summaryrefslogtreecommitdiff
path: root/lib/ext/key_share.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ext/key_share.c')
-rw-r--r--lib/ext/key_share.c434
1 files changed, 298 insertions, 136 deletions
diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
index a4db3af950..2fc543cc9b 100644
--- a/lib/ext/key_share.c
+++ b/lib/ext/key_share.c
@@ -38,10 +38,9 @@
#include "pk.h"
static int key_share_recv_params(gnutls_session_t session,
- const uint8_t * data,
- size_t data_size);
+ const uint8_t * data, size_t data_size);
static int key_share_send_params(gnutls_session_t session,
- gnutls_buffer_st * extdata);
+ gnutls_buffer_st * extdata);
const hello_ext_entry_st ext_mod_key_share = {
.name = "Key Share",
@@ -49,8 +48,9 @@ const hello_ext_entry_st ext_mod_key_share = {
.gid = GNUTLS_EXTENSION_KEY_SHARE,
.client_parse_point = _GNUTLS_EXT_TLS_POST_CS,
.server_parse_point = _GNUTLS_EXT_TLS_POST_CS,
- .validity = GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO | GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO |
- GNUTLS_EXT_FLAG_HRR,
+ .validity =
+ GNUTLS_EXT_FLAG_TLS | GNUTLS_EXT_FLAG_CLIENT_HELLO |
+ GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO | GNUTLS_EXT_FLAG_HRR,
.recv_func = key_share_recv_params,
.send_func = key_share_send_params,
.pack_func = NULL,
@@ -69,22 +69,24 @@ const hello_ext_entry_st ext_mod_key_share = {
* } KeyShareEntry;
*
*/
-static int client_gen_key_share(gnutls_session_t session, const gnutls_group_entry_st *group, gnutls_buffer_st *extdata)
+static int client_gen_key_share(gnutls_session_t session,
+ const gnutls_group_entry_st * group,
+ gnutls_buffer_st * extdata)
{
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
int ret;
if (group->pk != GNUTLS_PK_EC && group->pk != GNUTLS_PK_ECDH_X25519 &&
- group->pk != GNUTLS_PK_ECDH_X448 &&
- group->pk != GNUTLS_PK_DH) {
- _gnutls_debug_log("Cannot send key share for group %s!\n", group->name);
+ group->pk != GNUTLS_PK_ECDH_X448 && group->pk != GNUTLS_PK_DH) {
+ _gnutls_debug_log("Cannot send key share for group %s!\n",
+ group->name);
return GNUTLS_E_INT_RET_0;
}
- _gnutls_handshake_log("EXT[%p]: sending key share for %s\n", session, group->name);
+ _gnutls_handshake_log("EXT[%p]: sending key share for %s\n", session,
+ group->name);
- ret =
- _gnutls_buffer_append_prefix(extdata, 16, group->tls_id);
+ ret = _gnutls_buffer_append_prefix(extdata, 16, group->tls_id);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -93,19 +95,24 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent
gnutls_pk_params_init(&session->key.kshare.ecdh_params);
ret = _gnutls_pk_generate_keys(group->pk, group->curve,
- &session->key.kshare.ecdh_params, 1);
+ &session->key.kshare.ecdh_params,
+ 1);
if (ret < 0)
return gnutls_assert_val(ret);
ret = _gnutls_ecc_ansi_x962_export(group->curve,
- session->key.kshare.ecdh_params.params[ECC_X],
- session->key.kshare.ecdh_params.params[ECC_Y],
- &tmp);
+ session->key.
+ kshare.ecdh_params.
+ params[ECC_X],
+ session->key.
+ kshare.ecdh_params.
+ params[ECC_Y], &tmp);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
- _gnutls_buffer_append_data_prefix(extdata, 16, tmp.data, tmp.size);
+ _gnutls_buffer_append_data_prefix(extdata, 16, tmp.data,
+ tmp.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -122,14 +129,19 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent
gnutls_pk_params_init(&session->key.kshare.ecdhx_params);
ret = _gnutls_pk_generate_keys(group->pk, group->curve,
- &session->key.kshare.ecdhx_params, 1);
+ &session->key.
+ kshare.ecdhx_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
_gnutls_buffer_append_data_prefix(extdata, 16,
- session->key.kshare.ecdhx_params.raw_pub.data,
- session->key.kshare.ecdhx_params.raw_pub.size);
+ session->key.
+ kshare.ecdhx_params.
