diff options
Diffstat (limited to 'lib/pk.c')
-rw-r--r-- | lib/pk.c | 152 |
1 files changed, 69 insertions, 83 deletions
@@ -58,8 +58,7 @@ **/ int gnutls_encode_rs_value(gnutls_datum_t * sig_value, - const gnutls_datum_t * r, - const gnutls_datum_t * s) + const gnutls_datum_t * r, const gnutls_datum_t * s) { return _gnutls_encode_ber_rs_raw(sig_value, r, s); } @@ -69,8 +68,7 @@ gnutls_encode_rs_value(gnutls_datum_t * sig_value, */ int _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value, - const gnutls_datum_t * r, - const gnutls_datum_t * s) + const gnutls_datum_t * r, const gnutls_datum_t * s) { asn1_node sig; int result, ret; @@ -85,7 +83,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value, } if (s->data[0] >= 0x80 || r->data[0] >= 0x80) { - tmp = gnutls_malloc(MAX(r->size, s->size)+1); + tmp = gnutls_malloc(MAX(r->size, s->size) + 1); if (tmp == NULL) { ret = gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); goto cleanup; @@ -96,7 +94,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value, assert(tmp); tmp[0] = 0; memcpy(&tmp[1], r->data, r->size); - result = asn1_write_value(sig, "r", tmp, 1+r->size); + result = asn1_write_value(sig, "r", tmp, 1 + r->size); } else { result = asn1_write_value(sig, "r", r->data, r->size); } @@ -107,12 +105,11 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value, goto cleanup; } - if (s->data[0] >= 0x80) { assert(tmp); tmp[0] = 0; memcpy(&tmp[1], s->data, s->size); - result = asn1_write_value(sig, "s", tmp, 1+s->size); + result = asn1_write_value(sig, "s", tmp, 1 + s->size); } else { result = asn1_write_value(sig, "s", s->data, s->size); } @@ -136,8 +133,7 @@ _gnutls_encode_ber_rs_raw(gnutls_datum_t * sig_value, return ret; } -int -_gnutls_encode_ber_rs(gnutls_datum_t * sig_value, bigint_t r, bigint_t s) +int _gnutls_encode_ber_rs(gnutls_datum_t * sig_value, bigint_t r, bigint_t s) { asn1_node sig; int result; @@ -173,7 +169,6 @@ _gnutls_encode_ber_rs(gnutls_datum_t * sig_value, bigint_t r, bigint_t s) return 0; } - /* decodes the Dss-Sig-Value structure */ int @@ -194,8 +189,7 @@ _gnutls_decode_ber_rs(const gnutls_datum_t * sig_value, bigint_t * r, /* rfc3279 doesn't specify whether Dss-Sig-Value is encoded * as DER or BER. As such we do not restrict to the DER subset. */ result = - asn1_der_decoding(&sig, sig_value->data, sig_value->size, - NULL); + asn1_der_decoding(&sig, sig_value->data, sig_value->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&sig); @@ -242,8 +236,8 @@ _gnutls_decode_ber_rs(const gnutls_datum_t * sig_value, bigint_t * r, * Since: 3.6.0 * **/ -int gnutls_decode_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t *r, - gnutls_datum_t *s) +int gnutls_decode_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t * r, + gnutls_datum_t * s) { return _gnutls_decode_ber_rs_raw(sig_value, r, s); } @@ -252,8 +246,8 @@ int gnutls_decode_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t *r, * to be exported for FIPS140 CAVS testing. */ int -_gnutls_decode_ber_rs_raw(const gnutls_datum_t * sig_value, gnutls_datum_t *r, - gnutls_datum_t *s) +_gnutls_decode_ber_rs_raw(const gnutls_datum_t * sig_value, gnutls_datum_t * r, + gnutls_datum_t * s) { asn1_node sig; int result; @@ -269,8 +263,7 @@ _gnutls_decode_ber_rs_raw(const gnutls_datum_t * sig_value, gnutls_datum_t *r, /* rfc3279 doesn't specify whether Dss-Sig-Value