From 834296325533f4a33c3035bbfc3d15fe078a176a Mon Sep 17 00:00:00 2001 From: Falko Strenzke Date: Wed, 14 Jun 2023 12:52:00 +0200 Subject: [PATCH] corrected code formatting --- include/rekey/rnp_key_store.h | 18 +- include/repgp/repgp_def.h | 87 +-- include/rnp/rnp.h | 232 ++++---- src/common/file-utils.h | 8 +- src/common/uniwin.h | 2 +- src/examples/decrypt.c | 6 +- src/examples/dump.c | 2 +- src/examples/encrypt.c | 2 +- src/examples/generate.c | 10 +- src/examples/sign.c | 6 +- src/examples/verify.c | 6 +- src/lib/crypto.cpp | 107 ++-- src/lib/crypto.h | 16 +- src/lib/crypto/backend_version.cpp | 4 +- src/lib/crypto/bn.h | 2 +- src/lib/crypto/cipher.hpp | 12 +- src/lib/crypto/cipher_botan.cpp | 12 +- src/lib/crypto/cipher_botan.hpp | 12 +- src/lib/crypto/cipher_ossl.cpp | 12 +- src/lib/crypto/cipher_ossl.hpp | 12 +- src/lib/crypto/dilithium.cpp | 22 +- src/lib/crypto/dilithium.h | 16 +- src/lib/crypto/dilithium_common.cpp | 73 +-- src/lib/crypto/dilithium_common.h | 1 - src/lib/crypto/dilithium_exdsa_composite.cpp | 389 +++++++------ src/lib/crypto/dilithium_exdsa_composite.h | 111 ++-- src/lib/crypto/dl_ossl.cpp | 2 +- src/lib/crypto/dsa.cpp | 32 +- src/lib/crypto/dsa.h | 8 +- src/lib/crypto/dsa_ossl.cpp | 16 +- src/lib/crypto/ec.cpp | 92 +-- src/lib/crypto/ec.h | 12 +- src/lib/crypto/ec_ossl.cpp | 10 +- src/lib/crypto/ecdh.cpp | 77 +-- src/lib/crypto/ecdh.h | 23 +- src/lib/crypto/ecdh_ossl.cpp | 38 +- src/lib/crypto/ecdh_utils.cpp | 2 +- src/lib/crypto/ecdh_utils.h | 2 +- src/lib/crypto/ecdsa.cpp | 14 +- src/lib/crypto/ecdsa.h | 10 +- src/lib/crypto/ecdsa_ossl.cpp | 12 +- src/lib/crypto/ed25519.cpp | 43 +- src/lib/crypto/ed25519.h | 19 +- src/lib/crypto/eddsa.cpp | 8 +- src/lib/crypto/eddsa.h | 8 +- src/lib/crypto/eddsa_ossl.cpp | 12 +- src/lib/crypto/elgamal.cpp | 20 +- src/lib/crypto/elgamal.h | 12 +- src/lib/crypto/elgamal_ossl.cpp | 60 +- src/lib/crypto/exdsa_ecdhkem.cpp | 187 +++--- src/lib/crypto/exdsa_ecdhkem.h | 94 +-- src/lib/crypto/hash_common.cpp | 2 +- src/lib/crypto/hash_ossl.cpp | 2 +- src/lib/crypto/hkdf.cpp | 4 +- src/lib/crypto/hkdf.hpp | 2 +- src/lib/crypto/hkdf_botan.cpp | 11 +- src/lib/crypto/hkdf_botan.hpp | 2 +- src/lib/crypto/kmac.cpp | 9 +- src/lib/crypto/kmac.hpp | 20 +- src/lib/crypto/kmac_botan.cpp | 17 +- src/lib/crypto/kmac_botan.hpp | 6 +- src/lib/crypto/kyber.cpp | 32 +- src/lib/crypto/kyber.h | 25 +- src/lib/crypto/kyber_common.cpp | 116 ++-- src/lib/crypto/kyber_ecdh_composite.cpp | 541 ++++++++++-------- src/lib/crypto/kyber_ecdh_composite.h | 118 ++-- src/lib/crypto/mem.h | 2 +- src/lib/crypto/mem_ossl.cpp | 6 +- src/lib/crypto/mpi.cpp | 2 +- src/lib/crypto/rng.cpp | 5 +- src/lib/crypto/rng.h | 4 +- src/lib/crypto/rsa.cpp | 40 +- src/lib/crypto/rsa.h | 20 +- src/lib/crypto/rsa_ossl.cpp | 34 +- src/lib/crypto/s2k.cpp | 4 +- src/lib/crypto/s2k.h | 4 +- src/lib/crypto/s2k_ossl.cpp | 4 +- src/lib/crypto/sha1cd/sha1.c | 6 +- src/lib/crypto/sha1cd/ubc_check.c | 66 +-- src/lib/crypto/signatures.cpp | 57 +- src/lib/crypto/signatures.h | 16 +- src/lib/crypto/sm2.cpp | 24 +- src/lib/crypto/sm2.h | 24 +- src/lib/crypto/sm2_ossl.cpp | 20 +- src/lib/crypto/symmetric.cpp | 4 +- src/lib/crypto/symmetric.h | 12 +- src/lib/crypto/symmetric_ossl.cpp | 4 +- src/lib/crypto/x25519.cpp | 97 ++-- src/lib/crypto/x25519.h | 19 +- src/lib/ffi-priv-types.h | 32 +- src/lib/fingerprint.cpp | 6 +- src/lib/generate-key.cpp | 50 +- src/lib/key-provider.cpp | 2 +- src/lib/key-provider.h | 4 +- src/lib/pass-provider.cpp | 8 +- src/lib/pass-provider.h | 14 +- src/lib/pgp-key.cpp | 217 ++++--- src/lib/pgp-key.h | 132 ++--- src/lib/rnp.cpp | 367 ++++++------ src/lib/sec_profile.hpp | 2 +- src/lib/types.h | 46 +- src/lib/utils.h | 24 +- src/librekey/g23_sexp.hpp | 4 +- src/librekey/key_store_g10.cpp | 48 +- src/librekey/key_store_g10.h | 10 +- src/librekey/key_store_kbx.cpp | 15 +- src/librekey/key_store_pgp.cpp | 6 +- src/librekey/key_store_pgp.h | 10 +- src/librekey/rnp_key_store.cpp | 58 +- src/librepgp/stream-armor.cpp | 20 +- src/librepgp/stream-armor.h | 4 +- src/librepgp/stream-common.cpp | 36 +- src/librepgp/stream-common.h | 28 +- src/librepgp/stream-ctx.cpp | 8 +- src/librepgp/stream-ctx.h | 12 +- src/librepgp/stream-dump.cpp | 192 ++++--- src/librepgp/stream-dump.h | 4 +- src/librepgp/stream-key.cpp | 182 +++--- src/librepgp/stream-key.h | 16 +- src/librepgp/stream-packet.cpp | 102 ++-- src/librepgp/stream-packet.h | 9 +- src/librepgp/stream-parse.cpp | 175 +++--- src/librepgp/stream-parse.h | 28 +- src/librepgp/stream-sig.cpp | 125 ++-- src/librepgp/stream-sig.h | 22 +- src/librepgp/stream-write.cpp | 154 ++--- src/librepgp/stream-write.h | 22 +- src/librepgp/v2_seipd.h | 4 +- src/libsexp | 2 +- src/rnp/fficli.cpp | 69 ++- src/rnp/fficli.h | 36 +- src/rnp/rnp.cpp | 3 +- src/rnp/rnpcfg.cpp | 6 +- src/rnp/rnpcfg.h | 61 +- src/rnpkeys/main.cpp | 2 +- src/rnpkeys/rnpkeys.cpp | 6 +- src/rnpkeys/tui.cpp | 59 +- src/tests/cipher.cpp | 45 +- src/tests/cipher_cxx.cpp | 10 +- src/tests/cli.cpp | 10 +- .../data/test_key_validity/case5/generate.cpp | 6 +- src/tests/exdsa_ecdhkem.cpp | 47 +- src/tests/ffi-enc.cpp | 200 +++---- src/tests/ffi-key-prop.cpp | 4 +- src/tests/ffi-key-sig.cpp | 18 +- src/tests/ffi-key.cpp | 127 ++-- src/tests/ffi-uid.cpp | 2 +- src/tests/ffi.cpp | 109 ++-- src/tests/generatekey.cpp | 28 +- src/tests/hkdf.cpp | 22 +- src/tests/issues/oss-fuzz-25489.cpp | 2 +- src/tests/kbx-nsigs-test.cpp | 4 +- src/tests/key-add-userid.cpp | 2 +- src/tests/key-protect.cpp | 6 +- src/tests/key-store-search.cpp | 12 +- src/tests/key-unlock.cpp | 16 +- src/tests/key-validate.cpp | 8 +- src/tests/load-g10.cpp | 8 +- src/tests/load-g23.cpp | 4 +- src/tests/load-pgp.cpp | 10 +- src/tests/partial-length.cpp | 2 +- src/tests/pipe.cpp | 2 +- src/tests/pqc.cpp | 41 +- src/tests/s2k-iterations.cpp | 6 +- src/tests/streams.cpp | 30 +- src/tests/support.cpp | 42 +- src/tests/support.h | 54 +- 167 files changed, 3648 insertions(+), 3045 deletions(-) diff --git a/include/rekey/rnp_key_store.h b/include/rekey/rnp_key_store.h index 04faabf75..bcf1d04fa 100644 --- a/include/rekey/rnp_key_store.h +++ b/include/rekey/rnp_key_store.h @@ -64,7 +64,7 @@ typedef std::unordered_map::iterator> pg typedef struct rnp_key_store_t { std::string path; pgp_key_store_format_t format; - rnp::SecurityContext & secctx; + rnp::SecurityContext &secctx; bool disable_validation = false; /* do not automatically validate keys, added to this key store */ @@ -76,8 +76,8 @@ typedef struct rnp_key_store_t { rnp_key_store_t(rnp::SecurityContext &ctx) : path(""), format(PGP_KEY_STORE_UNKNOWN), secctx(ctx){}; rnp_key_store_t(pgp_key_store_format_t format, - const std::string & path, - rnp::SecurityContext & ctx); + const std::string &path, + rnp::SecurityContext &ctx); /* make sure we use only empty constructor */ rnp_key_store_t(rnp_key_store_t &&src) = delete; rnp_key_store_t &operator=(rnp_key_store_t &&) = delete; @@ -120,8 +120,8 @@ pgp_key_t *rnp_key_store_import_key(rnp_key_store_t *, */ pgp_key_t *rnp_key_store_get_signer_key(rnp_key_store_t *store, const pgp_signature_t *sig); -pgp_sig_import_status_t rnp_key_store_import_key_signature(rnp_key_store_t * keyring, - pgp_key_t * key, +pgp_sig_import_status_t rnp_key_store_import_key_signature(rnp_key_store_t *keyring, + pgp_key_t *key, const pgp_signature_t *sig); /** @@ -132,8 +132,8 @@ pgp_sig_import_status_t rnp_key_store_import_key_signature(rnp_key_store_t * * @param status signature import status will be put here, if not NULL. * @return pointer to the key to which this signature belongs (or NULL if key was not found) */ -pgp_key_t *rnp_key_store_import_signature(rnp_key_store_t * keyring, - const pgp_signature_t * sig, +pgp_key_t *rnp_key_store_import_signature(rnp_key_store_t *keyring, + const pgp_signature_t *sig, pgp_sig_import_status_t *status); bool rnp_key_store_remove_key(rnp_key_store_t *, const pgp_key_t *, bool); @@ -142,8 +142,8 @@ bool rnp_key_store_get_key_grip(const pgp_key_material_t *, pgp_key_grip_t &grip const pgp_key_t *rnp_key_store_get_key_by_fpr(const rnp_key_store_t *, const pgp_fingerprint_t &fpr); -pgp_key_t * rnp_key_store_get_key_by_fpr(rnp_key_store_t *, const pgp_fingerprint_t &fpr); -pgp_key_t * rnp_key_store_get_primary_key(rnp_key_store_t *, const pgp_key_t *); +pgp_key_t *rnp_key_store_get_key_by_fpr(rnp_key_store_t *, const pgp_fingerprint_t &fpr); +pgp_key_t *rnp_key_store_get_primary_key(rnp_key_store_t *, const pgp_key_t *); pgp_key_t *rnp_key_store_search(rnp_key_store_t *, const pgp_key_search_t *, pgp_key_t *); #endif /* KEY_STORE_H_ */ diff --git a/include/repgp/repgp_def.h b/include/repgp/repgp_def.h index ff93fc810..ce8c2d9a6 100644 --- a/include/repgp/repgp_def.h +++ b/include/repgp/repgp_def.h @@ -97,10 +97,10 @@ /* Size of the fingerprint */ #define PGP_FINGERPRINT_V4_SIZE 20 #if defined(ENABLE_CRYPTO_REFRESH) - #define PGP_FINGERPRINT_V6_SIZE 32 - #define PGP_MAX_FINGERPRINT_SIZE PGP_FINGERPRINT_V6_SIZE +#define PGP_FINGERPRINT_V6_SIZE 32 +#define PGP_MAX_FINGERPRINT_SIZE PGP_FINGERPRINT_V6_SIZE #else - #define PGP_MAX_FINGERPRINT_SIZE PGP_FINGERPRINT_V4_SIZE +#define PGP_MAX_FINGERPRINT_SIZE PGP_FINGERPRINT_V4_SIZE #endif #define PGP_MAX_FINGERPRINT_HEX_SIZE (PGP_MAX_FINGERPRINT_SIZE * 2) + 1 @@ -116,20 +116,19 @@ /* V6 Signature Salt */ #if defined(ENABLE_CRYPTO_REFRESH) - #define PGP_MAX_SALT_SIZE_V6_SIG 32 +#define PGP_MAX_SALT_SIZE_V6_SIG 32 #endif /* size of length for hashed/unhashed subpacket data*/ #define PGP_SIG_HASHED_AREA_SIZE_OCTETS_V4 2 #if defined(ENABLE_CRYPTO_REFRESH) - #define PGP_SIG_HASHED_AREA_SIZE_OCTETS_V6 4 - #define PGP_MAX_SIG_HASHED_AREA_SIZE_OCTETS PGP_SIG_HASHED_AREA_SIZE_OCTETS_V6 +#define PGP_SIG_HASHED_AREA_SIZE_OCTETS_V6 4 +#define PGP_MAX_SIG_HASHED_AREA_SIZE_OCTETS PGP_SIG_HASHED_AREA_SIZE_OCTETS_V6 #else - #define PGP_MAX_SIG_HASHED_AREA_SIZE_OCTETS PGP_SIG_HASHED_AREA_SIZE_OCTETS_V4 +#define PGP_MAX_SIG_HASHED_AREA_SIZE_OCTETS PGP_SIG_HASHED_AREA_SIZE_OCTETS_V4 #endif - /** Old Packet Format Lengths. * Defines the meanings of the 2 bits for length type in the * old packet format. @@ -237,22 +236,31 @@ typedef enum : uint8_t { #if defined(ENABLE_PQC) /* PQC-ECC composite */ - PGP_PKA_KYBER768_X25519 = 29, /* Kyber768 + X25519 from draft-wussler-openpgp-pqc-01 */ - //PGP_PKA_KYBER1024_X448 = 30, /* Kyer1024 + X448 from draft-wussler-openpgp-pqc-01 */ - PGP_PKA_KYBER768_P256 = 31, /* Kyber768 + NIST P-256 from draft-wussler-openpgp-pqc-01 */ - PGP_PKA_KYBER1024_P384 = 32, /* Kyber1024 + NIST P-384 from draft-wussler-openpgp-pqc-01 */ - PGP_PKA_KYBER768_BP256 = 33, /* Kyber768 + Brainpool P256r1 from draft-wussler-openpgp-pqc-01 */ - PGP_PKA_KYBER1024_BP384 = 34, /* Kyber1024 + Brainpool P384r1 from draft-wussler-openpgp-pqc-01 */ - - PGP_PKA_DILITHIUM3_ED25519 = 35, /* Dilithium 3 + Ed25519 from draft-wussler-openpgp-pqc-01 */ - //PGP_PKA_DILITHIUM5_ED448 = 36, /* Dilithium 5 + Ed448 from draft-wussler-openpgp-pqc-01 */ - PGP_PKA_DILITHIUM3_P256 = 37, /* Dilithium 3 + ECDSA-NIST-P-256 from draft-wussler-openpgp-pqc-01 */ - PGP_PKA_DILITHIUM5_P384 = 38, /* Dilithium 5 + ECDSA-NIST-P-384 from draft-wussler-openpgp-pqc-00*/ - PGP_PKA_DILITHIUM3_BP256 = 39, /* Dilithium 3 + ECDSA-brainpoolP256r1 from draft-wussler-openpgp-pqc-01 */ - PGP_PKA_DILITHIUM5_BP384 = 40, /* Dilithium 5 + ECDSA-brainpoolP384r1 from draft-wussler-openpgp-pqc-01 */ + PGP_PKA_KYBER768_X25519 = 29, /* Kyber768 + X25519 from draft-wussler-openpgp-pqc-01 */ + // PGP_PKA_KYBER1024_X448 = 30, /* Kyer1024 + X448 from + // draft-wussler-openpgp-pqc-01 */ + PGP_PKA_KYBER768_P256 = 31, /* Kyber768 + NIST P-256 from draft-wussler-openpgp-pqc-01 */ + PGP_PKA_KYBER1024_P384 = 32, /* Kyber1024 + NIST P-384 from draft-wussler-openpgp-pqc-01 */ + PGP_PKA_KYBER768_BP256 = + 33, /* Kyber768 + Brainpool P256r1 from draft-wussler-openpgp-pqc-01 */ + PGP_PKA_KYBER1024_BP384 = + 34, /* Kyber1024 + Brainpool P384r1 from draft-wussler-openpgp-pqc-01 */ + + PGP_PKA_DILITHIUM3_ED25519 = + 35, /* Dilithium 3 + Ed25519 from draft-wussler-openpgp-pqc-01 */ + // PGP_PKA_DILITHIUM5_ED448 = 36, /* Dilithium 5 + Ed448 from + // draft-wussler-openpgp-pqc-01 */ + PGP_PKA_DILITHIUM3_P256 = + 37, /* Dilithium 3 + ECDSA-NIST-P-256 from draft-wussler-openpgp-pqc-01 */ + PGP_PKA_DILITHIUM5_P384 = + 38, /* Dilithium 5 + ECDSA-NIST-P-384 from draft-wussler-openpgp-pqc-00*/ + PGP_PKA_DILITHIUM3_BP256 = + 39, /* Dilithium 3 + ECDSA-brainpoolP256r1 from draft-wussler-openpgp-pqc-01 */ + PGP_PKA_DILITHIUM5_BP384 = + 40, /* Dilithium 5 + ECDSA-brainpoolP384r1 from draft-wussler-openpgp-pqc-01 */ #endif - PGP_PKA_SM2 = 99, /* SM2 encryption/signature schemes */ + PGP_PKA_SM2 = 99, /* SM2 encryption/signature schemes */ PGP_PKA_PRIVATE00 = 100, /* Private/Experimental Algorithm */ PGP_PKA_PRIVATE01 = 101, /* Private/Experimental Algorithm */ PGP_PKA_PRIVATE02 = 102, /* Private/Experimental Algorithm */ @@ -313,7 +321,7 @@ typedef enum { PGP_SA_CAMELLIA_192 = 12, /* Camellia with 192-bit key */ PGP_SA_CAMELLIA_256 = 13, /* Camellia with 256-bit key */ - PGP_SA_SM4 = 105, /* RNP extension - SM4 */ + PGP_SA_SM4 = 105, /* RNP extension - SM4 */ PGP_SA_UNKNOWN = 255 } pgp_symm_alg_t; @@ -372,26 +380,26 @@ typedef enum : uint8_t { PGP_SIG_TEXT = 0x01, /* Signature of a canonical text document */ PGP_SIG_STANDALONE = 0x02, /* Standalone signature */ - PGP_CERT_GENERIC = 0x10, /* Generic certification of a User ID and - * Public Key packet */ - PGP_CERT_PERSONA = 0x11, /* Persona certification of a User ID and - * Public Key packet */ - PGP_CERT_CASUAL = 0x12, /* Casual certification of a User ID and - * Public Key packet */ - PGP_CERT_POSITIVE = 0x13, /* Positive certification of a - * User ID and Public Key packet */ + PGP_CERT_GENERIC = 0x10, /* Generic certification of a User ID and + * Public Key packet */ + PGP_CERT_PERSONA = 0x11, /* Persona certification of a User ID and + * Public Key packet */ + PGP_CERT_CASUAL = 0x12, /* Casual certification of a User ID and + * Public Key packet */ + PGP_CERT_POSITIVE = 0x13, /* Positive certification of a + * User ID and Public Key packet */ - PGP_SIG_SUBKEY = 0x18, /* Subkey Binding Signature */ - PGP_SIG_PRIMARY = 0x19, /* Primary Key Binding Signature */ - PGP_SIG_DIRECT = 0x1f, /* Signature directly on a key */ + PGP_SIG_SUBKEY = 0x18, /* Subkey Binding Signature */ + PGP_SIG_PRIMARY = 0x19, /* Primary Key Binding Signature */ + PGP_SIG_DIRECT = 0x1f, /* Signature directly on a key */ PGP_SIG_REV_KEY = 0x20, /* Key revocation signature */ PGP_SIG_REV_SUBKEY = 0x28, /* Subkey revocation signature */ PGP_SIG_REV_CERT = 0x30, /* Certification revocation signature */ - PGP_SIG_TIMESTAMP = 0x40, /* Timestamp signature */ + PGP_SIG_TIMESTAMP = 0x40, /* Timestamp signature */ - PGP_SIG_3RD_PARTY = 0x50 /* Third-Party Confirmation signature */ + PGP_SIG_3RD_PARTY = 0x50 /* Third-Party Confirmation signature */ } pgp_sig_type_t; /** Signature Subpacket Type @@ -440,7 +448,7 @@ typedef enum { /* PGP_SIG_SUBPKT_INTENDED_RECIPIENT_FINGERPRINT = 35, */ PGP_SIG_SUBPKT_PREFERRED_AEAD_CIPHERSUITES = 39, #endif - PGP_SIG_SUBPKT_PRIVATE_100 = 100, /* private/experimental subpackets */ + PGP_SIG_SUBPKT_PRIVATE_100 = 100, /* private/experimental subpackets */ PGP_SIG_SUBPKT_PRIVATE_101 = 101, PGP_SIG_SUBPKT_PRIVATE_102 = 102, PGP_SIG_SUBPKT_PRIVATE_103 = 103, @@ -495,10 +503,7 @@ typedef enum { PGP_PKSK_V6 = 6 #endif } pgp_pkesk_version_t; -typedef enum { - PGP_SE_IP_DATA_V1 = 1, - PGP_SE_IP_DATA_V2 = 2 -} pgp_seipd_version_t; +typedef enum { PGP_SE_IP_DATA_V1 = 1, PGP_SE_IP_DATA_V2 = 2 } pgp_seipd_version_t; /** Version. * OpenPGP has two different protocol versions: version 3 and version 4. diff --git a/include/rnp/rnp.h b/include/rnp/rnp.h index 414cc7dbe..a2bf9fbaf 100644 --- a/include/rnp/rnp.h +++ b/include/rnp/rnp.h @@ -216,21 +216,21 @@ RNP_API RNP_DEPRECATED rnp_result_t rnp_disable_debug(); /* * Opaque structures */ -typedef struct rnp_ffi_st * rnp_ffi_t; -typedef struct rnp_key_handle_st * rnp_key_handle_t; -typedef struct rnp_input_st * rnp_input_t; -typedef struct rnp_output_st * rnp_output_t; -typedef struct rnp_op_generate_st * rnp_op_generate_t; -typedef struct rnp_op_sign_st * rnp_op_sign_t; -typedef struct rnp_op_sign_signature_st * rnp_op_sign_signature_t; -typedef struct rnp_op_verify_st * rnp_op_verify_t; +typedef struct rnp_ffi_st *rnp_ffi_t; +typedef struct rnp_key_handle_st *rnp_key_handle_t; +typedef struct rnp_input_st *rnp_input_t; +typedef struct rnp_output_st *rnp_output_t; +typedef struct rnp_op_generate_st *rnp_op_generate_t; +typedef struct rnp_op_sign_st *rnp_op_sign_t; +typedef struct rnp_op_sign_signature_st *rnp_op_sign_signature_t; +typedef struct rnp_op_verify_st *rnp_op_verify_t; typedef struct rnp_op_verify_signature_st *rnp_op_verify_signature_t; -typedef struct rnp_op_encrypt_st * rnp_op_encrypt_t; +typedef struct rnp_op_encrypt_st *rnp_op_encrypt_t; typedef struct rnp_identifier_iterator_st *rnp_identifier_iterator_t; -typedef struct rnp_uid_handle_st * rnp_uid_handle_t; -typedef struct rnp_signature_handle_st * rnp_signature_handle_t; -typedef struct rnp_recipient_handle_st * rnp_recipient_handle_t; -typedef struct rnp_symenc_handle_st * rnp_symenc_handle_t; +typedef struct rnp_uid_handle_st *rnp_uid_handle_t; +typedef struct rnp_signature_handle_st *rnp_signature_handle_t; +typedef struct rnp_recipient_handle_st *rnp_recipient_handle_t; +typedef struct rnp_symenc_handle_st *rnp_symenc_handle_t; /* Callbacks */ /** @@ -297,9 +297,9 @@ typedef void rnp_output_closer_t(void *app_ctx, bool discard); * @return true if a password was provided, false otherwise */ typedef bool (*rnp_password_cb)(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, + const char *pgp_context, char buf[], size_t buf_len); @@ -329,7 +329,7 @@ typedef bool (*rnp_password_cb)(rnp_ffi_t ffi, * @param secret true if a secret key is being requested */ typedef void (*rnp_get_key_cb)(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, const char *identifier_type, const char *identifier, bool secret); @@ -348,9 +348,9 @@ typedef void (*rnp_get_key_cb)(rnp_ffi_t ffi, * */ typedef void (*rnp_key_signatures_cb)(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_signature_handle_t sig, - uint32_t * action); + uint32_t *action); /** create the top-level object used for interacting with the library * @@ -361,7 +361,7 @@ typedef void (*rnp_key_signatures_cb)(rnp_ffi_t ffi, * RNP_KEYSTORE_* constant * @return RNP_SUCCESS on success, or any other value on error */ -RNP_API rnp_result_t rnp_ffi_create(rnp_ffi_t * ffi, +RNP_API rnp_result_t rnp_ffi_create(rnp_ffi_t *ffi, const char *pub_format, const char *sec_format); @@ -389,10 +389,10 @@ RNP_API rnp_result_t rnp_ffi_set_log_fd(rnp_ffi_t ffi, int fd); */ RNP_API rnp_result_t rnp_ffi_set_key_provider(rnp_ffi_t ffi, rnp_get_key_cb getkeycb, - void * getkeycb_ctx); + void *getkeycb_ctx); RNP_API rnp_result_t rnp_ffi_set_pass_provider(rnp_ffi_t ffi, rnp_password_cb getpasscb, - void * getpasscb_ctx); + void *getpasscb_ctx); /* Operations on key rings */ @@ -443,7 +443,7 @@ RNP_API rnp_result_t rnp_detect_key_format(const uint8_t buf[], size_t buf_len, */ RNP_API rnp_result_t rnp_calculate_iterations(const char *hash, size_t msec, - size_t * iterations); + size_t *iterations); /** Check whether rnp supports specific feature (algorithm, elliptic curve, whatever else). * @@ -552,9 +552,9 @@ RNP_API rnp_result_t rnp_get_security_rule(rnp_ffi_t ffi, const char *type, const char *name, uint64_t time, - uint32_t * flags, - uint64_t * from, - uint32_t * level); + uint32_t *flags, + uint64_t *from, + uint32_t *level); /** * @brief Remove security rule(s), matching the parameters. @@ -583,7 +583,7 @@ RNP_API rnp_result_t rnp_remove_security_rule(rnp_ffi_t ffi, uint32_t level, uint32_t flags, uint64_t from, - size_t * removed); + size_t *removed); /** * @brief Request password via configured FFI's callback @@ -600,8 +600,8 @@ RNP_API rnp_result_t rnp_remove_security_rule(rnp_ffi_t ffi, */ RNP_API rnp_result_t rnp_request_password(rnp_ffi_t ffi, rnp_key_handle_t key, - const char * context, - char ** password); + const char *context, + char **password); /** * @brief Set timestamp, used in all operations instead of system's time. These operations @@ -685,7 +685,7 @@ RNP_API rnp_result_t rnp_unload_keys(rnp_ffi_t ffi, uint32_t flags); RNP_API rnp_result_t rnp_import_keys(rnp_ffi_t ffi, rnp_input_t input, uint32_t flags, - char ** results); + char **results); /** import standalone signatures to the keyring and receive JSON list of the updated * signatures. @@ -729,7 +729,7 @@ RNP_API rnp_result_t rnp_import_keys(rnp_ffi_t ffi, RNP_API rnp_result_t rnp_import_signatures(rnp_ffi_t ffi, rnp_input_t input, uint32_t flags, - char ** results); + char **results); /** save keys * @@ -742,7 +742,7 @@ RNP_API rnp_result_t rnp_import_signatures(rnp_ffi_t ffi, * @return RNP_SUCCESS on success, or any other value on error */ RNP_API rnp_result_t rnp_save_keys(rnp_ffi_t ffi, - const char * format, + const char *format, rnp_output_t output, uint32_t flags); @@ -762,8 +762,8 @@ RNP_API rnp_result_t rnp_get_secret_key_count(rnp_ffi_t ffi, size_t *count); * on error */ RNP_API rnp_result_t rnp_locate_key(rnp_ffi_t ffi, - const char * identifier_type, - const char * identifier, + const char *identifier_type, + const char *identifier, rnp_key_handle_t *key); RNP_API rnp_result_t rnp_key_handle_destroy(rnp_key_handle_t key); @@ -869,8 +869,8 @@ RNP_API rnp_result_t rnp_generate_key_json(rnp_ffi_t ffi, const char *json, char RNP_API rnp_result_t rnp_generate_key_rsa(rnp_ffi_t ffi, uint32_t bits, uint32_t subbits, - const char * userid, - const char * password, + const char *userid, + const char *password, rnp_key_handle_t *key); /** Shortcut function for DSA/ElGamal key-subkey pair generation. See rnp_generate_key_ex() for @@ -879,33 +879,33 @@ RNP_API rnp_result_t rnp_generate_key_rsa(rnp_ffi_t ffi, RNP_API rnp_result_t rnp_generate_key_dsa_eg(rnp_ffi_t ffi, uint32_t bits, uint32_t subbits, - const char * userid, - const char * password, + const char *userid, + const char *password, rnp_key_handle_t *key); /** Shortcut function for ECDSA/ECDH key-subkey pair generation. See rnp_generate_key_ex() for * the detailed parameters description. */ RNP_API rnp_result_t rnp_generate_key_ec(rnp_ffi_t ffi, - const char * curve, - const char * userid, - const char * password, + const char *curve, + const char *userid, + const char *password, rnp_key_handle_t *key); /** Shortcut function for EdDSA/x25519 key-subkey pair generation. See rnp_generate_key_ex() * for the detailed parameters description. */ RNP_API rnp_result_t rnp_generate_key_25519(rnp_ffi_t ffi, - const char * userid, - const char * password, + const char *userid, + const char *password, rnp_key_handle_t *key); /** Shortcut function for SM2/SM2 key-subkey pair generation. See rnp_generate_key_ex() for * for the detailed parameters description. */ RNP_API rnp_result_t rnp_generate_key_sm2(rnp_ffi_t ffi, - const char * userid, - const char * password, + const char *userid, + const char *password, rnp_key_handle_t *key); /** @@ -931,14 +931,14 @@ RNP_API rnp_result_t rnp_generate_key_sm2(rnp_ffi_t ffi, * @return RNP_SUCCESS or error code instead. */ RNP_API rnp_result_t rnp_generate_key_ex(rnp_ffi_t ffi, - const char * key_alg, - const char * sub_alg, + const char *key_alg, + const char *sub_alg, uint32_t key_bits, uint32_t sub_bits, - const char * key_curve, - const char * sub_curve, - const char * userid, - const char * password, + const char *key_curve, + const char *sub_curve, + const char *userid, + const char *password, rnp_key_handle_t *key); /** Create key generation context for the primary key. @@ -953,7 +953,7 @@ RNP_API rnp_result_t rnp_generate_key_ex(rnp_ffi_t ffi, */ RNP_API rnp_result_t rnp_op_generate_create(rnp_op_generate_t *op, rnp_ffi_t ffi, - const char * alg); + const char *alg); /** Create key generation context for the subkey. * Note: you need to have primary key before calling this function. It can be loaded from @@ -970,7 +970,7 @@ RNP_API rnp_result_t rnp_op_generate_create(rnp_op_generate_t *op, RNP_API rnp_result_t rnp_op_generate_subkey_create(rnp_op_generate_t *op, rnp_ffi_t ffi, rnp_key_handle_t primary, - const char * alg); + const char *alg); /** Set bits of the generated key or subkey. * Note: this is applicable only to rsa, dsa and el-gamal keys. @@ -1019,7 +1019,7 @@ RNP_API rnp_result_t rnp_op_generate_set_curve(rnp_op_generate_t op, const char * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_op_generate_set_protection_password(rnp_op_generate_t op, - const char * password); + const char *password); /** * @brief Enable or disable password requesting via ffi's password provider. This password @@ -1043,7 +1043,7 @@ RNP_API rnp_result_t rnp_op_generate_set_request_password(rnp_op_generate_t op, * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_op_generate_set_protection_cipher(rnp_op_generate_t op, - const char * cipher); + const char *cipher); /** Set hash algorithm, used to derive key from password for secret key data encryption. * If not called then default one will be used. @@ -1053,7 +1053,7 @@ RNP_API rnp_result_t rnp_op_generate_set_protection_cipher(rnp_op_generate_t op, * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_op_generate_set_protection_hash(rnp_op_generate_t op, - const char * hash); + const char *hash); /** Set encryption mode, used for secret key data encryption. * Note: currently this makes sense only for G10 key format @@ -1063,7 +1063,7 @@ RNP_API rnp_result_t rnp_op_generate_set_protection_hash(rnp_op_generate_t op, * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_op_generate_set_protection_mode(rnp_op_generate_t op, - const char * mode); + const char *mode); /** Set number of iterations used to derive key from password for secret key encryption. * If not called then default one will be used. @@ -1138,7 +1138,7 @@ RNP_API rnp_result_t rnp_op_generate_clear_pref_hashes(rnp_op_generate_t op); * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_op_generate_add_pref_compression(rnp_op_generate_t op, - const char * compression); + const char *compression); /** Clear the preferred compression algorithms list, so default ones will be used. * @@ -1174,7 +1174,7 @@ RNP_API rnp_result_t rnp_op_generate_clear_pref_ciphers(rnp_op_generate_t op); * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_op_generate_set_pref_keyserver(rnp_op_generate_t op, - const char * keyserver); + const char *keyserver); #if defined(ENABLE_CRYPTO_REFRESH) /** Set the generated key version to v6. @@ -1235,7 +1235,7 @@ RNP_API rnp_result_t rnp_key_export(rnp_key_handle_t key, rnp_output_t output, u */ RNP_API rnp_result_t rnp_key_export_autocrypt(rnp_key_handle_t key, rnp_key_handle_t subkey, - const char * uid, + const char *uid, rnp_output_t output, uint32_t flags); @@ -1259,9 +1259,9 @@ RNP_API rnp_result_t rnp_key_export_autocrypt(rnp_key_handle_t key, RNP_API rnp_result_t rnp_key_export_revocation(rnp_key_handle_t key, rnp_output_t output, uint32_t