+ raw_pub.data,
+ session->key.
+ kshare.ecdhx_params.
+ raw_pub.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -145,37 +157,58 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent
gnutls_pk_params_release(&session->key.kshare.dh_params);
gnutls_pk_params_init(&session->key.kshare.dh_params);
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_G],
- group->generator->data, group->generator->size);
+ ret =
+ _gnutls_mpi_init_scan_nz(&session->key.kshare.
+ dh_params.params[DH_G],
+ group->generator->data,
+ group->generator->size);
if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_P],
- group->prime->data, group->prime->size);
+ ret =
+ _gnutls_mpi_init_scan_nz(&session->key.kshare.
+ dh_params.params[DH_P],
+ group->prime->data,
+ group->prime->size);
if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_Q],
- group->q->data, group->q->size);
+ ret =
+ _gnutls_mpi_init_scan_nz(&session->key.kshare.
+ dh_params.params[DH_Q],
+ group->q->data, group->q->size);
if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
session->key.kshare.dh_params.algo = group->pk;
- session->key.kshare.dh_params.dh_group = group->id; /* no curve in FFDH, we write the group */
+ session->key.kshare.dh_params.dh_group = group->id; /* no curve in FFDH, we write the group */
session->key.kshare.dh_params.qbits = *group->q_bits;
session->key.kshare.dh_params.params_nr = 3;
- ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare.dh_params, 1);
+ ret =
+ _gnutls_pk_generate_keys(group->pk, 0,
+ &session->key.kshare.dh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
- _gnutls_buffer_append_prefix(extdata, 16, group->prime->size);
+ _gnutls_buffer_append_prefix(extdata, 16,
+ group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.kshare.dh_params.params[DH_Y],
- group->prime->size);
+ ret =
+ _gnutls_buffer_append_fixed_mpi(extdata,
+ session->key.
+ kshare.dh_params.
+ params[DH_Y],
+ group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -191,35 +224,41 @@ static int client_gen_key_share(gnutls_session_t session, const gnutls_group_ent
* Sends server key exchange parameters
*
*/
-static int server_gen_key_share(gnutls_session_t session, const gnutls_group_entry_st *group, gnutls_buffer_st *extdata)
+static int server_gen_key_share(gnutls_session_t session,
+ const gnutls_group_entry_st * group,
+ gnutls_buffer_st * extdata)
{
- gnutls_datum_t tmp = {NULL, 0};
+ gnutls_datum_t tmp = { NULL, 0 };
int ret;
if (group->pk != GNUTLS_PK_EC && group->pk != GNUTLS_PK_ECDH_X25519 &&
- group->pk != GNUTLS_PK_ECDH_X448 &&
- group->pk != GNUTLS_PK_DH) {
- _gnutls_debug_log("Cannot send key share for group %s!\n", group->name);
+ group->pk != GNUTLS_PK_ECDH_X448 && group->pk != GNUTLS_PK_DH) {
+ _gnutls_debug_log("Cannot send key share for group %s!\n",
+ group->name);
return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
}
- _gnutls_handshake_log("EXT[%p]: sending key share for %s\n", session, group->name);
+ _gnutls_handshake_log("EXT[%p]: sending key share for %s\n", session,
+ group->name);
- ret =
- _gnutls_buffer_append_prefix(extdata, 16, group->tls_id);
+ ret = _gnutls_buffer_append_prefix(extdata, 16, group->tls_id);
if (ret < 0)
return gnutls_assert_val(ret);
if (group->pk == GNUTLS_PK_EC) {
ret = _gnutls_ecc_ansi_x962_export(group->curve,
- session->key.kshare.ecdh_params.params[ECC_X],
- session->key.kshare.ecdh_params.params[ECC_Y],
- &tmp);
+ session->key.
+ kshare.ecdh_params.
+ params[ECC_X],
+ session->key.
+ kshare.ecdh_params.
+ params[ECC_Y], &tmp);
if (ret < 0)
return gnutls_assert_val(ret);
ret =
- _gnutls_buffer_append_data_prefix(extdata, 16, tmp.data, tmp.size);
+ _gnutls_buffer_append_data_prefix(extdata, 16, tmp.data,
+ tmp.size);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -231,8 +270,12 @@ static int server_gen_key_share(gnutls_session_t session, const gnutls_group_ent
group->pk == GNUTLS_PK_ECDH_X448) {
ret =
_gnutls_buffer_append_data_prefix(extdata, 16,
- session->key.kshare.ecdhx_params.raw_pub.data,
- session->key.kshare.ecdhx_params.raw_pub.size);
+ session->key.
