diff options
Diffstat (limited to 'lib/x509/mpi.c')
-rw-r--r-- | lib/x509/mpi.c | 420 |
1 files changed, 204 insertions, 216 deletions
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index c737b10980..e5b9dddf8b 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -32,42 +32,38 @@ /* Reads an Integer from the DER encoded data */ -int -_gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out) +int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out) { - int result; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; + int result; + ASN1_TYPE spk = ASN1_TYPE_EMPTY; - /* == INTEGER */ - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", - &spk)) != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + /* == INTEGER */ + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", + &spk)) != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } - result = asn1_der_decoding (&spk, der, dersize, NULL); + result = asn1_der_decoding(&spk, der, dersize, NULL); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - asn1_delete_structure (&spk); - return _gnutls_asn2err (result); - } + if (result != ASN1_SUCCESS) { + gnutls_assert(); + asn1_delete_structure(&spk); + return _gnutls_asn2err(result); + } - /* Read Y */ + /* Read Y */ - if ((result = _gnutls_x509_read_int (spk, "", out)) < 0) - { - gnutls_assert (); - asn1_delete_structure (&spk); - return _gnutls_asn2err (result); - } + if ((result = _gnutls_x509_read_int(spk, "", out)) < 0) { + gnutls_assert(); + asn1_delete_structure(&spk); + return _gnutls_asn2err(result); + } - asn1_delete_structure (&spk); + asn1_delete_structure(&spk); - return 0; + return 0; } @@ -75,102 +71,100 @@ _gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out) /* Extracts DSA and RSA parameters from a certificate. */ int -_gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root, - gnutls_pk_params_st * params) +_gnutls_get_asn_mpis(ASN1_TYPE asn, const char *root, + gnutls_pk_params_st * params) { - int result; - char name[256]; - gnutls_datum_t tmp = { NULL, 0 }; - gnutls_pk_algorithm_t pk_algorithm; - - gnutls_pk_params_init(params); - - result = _gnutls_x509_get_pk_algorithm (asn, root, NULL); - if (result < 0) - { - gnutls_assert (); - return result; - } - - pk_algorithm = result; - - /* Read the algorithm's parameters - */ - _asnstr_append_name (name, sizeof (name), root, ".subjectPublicKey"); - result = _gnutls_x509_read_value (asn, name, &tmp); - - if (result < 0) - { - gnutls_assert (); - return result; - } - - if ((result = - _gnutls_x509_read_pubkey (pk_algorithm, tmp.data, tmp.size, params)) < 0) - { - gnutls_assert (); - goto error; - } - - /* Now read the parameters - */ - _gnutls_free_datum (&tmp); - - _asnstr_append_name (name, sizeof (name), root, - ".algorithm.parameters"); - - /* FIXME: If the parameters are not included in the certificate - * then the issuer's parameters should be used. This is not - * done yet. - */ - - if (pk_algorithm != GNUTLS_PK_RSA) /* RSA doesn't use parameters */ - { - result = _gnutls_x509_read_value (asn, name, &tmp); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - if ((result = - _gnutls_x509_read_pubkey_params (pk_algorithm, tmp.data, tmp.size, params)) < 0) - { - gnutls_assert (); - goto error; - } - } - - result = 0; - -error: - _gnutls_free_datum (&tmp); - return result; + int result; + char name[256]; + gnutls_datum_t tmp = { NULL, 0 }; + gnutls_pk_algorithm_t pk_algorithm; + + gnutls_pk_params_init(params); + + result = _gnutls_x509_get_pk_algorithm(asn, root, NULL); + if (result < 0) { + gnutls_assert(); + return result; + } + + pk_algorithm = result; + + /* Read the algorithm's parameters + */ + _asnstr_append_name(name, sizeof(name), root, ".subjectPublicKey"); + result = _gnutls_x509_read_value(asn, name, &tmp); + + if (result < 0) { + gnutls_assert(); + return result; + } + + if ((result = + _gnutls_x509_read_pubkey(pk_algorithm, tmp.data, tmp.size, + params)) < 0) { + gnutls_assert(); + goto error; + } + + /* Now read the parameters + */ + _gnutls_free_datum(&tmp); + + _asnstr_append_name(name, sizeof(name), root, + ".algorithm.parameters"); + + /* FIXME: If the parameters are not included in the certificate + * then the issuer's parameters should be used. This is not + * done yet. + */ + + if (pk_algorithm != GNUTLS_PK_RSA) { /* RSA doesn't use parameters */ + result = _gnutls_x509_read_value(asn, name, &tmp); + if (result < 0) { + gnutls_assert(); + goto error; + } + + if ((result = + _gnutls_x509_read_pubkey_params(pk_algorithm, + tmp.data, tmp.size, + params)) < 0) { + gnutls_assert(); + goto error; + } + } + + result = 0; + + error: + _gnutls_free_datum(&tmp); + return result; } /* Extracts DSA and RSA parameters from a certificate. */ int -_gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert, - gnutls_pk_params_st * params) +_gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert, + gnutls_pk_params_st * params) { - /* Read the algorithm's OID - */ - return _gnutls_get_asn_mpis (cert->cert, - "tbsCertificate.subjectPublicKeyInfo", params); + /* Read the algorithm's OID + */ + return _gnutls_get_asn_mpis(cert->cert, + "tbsCertificate.subjectPublicKeyInfo", + params); } /* Extracts DSA and RSA parameters from a certificate. */ int -_gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert, - gnutls_pk_params_st* params) +_gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert, + gnutls_pk_params_st * params) { - /* Read the algorithm's OID - */ - return _gnutls_get_asn_mpis (cert->crq, - "certificationRequestInfo.subjectPKInfo", - params); + /* Read the algorithm's OID + */ + return _gnutls_get_asn_mpis(cert->crq, + "certificationRequestInfo.subjectPKInfo", + params); } /* @@ -178,55 +172,53 @@ _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert, * This is the "signatureAlgorithm" fields. */ int -_gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, - gnutls_pk_algorithm_t pk_algorithm, - gnutls_digest_algorithm_t dig) +_gnutls_x509_write_sig_params(ASN1_TYPE dst, const char *dst_name, + gnutls_pk_algorithm_t pk_algorithm, + gnutls_digest_algorithm_t dig) { - int result; - char name[128]; - const char *pk; - - _gnutls_str_cpy (name, sizeof (name), dst_name); - _gnutls_str_cat (name, sizeof (name), ".algorithm"); - - pk = _gnutls_x509_sign_to_oid (pk_algorithm, dig); - if (pk == NULL) - { - gnutls_assert (); - _gnutls_debug_log - ("Cannot find OID for sign algorithm pk: %d dig: %d\n", - (int) pk_algorithm, (int) dig); - return GNUTLS_E_INVALID_REQUEST; - } - - /* write the OID. - */ - result = asn1_write_value (dst, name, pk, 1); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - - _gnutls_str_cpy (name, sizeof (name), dst_name); - _gnutls_str_cat (name, sizeof (name), ".parameters"); - - if (pk_algorithm == GNUTLS_PK_RSA) - result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE); - else - result = asn1_write_value (dst, name, NULL, 0); - - if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) - { - /* Here we ignore the element not found error, since this - * may have been disabled before. - */ - gnutls_assert (); - return _gnutls_asn2err (result); - } - - return 0; + int result; + char name[128]; + const char *pk; + + _gnutls_str_cpy(name, sizeof(name), dst_name); + _gnutls_str_cat(name, sizeof(name), ".algorithm"); + + pk = _gnutls_x509_sign_to_oid(pk_algorithm, dig); + if (pk == NULL) { + gnutls_assert(); + _gnutls_debug_log + ("Cannot find OID for sign algorithm pk: %d dig: %d\n", + (int) pk_algorithm, (int) dig); + return GNUTLS_E_INVALID_REQUEST; + } + + /* write the OID. + */ + result = asn1_write_value(dst, name, pk, 1); + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + + _gnutls_str_cpy(name, sizeof(name), dst_name); + _gnutls_str_cat(name, sizeof(name), ".parameters"); + + if (pk_algorithm == GNUTLS_PK_RSA) + result = + asn1_write_value(dst, name, ASN1_NULL, ASN1_NULL_SIZE); + else + result = asn1_write_value(dst, name, NULL, 0); + + if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND) { + /* Here we ignore the element not found error, since this + * may have been disabled before. + */ + gnutls_assert(); + return _gnutls_asn2err(result); + } + + return 0; } /* this function reads a (small) unsigned integer @@ -234,72 +226,68 @@ _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name, * steps. */ int -_gnutls_x509_read_uint (ASN1_TYPE node, const char *value, unsigned int *ret) +_gnutls_x509_read_uint(ASN1_TYPE node, const char *value, + unsigned int *ret) { - int len, result; - uint8_t *tmpstr; - - len = 0; - result = asn1_read_value (node, value, NULL, &len); - if (result != ASN1_MEM_ERROR) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } - - tmpstr = gnutls_malloc (len); - if (tmpstr == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - result = asn1_read_value (node, value, tmpstr, &len); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - gnutls_free (tmpstr); - return _gnutls_asn2err (result); - } - - if (len == 1) - *ret = tmpstr[0]; - else if (len == 2) - *ret = _gnutls_read_uint16 (tmpstr); - else if (len == 3) - *ret = _gnutls_read_uint24 (tmpstr); - else if (len == 4) - *ret = _gnutls_read_uint32 (tmpstr); - else - { - gnutls_assert (); - gnutls_free (tmpstr); - return GNUTLS_E_INTERNAL_ERROR; - } - - gnutls_free (tmpstr); - - return 0; + int len, result; + uint8_t *tmpstr; + + len = 0; + result = asn1_read_value(node, value, NULL, &len); + if (result != ASN1_MEM_ERROR) { + gnutls_assert(); + return _gnutls_asn2err(result); + } + + tmpstr = gnutls_malloc(len); + if (tmpstr == NULL) { + gnutls_assert(); + return GNUTLS_E_MEMORY_ERROR; + } + + result = asn1_read_value(node, value, tmpstr, &len); + + if (result != ASN1_SUCCESS) { + gnutls_assert(); + gnutls_free(tmpstr); + return _gnutls_asn2err(result); + } + + if (len == 1) + *ret = tmpstr[0]; + else if (len == 2) + *ret = _gnutls_read_uint16(tmpstr); + else if (len == 3) + *ret = _gnutls_read_uint24(tmpstr); + else if (len == 4) + *ret = _gnutls_read_uint32(tmpstr); + else { + gnutls_assert(); + gnutls_free(tmpstr); + return GNUTLS_E_INTERNAL_ERROR; + } + + gnutls_free(tmpstr); + + return 0; } /* Writes the specified integer into the specified node. */ int -_gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, uint32_t num) +_gnutls_x509_write_uint32(ASN1_TYPE node, const char *value, uint32_t num) { - uint8_t tmpstr[4]; - int result; + uint8_t tmpstr[4]; + int result; - _gnutls_write_uint32 (num, tmpstr); + _gnutls_write_uint32(num, tmpstr); - result = asn1_write_value (node, value, tmpstr, 4); + result = asn1_write_value(node, value, tmpstr, 4); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - return _gnutls_asn2err (result); - } + if (result != ASN1_SUCCESS) { + gnutls_assert(); + return _gnutls_asn2err(result); + } - return 0; + return 0; } |