flags, - const char * hash, - const char * code, - const char * reason); + const char *hash, + const char *code, + const char *reason); /** * @brief revoke a key or subkey by generating and adding revocation signature. @@ -1280,9 +1280,9 @@ RNP_API rnp_result_t rnp_key_export_revocation(rnp_key_handle_t key, */ RNP_API rnp_result_t rnp_key_revoke(rnp_key_handle_t key, uint32_t flags, - const char * hash, - const char * code, - const char * reason); + const char *hash, + const char *code, + const char *reason); /** * @brief Check whether Curve25519 secret key's bits are correctly set, i.e. 3 least @@ -1356,7 +1356,7 @@ RNP_API rnp_result_t rnp_key_remove(rnp_key_handle_t key, uint32_t flags); RNP_API rnp_result_t rnp_key_remove_signatures(rnp_key_handle_t key, uint32_t flags, rnp_key_signatures_cb sigcb, - void * app_ctx); + void *app_ctx); /** * @brief Guess contents of the OpenPGP data stream. @@ -1592,7 +1592,7 @@ RNP_API rnp_result_t rnp_signature_get_creation(rnp_signature_handle_t sig, uint * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_signature_get_expiration(rnp_signature_handle_t sig, - uint32_t * expires); + uint32_t *expires); /** Get signer's key id from the signature. * Note: if key id is not available from the signature then NULL value will @@ -1622,7 +1622,7 @@ RNP_API rnp_result_t rnp_signature_get_key_fprint(rnp_signature_handle_t sig, ch * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_signature_get_signer(rnp_signature_handle_t sig, - rnp_key_handle_t * key); + rnp_key_handle_t *key); /** * @brief Get signature validity, revalidating it if didn't before. @@ -1656,7 +1656,7 @@ RNP_API rnp_result_t rnp_signature_is_valid(rnp_signature_handle_t sig, uint32_t */ RNP_API rnp_result_t rnp_signature_packet_to_json(rnp_signature_handle_t sig, uint32_t flags, - char ** json); + char **json); /** * @brief Remove a signature. @@ -1771,7 +1771,7 @@ RNP_API rnp_result_t rnp_key_get_subkey_at(rnp_key_handle_t key, * was found or any other error code. */ RNP_API rnp_result_t rnp_key_get_default_key(rnp_key_handle_t primary_key, - const char * usage, + const char *usage, uint32_t flags, rnp_key_handle_t *default_key); @@ -1824,8 +1824,8 @@ RNP_API rnp_result_t rnp_key_get_curve(rnp_key_handle_t key, char **curve); * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_key_add_uid(rnp_key_handle_t key, - const char * uid, - const char * hash, + const char *uid, + const char *hash, uint32_t expiration, uint8_t key_flags, bool primary); @@ -1895,8 +1895,8 @@ RNP_API rnp_result_t rnp_key_get_primary_fprint(rnp_key_handle_t key, char **fpr * @return RNP_SUCCESS or error code on failure. */ RNP_API rnp_result_t rnp_key_allows_usage(rnp_key_handle_t key, - const char * usage, - bool * result); + const char *usage, + bool *result); /** * @brief Get the key's creation time. @@ -2103,7 +2103,7 @@ RNP_API rnp_result_t rnp_key_get_protection_hash(rnp_key_handle_t key, char **ha * @return RNP_SUCCESS on success, or any other value on error. */ RNP_API rnp_result_t rnp_key_get_protection_iterations(rnp_key_handle_t key, - size_t * iterations); + size_t *iterations); /** lock the key * @@ -2167,10 +2167,10 @@ RNP_API rnp_result_t rnp_key_is_protected(rnp_key_handle_t key, bool *result); * @return RNP_SUCCESS on success, or any other value on error **/ RNP_API rnp_result_t rnp_key_protect(rnp_key_handle_t handle, - const char * password, - const char * cipher, - const char * cipher_mode, - const char * hash, + const char *password, + const char *cipher, + const char *cipher_mode, + const char *hash, size_t iterations); /** unprotect the key @@ -2235,7 +2235,7 @@ RNP_API rnp_result_t rnp_key_have_public(rnp_key_handle_t key, bool *result); RNP_API rnp_result_t rnp_key_packets_to_json(rnp_key_handle_t key, bool secret, uint32_t flags, - char ** result); + char **result); /** Dump OpenPGP packets stream information to the JSON string. * @param input source with OpenPGP data @@ -2275,7 +2275,7 @@ RNP_API rnp_result_t rnp_key_packets_to_json(rnp_key_handle_t key, */ RNP_API rnp_result_t rnp_dump_packets_to_json(rnp_input_t input, uint32_t flags, - char ** result); + char **result); /** Dump OpenPGP packets stream information to output in humand-readable format. * @param input source with OpenPGP data @@ -2349,7 +2349,7 @@ RNP_API rnp_result_t rnp_op_sign_add_signature(rnp_op_sign_t op, * @return RNP_SUCCESS or error code if failed */ RNP_API rnp_result_t rnp_op_sign_signature_set_hash(rnp_op_sign_signature_t sig, - const char * hash); + const char *hash); /** @brief Set signature creation time. By default current time is used or value set by * rnp_op_encrypt_set_creation_time/rnp_op_sign_set_creation_time @@ -2377,7 +2377,7 @@ RNP_API rnp_result_t rnp_op_sign_signature_set_expiration_time(rnp_op_sign_signa * @return RNP_SUCCESS or error code if failed */ RNP_API rnp_result_t rnp_op_sign_set_compression(rnp_op_sign_t op, - const char * compression, + const char *compression, int level); /** @brief Enabled or disable armored (textual) output. Doesn't make sense for cleartext sign. @@ -2540,8 +2540,8 @@ RNP_API rnp_result_t rnp_op_verify_get_signature_at(rnp_op_verify_t o * @return RNP_SUCCESS if call succeeded. */ RNP_API rnp_result_t rnp_op_verify_get_file_info(rnp_op_verify_t op, - char ** filename, - uint32_t * mtime); + char **filename, + uint32_t *mtime); /** * @brief Get data protection (encryption) mode, used in processed message. @@ -2563,9 +2563,9 @@ RNP_API rnp_result_t rnp_op_verify_get_file_info(rnp_op_verify_t op, * @return RNP_SUCCESS if call succeeded, or error code otherwise. */ RNP_API rnp_result_t rnp_op_verify_get_protection_info(rnp_op_verify_t op, - char ** mode, - char ** cipher, - bool * valid); + char **mode, + char **cipher, + bool *valid); /** * @brief Get number of public keys (recipients) to whom message was encrypted to. @@ -2710,7 +2710,7 @@ RNP_API rnp_result_t rnp_symenc_get_s2k_type(rnp_symenc_handle_t symenc, char ** * @return RNP_SUCCESS if call succeeded, or error code otherwise. */ RNP_API rnp_result_t rnp_symenc_get_s2k_iterations(rnp_symenc_handle_t symenc, - uint32_t * iterations); + uint32_t *iterations); /** @brief Free resources allocated in verification context. * @param op opaque verification context. Must be initialized. @@ -2738,7 +2738,7 @@ RNP_API rnp_result_t rnp_op_verify_signature_get_status(rnp_op_verify_signature_ * @return RNP_SUCCESS or error code if failed. */ RNP_API rnp_result_t rnp_op_verify_signature_get_handle(rnp_op_verify_signature_t sig, - rnp_signature_handle_t * handle); + rnp_signature_handle_t *handle); /** @brief Get hash function used to calculate signature * @param sig opaque signature context obtained via rnp_op_verify_get_signature_at call. @@ -2747,7 +2747,7 @@ RNP_API rnp_result_t rnp_op_verify_signature_get_handle(rnp_op_verify_signature_ * @return RNP_SUCCESS or error code otherwise */ RNP_API rnp_result_t rnp_op_verify_signature_get_hash(rnp_op_verify_signature_t sig, - char ** hash); + char **hash); /** @brief Get key used for signing * @param sig opaque signature context obtained via rnp_op_verify_get_signature_at call. @@ -2755,7 +2755,7 @@ RNP_API rnp_result_t rnp_op_verify_signature_get_hash(rnp_op_verify_signature_t * @return RNP_SUCCESS or error code otherwise */ RNP_API rnp_result_t rnp_op_verify_signature_get_key(rnp_op_verify_signature_t sig, - rnp_key_handle_t * key); + rnp_key_handle_t *key); /** @brief Get signature creation and expiration times * @param sig opaque signature context obtained via rnp_op_verify_get_signature_at call. @@ -2766,8 +2766,8 @@ RNP_API rnp_result_t rnp_op_verify_signature_get_key(rnp_op_verify_signature_t s * @return RNP_SUCCESS or error code otherwise */ RNP_API rnp_result_t rnp_op_verify_signature_get_times(rnp_op_verify_signature_t sig, - uint32_t * create, - uint32_t * expires); + uint32_t *create, + uint32_t *expires); /** * @brief Free buffer allocated by a function in this header. @@ -2814,7 +2814,7 @@ RNP_API rnp_result_t rnp_input_from_stdin(rnp_input_t *input); * is valid and not modified during the lifetime of this object. * @return RNP_SUCCESS if operation succeeded or error code otherwise */ -RNP_API rnp_result_t rnp_input_from_memory(rnp_input_t * input, +RNP_API rnp_result_t rnp_input_from_memory(rnp_input_t *input, const uint8_t buf[], size_t buf_len, bool do_copy); @@ -2828,10 +2828,10 @@ RNP_API rnp_result_t rnp_input_from_memory(rnp_input_t * input, * @param app_ctx context to pass as parameter to reader and closer * @return RNP_SUCCESS if operation succeeded or error code otherwise */ -RNP_API rnp_result_t rnp_input_from_callback(rnp_input_t * input, +RNP_API rnp_result_t rnp_input_from_callback(rnp_input_t *input, rnp_input_reader_t *reader, rnp_input_closer_t *closer, - void * app_ctx); + void *app_ctx); /** * @brief Close previously opened input and free all corresponding resources @@ -2866,7 +2866,7 @@ RNP_API rnp_result_t rnp_output_to_path(rnp_output_t *output, const char *path); * otherwise. */ RNP_API rnp_result_t rnp_output_to_file(rnp_output_t *output, - const char * path, + const char *path, uint32_t flags); /** @@ -2899,7 +2899,7 @@ RNP_API rnp_result_t rnp_output_to_memory(rnp_output_t *output, size_t max_alloc */ RNP_API rnp_result_t rnp_output_to_armor(rnp_output_t base, rnp_output_t *output, - const char * type); + const char *type); /** * @brief Get the pointer to the buffer of output, initialized by rnp_output_to_memory @@ -2914,8 +2914,8 @@ RNP_API rnp_result_t rnp_output_to_armor(rnp_output_t base, * @return RNP_SUCCESS if operation succeeded or error code otherwise. */ RNP_API rnp_result_t rnp_output_memory_get_buf(rnp_output_t output, - uint8_t ** buf, - size_t * len, + uint8_t **buf, + size_t *len, bool do_copy); /** @@ -2927,10 +2927,10 @@ RNP_API rnp_result_t rnp_output_memory_get_buf(rnp_output_t output, * @param app_ctx context parameter which will be passed to writer and closer. * @return RNP_SUCCESS if operation succeeded or error code otherwise. */ -RNP_API rnp_result_t rnp_output_to_callback(rnp_output_t * output, +RNP_API rnp_result_t rnp_output_to_callback(rnp_output_t *output, rnp_output_writer_t *writer, rnp_output_closer_t *closer, - void * app_ctx); + void *app_ctx); /** * @brief Initialize output structure which will discard all data @@ -2950,9 +2950,9 @@ RNP_API rnp_result_t rnp_output_to_null(rnp_output_t *output); * @return rnp_result_t RNP_SUCCESS if operation succeeded or error code otherwise. */ RNP_API rnp_result_t rnp_output_write(rnp_output_t output, - const void * data, + const void *data, size_t size, - size_t * written); + size_t *written); /** * @brief Finish writing to the output. @@ -2991,8 +2991,8 @@ RNP_API rnp_result_t rnp_op_encrypt_add_recipient(rnp_op_encrypt_t op, rnp_key_h #if defined(ENABLE_CRYPTO_REFRESH) /** - * @brief Enables the creation of PKESK v6 (instead of v3) which results in the use of SEIPDv2. - * The actually created version depends on the capabilities of the list of recipients. + * @brief Enables the creation of PKESK v6 (instead of v3) which results in the use of SEIPDv2. + * The actually created version depends on the capabilities of the list of recipients. * * @param op opaque encrypting context. Must be allocated and initialized. * @return RNP_SUCCESS or errorcode if failed. @@ -3064,10 +3064,10 @@ RNP_API rnp_result_t rnp_op_encrypt_set_expiration_time(rnp_op_encrypt_t op, uin * @return RNP_SUCCESS or error code if failed */ RNP_API rnp_result_t rnp_op_encrypt_add_password(rnp_op_encrypt_t op, - const char * password, - const char * s2k_hash, + const char *password, + const char *s2k_hash, size_t iterations, - const char * s2k_cipher); + const char *s2k_cipher); /** * @brief Set whether output should be ASCII-armored, or binary. @@ -3120,7 +3120,7 @@ RNP_API rnp_result_t rnp_op_encrypt_set_aead_bits(rnp_op_encrypt_t op, int bits) * @return RNP_SUCCESS on success, or any other value on error */ RNP_API rnp_result_t rnp_op_encrypt_set_compression(rnp_op_encrypt_t op, - const char * compression, + const char *compression, int level); /** @@ -3185,8 +3185,8 @@ RNP_API rnp_result_t rnp_decrypt(rnp_ffi_t ffi, rnp_input_t input, rnp_output_t * @return RNP_SUCCESS on success, or any other value on error */ RNP_API rnp_result_t rnp_get_public_key_data(rnp_key_handle_t handle, - uint8_t ** buf, - size_t * buf_len); + uint8_t **buf, + size_t *buf_len); /** retrieve the raw data for a secret key * @@ -3201,8 +3201,8 @@ RNP_API rnp_result_t rnp_get_public_key_data(rnp_key_handle_t handle, * @return RNP_SUCCESS on success, or any other value on error */ RNP_API rnp_result_t rnp_get_secret_key_data(rnp_key_handle_t handle, - uint8_t ** buf, - size_t * buf_len); + uint8_t **buf, + size_t *buf_len); /** output key information to JSON structure and serialize it to the string * @@ -3325,7 +3325,7 @@ RNP_API rnp_result_t rnp_identifier_iterator_create(rnp_ffi_t f * @return RNP_SUCCESS on success, or any other value on error */ RNP_API rnp_result_t rnp_identifier_iterator_next(rnp_identifier_iterator_t it, - const char ** identifier); + const char **identifier); /** destroy an identifier iterator * diff --git a/src/common/file-utils.h b/src/common/file-utils.h index 1993d173f..3a355d919 100644 --- a/src/common/file-utils.h +++ b/src/common/file-utils.h @@ -36,8 +36,8 @@ bool rnp_file_exists(const char *path); bool rnp_dir_exists(const char *path); int64_t rnp_filemtime(const char *path); int rnp_open(const char *filename, int oflag, int pmode); -FILE * rnp_fopen(const char *filename, const char *mode); -FILE * rnp_fdopen(int fildes, const char *mode); +FILE *rnp_fopen(const char *filename, const char *mode); +FILE *rnp_fdopen(int fildes, const char *mode); int rnp_access(const char *path, int mode); int rnp_stat(const char *filename, struct stat *statbuf); int rnp_rename(const char *oldpath, const char *newpath); @@ -46,11 +46,11 @@ int rnp_unlink(const char *path); #ifdef _WIN32 #define rnp_closedir _wclosedir int rnp_mkdir(const char *path); -_WDIR * rnp_opendir(const char *path); +_WDIR *rnp_opendir(const char *path); std::string rnp_readdir_name(_WDIR *dir); #else #define rnp_closedir closedir -DIR * rnp_opendir(const char *path); +DIR *rnp_opendir(const char *path); std::string rnp_readdir_name(DIR *dir); #endif #ifdef _WIN32 diff --git a/src/common/uniwin.h b/src/common/uniwin.h index 095c325bc..84e8d88b2 100644 --- a/src/common/uniwin.h +++ b/src/common/uniwin.h @@ -44,7 +44,7 @@ #define STDOUT_FILENO 1 #define STDERR_FILENO 2 -#define NOMINMAX 1 /* to retain std::min and std::max */ +#define NOMINMAX 1 /* to retain std::min and std::max */ #include #include /* for S_ISREG and S_ISDIR */ diff --git a/src/examples/decrypt.c b/src/examples/decrypt.c index 5454a4b72..691483c19 100644 --- a/src/examples/decrypt.c +++ b/src/examples/decrypt.c @@ -34,9 +34,9 @@ * stdin, or choose password based on key properties, whatever else */ static bool example_pass_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, + const char *pgp_context, char buf[], size_t buf_len) { @@ -59,7 +59,7 @@ ffi_decrypt(bool usekeys) rnp_input_t keyfile = NULL; rnp_input_t input = NULL; rnp_output_t output = NULL; - uint8_t * buf = NULL; + uint8_t *buf = NULL; size_t buf_len = 0; int result = 1; diff --git a/src/examples/dump.c b/src/examples/dump.c index dc2464477..1e87b54f9 100644 --- a/src/examples/dump.c +++ b/src/examples/dump.c @@ -79,7 +79,7 @@ stdout_writer(void *app_ctx, const void *buf, size_t len) int main(int argc, char *const argv[]) { - char * input_file = NULL; + char *input_file = NULL; uint32_t flags = 0; uint32_t jflags = 0; bool json = false; diff --git a/src/examples/encrypt.c b/src/examples/encrypt.c index 0b07fd40f..22c870bb4 100644 --- a/src/examples/encrypt.c +++ b/src/examples/encrypt.c @@ -39,7 +39,7 @@ ffi_encrypt() rnp_input_t keyfile = NULL; rnp_input_t input = NULL; rnp_output_t output = NULL; - const char * message = "RNP encryption sample message"; + const char *message = "RNP encryption sample message"; int result = 1; /* initialize FFI object */ diff --git a/src/examples/generate.c b/src/examples/generate.c index 979e63e87..f8fbc5515 100644 --- a/src/examples/generate.c +++ b/src/examples/generate.c @@ -82,9 +82,9 @@ You may ask for password via stdin, or choose password based on key properties, */ static bool example_pass_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, + const char *pgp_context, char buf[], size_t buf_len) { @@ -103,7 +103,7 @@ ffi_print_key(rnp_ffi_t ffi, const char *uid, bool secret) rnp_output_t keydata = NULL; rnp_key_handle_t key = NULL; uint32_t flags = RNP_KEY_EXPORT_ARMORED | RNP_KEY_EXPORT_SUBKEYS; - uint8_t * buf = NULL; + uint8_t *buf = NULL; size_t buf_len = 0; bool result = false; @@ -146,7 +146,7 @@ ffi_export_key(rnp_ffi_t ffi, const char *uid, bool secret) rnp_key_handle_t key = NULL; uint32_t flags = RNP_KEY_EXPORT_ARMORED | RNP_KEY_EXPORT_SUBKEYS; char filename[32] = {0}; - char * keyid = NULL; + char *keyid = NULL; bool result = false; /* you may search for the key via userid, keyid, fingerprint, grip */ @@ -188,7 +188,7 @@ ffi_generate_keys() { rnp_ffi_t ffi = NULL; rnp_output_t keyfile = NULL; - char * key_grips = NULL; + char *key_grips = NULL; int result = 1; /* initialize FFI object */ diff --git a/src/examples/sign.c b/src/examples/sign.c index 678dd910e..fe9ff1018 100644 --- a/src/examples/sign.c +++ b/src/examples/sign.c @@ -33,9 +33,9 @@ /* sample pass provider implementation, which always return 'password' */ static bool example_pass_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, + const char *pgp_context, char buf[], size_t buf_len) { @@ -52,7 +52,7 @@ ffi_sign() rnp_output_t output = NULL; rnp_op_sign_t sign = NULL; rnp_key_handle_t key = NULL; - const char * message = "RNP signing sample message"; + const char *message = "RNP signing sample message"; int result = 1; /* initialize FFI object */ diff --git a/src/examples/verify.c b/src/examples/verify.c index 17f42a82c..c60b5322c 100644 --- a/src/examples/verify.c +++ b/src/examples/verify.c @@ -32,7 +32,7 @@ /* example key provider which loads key from file based on its keyid */ static void example_key_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, const char *identifier_type, const char *identifier, bool secret) @@ -74,7 +74,7 @@ ffi_verify() rnp_op_verify_t verify = NULL; rnp_input_t input = NULL; rnp_output_t output = NULL; - uint8_t * buf = NULL; + uint8_t *buf = NULL; size_t buf_len = 0; size_t sigcount = 0; int result = 1; @@ -119,7 +119,7 @@ ffi_verify() rnp_op_verify_signature_t sig = NULL; rnp_result_t sigstatus = RNP_SUCCESS; rnp_key_handle_t key = NULL; - char * keyid = NULL; + char *keyid = NULL; if (rnp_op_verify_get_signature_at(verify, i, &sig) != RNP_SUCCESS) { fprintf(stdout, "failed to get signature %d\n", (int) i); diff --git a/src/lib/crypto.cpp b/src/lib/crypto.cpp index 9365dd2bc..db34578df 100644 --- a/src/lib/crypto.cpp +++ b/src/lib/crypto.cpp @@ -82,7 +82,7 @@ __RCSID("$NetBSD: crypto.c,v 1.36 2014/02/17 07:39:19 agc Exp $"); bool pgp_generate_seckey(const rnp_keygen_crypto_params_t &crypto, - pgp_key_pkt_t & seckey, + pgp_key_pkt_t &seckey, bool primary, pgp_version_t pgp_version) { @@ -151,38 +151,53 @@ pgp_generate_seckey(const rnp_keygen_crypto_params_t &crypto, break; #if defined(ENABLE_CRYPTO_REFRESH) case PGP_PKA_ED25519: - if(generate_ed25519_native(&crypto.ctx->rng, seckey.material.ed25519.priv, seckey.material.ed25519.pub) != RNP_SUCCESS) { + if (generate_ed25519_native(&crypto.ctx->rng, + seckey.material.ed25519.priv, + seckey.material.ed25519.pub) != RNP_SUCCESS) { RNP_LOG("failed to generate ED25519 key"); return false; } break; case PGP_PKA_X25519: - if(generate_x25519_native(&crypto.ctx->rng, seckey.material.x25519.priv, seckey.material.x25519.pub) != RNP_SUCCESS) { + if (generate_x25519_native(&crypto.ctx->rng, + seckey.material.x25519.priv, + seckey.material.x25519.pub) != RNP_SUCCESS) { RNP_LOG("failed to generate X25519 key"); return false; } break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: - if(pgp_kyber_ecdh_composite_key_t::gen_keypair(&crypto.ctx->rng, &seckey.material.kyber_ecdh, seckey.alg)) { + if (pgp_kyber_ecdh_composite_key_t::gen_keypair( + &crypto.ctx->rng, &seckey.material.kyber_ecdh, seckey.alg)) { RNP_LOG("failed to generate Kyber-ECDH-composite key for PK alg %d", seckey.alg); return false; } break; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: - if(pgp_dilithium_exdsa_composite_key_t::gen_keypair(&crypto.ctx->rng, &seckey.material.dilithium_exdsa, seckey.alg)) { - RNP_LOG("failed to generate Dilithium-ecdsa/eddsa-composite key for PK alg %d", seckey.alg); + if (pgp_dilithium_exdsa_composite_key_t::gen_keypair( + &crypto.ctx->rng, &seckey.material.dilithium_exdsa, seckey.alg)) { + RNP_LOG("failed to generate Dilithium-ecdsa/eddsa-composite key for PK alg %d", + seckey.alg); return false; } break; @@ -234,18 +249,26 @@ key_material_equal(const pgp_key_material_t *key1, const pgp_key_material_t *key return (key1->x25519.pub == key2->x25519.pub); #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: return (key1->kyber_ecdh.pub == key2->kyber_ecdh.pub); - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: return (key1->dilithium_exdsa.pub == key2->dilithium_exdsa.pub); #endif @@ -297,24 +320,32 @@ validate_pgp_key_material(const pgp_key_material_t *material, rnp::RNG *rng) return elgamal_validate_key(&material->eg, material->secret) ? RNP_SUCCESS : RNP_ERROR_GENERIC; #if defined(ENABLE_CRYPTO_REFRESH) - case PGP_PKA_ED25519: + case PGP_PKA_ED25519: return ed25519_validate_key_native(rng, &material->ed25519, material->secret); - case PGP_PKA_X25519: + case PGP_PKA_X25519: return x25519_validate_key_native(rng, &material->x25519, material->secret); #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: return kyber_ecdh_validate_key(rng, &material->kyber_ecdh, material->secret); - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: return dilithium_exdsa_validate_key(rng, &material->dilithium_exdsa, material->secret); #endif diff --git a/src/lib/crypto.h b/src/lib/crypto.h index 4fd1f81d8..15884f3df 100644 --- a/src/lib/crypto.h +++ b/src/lib/crypto.h @@ -61,7 +61,7 @@ /* raw key generation */ bool pgp_generate_seckey(const rnp_keygen_crypto_params_t ¶ms, - pgp_key_pkt_t & seckey, + pgp_key_pkt_t &seckey, bool primary, pgp_version_t pgp_version = PGP_V4); @@ -76,8 +76,8 @@ bool pgp_generate_seckey(const rnp_keygen_crypto_params_t ¶ms, **/ bool pgp_generate_primary_key(rnp_keygen_primary_desc_t &desc, bool merge_defaults, - pgp_key_t & primary_sec, - pgp_key_t & primary_pub, + pgp_key_t &primary_sec, + pgp_key_t &primary_pub, pgp_key_store_format_t secformat); /** generate a new subkey @@ -95,12 +95,12 @@ bool pgp_generate_primary_key(rnp_keygen_primary_desc_t &desc, * decrypt the primary key, may be NULL if primary key is unlocked * @return true if successful, false otherwise. **/ -bool pgp_generate_subkey(rnp_keygen_subkey_desc_t & desc, +bool pgp_generate_subkey(rnp_keygen_subkey_desc_t &desc, bool merge_defaults, - pgp_key_t & primary_sec, - pgp_key_t & primary_pub, - pgp_key_t & subkey_sec, - pgp_key_t & subkey_pub, + pgp_key_t &primary_sec, + pgp_key_t &primary_pub, + pgp_key_t &subkey_sec, + pgp_key_t &subkey_pub, const pgp_password_provider_t &password_provider, pgp_key_store_format_t secformat); diff --git a/src/lib/crypto/backend_version.cpp b/src/lib/crypto/backend_version.cpp index 859b048c3..a71b680b7 100644 --- a/src/lib/crypto/backend_version.cpp +++ b/src/lib/crypto/backend_version.cpp @@ -72,11 +72,11 @@ backend_version() if (version[0]) { return version; } - const char *reg = "OpenSSL (([0-9]\\.[0-9]\\.[0-9])[a-z]*(-beta[0-9])*(-dev)*) "; + const char *reg = "OpenSSL (([0-9]\\.[0-9]\\.