+ kshare.ecdhx_params.
+ raw_pub.data,
+ session->key.
+ kshare.ecdhx_params.
+ raw_pub.size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -240,12 +283,17 @@ static int server_gen_key_share(gnutls_session_t session, const gnutls_group_ent
} else if (group->pk == GNUTLS_PK_DH) {
ret =
- _gnutls_buffer_append_prefix(extdata, 16, group->prime->size);
+ _gnutls_buffer_append_prefix(extdata, 16,
+ group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_buffer_append_fixed_mpi(extdata, session->key.kshare.dh_params.params[DH_Y],
- group->prime->size);
+ ret =
+ _gnutls_buffer_append_fixed_mpi(extdata,
+ session->key.
+ kshare.dh_params.
+ params[DH_Y],
+ group->prime->size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -260,8 +308,9 @@ static int server_gen_key_share(gnutls_session_t session, const gnutls_group_ent
/* Generates shared key and stores it in session->key.key
*/
static int
-server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *group,
- const uint8_t * data, size_t data_size)
+server_use_key_share(gnutls_session_t session,
+ const gnutls_group_entry_st * group, const uint8_t * data,
+ size_t data_size)
{
const gnutls_ecc_curve_entry_st *curve;
int ret;
@@ -276,11 +325,16 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
gnutls_pk_params_init(&pub);
- if (curve->size*2+1 != data_size)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ if (curve->size * 2 + 1 != data_size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* generate our key */
- ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.kshare.ecdh_params, 1);
+ ret =
+ _gnutls_pk_generate_keys(curve->pk, curve->id,
+ &session->key.kshare.ecdh_params,
+ 1);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -296,7 +350,10 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
pub.params_nr = 2;
/* generate shared */
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare.ecdh_params, &pub);
+ ret =
+ _gnutls_pk_derive_tls13(curve->pk, &session->key.key,
+ &session->key.kshare.ecdh_params,
+ &pub);
gnutls_pk_params_release(&pub);
if (ret < 0) {
return gnutls_assert_val(ret);
@@ -314,10 +371,15 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
curve = _gnutls_ecc_curve_get_params(group->curve);
if (curve->size != data_size)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* generate our key */
- ret = _gnutls_pk_generate_keys(curve->pk, curve->id, &session->key.kshare.ecdhx_params, 1);
+ ret =
+ _gnutls_pk_generate_keys(curve->pk, curve->id,
+ &session->key.kshare.ecdhx_params,
+ 1);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -327,13 +389,16 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
pub.algo = group->pk;
pub.curve = curve->id;
- pub.raw_pub.data = (void*)data;
+ pub.raw_pub.data = (void *)data;
pub.raw_pub.size = data_size;
/* We don't mask the MSB in the final byte as required
* by RFC7748. This will be done internally by nettle 3.3 or later.
*/
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare.ecdhx_params, &pub);
+ ret =
+ _gnutls_pk_derive_tls13(curve->pk, &session->key.key,
+ &session->key.kshare.ecdhx_params,
+ &pub);
if (ret < 0) {
return gnutls_assert_val(ret);
}
@@ -348,30 +413,48 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
gnutls_pk_params_init(&session->key.kshare.dh_params);
if (data_size != group->prime->size)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* set group params */
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_G],
- group->generator->data, group->generator->size);
+ ret =
+ _gnutls_mpi_init_scan_nz(&session->key.kshare.
+ dh_params.params[DH_G],
+ group->generator->data,
+ group->generator->size);
if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_P],
- group->prime->data, group->prime->size);
+ ret =
+ _gnutls_mpi_init_scan_nz(&session->key.kshare.
+ dh_params.params[DH_P],
+ group->prime->data,
+ group->prime->size);
if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- ret = _gnutls_mpi_init_scan_nz(&session->key.kshare.dh_params.params[DH_Q],
- group->q->data, group->q->size);
+ ret =
+ _gnutls_mpi_init_scan_nz(&session->key.kshare.