is encoded * as DER or BER. As such we do not restrict to the DER subset. */ result = - asn1_der_decoding(&sig, sig_value->data, sig_value->size, - NULL); + asn1_der_decoding(&sig, sig_value->data, sig_value->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&sig); @@ -369,7 +362,9 @@ _gnutls_decode_gost_rs(const gnutls_datum_t * sig_value, bigint_t * r, * * Since: 3.6.0 */ -int gnutls_encode_gost_rs_value(gnutls_datum_t * sig_value, const gnutls_datum_t * r, const gnutls_datum_t *s) +int gnutls_encode_gost_rs_value(gnutls_datum_t * sig_value, + const gnutls_datum_t * r, + const gnutls_datum_t * s) { uint8_t *data; size_t intsize = r->size; @@ -412,7 +407,8 @@ int gnutls_encode_gost_rs_value(gnutls_datum_t * sig_value, const gnutls_datum_t * * Since: 3.6.0 */ -int gnutls_decode_gost_rs_value(const gnutls_datum_t * sig_value, gnutls_datum_t * r, gnutls_datum_t * s) +int gnutls_decode_gost_rs_value(const gnutls_datum_t * sig_value, + gnutls_datum_t * r, gnutls_datum_t * s) { int ret; unsigned halfsize = sig_value->size >> 1; @@ -465,8 +461,7 @@ gnutls_gost_paramset_t _gnutls_gost_paramset_default(gnutls_pk_algorithm_t pk) { if (pk == GNUTLS_PK_GOST_01) return GNUTLS_GOST_PARAMSET_CP_A; - else if (pk == GNUTLS_PK_GOST_12_256 || - pk == GNUTLS_PK_GOST_12_512) + else if (pk == GNUTLS_PK_GOST_12_256 || pk == GNUTLS_PK_GOST_12_512) return GNUTLS_GOST_PARAMSET_TC26_Z; else return gnutls_assert_val(GNUTLS_GOST_PARAMSET_UNKNOWN); @@ -500,12 +495,14 @@ int _gnutls_pk_params_copy(gnutls_pk_params_st * dst, dst->params_nr++; } - if (_gnutls_set_datum(&dst->raw_priv, src->raw_priv.data, src->raw_priv.size) < 0) { + if (_gnutls_set_datum + (&dst->raw_priv, src->raw_priv.data, src->raw_priv.size) < 0) { gnutls_assert(); goto fail; } - if (_gnutls_set_datum(&dst->raw_pub, src->raw_pub.data, src->raw_pub.size) < 0) { + if (_gnutls_set_datum + (&dst->raw_pub, src->raw_pub.data, src->raw_pub.size) < 0) { gnutls_assert(); goto fail; } @@ -520,7 +517,7 @@ int _gnutls_pk_params_copy(gnutls_pk_params_st * dst, return 0; -fail: + fail: for (j = 0; j < i; j++) _gnutls_mpi_release(&dst->params[j]); return GNUTLS_E_MEMORY_ERROR; @@ -559,7 +556,7 @@ void gnutls_pk_params_clear(gnutls_pk_params_st * p) } int -_gnutls_find_rsa_pss_salt_size(unsigned bits, const mac_entry_st *me, +_gnutls_find_rsa_pss_salt_size(unsigned bits, const mac_entry_st * me, unsigned salt_size) { unsigned digest_size; @@ -591,8 +588,7 @@ _gnutls_find_rsa_pss_salt_size(unsigned bits, const mac_entry_st *me, */ int encode_ber_digest_info(const mac_entry_st * e, - const gnutls_datum_t * digest, - gnutls_datum_t * output) + const gnutls_datum_t * digest, gnutls_datum_t * output) { asn1_node dinfo = NULL; int result; @@ -611,8 +607,7 @@ encode_ber_digest_info(const mac_entry_st * e, algo = _gnutls_x509_mac_to_oid(e); if (algo == NULL) { gnutls_assert(); - _gnutls_debug_log("Hash algorithm: %d has no OID\n", - e->id); + _gnutls_debug_log("Hash algorithm: %d has no OID\n", e->id); return GNUTLS_E_UNKNOWN_PK_ALGORITHM; } @@ -623,8 +618,7 @@ encode_ber_digest_info(const mac_entry_st * e, return _gnutls_asn2err(result); } - result = - asn1_write_value(dinfo, "digestAlgorithm.algorithm", algo, 1); + result = asn1_write_value(dinfo, "digestAlgorithm.algorithm", algo, 1); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&dinfo); @@ -644,8 +638,7 @@ encode_ber_digest_info(const mac_entry_st * e, return _gnutls_asn2err(result); } - result = - asn1_write_value(dinfo, "digest", digest->data, digest->size); + result = asn1_write_value(dinfo, "digest", digest->data, digest->size); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&dinfo); @@ -667,8 +660,7 @@ encode_ber_digest_info(const mac_entry_st * e, return GNUTLS_E_MEMORY_ERROR; } - result = - asn1_der_coding(dinfo, "", tmp_output, &tmp_output_size, NULL); + result = asn1_der_coding(dinfo, "", tmp_output, &tmp_output_size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&dinfo); @@ -708,7 +700,7 @@ gnutls_encode_ber_digest_info(gnutls_digest_algorithm_t hash, if (unlikely(e == NULL)) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - return encode_ber_digest_info(e , digest, output); + return encode_ber_digest_info(e, digest, output); } /** @@ -729,8 +721,8 @@ gnutls_encode_ber_digest_info(gnutls_digest_algorithm_t hash, **/ int gnutls_decode_ber_digest_info(const gnutls_datum_t * info, - gnutls_digest_algorithm_t * hash, - unsigned char * digest, unsigned int *digest_size) + gnutls_digest_algorithm_t * hash, + unsigned char *digest, unsigned int *digest_size) { asn1_node dinfo = NULL; int result; @@ -754,8 +746,7 @@ gnutls_decode_ber_digest_info(const gnutls_datum_t * info, } len = sizeof(str) - 1; - result = - asn1_read_value(dinfo, "digestAlgorithm.algorithm", str, &len); + result = asn1_read_value(dinfo, "digestAlgorithm.algorithm", str, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&dinfo); @@ -775,8 +766,7 @@ gnutls_decode_ber_digest_info(const gnutls_datum_t * info, len = sizeof(str) - 1; result = - asn1_read_value(dinfo, "digestAlgorithm.parameters", str, - &len); + asn1_read_value(dinfo, "digestAlgorithm.parameters", str, &len); /* To avoid permitting garbage in the parameters field, either the parameters field is not present, or it contains 0x05 0x00. */ if (!(result == ASN1_ELEMENT_NOT_FOUND || @@ -804,13 +794,12 @@ gnutls_decode_ber_digest_info(const gnutls_datum_t * info, } int -_gnutls_params_get_rsa_raw(const gnutls_pk_params_st* params, - gnutls_datum_t * m, gnutls_datum_t * e, - gnutls_datum_t * d, gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u, - gnutls_datum_t * e1, - gnutls_datum_t * e2, - unsigned int flags) +_gnutls_params_get_rsa_raw(const gnutls_pk_params_st * params, + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u, + gnutls_datum_t * e1, + gnutls_datum_t * e2, unsigned int flags) { int ret; mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; @@ -919,7 +908,7 @@ _gnutls_params_get_rsa_raw(const gnutls_pk_params_st* params, return 0; - error: + error: _gnutls_free_datum(m); _gnutls_free_datum(d); _gnutls_free_datum(e); @@ -932,10 +921,10 @@ _gnutls_params_get_rsa_raw(const gnutls_pk_params_st* params, } int -_gnutls_params_get_dsa_raw(const gnutls_pk_params_st* params, - gnutls_datum_t * p, gnutls_datum_t * q, - gnutls_datum_t * g, gnutls_datum_t * y, - gnutls_datum_t * x, unsigned int flags) +_gnutls_params_get_dsa_raw(const gnutls_pk_params_st * params, + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y, + gnutls_datum_t * x, unsigned int flags) { int ret; mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; @@ -972,7 +961,6 @@ _gnutls_params_get_dsa_raw(const gnutls_pk_params_st* params, } } - /* G */ if (g) { ret = dprint(params->params[2], g); @@ -984,7 +972,6 @@ _gnutls_params_get_dsa_raw(const gnutls_pk_params_st* params, } } - /* Y */ if (y) { ret = dprint(params->params[3], y); @@ -1013,12 +1000,11 @@ _gnutls_params_get_dsa_raw(const gnutls_pk_params_st* params, return 0; } -int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, - gnutls_ecc_curve_t * curve, - gnutls_datum_t * x, - gnutls_datum_t * y, - gnutls_datum_t * k, - unsigned int flags) +int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st * params, + gnutls_ecc_curve_t * curve, + gnutls_datum_t * x, + gnutls_datum_t * y, + gnutls_datum_t * k, unsigned int flags) { int ret; mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; @@ -1039,7 +1025,9 @@ int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, if (_curve_is_eddsa(e) || _curve_is_modern_ecdh(e)) { if (x) { - ret = _gnutls_set_datum(x, params->raw_pub.data, params->raw_pub.size); + ret = + _gnutls_set_datum(x, params->raw_pub.data, + params->raw_pub.size); if (ret < 0) { return gnutls_assert_val(ret); } @@ -1051,7 +1039,9 @@ int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, } if (k) { - ret = _gnutls_set_datum(k, params->raw_priv.data, params->raw_priv.size); + ret = + _gnutls_set_datum(k, params->raw_priv.data, + params->raw_priv.size); if (ret < 0) { _gnutls_free_datum(x); return gnutls_assert_val(ret); @@ -1083,7 +1073,6 @@ int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, } } - /* K */ if (k) { ret = dprint(params->params[ECC_K], k); @@ -1099,14 +1088,13 @@ int _gnutls_params_get_ecc_raw(const gnutls_pk_params_st* params, } -int _gnutls_params_get_gost_raw(const gnutls_pk_params_st* params, - gnutls_ecc_curve_t * curve, - gnutls_digest_algorithm_t * digest, - gnutls_gost_paramset_t * paramset, - gnutls_datum_t * x, - gnutls_datum_t * y, - gnutls_datum_t * k, - unsigned int flags) +int _gnutls_params_get_gost_raw(const gnutls_pk_params_st * params, + gnutls_ecc_curve_t * curve, + gnutls_digest_algorithm_t * digest, + gnutls_gost_paramset_t * paramset, + gnutls_datum_t * x, + gnutls_datum_t * y, + gnutls_datum_t * k, unsigned int flags) { int ret; mpi_dprint_func dprint = _gnutls_mpi_dprint_le; @@ -1144,7 +1132,6 @@ int _gnutls_params_get_gost_raw(const gnutls_pk_params_st* params, } } - /* K */ if (k) { ret = dprint(params->params[GOST_K], k); @@ -1175,8 +1162,8 @@ pk_hash_data(gnutls_pk_algorithm_t pk, const mac_entry_st * hash, } ret = - _gnutls_hash_fast((gnutls_digest_algorithm_t)hash->id, data->data, data->size, - digest->data); + _gnutls_hash_fast((gnutls_digest_algorithm_t) hash->id, data->data, + data->size, digest->data); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1184,12 +1171,11 @@ pk_hash_data(gnutls_pk_algorithm_t pk, const mac_entry_st * hash, return 0; - cleanup: + cleanup: gnutls_free(digest->data); return ret; } - /* * This function will do RSA PKCS #1 1.5 encoding * on the given digest. The given digest must be allocated @@ -1215,14 +1201,14 @@ pk_prepare_hash(gnutls_pk_algorithm_t pk, case GNUTLS_MAC_SHA224: break; default: - _gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED); + _gnutls_switch_fips_state + (GNUTLS_FIPS140_OP_NOT_APPROVED); } /* Encode the digest as a DigestInfo */ if ((ret = - encode_ber_digest_info(hash, &old_digest, - digest)) != 0) { + encode_ber_digest_info(hash, &old_digest, digest)) != 0) { gnutls_assert(); return ret; } |