[0-9])[a-z]*(-beta[0-9])*(-dev)*) "; #ifndef RNP_USE_STD_REGEX static regex_t r; regmatch_t matches[5]; - const char * ver = OpenSSL_version(OPENSSL_VERSION); + const char *ver = OpenSSL_version(OPENSSL_VERSION); if (!strlen(version)) { if (regcomp(&r, reg, REG_EXTENDED) != 0) { diff --git a/src/lib/crypto/bn.h b/src/lib/crypto/bn.h index a4cfa1acd..4bcc48a2b 100644 --- a/src/lib/crypto/bn.h +++ b/src/lib/crypto/bn.h @@ -51,7 +51,7 @@ typedef struct bignum_t_st { /*********************************/ bignum_t *bn_new(void); -void bn_free(bignum_t * /*a*/); +void bn_free(bignum_t */*a*/); int bn_bn2bin(const bignum_t * /*a*/, unsigned char * /*b*/); diff --git a/src/lib/crypto/cipher.hpp b/src/lib/crypto/cipher.hpp index f683b7640..5b1587618 100644 --- a/src/lib/crypto/cipher.hpp +++ b/src/lib/crypto/cipher.hpp @@ -52,22 +52,22 @@ class Cipher { virtual size_t update_granularity() const = 0; // input_length must be a multiple of update_granularity - virtual bool update(uint8_t * output, + virtual bool update(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) = 0; + size_t *input_consumed) = 0; /** * @brief Finalize cipher. For AEAD mode, depending on backend, may require whole * authentication tag to be present in input. */ - virtual bool finish(uint8_t * output, + virtual bool finish(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) = 0; + size_t *input_consumed) = 0; virtual ~Cipher(); diff --git a/src/lib/crypto/cipher_botan.cpp b/src/lib/crypto/cipher_botan.cpp index 6f4a4fcf2..81fc3ab2b 100644 --- a/src/lib/crypto/cipher_botan.cpp +++ b/src/lib/crypto/cipher_botan.cpp @@ -165,12 +165,12 @@ Cipher_Botan::set_ad(const uint8_t *ad, size_t ad_length) } bool -Cipher_Botan::update(uint8_t * output, +Cipher_Botan::update(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) + size_t *input_consumed) { try { size_t ud = this->update_granularity(); @@ -198,12 +198,12 @@ Cipher_Botan::update(uint8_t * output, } bool -Cipher_Botan::finish(uint8_t * output, +Cipher_Botan::finish(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) + size_t *input_consumed) { try { *input_consumed = 0; diff --git a/src/lib/crypto/cipher_botan.hpp b/src/lib/crypto/cipher_botan.hpp index 517d38b6a..1eb552e4e 100644 --- a/src/lib/crypto/cipher_botan.hpp +++ b/src/lib/crypto/cipher_botan.hpp @@ -47,18 +47,18 @@ class Cipher_Botan : public Cipher { size_t update_granularity() const override; - bool update(uint8_t * output, + bool update(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) override; - bool finish(uint8_t * output, + size_t *input_consumed) override; + bool finish(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) override; + size_t *input_consumed) override; virtual ~Cipher_Botan(); private: diff --git a/src/lib/crypto/cipher_ossl.cpp b/src/lib/crypto/cipher_ossl.cpp index bb81d488a..df7d30b8a 100644 --- a/src/lib/crypto/cipher_ossl.cpp +++ b/src/lib/crypto/cipher_ossl.cpp @@ -186,12 +186,12 @@ Cipher_OpenSSL::update_granularity() const } bool -Cipher_OpenSSL::update(uint8_t * output, +Cipher_OpenSSL::update(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) + size_t *input_consumed) { if (input_length > INT_MAX) { return false; @@ -213,12 +213,12 @@ Cipher_OpenSSL::update(uint8_t * output, } bool -Cipher_OpenSSL::finish(uint8_t * output, +Cipher_OpenSSL::finish(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) + size_t *input_consumed) { if (input_length > INT_MAX) { return false; diff --git a/src/lib/crypto/cipher_ossl.hpp b/src/lib/crypto/cipher_ossl.hpp index da2bb4efe..d63d770f9 100644 --- a/src/lib/crypto/cipher_ossl.hpp +++ b/src/lib/crypto/cipher_ossl.hpp @@ -48,18 +48,18 @@ class Cipher_OpenSSL : public Cipher { size_t update_granularity() const override; // input_length should not exceed INT_MAX - bool update(uint8_t * output, + bool update(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) override; - bool finish(uint8_t * output, + size_t *input_consumed) override; + bool finish(uint8_t *output, size_t output_length, - size_t * output_written, + size_t *output_written, const uint8_t *input, size_t input_length, - size_t * input_consumed) override; + size_t *input_consumed) override; virtual ~Cipher_OpenSSL(); private: diff --git a/src/lib/crypto/dilithium.cpp b/src/lib/crypto/dilithium.cpp index ff372c3ee..d6c563ae8 100644 --- a/src/lib/crypto/dilithium.cpp +++ b/src/lib/crypto/dilithium.cpp @@ -65,7 +65,7 @@ Dilithium_PublicKey pgp_dilithium_public_key_t::botan_key() const { return Dilithium_PublicKey(key_encoded_, - rnp_dilithium_param_to_botan_dimension(dilithium_param_)); + rnp_dilithium_param_to_botan_dimension(dilithium_param_)); } Dilithium_PrivateKey @@ -74,8 +74,7 @@ pgp_dilithium_private_key_t::botan_key() const secure_vector priv_sv(key_encoded_.data(), key_encoded_.data() + key_encoded_.size()); return Dilithium_PrivateKey( - priv_sv, - rnp_dilithium_param_to_botan_dimension(this->dilithium_param_)); + priv_sv, rnp_dilithium_param_to_botan_dimension(this->dilithium_param_)); } bool @@ -92,8 +91,7 @@ pgp_dilithium_public_key_t::verify_signature(const uint8_t *msg, } std::pair -dilithium_generate_keypair( - rnp::RNG *rng, dilithium_parameter_e dilithium_param) +dilithium_generate_keypair(rnp::RNG *rng, dilithium_parameter_e dilithium_param) { Dilithium_PrivateKey priv_key(*rng->obj(), rnp_dilithium_param_to_botan_dimension(dilithium_param)); @@ -106,21 +104,23 @@ dilithium_generate_keypair( } bool -pgp_dilithium_public_key_t::is_valid(rnp::RNG *rng) const { - if(!is_initialized_) { +pgp_dilithium_public_key_t::is_valid(rnp::RNG *rng) const +{ + if (!is_initialized_) { return false; } - auto key = botan_key(); + auto key = botan_key(); return key.check_key(*(rng->obj()), false); } bool -pgp_dilithium_private_key_t::is_valid(rnp::RNG *rng) const { - if(!is_initialized_) { +pgp_dilithium_private_key_t::is_valid(rnp::RNG *rng) const +{ + if (!is_initialized_) { return false; } - auto key = botan_key(); + auto key = botan_key(); return key.check_key(*(rng->obj()), false); } \ No newline at end of file diff --git a/src/lib/crypto/dilithium.h b/src/lib/crypto/dilithium.h index a93c32176..3d5c0470f 100644 --- a/src/lib/crypto/dilithium.h +++ b/src/lib/crypto/dilithium.h @@ -43,7 +43,7 @@ enum dilithium_parameter_e { dilithium_L3, dilithium_L5 }; class pgp_dilithium_private_key_t { public: - pgp_dilithium_private_key_t(const uint8_t * key_encoded, + pgp_dilithium_private_key_t(const uint8_t *key_encoded, size_t key_encoded_len, dilithium_parameter_e param); pgp_dilithium_private_key_t(std::vector const &key_encoded, @@ -69,22 +69,24 @@ class pgp_dilithium_private_key_t { Botan::Dilithium_PrivateKey botan_key() const; Botan::secure_vector key_encoded_; - dilithium_parameter_e dilithium_param_; - bool is_initialized_ = false; + dilithium_parameter_e dilithium_param_; + bool is_initialized_ = false; }; class pgp_dilithium_public_key_t { public: - pgp_dilithium_public_key_t(const uint8_t * key_encoded, + pgp_dilithium_public_key_t(const uint8_t *key_encoded, size_t key_encoded_len, dilithium_parameter_e mode); pgp_dilithium_public_key_t(std::vector const &key_encoded, dilithium_parameter_e mode); pgp_dilithium_public_key_t() = default; - bool operator==(const pgp_dilithium_public_key_t &rhs) const + bool + operator==(const pgp_dilithium_public_key_t &rhs) const { - return (dilithium_param_ == rhs.dilithium_param_) && (key_encoded_ == rhs.key_encoded_); + return (dilithium_param_ == rhs.dilithium_param_) && + (key_encoded_ == rhs.key_encoded_); } bool verify_signature(const uint8_t *msg, @@ -105,7 +107,7 @@ class pgp_dilithium_public_key_t { std::vector key_encoded_; dilithium_parameter_e dilithium_param_; - bool is_initialized_ = false; + bool is_initialized_ = false; }; std::pair dilithium_generate_keypair( diff --git a/src/lib/crypto/dilithium_common.cpp b/src/lib/crypto/dilithium_common.cpp index a98df723d..6867a123a 100644 --- a/src/lib/crypto/dilithium_common.cpp +++ b/src/lib/crypto/dilithium_common.cpp @@ -32,10 +32,11 @@ #include "types.h" #include "logging.h" -pgp_dilithium_public_key_t::pgp_dilithium_public_key_t(const uint8_t * key_encoded, +pgp_dilithium_public_key_t::pgp_dilithium_public_key_t(const uint8_t *key_encoded, size_t key_encoded_len, dilithium_parameter_e param) - : key_encoded_(key_encoded, key_encoded + key_encoded_len), dilithium_param_(param), is_initialized_(true) + : key_encoded_(key_encoded, key_encoded + key_encoded_len), dilithium_param_(param), + is_initialized_(true) { } @@ -45,53 +46,59 @@ pgp_dilithium_public_key_t::pgp_dilithium_public_key_t(std::vector cons { } -pgp_dilithium_private_key_t::pgp_dilithium_private_key_t(const uint8_t * key_encoded, +pgp_dilithium_private_key_t::pgp_dilithium_private_key_t(const uint8_t *key_encoded, size_t key_encoded_len, dilithium_parameter_e param) - : key_encoded_(key_encoded, key_encoded + key_encoded_len), dilithium_param_(param), is_initialized_(true) + : key_encoded_(key_encoded, key_encoded + key_encoded_len), dilithium_param_(param), + is_initialized_(true) { } pgp_dilithium_private_key_t::pgp_dilithium_private_key_t( std::vector const &key_encoded, dilithium_parameter_e param) : key_encoded_(Botan::secure_vector(key_encoded.begin(), key_encoded.end())), - dilithium_param_(param), - is_initialized_(true) + dilithium_param_(param), is_initialized_(true) { } -size_t dilithium_privkey_size(dilithium_parameter_e parameter) { - switch(parameter) { - case dilithium_L3: - return 4000; - case dilithium_L5: - return 4864; - default: - RNP_LOG("invalid parameter given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +size_t +dilithium_privkey_size(dilithium_parameter_e parameter) +{ + switch (parameter) { + case dilithium_L3: + return 4000; + case dilithium_L5: + return 4864; + default: + RNP_LOG("invalid parameter given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } -size_t dilithium_pubkey_size(dilithium_parameter_e parameter) { - switch(parameter) { - case dilithium_L3: - return 1952; - case dilithium_L5: - return 2592; - default: - RNP_LOG("invalid parameter given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +size_t +dilithium_pubkey_size(dilithium_parameter_e parameter) +{ + switch (parameter) { + case dilithium_L3: + return 1952; + case dilithium_L5: + return 2592; + default: + RNP_LOG("invalid parameter given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } -size_t dilithium_signature_size(dilithium_parameter_e parameter) { - switch(parameter) { - case dilithium_L3: - return 3293; - case dilithium_L5: - return 4595; - default: - RNP_LOG("invalid parameter given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +size_t +dilithium_signature_size(dilithium_parameter_e parameter) +{ + switch (parameter) { + case dilithium_L3: + return 3293; + case dilithium_L5: + return 4595; + default: + RNP_LOG("invalid parameter given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } diff --git a/src/lib/crypto/dilithium_common.h b/src/lib/crypto/dilithium_common.h index 8e60ba819..bae7dc537 100644 --- a/src/lib/crypto/dilithium_common.h +++ b/src/lib/crypto/dilithium_common.h @@ -33,7 +33,6 @@ #include "dilithium.h" - size_t dilithium_privkey_size(dilithium_parameter_e parameter); size_t dilithium_pubkey_size(dilithium_parameter_e parameter); size_t dilithium_signature_size(dilithium_parameter_e parameter); diff --git a/src/lib/crypto/dilithium_exdsa_composite.cpp b/src/lib/crypto/dilithium_exdsa_composite.cpp index 1c24cf0ca..f99a7b899 100644 --- a/src/lib/crypto/dilithium_exdsa_composite.cpp +++ b/src/lib/crypto/dilithium_exdsa_composite.cpp @@ -32,275 +32,307 @@ #include "types.h" #include "logging.h" -pgp_dilithium_exdsa_composite_key_t::~pgp_dilithium_exdsa_composite_key_t() {} +pgp_dilithium_exdsa_composite_key_t::~pgp_dilithium_exdsa_composite_key_t() +{ +} void -pgp_dilithium_exdsa_composite_key_t::initialized_or_throw() const { - if(!is_initialized()) { +pgp_dilithium_exdsa_composite_key_t::initialized_or_throw() const +{ + if (!is_initialized()) { RNP_LOG("Trying to use uninitialized dilithium-ecdsa/eddsa key"); throw rnp::rnp_exception(RNP_ERROR_BAD_STATE); } } rnp_result_t -pgp_dilithium_exdsa_composite_key_t::gen_keypair(rnp::RNG *rng, pgp_dilithium_exdsa_key_t *key, pgp_pubkey_alg_t alg) +pgp_dilithium_exdsa_composite_key_t::gen_keypair(rnp::RNG *rng, + pgp_dilithium_exdsa_key_t *key, + pgp_pubkey_alg_t alg) { - rnp_result_t res; - pgp_curve_t curve = pk_alg_to_curve_id(alg); + rnp_result_t res; + pgp_curve_t curve = pk_alg_to_curve_id(alg); dilithium_parameter_e dilithium_id = pk_alg_to_dilithium_id(alg); exdsa_key_t exdsa_key_pair; res = ec_key_t::generate_exdsa_key_pair(rng, &exdsa_key_pair, curve); - if(res != RNP_SUCCESS) { + if (res != RNP_SUCCESS) { RNP_LOG("generating dilithium exdsa composite key failed when generating exdsa key"); return res; } auto dilithium_key_pair = dilithium_generate_keypair(rng, dilithium_id); - key->priv = pgp_dilithium_exdsa_composite_private_key_t(exdsa_key_pair.priv.get_encoded(), dilithium_key_pair.second.get_encoded(), alg); - key->pub = pgp_dilithium_exdsa_composite_public_key_t(exdsa_key_pair.pub.get_encoded(), dilithium_key_pair.first.get_encoded(), alg); + key->priv = pgp_dilithium_exdsa_composite_private_key_t( + exdsa_key_pair.priv.get_encoded(), dilithium_key_pair.second.get_encoded(), alg); + key->pub = pgp_dilithium_exdsa_composite_public_key_t( + exdsa_key_pair.pub.get_encoded(), dilithium_key_pair.first.get_encoded(), alg); return RNP_SUCCESS; } size_t -pgp_dilithium_exdsa_composite_key_t::exdsa_curve_privkey_size(pgp_curve_t curve) { - switch(curve) { - case PGP_CURVE_ED25519: - return 32; - /* TODO */ - // case PGP_CURVE_ED448: - // return 56; - case PGP_CURVE_NIST_P_256: - return 32; - case PGP_CURVE_NIST_P_384: - return 48; - case PGP_CURVE_BP256: - return 32; - case PGP_CURVE_BP384: - return 48; - default: - RNP_LOG("invalid curve given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +pgp_dilithium_exdsa_composite_key_t::exdsa_curve_privkey_size(pgp_curve_t curve) +{ + switch (curve) { + case PGP_CURVE_ED25519: + return 32; + /* TODO */ + // case PGP_CURVE_ED448: + // return 56; + case PGP_CURVE_NIST_P_256: + return 32; + case PGP_CURVE_NIST_P_384: + return 48; + case PGP_CURVE_BP256: + return 32; + case PGP_CURVE_BP384: + return 48; + default: + RNP_LOG("invalid curve given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } size_t -pgp_dilithium_exdsa_composite_key_t::exdsa_curve_pubkey_size(pgp_curve_t curve) { - switch(curve) { - case PGP_CURVE_ED25519: - return 32; - /* TODO */ - // case PGP_CURVE_ED448: - // return 56; - case PGP_CURVE_NIST_P_256: - return 65; - case PGP_CURVE_NIST_P_384: - return 97; - case PGP_CURVE_BP256: - return 65; - case PGP_CURVE_BP384: - return 97; - default: - RNP_LOG("invalid curve given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +pgp_dilithium_exdsa_composite_key_t::exdsa_curve_pubkey_size(pgp_curve_t curve) +{ + switch (curve) { + case PGP_CURVE_ED25519: + return 32; + /* TODO */ + // case PGP_CURVE_ED448: + // return 56; + case PGP_CURVE_NIST_P_256: + return 65; + case PGP_CURVE_NIST_P_384: + return 97; + case PGP_CURVE_BP256: + return 65; + case PGP_CURVE_BP384: + return 97; + default: + RNP_LOG("invalid curve given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } size_t -pgp_dilithium_exdsa_composite_key_t::exdsa_curve_signature_size(pgp_curve_t curve) { - switch(curve) { - case PGP_CURVE_ED25519: - return 64; - /* TODO */ - // case PGP_CURVE_ED448: - // return 114; - case PGP_CURVE_NIST_P_256: - return 64; - case PGP_CURVE_NIST_P_384: - return 96; - case PGP_CURVE_BP256: - return 64; - case PGP_CURVE_BP384: - return 96; - default: - RNP_LOG("invalid curve given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +pgp_dilithium_exdsa_composite_key_t::exdsa_curve_signature_size(pgp_curve_t curve) +{ + switch (curve) { + case PGP_CURVE_ED25519: + return 64; + /* TODO */ + // case PGP_CURVE_ED448: + // return 114; + case PGP_CURVE_NIST_P_256: + return 64; + case PGP_CURVE_NIST_P_384: + return 96; + case PGP_CURVE_BP256: + return 64; + case PGP_CURVE_BP384: + return 96; + default: + RNP_LOG("invalid curve given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } dilithium_parameter_e -pgp_dilithium_exdsa_composite_key_t::pk_alg_to_dilithium_id(pgp_pubkey_alg_t pk_alg) { - switch(pk_alg) - { - case PGP_PKA_DILITHIUM3_ED25519: +pgp_dilithium_exdsa_composite_key_t::pk_alg_to_dilithium_id(pgp_pubkey_alg_t pk_alg) +{ + switch (pk_alg) { + case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: + case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: - return dilithium_L3; - case PGP_PKA_DILITHIUM5_BP384: + case PGP_PKA_DILITHIUM3_BP256: + return dilithium_L3; + case PGP_PKA_DILITHIUM5_BP384: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: + case PGP_PKA_DILITHIUM5_P384: //[[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: + // case PGP_PKA_DILITHIUM5_ED448: return dilithium_L5; - default: + default: RNP_LOG("invalid PK alg given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } pgp_curve_t -pgp_dilithium_exdsa_composite_key_t::pk_alg_to_curve_id(pgp_pubkey_alg_t pk_alg) { - switch(pk_alg) - { - case PGP_PKA_DILITHIUM3_ED25519: +pgp_dilithium_exdsa_composite_key_t::pk_alg_to_curve_id(pgp_pubkey_alg_t pk_alg) +{ + switch (pk_alg) { + case PGP_PKA_DILITHIUM3_ED25519: return PGP_CURVE_ED25519; - case PGP_PKA_DILITHIUM3_P256: + case PGP_PKA_DILITHIUM3_P256: return PGP_CURVE_NIST_P_256; - case PGP_PKA_DILITHIUM3_BP256: - return PGP_CURVE_BP256; - case PGP_PKA_DILITHIUM5_BP384: + case PGP_PKA_DILITHIUM3_BP256: + return PGP_CURVE_BP256; + case PGP_PKA_DILITHIUM5_BP384: return PGP_CURVE_BP384; - case PGP_PKA_DILITHIUM5_P384: + case PGP_PKA_DILITHIUM5_P384: return PGP_CURVE_NIST_P_384; - /*case PGP_PKA_DILITHIUM5_ED448: - throw rnp::rnp_exception(RNP_ERROR_NOT_IMPLEMENTED);*/ - default: + /*case PGP_PKA_DILITHIUM5_ED448: + throw rnp::rnp_exception(RNP_ERROR_NOT_IMPLEMENTED);*/ + default: RNP_LOG("invalid PK alg given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } -pgp_dilithium_exdsa_composite_public_key_t::pgp_dilithium_exdsa_composite_public_key_t(const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg): - pk_alg_(pk_alg) +pgp_dilithium_exdsa_composite_public_key_t::pgp_dilithium_exdsa_composite_public_key_t( + const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg) { parse_component_keys(std::vector(key_encoded, key_encoded + key_encoded_len)); } -pgp_dilithium_exdsa_composite_public_key_t::pgp_dilithium_exdsa_composite_public_key_t(std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg): - pk_alg_(pk_alg) +pgp_dilithium_exdsa_composite_public_key_t::pgp_dilithium_exdsa_composite_public_key_t( + std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg) { parse_component_keys(key_encoded); } -pgp_dilithium_exdsa_composite_public_key_t::pgp_dilithium_exdsa_composite_public_key_t(std::vector const &exdsa_key_encoded, std::vector const &dilithium_key_encoded, pgp_pubkey_alg_t pk_alg) - : pk_alg_(pk_alg), - dilithium_key_(dilithium_key_encoded, pk_alg_to_dilithium_id(pk_alg)), +pgp_dilithium_exdsa_composite_public_key_t::pgp_dilithium_exdsa_composite_public_key_t( + std::vector const &exdsa_key_encoded, + std::vector const &dilithium_key_encoded, + pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg), dilithium_key_(dilithium_key_encoded, pk_alg_to_dilithium_id(pk_alg)), exdsa_key_(exdsa_key_encoded, pk_alg_to_curve_id(pk_alg)) { - if(exdsa_curve_pubkey_size(pk_alg_to_curve_id(pk_alg)) != exdsa_key_encoded.size() - || dilithium_pubkey_size(pk_alg_to_dilithium_id(pk_alg)) != dilithium_key_encoded.size()) - { + if (exdsa_curve_pubkey_size(pk_alg_to_curve_id(pk_alg)) != exdsa_key_encoded.size() || + dilithium_pubkey_size(pk_alg_to_dilithium_id(pk_alg)) != + dilithium_key_encoded.size()) { RNP_LOG("exdsa or dilithium key length mismatch"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } is_initialized_ = true; } -pgp_dilithium_exdsa_composite_private_key_t::pgp_dilithium_exdsa_composite_private_key_t(const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg): - pk_alg_(pk_alg) +pgp_dilithium_exdsa_composite_private_key_t::pgp_dilithium_exdsa_composite_private_key_t( + const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg) { parse_component_keys(std::vector(key_encoded, key_encoded + key_encoded_len)); } -pgp_dilithium_exdsa_composite_private_key_t::pgp_dilithium_exdsa_composite_private_key_t(std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg): - pk_alg_(pk_alg) +pgp_dilithium_exdsa_composite_private_key_t::pgp_dilithium_exdsa_composite_private_key_t( + std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg) { parse_component_keys(key_encoded); } -/* copy assignment operator is used on key materials struct and thus needs to be defined for this class as well */ -pgp_dilithium_exdsa_composite_private_key_t& pgp_dilithium_exdsa_composite_private_key_t::operator=(const pgp_dilithium_exdsa_composite_private_key_t& other) +/* copy assignment operator is used on key materials struct and thus needs to be defined for + * this class as well */ +pgp_dilithium_exdsa_composite_private_key_t & +pgp_dilithium_exdsa_composite_private_key_t::operator=( + const pgp_dilithium_exdsa_composite_private_key_t &other) { pgp_dilithium_exdsa_composite_key_t::operator=(other); pk_alg_ = other.pk_alg_; - if(other.is_initialized() && other.dilithium_key_) - { - dilithium_key_ = std::make_unique(pgp_dilithium_private_key_t(other.dilithium_key_->get_encoded(), other.dilithium_key_->param())); + if (other.is_initialized() && other.dilithium_key_) { + dilithium_key_ = + std::make_unique(pgp_dilithium_private_key_t( + other.dilithium_key_->get_encoded(), other.dilithium_key_->param())); } - if(other.is_initialized() && other.exdsa_key_) - { - exdsa_key_ = std::make_unique(exdsa_private_key_t(other.exdsa_key_->get_encoded(), other.exdsa_key_->get_curve())); + if (other.is_initialized() && other.exdsa_key_) { + exdsa_key_ = std::make_unique( + exdsa_private_key_t(other.exdsa_key_->get_encoded(), other.exdsa_key_->get_curve())); } return *this; } -pgp_dilithium_exdsa_composite_private_key_t::pgp_dilithium_exdsa_composite_private_key_t(std::vector const &exdsa_key_encoded, std::vector const &dilithium_key_encoded, pgp_pubkey_alg_t pk_alg) +pgp_dilithium_exdsa_composite_private_key_t::pgp_dilithium_exdsa_composite_private_key_t( + std::vector const &exdsa_key_encoded, + std::vector const &dilithium_key_encoded, + pgp_pubkey_alg_t pk_alg) : pk_alg_(pk_alg) { - if(exdsa_curve_privkey_size(pk_alg_to_curve_id(pk_alg)) != exdsa_key_encoded.size() - || dilithium_privkey_size(pk_alg_to_dilithium_id(pk_alg)) != dilithium_key_encoded.size()) - { + if (exdsa_curve_privkey_size(pk_alg_to_curve_id(pk_alg)) != exdsa_key_encoded.size() || + dilithium_privkey_size(pk_alg_to_dilithium_id(pk_alg)) != + dilithium_key_encoded.size()) { RNP_LOG("exdsa or dilithium key length mismatch"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } - dilithium_key_ = std::make_unique(pgp_dilithium_private_key_t(dilithium_key_encoded, pk_alg_to_dilithium_id(pk_alg))); - exdsa_key_ = std::make_unique(exdsa_private_key_t(exdsa_key_encoded, pk_alg_to_curve_id(pk_alg))); + dilithium_key_ = std::make_unique( + pgp_dilithium_private_key_t(dilithium_key_encoded, pk_alg_to_dilithium_id(pk_alg))); + exdsa_key_ = std::make_unique( + exdsa_private_key_t(exdsa_key_encoded, pk_alg_to_curve_id(pk_alg))); is_initialized_ = true; } size_t pgp_dilithium_exdsa_composite_private_key_t::encoded_size(pgp_pubkey_alg_t pk_alg) { - dilithium_parameter_e dilithium_param = pk_alg_to_dilithium_id(pk_alg); - pgp_curve_t curve = pk_alg_to_curve_id(pk_alg); - return exdsa_curve_privkey_size(curve) + dilithium_privkey_size(dilithium_param); + dilithium_parameter_e dilithium_param = pk_alg_to_dilithium_id(pk_alg); + pgp_curve_t curve = pk_alg_to_curve_id(pk_alg); + return exdsa_curve_privkey_size(curve) + dilithium_privkey_size(dilithium_param); } -void -pgp_dilithium_exdsa_composite_private_key_t::parse_component_keys(std::vector key_encoded) +void +pgp_dilithium_exdsa_composite_private_key_t::parse_component_keys( + std::vector key_encoded) { if (key_encoded.size() != encoded_size(pk_alg_)) { RNP_LOG("Dilithium composite key format invalid: length mismatch"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } dilithium_parameter_e dilithium_param = pk_alg_to_dilithium_id(pk_alg_); - pgp_curve_t curve = pk_alg_to_curve_id(pk_alg_); - size_t split_at = exdsa_curve_privkey_size(pk_alg_to_curve_id(pk_alg_)); + pgp_curve_t curve = pk_alg_to_curve_id(pk_alg_); + size_t split_at = exdsa_curve_privkey_size(pk_alg_to_curve_id(pk_alg_)); - dilithium_key_ = std::make_unique(pgp_dilithium_private_key_t(key_encoded.data() + split_at, key_encoded.size() - split_at, dilithium_param)); - exdsa_key_ = std::make_unique(exdsa_private_key_t(key_encoded.data(), split_at, curve)); + dilithium_key_ = std::make_unique(pgp_dilithium_private_key_t( + key_encoded.data() + split_at, key_encoded.size() - split_at, dilithium_param)); + exdsa_key_ = std::make_unique( + exdsa_private_key_t(key_encoded.data(), split_at, curve)); is_initialized_ = true; } std::vector -pgp_dilithium_exdsa_composite_private_key_t::get_encoded() const { +pgp_dilithium_exdsa_composite_private_key_t::get_encoded() const +{ initialized_or_throw(); std::vector result; std::vector exdsa_key_encoded = exdsa_key_->get_encoded(); std::vector dilithium_key_encoded = dilithium_key_->get_encoded(); result.insert(result.end(), std::begin(exdsa_key_encoded), std::end(exdsa_key_encoded)); - result.insert(result.end(), std::begin(dilithium_key_encoded), std::end(dilithium_key_encoded)); + result.insert( + result.end(), std::begin(dilithium_key_encoded), std::end(dilithium_key_encoded)); return result; }; - rnp_result_t -pgp_dilithium_exdsa_composite_private_key_t::sign(rnp::RNG *rng, pgp_dilithium_exdsa_signature_t *sig, pgp_hash_alg_t hash_alg, const uint8_t *msg, size_t msg_len) const +pgp_dilithium_exdsa_composite_private_key_t::sign(rnp::RNG *rng, + pgp_dilithium_exdsa_signature_t *sig, + pgp_hash_alg_t hash_alg, + const uint8_t *msg, + size_t msg_len) const { - initialized_or_throw(); + initialized_or_throw(); std::vector dilithium_sig; std::vector exdsa_sig; - rnp_result_t ret; - + rnp_result_t ret; + try { dilithium_sig = dilithium_key_->sign(rng, msg, msg_len); - } - catch (const std::exception &e) { + } catch (const std::exception &e) { RNP_LOG("%s", e.what()); return RNP_ERROR_SIGNING_FAILED; } ret = exdsa_key_->sign(rng, exdsa_sig, msg, msg_len, hash_alg); - if(ret != RNP_SUCCESS) { + if (ret != RNP_SUCCESS) { RNP_LOG("exdsa sign failed"); return RNP_ERROR_SIGNING_FAILED; } @@ -312,8 +344,10 @@ pgp_dilithium_exdsa_composite_private_key_t::sign(rnp::RNG *rng, pgp_dilithium_e } void -pgp_dilithium_exdsa_composite_private_key_t::secure_clear() { - // private key buffer is stored in a secure_vector and will be securely erased by the destructor. +pgp_dilithium_exdsa_composite_private_key_t::secure_clear() +{ + // private key buffer is stored in a secure_vector and will be securely erased by the + // destructor. dilithium_key_.reset(); exdsa_key_.reset(); is_initialized_ = false; @@ -322,64 +356,68 @@ pgp_dilithium_exdsa_composite_private_key_t::secure_clear() { size_t pgp_dilithium_exdsa_composite_public_key_t::encoded_size(pgp_pubkey_alg_t pk_alg) { - dilithium_parameter_e dilithium_param = pk_alg_to_dilithium_id(pk_alg); - pgp_curve_t curve = pk_alg_to_curve_id(pk_alg); - return exdsa_curve_pubkey_size(curve) + dilithium_pubkey_size(dilithium_param); + dilithium_parameter_e dilithium_param = pk_alg_to_dilithium_id(pk_alg); + pgp_curve_t curve = pk_alg_to_curve_id(pk_alg); + return exdsa_curve_pubkey_size(curve) + dilithium_pubkey_size(dilithium_param); } -void -pgp_dilithium_exdsa_composite_public_key_t::parse_component_keys(std::vector key_encoded) +void +pgp_dilithium_exdsa_composite_public_key_t::parse_component_keys( + std::vector key_encoded) { if (key_encoded.size() != encoded_size(pk_alg_)) { RNP_LOG("Dilithium composite key format invalid: length mismatch"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } dilithium_parameter_e dilithium_param = pk_alg_to_dilithium_id(pk_alg_); - pgp_curve_t curve = pk_alg_to_curve_id(pk_alg_); - size_t split_at = exdsa_curve_pubkey_size(pk_alg_to_curve_id(pk_alg_)); + pgp_curve_t curve = pk_alg_to_curve_id(pk_alg_); + size_t split_at = exdsa_curve_pubkey_size(pk_alg_to_curve_id(pk_alg_)); - dilithium_key_ = pgp_dilithium_public_key_t(key_encoded.data() + split_at, key_encoded.size() - split_at, dilithium_param); + dilithium_key_ = pgp_dilithium_public_key_t( + key_encoded.data() + split_at, key_encoded.size() - split_at, dilithium_param); exdsa_key_ = exdsa_public_key_t(key_encoded.data(), split_at, curve); is_initialized_ = true; } std::vector -pgp_dilithium_exdsa_composite_public_key_t::get_encoded() const { +pgp_dilithium_exdsa_composite_public_key_t::get_encoded() const +{ initialized_or_throw(); std::vector result; std::vector exdsa_key_encoded = exdsa_key_.get_encoded(); std::vector dilithium_key_encoded = dilithium_key_.get_encoded(); result.insert(result.end(), std::begin(exdsa_key_encoded), std::end(exdsa_key_encoded)); - result.insert(result.end(), std::begin(dilithium_key_encoded), std::end(dilithium_key_encoded)); + result.insert( + result.end(), std::begin(dilithium_key_encoded), std::end(dilithium_key_encoded)); return result; }; rnp_result_t -pgp_dilithium_exdsa_composite_public_key_t::verify(const pgp_dilithium_exdsa_signature_t *sig, pgp_hash_alg_t hash_alg, const uint8_t *hash, size_t hash_len) const +pgp_dilithium_exdsa_composite_public_key_t::verify(const pgp_dilithium_exdsa_signature_t *sig, + pgp_hash_alg_t hash_alg, + const uint8_t *hash, + size_t hash_len) const { - initialized_or_throw(); + initialized_or_throw(); std::vector dilithium_sig; std::vector exdsa_sig; - if(sig->sig.size() != sig->composite_signature_size(pk_alg_)) { + if (sig->sig.size() != sig->composite_signature_size(pk_alg_)) { RNP_LOG("invalid signature size for dilithium exdsa composite algorithm %d", pk_alg_); return RNP_ERROR_VERIFICATION_FAILED; } - + size_t split_at = exdsa_curve_signature_size(pk_alg_to_curve_id(pk_alg_)); - exdsa_sig = std::vector( - sig->sig.data(), - sig->sig.data() + split_at - ); - dilithium_sig = std::vector( - sig->sig.data() + split_at, - sig->sig.data() + sig->sig.size()); - - if(exdsa_key_.verify(exdsa_sig, hash, hash_len, hash_alg) != RNP_SUCCESS - || !dilithium_key_.verify_signature(hash, hash_len, dilithium_sig.data(), dilithium_sig.size())) { + exdsa_sig = std::vector(sig->sig.data(), sig->sig.data() + split_at); + dilithium_sig = + std::vector(sig->sig.data() + split_at, sig->sig.data() + sig->sig.size()); + + if (exdsa_key_.verify(exdsa_sig, hash, hash_len, hash_alg) != RNP_SUCCESS || + !dilithium_key_.verify_signature( + hash, hash_len, dilithium_sig.data(), dilithium_sig.size())) { RNP_LOG("could not verify composite signature"); return RNP_ERROR_VERIFICATION_FAILED; } @@ -388,30 +426,33 @@ pgp_dilithium_exdsa_composite_public_key_t::verify(const pgp_dilithium_exdsa_sig } bool -pgp_dilithium_exdsa_composite_public_key_t::is_valid(rnp::RNG *rng) const { - if(!is_initialized()) { +pgp_dilithium_exdsa_composite_public_key_t::is_valid(rnp::RNG *rng) const +{ + if (!is_initialized()) { return false; } - return(exdsa_key_.is_valid(rng) && dilithium_key_.is_valid(rng)); + return (exdsa_key_.is_valid(rng) && dilithium_key_.is_valid(rng)); } bool -pgp_dilithium_exdsa_composite_private_key_t::is_valid(rnp::RNG *rng) const { - if(!is_initialized()) { +pgp_dilithium_exdsa_composite_private_key_t::is_valid(rnp::RNG *rng) const +{ + if (!is_initialized()) { return false; } - return(exdsa_key_->is_valid(rng) && dilithium_key_->is_valid(rng)); + return (exdsa_key_->is_valid(rng) && dilithium_key_->is_valid(rng)); } -rnp_result_t dilithium_exdsa_validate_key(rnp::RNG *rng, const pgp_dilithium_exdsa_key_t *key, bool secret) +rnp_result_t +dilithium_exdsa_validate_key(rnp::RNG *rng, const pgp_dilithium_exdsa_key_t *key, bool secret) { bool valid; valid = key->pub.is_valid(rng); - if(secret) { + if (secret) { valid = valid && key->priv.is_valid(rng); } - if(!valid) { + if (!valid) { return RNP_ERROR_GENERIC; } diff --git a/src/lib/crypto/dilithium_exdsa_composite.h b/src/lib/crypto/dilithium_exdsa_composite.h index bf772eb99..6f16ea1a3 100644 --- a/src/lib/crypto/dilithium_exdsa_composite.h +++ b/src/lib/crypto/dilithium_exdsa_composite.h @@ -41,56 +41,74 @@ #include "crypto/exdsa_ecdhkem.h" #include - struct pgp_dilithium_exdsa_key_t; /* forward declaration */ class pgp_dilithium_exdsa_composite_key_t { + public: + virtual ~pgp_dilithium_exdsa_composite_key_t() = 0; -public: - virtual ~pgp_dilithium_exdsa_composite_key_t() = 0; + static rnp_result_t gen_keypair(rnp::RNG *rng, + pgp_dilithium_exdsa_key_t *key, + pgp_pubkey_alg_t alg); - static rnp_result_t gen_keypair(rnp::RNG *rng, pgp_dilithium_exdsa_key_t *key, pgp_pubkey_alg_t alg); + static size_t exdsa_curve_privkey_size(pgp_curve_t curve); + static size_t exdsa_curve_pubkey_size(pgp_curve_t curve); + static size_t exdsa_curve_signature_size(pgp_curve_t curve); + static pgp_curve_t pk_alg_to_curve_id(pgp_pubkey_alg_t pk_alg); + static dilithium_parameter_e pk_alg_to_dilithium_id(pgp_pubkey_alg_t pk_alg); - static size_t exdsa_curve_privkey_size(pgp_curve_t curve); - static size_t exdsa_curve_pubkey_size(pgp_curve_t curve); - static size_t exdsa_curve_signature_size(pgp_curve_t curve); - static pgp_curve_t pk_alg_to_curve_id(pgp_pubkey_alg_t pk_alg); - static dilithium_parameter_e pk_alg_to_dilithium_id(pgp_pubkey_alg_t pk_alg); + bool + is_initialized() const + { + return is_initialized_; + } - bool is_initialized() const { - return is_initialized_; - } - -protected: - bool is_initialized_ = false; - void initialized_or_throw() const; + protected: + bool is_initialized_ = false; + void initialized_or_throw() const; }; typedef struct pgp_dilithium_exdsa_signature_t { std::vector sig; - static size_t composite_signature_size(pgp_pubkey_alg_t pk_alg) { - return dilithium_signature_size(pgp_dilithium_exdsa_composite_key_t::pk_alg_to_dilithium_id(pk_alg)) - + pgp_dilithium_exdsa_composite_key_t::exdsa_curve_signature_size(pgp_dilithium_exdsa_composite_key_t::pk_alg_to_curve_id(pk_alg)); + static size_t + composite_signature_size(pgp_pubkey_alg_t pk_alg) + { + return dilithium_signature_size( + pgp_dilithium_exdsa_composite_key_t::pk_alg_to_dilithium_id(pk_alg)) + + pgp_dilithium_exdsa_composite_key_t::exdsa_curve_signature_size( + pgp_dilithium_exdsa_composite_key_t::pk_alg_to_curve_id(pk_alg)); } } pgp_dilithium_exdsa_signature_t; -class pgp_dilithium_exdsa_composite_private_key_t : public pgp_dilithium_exdsa_composite_key_t { +class pgp_dilithium_exdsa_composite_private_key_t + : public pgp_dilithium_exdsa_composite_key_t { public: - pgp_dilithium_exdsa_composite_private_key_t(const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg); - pgp_dilithium_exdsa_composite_private_key_t(std::vector const &exdsa_key_encoded, std::vector const &dilithium_key_encoded, pgp_pubkey_alg_t pk_alg); - pgp_dilithium_exdsa_composite_private_key_t(std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg); - pgp_dilithium_exdsa_composite_private_key_t& operator=(const pgp_dilithium_exdsa_composite_private_key_t &other); + pgp_dilithium_exdsa_composite_private_key_t(const uint8_t *key_encoded, + size_t key_encoded_len, + pgp_pubkey_alg_t pk_alg); + pgp_dilithium_exdsa_composite_private_key_t( + std::vector const &exdsa_key_encoded, + std::vector const &dilithium_key_encoded, + pgp_pubkey_alg_t pk_alg); + pgp_dilithium_exdsa_composite_private_key_t(std::vector const &key_encoded, + pgp_pubkey_alg_t pk_alg); + pgp_dilithium_exdsa_composite_private_key_t &operator=( + const pgp_dilithium_exdsa_composite_private_key_t &other); pgp_dilithium_exdsa_composite_private_key_t() = default; - - rnp_result_t sign(rnp::RNG *rng, pgp_dilithium_exdsa_signature_t *sig, pgp_hash_alg_t hash_alg, const uint8_t *msg, size_t msg_len) const; + rnp_result_t sign(rnp::RNG *rng, + pgp_dilithium_exdsa_signature_t *sig, + pgp_hash_alg_t hash_alg, + const uint8_t *msg, + size_t msg_len) const; std::vector get_encoded() const; - pgp_pubkey_alg_t pk_alg() const + pgp_pubkey_alg_t + pk_alg() const { - return pk_alg_; + return pk_alg_; } bool is_valid(rnp::RNG *rng) const; @@ -110,29 +128,40 @@ class pgp_dilithium_exdsa_composite_private_key_t : public pgp_dilithium_exdsa_c std::unique_ptr exdsa_key_; }; - class pgp_dilithium_exdsa_composite_public_key_t : public pgp_dilithium_exdsa_composite_key_t { public: - pgp_dilithium_exdsa_composite_public_key_t(const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg); - pgp_dilithium_exdsa_composite_public_key_t(std::vector const &exdsa_key_encoded, std::vector const &dilithium_key_encoded, pgp_pubkey_alg_t pk_alg); - pgp_dilithium_exdsa_composite_public_key_t(std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg); + pgp_dilithium_exdsa_composite_public_key_t(const uint8_t *key_encoded, + size_t key_encoded_len, + pgp_pubkey_alg_t pk_alg); + pgp_dilithium_exdsa_composite_public_key_t( + std::vector const &exdsa_key_encoded, + std::vector const &dilithium_key_encoded, + pgp_pubkey_alg_t pk_alg); + pgp_dilithium_exdsa_composite_public_key_t(std::vector const &key_encoded, + pgp_pubkey_alg_t pk_alg); pgp_dilithium_exdsa_composite_public_key_t() = default; - bool operator==(const pgp_dilithium_exdsa_composite_public_key_t &rhs) const + bool + operator==(const pgp_dilithium_exdsa_composite_public_key_t &rhs) const { - return (pk_alg_ == rhs.pk_alg_) && (dilithium_key_ == rhs.dilithium_key_) && (exdsa_key_ == rhs.exdsa_key_); + return (pk_alg_ == rhs.pk_alg_) && (dilithium_key_ == rhs.dilithium_key_) && + (exdsa_key_ == rhs.exdsa_key_); } - rnp_result_t verify(const pgp_dilithium_exdsa_signature_t *sig, pgp_hash_alg_t hash_alg, const uint8_t *hash, size_t hash_len) const; + rnp_result_t verify(const pgp_dilithium_exdsa_signature_t *sig, + pgp_hash_alg_t hash_alg, + const uint8_t *hash, + size_t hash_len) const; std::vector get_encoded() const; - pgp_pubkey_alg_t pk_alg() const + pgp_pubkey_alg_t + pk_alg() const { - return pk_alg_; + return pk_alg_; } - bool is_valid(rnp::RNG *rng) const; + bool is_valid(rnp::RNG *rng) const; static size_t encoded_size(pgp_pubkey_alg_t pk_alg); private: @@ -149,9 +178,11 @@ class pgp_dilithium_exdsa_composite_public_key_t : public pgp_dilithium_exdsa_co typedef struct pgp_dilithium_exdsa_key_t { pgp_dilithium_exdsa_composite_private_key_t priv; - pgp_dilithium_exdsa_composite_public_key_t pub; + pgp_dilithium_exdsa_composite_public_key_t pub; } pgp_dilithium_exdsa_key_t; -rnp_result_t dilithium_exdsa_validate_key(rnp::RNG *rng, const pgp_dilithium_exdsa_key_t *key, bool secret); +rnp_result_t dilithium_exdsa_validate_key(rnp::RNG *rng, + const pgp_dilithium_exdsa_key_t *key, + bool secret); #endif diff --git a/src/lib/crypto/dl_ossl.cpp b/src/lib/crypto/dl_ossl.cpp index 2e97296ca..3eccd64cd 100644 --- a/src/lib/crypto/dl_ossl.cpp +++ b/src/lib/crypto/dl_ossl.cpp @@ -150,7 +150,7 @@ dl_validate_secret_key(EVP_PKEY *dlkey, const pgp_mpi_t &mx) rnp_result_t ret = RNP_ERROR_GENERIC; - BN_CTX * ctx = BN_CTX_new(); + BN_CTX *ctx = BN_CTX_new(); bignum_t *x = mpi2bn(&mx); bignum_t *cy = bn_new(); diff --git a/src/lib/crypto/dsa.cpp b/src/lib/crypto/dsa.cpp index 8763f0040..c8e3476b0 100644 --- a/src/lib/crypto/dsa.cpp +++ b/src/lib/crypto/dsa.cpp @@ -88,11 +88,11 @@ rnp_result_t dsa_validate_key(rnp::RNG *rng, const pgp_dsa_key_t *key, bool secret) { - bignum_t * p = NULL; - bignum_t * q = NULL; - bignum_t * g = NULL; - bignum_t * y = NULL; - bignum_t * x = NULL; + bignum_t *p = NULL; + bignum_t *q = NULL; + bignum_t *g = NULL; + bignum_t *y = NULL; + bignum_t *x = NULL; botan_pubkey_t bpkey = NULL; botan_privkey_t bskey = NULL; rnp_result_t ret = RNP_ERROR_GENERIC; @@ -152,9 +152,9 @@ dsa_validate_key(rnp::RNG *rng, const pgp_dsa_key_t *key, bool secret) } rnp_result_t -dsa_sign(rnp::RNG * rng, +dsa_sign(rnp::RNG *rng, pgp_dsa_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_dsa_key_t *key) { @@ -162,7 +162,7 @@ dsa_sign(rnp::RNG * rng, botan_pk_op_sign_t sign_op = NULL; size_t q_order = 0; uint8_t sign_buf[2 * BITS_TO_BYTES(DSA_MAX_Q_BITLEN)] = {0}; - bignum_t * p = NULL, *q = NULL, *g = NULL, *x = NULL; + bignum_t *p = NULL, *q = NULL, *g = NULL, *x = NULL; rnp_result_t ret = RNP_ERROR_SIGNING_FAILED; size_t sigbuf_size = sizeof(sign_buf); @@ -227,16 +227,16 @@ dsa_sign(rnp::RNG * rng, rnp_result_t dsa_verify(const pgp_dsa_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_dsa_key_t * key) + const pgp_dsa_key_t *key) { botan_pubkey_t dsa_key = NULL; botan_pk_op_verify_t verify_op = NULL; uint8_t sign_buf[2 * BITS_TO_BYTES(DSA_MAX_Q_BITLEN)] = {0}; size_t q_order = 0; size_t r_blen, s_blen; - bignum_t * p = NULL, *q = NULL, *g = NULL, *y = NULL; + bignum_t *p = NULL, *q = NULL, *g = NULL, *y = NULL; rnp_result_t ret = RNP_ERROR_GENERIC; size_t z_len = 0; @@ -307,11 +307,11 @@ dsa_generate(rnp::RNG *rng, pgp_dsa_key_t *key, size_t keylen, size_t qbits) botan_privkey_t key_priv = NULL; botan_pubkey_t key_pub = NULL; rnp_result_t ret = RNP_ERROR_GENERIC; - bignum_t * p = bn_new(); - bignum_t * q = bn_new(); - bignum_t * g = bn_new(); - bignum_t * y = bn_new(); - bignum_t * x = bn_new(); + bignum_t *p = bn_new(); + bignum_t *q = bn_new(); + bignum_t *g = bn_new(); + bignum_t *y = bn_new(); + bignum_t *x = bn_new(); if (!p || !q || !g || !y || !x) { ret = RNP_ERROR_OUT_OF_MEMORY; diff --git a/src/lib/crypto/dsa.h b/src/lib/crypto/dsa.h index 52a186ac2..3cc99599e 100644 --- a/src/lib/crypto/dsa.h +++ b/src/lib/crypto/dsa.h @@ -74,9 +74,9 @@ rnp_result_t dsa_validate_key(rnp::RNG *rng, const pgp_dsa_key_t *key, bool secr * RNP_ERROR_BAD_PARAMETERS wrong input provided * RNP_ERROR_SIGNING_FAILED internal error */ -rnp_result_t dsa_sign(rnp::RNG * rng, +rnp_result_t dsa_sign(rnp::RNG *rng, pgp_dsa_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_dsa_key_t *key); @@ -94,9 +94,9 @@ rnp_result_t dsa_sign(rnp::RNG * rng, * RNP_ERROR_SIGNATURE_INVALID signature is invalid */ rnp_result_t dsa_verify(const pgp_dsa_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_dsa_key_t * key); + const pgp_dsa_key_t *key); /* * @brief Performs DSA key generation diff --git a/src/lib/crypto/dsa_ossl.cpp b/src/lib/crypto/dsa_ossl.cpp index cf1a662cf..b0b8bf093 100644 --- a/src/lib/crypto/dsa_ossl.cpp +++ b/src/lib/crypto/dsa_ossl.cpp @@ -63,8 +63,8 @@ dsa_encode_sig(uint8_t *data, size_t *len, const pgp_dsa_signature_t &sig) { bool res = false; DSA_SIG *dsig = DSA_SIG_new(); - BIGNUM * r = mpi2bn(&sig.r); - BIGNUM * s = mpi2bn(&sig.s); + BIGNUM *r = mpi2bn(&sig.r); + BIGNUM *s = mpi2bn(&sig.s); if (!dsig || !r || !s) { RNP_LOG("Allocation failed."); goto done; @@ -191,9 +191,9 @@ dsa_validate_key(rnp::RNG *rng, const pgp_dsa_key_t *key, bool secret) } rnp_result_t -dsa_sign(rnp::RNG * rng, +dsa_sign(rnp::RNG *rng, pgp_dsa_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_dsa_key_t *key) { @@ -239,9 +239,9 @@ dsa_sign(rnp::RNG * rng, rnp_result_t dsa_verify(const pgp_dsa_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_dsa_key_t * key) + const pgp_dsa_key_t *key) { /* Load secret key to DSA structure*/ EVP_PKEY *evpkey = dsa_load_key(key, false); @@ -321,8 +321,8 @@ dsa_generate(rnp::RNG *rng, pgp_dsa_key_t *key, size_t keylen, size_t qbits) } rnp_result_t ret = RNP_ERROR_GENERIC; - EVP_PKEY * pkey = NULL; - EVP_PKEY * parmkey = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY *parmkey = NULL; EVP_PKEY_CTX *ctx = NULL; /* Generate DSA params */ diff --git a/src/lib/crypto/ec.cpp b/src/lib/crypto/ec.cpp index 25db0f3f0..23a4e7a75 100644 --- a/src/lib/crypto/ec.cpp +++ b/src/lib/crypto/ec.cpp @@ -91,8 +91,8 @@ x25519_generate(rnp::RNG *rng, pgp_ec_key_t *key) } rnp_result_t -ec_generate(rnp::RNG * rng, - pgp_ec_key_t * key, +ec_generate(rnp::RNG *rng, + pgp_ec_key_t *key, const pgp_pubkey_alg_t alg_id, const pgp_curve_t curve) { @@ -104,9 +104,9 @@ ec_generate(rnp::RNG * rng, */ botan_privkey_t pr_key = NULL; botan_pubkey_t pu_key = NULL; - bignum_t * px = NULL; - bignum_t * py = NULL; - bignum_t * x = NULL; + bignum_t *px = NULL; + bignum_t *py = NULL; + bignum_t *x = NULL; rnp_result_t ret = RNP_ERROR_KEY_GENERATION; size_t filed_byte_size = 0; @@ -194,42 +194,52 @@ ec_generate(rnp::RNG * rng, } #if defined(ENABLE_CRYPTO_REFRESH) -static bool is_generic_prime_curve(pgp_curve_t curve) { - switch(curve) { - case PGP_CURVE_NIST_P_256: [[fallthrough]]; - case PGP_CURVE_NIST_P_384: [[fallthrough]]; - case PGP_CURVE_NIST_P_521: [[fallthrough]]; - case PGP_CURVE_BP256: [[fallthrough]]; - case PGP_CURVE_BP384: [[fallthrough]]; - case PGP_CURVE_BP512: [[fallthrough]]; - case PGP_CURVE_P256K1: - return true; - default: - return false; +static bool +is_generic_prime_curve(pgp_curve_t curve) +{ + switch (curve) { + case PGP_CURVE_NIST_P_256: + [[fallthrough]]; + case PGP_CURVE_NIST_P_384: + [[fallthrough]]; + case PGP_CURVE_NIST_P_521: + [[fallthrough]]; + case PGP_CURVE_BP256: + [[fallthrough]]; + case PGP_CURVE_BP384: + [[fallthrough]]; + case PGP_CURVE_BP512: + [[fallthrough]]; + case PGP_CURVE_P256K1: + return true; + default: + return false; } } -static rnp_result_t ec_generate_generic_native(rnp::RNG * rng, - std::vector &privkey, - std::vector &pubkey, - pgp_curve_t curve, - pgp_pubkey_alg_t alg) +static rnp_result_t +ec_generate_generic_native(rnp::RNG *rng, + std::vector &privkey, + std::vector &pubkey, + pgp_curve_t curve, + pgp_pubkey_alg_t alg) { - if(!is_generic_prime_curve(curve)) { + if (!is_generic_prime_curve(curve)) { RNP_LOG("expected generic prime curve"); return RNP_ERROR_BAD_PARAMETERS; } const ec_curve_desc_t *ec_desc = get_curve_desc(curve); - const size_t curve_order = BITS_TO_BYTES(ec_desc->bitlen); + const size_t curve_order = BITS_TO_BYTES(ec_desc->bitlen); Botan::ECDH_PrivateKey privkey_botan(*(rng->obj()), Botan::EC_Group(ec_desc->botan_name)); - Botan::BigInt pub_x = privkey_botan.public_point().get_affine_x(); - Botan::BigInt pub_y = privkey_botan.public_point().get_affine_y(); - Botan::BigInt x = privkey_botan.private_value(); + Botan::BigInt pub_x = privkey_botan.public_point().get_affine_x(); + Botan::BigInt pub_y = privkey_botan.public_point().get_affine_y(); + Botan::BigInt x = privkey_botan.private_value(); // pubkey: 0x04 || X || Y - pubkey = Botan::unlock(Botan::BigInt::encode_fixed_length_int_pair(pub_x, pub_y, curve_order)); // zero-pads to the given size + pubkey = Botan::unlock(Botan::BigInt::encode_fixed_length_int_pair( + pub_x, pub_y, curve_order)); // zero-pads to the given size pubkey.insert(pubkey.begin(), 0x04); privkey = std::vector(curve_order); @@ -241,28 +251,26 @@ static rnp_result_t ec_generate_generic_native(rnp::RNG * rng, return RNP_SUCCESS; } -rnp_result_t ec_generate_native(rnp::RNG * rng, - std::vector &privkey, - std::vector &pubkey, - pgp_curve_t curve, - pgp_pubkey_alg_t alg) +rnp_result_t +ec_generate_native(rnp::RNG *rng, + std::vector &privkey, + std::vector &pubkey, + pgp_curve_t curve, + pgp_pubkey_alg_t alg) { - if(curve == PGP_CURVE_25519) { + if (curve == PGP_CURVE_25519) { return generate_x25519_native(rng, privkey, pubkey); - } - else if(curve == PGP_CURVE_ED25519) { + } else if (curve == PGP_CURVE_ED25519) { return generate_ed25519_native(rng, privkey, pubkey); - } - else if(is_generic_prime_curve(curve)) { - if(alg != PGP_PKA_ECDH && alg != PGP_PKA_ECDSA) { + } else if (is_generic_prime_curve(curve)) { + if (alg != PGP_PKA_ECDH && alg != PGP_PKA_ECDSA) { RNP_LOG("alg and curve mismatch"); return RNP_ERROR_BAD_PARAMETERS; } return ec_generate_generic_native(rng, privkey, pubkey, curve, alg); - } - else { + } else { RNP_LOG("invalid curve"); - return RNP_ERROR_BAD_PARAMETERS; + return RNP_ERROR_BAD_PARAMETERS; } } #endif \ No newline at end of file diff --git a/src/lib/crypto/ec.h b/src/lib/crypto/ec.h index cef5c3039..1d02b54ce 100644 --- a/src/lib/crypto/ec.h +++ b/src/lib/crypto/ec.h @@ -159,8 +159,8 @@ bool curve_supported(pgp_curve_t curve); * @returns RNP_ERROR_OUT_OF_MEMORY memory allocation failed * @returns RNP_ERROR_KEY_GENERATION implementation error */ -rnp_result_t ec_generate(rnp::RNG * rng, - pgp_ec_key_t * key, +rnp_result_t ec_generate(rnp::RNG *rng, + pgp_ec_key_t *key, const pgp_pubkey_alg_t alg_id, const pgp_curve_t curve); @@ -203,9 +203,9 @@ bool x25519_bits_tweaked(const pgp_ec_key_t &key); * * @returns RNP_ERROR_BAD_PARAMETERS if the curve or alg parameter is invalid. */ -rnp_result_t ec_generate_native(rnp::RNG * rng, - std::vector &privkey, +rnp_result_t ec_generate_native(rnp::RNG *rng, + std::vector &privkey, std::vector &pubkey, - pgp_curve_t curve, - pgp_pubkey_alg_t alg); + pgp_curve_t curve, + pgp_pubkey_alg_t alg); #endif diff --git a/src/lib/crypto/ec_ossl.cpp b/src/lib/crypto/ec_ossl.cpp index b38377d74..afb0f261f 100644 --- a/src/lib/crypto/ec_ossl.cpp +++ b/src/lib/crypto/ec_ossl.cpp @@ -120,7 +120,7 @@ ec_write_seckey(EVP_PKEY *pkey, pgp_mpi_t &key) bn2mpi(x.get(), &key); #else const bignum_t *x = NULL; - const EC_KEY * ec = EVP_PKEY_get0_EC_KEY(pkey); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); if (!ec) { RNP_LOG("Failed to retrieve EC key: %lu", ERR_peek_last_error()); return false; @@ -134,8 +134,8 @@ ec_write_seckey(EVP_PKEY *pkey, pgp_mpi_t &key) } rnp_result_t -ec_generate(rnp::RNG * rng, - pgp_ec_key_t * key, +ec_generate(rnp::RNG *rng, + pgp_ec_key_t *key, const pgp_pubkey_alg_t alg_id, const pgp_curve_t curve) { @@ -231,8 +231,8 @@ ec_build_params(const pgp_mpi_t &p, bignum_t *x, const char *curve) } static EVP_PKEY * -ec_load_key_openssl3(const pgp_mpi_t & keyp, - const pgp_mpi_t * keyx, +ec_load_key_openssl3(const pgp_mpi_t &keyp, + const pgp_mpi_t *keyx, const ec_curve_desc_t *curv_desc) { rnp::bn x(keyx ? mpi2bn(keyx) : NULL); diff --git a/src/lib/crypto/ecdh.cpp b/src/lib/crypto/ecdh.cpp index df9f7df7a..4afa870c9 100644 --- a/src/lib/crypto/ecdh.cpp +++ b/src/lib/crypto/ecdh.cpp @@ -38,12 +38,12 @@ // Produces kek of size kek_len which corresponds to length of wrapping key static bool -compute_kek(uint8_t * kek, +compute_kek(uint8_t *kek, size_t kek_len, - const uint8_t * other_info, + const uint8_t *other_info, size_t other_info_size, const ec_curve_desc_t *curve_desc, - const pgp_mpi_t * ec_pubkey, + const pgp_mpi_t *ec_pubkey, const botan_privkey_t ec_prvkey, const pgp_hash_alg_t hash_alg) { @@ -186,11 +186,11 @@ ecdh_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret) } rnp_result_t -ecdh_encrypt_pkcs5(rnp::RNG * rng, - pgp_ecdh_encrypted_t * out, +ecdh_encrypt_pkcs5(rnp::RNG *rng, + pgp_ecdh_encrypted_t *out, const uint8_t *const in, size_t in_len, - const pgp_ec_key_t * key, + const pgp_ec_key_t *key, const pgp_fingerprint_t &fingerprint) { botan_privkey_t eph_prv_key = NULL; @@ -296,11 +296,11 @@ ecdh_encrypt_pkcs5(rnp::RNG * rng, } rnp_result_t -ecdh_decrypt_pkcs5(uint8_t * out, - size_t * out_len, +ecdh_decrypt_pkcs5(uint8_t *out, + size_t *out_len, const pgp_ecdh_encrypted_t *in, - const pgp_ec_key_t * key, - const pgp_fingerprint_t & fingerprint) + const pgp_ec_key_t *key, + const pgp_fingerprint_t &fingerprint) { if (!out_len || !in || !key || !mpi_bytes(&key->x)) { return RNP_ERROR_BAD_PARAMETERS; @@ -391,37 +391,44 @@ ecdh_decrypt_pkcs5(uint8_t * out, } #if defined(ENABLE_CRYPTO_REFRESH) -rnp_result_t ecdh_kem_gen_keypair_native(rnp::RNG * rng, - std::vector &privkey, - std::vector &pubkey, - pgp_curve_t curve) +rnp_result_t +ecdh_kem_gen_keypair_native(rnp::RNG *rng, + std::vector &privkey, + std::vector &pubkey, + pgp_curve_t curve) { return ec_generate_native(rng, privkey, pubkey, curve, PGP_PKA_ECDH); } -rnp_result_t exdsa_gen_keypair_native(rnp::RNG * rng, - std::vector &privkey, - std::vector &pubkey, - pgp_curve_t curve) +rnp_result_t +exdsa_gen_keypair_native(rnp::RNG *rng, + std::vector &privkey, + std::vector &pubkey, + pgp_curve_t curve) { pgp_pubkey_alg_t alg; - switch(curve) - { - case PGP_CURVE_ED25519: - alg = PGP_PKA_EDDSA; - break; - case PGP_CURVE_NIST_P_256: [[fallthrough]]; - case PGP_CURVE_NIST_P_384: [[fallthrough]]; - case PGP_CURVE_NIST_P_521: [[fallthrough]]; - case PGP_CURVE_BP256: [[fallthrough]]; - case PGP_CURVE_BP384: [[fallthrough]]; - case PGP_CURVE_BP512: [[fallthrough]]; - case PGP_CURVE_P256K1: - alg = PGP_PKA_ECDSA; - break; - default: - RNP_LOG("invalid curve for ECDSA/EDDSA"); - return RNP_ERROR_BAD_PARAMETERS; + switch (curve) { + case PGP_CURVE_ED25519: + alg = PGP_PKA_EDDSA; + break; + case PGP_CURVE_NIST_P_256: + [[fallthrough]]; + case PGP_CURVE_NIST_P_384: + [[fallthrough]]; + case PGP_CURVE_NIST_P_521: + [[fallthrough]]; + case PGP_CURVE_BP256: + [[fallthrough]]; + case PGP_CURVE_BP384: + [[fallthrough]]; + case PGP_CURVE_BP512: + [[fallthrough]]; + case PGP_CURVE_P256K1: + alg = PGP_PKA_ECDSA; + break; + default: + RNP_LOG("invalid curve for ECDSA/EDDSA"); + return RNP_ERROR_BAD_PARAMETERS; } return ec_generate_native(rng, privkey, pubkey, curve, alg); } diff --git a/src/lib/crypto/ecdh.h b/src/lib/crypto/ecdh.h index a0d61c601..747e66f54 100644 --- a/src/lib/crypto/ecdh.h +++ b/src/lib/crypto/ecdh.h @@ -82,11 +82,11 @@ bool ecdh_set_params(pgp_ec_key_t *key, pgp_curve_t curve_id); * @return RNP_ERROR_SHORT_BUFFER `wrapped_key_len' to small to store result * @return RNP_ERROR_GENERIC implementation error */ -rnp_result_t ecdh_encrypt_pkcs5(rnp::RNG * rng, - pgp_ecdh_encrypted_t * out, +rnp_result_t ecdh_encrypt_pkcs5(rnp::RNG *rng, + pgp_ecdh_encrypted_t *out, const uint8_t *const in, size_t in_len, - const pgp_ec_key_t * key, + const pgp_ec_key_t *key, const pgp_fingerprint_t &fingerprint); /* @@ -109,12 +109,11 @@ rnp_result_t ecdh_encrypt_pkcs5(rnp::RNG * rng, * @return RNP_ERROR_SHORT_BUFFER `session_key_len' to small to store result * @return RNP_ERROR_GENERIC decryption failed or implementation error */ -rnp_result_t ecdh_decrypt_pkcs5(uint8_t * out, - size_t * out_len, +rnp_result_t ecdh_decrypt_pkcs5(uint8_t *out, + size_t *out_len, const pgp_ecdh_encrypted_t *in, - const pgp_ec_key_t * key, - const pgp_fingerprint_t & fingerprint); - + const pgp_ec_key_t *key, + const pgp_fingerprint_t &fingerprint); #if defined(ENABLE_CRYPTO_REFRESH) /* Generate an ECDH key pair in "native" format, i.e., @@ -129,10 +128,10 @@ rnp_result_t ecdh_decrypt_pkcs5(uint8_t * out, * @return RNP_SUCCESS on success and output parameters are populated * @return RNP_ERROR_BAD_PARAMETERS unexpected input provided */ -rnp_result_t ecdh_kem_gen_keypair_native(rnp::RNG * rng, +rnp_result_t ecdh_kem_gen_keypair_native(rnp::RNG *rng, std::vector &privkey, std::vector &pubkey, - pgp_curve_t curve); + pgp_curve_t curve); /* Generate an ECDSA or EdDSA key pair in "native" format, i.e., * no changes to the format specified in the respective standard @@ -146,10 +145,10 @@ rnp_result_t ecdh_kem_gen_keypair_native(rnp::RNG * rng, * @return RNP_SUCCESS on success and output parameters are populated * @return RNP_ERROR_BAD_PARAMETERS unexpected input provided */ -rnp_result_t exdsa_gen_keypair_native(rnp::RNG * rng, +rnp_result_t exdsa_gen_keypair_native(rnp::RNG *rng, std::vector &privkey, std::vector &pubkey, - pgp_curve_t curve); + pgp_curve_t curve); #endif diff --git a/src/lib/crypto/ecdh_ossl.cpp b/src/lib/crypto/ecdh_ossl.cpp index 401879852..1dace2f34 100644 --- a/src/lib/crypto/ecdh_ossl.cpp +++ b/src/lib/crypto/ecdh_ossl.cpp @@ -40,7 +40,7 @@ static const struct ecdh_wrap_alg_map_t { pgp_symm_alg_t alg; - const char * name; + const char *name; } ecdh_wrap_alg_map[] = {{PGP_SA_AES_128, "aes128-wrap"}, {PGP_SA_AES_192, "aes192-wrap"}, {PGP_SA_AES_256, "aes256-wrap"}}; @@ -52,11 +52,11 @@ ecdh_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret) } static rnp_result_t -ecdh_derive_kek(uint8_t * x, +ecdh_derive_kek(uint8_t *x, size_t xlen, - const pgp_ec_key_t & key, + const pgp_ec_key_t &key, const pgp_fingerprint_t &fingerprint, - uint8_t * kek, + uint8_t *kek, const size_t kek_len) { const ec_curve_desc_t *curve_desc = get_curve_desc(key.curve); @@ -108,7 +108,7 @@ ecdh_derive_kek(uint8_t * x, static rnp_result_t ecdh_rfc3394_wrap_ctx(EVP_CIPHER_CTX **ctx, pgp_symm_alg_t wrap_alg, - const uint8_t * key, + const uint8_t *key, bool decrypt) { /* get OpenSSL EVP cipher for key wrap */ @@ -141,11 +141,11 @@ ecdh_rfc3394_wrap_ctx(EVP_CIPHER_CTX **ctx, } static rnp_result_t -ecdh_rfc3394_wrap(uint8_t * out, - size_t * out_len, +ecdh_rfc3394_wrap(uint8_t *out, + size_t *out_len, const uint8_t *const in, size_t in_len, - const uint8_t * key, + const uint8_t *key, pgp_symm_alg_t wrap_alg) { EVP_CIPHER_CTX *ctx = NULL; @@ -167,11 +167,11 @@ ecdh_rfc3394_wrap(uint8_t * out, } static rnp_result_t -ecdh_rfc3394_unwrap(uint8_t * out, - size_t * out_len, +ecdh_rfc3394_unwrap(uint8_t *out, + size_t *out_len, const uint8_t *const in, size_t in_len, - const uint8_t * key, + const uint8_t *key, pgp_symm_alg_t wrap_alg) { if ((in_len < 16) || (in_len % 8)) { @@ -237,11 +237,11 @@ ecdh_kek_len(pgp_symm_alg_t wrap_alg) } rnp_result_t -ecdh_encrypt_pkcs5(rnp::RNG * rng, - pgp_ecdh_encrypted_t * out, +ecdh_encrypt_pkcs5(rnp::RNG *rng, + pgp_ecdh_encrypted_t *out, const uint8_t *const in, size_t in_len, - const pgp_ec_key_t * key, + const pgp_ec_key_t *key, const pgp_fingerprint_t &fingerprint) { if (!key || !out || !in || (in_len > MAX_SESSION_KEY_SIZE)) { @@ -319,11 +319,11 @@ ecdh_encrypt_pkcs5(rnp::RNG * rng, } rnp_result_t -ecdh_decrypt_pkcs5(uint8_t * out, - size_t * out_len, +ecdh_decrypt_pkcs5(uint8_t *out, + size_t *out_len, const pgp_ecdh_encrypted_t *in, - const pgp_ec_key_t * key, - const pgp_fingerprint_t & fingerprint) + const pgp_ec_key_t *key, + const pgp_fingerprint_t &fingerprint) { if (!out || !out_len || !in || !key || !mpi_bytes(&key->x)) { return RNP_ERROR_BAD_PARAMETERS; @@ -349,7 +349,7 @@ ecdh_decrypt_pkcs5(uint8_t * out, size_t seclen = sec.size(); size_t mpadlen = mpad.size(); rnp_result_t ret = RNP_ERROR_GENERIC; - EVP_PKEY * pkey = ec_load_key(key->p, &key->x, key->curve); + EVP_PKEY *pkey = ec_load_key(key->p, &key->x, key->curve); if (!pkey) { RNP_LOG("Failed to load secret key."); ret = RNP_ERROR_BAD_PARAMETERS; diff --git a/src/lib/crypto/ecdh_utils.cpp b/src/lib/crypto/ecdh_utils.cpp index 3ceb153f2..b51de500b 100644 --- a/src/lib/crypto/ecdh_utils.cpp +++ b/src/lib/crypto/ecdh_utils.cpp @@ -57,7 +57,7 @@ static const unsigned char ANONYMOUS_SENDER[] = {0x41, 0x6E, 0x6F, 0x6E, 0x79, 0 // returns size of data written to other_info size_t kdf_other_info_serialize(uint8_t other_info[MAX_SP800_56A_OTHER_INFO], - const ec_curve_desc_t * ec_curve, + const ec_curve_desc_t *ec_curve, const pgp_fingerprint_t &fingerprint, const pgp_hash_alg_t kdf_hash, const pgp_symm_alg_t wrap_alg) diff --git a/src/lib/crypto/ecdh_utils.h b/src/lib/crypto/ecdh_utils.h index 2d37a713b..52fac0d99 100644 --- a/src/lib/crypto/ecdh_utils.h +++ b/src/lib/crypto/ecdh_utils.h @@ -35,7 +35,7 @@ #define MAX_AES_KEY_SIZE 32 size_t kdf_other_info_serialize(uint8_t other_info[MAX_SP800_56A_OTHER_INFO], - const ec_curve_desc_t * ec_curve, + const ec_curve_desc_t *ec_curve, const pgp_fingerprint_t &fingerprint, const pgp_hash_alg_t kdf_hash, const pgp_symm_alg_t wrap_alg); diff --git a/src/lib/crypto/ecdsa.cpp b/src/lib/crypto/ecdsa.cpp index 2a226e6ce..e9a60cb0a 100644 --- a/src/lib/crypto/ecdsa.cpp +++ b/src/lib/crypto/ecdsa.cpp @@ -69,7 +69,7 @@ static bool ecdsa_load_secret_key(botan_privkey_t *seckey, const pgp_ec_key_t *keydata) { const ec_curve_desc_t *curve; - bignum_t * x = NULL; + bignum_t *x = NULL; bool res = false; if (!