+ dh_params.params[DH_Q],
+ group->q->data, group->q->size);
if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
session->key.kshare.dh_params.algo = GNUTLS_PK_DH;
session->key.kshare.dh_params.qbits = *group->q_bits;
session->key.kshare.dh_params.params_nr = 3;
/* generate our keys */
- ret = _gnutls_pk_generate_keys(group->pk, 0, &session->key.kshare.dh_params, 1);
+ ret =
+ _gnutls_pk_generate_keys(group->pk, 0,
+ &session->key.kshare.dh_params, 1);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -379,14 +462,19 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
gnutls_pk_params_init(&pub);
ret = _gnutls_mpi_init_scan_nz(&pub.params[DH_Y],
- data, data_size);
+ data, data_size);
if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
pub.algo = group->pk;
/* generate shared key */
- ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.kshare.dh_params, &pub);
+ ret =
+ _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key,
+ &session->key.kshare.dh_params,
+ &pub);
_gnutls_mpi_release(&pub.params[DH_Y]);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -396,7 +484,8 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
}
- _gnutls_debug_log("EXT[%p]: server generated %s shared key\n", session, group->name);
+ _gnutls_debug_log("EXT[%p]: server generated %s shared key\n", session,
+ group->name);
return ret;
}
@@ -404,8 +493,9 @@ server_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
/* Generates shared key and stores it in session->key.key
*/
static int
-client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *group,
- const uint8_t * data, size_t data_size)
+client_use_key_share(gnutls_session_t session,
+ const gnutls_group_entry_st * group, const uint8_t * data,
+ size_t data_size)
{
const gnutls_ecc_curve_entry_st *curve;
int ret;
@@ -417,11 +507,16 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
gnutls_pk_params_init(&pub);
- if (session->key.kshare.ecdh_params.algo != group->pk || session->key.kshare.ecdh_params.curve != curve->id)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ if (session->key.kshare.ecdh_params.algo != group->pk
+ || session->key.kshare.ecdh_params.curve != curve->id)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- if (curve->size*2+1 != data_size)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ if (curve->size * 2 + 1 != data_size)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* read the server's public key */
ret = _gnutls_ecc_ansi_x962_import(data, data_size,
@@ -435,7 +530,10 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
pub.params_nr = 2;
/* generate shared key */
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare.ecdh_params, &pub);
+ ret =
+ _gnutls_pk_derive_tls13(curve->pk, &session->key.key,
+ &session->key.kshare.ecdh_params,
+ &pub);
gnutls_pk_params_release(&pub);
if (ret < 0) {
return gnutls_assert_val(ret);
@@ -449,11 +547,16 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
curve = _gnutls_ecc_curve_get_params(group->curve);
- if (session->key.kshare.ecdhx_params.algo != group->pk || session->key.kshare.ecdhx_params.curve != curve->id)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ if (session->key.kshare.ecdhx_params.algo != group->pk
+ || session->key.kshare.ecdhx_params.curve != curve->id)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
if (curve->size != data_size)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* read the public key and generate shared */
gnutls_pk_params_init(&pub);
@@ -461,13 +564,16 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
pub.algo = group->pk;
pub.curve = curve->id;
- pub.raw_pub.data = (void*)data;
+ pub.raw_pub.data = (void *)data;
pub.raw_pub.size = data_size;
/* We don't mask the MSB in the final byte as required
* by RFC7748. This will be done internally by nettle 3.3 or later.
*/
- ret = _gnutls_pk_derive_tls13(curve->pk, &session->key.key, &session->key.kshare.ecdhx_params, &pub);
+ ret =
+ _gnutls_pk_derive_tls13(curve->pk, &session->key.key,
+ &session->key.kshare.ecdhx_params,
+ &pub);
if (ret < 0) {
return gnutls_assert_val(ret);
}
@@ -477,24 +583,34 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
} else if (group->pk == GNUTLS_PK_DH) {
gnutls_pk_params_st pub;
- if (session->key.kshare.dh_params.algo != group->pk || session->key.kshare.dh_params.dh_group != group->id)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ if (session->key.kshare.dh_params.algo != group->pk
