summaryrefslogtreecommitdiff
path: root/lib/pubkey.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/pubkey.c')
-rw-r--r--lib/pubkey.c641
1 files changed, 289 insertions, 352 deletions
diff --git a/lib/pubkey.c b/lib/pubkey.c
index a396e56f26..a783371b16 100644
--- a/lib/pubkey.c
+++ b/lib/pubkey.c
@@ -38,19 +38,18 @@
#include "urls.h"
#include <ecc.h>
-static int
-pubkey_verify_hashed_data(const gnutls_sign_entry_st * se,
- const mac_entry_st * me,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * params,
- gnutls_x509_spki_st * sign_params, unsigned flags);
-
-static
-int pubkey_supports_sig(gnutls_pubkey_t pubkey,
- const gnutls_sign_entry_st * se);
-
-unsigned pubkey_to_bits(const gnutls_pk_params_st * params)
+static int pubkey_verify_hashed_data(const gnutls_sign_entry_st *se,
+ const mac_entry_st *me,
+ const gnutls_datum_t *hash,
+ const gnutls_datum_t *signature,
+ gnutls_pk_params_st *params,
+ gnutls_x509_spki_st *sign_params,
+ unsigned flags);
+
+static int pubkey_supports_sig(gnutls_pubkey_t pubkey,
+ const gnutls_sign_entry_st *se);
+
+unsigned pubkey_to_bits(const gnutls_pk_params_st *params)
{
switch (params->algo) {
case GNUTLS_PK_RSA:
@@ -125,7 +124,7 @@ int gnutls_pubkey_get_key_usage(gnutls_pubkey_t key, unsigned int *usage)
*
* Since: 2.12.0
**/
-int gnutls_pubkey_init(gnutls_pubkey_t * key)
+int gnutls_pubkey_init(gnutls_pubkey_t *key)
{
*key = NULL;
FAIL_IF_LIB_ERROR;
@@ -169,9 +168,8 @@ void gnutls_pubkey_deinit(gnutls_pubkey_t key)
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt,
- unsigned int flags)
+int gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt,
+ unsigned int flags)
{
int ret;
@@ -211,9 +209,8 @@ gnutls_pubkey_import_x509(gnutls_pubkey_t key, gnutls_x509_crt_t crt,
*
* Since: 3.1.5
**/
-int
-gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, gnutls_x509_crq_t crq,
- unsigned int flags)
+int gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, gnutls_x509_crq_t crq,
+ unsigned int flags)
{
int ret;
@@ -253,9 +250,8 @@ gnutls_pubkey_import_x509_crq(gnutls_pubkey_t key, gnutls_x509_crq_t crq,
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_import_privkey(gnutls_pubkey_t key, gnutls_privkey_t pkey,
- unsigned int usage, unsigned int flags)
+int gnutls_pubkey_import_privkey(gnutls_pubkey_t key, gnutls_privkey_t pkey,
+ unsigned int usage, unsigned int flags)
{
gnutls_pk_params_release(&key->params);
gnutls_pk_params_init(&key->params);
@@ -284,10 +280,9 @@ gnutls_pubkey_import_privkey(gnutls_pubkey_t key, gnutls_privkey_t pkey,
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
- gnutls_digest_algorithm_t *
- hash, unsigned int *mand)
+int gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t *hash,
+ unsigned int *mand)
{
int ret;
const mac_entry_st *me;
@@ -309,7 +304,7 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
me = _gnutls_dsa_q_to_hash(&key->params, NULL);
if (hash)
- *hash = (gnutls_digest_algorithm_t) me->id;
+ *hash = (gnutls_digest_algorithm_t)me->id;
ret = 0;
break;
@@ -343,18 +338,16 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
if (key->params.spki.rsa_pss_dig) {
*hash = key->params.spki.rsa_pss_dig;
} else {
- *hash =
- _gnutls_pk_bits_to_sha_hash(pubkey_to_bits
- (&key->params));
+ *hash = _gnutls_pk_bits_to_sha_hash(
+ pubkey_to_bits(&key->params));
}
}
ret = 0;
break;
case GNUTLS_PK_RSA:
if (hash)
- *hash =
- _gnutls_pk_bits_to_sha_hash(pubkey_to_bits
- (&key->params));
+ *hash = _gnutls_pk_bits_to_sha_hash(
+ pubkey_to_bits(&key->params));
ret = 0;
break;
@@ -371,8 +364,8 @@ gnutls_pubkey_get_preferred_hash_algorithm(gnutls_pubkey_t key,
/* The EC_PARAMS attribute can contain either printable string with curve name
* or OID defined in RFC 8410 */
static int
-gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t * parameters,
- gnutls_ecc_curve_t * outcurve)
+gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t *parameters,
+ gnutls_ecc_curve_t *outcurve)
{
gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID;
asn1_node asn1 = NULL;
@@ -427,8 +420,8 @@ gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t * parameters,
curve = gnutls_oid_to_ecc_curve(str);
if (curve != GNUTLS_ECC_CURVE_ED25519 &&
curve != GNUTLS_ECC_CURVE_ED448) {
- _gnutls_debug_log
- ("Curve %s is not supported for EdDSA\n", str);
+ _gnutls_debug_log(
+ "Curve %s is not supported for EdDSA\n", str);
gnutls_assert();
curve = GNUTLS_ECC_CURVE_INVALID;
ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE;
@@ -467,16 +460,15 @@ gnutls_pubkey_parse_ecc_eddsa_params(const gnutls_datum_t * parameters,
break;
}
- cleanup:
+cleanup:
asn1_delete_structure(&asn1);
*outcurve = curve;
return ret;
}
-static int
-gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key,
- const gnutls_datum_t * parameters,
- const gnutls_datum_t * ecpoint)
+static int gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key,
+ const gnutls_datum_t *parameters,
+ const gnutls_datum_t *ecpoint)
{
int ret;
@@ -488,9 +480,8 @@ gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key,
return gnutls_assert_val(ret);
}
- ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
- ecpoint->data, ecpoint->size,
- &raw_point, 0);
+ ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, ecpoint->data,
+ ecpoint->size, &raw_point, 0);
if (ret < 0) {
gnutls_assert();
gnutls_free(raw_point.data);
