diff options
Diffstat (limited to 'tests/rsa-rsa-pss.c')
-rw-r--r-- | tests/rsa-rsa-pss.c | 76 |
1 files changed, 34 insertions, 42 deletions
diff --git a/tests/rsa-rsa-pss.c b/tests/rsa-rsa-pss.c index ec5e84c774..bced5cc1d2 100644 --- a/tests/rsa-rsa-pss.c +++ b/tests/rsa-rsa-pss.c @@ -20,7 +20,7 @@ */ #ifdef HAVE_CONFIG_H -# include <config.h> +#include <config.h> #endif #include <stdlib.h> @@ -41,25 +41,22 @@ static void tls_log_func(int level, const char *str) fprintf(stderr, "<%d>| %s", level, str); } -const gnutls_datum_t raw_data = { - (void *)"hello there", - 11 -}; +const gnutls_datum_t raw_data = { (void *)"hello there", 11 }; static gnutls_fips140_context_t fips_context; -static void inv_sign_check(unsigned sigalgo, - gnutls_privkey_t privkey, int exp_error) +static void inv_sign_check(unsigned sigalgo, gnutls_privkey_t privkey, + int exp_error) { int ret; gnutls_datum_t signature; - ret = gnutls_privkey_sign_data2(privkey, sigalgo, 0, - &raw_data, &signature); + ret = gnutls_privkey_sign_data2(privkey, sigalgo, 0, &raw_data, + &signature); if (ret != exp_error) fail("gnutls_privkey_sign_data succeeded with %s and %s: %s\n", - gnutls_pk_get_name(gnutls_privkey_get_pk_algorithm - (privkey, NULL)), + gnutls_pk_get_name( + gnutls_privkey_get_pk_algorithm(privkey, NULL)), gnutls_sign_get_name(sigalgo), gnutls_strerror(ret)); if (ret == 0) @@ -85,7 +82,6 @@ static void inv_encryption_check(gnutls_pk_algorithm_t algorithm, gnutls_pk_get_name(algorithm), gnutls_strerror(ret)); gnutls_pubkey_deinit(pubkey); - } static void sign_verify_data(unsigned sigalgo, gnutls_privkey_t privkey, @@ -97,15 +93,15 @@ static void sign_verify_data(unsigned sigalgo, gnutls_privkey_t privkey, gnutls_datum_t signature = { NULL, 0 }; fips_push_context(fips_context); - ret = gnutls_privkey_sign_data2(privkey, sigalgo, sign_flags, - &raw_data, &signature); + ret = gnutls_privkey_sign_data2(privkey, sigalgo, sign_flags, &raw_data, + &signature); fips_pop_context(fips_context, sign_exp_state); if (ret != sign_exp_error) - fail("gnutls_x509_privkey_sign_data returned unexpected error: %s\n", gnutls_strerror(ret)); + fail("gnutls_x509_privkey_sign_data returned unexpected error: %s\n", + gnutls_strerror(ret)); if (ret < 0) { - success - ("skipping verification as signing is expected to fail\n"); + success("skipping verification as signing is expected to fail\n"); } else { gnutls_pubkey_t pubkey; @@ -116,11 +112,11 @@ static void sign_verify_data(unsigned sigalgo, gnutls_privkey_t privkey, if (ret < 0) fail("gnutls_pubkey_import_privkey\n"); - ret = gnutls_pubkey_verify_data2(pubkey, sigalgo, - verify_flags, &raw_data, - &signature); + ret = gnutls_pubkey_verify_data2(pubkey, sigalgo, verify_flags, + &raw_data, &signature); if (ret != verify_exp_error) - fail("gnutls_pubkey_verify_data2 returned unexpected error: %s\n", gnutls_strerror(ret)); + fail("gnutls_pubkey_verify_data2 returned unexpected error: %s\n", + gnutls_strerror(ret)); gnutls_pubkey_deinit(pubkey); } @@ -128,9 +124,9 @@ static void sign_verify_data(unsigned sigalgo, gnutls_privkey_t privkey, gnutls_free(signature.data); } -static void -prepare_keys(gnutls_privkey_t * pkey_rsa_pss, gnutls_privkey_t * pkey_rsa, - gnutls_digest_algorithm_t dig, size_t salt_size) +static void prepare_keys(gnutls_privkey_t *pkey_rsa_pss, + gnutls_privkey_t *pkey_rsa, + gnutls_digest_algorithm_t dig, size_t salt_size) { gnutls_privkey_t pkey; gnutls_x509_privkey_t tkey; @@ -158,16 +154,16 @@ prepare_keys(gnutls_privkey_t * pkey_rsa_pss, gnutls_privkey_t * pkey_rsa, /* import RSA-PSS version of key */ assert(gnutls_privkey_init(pkey_rsa_pss) >= 0); - assert(gnutls_privkey_import_x509_raw - (*pkey_rsa_pss, &tmp, GNUTLS_X509_FMT_PEM, NULL, 0) >= 0); + assert(gnutls_privkey_import_x509_raw( + *pkey_rsa_pss, &tmp, GNUTLS_X509_FMT_PEM, NULL, 0) >= 0); gnutls_free(tmp.data); /* import RSA version of key */ gnutls_x509_privkey_export2(tkey, GNUTLS_X509_FMT_PEM, &tmp); assert(gnutls_privkey_init(pkey_rsa) >= 0); - assert(gnutls_privkey_import_x509_raw - (*pkey_rsa, &tmp, GNUTLS_X509_FMT_PEM, NULL, 0) >= 0); + assert(gnutls_privkey_import_x509_raw( + *pkey_rsa, &tmp, GNUTLS_X509_FMT_PEM, NULL, 0) >= 0); gnutls_x509_privkey_deinit(tkey); gnutls_free(tmp.data); @@ -248,19 +244,17 @@ void doit(void) /* Use the mismatched salt length with the digest length */ prepare_keys(&pkey_rsa_pss, &pkey_rsa, GNUTLS_DIG_SHA256, 48); - sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa_pss, - 0, 0, 0, 0, GNUTLS_FIPS140_OP_NOT_APPROVED); + sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa_pss, 0, 0, 0, + 0, GNUTLS_FIPS140_OP_NOT_APPROVED); sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa_pss, - GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH, - 0, GNUTLS_E_CONSTRAINT_ERROR, 0, + GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH, 0, + GNUTLS_E_CONSTRAINT_ERROR, 0, /* The error is caught before calling the actual * signing operation. */ GNUTLS_FIPS140_OP_INITIAL); - sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa_pss, - 0, - GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH, - 0, + sign_verify_data(GNUTLS_SIGN_RSA_PSS_SHA256, pkey_rsa_pss, 0, + GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH, 0, GNUTLS_E_PK_SIG_VERIFY_FAILED, GNUTLS_FIPS140_OP_NOT_APPROVED); @@ -271,16 +265,14 @@ void doit(void) sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, 0, 0, 0, 0, GNUTLS_FIPS140_OP_NOT_APPROVED); sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, - GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH, - 0, GNUTLS_E_CONSTRAINT_ERROR, 0, + GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH, 0, + GNUTLS_E_CONSTRAINT_ERROR, 0, /* The error is caught before calling the actual * signing operation. */ GNUTLS_FIPS140_OP_INITIAL); - sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, - 0, - GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH, - 0, + sign_verify_data(GNUTLS_SIGN_RSA_PSS_RSAE_SHA256, pkey_rsa, 0, + GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH, 0, GNUTLS_E_PK_SIG_VERIFY_FAILED, GNUTLS_FIPS140_OP_NOT_APPROVED); |