator) + if (memcmp(srp_params_3072, n, n_n) == 0 && n_g == 1 && + g[0] == srp3072_generator) return 0; return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER); } @@ -859,9 +728,8 @@ check_g_n(const uint8_t * g, size_t n_g, const uint8_t * n, size_t n_n) /* receive the key exchange message ( n, g, s, B) */ -int -_gnutls_proc_srp_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +int _gnutls_proc_srp_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { uint8_t n_s; uint16_t n_g, n_n, n_b; @@ -885,8 +753,8 @@ _gnutls_proc_srp_server_kx(gnutls_session_t session, uint8_t * data, } priv = epriv; - cred = (gnutls_srp_client_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_SRP); + cred = (gnutls_srp_client_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_SRP); if (cred == NULL) { gnutls_assert(); @@ -987,22 +855,21 @@ _gnutls_proc_srp_server_kx(gnutls_session_t session, uint8_t * data, /* generate x = SHA(s | SHA(U | ":" | p)) * (or the equivalent using bcrypt) */ - if ((ret = - _gnutls_calc_srp_x(username, password, (uint8_t *) data_s, - n_s, &_n_g, hd)) < 0) { + if ((ret = _gnutls_calc_srp_x(username, password, (uint8_t *)data_s, + n_s, &_n_g, hd)) < 0) { gnutls_assert(); return ret; } - if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.srp.x, hd, _n_g) - != 0) { + if (_gnutls_mpi_init_scan_nz(&session->key.proto.tls12.srp.x, hd, + _n_g) != 0) { gnutls_assert(); return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } - return i; /* return the processed data + return i; /* return the processed data * needed in auth_srp_rsa. */ } -#endif /* ENABLE_SRP */ +#endif /* ENABLE_SRP */ diff --git a/lib/auth/srp_kx.h b/lib/auth/srp_kx.h index 1a7de64e0a..f4fd7eca70 100644 --- a/lib/auth/srp_kx.h +++ b/lib/auth/srp_kx.h @@ -21,11 +21,11 @@ */ #ifndef GNUTLS_LIB_AUTH_SRP_KX_H -# define GNUTLS_LIB_AUTH_SRP_KX_H +#define GNUTLS_LIB_AUTH_SRP_KX_H -# include <auth.h> +#include <auth.h> -# define MAX_FAKE_SALT_SEED_SIZE 64 +#define MAX_FAKE_SALT_SEED_SIZE 64 typedef struct gnutls_srp_client_credentials_st { char *username; @@ -50,11 +50,11 @@ typedef struct srp_server_auth_info_st { char *username; } *srp_server_auth_info_t; -# ifdef ENABLE_SRP +#ifdef ENABLE_SRP -int _gnutls_proc_srp_server_hello(gnutls_session_t state, - const uint8_t * data, size_t data_size); -int _gnutls_gen_srp_server_hello(gnutls_session_t state, uint8_t * data, +int _gnutls_proc_srp_server_hello(gnutls_session_t state, const uint8_t *data, + size_t data_size); +int _gnutls_gen_srp_server_hello(gnutls_session_t state, uint8_t *data, size_t data_size); int _gnutls_gen_srp_server_kx(gnutls_session_t, gnutls_buffer_st *); @@ -67,8 +67,8 @@ typedef struct srp_server_auth_info_st srp_server_auth_info_st; /* MAC algorithm used to generate fake salts for unknown usernames */ -# define SRP_FAKE_SALT_MAC GNUTLS_MAC_SHA1 +#define SRP_FAKE_SALT_MAC GNUTLS_MAC_SHA1 -# endif /* ENABLE_SRP */ +#endif /* ENABLE_SRP */ -#endif /* GNUTLS_LIB_AUTH_SRP_KX_H */ +#endif /* GNUTLS_LIB_AUTH_SRP_KX_H */ diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index ac375b339a..a3766d477e 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -26,28 +26,28 @@ #ifdef ENABLE_SRP -# include "x509_b64.h" -# include "errors.h" -# include <auth/srp_passwd.h> -# include <auth/srp_kx.h> -# include "auth.h" -# include "srp.h" -# include "dh.h" -# include "debug.h" -# include <str.h> -# include <datum.h> -# include <num.h> -# include <random.h> -# include <algorithms.h> - -static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry, +#include "x509_b64.h" +#include "errors.h" +#include <auth/srp_passwd.h> +#include <auth/srp_kx.h> +#include "auth.h" +#include "srp.h" +#include "dh.h" +#include "debug.h" +#include <str.h> +#include <datum.h> +#include <num.h> +#include <random.h> +#include <algorithms.h> + +static int _randomize_pwd_entry(SRP_PWD_ENTRY *entry, gnutls_srp_server_credentials_t cred, const char *username); /* this function parses tpasswd.conf file. Format is: * string(username):base64(v):base64(salt):int(index) */ -static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str) +static int parse_tpasswd_values(SRP_PWD_ENTRY *entry, char *str) { char *p; int len, ret; @@ -55,7 +55,7 @@ static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str) size_t verifier_size; int indx; - p = strrchr(str, ':'); /* we have index */ + p = strrchr(str, ':'); /* we have index */ if (p == NULL) { gnutls_assert(); return GNUTLS_E_SRP_PWD_PARSING_ERROR; @@ -71,7 +71,7 @@ static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str) } /* now go for salt */ - p = strrchr(str, ':'); /* we have salt */ + p = strrchr(str, ':'); /* we have salt */ if (p == NULL) { gnutls_assert(); return GNUTLS_E_SRP_PWD_PARSING_ERROR; @@ -90,7 +90,7 @@ static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str) } /* now go for verifier */ - p = strrchr(str, ':'); /* we have verifier */ + p = strrchr(str, ':'); /* we have verifier */ if (p == NULL) { _gnutls_free_datum(&entry->salt); return GNUTLS_E_SRP_PWD_PARSING_ERROR; @@ -128,14 +128,14 @@ static int parse_tpasswd_values(SRP_PWD_ENTRY * entry, char *str) /* this function parses tpasswd.conf file. Format is: * int(index):base64(n):int(g) */ -static int parse_tpasswd_conf_values(SRP_PWD_ENTRY * entry, char *str) +static int parse_tpasswd_conf_values(SRP_PWD_ENTRY *entry, char *str) { char *p; int len; uint8_t *tmp; int ret; - p = strrchr(str, ':'); /* we have g */ + p = strrchr(str, ':'); /* we have g */ if (p == NULL) { gnutls_assert(); return GNUTLS_E_SRP_PWD_PARSING_ERROR; @@ -159,7 +159,7 @@ static int parse_tpasswd_conf_values(SRP_PWD_ENTRY * entry, char *str) entry->g.size = ret; /* now go for n - modulo */ - p = strrchr(str, ':'); /* we have n */ + p = strrchr(str, ':'); /* we have n */ if (p == NULL) { _gnutls_free_datum(&entry->g); gnutls_assert(); @@ -187,7 +187,7 @@ static int parse_tpasswd_conf_values(SRP_PWD_ENTRY * entry, char *str) /* this function opens the tpasswd.conf file and reads the g and n * values. They are put in the entry. */ -static int pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) +static int pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY *entry, int idx) { FILE *fp; char *line = NULL; @@ -208,8 +208,8 @@ static int pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) while (getline(&line, &line_size, fp) > 0) { /* move to first ':' */ i = 0; - while ((i < line_size) && (line[i] != ':') - && (line[i] != '\0')) { + while ((i < line_size) && (line[i] != ':') && + (line[i] != '\0')) { i++; } @@ -225,17 +225,15 @@ static int pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) } ret = GNUTLS_E_SRP_PWD_ERROR; - cleanup: +cleanup: zeroize_key(line, line_size); free(line); fclose(fp); return ret; - } -int -_gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, - SRP_PWD_ENTRY ** _entry) +int _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, + SRP_PWD_ENTRY **_entry) { gnutls_srp_server_credentials_t cred; FILE *fp = NULL; @@ -253,8 +251,8 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, } entry = *_entry; - cred = (gnutls_srp_server_credentials_t) - _gnutls_get_cred(state, GNUTLS_CRD_SRP); + cred = (gnutls_srp_server_credentials_t)_gnutls_get_cred( + state, GNUTLS_CRD_SRP); if (cred == NULL) { gnutls_assert(); ret = GNUTLS_E_INSUFFICIENT_CREDENTIALS; @@ -268,10 +266,10 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, ret = cred->pwd_callback(state, username, &entry->salt, &entry->v, &entry->g, &entry->n); - if (ret == 1) { /* the user does not exist */ + if (ret == 1) { /* the user does not exist */ if (entry->g.size != 0 && entry->n.size != 0) { - ret = - _randomize_pwd_entry(entry, cred, username); + ret = _randomize_pwd_entry(entry, cred, + username); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -279,7 +277,7 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, return 0; } else { gnutls_assert(); - ret = -1; /* error in the callback */ + ret = -1; /* error in the callback */ } } @@ -314,8 +312,8 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, while (getline(&line, &line_size, fp) > 0) { /* move to first ':' */ i = 0; - while ((i < line_size) && (line[i] != '\0') - && (line[i] != ':')) { + while ((i < line_size) && (line[i] != '\0') && + (line[i] != ':')) { i++; } @@ -324,9 +322,8 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, /* Keep the last index in memory, so we can retrieve fake parameters (g,n) * when the user does not exist. */ - if (pwd_read_conf - (cred->password_conf_file, entry, - idx) == 0) { + if (pwd_read_conf(cred->password_conf_file, + entry, idx) == 0) { ret = 0; goto found; } else { @@ -358,11 +355,11 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, ret = GNUTLS_E_SRP_PWD_ERROR; - cleanup: +cleanup: gnutls_assert(); _gnutls_srp_entry_free(entry); - found: +found: if (line) { zeroize_key(line, line_size); free(line); @@ -376,7 +373,7 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, * to random data and sets the salt based on fake_salt_seed and * username. Returns 0 on success. */ -static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry, +static int _randomize_pwd_entry(SRP_PWD_ENTRY *entry, gnutls_srp_server_credentials_t sc, const char *username) { @@ -439,7 +436,7 @@ static int _randomize_pwd_entry(SRP_PWD_ENTRY * entry, /* Free all the entry parameters, except if g and n are * the static ones defined in gnutls.h */ -void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry) +void _gnutls_srp_entry_free(SRP_PWD_ENTRY *entry) { _gnutls_free_key_datum(&entry->v); _gnutls_free_datum(&entry->salt); @@ -464,4 +461,4 @@ void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry) gnutls_free(entry); } -#endif /* ENABLE SRP */ +#endif /* ENABLE SRP */ diff --git a/lib/auth/srp_passwd.h b/lib/auth/srp_passwd.h index d9d97bc011..05270a273b 100644 --- a/lib/auth/srp_passwd.h +++ b/lib/auth/srp_passwd.h @@ -21,9 +21,9 @@ */ #ifndef GNUTLS_LIB_AUTH_SRP_PASSWD_H -# define GNUTLS_LIB_AUTH_SRP_PASSWD_H +#define GNUTLS_LIB_AUTH_SRP_PASSWD_H -# ifdef ENABLE_SRP +#ifdef ENABLE_SRP typedef struct { char *username; @@ -37,9 +37,9 @@ typedef struct { /* this is locally allocated. It should be freed using the provided function */ int _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, SRP_PWD_ENTRY **); -void _gnutls_srp_entry_free(SRP_PWD_ENTRY * entry); -int _gnutls_sbase64_decode(char *data, size_t data_size, uint8_t ** result); +void _gnutls_srp_entry_free(SRP_PWD_ENTRY *entry); +int _gnutls_sbase64_decode(char *data, size_t data_size, uint8_t **result); -# endif /* ENABLE_SRP */ +#endif /* ENABLE_SRP */ -#endif /* GNUTLS_LIB_AUTH_SRP_PASSWD_H */ +#endif /* GNUTLS_LIB_AUTH_SRP_PASSWD_H */ diff --git a/lib/auth/srp_rsa.c b/lib/auth/srp_rsa.c index 13b2664608..1a16f46996 100644 --- a/lib/auth/srp_rsa.c +++ b/lib/auth/srp_rsa.c @@ -24,60 +24,56 @@ #ifdef ENABLE_SRP -# include "errors.h" -# include <auth/srp_passwd.h> -# include "auth.h" -# include "auth.h" -# include "srp.h" -# include "debug.h" -# include "num.h" -# include <auth/srp_kx.h> -# include <str.h> -# include <auth/cert.h> -# include <datum.h> -# include <tls-sig.h> -# include <x509.h> -# include <algorithms.h> +#include "errors.h" +#include <auth/srp_passwd.h> +#include "auth.h" +#include "auth.h" +#include "srp.h" +#include "debug.h" +#include "num.h" +#include <auth/srp_kx.h> +#include <str.h> +#include <auth/cert.h> +#include <datum.h> +#include <tls-sig.h> +#include <x509.h> +#include <algorithms.h> static int gen_srp_cert_server_kx(gnutls_session_t, gnutls_buffer_st *); static int proc_srp_cert_server_kx(gnutls_session_t, uint8_t *, size_t); -const mod_auth_st srp_rsa_auth_struct = { - "SRP", - _gnutls_gen_cert_server_crt, - NULL, - gen_srp_cert_server_kx, - _gnutls_gen_srp_client_kx, - NULL, - NULL, - - _gnutls_proc_crt, - NULL, /* certificate */ - proc_srp_cert_server_kx, - _gnutls_proc_srp_client_kx, - NULL, - NULL -}; - -const mod_auth_st srp_dss_auth_struct = { - "SRP", - _gnutls_gen_cert_server_crt, - NULL, - gen_srp_cert_server_kx, - _gnutls_gen_srp_client_kx, - NULL, - NULL, - - _gnutls_proc_crt, - NULL, /* certificate */ - proc_srp_cert_server_kx, - _gnutls_proc_srp_client_kx, - NULL, - NULL -}; - -static int -gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data) +const mod_auth_st srp_rsa_auth_struct = { "SRP", + _gnutls_gen_cert_server_crt, + NULL, + gen_srp_cert_server_kx, + _gnutls_gen_srp_client_kx, + NULL, + NULL, + + _gnutls_proc_crt, + NULL, /* certificate */ + proc_srp_cert_server_kx, + _gnutls_proc_srp_client_kx, + NULL, + NULL }; + +const mod_auth_st srp_dss_auth_struct = { "SRP", + _gnutls_gen_cert_server_crt, + NULL, + gen_srp_cert_server_kx, + _gnutls_gen_srp_client_kx, + NULL, + NULL, + + _gnutls_proc_crt, + NULL, /* certificate */ + proc_srp_cert_server_kx, + _gnutls_proc_srp_client_kx, + NULL, + NULL }; + +static int gen_srp_cert_server_kx(gnutls_session_t session, + gnutls_buffer_st *data) { ssize_t ret; gnutls_datum_t signature, ddata; @@ -102,25 +98,24 @@ gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data) ddata.data = &data->data[init_pos]; ddata.size = data->length - init_pos; - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } /* find the appropriate certificate */ - if ((ret = - _gnutls_get_selected_cert(session, &apr_cert_list, - &apr_cert_list_length, &apr_pkey)) < 0) { + if ((ret = _gnutls_get_selected_cert(session, &apr_cert_list, + &apr_cert_list_length, + &apr_pkey)) < 0) { gnutls_assert(); return ret; } - if ((ret = - _gnutls_handshake_sign_data(session, &apr_cert_list[0], - apr_pkey, &ddata, &signature, - &sign_algo)) < 0) { + if ((ret = _gnutls_handshake_sign_data(session, &apr_cert_list[0], + apr_pkey, &ddata, &signature, + &sign_algo)) < 0) { gnutls_assert(); return ret; } @@ -151,9 +146,8 @@ gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data) } } - ret = - _gnutls_buffer_append_data_prefix(data, 16, signature.data, - signature.size); + ret = _gnutls_buffer_append_data_prefix(data, 16, signature.data, + signature.size); if (ret < 0) { gnutls_assert(); @@ -162,14 +156,13 @@ gen_srp_cert_server_kx(gnutls_session_t session, gnutls_buffer_st * data) ret = data->length - init_pos; - cleanup: +cleanup: _gnutls_free_datum(&signature); return ret; } -static int -proc_srp_cert_server_kx(gnutls_session_t session, uint8_t * data, - size_t _data_size) +static int proc_srp_cert_server_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { ssize_t ret; int sigsize; @@ -192,15 +185,15 @@ proc_srp_cert_server_kx(gnutls_session_t session, uint8_t * data, data_size = _data_size - ret; - cred = (gnutls_certificate_credentials_t) - _gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE); + cred = (gnutls_certificate_credentials_t)_gnutls_get_cred( + session, GNUTLS_CRD_CERTIFICATE); if (cred == NULL) { gnutls_assert(); return GNUTLS_E_INSUFFICIENT_CREDENTIALS; } - vflags = - cred->verify_flags | session->internals.additional_verify_flags; + vflags = cred->verify_flags | + session->internals.additional_verify_flags; info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); if (info == NULL || info->ncerts == 0) { @@ -211,7 +204,7 @@ proc_srp_cert_server_kx(gnutls_session_t session, uint8_t * data, /* VERIFY SIGNATURE */ - vparams.size = ret; /* all the data minus the signature */ + vparams.size = ret; /* all the data minus the signature */ vparams.data = data; p = &data[vparams.size]; @@ -239,19 +232,16 @@ proc_srp_cert_server_kx(gnutls_session_t session, uint8_t * data, signature.data = &p[2]; signature.size = sigsize; - ret = - _gnutls_get_auth_info_pcert(&peer_cert, - session-> - security_parameters.server_ctype, info); + ret = _gnutls_get_auth_info_pcert( + &peer_cert, session->security_parameters.server_ctype, info); if (ret < 0) { gnutls_assert(); return ret; } - ret = - _gnutls_handshake_verify_data(session, vflags, &peer_cert, &vparams, - &signature, sign_algo); + ret = _gnutls_handshake_verify_data(session, vflags, &peer_cert, + &vparams, &signature, sign_algo); gnutls_pcert_deinit(&peer_cert); if (ret < 0) { @@ -262,4 +252,4 @@ proc_srp_cert_server_kx(gnutls_session_t session, uint8_t * data, return 0; } -#endif /* ENABLE_SRP */ +#endif /* ENABLE_SRP */ diff --git a/lib/auth/srp_sb64.c b/lib/auth/srp_sb64.c index 34835b66c1..6683ac3d31 100644 --- a/lib/auth/srp_sb64.c +++ b/lib/auth/srp_sb64.c @@ -32,36 +32,24 @@ * It seems that everybody makes their own base64 conversion. */ static const uint8_t b64table[] = - "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; static const uint8_t asciitable[128] = { - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0x3e, 0x3f, - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, - 0x06, 0x07, 0x08, 0x09, 0xff, 0xff, - 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, - 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, - 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, - 0x23, 0xff, 0xff, 0xff, 0xff, 0xff, - 0xff, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, - 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, - 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, - 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff, - 0xff, 0xff + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0x3f, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, + 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, + 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, + 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, + 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff }; -inline static int encode(uint8_t * result, const uint8_t * rdata, unsigned left) +inline static int encode(uint8_t *result, const uint8_t *rdata, unsigned left) { - int data_len; int c, ret = 4; uint8_t data[3]; @@ -78,26 +66,23 @@ inline static int encode(uint8_t * result, const uint8_t * rdata, unsigned left) case 3: result[0] = b64table[((data[0] & 0xfc) >> 2)]; result[1] = - b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | - ((data[1] & 0xf0) >> 4))]; - result[2] = - b64table[((((data[1] & 0x0f) << 2) & 0xff) | - ((data[2] & 0xc0) >> 6))]; + b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) | + ((data[1] & 0xf0) >> 4))]; + result[2] = b64table[((((data[1] & 0x0f) << 2) & 0xff) | + ((data[2] & 0xc0) >> 6))]; result[3] = b64table[(data[2] & 0x3f) & 0xff]; break; case 2: if ((c = ((data[0] & 0xf0) >> 4)) != 0) { result[0] = b64table[c]; - result[1] = - b64table[((((data[0] & 0x0f) << 2) & 0xff) | - ((data[1] & 0xc0) >> 6))]; + result[1] = b64table[((((data[0] & 0x0f) << 2) & 0xff) | + ((data[1] & 0xc0) >> 6))]; result[2] = b64table[(data[1] & 