@@ -503,9 +494,8 @@ gnutls_pubkey_import_ecc_eddsa(gnutls_pubkey_t key,
}
/* Same as above, but for Edwards key agreement */
-static int
-gnutls_pubkey_parse_ecc_ecdh_params(const gnutls_datum_t * parameters,
- gnutls_ecc_curve_t * outcurve)
+static int gnutls_pubkey_parse_ecc_ecdh_params(const gnutls_datum_t *parameters,
+ gnutls_ecc_curve_t *outcurve)
{
gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID;
asn1_node asn1 = NULL;
@@ -560,9 +550,9 @@ gnutls_pubkey_parse_ecc_ecdh_params(const gnutls_datum_t * parameters,
curve = gnutls_oid_to_ecc_curve(str);
if (curve != GNUTLS_ECC_CURVE_X25519 &&
curve != GNUTLS_ECC_CURVE_X448) {
- _gnutls_debug_log
- ("Curve %s is not supported for Edwards-based key agreement\n",
- str);
+ _gnutls_debug_log(
+ "Curve %s is not supported for Edwards-based key agreement\n",
+ str);
gnutls_assert();
curve = GNUTLS_ECC_CURVE_INVALID;
ret = GNUTLS_E_ECC_UNSUPPORTED_CURVE;
@@ -601,16 +591,15 @@ gnutls_pubkey_parse_ecc_ecdh_params(const gnutls_datum_t * parameters,
break;
}
- cleanup:
+cleanup:
asn1_delete_structure(&asn1);
*outcurve = curve;
return ret;
}
-static int
-gnutls_pubkey_import_ecc_ecdh(gnutls_pubkey_t key,
- const gnutls_datum_t * parameters,
- const gnutls_datum_t * ecpoint)
+static int gnutls_pubkey_import_ecc_ecdh(gnutls_pubkey_t key,
+ const gnutls_datum_t *parameters,
+ const gnutls_datum_t *ecpoint)
{
int ret;
@@ -622,9 +611,8 @@ gnutls_pubkey_import_ecc_ecdh(gnutls_pubkey_t key,
return gnutls_assert_val(ret);
}
- ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
- ecpoint->data, ecpoint->size,
- &raw_point, 0);
+ ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, ecpoint->data,
+ ecpoint->size, &raw_point, 0);
if (ret < 0) {
gnutls_assert();
gnutls_free(raw_point.data);
@@ -650,15 +638,14 @@ gnutls_pubkey_import_ecc_ecdh(gnutls_pubkey_t key,
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
- gnutls_pkcs11_obj_t obj, unsigned int flags)
+int gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key, gnutls_pkcs11_obj_t obj,
+ unsigned int flags)
{
int ret, type;
type = gnutls_pkcs11_obj_get_type(obj);
- if (type != GNUTLS_PKCS11_OBJ_PUBKEY
- && type != GNUTLS_PKCS11_OBJ_X509_CRT) {
+ if (type != GNUTLS_PKCS11_OBJ_PUBKEY &&
+ type != GNUTLS_PKCS11_OBJ_X509_CRT) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
@@ -668,8 +655,7 @@ gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
ret = gnutls_x509_crt_init(&xcrt);
if (ret < 0) {
- gnutls_assert()
- return ret;
+ gnutls_assert() return ret;
}
ret = gnutls_x509_crt_import_pkcs11(xcrt, obj);
@@ -684,13 +670,13 @@ gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
goto cleanup_crt;
}
- ret =
- gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage, NULL);
+ ret = gnutls_x509_crt_get_key_usage(xcrt, &key->key_usage,
+ NULL);
if (ret < 0)
key->key_usage = 0;
ret = 0;
- cleanup_crt:
+ cleanup_crt:
gnutls_x509_crt_deinit(xcrt);
return ret;
}
@@ -734,7 +720,7 @@ gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
return 0;
}
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
/**
* gnutls_pubkey_export:
@@ -760,10 +746,8 @@ gnutls_pubkey_import_pkcs11(gnutls_pubkey_t key,
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_export(gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format, void *output_data,
- size_t *output_data_size)
+int gnutls_pubkey_export(gnutls_pubkey_t key, gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t *output_data_size)
{
int result;
asn1_node spk = NULL;
@@ -773,9 +757,9 @@ gnutls_pubkey_export(gnutls_pubkey_t key,
return GNUTLS_E_INVALID_REQUEST;
}
- if ((result = asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS) {
+ if ((result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.SubjectPublicKeyInfo",
+ &spk)) != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
@@ -786,8 +770,7 @@ gnutls_pubkey_export(gnutls_pubkey_t key,
goto cleanup;
}
- result = _gnutls_x509_export_int_named(spk, "",
- format, PEM_PK,
+ result = _gnutls_x509_export_int_named(spk, "", format, PEM_PK,
output_data, output_data_size);
if (result < 0) {
gnutls_assert();
@@ -796,7 +779,7 @@ gnutls_pubkey_export(gnutls_pubkey_t key,
result = 0;
- cleanup:
+cleanup:
asn1_delete_structure(&spk);
return result;
@@ -822,9 +805,8 @@ gnutls_pubkey_export(gnutls_pubkey_t key,
*
* Since: 3.1.3
**/
-int
-gnutls_pubkey_export2(gnutls_pubkey_t key,
- gnutls_x509_crt_fmt_t format, gnutls_datum_t * out)
+int gnutls_pubkey_export2(gnutls_pubkey_t key, gnutls_x509_crt_fmt_t format,
+ gnutls_datum_t *out)
{
int result;
asn1_node spk = NULL;
@@ -834,9 +816,9 @@ gnutls_pubkey_export2(gnutls_pubkey_t key,
return GNUTLS_E_INVALID_REQUEST;
}
- if ((result = asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS) {
+ if ((result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.SubjectPublicKeyInfo",
+ &spk)) != ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
}
@@ -855,7 +837,7 @@ gnutls_pubkey_export2(gnutls_pubkey_t key,
result = 0;
- cleanup:
+cleanup:
asn1_delete_structure(&spk);
return result;
@@ -883,9 +865,9 @@ gnutls_pubkey_export2(gnutls_pubkey_t key,
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags,
- unsigned char *output_data, size_t *output_data_size)
+int gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags,
+ unsigned char *output_data,
+ size_t *output_data_size)
{
int ret = 0;