(curve = get_curve_desc(keydata->curve))) { @@ -144,10 +144,10 @@ ecdsa_padding_str_for(pgp_hash_alg_t hash_alg) } rnp_result_t -ecdsa_sign(rnp::RNG * rng, +ecdsa_sign(rnp::RNG *rng, pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_ec_key_t *key) { @@ -156,7 +156,7 @@ ecdsa_sign(rnp::RNG * rng, rnp_result_t ret = RNP_ERROR_GENERIC; uint8_t out_buf[2 * MAX_CURVE_BYTELEN] = {0}; const ec_curve_desc_t *curve = get_curve_desc(key->curve); - const char * padding_str = ecdsa_padding_str_for(hash_alg); + const char *padding_str = ecdsa_padding_str_for(hash_alg); if (!curve) { return RNP_ERROR_BAD_PARAMETERS; @@ -196,16 +196,16 @@ ecdsa_sign(rnp::RNG * rng, rnp_result_t ecdsa_verify(const pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { botan_pubkey_t pub = NULL; botan_pk_op_verify_t verifier = NULL; rnp_result_t ret = RNP_ERROR_SIGNATURE_INVALID; uint8_t sign_buf[2 * MAX_CURVE_BYTELEN] = {0}; size_t r_blen, s_blen; - const char * padding_str = ecdsa_padding_str_for(hash_alg); + const char *padding_str = ecdsa_padding_str_for(hash_alg); const ec_curve_desc_t *curve = get_curve_desc(key->curve); if (!curve) { diff --git a/src/lib/crypto/ecdsa.h b/src/lib/crypto/ecdsa.h index 83f97c12b..c01ad2001 100644 --- a/src/lib/crypto/ecdsa.h +++ b/src/lib/crypto/ecdsa.h @@ -31,20 +31,20 @@ rnp_result_t ecdsa_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret); -rnp_result_t ecdsa_sign(rnp::RNG * rng, +rnp_result_t ecdsa_sign(rnp::RNG *rng, pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_ec_key_t *key); rnp_result_t ecdsa_verify(const pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_ec_key_t * key); + const pgp_ec_key_t *key); -const char * ecdsa_padding_str_for(pgp_hash_alg_t hash_alg); +const char *ecdsa_padding_str_for(pgp_hash_alg_t hash_alg); /* * @brief Returns hash which should be used with the curve diff --git a/src/lib/crypto/ecdsa_ossl.cpp b/src/lib/crypto/ecdsa_ossl.cpp index 534811ad3..1952f4717 100644 --- a/src/lib/crypto/ecdsa_ossl.cpp +++ b/src/lib/crypto/ecdsa_ossl.cpp @@ -54,8 +54,8 @@ ecdsa_encode_sig(uint8_t *data, size_t *len, const pgp_ec_signature_t &sig) { bool res = false; ECDSA_SIG *dsig = ECDSA_SIG_new(); - BIGNUM * r = mpi2bn(&sig.r); - BIGNUM * s = mpi2bn(&sig.s); + BIGNUM *r = mpi2bn(&sig.r); + BIGNUM *s = mpi2bn(&sig.s); if (!dsig || !r || !s) { RNP_LOG("Allocation failed."); goto done; @@ -85,10 +85,10 @@ ecdsa_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret) } rnp_result_t -ecdsa_sign(rnp::RNG * rng, +ecdsa_sign(rnp::RNG *rng, pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_ec_key_t *key) { @@ -135,9 +135,9 @@ ecdsa_sign(rnp::RNG * rng, rnp_result_t ecdsa_verify(const pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { /* Load secret key to DSA structure*/ EVP_PKEY *evpkey = ec_load_key(key->p, NULL, key->curve); diff --git a/src/lib/crypto/ed25519.cpp b/src/lib/crypto/ed25519.cpp index bb52fa776..c92899101 100644 --- a/src/lib/crypto/ed25519.cpp +++ b/src/lib/crypto/ed25519.cpp @@ -36,15 +36,14 @@ #include #include - - -rnp_result_t generate_ed25519_native(rnp::RNG * rng, - std::vector &privkey, - std::vector &pubkey) +rnp_result_t +generate_ed25519_native(rnp::RNG *rng, + std::vector &privkey, + std::vector &pubkey) { Botan::Ed25519_PrivateKey private_key(*(rng->obj())); - const size_t key_len = 32; - auto priv_pub = Botan::unlock(private_key.raw_private_key_bits()); + const size_t key_len = 32; + auto priv_pub = Botan::unlock(private_key.raw_private_key_bits()); assert(priv_pub.size() == 2 * key_len); privkey = std::vector(priv_pub.begin(), priv_pub.begin() + key_len); pubkey = std::vector(priv_pub.begin() + key_len, priv_pub.end()); @@ -52,20 +51,29 @@ rnp_result_t generate_ed25519_native(rnp::RNG * rng, return RNP_SUCCESS; } -rnp_result_t ed25519_sign_native(rnp::RNG *rng, std::vector &sig_out, const std::vector &key, const uint8_t *hash, size_t hash_len) +rnp_result_t +ed25519_sign_native(rnp::RNG *rng, + std::vector &sig_out, + const std::vector &key, + const uint8_t *hash, + size_t hash_len) { Botan::Ed25519_PrivateKey priv_key(Botan::secure_vector(key.begin(), key.end())); - auto signer = Botan::PK_Signer(priv_key, *(rng->obj()), "Pure"); + auto signer = Botan::PK_Signer(priv_key, *(rng->obj()), "Pure"); sig_out = signer.sign_message(hash, hash_len, *(rng->obj())); - + return RNP_SUCCESS; } -rnp_result_t ed25519_verify_native(const std::vector &sig, const std::vector &key, const uint8_t *hash, size_t hash_len) +rnp_result_t +ed25519_verify_native(const std::vector &sig, + const std::vector &key, + const uint8_t *hash, + size_t hash_len) { Botan::Ed25519_PublicKey pub_key(key); - auto verifier = Botan::PK_Verifier(pub_key, "Pure"); - if(verifier.verify_message(hash, hash_len, sig.data(), sig.size())) { + auto verifier = Botan::PK_Verifier(pub_key, "Pure"); + if (verifier.verify_message(hash, hash_len, sig.data(), sig.size())) { return RNP_SUCCESS; } return RNP_ERROR_VERIFICATION_FAILED; @@ -75,13 +83,14 @@ rnp_result_t ed25519_validate_key_native(rnp::RNG *rng, const pgp_ed25519_key_t *key, bool secret) { Botan::Ed25519_PublicKey pub_key(key->pub); - if(!pub_key.check_key(*(rng->obj()), false)) { + if (!pub_key.check_key(*(rng->obj()), false)) { return RNP_ERROR_BAD_PARAMETERS; } - if(secret) { - Botan::Ed25519_PrivateKey priv_key(Botan::secure_vector(key->priv.begin(), key->priv.end())); - if(!priv_key.check_key(*(rng->obj()), false)) { + if (secret) { + Botan::Ed25519_PrivateKey priv_key( + Botan::secure_vector(key->priv.begin(), key->priv.end())); + if (!priv_key.check_key(*(rng->obj()), false)) { return RNP_ERROR_SIGNING_FAILED; } } diff --git a/src/lib/crypto/ed25519.h b/src/lib/crypto/ed25519.h index a7f5e1688..e89dc86ee 100644 --- a/src/lib/crypto/ed25519.h +++ b/src/lib/crypto/ed25519.h @@ -40,14 +40,23 @@ /* implements ED25519 with native format (V6 and PQC) */ -rnp_result_t generate_ed25519_native(rnp::RNG * rng, - std::vector &privkey, +rnp_result_t generate_ed25519_native(rnp::RNG *rng, + std::vector &privkey, std::vector &pubkey); -rnp_result_t ed25519_sign_native(rnp::RNG *rng, std::vector &sig_out, const std::vector &key, const uint8_t *hash, size_t hash_len); +rnp_result_t ed25519_sign_native(rnp::RNG *rng, + std::vector &sig_out, + const std::vector &key, + const uint8_t *hash, + size_t hash_len); -rnp_result_t ed25519_verify_native(const std::vector &sig, const std::vector &key, const uint8_t *hash, size_t hash_len); +rnp_result_t ed25519_verify_native(const std::vector &sig, + const std::vector &key, + const uint8_t *hash, + size_t hash_len); -rnp_result_t ed25519_validate_key_native(rnp::RNG *rng, const pgp_ed25519_key_t *key, bool secret); +rnp_result_t ed25519_validate_key_native(rnp::RNG *rng, + const pgp_ed25519_key_t *key, + bool secret); #endif \ No newline at end of file diff --git a/src/lib/crypto/eddsa.cpp b/src/lib/crypto/eddsa.cpp index 866918086..5a4329211 100644 --- a/src/lib/crypto/eddsa.cpp +++ b/src/lib/crypto/eddsa.cpp @@ -129,9 +129,9 @@ eddsa_generate(rnp::RNG *rng, pgp_ec_key_t *key) rnp_result_t eddsa_verify(const pgp_ec_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { botan_pubkey_t eddsa = NULL; botan_pk_op_verify_t verify_op = NULL; @@ -168,9 +168,9 @@ eddsa_verify(const pgp_ec_signature_t *sig, } rnp_result_t -eddsa_sign(rnp::RNG * rng, +eddsa_sign(rnp::RNG *rng, pgp_ec_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_ec_key_t *key) { diff --git a/src/lib/crypto/eddsa.h b/src/lib/crypto/eddsa.h index 7410a2806..e2994cf53 100644 --- a/src/lib/crypto/eddsa.h +++ b/src/lib/crypto/eddsa.h @@ -41,13 +41,13 @@ rnp_result_t eddsa_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool sec rnp_result_t eddsa_generate(rnp::RNG *rng, pgp_ec_key_t *key); rnp_result_t eddsa_verify(const pgp_ec_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_ec_key_t * key); + const pgp_ec_key_t *key); -rnp_result_t eddsa_sign(rnp::RNG * rng, +rnp_result_t eddsa_sign(rnp::RNG *rng, pgp_ec_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_ec_key_t *key); diff --git a/src/lib/crypto/eddsa_ossl.cpp b/src/lib/crypto/eddsa_ossl.cpp index 16d8fad70..0efe41b15 100644 --- a/src/lib/crypto/eddsa_ossl.cpp +++ b/src/lib/crypto/eddsa_ossl.cpp @@ -61,9 +61,9 @@ eddsa_generate(rnp::RNG *rng, pgp_ec_key_t *key) rnp_result_t eddsa_verify(const pgp_ec_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { if ((mpi_bytes(&sig->r) > 32) || (mpi_bytes(&sig->s) > 32)) { RNP_LOG("Invalid EdDSA signature."); @@ -84,7 +84,7 @@ eddsa_verify(const pgp_ec_signature_t *sig, uint8_t sigbuf[64] = {0}; /* init context and sign */ EVP_PKEY_CTX *ctx = NULL; - EVP_MD_CTX * md = EVP_MD_CTX_new(); + EVP_MD_CTX *md = EVP_MD_CTX_new(); if (!md) { RNP_LOG("Failed to allocate MD ctx: %lu", ERR_peek_last_error()); goto done; @@ -107,9 +107,9 @@ eddsa_verify(const pgp_ec_signature_t *sig, } rnp_result_t -eddsa_sign(rnp::RNG * rng, +eddsa_sign(rnp::RNG *rng, pgp_ec_signature_t *sig, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_ec_key_t *key) { @@ -126,7 +126,7 @@ eddsa_sign(rnp::RNG * rng, rnp_result_t ret = RNP_ERROR_GENERIC; /* init context and sign */ EVP_PKEY_CTX *ctx = NULL; - EVP_MD_CTX * md = EVP_MD_CTX_new(); + EVP_MD_CTX *md = EVP_MD_CTX_new(); if (!md) { RNP_LOG("Failed to allocate MD ctx: %lu", ERR_peek_last_error()); goto done; diff --git a/src/lib/crypto/elgamal.cpp b/src/lib/crypto/elgamal.cpp index acebf4d68..ae0468429 100644 --- a/src/lib/crypto/elgamal.cpp +++ b/src/lib/crypto/elgamal.cpp @@ -138,9 +138,9 @@ elgamal_validate_key(const pgp_eg_key_t *key, bool secret) } rnp_result_t -elgamal_encrypt_pkcs1(rnp::RNG * rng, +elgamal_encrypt_pkcs1(rnp::RNG *rng, pgp_eg_encrypted_t *out, - const uint8_t * in, + const uint8_t *in, size_t in_len, const pgp_eg_key_t *key) { @@ -192,11 +192,11 @@ elgamal_encrypt_pkcs1(rnp::RNG * rng, } rnp_result_t -elgamal_decrypt_pkcs1(rnp::RNG * rng, - uint8_t * out, - size_t * out_len, +elgamal_decrypt_pkcs1(rnp::RNG *rng, + uint8_t *out, + size_t *out_len, const pgp_eg_encrypted_t *in, - const pgp_eg_key_t * key) + const pgp_eg_key_t *key) { botan_privkey_t b_key = NULL; botan_pk_op_decrypt_t op_ctx = NULL; @@ -254,10 +254,10 @@ elgamal_generate(rnp::RNG *rng, pgp_eg_key_t *key, size_t keybits) botan_privkey_t key_priv = NULL; rnp_result_t ret = RNP_ERROR_GENERIC; - bignum_t * p = bn_new(); - bignum_t * g = bn_new(); - bignum_t * y = bn_new(); - bignum_t * x = bn_new(); + bignum_t *p = bn_new(); + bignum_t *g = bn_new(); + bignum_t *y = bn_new(); + bignum_t *x = bn_new(); if (!p || !g || !y || !x) { ret = RNP_ERROR_OUT_OF_MEMORY; diff --git a/src/lib/crypto/elgamal.h b/src/lib/crypto/elgamal.h index 42d05550f..d720f87db 100644 --- a/src/lib/crypto/elgamal.h +++ b/src/lib/crypto/elgamal.h @@ -70,9 +70,9 @@ bool elgamal_validate_key(const pgp_eg_key_t *key, bool secret); * RNP_ERROR_OUT_OF_MEMORY allocation failure * RNP_ERROR_BAD_PARAMETERS wrong input provided */ -rnp_result_t elgamal_encrypt_pkcs1(rnp::RNG * rng, +rnp_result_t elgamal_encrypt_pkcs1(rnp::RNG *rng, pgp_eg_encrypted_t *out, - const uint8_t * in, + const uint8_t *in, size_t in_len, const pgp_eg_key_t *key); @@ -93,11 +93,11 @@ rnp_result_t elgamal_encrypt_pkcs1(rnp::RNG * rng, * RNP_ERROR_OUT_OF_MEMORY allocation failure * RNP_ERROR_BAD_PARAMETERS wrong input provided */ -rnp_result_t elgamal_decrypt_pkcs1(rnp::RNG * rng, - uint8_t * out, - size_t * out_len, +rnp_result_t elgamal_decrypt_pkcs1(rnp::RNG *rng, + uint8_t *out, + size_t *out_len, const pgp_eg_encrypted_t *in, - const pgp_eg_key_t * key); + const pgp_eg_key_t *key); /* * Generates ElGamal key diff --git a/src/lib/crypto/elgamal_ossl.cpp b/src/lib/crypto/elgamal_ossl.cpp index cf4f82ef4..a2da33fc9 100644 --- a/src/lib/crypto/elgamal_ossl.cpp +++ b/src/lib/crypto/elgamal_ossl.cpp @@ -56,12 +56,12 @@ elgamal_validate_key(const pgp_eg_key_t *key, bool secret) } BN_CTX_start(ctx); bool res = false; - bignum_t * p = mpi2bn(&key->p); - bignum_t * g = mpi2bn(&key->g); - bignum_t * p1 = BN_CTX_get(ctx); - bignum_t * r = BN_CTX_get(ctx); - bignum_t * y = NULL; - bignum_t * x = NULL; + bignum_t *p = mpi2bn(&key->p); + bignum_t *g = mpi2bn(&key->g); + bignum_t *p1 = BN_CTX_get(ctx); + bignum_t *r = BN_CTX_get(ctx); + bignum_t *y = NULL; + bignum_t *x = NULL; BN_RECP_CTX *rctx = NULL; if (!p || !g || !p1 || !r) { @@ -150,7 +150,7 @@ pkcs1v15_pad(uint8_t *out, size_t out_len, const uint8_t *in, size_t in_len) static bool pkcs1v15_unpad(size_t *padlen, const uint8_t *in, size_t in_len, bool skip0) { - if (in_len <= (size_t)(11 - skip0)) { + if (in_len <= (size_t) (11 - skip0)) { return false; } if (!skip0 && in[0]) { @@ -171,9 +171,9 @@ pkcs1v15_unpad(size_t *padlen, const uint8_t *in, size_t in_len, bool skip0) } rnp_result_t -elgamal_encrypt_pkcs1(rnp::RNG * rng, +elgamal_encrypt_pkcs1(rnp::RNG *rng, pgp_eg_encrypted_t *out, - const uint8_t * in, + const uint8_t *in, size_t in_len, const pgp_eg_key_t *key) { @@ -184,20 +184,20 @@ elgamal_encrypt_pkcs1(rnp::RNG * rng, return RNP_ERROR_BAD_PARAMETERS; } rnp_result_t ret = RNP_ERROR_GENERIC; - BN_CTX * ctx = BN_CTX_new(); + BN_CTX *ctx = BN_CTX_new(); if (!ctx) { RNP_LOG("Allocation failed."); return RNP_ERROR_OUT_OF_MEMORY; } BN_CTX_start(ctx); BN_MONT_CTX *mctx = BN_MONT_CTX_new(); - bignum_t * m = mpi2bn(&mm); - bignum_t * p = mpi2bn(&key->p); - bignum_t * g = mpi2bn(&key->g); - bignum_t * y = mpi2bn(&key->y); - bignum_t * c1 = BN_CTX_get(ctx); - bignum_t * c2 = BN_CTX_get(ctx); - bignum_t * k = BN_secure_new(); + bignum_t *m = mpi2bn(&mm); + bignum_t *p = mpi2bn(&key->p); + bignum_t *g = mpi2bn(&key->g); + bignum_t *y = mpi2bn(&key->y); + bignum_t *c1 = BN_CTX_get(ctx); + bignum_t *c2 = BN_CTX_get(ctx); + bignum_t *k = BN_secure_new(); if (!mctx || !m || !p || !g || !y || !c1 || !c2 || !k) { RNP_LOG("Allocation failed."); ret = RNP_ERROR_OUT_OF_MEMORY; @@ -250,11 +250,11 @@ elgamal_encrypt_pkcs1(rnp::RNG * rng, } rnp_result_t -elgamal_decrypt_pkcs1(rnp::RNG * rng, - uint8_t * out, - size_t * out_len, +elgamal_decrypt_pkcs1(rnp::RNG *rng, + uint8_t *out, + size_t *out_len, const pgp_eg_encrypted_t *in, - const pgp_eg_key_t * key) + const pgp_eg_key_t *key) { if (!mpi_bytes(&key->x)) { RNP_LOG("Secret key not set."); @@ -270,13 +270,13 @@ elgamal_decrypt_pkcs1(rnp::RNG * rng, rnp_result_t ret = RNP_ERROR_GENERIC; BN_CTX_start(ctx); BN_MONT_CTX *mctx = BN_MONT_CTX_new(); - bignum_t * p = mpi2bn(&key->p); - bignum_t * g = mpi2bn(&key->g); - bignum_t * x = mpi2bn(&key->x); - bignum_t * c1 = mpi2bn(&in->g); - bignum_t * c2 = mpi2bn(&in->m); - bignum_t * s = BN_CTX_get(ctx); - bignum_t * m = BN_secure_new(); + bignum_t *p = mpi2bn(&key->p); + bignum_t *g = mpi2bn(&key->g); + bignum_t *x = mpi2bn(&key->x); + bignum_t *c1 = mpi2bn(&in->g); + bignum_t *c2 = mpi2bn(&in->m); + bignum_t *s = BN_CTX_get(ctx); + bignum_t *m = BN_secure_new(); if (!mctx || !p || !g || !x || !c1 || !c2 || !m) { RNP_LOG("Allocation failed."); ret = RNP_ERROR_OUT_OF_MEMORY; @@ -342,8 +342,8 @@ elgamal_generate(rnp::RNG *rng, pgp_eg_key_t *key, size_t keybits) #if !defined(CRYPTO_BACKEND_OPENSSL3) const DH *dh = NULL; #endif - EVP_PKEY * pkey = NULL; - EVP_PKEY * parmkey = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY *parmkey = NULL; EVP_PKEY_CTX *ctx = NULL; /* Generate DH params, which usable for ElGamal as well */ diff --git a/src/lib/crypto/exdsa_ecdhkem.cpp b/src/lib/crypto/exdsa_ecdhkem.cpp index b1912bcb8..1a3702a07 100644 --- a/src/lib/crypto/exdsa_ecdhkem.cpp +++ b/src/lib/crypto/exdsa_ecdhkem.cpp @@ -38,36 +38,43 @@ #include "utils.h" #include -ec_key_t::~ec_key_t() {} +ec_key_t::~ec_key_t() +{ +} -ec_key_t::ec_key_t(pgp_curve_t curve) - : curve_(curve) -{} +ec_key_t::ec_key_t(pgp_curve_t curve) : curve_(curve) +{ +} -ecdh_kem_public_key_t::ecdh_kem_public_key_t(uint8_t *key_buf, size_t key_buf_len, pgp_curve_t curve) - : ec_key_t(curve), - key_(std::vector(key_buf, key_buf + key_buf_len)) -{} +ecdh_kem_public_key_t::ecdh_kem_public_key_t(uint8_t *key_buf, + size_t key_buf_len, + pgp_curve_t curve) + : ec_key_t(curve), key_(std::vector(key_buf, key_buf + key_buf_len)) +{ +} ecdh_kem_public_key_t::ecdh_kem_public_key_t(std::vector key, pgp_curve_t curve) - : ec_key_t(curve), - key_(key) -{} + : ec_key_t(curve), key_(key) +{ +} -ecdh_kem_private_key_t::ecdh_kem_private_key_t(uint8_t *key_buf, size_t key_buf_len, pgp_curve_t curve) - : ec_key_t(curve), - key_(key_buf, key_buf + key_buf_len) -{} +ecdh_kem_private_key_t::ecdh_kem_private_key_t(uint8_t *key_buf, + size_t key_buf_len, + pgp_curve_t curve) + : ec_key_t(curve), key_(key_buf, key_buf + key_buf_len) +{ +} ecdh_kem_private_key_t::ecdh_kem_private_key_t(std::vector key, pgp_curve_t curve) - : ec_key_t(curve), - key_(Botan::secure_vector(key.begin(), key.end())) -{} + : ec_key_t(curve), key_(Botan::secure_vector(key.begin(), key.end())) +{ +} Botan::ECDH_PrivateKey ecdh_kem_private_key_t::botan_key_ecdh(rnp::RNG *rng) const { assert(curve_ >= PGP_CURVE_NIST_P_256 && curve_ <= PGP_CURVE_P256K1); const ec_curve_desc_t *ec_desc = get_curve_desc(curve_); - return Botan::ECDH_PrivateKey(*(rng->obj()), Botan::EC_Group(ec_desc->botan_name), Botan::BigInt(key_)); + return Botan::ECDH_PrivateKey( + *(rng->obj()), Botan::EC_Group(ec_desc->botan_name), Botan::BigInt(key_)); } Botan::ECDH_PublicKey @@ -76,14 +83,13 @@ ecdh_kem_public_key_t::botan_key_ecdh(rnp::RNG *rng) const assert(curve_ >= PGP_CURVE_NIST_P_256 && curve_ <= PGP_CURVE_P256K1); const ec_curve_desc_t *ec_desc = get_curve_desc(curve_); - Botan::EC_Group group(ec_desc->botan_name); - const size_t curve_order = BITS_TO_BYTES(ec_desc->bitlen); - Botan::BigInt x(key_.data() + 1, curve_order); - Botan::BigInt y(key_.data() + 1 + curve_order, curve_order); + Botan::EC_Group group(ec_desc->botan_name); + const size_t curve_order = BITS_TO_BYTES(ec_desc->bitlen); + Botan::BigInt x(key_.data() + 1, curve_order); + Botan::BigInt y(key_.data() + 1 + curve_order, curve_order); return Botan::ECDH_PublicKey(group, group.point(x, y)); } - Botan::Curve25519_PrivateKey ecdh_kem_private_key_t::botan_key_x25519() const { @@ -99,7 +105,10 @@ ecdh_kem_public_key_t::botan_key_x25519() const } rnp_result_t -ecdh_kem_public_key_t::encapsulate(rnp::RNG *rng, std::vector &ciphertext, std::vector &symmetric_key) { +ecdh_kem_public_key_t::encapsulate(rnp::RNG *rng, + std::vector &ciphertext, + std::vector &symmetric_key) +{ if (curve_ == PGP_CURVE_25519) { Botan::Curve25519_PrivateKey eph_prv_key(*(rng->obj())); ciphertext = eph_prv_key.public_value(); @@ -112,8 +121,8 @@ ecdh_kem_public_key_t::encapsulate(rnp::RNG *rng, std::vector &cipherte return RNP_ERROR_NOT_SUPPORTED; } - Botan::EC_Group domain(curve_desc->botan_name); - Botan::ECDH_PrivateKey eph_prv_key(*(rng->obj()), domain); + Botan::EC_Group domain(curve_desc->botan_name); + Botan::ECDH_PrivateKey eph_prv_key(*(rng->obj()), domain); Botan::PK_Key_Agreement key_agreement(eph_prv_key, *(rng->obj()), "Raw"); ciphertext = eph_prv_key.public_value(); symmetric_key = Botan::unlock(key_agreement.derive_key(0, key_).bits_of()); @@ -122,66 +131,68 @@ ecdh_kem_public_key_t::encapsulate(rnp::RNG *rng, std::vector &cipherte } rnp_result_t -ecdh_kem_private_key_t::decapsulate(rnp::RNG *rng, const std::vector &ciphertext, std::vector &plaintext) +ecdh_kem_private_key_t::decapsulate(rnp::RNG *rng, + const std::vector &ciphertext, + std::vector &plaintext) { if (curve_ == PGP_CURVE_25519) { Botan::Curve25519_PrivateKey priv_key = botan_key_x25519(); - Botan::PK_Key_Agreement key_agreement(priv_key, *(rng->obj()), "Raw"); + Botan::PK_Key_Agreement key_agreement(priv_key, *(rng->obj()), "Raw"); plaintext = Botan::unlock(key_agreement.derive_key(0, ciphertext).bits_of()); } else { - Botan::ECDH_PrivateKey priv_key = botan_key_ecdh(rng); + Botan::ECDH_PrivateKey priv_key = botan_key_ecdh(rng); Botan::PK_Key_Agreement key_agreement(priv_key, *(rng->obj()), "Raw"); plaintext = Botan::unlock(key_agreement.derive_key(0, ciphertext).bits_of()); } return RNP_SUCCESS; } -rnp_result_t -ec_key_t::generate_ecdh_kem_key_pair(rnp::RNG *rng, ecdh_kem_key_t *out, pgp_curve_t curve) +rnp_result_t +ec_key_t::generate_ecdh_kem_key_pair(rnp::RNG *rng, ecdh_kem_key_t *out, pgp_curve_t curve) { std::vector pub, priv; - rnp_result_t result = ecdh_kem_gen_keypair_native(rng, priv, pub, curve); - if(result != RNP_SUCCESS) { + rnp_result_t result = ecdh_kem_gen_keypair_native(rng, priv, pub, curve); + if (result != RNP_SUCCESS) { RNP_LOG("error when generating EC key pair"); return result; } - + out->priv = ecdh_kem_private_key_t(priv, curve); out->pub = ecdh_kem_public_key_t(pub, curve); return RNP_SUCCESS; } - exdsa_public_key_t::exdsa_public_key_t(uint8_t *key_buf, size_t key_buf_len, pgp_curve_t curve) - : ec_key_t(curve), - key_(key_buf, key_buf + key_buf_len) -{} + : ec_key_t(curve), key_(key_buf, key_buf + key_buf_len) +{ +} exdsa_public_key_t::exdsa_public_key_t(std::vector key, pgp_curve_t curve) - : ec_key_t(curve), - key_(key) -{} + : ec_key_t(curve), key_(key) +{ +} -exdsa_private_key_t::exdsa_private_key_t(uint8_t *key_buf, size_t key_buf_len, pgp_curve_t curve) - : ec_key_t(curve), - key_(key_buf, key_buf + key_buf_len) -{} +exdsa_private_key_t::exdsa_private_key_t(uint8_t *key_buf, + size_t key_buf_len, + pgp_curve_t curve) + : ec_key_t(curve), key_(key_buf, key_buf + key_buf_len) +{ +} exdsa_private_key_t::exdsa_private_key_t(std::vector key, pgp_curve_t curve) - : ec_key_t(curve), - key_(Botan::secure_vector(key.begin(), key.end())) -{} - + : ec_key_t(curve), key_(Botan::secure_vector(key.begin(), key.end())) +{ +} -rnp_result_t -ec_key_t::generate_exdsa_key_pair(rnp::RNG *rng, exdsa_key_t *out, pgp_curve_t curve) +rnp_result_t +ec_key_t::generate_exdsa_key_pair(rnp::RNG *rng, exdsa_key_t *out, pgp_curve_t curve) { std::vector pub, priv; - rnp_result_t result = exdsa_gen_keypair_native(rng, priv, pub, curve); - if(result != RNP_SUCCESS) { + rnp_result_t result = exdsa_gen_keypair_native(rng, priv, pub, curve); + if (result != RNP_SUCCESS) { RNP_LOG("error when generating EC key pair"); return result; } - + out->priv = exdsa_private_key_t(priv, curve); out->pub = exdsa_public_key_t(pub, curve); @@ -191,8 +202,9 @@ ec_key_t::generate_exdsa_key_pair(rnp::RNG *rng, exdsa_key_t *out, pgp_curve_t c Botan::ECDSA_PrivateKey exdsa_private_key_t::botan_key(rnp::RNG *rng) const { - const ec_curve_desc_t *ec_desc = get_curve_desc(curve_); - Botan::ECDSA_PrivateKey priv_key(*(rng->obj()), Botan::EC_Group(ec_desc->botan_name), Botan::BigInt(key_)); + const ec_curve_desc_t *ec_desc = get_curve_desc(curve_); + Botan::ECDSA_PrivateKey priv_key( + *(rng->obj()), Botan::EC_Group(ec_desc->botan_name), Botan::BigInt(key_)); return priv_key; } @@ -201,47 +213,54 @@ exdsa_public_key_t::botan_key() const { // format: 04 | X | Y const ec_curve_desc_t *ec_desc = get_curve_desc(curve_); - Botan::EC_Group group(ec_desc->botan_name); - const size_t curve_order = BITS_TO_BYTES(ec_desc->bitlen); - Botan::BigInt x(key_.data() + 1, curve_order); - Botan::BigInt y(key_.data() + 1 + curve_order, curve_order); + Botan::EC_Group group(ec_desc->botan_name); + const size_t curve_order = BITS_TO_BYTES(ec_desc->bitlen); + Botan::BigInt x(key_.data() + 1, curve_order); + Botan::BigInt y(key_.data() + 1 + curve_order, curve_order); return Botan::ECDSA_PublicKey(group, group.point(x, y)); } /* NOTE hash_alg unused for ed25519/x25519 curves */ rnp_result_t -exdsa_private_key_t::sign(rnp::RNG *rng, std::vector &sig_out, const uint8_t *hash, size_t hash_len, pgp_hash_alg_t hash_alg) const +exdsa_private_key_t::sign(rnp::RNG *rng, + std::vector &sig_out, + const uint8_t *hash, + size_t hash_len, + pgp_hash_alg_t hash_alg) const { - if(curve_ == PGP_CURVE_ED25519) { + if (curve_ == PGP_CURVE_ED25519) { return ed25519_sign_native(rng, sig_out, Botan::unlock(key_), hash, hash_len); - } - else { + } else { Botan::ECDSA_PrivateKey priv_key = botan_key(rng); - auto signer = Botan::PK_Signer(priv_key, *(rng->obj()), ecdsa_padding_str_for(hash_alg)); + auto signer = + Botan::PK_Signer(priv_key, *(rng->obj()), ecdsa_padding_str_for(hash_alg)); sig_out = signer.sign_message(hash, hash_len, *(rng->obj())); } - return RNP_SUCCESS; + return RNP_SUCCESS; } rnp_result_t -exdsa_public_key_t::verify(const std::vector &sig, const uint8_t *hash, size_t hash_len, pgp_hash_alg_t hash_alg) const +exdsa_public_key_t::verify(const std::vector &sig, + const uint8_t *hash, + size_t hash_len, + pgp_hash_alg_t hash_alg) const { - if(curve_ == PGP_CURVE_ED25519) { + if (curve_ == PGP_CURVE_ED25519) { return ed25519_verify_native(sig, key_, hash, hash_len); - } - else { + } else { Botan::ECDSA_PublicKey pub_key = botan_key(); auto verifier = Botan::PK_Verifier(pub_key, ecdsa_padding_str_for(hash_alg)); - if(verifier.verify_message(hash, hash_len, sig.data(), sig.size())) { + if (verifier.verify_message(hash, hash_len, sig.data(), sig.size())) { return RNP_SUCCESS; } } - return RNP_ERROR_VERIFICATION_FAILED; + return RNP_ERROR_VERIFICATION_FAILED; } bool -exdsa_public_key_t::is_valid(rnp::RNG *rng) const { - if(curve_ == PGP_CURVE_ED25519) { +exdsa_public_key_t::is_valid(rnp::RNG *rng) const +{ + if (curve_ == PGP_CURVE_ED25519) { Botan::Ed25519_PublicKey pub_key(key_); return pub_key.check_key(*(rng->obj()), false); } else { @@ -251,8 +270,9 @@ exdsa_public_key_t::is_valid(rnp::RNG *rng) const { } bool -exdsa_private_key_t::is_valid(rnp::RNG *rng) const { - if(curve_ == PGP_CURVE_ED25519) { +exdsa_private_key_t::is_valid(rnp::RNG *rng) const +{ + if (curve_ == PGP_CURVE_ED25519) { Botan::Ed25519_PrivateKey priv_key(key_); return priv_key.check_key(*(rng->obj()), false); } else { @@ -262,8 +282,9 @@ exdsa_private_key_t::is_valid(rnp::RNG *rng) const { } bool -ecdh_kem_public_key_t::is_valid(rnp::RNG *rng) const { - if(curve_ == PGP_CURVE_25519) { +ecdh_kem_public_key_t::is_valid(rnp::RNG *rng) const +{ + if (curve_ == PGP_CURVE_25519) { auto pub_key = botan_key_x25519(); return pub_key.check_key(*(rng->obj()), false); } else { @@ -272,9 +293,10 @@ ecdh_kem_public_key_t::is_valid(rnp::RNG *rng) const { } } -bool -ecdh_kem_private_key_t::is_valid(rnp::RNG *rng) const { - if(curve_ == PGP_CURVE_25519) { +bool +ecdh_kem_private_key_t::is_valid(rnp::RNG *rng) const +{ + if (curve_ == PGP_CURVE_25519) { auto priv_key = botan_key_x25519(); return priv_key.check_key(*(rng->obj()), false); } else { @@ -282,4 +304,3 @@ ecdh_kem_private_key_t::is_valid(rnp::RNG *rng) const { return priv_key.check_key(*(rng->obj()), false); } } - diff --git a/src/lib/crypto/exdsa_ecdhkem.h b/src/lib/crypto/exdsa_ecdhkem.h index 6bd67a653..b0043ec9d 100644 --- a/src/lib/crypto/exdsa_ecdhkem.h +++ b/src/lib/crypto/exdsa_ecdhkem.h @@ -43,76 +43,83 @@ #include #include - struct ecdh_kem_key_t; /* forward declaration */ -struct exdsa_key_t; /* forward declaration */ +struct exdsa_key_t; /* forward declaration */ class ec_key_t { - -public: + public: virtual ~ec_key_t() = 0; ec_key_t(pgp_curve_t curve); ec_key_t() = default; - static rnp_result_t generate_ecdh_kem_key_pair(rnp::RNG *rng, ecdh_kem_key_t *out, pgp_curve_t curve); - static rnp_result_t generate_exdsa_key_pair(rnp::RNG *rng, exdsa_key_t *out, pgp_curve_t curve); + static rnp_result_t generate_ecdh_kem_key_pair(rnp::RNG *rng, + ecdh_kem_key_t *out, + pgp_curve_t curve); + static rnp_result_t generate_exdsa_key_pair(rnp::RNG *rng, + exdsa_key_t *out, + pgp_curve_t curve); - pgp_curve_t get_curve() const + pgp_curve_t + get_curve() const { return curve_; } -protected: + protected: pgp_curve_t curve_; }; class ecdh_kem_public_key_t : public ec_key_t { - -public: + public: ecdh_kem_public_key_t(uint8_t *key_buf, size_t key_buf_len, pgp_curve_t curve); ecdh_kem_public_key_t(std::vector key_buf, pgp_curve_t curve); ecdh_kem_public_key_t() = default; - bool operator==(const ecdh_kem_public_key_t &rhs) const + bool + operator==(const ecdh_kem_public_key_t &rhs) const { - return (curve_ == rhs.curve_) && (key_ == rhs.key_); + return (curve_ == rhs.curve_) && (key_ == rhs.key_); } bool is_valid(rnp::RNG *rng) const; - std::vector get_encoded() const + std::vector + get_encoded() const { return key_; } - rnp_result_t encapsulate(rnp::RNG *rng, std::vector &ciphertext, std::vector &symmetric_key); + rnp_result_t encapsulate(rnp::RNG *rng, + std::vector &ciphertext, + std::vector &symmetric_key); -private: - Botan::ECDH_PublicKey botan_key_ecdh(rnp::RNG *rng) const; + private: + Botan::ECDH_PublicKey botan_key_ecdh(rnp::RNG *rng) const; Botan::Curve25519_PublicKey botan_key_x25519() const; std::vector key_; }; - class ecdh_kem_private_key_t : public ec_key_t { - -public: + public: ecdh_kem_private_key_t(uint8_t *key_buf, size_t key_buf_len, pgp_curve_t curve); ecdh_kem_private_key_t(std::vector key_buf, pgp_curve_t curve); ecdh_kem_private_key_t() = default; - + bool is_valid(rnp::RNG *rng) const; - std::vector get_encoded() const + std::vector + get_encoded() const { return Botan::unlock(key_); } - rnp_result_t decapsulate(rnp::RNG *rng, const std::vector &ciphertext, std::vector &plaintext); + rnp_result_t decapsulate(rnp::RNG *rng, + const std::vector &ciphertext, + std::vector &plaintext); -private: - Botan::ECDH_PrivateKey botan_key_ecdh(rnp::RNG *rng) const; + private: + Botan::ECDH_PrivateKey botan_key_ecdh(rnp::RNG *rng) const; Botan::Curve25519_PrivateKey botan_key_x25519() const; Botan::secure_vector key_; @@ -120,54 +127,61 @@ class ecdh_kem_private_key_t : public ec_key_t { typedef struct ecdh_kem_key_t { ecdh_kem_private_key_t priv; - ecdh_kem_public_key_t pub; + ecdh_kem_public_key_t pub; } ecdh_kem_key_t; - class exdsa_public_key_t : public ec_key_t { - -public: + public: exdsa_public_key_t(uint8_t *key_buf, size_t key_buf_len, pgp_curve_t curve); exdsa_public_key_t(std::vector key_buf, pgp_curve_t curve); exdsa_public_key_t() = default; - bool operator==(const exdsa_public_key_t &rhs) const + bool + operator==(const exdsa_public_key_t &rhs) const { - return (curve_ == rhs.curve_) && (key_ == rhs.key_); + return (curve_ == rhs.curve_) && (key_ == rhs.key_); } bool is_valid(rnp::RNG *rng) const; - std::vector get_encoded() const + std::vector + get_encoded() const { return key_; } - rnp_result_t verify(const std::vector &sig, const uint8_t *hash, size_t hash_len, pgp_hash_alg_t hash_alg) const; + rnp_result_t verify(const std::vector &sig, + const uint8_t *hash, + size_t hash_len, + pgp_hash_alg_t hash_alg) const; -private: + private: Botan::ECDSA_PublicKey botan_key() const; std::vector key_; }; class exdsa_private_key_t : public ec_key_t { - -public: + public: exdsa_private_key_t(uint8_t *key_buf, size_t key_buf_len, pgp_curve_t curve); exdsa_private_key_t(std::vector key_buf, pgp_curve_t curve); exdsa_private_key_t() = default; bool is_valid(rnp::RNG *rng) const; - std::vector get_encoded() const + std::vector + get_encoded() const { return Botan::unlock(key_); } - rnp_result_t sign(rnp::RNG *rng, std::vector &sig_out, const uint8_t *hash, size_t hash_len, pgp_hash_alg_t hash_alg) const; + rnp_result_t sign(rnp::RNG *rng, + std::vector &sig_out, + const uint8_t *hash, + size_t hash_len, + pgp_hash_alg_t hash_alg) const; -private: + private: Botan::ECDSA_PrivateKey botan_key(rnp::RNG *rng) const; Botan::secure_vector key_; @@ -175,9 +189,7 @@ class exdsa_private_key_t : public ec_key_t { typedef struct exdsa_key_t { exdsa_private_key_t priv; - exdsa_public_key_t pub; + exdsa_public_key_t pub; } exdsa_key_t; - - #endif \ No newline at end of file diff --git a/src/lib/crypto/hash_common.cpp b/src/lib/crypto/hash_common.cpp index c1b87f0aa..ecf49d4e3 100644 --- a/src/lib/crypto/hash_common.cpp +++ b/src/lib/crypto/hash_common.cpp @@ -40,7 +40,7 @@ static const struct hash_alg_map_t { pgp_hash_alg_t type; - const char * name; + const char *name; size_t len; } hash_alg_map[] = {{PGP_HASH_MD5, "MD5", 16}, {PGP_HASH_SHA1, "SHA1", 20}, diff --git a/src/lib/crypto/hash_ossl.cpp b/src/lib/crypto/hash_ossl.cpp index 37b75464d..1048c6e1d 100644 --- a/src/lib/crypto/hash_ossl.cpp +++ b/src/lib/crypto/hash_ossl.cpp @@ -52,7 +52,7 @@ static const id_str_pair openssl_alg_map[] = { namespace rnp { Hash_OpenSSL::Hash_OpenSSL(pgp_hash_alg_t alg) : Hash(alg) { - const char * hash_name = Hash_OpenSSL::name_backend(alg); + const char *hash_name = Hash_OpenSSL::name_backend(alg); const EVP_MD *hash_tp = EVP_get_digestbyname(hash_name); if (!hash_tp) { RNP_LOG("Error creating hash object for '%s'", hash_name); diff --git a/src/lib/crypto/hkdf.cpp b/src/lib/crypto/hkdf.cpp index 41a2cccc6..0beda1f7a 100644 --- a/src/lib/crypto/hkdf.cpp +++ b/src/lib/crypto/hkdf.cpp @@ -24,7 +24,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ - #include "config.h" #include "hkdf.hpp" @@ -55,7 +54,8 @@ Hkdf::size() const return size_; } -pgp_hash_alg_t Hkdf::alg() const +pgp_hash_alg_t +Hkdf::alg() const { return hash_alg_; } diff --git a/src/lib/crypto/hkdf.hpp b/src/lib/crypto/hkdf.hpp index 43eb15cb5..219ea7d42 100644 --- a/src/lib/crypto/hkdf.hpp +++ b/src/lib/crypto/hkdf.hpp @@ -58,7 +58,7 @@ class Hkdf { size_t ikm_len, const uint8_t *info, size_t info_len, - uint8_t * output_buf, + uint8_t *output_buf, size_t output_length) = 0; virtual ~Hkdf(); diff --git a/src/lib/crypto/hkdf_botan.cpp b/src/lib/crypto/hkdf_botan.cpp index d93a27513..be59738a2 100644 --- a/src/lib/crypto/hkdf_botan.cpp +++ b/src/lib/crypto/hkdf_botan.cpp @@ -39,8 +39,8 @@ Hkdf_Botan::create(pgp_hash_alg_t alg) return std::unique_ptr(new Hkdf_Botan(alg)); } - -std::string Hkdf_Botan::alg() const +std::string +Hkdf_Botan::alg() const { return std::string("HKDF(") + Hash_Botan::name_backend(Hkdf::alg()) + ")"; } @@ -52,16 +52,13 @@ Hkdf_Botan::extract_expand(const uint8_t *salt, size_t ikm_len, const uint8_t *info, size_t info_len, - uint8_t * output_buf, + uint8_t *output_buf, size_t output_length) { std::unique_ptr kdf = Botan::KDF::create_or_throw(Hkdf_Botan::alg(), ""); Botan::secure_vector OKM; - OKM = kdf->derive_key(output_length, - ikm, ikm_len, - salt, salt_len, - info, info_len); + OKM = kdf->derive_key(output_length, ikm, ikm_len, salt, salt_len, info, info_len); memcpy(output_buf, Botan::unlock(OKM).data(), output_length); } diff --git a/src/lib/crypto/hkdf_botan.hpp b/src/lib/crypto/hkdf_botan.hpp index b05b61982..80551216c 100644 --- a/src/lib/crypto/hkdf_botan.hpp +++ b/src/lib/crypto/hkdf_botan.hpp @@ -52,7 +52,7 @@ class Hkdf_Botan : public Hkdf { size_t ikm_len, const uint8_t *info, size_t info_len, - uint8_t * output_buf, + uint8_t *output_buf, size_t output_length); }; diff --git a/src/lib/crypto/kmac.cpp b/src/lib/crypto/kmac.cpp index 52ec4e825..1101cca43 100644 --- a/src/lib/crypto/kmac.cpp +++ b/src/lib/crypto/kmac.cpp @@ -24,7 +24,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ - #include "config.h" #include "kmac.hpp" @@ -67,7 +66,7 @@ KMAC256::counter() const return counter_; } -/* +/* // Input: // algID - the algorithm ID encoded as octet // publicKey - the recipient's encryption sub-key packet @@ -79,7 +78,8 @@ std::vector KMAC256::fixedInfo(const std::vector &subkey_pkt_hash, pgp_pubkey_alg_t alg_id) { std::vector result(subkey_pkt_hash); - result.insert(result.begin(), (static_cast(alg_id)));; + result.insert(result.begin(), (static_cast(alg_id))); + ; return result; } @@ -89,7 +89,7 @@ KMAC256::encData(const std::vector &ecc_key_share, const std::vector &kyber_key_share, const std::vector &kyber_ciphertext, const std::vector &subkey_pkt_hash, - pgp_pubkey_alg_t alg_id) + pgp_pubkey_alg_t alg_id) { std::vector enc_data; std::vector counter_vec = counter(); @@ -111,7 +111,6 @@ KMAC256::encData(const std::vector &ecc_key_share, return enc_data; } - KMAC256::~KMAC256() { } diff --git a/src/lib/crypto/kmac.hpp b/src/lib/crypto/kmac.hpp index 20507c3a3..02fdcd95d 100644 --- a/src/lib/crypto/kmac.hpp +++ b/src/lib/crypto/kmac.hpp @@ -32,18 +32,21 @@ #include "config.h" #include "pgp-key.h" - namespace rnp { class KMAC256 { - /* KDF for PQC key combiner according to https://datatracker.ietf.org/doc/html/draft-wussler-openpgp-pqc-01 */ + /* KDF for PQC key combiner according to + * https://datatracker.ietf.org/doc/html/draft-wussler-openpgp-pqc-01 */ protected: - /* The value of domSeparation is the UTF-8 encoding of the string "OpenPGPV5CompositeKDF" and MUST be the following octet sequence: + /* The value of domSeparation is the UTF-8 encoding of the string "OpenPGPV5CompositeKDF" + and MUST be the following octet sequence: domSeparation := 4F 70 65 6E 50 47 50 56 35 43 6F 6D 70 6F 73 69 74 65 4B 44 46 */ - const std::vector domSeparation_ = std::vector({0x4F, 0x70, 0x65, 0x6E, 0x50, 0x47, 0x50, 0x56, 0x35, 0x43, 0x6F, 0x6D, 0x70, 0x6F, 0x73, 0x69, 0x74, 0x65, 0x4B, 0x44, 0x46}); + const std::vector domSeparation_ = + std::vector({0x4F, 0x70, 0x65, 0x6E, 0x50, 0x47, 0x50, 0x56, 0x35, 0x43, 0x6F, + 0x6D, 0x70, 0x6F, 0x73, 0x69, 0x74, 0x65, 0x4B, 0x44, 0x46}); /* customizationString := 4B 44 46 */ const std::vector customizationString_ = std::vector({0x4B, 0x44, 0x46}); @@ -54,15 +57,16 @@ class KMAC256 { std::vector domSeparation() const; std::vector customizationString() const; std::vector counter() const; - std::vector fixedInfo(const std::vector &subkey_pkt_hash, pgp_pubkey_alg_t alg_id); + std::vector fixedInfo(const std::vector &subkey_pkt_hash, + pgp_pubkey_alg_t alg_id); std::vector encData(const std::vector &ecc_key_share, const std::vector &ecc_ciphertext, const std::vector &kyber_key_share, const std::vector &kyber_ciphertext, const std::vector &subkey_pkt_hash, - pgp_pubkey_alg_t alg_id); + pgp_pubkey_alg_t alg_id); - KMAC256() {}; + KMAC256(){}; public: static std::unique_ptr create(); @@ -72,7 +76,7 @@ class KMAC256 { const std::vector &ecc_key_ciphertext, const std::vector &kyber_key_share, const std::vector &kyber_ciphertext, - const pgp_pubkey_alg_t alg_id, + const pgp_pubkey_alg_t alg_id, const std::vector &subkey_pkt_hash, std::vector &out) = 0; diff --git a/src/lib/crypto/kmac_botan.cpp b/src/lib/crypto/kmac_botan.cpp index 55c604cb3..6bf13c257 100644 --- a/src/lib/crypto/kmac_botan.cpp +++ b/src/lib/crypto/kmac_botan.cpp @@ -45,21 +45,26 @@ KMAC256_Botan::compute(const std::vector &ecc_key_share, const std::vector &ecc_ciphertext, const std::vector &kyber_key_share, const std::vector &kyber_ciphertext, - const pgp_pubkey_alg_t alg_id, + const pgp_pubkey_alg_t alg_id, const std::vector &subkey_pkt_hash, std::vector &out) { auto kmac = Botan::MessageAuthenticationCode::create_or_throw("KMAC256(256)"); /* the mapping between the KEM Combiner and the MAC interface is: - * key <> domSeparation - * nonce <> customizationString - * message <> encData - */ + * key <> domSeparation + * nonce <> customizationString + * message <> encData + */ kmac->set_key(domSeparation()); kmac->start(customizationString()); // set nonce - kmac->update(encData(ecc_key_share, ecc_ciphertext, kyber_key_share, kyber_ciphertext, subkey_pkt_hash, alg_id)); + kmac->update(encData(ecc_key_share, + ecc_ciphertext, + kyber_key_share, + kyber_ciphertext, + subkey_pkt_hash, + alg_id)); out = kmac->final_stdvec(); } diff --git a/src/lib/crypto/kmac_botan.hpp b/src/lib/crypto/kmac_botan.hpp index 3da07fffb..cbfc6f379 100644 --- a/src/lib/crypto/kmac_botan.hpp +++ b/src/lib/crypto/kmac_botan.hpp @@ -32,9 +32,7 @@ namespace rnp { class KMAC256_Botan : public KMAC256 { - - private: - + private: public: KMAC256_Botan(); KMAC256_Botan(const KMAC256_Botan &src); @@ -47,7 +45,7 @@ class KMAC256_Botan : public KMAC256 { const std::vector &ecc_ciphertext, const std::vector &kyber_key_share, const std::vector &kyber_ciphertext, - const pgp_pubkey_alg_t alg_id, + const pgp_pubkey_alg_t alg_id, const std::vector &subkey_pkt_hash, std::vector &out) override; }; diff --git a/src/lib/crypto/kyber.cpp b/src/lib/crypto/kyber.cpp index b8109a700..56f518704 100644 --- a/src/lib/crypto/kyber.cpp +++ b/src/lib/crypto/kyber.cpp @@ -61,7 +61,7 @@ std::pair kyber_generate_keypair(rnp::RNG *rng, kyber_parameter_e kyber_param) { Kyber_PrivateKey kyber_priv(*rng->obj(), rnp_kyber_param_to_botan_kyber_mode(kyber_param)); - + secure_vector encoded_private_key = kyber_priv.private_key_bits(); std::unique_ptr kyber_pub = kyber_priv.public_key(); @@ -83,7 +83,7 @@ pgp_kyber_private_key_t::botan_key() const { secure_vector key_sv(key_encoded_.data(), key_encoded_.data() + key_encoded_.size()); - return Kyber_PrivateKey(key_sv, rnp_kyber_param_to_botan_kyber_mode(kyber_mode_)); + return Kyber_PrivateKey(key_sv, rnp_kyber_param_to_botan_kyber_mode(kyber_mode_)); } kyber_encap_result_t @@ -96,7 +96,10 @@ pgp_kyber_public_key_t::encapsulate(rnp::RNG *rng) secure_vector encap_key; // this has to go over the wire secure_vector data_encryption_key; // this is the key used for // encryption of the payload data - kem_enc.encrypt(encap_key, data_encryption_key, key_share_size_from_kyber_param(kyber_mode_), *rng->obj()); + kem_enc.encrypt(encap_key, + data_encryption_key, + key_share_size_from_kyber_param(kyber_mode_), + *rng->obj()); kyber_encap_result_t result; result.ciphertext.insert( result.ciphertext.end(), encap_key.data(), encap_key.data() + encap_key.size()); @@ -107,32 +110,37 @@ pgp_kyber_public_key_t::encapsulate(rnp::RNG *rng) } std::vector -pgp_kyber_private_key_t::decapsulate(rnp::RNG *rng, const uint8_t *ciphertext, size_t ciphertext_len) +pgp_kyber_private_key_t::decapsulate(rnp::RNG *rng, + const uint8_t *ciphertext, + size_t ciphertext_len) { assert(is_initialized_); - auto decoded_kyber_priv = botan_key(); + auto decoded_kyber_priv = botan_key(); PK_KEM_Decryptor kem_dec(decoded_kyber_priv, *rng->obj(), "Raw", "base"); - secure_vector dec_shared_key = kem_dec.decrypt(ciphertext, ciphertext_len, key_share_size_from_kyber_param(kyber_mode_)); + secure_vector dec_shared_key = kem_dec.decrypt( + ciphertext, ciphertext_len, key_share_size_from_kyber_param(kyber_mode_)); return std::vector(dec_shared_key.data(), dec_shared_key.data() + dec_shared_key.size()); } bool -pgp_kyber_public_key_t::is_valid(rnp::RNG *rng) const { - if(!is_initialized_) { +pgp_kyber_public_key_t::is_valid(rnp::RNG *rng) const +{ + if (!is_initialized_) { return false; } - auto key = botan_key(); + auto key = botan_key(); return key.check_key(*(rng->obj()), false); } bool -pgp_kyber_private_key_t::is_valid(rnp::RNG *rng) const { - if(!is_initialized_) { +pgp_kyber_private_key_t::is_valid(rnp::RNG *rng) const +{ + if (!is_initialized_) { return false; } - auto key = botan_key(); + auto key = botan_key(); return key.check_key(*(rng->obj()), false); } diff --git a/src/lib/crypto/kyber.h b/src/lib/crypto/kyber.h index 4d1c3ab06..680df70e9 100644 --- a/src/lib/crypto/kyber.h +++ b/src/lib/crypto/kyber.h @@ -48,13 +48,17 @@ struct kyber_encap_result_t { class pgp_kyber_private_key_t { public: - pgp_kyber_private_key_t(const uint8_t *key_encoded, size_t key_encoded_len, kyber_parameter_e mode); + pgp_kyber_private_key_t(const uint8_t *key_encoded, + size_t key_encoded_len, + kyber_parameter_e mode); pgp_kyber_private_key_t(std::vector const &key_encoded, kyber_parameter_e mode); pgp_kyber_private_key_t() = default; bool is_valid(rnp::RNG *rng) const; - std::vector decapsulate(rnp::RNG *rng, const uint8_t *ciphertext, size_t ciphertext_len); + std::vector decapsulate(rnp::RNG *rng, + const uint8_t *ciphertext, + size_t ciphertext_len); std::vector get_encoded() const { @@ -71,20 +75,23 @@ class pgp_kyber_private_key_t { Botan::Kyber_PrivateKey botan_key() const; Botan::secure_vector key_encoded_; - kyber_parameter_e kyber_mode_; - bool is_initialized_ = false; + kyber_parameter_e kyber_mode_; + bool is_initialized_ = false; }; class pgp_kyber_public_key_t { public: - pgp_kyber_public_key_t(const uint8_t *key_encoded, size_t key_encoded_len, kyber_parameter_e mode); + pgp_kyber_public_key_t(const uint8_t *key_encoded, + size_t key_encoded_len, + kyber_parameter_e mode); pgp_kyber_public_key_t(std::vector const &key_encoded, kyber_parameter_e mode); pgp_kyber_public_key_t() = default; kyber_encap_result_t encapsulate(rnp::RNG *rng); - bool operator==(const pgp_kyber_public_key_t &rhs) const + bool + operator==(const pgp_kyber_public_key_t &rhs) const { - return (kyber_mode_ == rhs.kyber_mode_) && (key_encoded_ == rhs.key_encoded_); + return (kyber_mode_ == rhs.kyber_mode_) && (key_encoded_ == rhs.key_encoded_); } bool is_valid(rnp::RNG *rng) const; @@ -99,8 +106,8 @@ class pgp_kyber_public_key_t { Botan::Kyber_PublicKey botan_key() const; std::vector key_encoded_; - kyber_parameter_e kyber_mode_; - bool is_initialized_ = false; + kyber_parameter_e kyber_mode_; + bool is_initialized_ = false; }; std::pair kyber_generate_keypair( diff --git a/src/lib/crypto/kyber_common.cpp b/src/lib/crypto/kyber_common.cpp index a0b1112c4..bf3be17b8 100644 --- a/src/lib/crypto/kyber_common.cpp +++ b/src/lib/crypto/kyber_common.cpp @@ -32,81 +32,87 @@ #include "types.h" #include "logging.h" -size_t kyber_privkey_size(kyber_parameter_e parameter) { - switch(parameter) { - case kyber_768: - return 2400; - case kyber_1024: - return 3168; - default: - RNP_LOG("invalid parameter given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +size_t +kyber_privkey_size(kyber_parameter_e parameter) +{ + switch (parameter) { + case kyber_768: + return 2400; + case kyber_1024: + return 3168; + default: + RNP_LOG("invalid parameter given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } -size_t kyber_pubkey_size(kyber_parameter_e parameter) { - switch(parameter) { - case kyber_768: - return 1184; - case kyber_1024: - return 1568; - default: - RNP_LOG("invalid parameter given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +size_t +kyber_pubkey_size(kyber_parameter_e parameter) +{ + switch (parameter) { + case kyber_768: + return 1184; + case kyber_1024: + return 1568; + default: + RNP_LOG("invalid parameter given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } -size_t kyber_keyshare_size(kyber_parameter_e parameter) { - switch(parameter) { - case kyber_768: - return 24; - case kyber_1024: - return 32; - default: - RNP_LOG("invalid parameter given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +size_t +kyber_keyshare_size(kyber_parameter_e parameter) +{ + switch (parameter) { + case kyber_768: + return 24; + case kyber_1024: + return 32; + default: + RNP_LOG("invalid parameter given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } -size_t kyber_ciphertext_size(kyber_parameter_e parameter) { - switch(parameter) { - case kyber_768: - return 1088; - case kyber_1024: - return 1568; - default: - RNP_LOG("invalid parameter given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +size_t +kyber_ciphertext_size(kyber_parameter_e parameter) +{ + switch (parameter) { + case kyber_768: + return 1088; + case kyber_1024: + return 1568; + default: + RNP_LOG("invalid parameter given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } -pgp_kyber_public_key_t::pgp_kyber_public_key_t(const uint8_t *key_encoded, size_t key_encoded_len, kyber_parameter_e mode): - key_encoded_(key_encoded, key_encoded + key_encoded_len), - kyber_mode_(mode), - is_initialized_(true) +pgp_kyber_public_key_t::pgp_kyber_public_key_t(const uint8_t *key_encoded, + size_t key_encoded_len, + kyber_parameter_e mode) + : key_encoded_(key_encoded, key_encoded + key_encoded_len), kyber_mode_(mode), + is_initialized_(true) { } -pgp_kyber_public_key_t::pgp_kyber_public_key_t(std::vector const& key_encoded, kyber_parameter_e mode): - key_encoded_(key_encoded), - kyber_mode_(mode), - is_initialized_(true) +pgp_kyber_public_key_t::pgp_kyber_public_key_t(std::vector const &key_encoded, + kyber_parameter_e mode) + : key_encoded_(key_encoded), kyber_mode_(mode), is_initialized_(true) { } - -pgp_kyber_private_key_t::pgp_kyber_private_key_t(const uint8_t *key_encoded, size_t key_encoded_len, kyber_parameter_e mode): - key_encoded_(key_encoded, key_encoded + key_encoded_len), - kyber_mode_(mode), - is_initialized_(true) +pgp_kyber_private_key_t::pgp_kyber_private_key_t(const uint8_t *key_encoded, + size_t key_encoded_len, + kyber_parameter_e mode) + : key_encoded_(key_encoded, key_encoded + key_encoded_len), kyber_mode_(mode), + is_initialized_(true) { } - -pgp_kyber_private_key_t::pgp_kyber_private_key_t(std::vector const& key_encoded, kyber_parameter_e mode): - key_encoded_(Botan::secure_vector(key_encoded.begin(), key_encoded.end())), - kyber_mode_(mode), - is_initialized_(true) +pgp_kyber_private_key_t::pgp_kyber_private_key_t(std::vector const &key_encoded, + kyber_parameter_e mode) + : key_encoded_(Botan::secure_vector(key_encoded.begin(), key_encoded.end())), + kyber_mode_(mode), is_initialized_(true) { } - diff --git a/src/lib/crypto/kyber_ecdh_composite.cpp b/src/lib/crypto/kyber_ecdh_composite.cpp index b3e19e1c1..93c7858aa 100644 --- a/src/lib/crypto/kyber_ecdh_composite.cpp +++ b/src/lib/crypto/kyber_ecdh_composite.cpp @@ -37,212 +37,231 @@ #include #include -pgp_kyber_ecdh_composite_key_t::~pgp_kyber_ecdh_composite_key_t() {} +pgp_kyber_ecdh_composite_key_t::~pgp_kyber_ecdh_composite_key_t() +{ +} void -pgp_kyber_ecdh_composite_key_t::initialized_or_throw() const { - if(!is_initialized()) { +pgp_kyber_ecdh_composite_key_t::initialized_or_throw() const +{ + if (!is_initialized()) { RNP_LOG("Trying to use uninitialized kyber-ecdh key"); - throw rnp::rnp_exception(RNP_ERROR_GENERIC); /* TODO better return error */ + throw rnp::rnp_exception(RNP_ERROR_GENERIC); /* TODO better return error */ } } rnp_result_t -pgp_kyber_ecdh_composite_key_t::gen_keypair(rnp::RNG *rng, pgp_kyber_ecdh_key_t *key, pgp_pubkey_alg_t alg) +pgp_kyber_ecdh_composite_key_t::gen_keypair(rnp::RNG *rng, + pgp_kyber_ecdh_key_t *key, + pgp_pubkey_alg_t alg) { - rnp_result_t res; - pgp_curve_t curve = pk_alg_to_curve_id(alg); + rnp_result_t res; + pgp_curve_t curve = pk_alg_to_curve_id(alg); kyber_parameter_e kyber_id = pk_alg_to_kyber_id(alg); ecdh_kem_key_t ecdh_key_pair; res = ec_key_t::generate_ecdh_kem_key_pair(rng, &ecdh_key_pair, curve); - if(res != RNP_SUCCESS) { + if (res != RNP_SUCCESS) { RNP_LOG("generating kyber ecdh composite key failed when generating ecdh key"); return res; } auto kyber_key_pair = kyber_generate_keypair(rng, kyber_id); - key->priv = pgp_kyber_ecdh_composite_private_key_t(ecdh_key_pair.priv.get_encoded(), kyber_key_pair.second.get_encoded(), alg); - key->pub = pgp_kyber_ecdh_composite_public_key_t(ecdh_key_pair.pub.get_encoded(), kyber_key_pair.first.get_encoded(), alg); + key->priv = pgp_kyber_ecdh_composite_private_key_t( + ecdh_key_pair.priv.get_encoded(), kyber_key_pair.second.get_encoded(), alg); + key->pub = pgp_kyber_ecdh_composite_public_key_t( + ecdh_key_pair.pub.get_encoded(), kyber_key_pair.first.get_encoded(), alg); return RNP_SUCCESS; } size_t -pgp_kyber_ecdh_composite_key_t::ecdh_curve_privkey_size(pgp_curve_t curve) { - switch(curve) { - case PGP_CURVE_25519: - return 32; - /* TODO */ - // case PGP_CURVE_X448: - // return 56; - case PGP_CURVE_NIST_P_256: - return 32; - case PGP_CURVE_NIST_P_384: - return 48; - case PGP_CURVE_BP256: - return 32; - case PGP_CURVE_BP384: - return 48; - default: - RNP_LOG("invalid curve given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +pgp_kyber_ecdh_composite_key_t::ecdh_curve_privkey_size(pgp_curve_t curve) +{ + switch (curve) { + case PGP_CURVE_25519: + return 32; + /* TODO */ + // case PGP_CURVE_X448: + // return 56; + case PGP_CURVE_NIST_P_256: + return 32; + case PGP_CURVE_NIST_P_384: + return 48; + case PGP_CURVE_BP256: + return 32; + case PGP_CURVE_BP384: + return 48; + default: + RNP_LOG("invalid curve given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } size_t -pgp_kyber_ecdh_composite_key_t::ecdh_curve_pubkey_size(pgp_curve_t curve) { - switch(curve) { - case PGP_CURVE_25519: - return 32; - /* TODO */ - // case PGP_CURVE_X448: - // return 56; - case PGP_CURVE_NIST_P_256: - return 65; - case PGP_CURVE_NIST_P_384: - return 97; - case PGP_CURVE_BP256: - return 65; - case