diff options
Diffstat (limited to 'lib/x509/privkey.c')
-rw-r--r-- | lib/x509/privkey.c | 2043 |
1 files changed, 1094 insertions, 949 deletions
diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 1b0409e448..dd29e89d4d 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -38,8 +38,8 @@ #include <dsa.h> #include <verify.h> -static int _encode_rsa(ASN1_TYPE * c2, mpi_t * params); -static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params); +static int _encode_rsa (ASN1_TYPE * c2, mpi_t * params); +static int _encode_dsa (ASN1_TYPE * c2, mpi_t * params); /* remove this when libgcrypt can handle the PKCS #1 coefficients from * rsa keys @@ -55,17 +55,19 @@ static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params); * Returns 0 on success. * **/ -int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key) +int +gnutls_x509_privkey_init (gnutls_x509_privkey_t * key) { - *key = gnutls_calloc(1, sizeof(gnutls_x509_privkey_int)); + *key = gnutls_calloc (1, sizeof (gnutls_x509_privkey_int)); - if (*key) { - (*key)->key = ASN1_TYPE_EMPTY; - (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN; - return 0; /* success */ + if (*key) + { + (*key)->key = ASN1_TYPE_EMPTY; + (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN; + return 0; /* success */ } - return GNUTLS_E_MEMORY_ERROR; + return GNUTLS_E_MEMORY_ERROR; } /** @@ -75,19 +77,21 @@ int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key) * This function will deinitialize a private key structure. * **/ -void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key) +void +gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key) { - int i; + int i; - if (!key) - return; + if (!key) + return; - for (i = 0; i < key->params_size; i++) { - _gnutls_mpi_release(&key->params[i]); + for (i = 0; i < key->params_size; i++) + { + _gnutls_mpi_release (&key->params[i]); } - asn1_delete_structure(&key->key); - gnutls_free(key); + asn1_delete_structure (&key->key); + gnutls_free (key); } /** @@ -98,216 +102,234 @@ void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key) * This function will copy a private key from source to destination key. * **/ -int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, - gnutls_x509_privkey_t src) +int +gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src) { - int i, ret; + int i, ret; - if (!src || !dst) - return GNUTLS_E_INVALID_REQUEST; + if (!src || !dst) + return GNUTLS_E_INVALID_REQUEST; - for (i = 0; i < src->params_size; i++) { - dst->params[i] = _gnutls_mpi_copy(src->params[i]); - if (dst->params[i] == NULL) - return GNUTLS_E_MEMORY_ERROR; + for (i = 0; i < src->params_size; i++) + { + dst->params[i] = _gnutls_mpi_copy (src->params[i]); + if (dst->params[i] == NULL) + return GNUTLS_E_MEMORY_ERROR; } - dst->params_size = src->params_size; - dst->pk_algorithm = src->pk_algorithm; - dst->crippled = src->crippled; + dst->params_size = src->params_size; + dst->pk_algorithm = src->pk_algorithm; + dst->crippled = src->crippled; - if (!src->crippled) { - switch (dst->pk_algorithm) { + if (!src->crippled) + { + switch (dst->pk_algorithm) + { case GNUTLS_PK_DSA: - ret = _encode_dsa(&dst->key, dst->params); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _encode_dsa (&dst->key, dst->params); + if (ret < 0) + { + gnutls_assert (); + return ret; } - break; + break; case GNUTLS_PK_RSA: - ret = _encode_rsa(&dst->key, dst->params); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _encode_rsa (&dst->key, dst->params); + if (ret < 0) + { + gnutls_assert (); + return ret; } - break; + break; default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } } - return 0; + return 0; } /* Converts an RSA PKCS#1 key to * an internal structure (gnutls_private_key) */ -ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key( - const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) +ASN1_TYPE +_gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key, + gnutls_x509_privkey_t pkey) { - int result; - ASN1_TYPE pkey_asn; + int result; + ASN1_TYPE pkey_asn; - if ((result = - asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.RSAPrivateKey", - &pkey_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - return NULL; + if ((result = + asn1_create_element (_gnutls_get_gnutls_asn (), + "GNUTLS.RSAPrivateKey", + &pkey_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return NULL; } - if ((sizeof(pkey->params) / sizeof(mpi_t)) < RSA_PRIVATE_PARAMS) { - gnutls_assert(); - /* internal error. Increase the mpi_ts in params */ - return NULL; + if ((sizeof (pkey->params) / sizeof (mpi_t)) < RSA_PRIVATE_PARAMS) + { + gnutls_assert (); + /* internal error. Increase the mpi_ts in params */ + return NULL; } - result = - asn1_der_decoding(&pkey_asn, raw_key->data, raw_key->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; + result = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(pkey_asn, "modulus", - &pkey->params[0])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (pkey_asn, "modulus", + &pkey->params[0])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = - _gnutls_x509_read_int(pkey_asn, "publicExponent", - &pkey->params[1])) < 0) { - gnutls_assert(); - goto error; + if ((result = + _gnutls_x509_read_int (pkey_asn, "publicExponent", + &pkey->params[1])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = - _gnutls_x509_read_int(pkey_asn, "privateExponent", - &pkey->params[2])) < 0) { - gnutls_assert(); - goto error; + if ((result = + _gnutls_x509_read_int (pkey_asn, "privateExponent", + &pkey->params[2])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(pkey_asn, "prime1", - &pkey->params[3])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (pkey_asn, "prime1", + &pkey->params[3])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(pkey_asn, "prime2", - &pkey->params[4])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (pkey_asn, "prime2", + &pkey->params[4])) < 