@@ -894,9 +876,8 @@ gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags,
return GNUTLS_E_INVALID_REQUEST;
}
- ret =
- _gnutls_get_key_id(&key->params,
- output_data, output_data_size, flags);
+ ret = _gnutls_get_key_id(&key->params, output_data, output_data_size,
+ flags);
if (ret < 0) {
gnutls_assert();
return ret;
@@ -922,10 +903,8 @@ gnutls_pubkey_get_key_id(gnutls_pubkey_t key, unsigned int flags,
*
* Since: 3.6.0
**/
-int
-gnutls_pubkey_export_rsa_raw2(gnutls_pubkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e,
- unsigned flags)
+int gnutls_pubkey_export_rsa_raw2(gnutls_pubkey_t key, gnutls_datum_t *m,
+ gnutls_datum_t *e, unsigned flags)
{
int ret;
mpi_dprint_func dprint = _gnutls_mpi_dprint_lz;
@@ -979,9 +958,8 @@ gnutls_pubkey_export_rsa_raw2(gnutls_pubkey_t key,
*
* Since: 3.3.0
**/
-int
-gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key,
- gnutls_datum_t * m, gnutls_datum_t * e)
+int gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key, gnutls_datum_t *m,
+ gnutls_datum_t *e)
{
return gnutls_pubkey_export_rsa_raw2(key, m, e, 0);
}
@@ -1004,10 +982,9 @@ gnutls_pubkey_export_rsa_raw(gnutls_pubkey_t key,
*
* Since: 3.3.0
**/
-int
-gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y)
+int gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key, gnutls_datum_t *p,
+ gnutls_datum_t *q, gnutls_datum_t *g,
+ gnutls_datum_t *y)
{
return gnutls_pubkey_export_dsa_raw2(key, p, q, g, y, 0);
}
@@ -1031,11 +1008,9 @@ gnutls_pubkey_export_dsa_raw(gnutls_pubkey_t key,
*
* Since: 3.6.0
**/
-int
-gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y,
- unsigned flags)
+int gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key, gnutls_datum_t *p,
+ gnutls_datum_t *q, gnutls_datum_t *g,
+ gnutls_datum_t *y, unsigned flags)
{
int ret;
mpi_dprint_func dprint = _gnutls_mpi_dprint_lz;
@@ -1118,10 +1093,8 @@ gnutls_pubkey_export_dsa_raw2(gnutls_pubkey_t key,
*
* Since: 3.0
**/
-int
-gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key,
- gnutls_ecc_curve_t * curve,
- gnutls_datum_t * x, gnutls_datum_t * y)
+int gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t *curve,
+ gnutls_datum_t *x, gnutls_datum_t *y)
{
return gnutls_pubkey_export_ecc_raw2(key, curve, x, y, 0);
}
@@ -1147,11 +1120,9 @@ gnutls_pubkey_export_ecc_raw(gnutls_pubkey_t key,
*
* Since: 3.6.0
**/
-int
-gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key,
- gnutls_ecc_curve_t * curve,
- gnutls_datum_t * x, gnutls_datum_t * y,
- unsigned int flags)
+int gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t *curve, gnutls_datum_t *x,
+ gnutls_datum_t *y, unsigned int flags)
{
int ret;
mpi_dprint_func dprint = _gnutls_mpi_dprint_lz;
@@ -1177,9 +1148,8 @@ gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key,
key->params.algo == GNUTLS_PK_ECDH_X25519 ||
key->params.algo == GNUTLS_PK_ECDH_X448) {
if (x) {
- ret =
- _gnutls_set_datum(x, key->params.raw_pub.data,
- key->params.raw_pub.size);
+ ret = _gnutls_set_datum(x, key->params.raw_pub.data,
+ key->params.raw_pub.size);
if (ret < 0)
return gnutls_assert_val(ret);
}
@@ -1229,8 +1199,8 @@ gnutls_pubkey_export_ecc_raw2(gnutls_pubkey_t key,
* Since: 3.3.0
**/
int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key,
- gnutls_datum_t * parameters,
- gnutls_datum_t * ecpoint)
+ gnutls_datum_t *parameters,
+ gnutls_datum_t *ecpoint)
{
int ret;
gnutls_datum_t raw_point = { NULL, 0 };
@@ -1258,7 +1228,7 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key,
}
ret = 0;
- cleanup:
+cleanup:
gnutls_free(raw_point.data);
return ret;
}
@@ -1284,13 +1254,12 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key,
*
* Since: 3.6.3
**/
-int
-gnutls_pubkey_export_gost_raw2(gnutls_pubkey_t key,
- gnutls_ecc_curve_t * curve,
- gnutls_digest_algorithm_t * digest,
- gnutls_gost_paramset_t * paramset,
- gnutls_datum_t * x, gnutls_datum_t * y,
- unsigned int flags)
+int gnutls_pubkey_export_gost_raw2(gnutls_pubkey_t key,
+ gnutls_ecc_curve_t *curve,
+ gnutls_digest_algorithm_t *digest,
+ gnutls_gost_paramset_t *paramset,
+ gnutls_datum_t *x, gnutls_datum_t *y,
+ unsigned int flags)
{
int ret;
@@ -1356,9 +1325,8 @@ gnutls_pubkey_export_gost_raw2(gnutls_pubkey_t key,
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_import(gnutls_pubkey_t key,
- const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format)
+int gnutls_pubkey_import(gnutls_pubkey_t key, const gnutls_datum_t *data,
+ gnutls_x509_crt_fmt_t format)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
@@ -1376,9 +1344,8 @@ gnutls_pubkey_import(gnutls_pubkey_t key,
*/
if (format == GNUTLS_X509_FMT_PEM) {
/* Try the first header */
- result =
- _gnutls_fbase64_decode(PEM_PK, data->data,
- data->size, &_data);
+ result = _gnutls_fbase64_decode(PEM_PK, data->data, data->size,
+ &_data);
if (result < 0) {
gnutls_assert();
@@ -1388,9 +1355,9 @@ gnutls_pubkey_import(gnutls_pubkey_t key,
need_free = 1;
}
- if ((result = asn1_create_element
- (_gnutls_get_pkix(), "PKIX1.SubjectPublicKeyInfo", &spk))
- != ASN1_SUCCESS) {
+ if ((result = asn1_create_element(_gnutls_get_pkix(),
+ "PKIX1.SubjectPublicKeyInfo",
+ &spk)) != ASN1_SUCCESS) {
gnutls_assert();
result = _gnutls_asn2err(result);
goto cleanup;
@@ -1412,7 +1379,7 @@ gnutls_pubkey_import(gnutls_pubkey_t key,
key->bits = pubkey_to_bits(&key->params);
result = 0;
- cleanup:
+cleanup:
