diff options
Diffstat (limited to 'lib/x509/key_decode.c')
-rw-r--r-- | lib/x509/key_decode.c | 400 |
1 files changed, 201 insertions, 199 deletions
diff --git a/lib/x509/key_decode.c b/lib/x509/key_decode.c index b2267af5da..0a5e753eb8 100644 --- a/lib/x509/key_decode.c +++ b/lib/x509/key_decode.c @@ -30,15 +30,16 @@ #include <gnutls_num.h> #include <gnutls_ecc.h> -static int _gnutls_x509_read_rsa_pubkey (uint8_t * der, int dersize, - gnutls_pk_params_st* params); -static int _gnutls_x509_read_dsa_pubkey (uint8_t * der, int dersize, - gnutls_pk_params_st * params); -static int _gnutls_x509_read_ecc_pubkey (uint8_t * der, int dersize, - gnutls_pk_params_st * params); +static int _gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize, + gnutls_pk_params_st * params); +static int _gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize, + gnutls_pk_params_st * params); +static int _gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize, + gnutls_pk_params_st * params); static int -_gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st * params); +_gnutls_x509_read_dsa_params(uint8_t * der, int dersize, + gnutls_pk_params_st * params); /* * some x509 certificate parsing functions that relate to MPI parameter @@ -46,48 +47,47 @@ _gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st * * Returns 2 parameters (m,e). It does not set params_nr. */ int -_gnutls_x509_read_rsa_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * params) +_gnutls_x509_read_rsa_pubkey(uint8_t * der, int dersize, + gnutls_pk_params_st * params) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; - - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPublicKey", &spk)) - != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - result = asn1_der_decoding (&spk, der, dersize, NULL); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&spk); - return _gnutls_asn2err (result); - } - - - if ((result = _gnutls_x509_read_int (spk, "modulus", ¶ms->params[0])) < 0) - { - gnutls_assert (); - asn1_delete_structure (&spk); - return GNUTLS_E_ASN1_GENERIC_ERROR; - } - - if ((result = _gnutls_x509_read_int (spk, "publicExponent", - ¶ms->params[1])) < 0) - { - gnutls_assert (); - _gnutls_mpi_release (¶ms->params[0]); - asn1_delete_structure (&spk); - return GNUTLS_E_ASN1_GENERIC_ERROR; - } - - asn1_delete_structure (&spk); - - return 0; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; + + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk)) + != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = asn1_der_decoding(&spk, der, dersize, NULL); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&spk); + return _gnutls_asn2err(result); + } + + + if ((result = + _gnutls_x509_read_int(spk, "modulus", + ¶ms->params[0])) < 0) { + gnutls_assert(); + asn1_delete_structure(&spk); + return GNUTLS_E_ASN1_GENERIC_ERROR; + } + + if ((result = _gnutls_x509_read_int(spk, "publicExponent", + ¶ms->params[1])) < 0) { + gnutls_assert(); + _gnutls_mpi_release(¶ms->params[0]); + asn1_delete_structure(&spk); + return GNUTLS_E_ASN1_GENERIC_ERROR; + } + + asn1_delete_structure(&spk); + + return 0; } @@ -97,13 +97,15 @@ _gnutls_x509_read_rsa_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * * Returns 2 parameters (m,e). It does not set params_nr. */ int -_gnutls_x509_read_ecc_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * params) +_gnutls_x509_read_ecc_pubkey(uint8_t * der, int dersize, + gnutls_pk_params_st * params) { /* Eventhough RFC5480 defines the public key to be an ECPoint (i.e. OCTET STRING), * it is actually copied in raw there. Why do they use ASN.1 anyway? */ - return _gnutls_ecc_ansi_x963_import (der, dersize, ¶ms->params[ECC_X], - ¶ms->params[ECC_Y]); + return _gnutls_ecc_ansi_x963_import(der, dersize, + ¶ms->params[ECC_X], + ¶ms->params[ECC_Y]); } @@ -112,65 +114,65 @@ _gnutls_x509_read_ecc_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * * params[0-2]. It does NOT set params_nr. */ static int -_gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st * params) +_gnutls_x509_read_dsa_params(uint8_t * der, int dersize, + gnutls_pk_params_st * params) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; - - if ((result = asn1_create_element - (_gnutls_get_pkix (), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - result = asn1_der_decoding (&spk, der, dersize, NULL); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&spk); - return _gnutls_asn2err (result); - } - - /* FIXME: If the parameters are not included in the certificate - * then the issuer's parameters should be used. This is not - * done yet. - */ - - /* Read p */ - - if ((result = _gnutls_x509_read_int (spk, "p", ¶ms->params[0])) < 0) - { - gnutls_assert (); - asn1_delete_structure (&spk); - return GNUTLS_E_ASN1_GENERIC_ERROR; - } - - /* Read q */ - - if ((result = _gnutls_x509_read_int (spk, "q", ¶ms->params[1])) < 0) - { - gnutls_assert (); - asn1_delete_structure (&spk); - _gnutls_mpi_release (¶ms->params[0]); - return GNUTLS_E_ASN1_GENERIC_ERROR; - } - - /* Read g */ - - if ((result = _gnutls_x509_read_int (spk, "g", ¶ms->params[2])) < 0) - { - gnutls_assert (); - asn1_delete_structure (&spk); - _gnutls_mpi_release (¶ms->params[0]); - _gnutls_mpi_release (¶ms->params[1]); - return GNUTLS_E_ASN1_GENERIC_ERROR; - } - - asn1_delete_structure (&spk); - - return 0; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; + + if ((result = asn1_create_element + (_gnutls_get_pkix(), "PKIX1.Dss-Parms", + &spk)) != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + result = asn1_der_decoding(&spk, der, dersize, NULL); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&spk); + return _gnutls_asn2err(result); + } + + /* FIXME: If the parameters are not included in the certificate + * then the issuer's parameters should be used. This is not + * done yet. + */ + + /* Read p */ + + if ((result = + _gnutls_x509_read_int(spk, "p", ¶ms->params[0])) < 0) { + gnutls_assert(); + asn1_delete_structure(&spk); + return GNUTLS_E_ASN1_GENERIC_ERROR; + } + + /* Read q */ + + if ((result = + _gnutls_x509_read_int(spk, "q", ¶ms->params[1])) < 0) { + gnutls_assert(); + asn1_delete_structure(&spk); + _gnutls_mpi_release(¶ms->params[0]); + return GNUTLS_E_ASN1_GENERIC_ERROR; + } + + /* Read g */ + + if ((result = + _gnutls_x509_read_int(spk, "g", ¶ms->params[2])) < 0) { + gnutls_assert(); + asn1_delete_structure(&spk); + _gnutls_mpi_release(¶ms->params[0]); + _gnutls_mpi_release(¶ms->params[1]); + return GNUTLS_E_ASN1_GENERIC_ERROR; + } + + asn1_delete_structure(&spk); + + return 0; } @@ -178,99 +180,99 @@ _gnutls_x509_read_dsa_params (uint8_t * der, int dersize, gnutls_pk_params_st * * params[0-4]. It does NOT set params_nr. */ int -_gnutls_x509_read_ecc_params (uint8_t * der, int dersize, gnutls_pk_params_st * params) +_gnutls_x509_read_ecc_params(uint8_t * der, int dersize, + gnutls_pk_params_st * params) { - int ret; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; - char oid[MAX_OID_SIZE]; - int oid_size; - - if ((ret = asn1_create_element - (_gnutls_get_gnutls_asn (), "GNUTLS.ECParameters", &spk)) != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (ret); - } - - ret = asn1_der_decoding (&spk, der, dersize, NULL); - - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - /* Read curve */ - /* read the curve */ - oid_size = sizeof(oid); - ret = asn1_read_value(spk, "namedCurve", oid, &oid_size); - if (ret != ASN1_SUCCESS) - { - gnutls_assert (); - ret = _gnutls_asn2err (ret); - goto cleanup; - } - - params->flags = _gnutls_oid_to_ecc_curve(oid); - if (params->flags == GNUTLS_ECC_CURVE_INVALID) - { - _gnutls_debug_log("Curve %s is not supported\n", oid); - gnutls_assert(); - ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE; - goto cleanup; - } - - ret = 0; - -cleanup: - - asn1_delete_structure (&spk); - - return ret; + int ret; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; + char oid[MAX_OID_SIZE]; + int oid_size; + + if ((ret = asn1_create_element + (_gnutls_get_gnutls_asn(), "GNUTLS.ECParameters", + &spk)) != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(ret); + } + + ret = asn1_der_decoding(&spk, der, dersize, NULL); + + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } + + /* Read curve */ + /* read the curve */ + oid_size = sizeof(oid); + ret = asn1_read_value(spk, "namedCurve", oid, &oid_size); + if (ret != ASN1_SUCCESS) { + gnutls_assert(); + ret = _gnutls_asn2err(ret); + goto cleanup; + } + + params->flags = _gnutls_oid_to_ecc_curve(oid); + if (params->flags == GNUTLS_ECC_CURVE_INVALID) { + _gnutls_debug_log("Curve %s is not supported\n", oid); + gnutls_assert(); + ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE; + goto cleanup; + } + + ret = 0; + + cleanup: + + asn1_delete_structure(&spk); + + return ret; } -int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t algo, uint8_t * der, int dersize, - gnutls_pk_params_st * params) +int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t algo, uint8_t * der, + int dersize, gnutls_pk_params_st * params) { -int ret; - - switch(algo) - { - case GNUTLS_PK_RSA: - ret = _gnutls_x509_read_rsa_pubkey(der, dersize, params); - if (ret >= 0) params->params_nr = RSA_PUBLIC_PARAMS; - break; - case GNUTLS_PK_DSA: - ret = _gnutls_x509_read_dsa_pubkey(der, dersize, params); - if (ret >= 0) params->params_nr = DSA_PUBLIC_PARAMS; - break; - case GNUTLS_PK_EC: - ret = _gnutls_x509_read_ecc_pubkey(der, dersize, params); - if (ret >= 0) params->params_nr = ECC_PUBLIC_PARAMS; - break; - default: - ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); - break; - } - return ret; + int ret; + + switch (algo) { + case GNUTLS_PK_RSA: + ret = _gnutls_x509_read_rsa_pubkey(der, dersize, params); + if (ret >= 0) + params->params_nr = RSA_PUBLIC_PARAMS; + break; + case GNUTLS_PK_DSA: + ret = _gnutls_x509_read_dsa_pubkey(der, dersize, params); + if (ret >= 0) + params->params_nr = DSA_PUBLIC_PARAMS; + break; + case GNUTLS_PK_EC: + ret = _gnutls_x509_read_ecc_pubkey(der, dersize, params); + if (ret >= 0) + params->params_nr = ECC_PUBLIC_PARAMS; + break; + default: + ret = gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + break; + } + return ret; } -int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t algo, uint8_t * der, int dersize, - gnutls_pk_params_st * params) +int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t algo, + uint8_t * der, int dersize, + gnutls_pk_params_st * params) { - switch(algo) - { - case GNUTLS_PK_RSA: - return 0; - case GNUTLS_PK_DSA: - return _gnutls_x509_read_dsa_params(der, dersize, params); - case GNUTLS_PK_EC: - return _gnutls_x509_read_ecc_params(der, dersize, params); - default: - return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); - } + switch (algo) { + case GNUTLS_PK_RSA: + return 0; + case GNUTLS_PK_DSA: + return _gnutls_x509_read_dsa_params(der, dersize, params); + case GNUTLS_PK_EC: + return _gnutls_x509_read_ecc_params(der, dersize, params); + default: + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); + } } /* reads DSA's Y @@ -278,10 +280,10 @@ int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t algo, uint8_t * der, * only sets params[3] */ int -_gnutls_x509_read_dsa_pubkey (uint8_t * der, int dersize, gnutls_pk_params_st * params) +_gnutls_x509_read_dsa_pubkey(uint8_t * der, int dersize, + gnutls_pk_params_st * params) { - /* do not set a number */ - params->params_nr = 0; - return _gnutls_x509_read_der_int (der, dersize, ¶ms->params[3]); + /* do not set a number */ + params->params_nr = 0; + return _gnutls_x509_read_der_int(der, dersize, ¶ms->params[3]); } - |