+ || session->key.kshare.dh_params.dh_group != group->id)
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
if (data_size != group->prime->size)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* read the public key and generate shared */
gnutls_pk_params_init(&pub);
ret = _gnutls_mpi_init_scan_nz(&pub.params[DH_Y],
- data, data_size);
+ data, data_size);
if (ret < 0)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
pub.algo = group->pk;
/* generate shared key */
- ret = _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key, &session->key.kshare.dh_params, &pub);
+ ret =
+ _gnutls_pk_derive_tls13(GNUTLS_PK_DH, &session->key.key,
+ &session->key.kshare.dh_params,
+ &pub);
_gnutls_mpi_release(&pub.params[DH_Y]);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -504,7 +620,8 @@ client_use_key_share(gnutls_session_t session, const gnutls_group_entry_st *grou
return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
}
- _gnutls_debug_log("EXT[%p]: client generated %s shared key\n", session, group->name);
+ _gnutls_debug_log("EXT[%p]: client generated %s shared key\n", session,
+ group->name);
return ret;
}
@@ -530,7 +647,9 @@ key_share_recv_params(gnutls_session_t session,
data += 2;
if (data_size != size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
/* if we do PSK without DH ignore that share */
if ((session->internals.hsk_flags & HSK_PSK_SELECTED) &&
@@ -539,7 +658,7 @@ key_share_recv_params(gnutls_session_t session,
return 0;
}
- while(data_size > 0) {
+ while (data_size > 0) {
DECR_LEN(data_size, 2);
gid = _gnutls_read_uint16(data);
data += 2;
@@ -555,12 +674,17 @@ key_share_recv_params(gnutls_session_t session,
group = _gnutls_tls_id_to_group(gid);
if (group != NULL)
- _gnutls_handshake_log("EXT[%p]: Received key share for %s\n", session, group->name);
+ _gnutls_handshake_log
+ ("EXT[%p]: Received key share for %s\n",
+ session, group->name);
- if (group != NULL && group == session->internals.cand_group) {
+ if (group != NULL
+ && group == session->internals.cand_group) {
_gnutls_session_group_set(session, group);
- ret = server_use_key_share(session, group, data, size);
+ ret =
+ server_use_key_share(session, group, data,
+ size);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -592,28 +716,41 @@ key_share_recv_params(gnutls_session_t session,
}
session->internals.hsk_flags |= HSK_KEY_SHARE_RECEIVED;
- } else { /* Client */
+ } else { /* Client */
ver = get_version(session);
if (unlikely(ver == NULL || ver->key_shares == 0))
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
if (_gnutls_ext_get_msg(session) == GNUTLS_EXT_FLAG_HRR) {
- if (unlikely(!(session->internals.hsk_flags & HSK_HRR_RECEIVED)))
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ if (unlikely
+ (!(session->
+ internals.hsk_flags & HSK_HRR_RECEIVED)))
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
DECR_LEN(data_size, 2);
gid = _gnutls_read_uint16(data);
group = _gnutls_tls_id_to_group(gid);
if (group == NULL)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
- _gnutls_handshake_log("EXT[%p]: HRR key share with %s\n", session, group->name);
+ _gnutls_handshake_log
+ ("EXT[%p]: HRR key share with %s\n", session,
+ group->name);
/* check if we support it */
- ret = _gnutls_session_supports_group(session, group->id);
+ ret =
+ _gnutls_session_supports_group(session, group->id);
if (ret < 0) {
- _gnutls_handshake_log("EXT[%p]: received share for %s which is disabled\n", session, group->name);
+ _gnutls_handshake_log
+ ("EXT[%p]: received share for %s which is disabled\n",
+ session, group->name);
return gnutls_assert_val(ret);
}
@@ -629,19 +766,25 @@ key_share_recv_params(gnutls_session_t session,
DECR_LEN(data_size, 2);
size = _gnutls_read_uint16(data);
- data+=2;
+ data += 2;
if (data_size != size)
- return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
group = _gnutls_tls_id_to_group(gid);
if (group == NULL)
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
/* check if we support it */
ret = _gnutls_session_supports_group(session, group->id);
if (ret < 0) {
- _gnutls_handshake_log("EXT[%p]: received share for %s which is disabled\n", session, group->name);
+ _gnutls_handshake_log
+ ("EXT[%p]: received share for %s which is disabled\n",
+ session, group->name);
return gnutls_assert_val(ret);
}