asn1_delete_structure(&spk);
if (need_free)
@@ -1442,9 +1409,8 @@ int gnutls_x509_crt_set_pubkey(gnutls_x509_crt_t crt, gnutls_pubkey_t key)
return GNUTLS_E_INVALID_REQUEST;
}
- result = _gnutls_x509_encode_and_copy_PKI_params(crt->cert,
- "tbsCertificate.subjectPublicKeyInfo",
- &key->params);
+ result = _gnutls_x509_encode_and_copy_PKI_params(
+ crt->cert, "tbsCertificate.subjectPublicKeyInfo", &key->params);
if (result < 0) {
gnutls_assert();
@@ -1479,8 +1445,9 @@ int gnutls_x509_crq_set_pubkey(gnutls_x509_crq_t crq, gnutls_pubkey_t key)
return GNUTLS_E_INVALID_REQUEST;
}
- result = _gnutls_x509_encode_and_copy_PKI_params
- (crq->crq, "certificationRequestInfo.subjectPKInfo", &key->params);
+ result = _gnutls_x509_encode_and_copy_PKI_params(
+ crq->crq, "certificationRequestInfo.subjectPKInfo",
+ &key->params);
if (result < 0) {
gnutls_assert();
@@ -1516,7 +1483,7 @@ int gnutls_pubkey_set_key_usage(gnutls_pubkey_t key, unsigned int usage)
#ifdef ENABLE_PKCS11
-# if 0
+#if 0
/**
* gnutls_pubkey_import_pkcs11_url:
* @key: A key of type #gnutls_pubkey_t
@@ -1537,11 +1504,10 @@ gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
{
int x;
}
-# endif
+#endif
-static int
-_gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+static int _gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key,
+ const char *url, unsigned int flags)
{
gnutls_pkcs11_obj_t pcrt;
int ret;
@@ -1556,10 +1522,8 @@ _gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
gnutls_pkcs11_obj_set_pin_function(pcrt, key->pin.cb,
key->pin.data);
- ret =
- gnutls_pkcs11_obj_import_url(pcrt, url,
- flags |
- GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY);
+ ret = gnutls_pkcs11_obj_import_url(
+ pcrt, url, flags | GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -1572,14 +1536,14 @@ _gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
}
ret = 0;
- cleanup:
+cleanup:
gnutls_pkcs11_obj_deinit(pcrt);
return ret;
}
-#endif /* ENABLE_PKCS11 */
+#endif /* ENABLE_PKCS11 */
/**
* gnutls_pubkey_import_url:
@@ -1594,20 +1558,17 @@ _gnutls_pubkey_import_pkcs11_url(gnutls_pubkey_t key, const char *url,
*
* Since: 3.1.0
**/
-int
-gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url,
- unsigned int flags)
+int gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url,
+ unsigned int flags)
{
unsigned i;
for (i = 0; i < _gnutls_custom_urls_size; i++) {
- if (strncmp
- (url, _gnutls_custom_urls[i].name,
- _gnutls_custom_urls[i].name_size) == 0) {
+ if (strncmp(url, _gnutls_custom_urls[i].name,
+ _gnutls_custom_urls[i].name_size) == 0) {
if (_gnutls_custom_urls[i].import_pubkey)
- return _gnutls_custom_urls[i].import_pubkey(key,
- url,
- flags);
+ return _gnutls_custom_urls[i].import_pubkey(
+ key, url, flags);
}
}
@@ -1642,9 +1603,8 @@ gnutls_pubkey_import_url(gnutls_pubkey_t key, const char *url,
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
- const gnutls_datum_t * m, const gnutls_datum_t * e)
+int gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key, const gnutls_datum_t *m,
+ const gnutls_datum_t *e)
{
if (key == NULL) {
gnutls_assert();
@@ -1654,12 +1614,14 @@ gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
gnutls_pk_params_release(&key->params);
gnutls_pk_params_init(&key->params);
- if (_gnutls_mpi_init_scan_nz(&key->params.params[0], m->data, m->size)) {
+ if (_gnutls_mpi_init_scan_nz(&key->params.params[0], m->data,
+ m->size)) {
gnutls_assert();
return GNUTLS_E_MPI_SCAN_FAILED;
}
- if (_gnutls_mpi_init_scan_nz(&key->params.params[1], e->data, e->size)) {
+ if (_gnutls_mpi_init_scan_nz(&key->params.params[1], e->data,
+ e->size)) {
gnutls_assert();
_gnutls_mpi_release(&key->params.params[0]);
return GNUTLS_E_MPI_SCAN_FAILED;
@@ -1690,10 +1652,9 @@ gnutls_pubkey_import_rsa_raw(gnutls_pubkey_t key,
*
* Since: 3.0
**/
-int
-gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
- gnutls_ecc_curve_t curve,
- const gnutls_datum_t * x, const gnutls_datum_t * y)
+int gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t curve,
+ const gnutls_datum_t *x,
+ const gnutls_datum_t *y)
{
int ret;
@@ -1742,16 +1703,16 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
key->params.curve = curve;
- if (_gnutls_mpi_init_scan_nz
- (&key->params.params[ECC_X], x->data, x->size)) {
+ if (_gnutls_mpi_init_scan_nz(&key->params.params[ECC_X], x->data,
+ x->size)) {
gnutls_assert();
ret = GNUTLS_E_MPI_SCAN_FAILED;
goto cleanup;
}
key->params.params_nr++;
- if (_gnutls_mpi_init_scan_nz
- (&key->params.params[ECC_Y], y->data, y->size)) {
+ if (_gnutls_mpi_init_scan_nz(&key->params.params[ECC_Y], y->data,
+ y->size)) {
gnutls_assert();
ret = GNUTLS_E_MPI_SCAN_FAILED;
goto cleanup;
@@ -1762,7 +1723,7 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
return 0;
- cleanup:
+cleanup:
gnutls_pk_params_release(&key->params);
return ret;
}
@@ -1781,10 +1742,9 @@ gnutls_pubkey_import_ecc_raw(gnutls_pubkey_t key,
*
* Since: 3.0
**/
-int
-gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
- const gnutls_datum_t * parameters,
- const gnutls_datum_t * ecpoint)
+int gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
+ const gnutls_datum_t *parameters,
+ const gnutls_datum_t *ecpoint)
{
int ret;
gnutls_datum_t raw_point = { NULL, 0 };
@@ -1799,17 +1759,15 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
key->params.params_nr = 0;
- ret =
- _gnutls_x509_read_ecc_params(parameters->data,