0) + { + gnutls_assert (); + goto error; } #ifdef CALC_COEFF - /* Calculate the coefficient. This is because the gcrypt - * library is uses the p,q in the reverse order. - */ - pkey->params[5] = - _gnutls_mpi_snew(_gnutls_mpi_get_nbits(pkey->params[0])); + /* Calculate the coefficient. This is because the gcrypt + * library is uses the p,q in the reverse order. + */ + pkey->params[5] = + _gnutls_mpi_snew (_gnutls_mpi_get_nbits (pkey->params[0])); - if (pkey->params[5] == NULL) { - gnutls_assert(); - goto error; + if (pkey->params[5] == NULL) + { + gnutls_assert (); + goto error; } - _gnutls_mpi_invm(pkey->params[5], pkey->params[3], pkey->params[4]); - /* p, q */ + _gnutls_mpi_invm (pkey->params[5], pkey->params[3], pkey->params[4]); + /* p, q */ #else - if ((result = _gnutls_x509_read_int(pkey_asn, "coefficient", - &pkey->params[5])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient", + &pkey->params[5])) < 0) + { + gnutls_assert (); + goto error; } #endif - pkey->params_size = 6; + pkey->params_size = 6; - return pkey_asn; + return pkey_asn; - error: - asn1_delete_structure(&pkey_asn); - _gnutls_mpi_release(&pkey->params[0]); - _gnutls_mpi_release(&pkey->params[1]); - _gnutls_mpi_release(&pkey->params[2]); - _gnutls_mpi_release(&pkey->params[3]); - _gnutls_mpi_release(&pkey->params[4]); - _gnutls_mpi_release(&pkey->params[5]); - return NULL; +error: + asn1_delete_structure (&pkey_asn); + _gnutls_mpi_release (&pkey->params[0]); + _gnutls_mpi_release (&pkey->params[1]); + _gnutls_mpi_release (&pkey->params[2]); + _gnutls_mpi_release (&pkey->params[3]); + _gnutls_mpi_release (&pkey->params[4]); + _gnutls_mpi_release (&pkey->params[5]); + return NULL; } -static ASN1_TYPE decode_dsa_key(const gnutls_datum_t * raw_key, - gnutls_x509_privkey_t pkey) +static ASN1_TYPE +decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) { - int result; - ASN1_TYPE dsa_asn; + int result; + ASN1_TYPE dsa_asn; - if ((result = - asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.DSAPrivateKey", - &dsa_asn)) != ASN1_SUCCESS) { - gnutls_assert(); - return NULL; + if ((result = + asn1_create_element (_gnutls_get_gnutls_asn (), + "GNUTLS.DSAPrivateKey", + &dsa_asn)) != ASN1_SUCCESS) + { + gnutls_assert (); + return NULL; } - if ((sizeof(pkey->params) / sizeof(mpi_t)) < DSA_PRIVATE_PARAMS) { - gnutls_assert(); - /* internal error. Increase the mpi_ts in params */ - return NULL; + if ((sizeof (pkey->params) / sizeof (mpi_t)) < DSA_PRIVATE_PARAMS) + { + gnutls_assert (); + /* internal error. Increase the mpi_ts in params */ + return NULL; } - result = - asn1_der_decoding(&dsa_asn, raw_key->data, raw_key->size, NULL); - if (result != ASN1_SUCCESS) { - gnutls_assert(); - goto error; + result = asn1_der_decoding (&dsa_asn, raw_key->data, raw_key->size, NULL); + if (result != ASN1_SUCCESS) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "p", - &pkey->params[0])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "p", &pkey->params[0])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "q", - &pkey->params[1])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "q", &pkey->params[1])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "g", - &pkey->params[2])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "g", &pkey->params[2])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "Y", - &pkey->params[3])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "Y", &pkey->params[3])) < 0) + { + gnutls_assert (); + goto error; } - if ((result = _gnutls_x509_read_int(dsa_asn, "priv", - &pkey->params[4])) < 0) { - gnutls_assert(); - goto error; + if ((result = _gnutls_x509_read_int (dsa_asn, "priv", + &pkey->params[4])) < 0) + { + gnutls_assert (); + goto error; } - pkey->params_size = 5; + pkey->params_size = 5; - return dsa_asn; + return dsa_asn; - error: - asn1_delete_structure(&dsa_asn); - _gnutls_mpi_release(&pkey->params[0]); - _gnutls_mpi_release(&pkey->params[1]); - _gnutls_mpi_release(&pkey->params[2]); - _gnutls_mpi_release(&pkey->params[3]); - _gnutls_mpi_release(&pkey->params[4]); - return NULL; +error: + asn1_delete_structure (&dsa_asn); + _gnutls_mpi_release (&pkey->params[0]); + _gnutls_mpi_release (&pkey->params[1]); + _gnutls_mpi_release (&pkey->params[2]); + _gnutls_mpi_release (&pkey->params[3]); + _gnutls_mpi_release (&pkey->params[4]); + return NULL; } @@ -330,99 +352,113 @@ static ASN1_TYPE decode_dsa_key(const gnutls_datum_t * raw_key, * Returns 0 on success. * **/ -int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format) +int +gnutls_x509_privkey_import (gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format) { - int result = 0, need_free = 0; - gnutls_datum_t _data; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - _data.data = data->data; - _data.size = data->size; - - key->pk_algorithm = GNUTLS_PK_UNKNOWN; - - /* If the Certificate is in PEM format then decode it - */ - if (format == GNUTLS_X509_FMT_PEM) { - opaque *out; - - /* Try the first header */ - result = - _gnutls_fbase64_decode(PEM_KEY_RSA, data->data, data->size, - &out); - key->pk_algorithm = GNUTLS_PK_RSA; - - if (result <= 0) { - /* try for the second header */ - result = - _gnutls_fbase64_decode(PEM_KEY_DSA, data->data, data->size, - &out); - key->pk_algorithm = GNUTLS_PK_DSA; - - if (result <= 0) { - if (result == 0) - result = GNUTLS_E_INTERNAL_ERROR; - gnutls_assert(); - return result; + int result = 0, need_free = 0; + gnutls_datum_t _data; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + _data.data = data->data; + _data.size = data->size; + + key->pk_algorithm = GNUTLS_PK_UNKNOWN; + + /* If the Certificate is in PEM format then decode it + */ + if (format == GNUTLS_X509_FMT_PEM) + { + opaque *out; + + /* Try the first header */ + result = + _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out); + key->pk_algorithm = GNUTLS_PK_RSA; + + if (result <= 0) + { + /* try for the second header */ + result = + _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size, + &out); + key->pk_algorithm = GNUTLS_PK_DSA; + + if (result <= 0) + { + if (result == 0) + result = GNUTLS_E_INTERNAL_ERROR; + gnutls_assert (); + return result; } } - _data.data = out; - _data.size = result; + _data.data = out; + _data.size = result; - need_free = 1; + need_free = 1; } - if (key->pk_algorithm == GNUTLS_PK_RSA) { - key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key); - if (key->key == NULL) { - gnutls_assert(); - result = GNUTLS_E_ASN1_DER_ERROR; - goto cleanup; + if (key->pk_algorithm == GNUTLS_PK_RSA) + { + key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); + if (key->key == NULL) + { + gnutls_assert (); + result = GNUTLS_E_ASN1_DER_ERROR; + goto cleanup; } - } else if (key->pk_algorithm == GNUTLS_PK_DSA) { - key->key = decode_dsa_key(&_data, key); - if (key->key == NULL) { - gnutls_assert(); - result = GNUTLS_E_ASN1_DER_ERROR; - goto cleanup; + } + else if (key->pk_algorithm == GNUTLS_PK_DSA) + { + key->key = decode_dsa_key (&_data, key); + if (key->key == NULL) + { + gnutls_assert (); + result = GNUTLS_E_ASN1_DER_ERROR; + goto cleanup; } - } else { - /* Try decoding with both, and accept the one that - * succeeds. - */ - key->pk_algorithm = GNUTLS_PK_DSA; - key->key = decode_dsa_key(&_data, key); - - if (key->key == NULL) { - key->pk_algorithm = GNUTLS_PK_RSA; - key->key = _gnutls_privkey_decode_pkcs1_rsa_key(&_data, key); - if (key->key == NULL) { - gnutls_assert(); - result = GNUTLS_E_ASN1_DER_ERROR; - goto cleanup; + } + else + { + /* Try decoding with both, and accept the one that + * succeeds. + */ + key->pk_algorithm = GNUTLS_PK_DSA; + key->key = decode_dsa_key (&_data, key); + + if (key->key == NULL) + { + key->pk_algorithm = GNUTLS_PK_RSA; + key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key); + if (key->key == NULL) + { + gnutls_assert (); + result = GNUTLS_E_ASN1_DER_ERROR; + goto cleanup; } } } - if (need_free) - _gnutls_free_datum(&_data); + if (need_free) + _gnutls_free_datum (&_data); - /* The key has now been decoded. - */ + /* The key has now been decoded. + */ - return 0; + return 0; - cleanup: - key->pk_algorithm = GNUTLS_PK_UNKNOWN; - if (need_free) - _gnutls_free_datum(&_data); - return result; +cleanup: + key->pk_algorithm = GNUTLS_PK_UNKNOWN; + if (need_free) + _gnutls_free_datum (&_data); + return result; } #define FREE_RSA_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \ @@ -444,86 +480,100 @@ int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, * to the native gnutls_x509_privkey_t format. The output will be stored in @key. * **/ -int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * m, const gnutls_datum_t * e, const gnutls_datum_t * d, - const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * u) +int +gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u) { - int i = 0, ret; - size_t siz = 0; + int i = 0, ret; + size_t siz = 0; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - siz = m->size; - if (_gnutls_mpi_scan_nz(&key->params[0], m->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = m->size; + if (_gnutls_mpi_scan_nz (&key->params[0], m->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } - siz = e->size; - if (_gnutls_mpi_scan_nz(&key->params[1], e->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = e->size; + if (_gnutls_mpi_scan_nz (&key->params[1], e->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } - siz = d->size; - if (_gnutls_mpi_scan_nz(&key->params[2], d->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = d->size; + if (_gnutls_mpi_scan_nz (&key->params[2], d->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } - siz = p->size; - if (_gnutls_mpi_scan_nz(&key->params[3], p->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = p->size; + if (_gnutls_mpi_scan_nz (&key->params[3], p->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } - siz = q->size; - if (_gnutls_mpi_scan_nz(&key->params[4], q->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = q->size; + if (_gnutls_mpi_scan_nz (&key->params[4], q->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } #ifdef CALC_COEFF - key->params[5] = - _gnutls_mpi_snew(_gnutls_mpi_get_nbits(key->params[0])); + key->params[5] = _gnutls_mpi_snew (_gnutls_mpi_get_nbits (key->params[0])); - if (key->params[5] == NULL) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MEMORY_ERROR; + if (key->params[5] == NULL) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MEMORY_ERROR; } - _gnutls_mpi_invm(key->params[5], key->params[3], key->params[4]); + _gnutls_mpi_invm (key->params[5], key->params[3], key->params[4]); #else - siz = u->size; - if (_gnutls_mpi_scan_nz(&key->params[5], u->data, &siz)) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; + siz = u->size; + if (_gnutls_mpi_scan_nz (&key->params[5], u->data, &siz)) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; } #endif - if (!key->crippled) { - ret = _encode_rsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - FREE_RSA_PRIVATE_PARAMS; - return ret; + if (!key->crippled) + { + ret = _encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + FREE_RSA_PRIVATE_PARAMS; + return ret; } } - key->params_size = RSA_PRIVATE_PARAMS; - key->pk_algorithm = GNUTLS_PK_RSA; + key->params_size = RSA_PRIVATE_PARAMS; + key->pk_algorithm = GNUTLS_PK_RSA; - return 0; + return 0; } @@ -540,66 +590,78 @@ int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, * to the native gnutls_x509_privkey_t format. The output