0x3f) & 0xff]; result[3] = '\0'; ret -= 1; } else { - if ((c = - ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >> - 6)) != 0) { + if ((c = ((data[0] & 0x0f) << 2) | + ((data[1] & 0xc0) >> 6)) != 0) { result[0] = b64table[c]; result[1] = b64table[data[1] & 0x3f]; result[2] = '\0'; @@ -132,14 +117,13 @@ inline static int encode(uint8_t * result, const uint8_t * rdata, unsigned left) } return ret; - } /* encodes data and puts the result into result (locally allocated) * The result_size is the return value */ -static int -_gnutls_sbase64_encode(uint8_t * data, size_t data_size, char **result) +static int _gnutls_sbase64_encode(uint8_t *data, size_t data_size, + char **result) { unsigned i, j; int ret, tmp; @@ -159,7 +143,7 @@ _gnutls_sbase64_encode(uint8_t * data, size_t data_size, char **result) return GNUTLS_E_MEMORY_ERROR; i = j = 0; -/* encode the bytes that are not a multiple of 3 + /* encode the bytes that are not a multiple of 3 */ if (mod > 0) { tmp = encode(tmpres, &data[0], mod); @@ -171,9 +155,8 @@ _gnutls_sbase64_encode(uint8_t * data, size_t data_size, char **result) memcpy(&(*result)[0], tmpres, tmp); i = mod; j = tmp; - } -/* encode the rest + /* encode the rest */ for (; i < data_size; i += 3, j += 4) { tmp = encode(tmpres, &data[i], data_size - i); @@ -190,8 +173,8 @@ _gnutls_sbase64_encode(uint8_t * data, size_t data_size, char **result) /* data must be 4 bytes * result should be 3 bytes */ -# define TOASCII(c) (c < 127 ? asciitable[c] : 0xff) -inline static int decode(uint8_t * result, const uint8_t * data) +#define TOASCII(c) (c < 127 ? asciitable[c] : 0xff) +inline static int decode(uint8_t *result, const uint8_t *data) { uint8_t a1, a2; int ret = 3; @@ -233,7 +216,7 @@ inline static int decode(uint8_t * result, const uint8_t * data) * That function does not ignore newlines tabs etc. You should remove them * before calling it. */ -int _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result) +int _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t **result) { unsigned i, j; int ret, left; @@ -272,7 +255,7 @@ int _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result) /* rest data */ for (i = left, j = tmp; i < idata_size; i += 4) { - tmp = decode(tmpres, (uint8_t *) & data[i]); + tmp = decode(tmpres, (uint8_t *)&data[i]); if (tmp < 0) { gnutls_free((*result)); return tmp; @@ -303,9 +286,8 @@ int _gnutls_sbase64_decode(char *data, size_t idata_size, uint8_t ** result) * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not * long enough, or 0 on success. **/ -int -gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result, - size_t *result_size) +int gnutls_srp_base64_encode(const gnutls_datum_t *data, char *result, + size_t *result_size) { char *res; int size; @@ -344,8 +326,8 @@ gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result, * * Returns: 0 on success, or an error code. **/ -int -gnutls_srp_base64_encode2(const gnutls_datum_t * data, gnutls_datum_t * result) +int gnutls_srp_base64_encode2(const gnutls_datum_t *data, + gnutls_datum_t *result) { char *res; int size; @@ -358,7 +340,7 @@ gnutls_srp_base64_encode2(const gnutls_datum_t * data, gnutls_datum_t * result) gnutls_free(res); return GNUTLS_E_INVALID_REQUEST; } else { - result->data = (uint8_t *) res; + result->data = (uint8_t *)res; result->size = size; } @@ -382,16 +364,14 @@ gnutls_srp_base64_encode2(const gnutls_datum_t * data, gnutls_datum_t * result) * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not * long enough, or 0 on success. **/ -int -gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result, - size_t *result_size) +int gnutls_srp_base64_decode(const gnutls_datum_t *b64_data, char *result, + size_t *result_size) { uint8_t *res; int size; - size = - _gnutls_sbase64_decode((char *)b64_data->data, b64_data->size, - &res); + size = _gnutls_sbase64_decode((char *)b64_data->data, b64_data->size, + &res); if (size < 0) return size; @@ -424,16 +404,14 @@ gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result, * * Returns: 0 on success, or an error code. **/ -int -gnutls_srp_base64_decode2(const gnutls_datum_t * b64_data, - gnutls_datum_t * result) +int gnutls_srp_base64_decode2(const gnutls_datum_t *b64_data, + gnutls_datum_t *result) { uint8_t *ret; int size; - size = - _gnutls_sbase64_decode((char *)b64_data->data, b64_data->size, - &ret); + size = _gnutls_sbase64_decode((char *)b64_data->data, b64_data->size, + &ret); if (size < 0) return size; @@ -450,34 +428,30 @@ gnutls_srp_base64_decode2(const gnutls_datum_t * b64_data, #else -int -gnutls_srp_base64_encode(const gnutls_datum_t * data MAYBE_UNUSED, - char *result MAYBE_UNUSED, - size_t *result_size MAYBE_UNUSED) +int gnutls_srp_base64_encode(const gnutls_datum_t *data MAYBE_UNUSED, + char *result MAYBE_UNUSED, + size_t *result_size MAYBE_UNUSED) { return GNUTLS_E_UNIMPLEMENTED_FEATURE; } -int -gnutls_srp_base64_encode2(const gnutls_datum_t * data MAYBE_UNUSED, - gnutls_datum_t * result MAYBE_UNUSED) +int gnutls_srp_base64_encode2(const gnutls_datum_t *data MAYBE_UNUSED, + gnutls_datum_t *result MAYBE_UNUSED) { return GNUTLS_E_UNIMPLEMENTED_FEATURE; } -int -gnutls_srp_base64_decode(const gnutls_datum_t * b64_data MAYBE_UNUSED, - char *result MAYBE_UNUSED, - size_t *result_size MAYBE_UNUSED) +int gnutls_srp_base64_decode(const gnutls_datum_t *b64_data MAYBE_UNUSED, + char *result MAYBE_UNUSED, + size_t *result_size MAYBE_UNUSED) { return GNUTLS_E_UNIMPLEMENTED_FEATURE; } -int -gnutls_srp_base64_decode2(const gnutls_datum_t * b64_data MAYBE_UNUSED, - gnutls_datum_t * result MAYBE_UNUSED) +int gnutls_srp_base64_decode2(const gnutls_datum_t *b64_data MAYBE_UNUSED, + gnutls_datum_t *result MAYBE_UNUSED) { return GNUTLS_E_UNIMPLEMENTED_FEATURE; } -#endif /* ENABLE_SRP */ +#endif /* ENABLE_SRP */ diff --git a/lib/auth/vko_gost.c b/lib/auth/vko_gost.c index 45503708aa..cd8dc11cfa 100644 --- a/lib/auth/vko_gost.c +++ b/lib/auth/vko_gost.c @@ -33,8 +33,8 @@ #if defined(ENABLE_GOST) static int gen_vko_gost_client_kx(gnutls_session_t, gnutls_buffer_st *); -static int proc_vko_gost_client_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size); +static int proc_vko_gost_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size); /* VKO GOST Key Exchange: * see draft-smyshlyaev-tls12-gost-suites-06, Section 4.2.4 @@ -51,26 +51,24 @@ static int proc_vko_gost_client_kx(gnutls_session_t session, * Note, this KX is not PFS one, despite using ephemeral key pairs on client * side. */ -const mod_auth_st vko_gost_auth_struct = { - "VKO_GOST", - _gnutls_gen_cert_server_crt, - _gnutls_gen_cert_client_crt, - NULL, - gen_vko_gost_client_kx, - _gnutls_gen_cert_client_crt_vrfy, - _gnutls_gen_cert_server_cert_req, - - _gnutls_proc_crt, - _gnutls_proc_crt, - NULL, - proc_vko_gost_client_kx, - _gnutls_proc_cert_client_crt_vrfy, - _gnutls_proc_cert_cert_req -}; - -# define VKO_GOST_UKM_LEN 8 - -static int calc_ukm(gnutls_session_t session, uint8_t * ukm) +const mod_auth_st vko_gost_auth_struct = { "VKO_GOST", + _gnutls_gen_cert_server_crt, + _gnutls_gen_cert_client_crt, + NULL, + gen_vko_gost_client_kx, + _gnutls_gen_cert_client_crt_vrfy, + _gnutls_gen_cert_server_cert_req, + + _gnutls_proc_crt, + _gnutls_proc_crt, + NULL, + proc_vko_gost_client_kx, + _gnutls_proc_cert_client_crt_vrfy, + _gnutls_proc_cert_cert_req }; + +#define VKO_GOST_UKM_LEN 8 + +static int calc_ukm(gnutls_session_t session, uint8_t *ukm) { gnutls_digest_algorithm_t