- parameters->size, &key->params.curve);
+ ret = _gnutls_x509_read_ecc_params(parameters->data, parameters->size,
+ &key->params.curve);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
- ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
- ecpoint->data, ecpoint->size,
- &raw_point, 0);
+ ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, ecpoint->data,
+ ecpoint->size, &raw_point, 0);
if (ret < 0) {
gnutls_assert();
goto cleanup;
@@ -1828,7 +1786,7 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
gnutls_free(raw_point.data);
return 0;
- cleanup:
+cleanup:
gnutls_pk_params_release(&key->params);
gnutls_free(raw_point.data);
return ret;
@@ -1857,13 +1815,11 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
*
* Since: 3.6.3
**/
-int
-gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key,
- gnutls_ecc_curve_t curve,
- gnutls_digest_algorithm_t digest,
- gnutls_gost_paramset_t paramset,
- const gnutls_datum_t * x,
- const gnutls_datum_t * y)
+int gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, gnutls_ecc_curve_t curve,
+ gnutls_digest_algorithm_t digest,
+ gnutls_gost_paramset_t paramset,
+ const gnutls_datum_t *x,
+ const gnutls_datum_t *y)
{
int ret;
gnutls_pk_algorithm_t pk_algo;
@@ -1886,16 +1842,16 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key,
key->params.curve = curve;
key->params.gost_params = paramset;
- if (_gnutls_mpi_init_scan_le
- (&key->params.params[GOST_X], x->data, x->size)) {
+ if (_gnutls_mpi_init_scan_le(&key->params.params[GOST_X], x->data,
+ x->size)) {
gnutls_assert();
ret = GNUTLS_E_MPI_SCAN_FAILED;
goto cleanup;
}
key->params.params_nr++;
- if (_gnutls_mpi_init_scan_le
- (&key->params.params[GOST_Y], y->data, y->size)) {
+ if (_gnutls_mpi_init_scan_le(&key->params.params[GOST_Y], y->data,
+ y->size)) {
gnutls_assert();
ret = GNUTLS_E_MPI_SCAN_FAILED;
goto cleanup;
@@ -1905,7 +1861,7 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key,
return 0;
- cleanup:
+cleanup:
gnutls_pk_params_release(&key->params);
return ret;
}
@@ -1927,11 +1883,10 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key,
*
* Since: 2.12.0
**/
-int
-gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
- const gnutls_datum_t * p,
- const gnutls_datum_t * q,
- const gnutls_datum_t * g, const gnutls_datum_t * y)
+int gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key, const gnutls_datum_t *p,
+ const gnutls_datum_t *q,
+ const gnutls_datum_t *g,
+ const gnutls_datum_t *y)
{
size_t siz = 0;
@@ -1978,16 +1933,15 @@ gnutls_pubkey_import_dsa_raw(gnutls_pubkey_t key,
key->bits = pubkey_to_bits(&key->params);
return 0;
-
}
/* Updates the gnutls_x509_spki_st parameters based on the signature
* information, and reports any incompatibilities between the existing
* parameters (if any) with the signature algorithm */
-static
-int fixup_spki_params(const gnutls_pk_params_st * key_params,
- const gnutls_sign_entry_st * se, const mac_entry_st * me,
- gnutls_x509_spki_st * params)
+static int fixup_spki_params(const gnutls_pk_params_st *key_params,
+ const gnutls_sign_entry_st *se,
+ const mac_entry_st *me,
+ gnutls_x509_spki_st *params)
{
unsigned bits;
@@ -2008,8 +1962,8 @@ int fixup_spki_params(const gnutls_pk_params_st * key_params,
/* The requested sign algorithm is RSA-PSS, while the
* pubkey doesn't include parameter information. Fill
* it with the same way as gnutls_privkey_sign*. */
- if (key_params->algo == GNUTLS_PK_RSA
- || params->rsa_pss_dig == 0) {
+ if (key_params->algo == GNUTLS_PK_RSA ||
+ params->rsa_pss_dig == 0) {
bits = pubkey_to_bits(key_params);
params->rsa_pss_dig = se->hash;
ret = _gnutls_find_rsa_pss_salt_size(bits, me, 0);
@@ -2021,7 +1975,8 @@ int fixup_spki_params(const gnutls_pk_params_st * key_params,
if (params->rsa_pss_dig != se->hash)
return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR);
- } else if (params->pk == GNUTLS_PK_DSA || params->pk == GNUTLS_PK_ECDSA) {
+ } else if (params->pk == GNUTLS_PK_DSA ||
+ params->pk == GNUTLS_PK_ECDSA) {
params->dsa_dig = se->hash;
}
@@ -2046,12 +2001,10 @@ int fixup_spki_params(const gnutls_pk_params_st * key_params,
*
* Since: 3.0
**/
-int
-gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature)
+int gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
+ gnutls_sign_algorithm_t algo, unsigned int flags,
+ const gnutls_datum_t *data,
+ const gnutls_datum_t *signature)
{
int ret;
const mac_entry_st *me;
@@ -2115,12 +2068,10 @@ gnutls_pubkey_verify_data2(gnutls_pubkey_t pubkey,
*
* Since: 3.0
**/
-int
-gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
- gnutls_sign_algorithm_t algo,
- unsigned int flags,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature)
+int gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
+ gnutls_sign_algorithm_t algo, unsigned int flags,
+ const gnutls_datum_t *hash,
+ const gnutls_datum_t *signature)
{
const mac_entry_st *me;
gnutls_x509_spki_st params;
@@ -2140,9 +2091,8 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
if (flags & GNUTLS_VERIFY_USE_TLS1_RSA) {
if (!GNUTLS_PK_IS_RSA(key->params.algo))
- return
- gnutls_assert_val
- (GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY);
+ return gnutls_assert_val(
+ GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY);
params.pk = GNUTLS_PK_RSA;
/* we do not check for insecure algorithms with this flag */