will be stored in @key. * **/ -int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * g, - const gnutls_datum_t * y, const gnutls_datum_t * x) +int +gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y, + const gnutls_datum_t * x) { - int i = 0, ret; - size_t siz = 0; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - siz = p->size; - if (_gnutls_mpi_scan_nz(&key->params[0], p->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = q->size; - if (_gnutls_mpi_scan_nz(&key->params[1], q->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = g->size; - if (_gnutls_mpi_scan_nz(&key->params[2], g->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = y->size; - if (_gnutls_mpi_scan_nz(&key->params[3], y->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - siz = x->size; - if (_gnutls_mpi_scan_nz(&key->params[4], x->data, &siz)) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return GNUTLS_E_MPI_SCAN_FAILED; - } - - if (!key->crippled) { - ret = _encode_dsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - FREE_DSA_PRIVATE_PARAMS; - return ret; + int i = 0, ret; + size_t siz = 0; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + siz = p->size; + if (_gnutls_mpi_scan_nz (&key->params[0], p->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = q->size; + if (_gnutls_mpi_scan_nz (&key->params[1], q->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = g->size; + if (_gnutls_mpi_scan_nz (&key->params[2], g->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = y->size; + if (_gnutls_mpi_scan_nz (&key->params[3], y->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + siz = x->size; + if (_gnutls_mpi_scan_nz (&key->params[4], x->data, &siz)) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return GNUTLS_E_MPI_SCAN_FAILED; + } + + if (!key->crippled) + { + ret = _encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + FREE_DSA_PRIVATE_PARAMS; + return ret; } } - key->params_size = DSA_PRIVATE_PARAMS; - key->pk_algorithm = GNUTLS_PK_DSA; + key->params_size = DSA_PRIVATE_PARAMS; + key->pk_algorithm = GNUTLS_PK_DSA; - return 0; + return 0; } @@ -615,14 +677,16 @@ int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, * or a negative value on error. * **/ -int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key) +int +gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key) { - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return key->pk_algorithm; + return key->pk_algorithm; } @@ -649,49 +713,57 @@ int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key) * returned, and 0 on success. * **/ -int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size) +int +gnutls_x509_privkey_export (gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, void *output_data, + size_t * output_data_size) { - char *msg; - int ret; - - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (key->pk_algorithm == GNUTLS_PK_RSA) - msg = PEM_KEY_RSA; - else if (key->pk_algorithm == GNUTLS_PK_DSA) - msg = PEM_KEY_DSA; - else - msg = NULL; - - if (key->crippled) { /* encode the parameters on the fly. + char *msg; + int ret; + + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (key->pk_algorithm == GNUTLS_PK_RSA) + msg = PEM_KEY_RSA; + else if (key->pk_algorithm == GNUTLS_PK_DSA) + msg = PEM_KEY_DSA; + else + msg = NULL; + + if (key->crippled) + { /* encode the parameters on the fly. */ - switch (key->pk_algorithm) { + switch (key->pk_algorithm) + { case GNUTLS_PK_DSA: - ret = _encode_dsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; } - break; + break; case GNUTLS_PK_RSA: - ret = _encode_rsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; } - break; + break; default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } } - return _gnutls_x509_export_int(key->key, format, msg, - *output_data_size, output_data, output_data_size); + return _gnutls_x509_export_int (key->key, format, msg, + *output_data_size, output_data, + output_data_size); } @@ -710,93 +782,103 @@ int gnutls_x509_privkey_export(gnutls_x509_privkey_t key, * gnutls_malloc() and will be stored in the appropriate datum. * **/ -int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, - gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u) +int +gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * m, gnutls_datum_t * e, + gnutls_datum_t * d, gnutls_datum_t * p, + gnutls_datum_t * q, gnutls_datum_t * u) { - int ret; - mpi_t coeff = NULL; + int ret; + mpi_t coeff = NULL; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - - m->data=e->data=d->data=p->data=q->data=u->data=NULL; - m->size=e->size=d->size=p->size=q->size=u->size=0; - ret = _gnutls_mpi_dprint(m, key->params[0]); - if (ret < 0) { - gnutls_assert(); - goto error; + m->data = e->data = d->data = p->data = q->data = u->data = NULL; + m->size = e->size = d->size = p->size = q->size = u->size = 0; + + ret = _gnutls_mpi_dprint (m, key->params[0]); + if (ret < 0) + { + gnutls_assert (); + goto error; } - /* E */ - ret = _gnutls_mpi_dprint(e, key->params[1]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* E */ + ret = _gnutls_mpi_dprint (e, key->params[1]); + if (ret < 0) + { + gnutls_assert (); + goto error; } - /* D */ - ret = _gnutls_mpi_dprint(d, key->params[2]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* D */ + ret = _gnutls_mpi_dprint (d, key->params[2]); + if (ret < 0) + { + gnutls_assert (); + goto error; } - /* P */ - ret = _gnutls_mpi_dprint(p, key->params[3]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* P */ + ret = _gnutls_mpi_dprint (p, key->params[3]); + if (ret < 0) + { + gnutls_assert (); + goto error; } - /* Q */ - ret = _gnutls_mpi_dprint(q, key->params[4]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* Q */ + ret = _gnutls_mpi_dprint (q, key->params[4]); + if (ret < 0) + { + gnutls_assert (); + goto error; } #ifdef CALC_COEFF - coeff = - _gnutls_mpi_snew(_gnutls_mpi_get_nbits(key->params[0])); + coeff = _gnutls_mpi_snew (_gnutls_mpi_get_nbits (key->params[0])); - if (coeff == NULL) { - gnutls_assert(); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; + if (coeff == NULL) + { + gnutls_assert (); + ret = GNUTLS_E_MEMORY_ERROR; + goto error; } - _gnutls_mpi_invm(coeff, key->params[4], key->params[3]); - ret = _gnutls_mpi_dprint(u, coeff); - if (ret < 0) { - gnutls_assert(); - goto error; + _gnutls_mpi_invm (coeff, key->params[4], key->params[3]); + ret = _gnutls_mpi_dprint (u, coeff); + if (ret < 0) + { + gnutls_assert (); + goto error; } - _gnutls_mpi_release( &coeff); + _gnutls_mpi_release (&coeff); #else - /* U */ - ret = _gnutls_mpi_dprint(u, key->params[5]); - if (ret < 0) { - gnutls_assert(); - goto error; + /* U */ + ret = _gnutls_mpi_dprint (u, key->params[5]); + if (ret < 0) + { + gnutls_assert (); + goto error; } #endif - return 0; + return 0; error: - _gnutls_free_datum(m); - _gnutls_free_datum(d); - _gnutls_free_datum(e); - _gnutls_free_datum(p); - _gnutls_free_datum(q); - _gnutls_mpi_release( &coeff); - - return ret; + _gnutls_free_datum (m); + _gnutls_free_datum (d); + _gnutls_free_datum (e); + _gnutls_free_datum (p); + _gnutls_free_datum (q); + _gnutls_mpi_release (&coeff); + + return ret; } /** @@ -813,391 +895,422 @@ error: * gnutls_malloc() and will be stored in the appropriate datum. * **/ -int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g, - gnutls_datum_t * y, gnutls_datum_t * x) +int +gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * p, gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y, + gnutls_datum_t * x) { - int ret; + int ret; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - /* P */ - ret = _gnutls_mpi_dprint(p, key->params[0]); - if (ret < 0) { - gnutls_assert(); - return ret; + /* P */ + ret = _gnutls_mpi_dprint (p, key->params[0]); + if (ret < 0) + { + gnutls_assert (); + return ret; } - /* Q */ - ret = _gnutls_mpi_dprint(q, key->params[1]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - return ret; + /* Q */ + ret = _gnutls_mpi_dprint (q, key->params[1]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + return ret; } - /* G */ - ret = _gnutls_mpi_dprint(g, key->params[2]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - _gnutls_free_datum(q); - return ret; + /* G */ + ret = _gnutls_mpi_dprint (g, key->params[2]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + _gnutls_free_datum (q); + return ret; } - /* Y */ - ret = _gnutls_mpi_dprint(y, key->params[3]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(p); - _gnutls_free_datum(g); - _gnutls_free_datum(q); - return ret; + /* Y */ + ret = _gnutls_mpi_dprint (y, key->params[3]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (p); + _gnutls_free_datum (g); + _gnutls_free_datum (q); + return ret; } - /* X */ - ret = _gnutls_mpi_dprint(x, key->params[4]); - if (ret < 0) { - gnutls_assert(); - _gnutls_free_datum(y); - _gnutls_free_datum(p); - _gnutls_free_datum(g); - _gnutls_free_datum(q); - return ret; + /* X */ + ret = _gnutls_mpi_dprint (x, key->params[4]); + if (ret < 0) + { + gnutls_assert (); + _gnutls_free_datum (y); + _gnutls_free_datum (p); + _gnutls_free_datum (g); + _gnutls_free_datum (q); + return ret; } - return 0; + return 0; } /* Encodes the RSA parameters into an ASN.1 RSA private key structure. */ -static int _encode_rsa(ASN1_TYPE * c2, mpi_t * params) +static int +_encode_rsa (ASN1_TYPE * c2, mpi_t * params) { - int result, i; - size_t size[8], total; - opaque *m_data, *pube_data, *prie_data; - opaque *p1_data, *p2_data, *u_data, *exp1_data, *exp2_data; - opaque *all_data = NULL, *p; - mpi_t exp1 = NULL, exp2 = NULL, q1 = NULL, p1 = NULL, u=NULL; - opaque null = '\0'; - - /* Read all the sizes */ - total = 0; - for (i = 0; i < 5; i++) { - _gnutls_mpi_print_lz(NULL, &size[i], params[i]); - total += size[i]; - } - - /* Now generate exp1 and exp2 - */ - exp1 = _gnutls_mpi_salloc_like(params[0]); /* like modulus */ - if (exp1 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - exp2 = _gnutls_mpi_salloc_like(params[0]); - if (exp2 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - q1 = _gnutls_mpi_salloc_like(params[4]); - if (q1 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - p1 = _gnutls_mpi_salloc_like(params[3]); - if (p1 == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - u = _gnutls_mpi_salloc_like(params[3]); - if (u == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - _gnutls_mpi_invm(u, params[4], params[3]); - /* inverse of q mod p */ - _gnutls_mpi_print_lz(NULL, &size[5], u); - total += size[5]; - - _gnutls_mpi_sub_ui(p1, params[3], 1); - _gnutls_mpi_sub_ui(q1, params[4], 1); - - _gnutls_mpi_mod(exp1, params[2], p1); - _gnutls_mpi_mod(exp2, params[2], q1); - - - /* calculate exp's size */ - _gnutls_mpi_print_lz(NULL, &size[6], exp1); - total += size[6]; - - _gnutls_mpi_print_lz(NULL, &size[7], exp2); - total += size[7]; - - /* Encoding phase. - * allocate data enough to hold everything - */ - all_data = gnutls_secure_malloc(total); - if (all_data == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - p = all_data; - m_data = p; - p += size[0]; - pube_data = p; - p += size[1]; - prie_data = p; - p += size[2]; - p1_data = p; - p += size[3]; - p2_data = p; - p += size[4]; - u_data = p; - p += size[5]; - exp1_data = p; - p += size[6]; - exp2_data = p; - - _gnutls_mpi_print_lz(m_data, &size[0], params[0]); - _gnutls_mpi_print_lz(pube_data, &size[1], params[1]); - _gnutls_mpi_print_lz(prie_data, &size[2], params[2]); - _gnutls_mpi_print_lz(p1_data, &size[3], params[3]); - _gnutls_mpi_print_lz(p2_data, &size[4], params[4]); - _gnutls_mpi_print_lz(u_data, &size[5], u); - _gnutls_mpi_print_lz(exp1_data, &size[6], exp1); - _gnutls_mpi_print_lz(exp2_data, &size[7], exp2); - - /* Ok. Now we have the data. Create the asn1 structures - */ - - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", c2)) - != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - /* Write PRIME - */ - if ((result = asn1_write_value(*c2, "modulus", - m_data, size[0])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "publicExponent", - pube_data, size[1])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "privateExponent", - prie_data, size[2])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "prime1", - p1_data, size[3])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "prime2", - p2_data, size[4])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "exponent1", - exp1_data, size[6])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "exponent2", - exp2_data, size[7])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "coefficient", - u_data, size[5])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - _gnutls_mpi_release(&exp1); - _gnutls_mpi_release(&exp2); - _gnutls_mpi_release(&q1); - _gnutls_mpi_release(&p1); - _gnutls_mpi_release(&u); - gnutls_free(all_data); - - if ((result = asn1_write_value(*c2, "otherPrimeInfos", - NULL, 0)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "version", - &null, 1)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - return 0; + int result, i; + size_t size[8], total; + opaque *m_data, *pube_data, *prie_data; + opaque *p1_data, *p2_data, *u_data, *exp1_data, *exp2_data; + opaque *all_data = NULL, *p; + mpi_t exp1 = NULL, exp2 = NULL, q1 = NULL, p1 = NULL, u = NULL; + opaque null = '\0'; + + /* Read all the sizes */ + total = 0; + for (i = 0; i < 5; i++) + { + _gnutls_mpi_print_lz (NULL, &size[i], params[i]); + total += size[i]; + } + + /* Now generate exp1 and exp2 + */ + exp1 = _gnutls_mpi_salloc_like (params[0]); /* like modulus */ + if (exp1 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + exp2 = _gnutls_mpi_salloc_like (params[0]); + if (exp2 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + q1 = _gnutls_mpi_salloc_like (params[4]); + if (q1 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + p1 = _gnutls_mpi_salloc_like (params[3]); + if (p1 == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + u = _gnutls_mpi_salloc_like (params[3]); + if (u == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + _gnutls_mpi_invm (u, params[4], params[3]); + /* inverse of q mod p */ + _gnutls_mpi_print_lz (NULL, &size[5], u); + total += size[5]; + + _gnutls_mpi_sub_ui (p1, params[3], 1); + _gnutls_mpi_sub_ui (q1, params[4], 1); + + _gnutls_mpi_mod (exp1, params[2], p1); + _gnutls_mpi_mod (exp2, params[2], q1); + + + /* calculate exp's size */ + _gnutls_mpi_print_lz (NULL, &size[6], exp1); + total += size[6]; + + _gnutls_mpi_print_lz (NULL, &size[7], exp2); + total += size[7]; + + /* Encoding phase. + * allocate data enough to hold everything + */ + all_data = gnutls_secure_malloc (total); + if (all_data == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + p = all_data; + m_data = p; + p += size[0]; + pube_data = p; + p += size[1]; + prie_data = p; + p += size[2]; + p1_data = p; + p += size[3]; + p2_data = p; + p += size[4]; + u_data = p; + p += size[5]; + exp1_data = p; + p += size[6]; + exp2_data = p; + + _gnutls_mpi_print_lz (m_data, &size[0], params[0]); + _gnutls_mpi_print_lz (pube_data, &size[1], params[1]); + _gnutls_mpi_print_lz (prie_data, &size[2], params[2]); + _gnutls_mpi_print_lz (p1_data, &size[3], params[3]); + _gnutls_mpi_print_lz (p2_data, &size[4], params[4]); + _gnutls_mpi_print_lz (u_data, &size[5], u); + _gnutls_mpi_print_lz (exp1_data, &size[6], exp1); + _gnutls_mpi_print_lz (exp2_data, &size[7], exp2); + + /* Ok. Now we have the data. Create the asn1 structures + */ + + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPrivateKey", c2)) + != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + /* Write PRIME + */ + if ((result = asn1_write_value (*c2, "modulus", + m_data, size[0])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "publicExponent", + pube_data, size[1])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "privateExponent", + prie_data, size[2])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "prime1", + p1_data, size[3])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "prime2", + p2_data, size[4])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "exponent1", + exp1_data, size[6])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "exponent2", + exp2_data, size[7])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "coefficient", + u_data, size[5])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + _gnutls_mpi_release (&exp1); + _gnutls_mpi_release (&exp2); + _gnutls_mpi_release (&q1); + _gnutls_mpi_release (&p1); + _gnutls_mpi_release (&u); + gnutls_free (all_data); + + if ((result = asn1_write_value (*c2, "otherPrimeInfos", + NULL, 0)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + return 0; + +cleanup: + _gnutls_mpi_release (&u); + _gnutls_mpi_release (&exp1); + _gnutls_mpi_release (&exp2); + _gnutls_mpi_release (&q1); + _gnutls_mpi_release (&p1); + asn1_delete_structure (c2); + gnutls_free (all_data); - cleanup: - _gnutls_mpi_release(&u); - _gnutls_mpi_release(&exp1); - _gnutls_mpi_release(&exp2); - _gnutls_mpi_release(&q1); - _gnutls_mpi_release(&p1); - asn1_delete_structure(c2); - gnutls_free(all_data); - - return result; + return result; } /* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure. */ -static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params) +static int +_encode_dsa (ASN1_TYPE * c2, mpi_t * params) { - int result, i; - size_t size[DSA_PRIVATE_PARAMS], total; - opaque *p_data, *q_data, *g_data, *x_data, *y_data; - opaque *all_data = NULL, *p; - opaque null = '\0'; - - /* Read all the sizes */ - total = 0; - for (i = 0; i < DSA_PRIVATE_PARAMS; i++) { - _gnutls_mpi_print_lz(NULL, &size[i], params[i]); - total += size[i]; - } - - /* Encoding phase. - * allocate data enough to hold everything - */ - all_data = gnutls_secure_malloc(total); - if (all_data == NULL) { - gnutls_assert(); - result = GNUTLS_E_MEMORY_ERROR; - goto cleanup; - } - - p = all_data; - p_data = p; - p += size[0]; - q_data = p; - p += size[1]; - g_data = p; - p += size[2]; - y_data = p; - p += size[3]; - x_data = p; - - _gnutls_mpi_print_lz(p_data, &size[0], params[0]); - _gnutls_mpi_print_lz(q_data, &size[1], params[1]); - _gnutls_mpi_print_lz(g_data, &size[2], params[2]); - _gnutls_mpi_print_lz(y_data, &size[3], params[3]); - _gnutls_mpi_print_lz(x_data, &size[4], params[4]); - - /* Ok. Now we have the data. Create the asn1 structures - */ - - if ((result = asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", c2)) - != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - /* Write PRIME - */ - if ((result = asn1_write_value(*c2, "p", - p_data, size[0])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "q", - q_data, size[1])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "g", - g_data, size[2])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "Y", - y_data, size[3])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - if ((result = asn1_write_value(*c2, "priv", - x_data, size[4])) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - gnutls_free(all_data); - - if ((result = asn1_write_value(*c2, "version", - &null, 1)) != ASN1_SUCCESS) { - gnutls_assert(); - result = _gnutls_asn2err(result); - goto cleanup; - } - - return 0; - - cleanup: - asn1_delete_structure(c2); - gnutls_free(all_data); - - return result; + int result, i; + size_t size[DSA_PRIVATE_PARAMS], total; + opaque *p_data, *q_data, *g_data, *x_data, *y_data; + opaque *all_data = NULL, *p; + opaque null = '\0'; + + /* Read all the sizes */ + total = 0; + for (i = 0; i < DSA_PRIVATE_PARAMS; i++) + { + _gnutls_mpi_print_lz (NULL, &size[i], params[i]); + total += size[i]; + } + + /* Encoding phase. + * allocate data enough to hold everything + */ + all_data = gnutls_secure_malloc (total); + if (all_data == NULL) + { + gnutls_assert (); + result = GNUTLS_E_MEMORY_ERROR; + goto cleanup; + } + + p = all_data; + p_data = p; + p += size[0]; + q_data = p; + p += size[1]; + g_data = p; + p += size[2]; + y_data = p; + p += size[3]; + x_data = p; + + _gnutls_mpi_print_lz (p_data, &size[0], params[0]); + _gnutls_mpi_print_lz (q_data, &size[1], params[1]); + _gnutls_mpi_print_lz (g_data, &size[2], params[2]); + _gnutls_mpi_print_lz (y_data, &size[3], params[3]); + _gnutls_mpi_print_lz (x_data, &size[4], params[4]); + + /* Ok. Now we have the data. Create the asn1 structures + */ + + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPrivateKey", c2)) + != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + /* Write PRIME + */ + if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "q", q_data, size[1])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "g", g_data, size[2])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "Y", y_data, size[3])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + if ((result = asn1_write_value (*c2, "priv", + x_data, size[4])) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + gnutls_free (all_data); + + if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS) + { + gnutls_assert (); + result = _gnutls_asn2err (result); + goto cleanup; + } + + return 0; + +cleanup: + asn1_delete_structure (c2); + gnutls_free (all_data); + + return result; } @@ -1214,69 +1327,79 @@ static int _encode_dsa(ASN1_TYPE * c2, mpi_t * params) * Returns 0 on success or a negative value on error. * **/ -int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, - gnutls_pk_algorithm_t algo, unsigned int bits, unsigned int flags) +int +gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, + gnutls_pk_algorithm_t algo, unsigned int bits, + unsigned int flags) { - int ret, params_len; - int i; + int ret, params_len; + int i; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - switch (algo) { + switch (algo) + { case GNUTLS_PK_DSA: - ret = _gnutls_dsa_generate_params(key->params, ¶ms_len, bits); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_dsa_generate_params (key->params, ¶ms_len, bits); + if (ret < 0) + { + gnutls_assert (); + return ret; } - if (!key->crippled) { - ret = _encode_dsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + if (!key->crippled) + { + ret = _encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } } - key->params_size = params_len; - key->pk_algorithm = GNUTLS_PK_DSA; + key->params_size = params_len; + key->pk_algorithm = GNUTLS_PK_DSA; - break; + break; case GNUTLS_PK_RSA: - ret = _gnutls_rsa_generate_params(key->params, ¶ms_len, bits); - if (ret < 0) { - gnutls_assert(); - return ret; + ret = _gnutls_rsa_generate_params (key->params, ¶ms_len, bits); + if (ret < 0) + { + gnutls_assert (); + return ret; } - if (!key->crippled) { - ret = _encode_rsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - goto cleanup; + if (!key->crippled) + { + ret = _encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + goto cleanup; } } - key->params_size = params_len; - key->pk_algorithm = GNUTLS_PK_RSA; + key->params_size = params_len; + key->pk_algorithm = GNUTLS_PK_RSA; - break; + break; default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return 0; + return 0; - cleanup: - key->pk_algorithm = GNUTLS_PK_UNKNOWN; - key->params_size = 0; - for (i = 0; i < params_len; i++) - _gnutls_mpi_release(&key->params[i]); +cleanup: + key->pk_algorithm = GNUTLS_PK_UNKNOWN; + key->params_size = 0; + for (i = 0; i < params_len; i++) + _gnutls_mpi_release (&key->params[i]); - return ret; + return ret; } /** @@ -1300,63 +1423,72 @@ int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key, * returned, and 0 on success. * **/ -int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, - unsigned int flags, - unsigned char *output_data, - size_t * output_data_size) +int +gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size) { - int result; - GNUTLS_HASH_HANDLE hd; - gnutls_datum_t der = { NULL, 0 }; - - if (key == NULL || key->crippled) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; - } - - if (*output_data_size < 20) { - gnutls_assert(); - *output_data_size = 20; - return GNUTLS_E_SHORT_MEMORY_BUFFER; - } - - if (key->pk_algorithm == GNUTLS_PK_RSA) { - result = - _gnutls_x509_write_rsa_params(key->params, key->params_size, - &der); - if (result < 0) { - gnutls_assert(); - goto cleanup; + int result; + GNUTLS_HASH_HANDLE hd; + gnutls_datum_t der = { NULL, 0 }; + + if (key == NULL || key->crippled) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; + } + + if (*output_data_size < 20) + { + gnutls_assert (); + *output_data_size = 20; + return GNUTLS_E_SHORT_MEMORY_BUFFER; + } + + if (key->pk_algorithm == GNUTLS_PK_RSA) + { + result = + _gnutls_x509_write_rsa_params (key->params, key->params_size, &der); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - } else if (key->pk_algorithm == GNUTLS_PK_DSA) { - result = - _gnutls_x509_write_dsa_public_key(key->params, - key->params_size, &der); - if (result < 0) { - gnutls_assert(); - goto cleanup; + } + else if (key->pk_algorithm == GNUTLS_PK_DSA) + { + result = + _gnutls_x509_write_dsa_public_key (key->params, + key->params_size, &der); + if (result < 0) + { + gnutls_assert (); + goto cleanup; } - } else - return GNUTLS_E_INTERNAL_ERROR; + } + else + return GNUTLS_E_INTERNAL_ERROR; - hd = _gnutls_hash_init(GNUTLS_MAC_SHA1); - if (hd == GNUTLS_HASH_FAILED) { - gnutls_assert(); - result = GNUTLS_E_INTERNAL_ERROR; - goto cleanup; + hd = _gnutls_hash_init (GNUTLS_MAC_SHA1); + if (hd == GNUTLS_HASH_FAILED) + { + gnutls_assert (); + result = GNUTLS_E_INTERNAL_ERROR; + goto cleanup; } - _gnutls_hash(hd, der.data, der.size); + _gnutls_hash (hd, der.data, der.size); - _gnutls_hash_deinit(hd, output_data); - *output_data_size = 20; + _gnutls_hash_deinit (hd, output_data); + *output_data_size = 20; - result = 0; + result = 0; - cleanup: +cleanup: - _gnutls_free_datum(&der); - return result; + _gnutls_free_datum (&der); + return result; } #ifdef ENABLE_PKI @@ -1384,38 +1516,42 @@ int gnutls_x509_privkey_get_key_id(gnutls_x509_privkey_t key, * 0 on success. * **/ -int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t digest, - unsigned int flags, - const gnutls_datum_t * data, - void *signature, size_t * signature_size) +int +gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t * data, + void *signature, size_t * signature_size) { - int result; - gnutls_datum_t sig = { NULL, 0 }; + int result; + gnutls_datum_t sig = { NULL, 0 }; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_sign(data, digest, key, &sig); - if (result < 0) { - gnutls_assert(); - return result; + result = _gnutls_x509_sign (data, digest, key, &sig); + if (result < 0) + { + gnutls_assert (); + return result; } - if (*signature_size < sig.size) { - *signature_size = sig.size; - _gnutls_free_datum(&sig); - return GNUTLS_E_SHORT_MEMORY_BUFFER; + if (*signature_size < sig.size) + { + *signature_size = sig.size; + _gnutls_free_datum (&sig); + return GNUTLS_E_SHORT_MEMORY_BUFFER; } - *signature_size = sig.size; - memcpy(signature, sig.data, sig.size); + *signature_size = sig.size; + memcpy (signature, sig.data, sig.size); - _gnutls_free_datum(&sig); + _gnutls_free_datum (&sig); - return 0; + return 0; } /** @@ -1432,25 +1568,28 @@ int gnutls_x509_privkey_sign_data(gnutls_x509_privkey_t key, * 1 on success. * **/ -int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key, - unsigned int flags, - const gnutls_datum_t * data, - const gnutls_datum_t * signature) +int +gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature) { - int result; + int result; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - result = _gnutls_x509_privkey_verify_signature(data, signature, key); - if (result < 0) { - gnutls_assert(); - return 0; + result = _gnutls_x509_privkey_verify_signature (data, signature, key); + if (result < 0) + { + gnutls_assert (); + return 0; } - return result; + return result; } /** @@ -1464,37 +1603,43 @@ int gnutls_x509_privkey_verify_data(gnutls_x509_privkey_t key, * returned, and 0 on success. * **/ -int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key) +int +gnutls_x509_privkey_fix (gnutls_x509_privkey_t key) { - int ret; + int ret; - if (key == NULL) { - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (key == NULL) + { + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - if (!key->crippled) asn1_delete_structure(&key->key); - switch (key->pk_algorithm) { - case GNUTLS_PK_DSA: - ret = _encode_dsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - return ret; - } - break; - case GNUTLS_PK_RSA: - ret = _encode_rsa(&key->key, key->params); - if (ret < 0) { - gnutls_assert(); - return ret; - } - break; - default: - gnutls_assert(); - return GNUTLS_E_INVALID_REQUEST; + if (!key->crippled) + asn1_delete_structure (&key->key); + switch (key->pk_algorithm) + { + case GNUTLS_PK_DSA: + ret = _encode_dsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + case GNUTLS_PK_RSA: + ret = _encode_rsa (&key->key, key->params); + if (ret < 0) + { + gnutls_assert (); + return ret; + } + break; + default: + gnutls_assert (); + return GNUTLS_E_INVALID_REQUEST; } - return 0; + return 0; } #endif |