digalg = GNUTLS_DIG_STREEBOG_256; gnutls_hash_hd_t dig; @@ -91,7 +89,7 @@ static int calc_ukm(gnutls_session_t session, uint8_t * ukm) return gnutls_hash_get_len(digalg); } -static int print_priv_key(gnutls_pk_params_st * params) +static int print_priv_key(gnutls_pk_params_st *params) { int ret; uint8_t priv_buf[512 / 8]; @@ -106,15 +104,15 @@ static int print_priv_key(gnutls_pk_params_st * params) if (ret < 0) return gnutls_assert_val(ret); - _gnutls_hard_log("INT: VKO PRIVATE KEY[%zd]: %s\n", - bytes, _gnutls_bin2hex(priv_buf, - bytes, buf, sizeof(buf), NULL)); + _gnutls_hard_log("INT: VKO PRIVATE KEY[%zd]: %s\n", bytes, + _gnutls_bin2hex(priv_buf, bytes, buf, sizeof(buf), + NULL)); return 0; } -static int -vko_prepare_client_keys(gnutls_session_t session, - gnutls_pk_params_st * pub, gnutls_pk_params_st * priv) +static int vko_prepare_client_keys(gnutls_session_t session, + gnutls_pk_params_st *pub, + gnutls_pk_params_st *priv) { int ret; gnutls_ecc_curve_t curve; @@ -126,9 +124,8 @@ vko_prepare_client_keys(gnutls_session_t session, if (info == NULL || info->ncerts == 0) return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); - ret = _gnutls_get_auth_info_pcert(&peer_cert, - session->security_parameters. - server_ctype, info); + ret = _gnutls_get_auth_info_pcert( + &peer_cert, session->security_parameters.server_ctype, info); if (ret < 0) return gnutls_assert_val(ret); @@ -167,7 +164,7 @@ vko_prepare_client_keys(gnutls_session_t session, print_priv_key(priv); - session->key.key.size = 32; /* GOST key size */ + session->key.key.size = 32; /* GOST key size */ session->key.key.data = gnutls_malloc(session->key.key.size); if (session->key.key.data == NULL) { gnutls_assert(); @@ -202,9 +199,8 @@ vko_prepare_client_keys(gnutls_session_t session, _gnutls_gost_keytrans_decrypt will decrypt GostR3410-KeyTransport */ -static int -proc_vko_gost_client_kx(gnutls_session_t session, - uint8_t * data, size_t _data_size) +static int proc_vko_gost_client_kx(gnutls_session_t session, uint8_t *data, + size_t _data_size) { int ret, i = 0; ssize_t data_size = _data_size; @@ -237,7 +233,7 @@ proc_vko_gost_client_kx(gnutls_session_t session, data += i; /* Now do the tricky part: determine length of GostR3410-KeyTransport */ - DECR_LEN(data_size, 1); /* tag */ + DECR_LEN(data_size, 1); /* tag */ ret = asn1_get_length_der(&data[1], data_size, &len); DECR_LEN_FINAL(data_size, len + ret); @@ -248,19 +244,19 @@ proc_vko_gost_client_kx(gnutls_session_t session, if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_gost_keytrans_decrypt(&privkey->key.x509->params, - &cek, &ukm, &session->key.key); + ret = _gnutls_gost_keytrans_decrypt(&privkey->key.x509->params, &cek, + &ukm, &session->key.key); if (ret < 0) return gnutls_assert_val(ret); return 0; } -static int -gen_vko_gost_client_kx(gnutls_session_t session, gnutls_buffer_st * data) +static int gen_vko_gost_client_kx(gnutls_session_t session, + gnutls_buffer_st *data) { int ret; - gnutls_datum_t out = { }; + gnutls_datum_t out = {}; uint8_t ukm_data[MAX_HASH_SIZE]; gnutls_datum_t ukm = { ukm_data, VKO_GOST_UKM_LEN }; gnutls_pk_params_st pub; @@ -278,9 +274,8 @@ gen_vko_gost_client_kx(gnutls_session_t session, gnutls_buffer_st * data) if (ret < 0) return gnutls_assert_val(ret); - ret = _gnutls_gost_keytrans_encrypt(&pub, - &priv, - &session->key.key, &ukm, &out); + ret = _gnutls_gost_keytrans_encrypt(&pub, &priv, &session->key.key, + &ukm, &out); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -301,7 +296,7 @@ gen_vko_gost_client_kx(gnutls_session_t session, gnutls_buffer_st * data) } ret = data->length; - cleanup: +cleanup: /* no longer needed */ gnutls_pk_params_release(&priv); gnutls_pk_params_release(&pub); |