return _gnutls_pk_verify(params.pk, hash, signature,
@@ -2188,46 +2138,45 @@ gnutls_pubkey_verify_hash2(gnutls_pubkey_t key,
*
* Since: 3.0
**/
-int
-gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags,
- const gnutls_datum_t * plaintext,
- gnutls_datum_t * ciphertext)
+int gnutls_pubkey_encrypt_data(gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t *plaintext,
+ gnutls_datum_t *ciphertext)
{
if (key == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
- return _gnutls_pk_encrypt(key->params.algo, ciphertext,
- plaintext, &key->params);
+ return _gnutls_pk_encrypt(key->params.algo, ciphertext, plaintext,
+ &key->params);
}
-static
-int pubkey_supports_sig(gnutls_pubkey_t pubkey, const gnutls_sign_entry_st * se)
+static int pubkey_supports_sig(gnutls_pubkey_t pubkey,
+ const gnutls_sign_entry_st *se)
{
if (pubkey->params.algo == GNUTLS_PK_ECDSA && se->curve) {
gnutls_ecc_curve_t curve = pubkey->params.curve;
if (curve != se->curve) {
- _gnutls_handshake_log
- ("have key: ECDSA with %s/%d, with sign %s/%d\n",
- gnutls_ecc_curve_get_name(curve), (int)curve,
- se->name, se->id);
- return
- gnutls_assert_val
- (GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY);
+ _gnutls_handshake_log(
+ "have key: ECDSA with %s/%d, with sign %s/%d\n",
+ gnutls_ecc_curve_get_name(curve), (int)curve,
+ se->name, se->id);
+ return gnutls_assert_val(
+ GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY);
}
}
- if (se->pk != pubkey->params.algo) { /* if the PK algorithm of the signature differs to the one on the pubkey */
+ if (se->pk !=
+ pubkey->params
+ .algo) { /* if the PK algorithm of the signature differs to the one on the pubkey */
if (!sign_supports_priv_pk_algorithm(se, pubkey->params.algo)) {
- _gnutls_handshake_log
- ("have key: %s/%d, with sign %s/%d\n",
- gnutls_pk_get_name(pubkey->params.algo),
- pubkey->params.algo, se->name, se->id);
- return
- gnutls_assert_val
- (GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY);
+ _gnutls_handshake_log(
+ "have key: %s/%d, with sign %s/%d\n",
+ gnutls_pk_get_name(pubkey->params.algo),
+ pubkey->params.algo, se->name, se->id);
+ return gnutls_assert_val(
+ GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY);
}
}
@@ -2240,7 +2189,7 @@ int pubkey_supports_sig(gnutls_pubkey_t pubkey, const gnutls_sign_entry_st * se)
*/
int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session,
gnutls_pubkey_t pubkey,
- const version_entry_st * ver,
+ const version_entry_st *ver,
gnutls_sign_algorithm_t sign)
{
unsigned int hash_size = 0;
@@ -2264,22 +2213,21 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session,
/* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */
if (!_gnutls_version_has_selectable_sighash(ver)) {
if (me->id != GNUTLS_MAC_SHA1)
- return
- gnutls_assert_val
- (GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
+ return gnutls_assert_val(
+ GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
} else if (se != NULL) {
me = hash_to_entry(se->hash);
sig_hash_size = _gnutls_hash_get_algo_len(me);
if (sig_hash_size < hash_size)
- _gnutls_audit_log(session,
- "The hash size used in signature (%u) is less than the expected (%u)\n",
- sig_hash_size, hash_size);
+ _gnutls_audit_log(
+ session,
+ "The hash size used in signature (%u) is less than the expected (%u)\n",
+ sig_hash_size, hash_size);
}
} else if (pubkey->params.algo == GNUTLS_PK_ECDSA) {
- if (_gnutls_version_has_selectable_sighash(ver)
- && se != NULL) {
+ if (_gnutls_version_has_selectable_sighash(ver) && se != NULL) {
_gnutls_dsa_q_to_hash(&pubkey->params, &hash_size);
me = hash_to_entry(se->hash);
@@ -2287,26 +2235,26 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session,
sig_hash_size = _gnutls_hash_get_algo_len(me);
if (sig_hash_size < hash_size)
- _gnutls_audit_log(session,
- "The hash size used in signature (%u) is less than the expected (%u)\n",
- sig_hash_size, hash_size);
+ _gnutls_audit_log(
+ session,
+ "The hash size used in signature (%u) is less than the expected (%u)\n",
+ sig_hash_size, hash_size);
}
} else if (pubkey->params.algo == GNUTLS_PK_GOST_01 ||
pubkey->params.algo == GNUTLS_PK_GOST_12_256 ||
pubkey->params.algo == GNUTLS_PK_GOST_12_512) {
- if (_gnutls_version_has_selectable_sighash(ver)
- && se != NULL) {
+ if (_gnutls_version_has_selectable_sighash(ver) && se != NULL) {
if (_gnutls_gost_digest(pubkey->params.algo) !=
se->hash) {
- _gnutls_audit_log(session,
- "The hash algo used in signature (%u) is not expected (%u)\n",
- se->hash,
- _gnutls_gost_digest
- (pubkey->params.algo));
- return
- gnutls_assert_val
- (GNUTLS_E_CONSTRAINT_ERROR);
+ _gnutls_audit_log(
+ session,
+ "The hash algo used in signature (%u) is not expected (%u)\n",
+ se->hash,
+ _gnutls_gost_digest(
+ pubkey->params.algo));
+ return gnutls_assert_val(
+ GNUTLS_E_CONSTRAINT_ERROR);
}
}
@@ -2317,8 +2265,8 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session,
/* RSA PSS public keys are restricted to a single digest, i.e., signature */
- if (pubkey->params.spki.rsa_pss_dig
- && pubkey->params.spki.rsa_pss_dig != se->hash) {
+ if (pubkey->params.spki.rsa_pss_dig &&
+ pubkey->params.spki.rsa_pss_dig != se->hash) {
return gnutls_assert_val(GNUTLS_E_CONSTRAINT_ERROR);
}
}
@@ -2328,7 +2276,7 @@ int _gnutls_pubkey_compatible_with_sig(gnutls_session_t session,
/* Returns the public key.