@@ -656,8 +799,7 @@ key_share_recv_params(gnutls_session_t session,
return 0;
}
-static inline bool
-pk_type_is_ecdhx(gnutls_pk_algorithm_t pk)
+static inline bool pk_type_is_ecdhx(gnutls_pk_algorithm_t pk)
{
return pk == GNUTLS_PK_ECDH_X25519 || pk == GNUTLS_PK_ECDH_X448;
}
@@ -671,8 +813,7 @@ pk_type_equal(gnutls_pk_algorithm_t a, gnutls_pk_algorithm_t b)
/* returns data_size or a negative number on failure
*/
static int
-key_share_send_params(gnutls_session_t session,
- gnutls_buffer_st * extdata)
+key_share_send_params(gnutls_session_t session, gnutls_buffer_st * extdata)
{
unsigned i;
int ret;
@@ -693,41 +834,52 @@ key_share_send_params(gnutls_session_t session,
length_pos = extdata->length;
- ret =
- _gnutls_buffer_append_prefix(extdata, 16, 0);
+ ret = _gnutls_buffer_append_prefix(extdata, 16, 0);
if (ret < 0)
return gnutls_assert_val(ret);
- if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */
+ if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */
group = get_group(session);
if (unlikely(group == NULL))
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
ret = client_gen_key_share(session, group, extdata);
if (ret == GNUTLS_E_INT_RET_0)
- return gnutls_assert_val(GNUTLS_E_NO_COMMON_KEY_SHARE);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_NO_COMMON_KEY_SHARE);
if (ret < 0)
return gnutls_assert_val(ret);
} else {
gnutls_pk_algorithm_t selected_groups[3];
- unsigned max_groups = 2; /* GNUTLS_KEY_SHARE_TOP2 */
+ unsigned max_groups = 2; /* GNUTLS_KEY_SHARE_TOP2 */
if (session->internals.flags & GNUTLS_KEY_SHARE_TOP)
max_groups = 1;
- else if (session->internals.flags & GNUTLS_KEY_SHARE_TOP3)
+ else if (session->
+ internals.flags & GNUTLS_KEY_SHARE_TOP3)
max_groups = 3;
- assert(max_groups <= sizeof(selected_groups)/sizeof(selected_groups[0]));
+ assert(max_groups <=
+ sizeof(selected_groups) /
+ sizeof(selected_groups[0]));
/* generate key shares for out top-(max_groups) groups
* if they are of different PK type. */
- for (i = 0; i < session->internals.priorities->groups.size; i++) {
+ for (i = 0;
+ i < session->internals.priorities->groups.size;
+ i++) {
unsigned int j;
- group = session->internals.priorities->groups.entry[i];
+ group =
+ session->internals.priorities->
+ groups.entry[i];
for (j = 0; j < generated; j++) {
- if (pk_type_equal(group->pk, selected_groups[j])) {
+ if (pk_type_equal
+ (group->pk, selected_groups[j])) {
break;
}
}
@@ -737,9 +889,11 @@ key_share_send_params(gnutls_session_t session,
selected_groups[generated] = group->pk;
- ret = client_gen_key_share(session, group, extdata);
+ ret =
+ client_gen_key_share(session, group,
+ extdata);
if (ret == GNUTLS_E_INT_RET_0)
- continue; /* no key share for this algorithm */
+ continue; /* no key share for this algorithm */
if (ret < 0)
return gnutls_assert_val(ret);
@@ -754,7 +908,7 @@ key_share_send_params(gnutls_session_t session,
_gnutls_write_uint16(extdata->length - length_pos - 2,
&extdata->data[length_pos]);
- } else { /* server */
+ } else { /* server */
ver = get_version(session);
if (unlikely(ver == NULL || ver->key_shares == 0))
return gnutls_assert_val(0);
@@ -763,24 +917,32 @@ key_share_send_params(gnutls_session_t session,
group = session->internals.cand_group;
if (group == NULL)
- return gnutls_assert_val(GNUTLS_E_NO_COMMON_KEY_SHARE);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_NO_COMMON_KEY_SHARE);
_gnutls_session_group_set(session, group);
- _gnutls_handshake_log("EXT[%p]: requesting retry with group %s\n", session, group->name);
+ _gnutls_handshake_log
+ ("EXT[%p]: requesting retry with group %s\n",
+ session, group->name);
ret =
- _gnutls_buffer_append_prefix(extdata, 16, group->tls_id);
+ _gnutls_buffer_append_prefix(extdata, 16,
+ group->tls_id);
if (ret < 0)
return gnutls_assert_val(ret);
} else {
/* if we are negotiating PSK without DH, do not send a key share */
if ((session->internals.hsk_flags & HSK_PSK_SELECTED) &&
- (session->internals.hsk_flags & HSK_PSK_KE_MODE_PSK))
+ (session->
+ internals.hsk_flags & HSK_PSK_KE_MODE_PSK))
return gnutls_assert_val(0);
group = get_group(session);
if (unlikely(group == NULL))
- return gnutls_assert_val(GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
+ return
+ gnutls_assert_val
+ (GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER);
ret = server_gen_key_share(session, group, extdata);
if (ret < 0)
View Lorry Controller Status