diff options
Diffstat (limited to 'lib/x509/key_encode.c')
-rw-r--r-- | lib/x509/key_encode.c | 143 |
1 files changed, 63 insertions, 80 deletions
diff --git a/lib/x509/key_encode.c b/lib/x509/key_encode.c index 8428cd1733..4aa493b7cc 100644 --- a/lib/x509/key_encode.c +++ b/lib/x509/key_encode.c @@ -40,9 +40,9 @@ static int _gnutls_x509_write_dsa_params(const gnutls_pk_params_st * params, static int _gnutls_x509_write_dsa_pubkey(const gnutls_pk_params_st * params, gnutls_datum_t * der); static int _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, - gnutls_datum_t * der); + gnutls_datum_t * der); static int _gnutls_x509_write_gost_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der); + gnutls_datum_t * der); /* * some x509 certificate functions that relate to MPI parameter @@ -74,16 +74,14 @@ _gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st * params, return _gnutls_asn2err(result); } - result = - _gnutls_x509_write_int(spk, "modulus", params->params[0], 1); + result = _gnutls_x509_write_int(spk, "modulus", params->params[0], 1); if (result < 0) { gnutls_assert(); goto cleanup; } result = - _gnutls_x509_write_int(spk, "publicExponent", - params->params[1], 1); + _gnutls_x509_write_int(spk, "publicExponent", params->params[1], 1); if (result < 0) { gnutls_assert(); goto cleanup; @@ -97,7 +95,7 @@ _gnutls_x509_write_rsa_pubkey(const gnutls_pk_params_st * params, result = 0; - cleanup: + cleanup: asn1_delete_structure(&spk); return result; @@ -121,11 +119,8 @@ _gnutls_x509_write_ecc_pubkey(const gnutls_pk_params_st * params, if (params->params_nr < ECC_PUBLIC_PARAMS) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - result = - _gnutls_ecc_ansi_x962_export(params->curve, - params->params[ECC_X], - params->params[ECC_Y], /*&out */ - der); + result = _gnutls_ecc_ansi_x962_export(params->curve, params->params[ECC_X], params->params[ECC_Y], /*&out */ + der); if (result < 0) return gnutls_assert_val(result); @@ -140,7 +135,7 @@ _gnutls_x509_write_ecc_pubkey(const gnutls_pk_params_st * params, */ int _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * raw) + gnutls_datum_t * raw) { int ret; @@ -154,7 +149,8 @@ _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params, params->curve != GNUTLS_ECC_CURVE_ED448) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); - ret = _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size); + ret = + _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); @@ -169,7 +165,7 @@ _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params, */ static int _gnutls_x509_write_modern_ecdh_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * raw) + gnutls_datum_t * raw) { int ret; @@ -183,7 +179,8 @@ _gnutls_x509_write_modern_ecdh_pubkey(const gnutls_pk_params_st * params, params->curve != GNUTLS_ECC_CURVE_X448) return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE); - ret = _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size); + ret = + _gnutls_set_datum(raw, params->raw_pub.data, params->raw_pub.size); if (ret < 0) return gnutls_assert_val(ret); @@ -192,7 +189,7 @@ _gnutls_x509_write_modern_ecdh_pubkey(const gnutls_pk_params_st * params, int _gnutls_x509_write_gost_pubkey(const gnutls_pk_params_st * params, - gnutls_datum_t * der) + gnutls_datum_t * der) { bigint_t x, y; int numlen; @@ -380,7 +377,7 @@ _gnutls_x509_write_dsa_params(const gnutls_pk_params_st * params, result = 0; - cleanup: + cleanup: asn1_delete_structure(&spk); return result; } @@ -406,7 +403,6 @@ _gnutls_x509_write_ecc_params(const gnutls_ecc_curve_t curve, if (oid == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if ((result = asn1_create_element (_gnutls_get_gnutls_asn(), "GNUTLS.ECParameters", &spk)) != ASN1_SUCCESS) { @@ -422,8 +418,7 @@ _gnutls_x509_write_ecc_params(const gnutls_ecc_curve_t curve, } if ((result = - asn1_write_value(spk, "namedCurve", oid, - 1)) != ASN1_SUCCESS) { + asn1_write_value(spk, "namedCurve", oid, 1)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -437,14 +432,14 @@ _gnutls_x509_write_ecc_params(const gnutls_ecc_curve_t curve, result = 0; - cleanup: + cleanup: asn1_delete_structure(&spk); return result; } int -_gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st *params, - gnutls_datum_t *der) +_gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st * params, + gnutls_datum_t * der) { int result; asn1_node spk = NULL; @@ -459,7 +454,8 @@ _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st *params, return 0; /* refuse to write parameters we cannot read */ - if (gnutls_pk_to_sign(GNUTLS_PK_RSA_PSS, params->rsa_pss_dig) == GNUTLS_SIGN_UNKNOWN) + if (gnutls_pk_to_sign(GNUTLS_PK_RSA_PSS, params->rsa_pss_dig) == + GNUTLS_SIGN_UNKNOWN) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); if ((result = asn1_create_element @@ -479,7 +475,8 @@ _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st *params, goto cleanup; } - if ((result = asn1_write_value(spk, "hashAlgorithm.parameters", NULL, 0)) + if ((result = + asn1_write_value(spk, "hashAlgorithm.parameters", NULL, 0)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); @@ -553,7 +550,7 @@ _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st *params, result = 0; - cleanup: + cleanup: _gnutls_free_datum(&tmp); asn1_delete_structure(&c2); asn1_delete_structure(&spk); @@ -562,7 +559,7 @@ _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st *params, static int _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, - gnutls_datum_t * der) + gnutls_datum_t * der) { int result; asn1_node spk = NULL; @@ -575,12 +572,10 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, if (oid == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - if ((result = asn1_create_element (_gnutls_get_gnutls_asn(), params->algo == GNUTLS_PK_GOST_01 ? - "GNUTLS.GOSTParametersOld" : - "GNUTLS.GOSTParameters", &spk)) + "GNUTLS.GOSTParametersOld" : "GNUTLS.GOSTParameters", &spk)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -613,7 +608,9 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, else oid = NULL; - if ((result = asn1_write_value(spk, "digestParamSet", oid, oid ? 1 : 0)) != ASN1_SUCCESS) { + if ((result = + asn1_write_value(spk, "digestParamSet", oid, + oid ? 1 : 0)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -627,7 +624,8 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, } if (params->algo == GNUTLS_PK_GOST_01) { - if (params->gost_params == _gnutls_gost_paramset_default(params->algo)) + if (params->gost_params == + _gnutls_gost_paramset_default(params->algo)) oid = NULL; if ((result = @@ -647,7 +645,7 @@ _gnutls_x509_write_gost_params(const gnutls_pk_params_st * params, result = 0; - cleanup: + cleanup: asn1_delete_structure(&spk); return result; } @@ -695,15 +693,14 @@ _gnutls_x509_write_dsa_pubkey(const gnutls_pk_params_st * params, result = 0; - cleanup: + cleanup: asn1_delete_structure(&spk); return result; } /* Encodes the RSA parameters into an ASN.1 RSA private key structure. */ -static int -_gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) +static int _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) { int result, ret; uint8_t null = '\0'; @@ -719,8 +716,7 @@ _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) return ret; } - ret = - _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params); + ret = _gnutls_pk_fixup(GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -763,7 +759,7 @@ _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) ret = _gnutls_x509_write_key_int(*c2, "privateExponent", - params->params[RSA_PRIV], 1); + params->params[RSA_PRIV], 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -771,7 +767,7 @@ _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) ret = _gnutls_x509_write_key_int(*c2, "prime1", - params->params[RSA_PRIME1], 1); + params->params[RSA_PRIME1], 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -779,7 +775,7 @@ _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) ret = _gnutls_x509_write_key_int(*c2, "prime2", - params->params[RSA_PRIME2], 1); + params->params[RSA_PRIME2], 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -787,7 +783,7 @@ _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) ret = _gnutls_x509_write_key_int(*c2, "coefficient", - params->params[RSA_COEF], 1); + params->params[RSA_COEF], 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -795,7 +791,7 @@ _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) ret = _gnutls_x509_write_key_int(*c2, "exponent1", - params->params[RSA_E1], 1); + params->params[RSA_E1], 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -803,7 +799,7 @@ _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) ret = _gnutls_x509_write_key_int(*c2, "exponent2", - params->params[RSA_E2], 1); + params->params[RSA_E2], 