*/
-int _gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st * params)
+int _gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st *params)
{
return _gnutls_pk_params_copy(params, &key->params);
}
@@ -2338,14 +2286,13 @@ int _gnutls_pubkey_get_mpis(gnutls_pubkey_t key, gnutls_pk_params_st * params)
* params[0] is modulus
* params[1] is public key
*/
-static int
-_pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
- const mac_entry_st * me,
- const gnutls_datum_t * text,
- const gnutls_datum_t * prehash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * params,
- gnutls_x509_spki_st * sign_params)
+static int _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
+ const mac_entry_st *me,
+ const gnutls_datum_t *text,
+ const gnutls_datum_t *prehash,
+ const gnutls_datum_t *signature,
+ gnutls_pk_params_st *params,
+ gnutls_x509_spki_st *sign_params)
{
int ret;
uint8_t md[MAX_HASH_SIZE], *cmp;
@@ -2367,7 +2314,7 @@ _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
return GNUTLS_E_INVALID_REQUEST;
}
- ret = _gnutls_hash_fast((gnutls_digest_algorithm_t) me->id,
+ ret = _gnutls_hash_fast((gnutls_digest_algorithm_t)me->id,
text->data, text->size, md);
if (ret < 0) {
gnutls_assert();
@@ -2391,8 +2338,8 @@ _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
case GNUTLS_MAC_SHA224:
break;
default:
- _gnutls_switch_fips_state
- (GNUTLS_FIPS140_OP_NOT_APPROVED);
+ _gnutls_switch_fips_state(
+ GNUTLS_FIPS140_OP_NOT_APPROVED);
}
/* decrypted is a BER encoded data of type DigestInfo
@@ -2413,13 +2360,12 @@ _pkcs1_rsa_verify_sig(gnutls_pk_algorithm_t pk,
/* Hashes input data and verifies a signature.
*/
-static int
-dsa_verify_hashed_data(gnutls_pk_algorithm_t pk,
- const mac_entry_st * algo,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * params,
- gnutls_x509_spki_st * sign_params)
+static int dsa_verify_hashed_data(gnutls_pk_algorithm_t pk,
+ const mac_entry_st *algo,
+ const gnutls_datum_t *hash,
+ const gnutls_datum_t *signature,
+ gnutls_pk_params_st *params,
+ gnutls_x509_spki_st *sign_params)
{
gnutls_datum_t digest;
unsigned int hash_len;
@@ -2432,11 +2378,11 @@ dsa_verify_hashed_data(gnutls_pk_algorithm_t pk,
/* SHA1 or better allowed */
if (!hash->data || hash->size < hash_len) {
gnutls_assert();
- _gnutls_debug_log
- ("Hash size (%d) does not correspond to hash %s(%d) or better.\n",
- (int)hash->size, _gnutls_mac_get_name(algo), hash_len);
+ _gnutls_debug_log(
+ "Hash size (%d) does not correspond to hash %s(%d) or better.\n",
+ (int)hash->size, _gnutls_mac_get_name(algo), hash_len);
- if (hash->size != 20) /* SHA1 is allowed */
+ if (hash->size != 20) /* SHA1 is allowed */
return gnutls_assert_val(GNUTLS_E_PK_SIG_VERIFY_FAILED);
}
@@ -2446,12 +2392,11 @@ dsa_verify_hashed_data(gnutls_pk_algorithm_t pk,
return _gnutls_pk_verify(pk, &digest, signature, params, sign_params);
}
-static int
-dsa_verify_data(gnutls_pk_algorithm_t pk,
- const mac_entry_st * algo,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * params, gnutls_x509_spki_st * sign_params)
+static int dsa_verify_data(gnutls_pk_algorithm_t pk, const mac_entry_st *algo,
+ const gnutls_datum_t *data,
+ const gnutls_datum_t *signature,
+ gnutls_pk_params_st *params,
+ gnutls_x509_spki_st *sign_params)
{
int ret;
uint8_t _digest[MAX_HASH_SIZE];
@@ -2460,8 +2405,8 @@ dsa_verify_data(gnutls_pk_algorithm_t pk,
if (algo == NULL)
algo = _gnutls_dsa_q_to_hash(params, NULL);
- ret = _gnutls_hash_fast((gnutls_digest_algorithm_t) algo->id,
- data->data, data->size, _digest);
+ ret = _gnutls_hash_fast((gnutls_digest_algorithm_t)algo->id, data->data,
+ data->size, _digest);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -2474,13 +2419,13 @@ dsa_verify_data(gnutls_pk_algorithm_t pk,
/* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if
* not verified, or 1 otherwise.