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -825,7 +821,7 @@ _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) ret = 0; - cleanup: + cleanup: if (ret < 0) asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); @@ -836,8 +832,7 @@ _gnutls_asn1_encode_rsa(asn1_node * c2, gnutls_pk_params_st * params) /* Encodes the ECC parameters into an ASN.1 ECPrivateKey structure. */ -static int -_gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) +static int _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) { int ret; uint8_t one = '\x01'; @@ -862,19 +857,19 @@ _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) goto cleanup; } - if ((ret = - asn1_write_value(*c2, "Version", &one, 1)) != ASN1_SUCCESS) { + if ((ret = asn1_write_value(*c2, "Version", &one, 1)) != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); goto cleanup; } if (curve_is_eddsa(params->curve) || - curve_is_modern_ecdh(params->curve)) { + curve_is_modern_ecdh(params->curve)) { if (params->raw_pub.size == 0 || params->raw_priv.size == 0) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); ret = - asn1_write_value(*c2, "privateKey", params->raw_priv.data, params->raw_priv.size); + asn1_write_value(*c2, "privateKey", params->raw_priv.data, + params->raw_priv.size); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -882,7 +877,8 @@ _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) } ret = - asn1_write_value(*c2, "publicKey", params->raw_pub.data, params->raw_pub.size*8); + asn1_write_value(*c2, "publicKey", params->raw_pub.data, + params->raw_pub.size * 8); if (ret != ASN1_SUCCESS) { gnutls_assert(); ret = _gnutls_asn2err(ret); @@ -895,13 +891,14 @@ _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) ret = _gnutls_ecc_ansi_x962_export(params->curve, params->params[ECC_X], - params->params[ECC_Y], &pubkey); + params->params[ECC_Y], + &pubkey); if (ret < 0) return gnutls_assert_val(ret); ret = _gnutls_x509_write_key_int(*c2, "privateKey", - params->params[ECC_K], 1); + params->params[ECC_K], 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -936,7 +933,7 @@ _gnutls_asn1_encode_ecc(asn1_node * c2, gnutls_pk_params_st * params) _gnutls_free_datum(&pubkey); return 0; -cleanup: + cleanup: asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); _gnutls_free_datum(&pubkey); @@ -968,17 +965,15 @@ _gnutls_asn1_encode_gost(asn1_node * c2, gnutls_pk_params_st * params) goto cleanup; } - ret = - _gnutls_x509_write_key_int_le(*c2, "", params->params[GOST_K]); + ret = _gnutls_x509_write_key_int_le(*c2, "", params->params[GOST_K]); if (ret < 0) { gnutls_assert(); goto cleanup; } - return 0; -cleanup: + cleanup: asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); return ret; @@ -986,8 +981,7 @@ cleanup: /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure. */ -static int -_gnutls_asn1_encode_dsa(asn1_node * c2, gnutls_pk_params_st * params) +static int _gnutls_asn1_encode_dsa(asn1_node * c2, gnutls_pk_params_st * params) { int result, ret; const uint8_t null = '\0'; @@ -1007,41 +1001,31 @@ _gnutls_asn1_encode_dsa(asn1_node * c2, gnutls_pk_params_st * params) /* Write PRIME */ - ret = - _gnutls_x509_write_int(*c2, "p", - params->params[DSA_P], 1); + ret = _gnutls_x509_write_int(*c2, "p", params->params[DSA_P], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_int(*c2, "q", - params->params[DSA_Q], 1); + ret = _gnutls_x509_write_int(*c2, "q", params->params[DSA_Q], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_int(*c2, "g", - params->params[DSA_G], 1); + ret = _gnutls_x509_write_int(*c2, "g", params->params[DSA_G], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_int(*c2, "Y", - params->params[DSA_Y], 1); + ret = _gnutls_x509_write_int(*c2, "Y", params->params[DSA_Y], 1); if (ret < 0) { gnutls_assert(); goto cleanup; } - ret = - _gnutls_x509_write_key_int(*c2, "priv", - params->params[DSA_X], 1); + ret = _gnutls_x509_write_key_int(*c2, "priv", params->params[DSA_X], 1); if (ret < 0) { gnutls_assert(); goto cleanup; @@ -1056,14 +1040,13 @@ _gnutls_asn1_encode_dsa(asn1_node * c2, gnutls_pk_params_st * params) return 0; -cleanup: + cleanup: asn1_delete_structure2(c2, ASN1_DELETE_FLAG_ZEROIZE); return ret; } -int _gnutls_asn1_encode_privkey(asn1_node * c2, - gnutls_pk_params_st * params) +int _gnutls_asn1_encode_privkey(asn1_node * c2, gnutls_pk_params_st * params) { switch (params->algo) { case GNUTLS_PK_RSA: |