*/
-static int
-pubkey_verify_hashed_data(const gnutls_sign_entry_st * se,
- const mac_entry_st * me,
- const gnutls_datum_t * hash,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * params,
- gnutls_x509_spki_st * sign_params, unsigned flags)
+static int pubkey_verify_hashed_data(const gnutls_sign_entry_st *se,
+ const mac_entry_st *me,
+ const gnutls_datum_t *hash,
+ const gnutls_datum_t *signature,
+ gnutls_pk_params_st *params,
+ gnutls_x509_spki_st *sign_params,
+ unsigned flags)
{
int ret;
@@ -2495,9 +2440,8 @@ pubkey_verify_hashed_data(const gnutls_sign_entry_st * se,
case GNUTLS_PK_RSA:
case GNUTLS_PK_RSA_PSS:
- if (_pkcs1_rsa_verify_sig
- (se->pk, me, NULL, hash, signature, params,
- sign_params) != 0) {
+ if (_pkcs1_rsa_verify_sig(se->pk, me, NULL, hash, signature,
+ params, sign_params) != 0) {
gnutls_assert();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
@@ -2509,8 +2453,8 @@ pubkey_verify_hashed_data(const gnutls_sign_entry_st * se,
case GNUTLS_PK_GOST_12_256:
case GNUTLS_PK_GOST_12_512:
case GNUTLS_PK_DSA:
- if (dsa_verify_hashed_data
- (se->pk, me, hash, signature, params, sign_params) != 0) {
+ if (dsa_verify_hashed_data(se->pk, me, hash, signature, params,
+ sign_params) != 0) {
gnutls_assert();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
@@ -2519,11 +2463,10 @@ pubkey_verify_hashed_data(const gnutls_sign_entry_st * se,
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
-
}
- if (_gnutls_sign_is_secure2(se, 0) == 0
- && _gnutls_is_broken_sig_allowed(se, flags) == 0) {
+ if (_gnutls_sign_is_secure2(se, 0) == 0 &&
+ _gnutls_is_broken_sig_allowed(se, flags) == 0) {
return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_SECURITY);
}
@@ -2533,13 +2476,11 @@ pubkey_verify_hashed_data(const gnutls_sign_entry_st * se,
/* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if
* not verified, or 1 otherwise.
*/
-int
-pubkey_verify_data(const gnutls_sign_entry_st * se,
- const mac_entry_st * me,
- const gnutls_datum_t * data,
- const gnutls_datum_t * signature,
- gnutls_pk_params_st * params,
- gnutls_x509_spki_st * sign_params, unsigned flags)
+int pubkey_verify_data(const gnutls_sign_entry_st *se, const mac_entry_st *me,
+ const gnutls_datum_t *data,
+ const gnutls_datum_t *signature,
+ gnutls_pk_params_st *params,
+ gnutls_x509_spki_st *sign_params, unsigned flags)
{
int ret;
@@ -2553,9 +2494,8 @@ pubkey_verify_data(const gnutls_sign_entry_st * se,
switch (se->pk) {
case GNUTLS_PK_RSA:
case GNUTLS_PK_RSA_PSS:
- if (_pkcs1_rsa_verify_sig
- (se->pk, me, data, NULL, signature, params,
- sign_params) != 0) {
+ if (_pkcs1_rsa_verify_sig(se->pk, me, data, NULL, signature,
+ params, sign_params) != 0) {
gnutls_assert();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
@@ -2564,8 +2504,8 @@ pubkey_verify_data(const gnutls_sign_entry_st * se,
case GNUTLS_PK_EDDSA_ED25519:
case GNUTLS_PK_EDDSA_ED448:
- if (_gnutls_pk_verify
- (se->pk, data, signature, params, sign_params) != 0) {
+ if (_gnutls_pk_verify(se->pk, data, signature, params,
+ sign_params) != 0) {
gnutls_assert();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
@@ -2577,8 +2517,8 @@ pubkey_verify_data(const gnutls_sign_entry_st * se,
case GNUTLS_PK_GOST_01:
case GNUTLS_PK_GOST_12_256:
case GNUTLS_PK_GOST_12_512:
- if (dsa_verify_data
- (se->pk, me, data, signature, params, sign_params) != 0) {
+ if (dsa_verify_data(se->pk, me, data, signature, params,
+ sign_params) != 0) {
gnutls_assert();
return GNUTLS_E_PK_SIG_VERIFY_FAILED;
}
@@ -2587,19 +2527,18 @@ pubkey_verify_data(const gnutls_sign_entry_st * se,
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
-
}
- if (_gnutls_sign_is_secure2(se, 0) == 0
- && _gnutls_is_broken_sig_allowed(se, flags) == 0) {
+ if (_gnutls_sign_is_secure2(se, 0) == 0 &&
+ _gnutls_is_broken_sig_allowed(se, flags) == 0) {
return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_SECURITY);
}
return 1;
}
-const mac_entry_st *_gnutls_dsa_q_to_hash(const gnutls_pk_params_st *
- params, unsigned int *hash_len)
+const mac_entry_st *_gnutls_dsa_q_to_hash(const gnutls_pk_params_st *params,
+ unsigned int *hash_len)
{
int bits = 0;
int ret;
@@ -2677,7 +2616,7 @@ void gnutls_pubkey_set_pin_function(gnutls_pubkey_t key,
* Since: 3.1.3
**/
int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey,
- const gnutls_datum_t * data,
+ const gnutls_datum_t *data,
gnutls_x509_crt_fmt_t format,
unsigned int flags)
{
@@ -2702,7 +2641,7 @@ int gnutls_pubkey_import_x509_raw(gnutls_pubkey_t pkey,
ret = 0;
- cleanup:
+cleanup:
gnutls_x509_crt_deinit(xpriv);
return ret;
@@ -2746,9 +2685,8 @@ int gnutls_pubkey_verify_params(gnutls_pubkey_t key)
*
* Since: 3.6.0
**/
-int
-gnutls_pubkey_get_spki(gnutls_pubkey_t pubkey, gnutls_x509_spki_t spki,
- unsigned int flags)
+int gnutls_pubkey_get_spki(gnutls_pubkey_t pubkey, gnutls_x509_spki_t spki,
+ unsigned int flags)
{
gnutls_x509_spki_t p = &pubkey->params.spki;
@@ -2779,9 +2717,8 @@ gnutls_pubkey_get_spki(gnutls_pubkey_t pubkey, gnutls_x509_spki_t spki,
*
* Since: 3.6.0
**/
-int
-gnutls_pubkey_set_spki(gnutls_pubkey_t pubkey, const gnutls_x509_spki_t spki,
- unsigned int flags)
+int gnutls_pubkey_set_spki(gnutls_pubkey_t pubkey,
+ const gnutls_x509_spki_t spki, unsigned int flags)
{
if (pubkey == NULL) {
gnutls_assert();
View Lorry Controller Status