PGP_CURVE_BP384: - return 97; - default: - RNP_LOG("invalid curve given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +pgp_kyber_ecdh_composite_key_t::ecdh_curve_pubkey_size(pgp_curve_t curve) +{ + switch (curve) { + case PGP_CURVE_25519: + return 32; + /* TODO */ + // case PGP_CURVE_X448: + // return 56; + case PGP_CURVE_NIST_P_256: + return 65; + case PGP_CURVE_NIST_P_384: + return 97; + case PGP_CURVE_BP256: + return 65; + case PGP_CURVE_BP384: + return 97; + default: + RNP_LOG("invalid curve given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } size_t -pgp_kyber_ecdh_composite_key_t::ecdh_curve_ephemeral_size(pgp_curve_t curve) { - switch(curve) { - case PGP_CURVE_25519: - return 32; - /* TODO */ - // case PGP_CURVE_X448: - // return 56; - case PGP_CURVE_NIST_P_256: - return 65; - case PGP_CURVE_NIST_P_384: - return 97; - case PGP_CURVE_BP256: - return 65; - case PGP_CURVE_BP384: - return 97; - default: - RNP_LOG("invalid curve given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +pgp_kyber_ecdh_composite_key_t::ecdh_curve_ephemeral_size(pgp_curve_t curve) +{ + switch (curve) { + case PGP_CURVE_25519: + return 32; + /* TODO */ + // case PGP_CURVE_X448: + // return 56; + case PGP_CURVE_NIST_P_256: + return 65; + case PGP_CURVE_NIST_P_384: + return 97; + case PGP_CURVE_BP256: + return 65; + case PGP_CURVE_BP384: + return 97; + default: + RNP_LOG("invalid curve given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } size_t -pgp_kyber_ecdh_composite_key_t::ecdh_curve_keyshare_size(pgp_curve_t curve) { - switch(curve) { - case PGP_CURVE_25519: - return 32; - /* TODO */ - // case PGP_CURVE_X448: - // return 56; - case PGP_CURVE_NIST_P_256: - return 32; - case PGP_CURVE_NIST_P_384: - return 48; - case PGP_CURVE_BP256: - return 32; - case PGP_CURVE_BP384: - return 48; - default: - RNP_LOG("invalid curve given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); +pgp_kyber_ecdh_composite_key_t::ecdh_curve_keyshare_size(pgp_curve_t curve) +{ + switch (curve) { + case PGP_CURVE_25519: + return 32; + /* TODO */ + // case PGP_CURVE_X448: + // return 56; + case PGP_CURVE_NIST_P_256: + return 32; + case PGP_CURVE_NIST_P_384: + return 48; + case PGP_CURVE_BP256: + return 32; + case PGP_CURVE_BP384: + return 48; + default: + RNP_LOG("invalid curve given"); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } kyber_parameter_e -pgp_kyber_ecdh_composite_key_t::pk_alg_to_kyber_id(pgp_pubkey_alg_t pk_alg) { - switch(pk_alg) - { - case PGP_PKA_KYBER768_X25519: +pgp_kyber_ecdh_composite_key_t::pk_alg_to_kyber_id(pgp_pubkey_alg_t pk_alg) +{ + switch (pk_alg) { + case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: + case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: - return kyber_768; - case PGP_PKA_KYBER1024_BP384: + case PGP_PKA_KYBER768_BP256: + return kyber_768; + case PGP_PKA_KYBER1024_BP384: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: + case PGP_PKA_KYBER1024_P384: //[[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: + // case PGP_PKA_KYBER1024_X448: return kyber_1024; - default: + default: RNP_LOG("invalid PK alg given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } pgp_curve_t -pgp_kyber_ecdh_composite_key_t::pk_alg_to_curve_id(pgp_pubkey_alg_t pk_alg) { - switch(pk_alg) - { - case PGP_PKA_KYBER768_X25519: +pgp_kyber_ecdh_composite_key_t::pk_alg_to_curve_id(pgp_pubkey_alg_t pk_alg) +{ + switch (pk_alg) { + case PGP_PKA_KYBER768_X25519: return PGP_CURVE_25519; - case PGP_PKA_KYBER768_P256: + case PGP_PKA_KYBER768_P256: return PGP_CURVE_NIST_P_256; - case PGP_PKA_KYBER768_BP256: - return PGP_CURVE_BP256; - case PGP_PKA_KYBER1024_BP384: + case PGP_PKA_KYBER768_BP256: + return PGP_CURVE_BP256; + case PGP_PKA_KYBER1024_BP384: return PGP_CURVE_BP384; - case PGP_PKA_KYBER1024_P384: + case PGP_PKA_KYBER1024_P384: return PGP_CURVE_NIST_P_384; - /*case PGP_PKA_KYBER1024_X448: - return ... NOT_IMPLEMENTED*/ - default: + /*case PGP_PKA_KYBER1024_X448: + return ... NOT_IMPLEMENTED*/ + default: RNP_LOG("invalid PK alg given"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } } - -pgp_kyber_ecdh_composite_private_key_t::pgp_kyber_ecdh_composite_private_key_t(const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg): - pk_alg_(pk_alg) +pgp_kyber_ecdh_composite_private_key_t::pgp_kyber_ecdh_composite_private_key_t( + const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg) { parse_component_keys(std::vector(key_encoded, key_encoded + key_encoded_len)); } -pgp_kyber_ecdh_composite_private_key_t::pgp_kyber_ecdh_composite_private_key_t(std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg): - pk_alg_(pk_alg) +pgp_kyber_ecdh_composite_private_key_t::pgp_kyber_ecdh_composite_private_key_t( + std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg) { parse_component_keys(key_encoded); } -pgp_kyber_ecdh_composite_private_key_t::pgp_kyber_ecdh_composite_private_key_t(std::vector const &ecdh_key_encoded, std::vector const &kyber_key_encoded, pgp_pubkey_alg_t pk_alg) +pgp_kyber_ecdh_composite_private_key_t::pgp_kyber_ecdh_composite_private_key_t( + std::vector const &ecdh_key_encoded, + std::vector const &kyber_key_encoded, + pgp_pubkey_alg_t pk_alg) : pk_alg_(pk_alg) { - if(ecdh_curve_privkey_size(pk_alg_to_curve_id(pk_alg)) != ecdh_key_encoded.size() - || kyber_privkey_size(pk_alg_to_kyber_id(pk_alg)) != kyber_key_encoded.size()) - { + if (ecdh_curve_privkey_size(pk_alg_to_curve_id(pk_alg)) != ecdh_key_encoded.size() || + kyber_privkey_size(pk_alg_to_kyber_id(pk_alg)) != kyber_key_encoded.size()) { RNP_LOG("ecdh or kyber key length mismatch"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } - kyber_key_ = std::make_unique(pgp_kyber_private_key_t(kyber_key_encoded, pk_alg_to_kyber_id(pk_alg))); - ecdh_key_ = std::make_unique(ecdh_kem_private_key_t(ecdh_key_encoded, pk_alg_to_curve_id(pk_alg))); + kyber_key_ = std::make_unique( + pgp_kyber_private_key_t(kyber_key_encoded, pk_alg_to_kyber_id(pk_alg))); + ecdh_key_ = std::make_unique( + ecdh_kem_private_key_t(ecdh_key_encoded, pk_alg_to_curve_id(pk_alg))); is_initialized_ = true; } -/* copy assignment operator is used on key materials struct and thus needs to be defined for this class as well */ -pgp_kyber_ecdh_composite_private_key_t& pgp_kyber_ecdh_composite_private_key_t::operator=(const pgp_kyber_ecdh_composite_private_key_t& other) +/* copy assignment operator is used on key materials struct and thus needs to be defined for + * this class as well */ +pgp_kyber_ecdh_composite_private_key_t & +pgp_kyber_ecdh_composite_private_key_t::operator=( + const pgp_kyber_ecdh_composite_private_key_t &other) { pgp_kyber_ecdh_composite_key_t::operator=(other); pk_alg_ = other.pk_alg_; - if(other.is_initialized() && other.kyber_key_) - { - kyber_key_ = std::make_unique(pgp_kyber_private_key_t(other.kyber_key_->get_encoded(), other.kyber_key_->param())); + if (other.is_initialized() && other.kyber_key_) { + kyber_key_ = std::make_unique( + pgp_kyber_private_key_t(other.kyber_key_->get_encoded(), other.kyber_key_->param())); } - if(other.is_initialized() && other.ecdh_key_) - { - ecdh_key_ = std::make_unique(ecdh_kem_private_key_t(other.ecdh_key_->get_encoded(), other.ecdh_key_->get_curve())); + if (other.is_initialized() && other.ecdh_key_) { + ecdh_key_ = std::make_unique(ecdh_kem_private_key_t( + other.ecdh_key_->get_encoded(), other.ecdh_key_->get_curve())); } return *this; @@ -251,115 +270,140 @@ pgp_kyber_ecdh_composite_private_key_t& pgp_kyber_ecdh_composite_private_key_t:: size_t pgp_kyber_ecdh_composite_private_key_t::encoded_size(pgp_pubkey_alg_t pk_alg) { - kyber_parameter_e kyber_param = pk_alg_to_kyber_id(pk_alg); - pgp_curve_t curve = pk_alg_to_curve_id(pk_alg); - return ecdh_curve_privkey_size(curve) + kyber_privkey_size(kyber_param); + kyber_parameter_e kyber_param = pk_alg_to_kyber_id(pk_alg); + pgp_curve_t curve = pk_alg_to_curve_id(pk_alg); + return ecdh_curve_privkey_size(curve) + kyber_privkey_size(kyber_param); } void -pgp_kyber_ecdh_composite_private_key_t::parse_component_keys(std::vector key_encoded) { +pgp_kyber_ecdh_composite_private_key_t::parse_component_keys(std::vector key_encoded) +{ if (key_encoded.size() != encoded_size(pk_alg_)) { RNP_LOG("Kyber composite key format invalid: length mismatch"); throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } kyber_parameter_e kyber_param = pk_alg_to_kyber_id(pk_alg_); - pgp_curve_t ecdh_curve = pk_alg_to_curve_id(pk_alg_); - size_t split_at = ecdh_curve_privkey_size(pk_alg_to_curve_id(pk_alg_)); - - kyber_key_ = std::make_unique(pgp_kyber_private_key_t(key_encoded.data() + split_at, key_encoded.size() - split_at, kyber_param)); - ecdh_key_ = std::make_unique(ecdh_kem_private_key_t(key_encoded.data(), split_at, ecdh_curve)); + pgp_curve_t ecdh_curve = pk_alg_to_curve_id(pk_alg_); + size_t split_at = ecdh_curve_privkey_size(pk_alg_to_curve_id(pk_alg_)); + + kyber_key_ = std::make_unique(pgp_kyber_private_key_t( + key_encoded.data() + split_at, key_encoded.size() - split_at, kyber_param)); + ecdh_key_ = std::make_unique( + ecdh_kem_private_key_t(key_encoded.data(), split_at, ecdh_curve)); is_initialized_ = true; } - -namespace +namespace { +std::vector +hashed_ecc_keyshare(const std::vector &key_share, + const std::vector &ciphertext, + pgp_pubkey_alg_t alg_id) { - std::vector hashed_ecc_keyshare(const std::vector &key_share, const std::vector &ciphertext, pgp_pubkey_alg_t alg_id) - { - /* SHA3-256(X || eccCipherText) or SHA3-256(X || eccCipherText) depending on algorithm */ - - std::vector digest; - pgp_hash_alg_t hash_alg; - - switch(alg_id) - { - case PGP_PKA_KYBER768_X25519: - case PGP_PKA_KYBER768_BP256: - case PGP_PKA_KYBER768_P256: - hash_alg = PGP_HASH_SHA3_256; - break; - //case PGP_PKA_KYBER1024_X448: - case PGP_PKA_KYBER1024_P384: - case PGP_PKA_KYBER1024_BP384: - hash_alg = PGP_HASH_SHA3_512; - break; - default: - RNP_LOG("key combiner does not support this algorithm"); - throw rnp::rnp_exception(RNP_ERROR_BAD_STATE); - } - - auto hash = rnp::Hash::create(hash_alg); - hash->add(key_share); - hash->add(ciphertext); - - digest.resize(rnp::Hash::size(hash_alg)); - hash->finish(digest.data()); - - return digest; + /* SHA3-256(X || eccCipherText) or SHA3-256(X || eccCipherText) depending on algorithm */ + + std::vector digest; + pgp_hash_alg_t hash_alg; + + switch (alg_id) { + case PGP_PKA_KYBER768_X25519: + case PGP_PKA_KYBER768_BP256: + case PGP_PKA_KYBER768_P256: + hash_alg = PGP_HASH_SHA3_256; + break; + // case PGP_PKA_KYBER1024_X448: + case PGP_PKA_KYBER1024_P384: + case PGP_PKA_KYBER1024_BP384: + hash_alg = PGP_HASH_SHA3_512; + break; + default: + RNP_LOG("key combiner does not support this algorithm"); + throw rnp::rnp_exception(RNP_ERROR_BAD_STATE); } + + auto hash = rnp::Hash::create(hash_alg); + hash->add(key_share); + hash->add(ciphertext); + + digest.resize(rnp::Hash::size(hash_alg)); + hash->finish(digest.data()); + + return digest; } +} // namespace rnp_result_t -pgp_kyber_ecdh_composite_private_key_t::decrypt(rnp::RNG *rng, uint8_t *out, size_t *out_len, const pgp_kyber_ecdh_encrypted_t *enc, const std::vector &subkey_pkt_hash) +pgp_kyber_ecdh_composite_private_key_t::decrypt(rnp::RNG *rng, + uint8_t *out, + size_t *out_len, + const pgp_kyber_ecdh_encrypted_t *enc, + const std::vector &subkey_pkt_hash) { initialized_or_throw(); assert(subkey_pkt_hash.size() == rnp::Hash::size(PGP_HASH_SHA3_256)); - rnp_result_t res; + rnp_result_t res; std::vector ecdh_keyshare; std::vector hashed_ecdh_keyshare; std::vector kyber_keyshare; - if( ((enc->wrapped_sesskey.size() % 8) != 0) || (enc->wrapped_sesskey.size() < 16)) { - RNP_LOG("invalid wrapped AES key length (size is a multiple of 8 octets with 8 octets integrity check)"); + if (((enc->wrapped_sesskey.size() % 8) != 0) || (enc->wrapped_sesskey.size() < 16)) { + RNP_LOG("invalid wrapped AES key length (size is a multiple of 8 octets with 8 octets " + "integrity check)"); return RNP_ERROR_BAD_PARAMETERS; } // Compute (eccKeyShare) := eccKem.decap(eccCipherText, eccPrivateKey) - pgp_curve_t curve = pk_alg_to_curve_id(pk_alg_); - std::vector ecdh_encapsulated_keyshare = std::vector(enc->composite_ciphertext.data(), enc->composite_ciphertext.data() + ecdh_curve_ephemeral_size(curve)); + pgp_curve_t curve = pk_alg_to_curve_id(pk_alg_); + std::vector ecdh_encapsulated_keyshare = std::vector( + enc->composite_ciphertext.data(), + enc->composite_ciphertext.data() + ecdh_curve_ephemeral_size(curve)); res = ecdh_key_->decapsulate(rng, ecdh_encapsulated_keyshare, ecdh_keyshare); - if(res) { + if (res) { RNP_LOG("error when decrypting kyber-ecdh encrypted session key"); return res; } - hashed_ecdh_keyshare = hashed_ecc_keyshare(ecdh_keyshare, ecdh_encapsulated_keyshare, pk_alg_); - + hashed_ecdh_keyshare = + hashed_ecc_keyshare(ecdh_keyshare, ecdh_encapsulated_keyshare, pk_alg_); + // Compute (kyberKeyShare) := kyberKem.decap(kyberCipherText, kyberPrivateKey) - std::vector kyber_encapsulated_keyshare = std::vector(enc->composite_ciphertext.begin() + ecdh_curve_ephemeral_size(curve), enc->composite_ciphertext.end()); - kyber_keyshare = kyber_key_->decapsulate(rng, kyber_encapsulated_keyshare.data(), kyber_encapsulated_keyshare.size()); - if(res) { + std::vector kyber_encapsulated_keyshare = std::vector( + enc->composite_ciphertext.begin() + ecdh_curve_ephemeral_size(curve), + enc->composite_ciphertext.end()); + kyber_keyshare = kyber_key_->decapsulate( + rng, kyber_encapsulated_keyshare.data(), kyber_encapsulated_keyshare.size()); + if (res) { RNP_LOG("error when decrypting kyber-ecdh encrypted session key"); return res; } - // Compute KEK := multiKeyCombine(eccKeyShare, kyberKeyShare, fixedInfo) as defined in Section 4.2.2 + // Compute KEK := multiKeyCombine(eccKeyShare, kyberKeyShare, fixedInfo) as defined in + // Section 4.2.2 std::vector kek_vec; - auto kmac = rnp::KMAC256::create(); - kmac->compute(hashed_ecdh_keyshare, ecdh_encapsulated_keyshare, kyber_keyshare, kyber_encapsulated_keyshare, pk_alg(), subkey_pkt_hash, kek_vec); + auto kmac = rnp::KMAC256::create(); + kmac->compute(hashed_ecdh_keyshare, + ecdh_encapsulated_keyshare, + kyber_keyshare, + kyber_encapsulated_keyshare, + pk_alg(), + subkey_pkt_hash, + kek_vec); Botan::SymmetricKey kek(kek_vec); - // Compute sessionKey := AESKeyUnwrap(KEK, C) with AES-256 as per [RFC3394], aborting if the 64 bit integrity check fails + // Compute sessionKey := AESKeyUnwrap(KEK, C) with AES-256 as per [RFC3394], aborting if + // the 64 bit integrity check fails Botan::secure_vector tmp_out; try { - tmp_out = Botan::rfc3394_keyunwrap(Botan::secure_vector(enc->wrapped_sesskey.begin(), enc->wrapped_sesskey.end()), kek); + tmp_out = + Botan::rfc3394_keyunwrap(Botan::secure_vector(enc->wrapped_sesskey.begin(), + enc->wrapped_sesskey.end()), + kek); } catch (const std::exception &e) { RNP_LOG("Keyunwrap failed: %s", e.what()); return RNP_ERROR_DECRYPT_FAILED; } - if(*out_len < tmp_out.size()) { + if (*out_len < tmp_out.size()) { RNP_LOG("buffer for decryption result too small"); return RNP_ERROR_DECRYPT_FAILED; } @@ -370,15 +414,18 @@ pgp_kyber_ecdh_composite_private_key_t::decrypt(rnp::RNG *rng, uint8_t *out, siz } void -pgp_kyber_ecdh_composite_private_key_t::secure_clear() { - // private key buffer is stored in a secure_vector and will be securely erased by the destructor. +pgp_kyber_ecdh_composite_private_key_t::secure_clear() +{ + // private key buffer is stored in a secure_vector and will be securely erased by the + // destructor. kyber_key_.reset(); ecdh_key_.reset(); is_initialized_ = false; } std::vector -pgp_kyber_ecdh_composite_private_key_t::get_encoded() const { +pgp_kyber_ecdh_composite_private_key_t::get_encoded() const +{ initialized_or_throw(); std::vector result; std::vector ecdh_key_encoded = ecdh_key_->get_encoded(); @@ -389,29 +436,31 @@ pgp_kyber_ecdh_composite_private_key_t::get_encoded() const { return result; }; - -pgp_kyber_ecdh_composite_public_key_t::pgp_kyber_ecdh_composite_public_key_t(const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg): - pk_alg_(pk_alg) +pgp_kyber_ecdh_composite_public_key_t::pgp_kyber_ecdh_composite_public_key_t( + const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg) { parse_component_keys(std::vector(key_encoded, key_encoded + key_encoded_len)); } -pgp_kyber_ecdh_composite_public_key_t::pgp_kyber_ecdh_composite_public_key_t(std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg): - pk_alg_(pk_alg) +pgp_kyber_ecdh_composite_public_key_t::pgp_kyber_ecdh_composite_public_key_t( + std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg) { parse_component_keys(key_encoded); } -pgp_kyber_ecdh_composite_public_key_t::pgp_kyber_ecdh_composite_public_key_t(std::vector const &ecdh_key_encoded, std::vector const &kyber_key_encoded, pgp_pubkey_alg_t pk_alg) - : pk_alg_(pk_alg), - kyber_key_(kyber_key_encoded, pk_alg_to_kyber_id(pk_alg)), +pgp_kyber_ecdh_composite_public_key_t::pgp_kyber_ecdh_composite_public_key_t( + std::vector const &ecdh_key_encoded, + std::vector const &kyber_key_encoded, + pgp_pubkey_alg_t pk_alg) + : pk_alg_(pk_alg), kyber_key_(kyber_key_encoded, pk_alg_to_kyber_id(pk_alg)), ecdh_key_(ecdh_key_encoded, pk_alg_to_curve_id(pk_alg)) { - if(ecdh_curve_pubkey_size(pk_alg_to_curve_id(pk_alg)) != ecdh_key_encoded.size() - || kyber_pubkey_size(pk_alg_to_kyber_id(pk_alg)) != kyber_key_encoded.size()) - { + if (ecdh_curve_pubkey_size(pk_alg_to_curve_id(pk_alg)) != ecdh_key_encoded.size() || + kyber_pubkey_size(pk_alg_to_kyber_id(pk_alg)) != kyber_key_encoded.size()) { RNP_LOG("ecdh or kyber key length mismatch"); - throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); + throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } is_initialized_ = true; } @@ -419,76 +468,95 @@ pgp_kyber_ecdh_composite_public_key_t::pgp_kyber_ecdh_composite_public_key_t(std size_t pgp_kyber_ecdh_composite_public_key_t::encoded_size(pgp_pubkey_alg_t pk_alg) { - kyber_parameter_e kyber_param = pk_alg_to_kyber_id(pk_alg); - pgp_curve_t curve = pk_alg_to_curve_id(pk_alg); - return ecdh_curve_pubkey_size(curve) + kyber_pubkey_size(kyber_param); + kyber_parameter_e kyber_param = pk_alg_to_kyber_id(pk_alg); + pgp_curve_t curve = pk_alg_to_curve_id(pk_alg); + return ecdh_curve_pubkey_size(curve) + kyber_pubkey_size(kyber_param); } void -pgp_kyber_ecdh_composite_public_key_t::parse_component_keys(std::vector key_encoded) { +pgp_kyber_ecdh_composite_public_key_t::parse_component_keys(std::vector key_encoded) +{ if (key_encoded.size() != encoded_size(pk_alg_)) { RNP_LOG("Kyber composite key format invalid: length mismatch"); throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } kyber_parameter_e kyber_param = pk_alg_to_kyber_id(pk_alg_); - pgp_curve_t ecdh_curve = pk_alg_to_curve_id(pk_alg_); - size_t split_at = ecdh_curve_pubkey_size(pk_alg_to_curve_id(pk_alg_)); - - kyber_key_ = pgp_kyber_public_key_t(key_encoded.data() + split_at, key_encoded.size() - split_at, kyber_param); + pgp_curve_t ecdh_curve = pk_alg_to_curve_id(pk_alg_); + size_t split_at = ecdh_curve_pubkey_size(pk_alg_to_curve_id(pk_alg_)); + + kyber_key_ = pgp_kyber_public_key_t( + key_encoded.data() + split_at, key_encoded.size() - split_at, kyber_param); ecdh_key_ = ecdh_kem_public_key_t(key_encoded.data(), split_at, ecdh_curve); is_initialized_ = true; } rnp_result_t -pgp_kyber_ecdh_composite_public_key_t::encrypt(rnp::RNG *rng, pgp_kyber_ecdh_encrypted_t *out, const uint8_t *session_key, size_t session_key_len, const std::vector &subkey_pkt_hash) +pgp_kyber_ecdh_composite_public_key_t::encrypt(rnp::RNG *rng, + pgp_kyber_ecdh_encrypted_t *out, + const uint8_t *session_key, + size_t session_key_len, + const std::vector &subkey_pkt_hash) { initialized_or_throw(); assert(subkey_pkt_hash.size() == rnp::Hash::size(PGP_HASH_SHA3_256)); - rnp_result_t res; + rnp_result_t res; std::vector ecdh_ciphertext; std::vector ecdh_symmetric_key; std::vector ecdh_hashed_symmetric_key; - if((session_key_len % 8) != 0) { + if ((session_key_len % 8) != 0) { RNP_LOG("AES key wrap requires a multiple of 8 octets as input key"); return RNP_ERROR_BAD_PARAMETERS; } - + // Compute (eccCipherText, eccKeyShare) := eccKem.encap(eccPublicKey) res = ecdh_key_.encapsulate(rng, ecdh_ciphertext, ecdh_symmetric_key); - if(res) { + if (res) { RNP_LOG("error when encapsulating with ECDH"); return res; } - ecdh_hashed_symmetric_key = hashed_ecc_keyshare(ecdh_symmetric_key, ecdh_ciphertext, pk_alg_); + ecdh_hashed_symmetric_key = + hashed_ecc_keyshare(ecdh_symmetric_key, ecdh_ciphertext, pk_alg_); // Compute (kyberCipherText, kyberKeyShare) := kyberKem.encap(kyberPublicKey) kyber_encap_result_t kyber_encap = kyber_key_.encapsulate(rng); - // Compute KEK := multiKeyCombine(eccKeyShare, kyberKeyShare, fixedInfo) as defined in Section 4.2.2 + // Compute KEK := multiKeyCombine(eccKeyShare, kyberKeyShare, fixedInfo) as defined in + // Section 4.2.2 std::vector kek_vec; - auto kmac = rnp::KMAC256::create(); - kmac->compute(ecdh_hashed_symmetric_key, ecdh_ciphertext, kyber_encap.symmetric_key, kyber_encap.ciphertext, pk_alg(), subkey_pkt_hash, kek_vec); + auto kmac = rnp::KMAC256::create(); + kmac->compute(ecdh_hashed_symmetric_key, + ecdh_ciphertext, + kyber_encap.symmetric_key, + kyber_encap.ciphertext, + pk_alg(), + subkey_pkt_hash, + kek_vec); Botan::SymmetricKey kek(kek_vec); - // Compute C := AESKeyWrap(KEK, sessionKey) with AES-256 as per [RFC3394] that includes a 64 bit integrity check + // Compute C := AESKeyWrap(KEK, sessionKey) with AES-256 as per [RFC3394] that includes a + // 64 bit integrity check try { - out->wrapped_sesskey = Botan::unlock(Botan::rfc3394_keywrap(Botan::secure_vector(session_key, session_key+session_key_len), kek)); + out->wrapped_sesskey = Botan::unlock(Botan::rfc3394_keywrap( + Botan::secure_vector(session_key, session_key + session_key_len), kek)); } catch (const std::exception &e) { RNP_LOG("Keywrap failed: %s", e.what()); return RNP_ERROR_ENCRYPT_FAILED; } - + out->composite_ciphertext.assign(ecdh_ciphertext.begin(), ecdh_ciphertext.end()); - out->composite_ciphertext.insert(out->composite_ciphertext.end(), kyber_encap.ciphertext.begin(), kyber_encap.ciphertext.end()); + out->composite_ciphertext.insert(out->composite_ciphertext.end(), + kyber_encap.ciphertext.begin(), + kyber_encap.ciphertext.end()); return RNP_SUCCESS; } std::vector -pgp_kyber_ecdh_composite_public_key_t::get_encoded() const { +pgp_kyber_ecdh_composite_public_key_t::get_encoded() const +{ initialized_or_throw(); std::vector result; std::vector ecdh_key_encoded = ecdh_key_.get_encoded(); @@ -500,30 +568,33 @@ pgp_kyber_ecdh_composite_public_key_t::get_encoded() const { }; bool -pgp_kyber_ecdh_composite_public_key_t::is_valid(rnp::RNG *rng) const { - if(!is_initialized()) { +pgp_kyber_ecdh_composite_public_key_t::is_valid(rnp::RNG *rng) const +{ + if (!is_initialized()) { return false; } - return(ecdh_key_.is_valid(rng) && kyber_key_.is_valid(rng)); + return (ecdh_key_.is_valid(rng) && kyber_key_.is_valid(rng)); } bool -pgp_kyber_ecdh_composite_private_key_t::is_valid(rnp::RNG *rng) const { - if(!is_initialized()) { +pgp_kyber_ecdh_composite_private_key_t::is_valid(rnp::RNG *rng) const +{ + if (!is_initialized()) { return false; } - return(ecdh_key_->is_valid(rng) && kyber_key_->is_valid(rng)); + return (ecdh_key_->is_valid(rng) && kyber_key_->is_valid(rng)); } - -rnp_result_t kyber_ecdh_validate_key(rnp::RNG *rng, const pgp_kyber_ecdh_key_t *key, bool secret) { +rnp_result_t +kyber_ecdh_validate_key(rnp::RNG *rng, const pgp_kyber_ecdh_key_t *key, bool secret) +{ bool valid; valid = key->pub.is_valid(rng); - if(secret) { + if (secret) { valid = valid && key->priv.is_valid(rng); } - if(!valid) { + if (!valid) { return RNP_ERROR_GENERIC; } return RNP_SUCCESS; diff --git a/src/lib/crypto/kyber_ecdh_composite.h b/src/lib/crypto/kyber_ecdh_composite.h index 9fe31b91a..206c866ff 100644 --- a/src/lib/crypto/kyber_ecdh_composite.h +++ b/src/lib/crypto/kyber_ecdh_composite.h @@ -45,55 +45,72 @@ struct pgp_kyber_ecdh_key_t; /* forward declaration */ class pgp_kyber_ecdh_composite_key_t { + public: + virtual ~pgp_kyber_ecdh_composite_key_t() = 0; + + static rnp_result_t gen_keypair(rnp::RNG *rng, + pgp_kyber_ecdh_key_t *key, + pgp_pubkey_alg_t alg); + + static size_t ecdh_curve_privkey_size(pgp_curve_t curve); + static size_t ecdh_curve_pubkey_size(pgp_curve_t curve); + static size_t ecdh_curve_ephemeral_size(pgp_curve_t curve); + static size_t ecdh_curve_keyshare_size(pgp_curve_t curve); + static pgp_curve_t pk_alg_to_curve_id(pgp_pubkey_alg_t pk_alg); + static kyber_parameter_e pk_alg_to_kyber_id(pgp_pubkey_alg_t pk_alg); + + bool + is_initialized() const + { + return is_initialized_; + } -public: - virtual ~pgp_kyber_ecdh_composite_key_t() = 0; - - static rnp_result_t gen_keypair(rnp::RNG *rng, pgp_kyber_ecdh_key_t *key, pgp_pubkey_alg_t alg); - - static size_t ecdh_curve_privkey_size(pgp_curve_t curve); - static size_t ecdh_curve_pubkey_size(pgp_curve_t curve); - static size_t ecdh_curve_ephemeral_size(pgp_curve_t curve); - static size_t ecdh_curve_keyshare_size(pgp_curve_t curve); - static pgp_curve_t pk_alg_to_curve_id(pgp_pubkey_alg_t pk_alg); - static kyber_parameter_e pk_alg_to_kyber_id(pgp_pubkey_alg_t pk_alg); - - bool is_initialized() const { - return is_initialized_; - } - -protected: - bool is_initialized_ = false; - void initialized_or_throw() const; + protected: + bool is_initialized_ = false; + void initialized_or_throw() const; }; typedef struct pgp_kyber_ecdh_encrypted_t { std::vector composite_ciphertext; std::vector wrapped_sesskey; - static size_t composite_ciphertext_size(pgp_pubkey_alg_t pk_alg) { - return kyber_ciphertext_size(pgp_kyber_ecdh_composite_key_t::pk_alg_to_kyber_id(pk_alg)) - + pgp_kyber_ecdh_composite_key_t::ecdh_curve_ephemeral_size(pgp_kyber_ecdh_composite_key_t::pk_alg_to_curve_id(pk_alg)); + static size_t + composite_ciphertext_size(pgp_pubkey_alg_t pk_alg) + { + return kyber_ciphertext_size( + pgp_kyber_ecdh_composite_key_t::pk_alg_to_kyber_id(pk_alg)) + + pgp_kyber_ecdh_composite_key_t::ecdh_curve_ephemeral_size( + pgp_kyber_ecdh_composite_key_t::pk_alg_to_curve_id(pk_alg)); } } pgp_kyber_ecdh_encrypted_t; class pgp_kyber_ecdh_composite_private_key_t : public pgp_kyber_ecdh_composite_key_t { public: - pgp_kyber_ecdh_composite_private_key_t(const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg); - pgp_kyber_ecdh_composite_private_key_t(std::vector const &ecdh_key_encoded, std::vector const &kyber_key_encoded, pgp_pubkey_alg_t pk_alg); - pgp_kyber_ecdh_composite_private_key_t(std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg); - pgp_kyber_ecdh_composite_private_key_t& operator=(const pgp_kyber_ecdh_composite_private_key_t& other); + pgp_kyber_ecdh_composite_private_key_t(const uint8_t *key_encoded, + size_t key_encoded_len, + pgp_pubkey_alg_t pk_alg); + pgp_kyber_ecdh_composite_private_key_t(std::vector const &ecdh_key_encoded, + std::vector const &kyber_key_encoded, + pgp_pubkey_alg_t pk_alg); + pgp_kyber_ecdh_composite_private_key_t(std::vector const &key_encoded, + pgp_pubkey_alg_t pk_alg); + pgp_kyber_ecdh_composite_private_key_t &operator=( + const pgp_kyber_ecdh_composite_private_key_t &other); pgp_kyber_ecdh_composite_private_key_t() = default; + rnp_result_t decrypt(rnp::RNG *rng, + uint8_t *out, + size_t *out_len, + const pgp_kyber_ecdh_encrypted_t *enc, + const std::vector &subkey_pkt_hash); - rnp_result_t decrypt(rnp::RNG *rng, uint8_t *out, size_t *out_len, const pgp_kyber_ecdh_encrypted_t *enc, const std::vector &subkey_pkt_hash); - - bool is_valid(rnp::RNG *rng) const; + bool is_valid(rnp::RNG *rng) const; std::vector get_encoded() const; - pgp_pubkey_alg_t pk_alg() const + pgp_pubkey_alg_t + pk_alg() const { - return pk_alg_; + return pk_alg_; } void secure_clear(); @@ -112,27 +129,38 @@ class pgp_kyber_ecdh_composite_private_key_t : public pgp_kyber_ecdh_composite_k std::unique_ptr ecdh_key_; }; - class pgp_kyber_ecdh_composite_public_key_t : public pgp_kyber_ecdh_composite_key_t { public: - pgp_kyber_ecdh_composite_public_key_t(const uint8_t *key_encoded, size_t key_encoded_len, pgp_pubkey_alg_t pk_alg); - pgp_kyber_ecdh_composite_public_key_t(std::vector const &ecdh_key_encoded, std::vector const &kyber_key_encoded, pgp_pubkey_alg_t pk_alg); - pgp_kyber_ecdh_composite_public_key_t(std::vector const &key_encoded, pgp_pubkey_alg_t pk_alg); + pgp_kyber_ecdh_composite_public_key_t(const uint8_t *key_encoded, + size_t key_encoded_len, + pgp_pubkey_alg_t pk_alg); + pgp_kyber_ecdh_composite_public_key_t(std::vector const &ecdh_key_encoded, + std::vector const &kyber_key_encoded, + pgp_pubkey_alg_t pk_alg); + pgp_kyber_ecdh_composite_public_key_t(std::vector const &key_encoded, + pgp_pubkey_alg_t pk_alg); pgp_kyber_ecdh_composite_public_key_t() = default; - - bool operator==(const pgp_kyber_ecdh_composite_public_key_t &rhs) const + + bool + operator==(const pgp_kyber_ecdh_composite_public_key_t &rhs) const { - return (pk_alg_ == rhs.pk_alg_) && (kyber_key_ == rhs.kyber_key_) && (ecdh_key_ == rhs.ecdh_key_); + return (pk_alg_ == rhs.pk_alg_) && (kyber_key_ == rhs.kyber_key_) && + (ecdh_key_ == rhs.ecdh_key_); } - rnp_result_t encrypt(rnp::RNG *rng, pgp_kyber_ecdh_encrypted_t *out, const uint8_t *in, size_t in_len, const std::vector &subkey_pkt_hash); + rnp_result_t encrypt(rnp::RNG *rng, + pgp_kyber_ecdh_encrypted_t *out, + const uint8_t *in, + size_t in_len, + const std::vector &subkey_pkt_hash); - bool is_valid(rnp::RNG *rng) const; + bool is_valid(rnp::RNG *rng) const; std::vector get_encoded() const; - pgp_pubkey_alg_t pk_alg() const + pgp_pubkey_alg_t + pk_alg() const { - return pk_alg_; + return pk_alg_; } static size_t encoded_size(pgp_pubkey_alg_t pk_alg); @@ -151,9 +179,11 @@ class pgp_kyber_ecdh_composite_public_key_t : public pgp_kyber_ecdh_composite_ke typedef struct pgp_kyber_ecdh_key_t { pgp_kyber_ecdh_composite_private_key_t priv; - pgp_kyber_ecdh_composite_public_key_t pub; + pgp_kyber_ecdh_composite_public_key_t pub; } pgp_kyber_ecdh_key_t; -rnp_result_t kyber_ecdh_validate_key(rnp::RNG *rng, const pgp_kyber_ecdh_key_t *key, bool secret); +rnp_result_t kyber_ecdh_validate_key(rnp::RNG *rng, + const pgp_kyber_ecdh_key_t *key, + bool secret); #endif \ No newline at end of file diff --git a/src/lib/crypto/mem.h b/src/lib/crypto/mem.h index 13d976d60..6e236f71d 100644 --- a/src/lib/crypto/mem.h +++ b/src/lib/crypto/mem.h @@ -154,7 +154,7 @@ typedef enum { HEX_LOWERCASE, HEX_UPPERCASE } hex_format_t; bool hex_encode(const uint8_t *buf, size_t buf_len, - char * hex, + char *hex, size_t hex_len, hex_format_t format = HEX_UPPERCASE); size_t hex_decode(const char *hex, uint8_t *buf, size_t buf_len); diff --git a/src/lib/crypto/mem_ossl.cpp b/src/lib/crypto/mem_ossl.cpp index e9d6a9373..a7c88dbf6 100644 --- a/src/lib/crypto/mem_ossl.cpp +++ b/src/lib/crypto/mem_ossl.cpp @@ -46,7 +46,7 @@ hex_encode(const uint8_t *buf, size_t buf_len, char *hex, size_t hex_len, hex_fo } static const char *hex_low = "0123456789abcdef"; static const char *hex_up = "0123456789ABCDEF"; - const char * hex_ch = (format == HEX_LOWERCASE) ? hex_low : hex_up; + const char *hex_ch = (format == HEX_LOWERCASE) ? hex_low : hex_up; hex[buf_len * 2] = '\0'; for (size_t i = 0; i < buf_len; i++) { hex[i << 1] = hex_ch[buf[i] >> 4]; @@ -84,8 +84,8 @@ hex_decode(const char *hex, uint8_t *buf, size_t buf_len) hexlen -= 2; } const char *end = hex + hexlen; - uint8_t * buf_st = buf; - uint8_t * buf_en = buf + buf_len; + uint8_t *buf_st = buf; + uint8_t *buf_en = buf + buf_len; while (hex < end) { /* skip whitespaces */ if ((*hex < '0') && diff --git a/src/lib/crypto/mpi.cpp b/src/lib/crypto/mpi.cpp index 4df7eea52..ef1a4ccf0 100644 --- a/src/lib/crypto/mpi.cpp +++ b/src/lib/crypto/mpi.cpp @@ -76,7 +76,7 @@ char * mpi2hex(const pgp_mpi_t *val) { static const char *hexes = "0123456789abcdef"; - char * out; + char *out; size_t len; size_t idx = 0; diff --git a/src/lib/crypto/rng.cpp b/src/lib/crypto/rng.cpp index efb8bb02a..3c7625b70 100644 --- a/src/lib/crypto/rng.cpp +++ b/src/lib/crypto/rng.cpp @@ -36,10 +36,9 @@ RNG::RNG(Type type) throw rnp::rnp_exception(RNP_ERROR_RNG); } - if(type == Type::DRBG) { + if (type == Type::DRBG) { botan_rng_obj.reset(new Botan::AutoSeeded_RNG); - } - else { + } else { botan_rng_obj.reset(new Botan::System_RNG); } } diff --git a/src/lib/crypto/rng.h b/src/lib/crypto/rng.h index 94ff78bd7..e3aba2a2a 100644 --- a/src/lib/crypto/rng.h +++ b/src/lib/crypto/rng.h @@ -42,7 +42,7 @@ namespace rnp { class RNG { private: #ifdef CRYPTO_BACKEND_BOTAN - struct botan_rng_struct *botan_rng; + struct botan_rng_struct *botan_rng; std::unique_ptr botan_rng_obj; #endif public: @@ -80,7 +80,7 @@ class RNG { * Note: It is planned to move away from the FFI handle. * For the transition phase, both approaches are implemented. */ - Botan::RandomNumberGenerator* obj() const; + Botan::RandomNumberGenerator *obj() const; #endif }; } // namespace rnp diff --git a/src/lib/crypto/rsa.cpp b/src/lib/crypto/rsa.cpp index 83fa0445b..60a8d0636 100644 --- a/src/lib/crypto/rsa.cpp +++ b/src/lib/crypto/rsa.cpp @@ -87,10 +87,10 @@ rnp_result_t rsa_validate_key(rnp::RNG *rng, const pgp_rsa_key_t *key, bool secret) { - bignum_t * n = NULL; - bignum_t * e = NULL; - bignum_t * p = NULL; - bignum_t * q = NULL; + bignum_t *n = NULL; + bignum_t *e = NULL; + bignum_t *p = NULL; + bignum_t *q = NULL; botan_pubkey_t bpkey = NULL; botan_privkey_t bskey = NULL; rnp_result_t ret = RNP_ERROR_GENERIC; @@ -192,9 +192,9 @@ rsa_load_secret_key(botan_privkey_t *bkey, const pgp_rsa_key_t *key) } rnp_result_t -rsa_encrypt_pkcs1(rnp::RNG * rng, +rsa_encrypt_pkcs1(rnp::RNG *rng, pgp_rsa_encrypted_t *out, - const uint8_t * in, + const uint8_t *in, size_t in_len, const pgp_rsa_key_t *key) { @@ -226,9 +226,9 @@ rsa_encrypt_pkcs1(rnp::RNG * rng, rnp_result_t rsa_verify_pkcs1(const pgp_rsa_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_rsa_key_t * key) + const pgp_rsa_key_t *key) { char padding_name[64] = {0}; botan_pubkey_t rsa_key = NULL; @@ -265,10 +265,10 @@ rsa_verify_pkcs1(const pgp_rsa_signature_t *sig, } rnp_result_t -rsa_sign_pkcs1(rnp::RNG * rng, +rsa_sign_pkcs1(rnp::RNG *rng, pgp_rsa_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_rsa_key_t *key) { @@ -313,11 +313,11 @@ rsa_sign_pkcs1(rnp::RNG * rng, } rnp_result_t -rsa_decrypt_pkcs1(rnp::RNG * rng, - uint8_t * out, - size_t * out_len, +rsa_decrypt_pkcs1(rnp::RNG *rng, + uint8_t *out, + size_t *out_len, const pgp_rsa_encrypted_t *in, - const pgp_rsa_key_t * key) + const pgp_rsa_key_t *key) { botan_privkey_t rsa_key = NULL; botan_pk_op_decrypt_t decrypt_op = NULL; @@ -362,12 +362,12 @@ rsa_generate(rnp::RNG *rng, pgp_rsa_key_t *key, size_t numbits) botan_privkey_t rsa_key = NULL; rnp_result_t ret = RNP_ERROR_GENERIC; int cmp; - bignum_t * n = bn_new(); - bignum_t * e = bn_new(); - bignum_t * p = bn_new(); - bignum_t * q = bn_new(); - bignum_t * d = bn_new(); - bignum_t * u = bn_new(); + bignum_t *n = bn_new(); + bignum_t *e = bn_new(); + bignum_t *p = bn_new(); + bignum_t *q = bn_new(); + bignum_t *d = bn_new(); + bignum_t *u = bn_new(); if (!n || !e || !p || !q || !d || !u) { ret = RNP_ERROR_OUT_OF_MEMORY; diff --git a/src/lib/crypto/rsa.h b/src/lib/crypto/rsa.h index 6b1b61537..c7ccf098f 100644 --- a/src/lib/crypto/rsa.h +++ b/src/lib/crypto/rsa.h @@ -62,28 +62,28 @@ rnp_result_t rsa_validate_key(rnp::RNG *rng, const pgp_rsa_key_t *key, bool secr rnp_result_t rsa_generate(rnp::RNG *rng, pgp_rsa_key_t *key, size_t numbits); -rnp_result_t rsa_encrypt_pkcs1(rnp::RNG * rng, +rnp_result_t rsa_encrypt_pkcs1(rnp::RNG *rng, pgp_rsa_encrypted_t *out, - const uint8_t * in, + const uint8_t *in, size_t in_len, const pgp_rsa_key_t *key); -rnp_result_t rsa_decrypt_pkcs1(rnp::RNG * rng, - uint8_t * out, - size_t * out_len, +rnp_result_t rsa_decrypt_pkcs1(rnp::RNG *rng, + uint8_t *out, + size_t *out_len, const pgp_rsa_encrypted_t *in, - const pgp_rsa_key_t * key); + const pgp_rsa_key_t *key); rnp_result_t rsa_verify_pkcs1(const pgp_rsa_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_rsa_key_t * key); + const pgp_rsa_key_t *key); -rnp_result_t rsa_sign_pkcs1(rnp::RNG * rng, +rnp_result_t rsa_sign_pkcs1(rnp::RNG *rng, pgp_rsa_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_rsa_key_t *key); diff --git a/src/lib/crypto/rsa_ossl.cpp b/src/lib/crypto/rsa_ossl.cpp index 0c00c049d..c9053a51b 100644 --- a/src/lib/crypto/rsa_ossl.cpp +++ b/src/lib/crypto/rsa_ossl.cpp @@ -109,7 +109,7 @@ rsa_init_context(const pgp_rsa_key_t *key, bool secret) return NULL; } EVP_PKEY_CTX *ctx = NULL; - RSA * rsakey = secret ? rsa_load_secret_key(key) : rsa_load_public_key(key); + RSA *rsakey = secret ? rsa_load_secret_key(key) : rsa_load_public_key(key); if (!rsakey) { goto done; } @@ -130,7 +130,7 @@ rsa_init_context(const pgp_rsa_key_t *key, bool secret) static OSSL_PARAM * rsa_bld_params(const pgp_rsa_key_t *key, bool secret) { - OSSL_PARAM * params = NULL; + OSSL_PARAM *params = NULL; OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); rnp::bn n(key->n); rnp::bn e(key->e); @@ -138,7 +138,7 @@ rsa_bld_params(const pgp_rsa_key_t *key, bool secret) rnp::bn p; rnp::bn q; rnp::bn u; - BN_CTX * bnctx = NULL; + BN_CTX *bnctx = NULL; if (!n.get() || !e.get() || !bld) { RNP_LOG("Out of memory"); @@ -206,7 +206,7 @@ rsa_load_key(const pgp_rsa_key_t *key, bool secret) return NULL; } /* Create context for key creation */ - EVP_PKEY * res = NULL; + EVP_PKEY *res = NULL; EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (!ctx) { RNP_LOG("Context allocation failed: %s", ossl_latest_err()); @@ -302,10 +302,10 @@ static const uint8_t PKCS1_SHA1_ENCODING[15] = { 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14}; static bool -rsa_setup_signature_hash(EVP_PKEY_CTX * ctx, +rsa_setup_signature_hash(EVP_PKEY_CTX *ctx, pgp_hash_alg_t hash_alg, const uint8_t *&enc, - size_t & enc_size) + size_t &enc_size) { const char *hash_name = rnp::Hash_OpenSSL::name(hash_alg); if (!hash_name) { @@ -332,9 +332,9 @@ rsa_setup_signature_hash(EVP_PKEY_CTX * ctx, } rnp_result_t -rsa_encrypt_pkcs1(rnp::RNG * rng, +rsa_encrypt_pkcs1(rnp::RNG *rng, pgp_rsa_encrypted_t *out, - const uint8_t * in, + const uint8_t *in, size_t in_len, const pgp_rsa_key_t *key) { @@ -365,9 +365,9 @@ rsa_encrypt_pkcs1(rnp::RNG * rng, rnp_result_t rsa_verify_pkcs1(const pgp_rsa_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_rsa_key_t * key) + const pgp_rsa_key_t *key) { rnp_result_t ret = RNP_ERROR_SIGNATURE_INVALID; EVP_PKEY_CTX *ctx = rsa_init_context(key, false); @@ -418,10 +418,10 @@ rsa_verify_pkcs1(const pgp_rsa_signature_t *sig, } rnp_result_t -rsa_sign_pkcs1(rnp::RNG * rng, +rsa_sign_pkcs1(rnp::RNG *rng, pgp_rsa_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_rsa_key_t *key) { @@ -467,11 +467,11 @@ rsa_sign_pkcs1(rnp::RNG * rng, } rnp_result_t -rsa_decrypt_pkcs1(rnp::RNG * rng, - uint8_t * out, - size_t * out_len, +rsa_decrypt_pkcs1(rnp::RNG *rng, + uint8_t *out, + size_t *out_len, const pgp_rsa_encrypted_t *in, - const pgp_rsa_key_t * key) + const pgp_rsa_key_t *key) { rnp_result_t ret = RNP_ERROR_GENERIC; if (mpi_bytes(&key->q) == 0) { @@ -598,7 +598,7 @@ rsa_generate(rnp::RNG *rng, pgp_rsa_key_t *key, size_t numbits) } rnp_result_t ret = RNP_ERROR_GENERIC; - EVP_PKEY * pkey = NULL; + EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *ctx = NULL; ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); diff --git a/src/lib/crypto/s2k.cpp b/src/lib/crypto/s2k.cpp index ede7965dd..c811edfdb 100644 --- a/src/lib/crypto/s2k.cpp +++ b/src/lib/crypto/s2k.cpp @@ -81,9 +81,9 @@ pgp_s2k_derive_key(pgp_s2k_t *s2k, const char *password, uint8_t *key, int keysi #ifdef CRYPTO_BACKEND_BOTAN int pgp_s2k_iterated(pgp_hash_alg_t alg, - uint8_t * out, + uint8_t *out, size_t output_len, - const char * password, + const char *password, const uint8_t *salt, size_t iterations) { diff --git a/src/lib/crypto/s2k.h b/src/lib/crypto/s2k.h index c67a77321..d9ad7c5cb 100644 --- a/src/lib/crypto/s2k.h +++ b/src/lib/crypto/s2k.h @@ -37,9 +37,9 @@ typedef struct pgp_s2k_t pgp_s2k_t; int pgp_s2k_iterated(pgp_hash_alg_t alg, - uint8_t * out, + uint8_t *out, size_t output_len, - const char * password, + const char *password, const uint8_t *salt, size_t iterations); diff --git a/src/lib/crypto/s2k_ossl.cpp b/src/lib/crypto/s2k_ossl.cpp index acf1ca9d8..a27de6f04 100644 --- a/src/lib/crypto/s2k_ossl.cpp +++ b/src/lib/crypto/s2k_ossl.cpp @@ -35,9 +35,9 @@ int pgp_s2k_iterated(pgp_hash_alg_t alg, - uint8_t * out, + uint8_t *out, size_t output_len, - const char * password, + const char *password, const uint8_t *salt, size_t iterations) { diff --git a/src/lib/crypto/sha1cd/sha1.c b/src/lib/crypto/sha1cd/sha1.c index d90bc418f..078e9165d 100644 --- a/src/lib/crypto/sha1cd/sha1.c +++ b/src/lib/crypto/sha1cd/sha1.c @@ -109,8 +109,8 @@ * about below, we blacklist specific processors here. We could add * more, see e.g. https://wiki.debian.org/ArchitectureSpecificsMemo */ -#else /* Not under GCC-alike or glibc or *BSD or newlib or or or */ +#else /* Not under GCC-alike or glibc or *BSD or newlib or or or */ /* We do nothing more here for now */ /*#error "Uncomment this to see if you fall through all the detection"*/ @@ -1980,7 +1980,7 @@ sha1_process(SHA1_CTX *ctx, const uint32_t block[16]) if (ubc_dv_mask[0] != 0) { for (i = 0; sha1_dvs[i].dvType != 0; ++i) { - if (ubc_dv_mask[0] & ((uint32_t)(1) << sha1_dvs[i].maskb)) { + if (ubc_dv_mask[0] & ((uint32_t) (1) << sha1_dvs[i].maskb)) { for (j = 0; j < 80; ++j) ctx->m2[j] = ctx->m1[j] ^ sha1_dvs[i].dm[j]; diff --git a/src/lib/crypto/sha1cd/ubc_check.c b/src/lib/crypto/sha1cd/ubc_check.c index c44c53d9d..c352f4e61 100644 --- a/src/lib/crypto/sha1cd/ubc_check.c +++ b/src/lib/crypto/sha1cd/ubc_check.c @@ -36,38 +36,38 @@ the tools section #endif #include "ubc_check.h" -static const uint32_t DV_I_43_0_bit = (uint32_t)(1) << 0; -static const uint32_t DV_I_44_0_bit = (uint32_t)(1) << 1; -static const uint32_t DV_I_45_0_bit = (uint32_t)(1) << 2; -static const uint32_t DV_I_46_0_bit = (uint32_t)(1) << 3; -static const uint32_t DV_I_46_2_bit = (uint32_t)(1) << 4; -static const uint32_t DV_I_47_0_bit = (uint32_t)(1) << 5; -static const uint32_t DV_I_47_2_bit = (uint32_t)(1) << 6; -static const uint32_t DV_I_48_0_bit = (uint32_t)(1) << 7; -static const uint32_t DV_I_48_2_bit = (uint32_t)(1) << 8; -static const uint32_t DV_I_49_0_bit = (uint32_t)(1) << 9; -static const uint32_t DV_I_49_2_bit = (uint32_t)(1) << 10; -static const uint32_t DV_I_50_0_bit = (uint32_t)(1) << 11; -static const uint32_t DV_I_50_2_bit = (uint32_t)(1) << 12; -static const uint32_t DV_I_51_0_bit = (uint32_t)(1) << 13; -static const uint32_t DV_I_51_2_bit = (uint32_t)(1) << 14; -static const uint32_t DV_I_52_0_bit = (uint32_t)(1) << 15; -static const uint32_t DV_II_45_0_bit = (uint32_t)(1) << 16; -static const uint32_t DV_II_46_0_bit = (uint32_t)(1) << 17; -static const uint32_t DV_II_46_2_bit = (uint32_t)(1) << 18; -static const uint32_t DV_II_47_0_bit = (uint32_t)(1) << 19; -static const uint32_t DV_II_48_0_bit = (uint32_t)(1) << 20; -static const uint32_t DV_II_49_0_bit = (uint32_t)(1) << 21; -static const uint32_t DV_II_49_2_bit = (uint32_t)(1) << 22; -static const uint32_t DV_II_50_0_bit = (uint32_t)(1) << 23; -static const uint32_t DV_II_50_2_bit = (uint32_t)(1) << 24; -static const uint32_t DV_II_51_0_bit = (uint32_t)(1) << 25; -static const uint32_t DV_II_51_2_bit = (uint32_t)(1) << 26; -static const uint32_t DV_II_52_0_bit = (uint32_t)(1) << 27; -static const uint32_t DV_II_53_0_bit = (uint32_t)(1) << 28; -static const uint32_t DV_II_54_0_bit = (uint32_t)(1) << 29; -static const uint32_t DV_II_55_0_bit = (uint32_t)(1) << 30; -static const uint32_t DV_II_56_0_bit = (uint32_t)(1) << 31; +static const uint32_t DV_I_43_0_bit = (uint32_t) (1) << 0; +static const uint32_t DV_I_44_0_bit = (uint32_t) (1) << 1; +static const uint32_t DV_I_45_0_bit = (uint32_t) (1) << 2; +static const uint32_t DV_I_46_0_bit = (uint32_t) (1) << 3; +static const uint32_t DV_I_46_2_bit = (uint32_t) (1) << 4; +static const uint32_t DV_I_47_0_bit = (uint32_t) (1) << 5; +static const uint32_t DV_I_47_2_bit = (uint32_t) (1) << 6; +static const uint32_t DV_I_48_0_bit = (uint32_t) (1) << 7; +static const uint32_t DV_I_48_2_bit = (uint32_t) (1) << 8; +static const uint32_t DV_I_49_0_bit = (uint32_t) (1) << 9; +static const uint32_t DV_I_49_2_bit = (uint32_t) (1) << 10; +static const uint32_t DV_I_50_0_bit = (uint32_t) (1) << 11; +static const uint32_t DV_I_50_2_bit = (uint32_t) (1) << 12; +static const uint32_t DV_I_51_0_bit = (uint32_t) (1) << 13; +static const uint32_t DV_I_51_2_bit = (uint32_t) (1) << 14; +static const uint32_t DV_I_52_0_bit = (uint32_t) (1) << 15; +static const uint32_t DV_II_45_0_bit = (uint32_t) (1) << 16; +static const uint32_t DV_II_46_0_bit = (uint32_t) (1) << 17; +static const uint32_t DV_II_46_2_bit = (uint32_t) (1) << 18; +static const uint32_t DV_II_47_0_bit = (uint32_t) (1) << 19; +static const uint32_t DV_II_48_0_bit = (uint32_t) (1) << 20; +static const uint32_t DV_II_49_0_bit = (uint32_t) (1) << 21; +static const uint32_t DV_II_49_2_bit = (uint32_t) (1) << 22; +static const uint32_t DV_II_50_0_bit = (uint32_t) (1) << 23; +static const uint32_t DV_II_50_2_bit = (uint32_t) (1) << 24; +static const uint32_t DV_II_51_0_bit = (uint32_t) (1) << 25; +static const uint32_t DV_II_51_2_bit = (uint32_t) (1) << 26; +static const uint32_t DV_II_52_0_bit = (uint32_t) (1) << 27; +static const uint32_t DV_II_53_0_bit = (uint32_t) (1) << 28; +static const uint32_t DV_II_54_0_bit = (uint32_t) (1) << 29; +static const uint32_t DV_II_55_0_bit = (uint32_t) (1) << 30; +static const uint32_t DV_II_56_0_bit = (uint32_t) (1) << 31; dv_info_t sha1_dvs[] = { {1, 43, 0, 58, 0, 0, {0x08000000, 0x9800000c, 0xd8000010, 0x08000010, 0xb8000010, 0x98000000, @@ -569,7 +569,7 @@ dv_info_t sha1_dvs[] = { void ubc_check(const uint32_t W[80], uint32_t dvmask[1]) { - uint32_t mask = ~((uint32_t)(0)); + uint32_t mask = ~((uint32_t) (0)); mask &= (((((W[44] ^ W[45]) >> 29) & 1) - 1) | ~(DV_I_48_0_bit | DV_I_51_0_bit | DV_I_52_0_bit | DV_II_45_0_bit | DV_II_46_0_bit | DV_II_50_0_bit | DV_II_51_0_bit)); diff --git a/src/lib/crypto/signatures.cpp b/src/lib/crypto/signatures.cpp index c4f227d4b..d3e890b14 100644 --- a/src/lib/crypto/signatures.cpp +++ b/src/lib/crypto/signatures.cpp @@ -45,8 +45,7 @@ static void signature_hash_finish(const pgp_signature_t &sig, rnp::Hash &hash, uint8_t *hbuf, size_t &hlen) { hash.add(sig.hashed_data, sig.hashed_len); - if(sig.version >= PGP_V4) - { + if (sig.version >= PGP_V4) { uint8_t trailer[6] = {0x00, 0xff, 0x00, 0x00, 0x00, 0x00}; trailer[0] = sig.version; STORE32BE(&trailer[2], sig.hashed_len); @@ -61,8 +60,7 @@ signature_init(const pgp_key_pkt_t &key, const pgp_signature_t &sig) auto hash = rnp::Hash::create(sig.halg); #if defined(ENABLE_CRYPTO_REFRESH) - if (key.version == PGP_V6) - { + if (key.version == PGP_V6) { hash->add(sig.salt, sig.salt_size); } #endif @@ -83,9 +81,9 @@ signature_init(const pgp_key_pkt_t &key, const pgp_signature_t &sig) } void -signature_calculate(pgp_signature_t & sig, - pgp_key_material_t & seckey, - rnp::Hash & hash, +signature_calculate(pgp_signature_t &sig, + pgp_key_material_t &seckey, + rnp::Hash &hash, rnp::SecurityContext &ctx) { uint8_t hval[PGP_MAX_HASH_SIZE]; @@ -138,8 +136,9 @@ signature_calculate(pgp_signature_t & sig, break; #if defined(ENABLE_CRYPTO_REFRESH) case PGP_PKA_ED25519: - ret = ed25519_sign_native(&ctx.rng, material.ed25519.sig, seckey.ed25519.priv, hval, hlen); - if(ret) { + ret = + ed25519_sign_native(&ctx.rng, material.ed25519.sig, seckey.ed25519.priv, hval, hlen); + if (ret) { RNP_LOG("ed25519 signing failed"); } break; @@ -195,13 +194,18 @@ signature_calculate(pgp_signature_t & sig, break; } #if defined(ENABLE_PQC) - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: - ret = seckey.dilithium_exdsa.priv.sign(&ctx.rng, &material.dilithium_exdsa, hash_alg, hval, hlen); + ret = seckey.dilithium_exdsa.priv.sign( + &ctx.rng, &material.dilithium_exdsa, hash_alg, hval, hlen); break; #endif default: @@ -220,9 +224,9 @@ signature_calculate(pgp_signature_t & sig, } rnp_result_t -signature_validate(const pgp_signature_t & sig, - const pgp_key_material_t & key, - rnp::Hash & hash, +signature_validate(const pgp_signature_t &sig, + const pgp_key_material_t &key, + rnp::Hash &hash, const rnp::SecurityContext &ctx) { if (sig.palg != key.alg) { @@ -308,13 +312,18 @@ signature_validate(const pgp_signature_t & sig, ret = RNP_ERROR_SIGNATURE_INVALID; break; #if defined(ENABLE_PQC) - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: - ret = key.dilithium_exdsa.pub.verify(&material.dilithium_exdsa, hash.alg(), hval, hlen); + ret = + key.dilithium_exdsa.pub.verify(&material.dilithium_exdsa, hash.alg(), hval, hlen); break; #endif default: diff --git a/src/lib/crypto/signatures.h b/src/lib/crypto/signatures.h index 8dfa2b270..cec232181 100644 --- a/src/lib/crypto/signatures.h +++ b/src/lib/crypto/signatures.h @@ -35,8 +35,8 @@ * @param hash_alg the digest algo to be used * @param hash digest object that will be initialized */ -std::unique_ptr signature_init(const pgp_key_pkt_t &key, - const pgp_signature_t &sig); +std::unique_ptr signature_init(const pgp_key_pkt_t &key, + const pgp_signature_t &sig); /** * @brief Calculate signature with pre-populated hash @@ -46,9 +46,9 @@ std::unique_ptr signature_init(const pgp_key_pkt_t &key, * during the execution. Signature fields and trailer are hashed in this function. * @param rng random number generator */ -void signature_calculate(pgp_signature_t & sig, - pgp_key_material_t & seckey, - rnp::Hash & hash, +void signature_calculate(pgp_signature_t &sig, + pgp_key_material_t &seckey, + rnp::Hash &hash, rnp::SecurityContext &ctx); /** @@ -61,9 +61,9 @@ void signature_calculate(pgp_signature_t & sig, * during the execution. Signature fields and trailer are hashed in this function. * @return RNP_SUCCESS if signature was successfully validated or error code otherwise. */ -rnp_result_t signature_validate(const pgp_signature_t & sig, - const pgp_key_material_t & key, - rnp::Hash & hash, +rnp_result_t signature_validate(const pgp_signature_t &sig, + const pgp_key_material_t &key, + rnp::Hash &hash, const rnp::SecurityContext &ctx); #endif diff --git a/src/lib/crypto/sm2.cpp b/src/lib/crypto/sm2.cpp index 2af537d5f..cdc0e869f 100644 --- a/src/lib/crypto/sm2.cpp +++ b/src/lib/crypto/sm2.cpp @@ -66,7 +66,7 @@ static bool sm2_load_secret_key(botan_privkey_t *seckey, const pgp_ec_key_t *keydata) { const ec_curve_desc_t *curve = NULL; - bignum_t * x = NULL; + bignum_t *x = NULL; bool res = false; if (!(curve = get_curve_desc(keydata->curve))) { @@ -152,10 +152,10 @@ sm2_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret) } rnp_result_t -sm2_sign(rnp::RNG * rng, +sm2_sign(rnp::RNG *rng, pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_ec_key_t *key) { @@ -216,9 +216,9 @@ sm2_sign(rnp::RNG * rng, rnp_result_t sm2_verify(const pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { const ec_curve_desc_t *curve = NULL; botan_pubkey_t pub = NULL; @@ -275,12 +275,12 @@ sm2_verify(const pgp_ec_signature_t *sig, } rnp_result_t -sm2_encrypt(rnp::RNG * rng, +sm2_encrypt(rnp::RNG *rng, pgp_sm2_encrypted_t *out, - const uint8_t * in, + const uint8_t *in, size_t in_len, pgp_hash_alg_t hash_algo, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { rnp_result_t ret = RNP_ERROR_GENERIC; const ec_curve_desc_t *curve = NULL; @@ -338,10 +338,10 @@ sm2_encrypt(rnp::RNG * rng, } rnp_result_t -sm2_decrypt(uint8_t * out, - size_t * out_len, +sm2_decrypt(uint8_t *out, + size_t *out_len, const pgp_sm2_encrypted_t *in, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { const ec_curve_desc_t *curve; botan_pk_op_decrypt_t decrypt_op = NULL; @@ -349,7 +349,7 @@ sm2_decrypt(uint8_t * out, size_t in_len; rnp_result_t ret = RNP_ERROR_GENERIC; uint8_t hash_id; - const char * hash_name = NULL; + const char *hash_name = NULL; curve = get_curve_desc(key->curve); in_len = mpi_bytes(&in->m); diff --git a/src/lib/crypto/sm2.h b/src/lib/crypto/sm2.h index a16f7fad8..f15a788de 100644 --- a/src/lib/crypto/sm2.h +++ b/src/lib/crypto/sm2.h @@ -47,33 +47,33 @@ rnp_result_t sm2_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secre * If ident_field is null, uses the default value */ rnp_result_t sm2_compute_za(const pgp_ec_key_t &key, - rnp::Hash & hash, - const char * ident_field = NULL); + rnp::Hash &hash, + const char *ident_field = NULL); -rnp_result_t sm2_sign(rnp::RNG * rng, +rnp_result_t sm2_sign(rnp::RNG *rng, pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_ec_key_t *key); rnp_result_t sm2_verify(const pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_ec_key_t * key); + const pgp_ec_key_t *key); -rnp_result_t sm2_encrypt(rnp::RNG * rng, +rnp_result_t sm2_encrypt(rnp::RNG *rng, pgp_sm2_encrypted_t *out, - const uint8_t * in, + const uint8_t *in, size_t in_len, pgp_hash_alg_t hash_algo, - const pgp_ec_key_t * key); + const pgp_ec_key_t *key); -rnp_result_t sm2_decrypt(uint8_t * out, - size_t * out_len, +rnp_result_t sm2_decrypt(uint8_t *out, + size_t *out_len, const pgp_sm2_encrypted_t *in, - const pgp_ec_key_t * key); + const pgp_ec_key_t *key); #endif // defined(ENABLE_SM2) #endif // SM2_H_ diff --git a/src/lib/crypto/sm2_ossl.cpp b/src/lib/crypto/sm2_ossl.cpp index 4c1eaf17a..cc7fa0001 100644 --- a/src/lib/crypto/sm2_ossl.cpp +++ b/src/lib/crypto/sm2_ossl.cpp @@ -35,10 +35,10 @@ sm2_validate_key(rnp::RNG *rng, const pgp_ec_key_t *key, bool secret) } rnp_result_t -sm2_sign(rnp::RNG * rng, +sm2_sign(rnp::RNG *rng, pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, const pgp_ec_key_t *key) { @@ -48,29 +48,29 @@ sm2_sign(rnp::RNG * rng, rnp_result_t sm2_verify(const pgp_ec_signature_t *sig, pgp_hash_alg_t hash_alg, - const uint8_t * hash, + const uint8_t *hash, size_t hash_len, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { return RNP_ERROR_NOT_IMPLEMENTED; } rnp_result_t -sm2_encrypt(rnp::RNG * rng, +sm2_encrypt(rnp::RNG *rng, pgp_sm2_encrypted_t *out, - const uint8_t * in, + const uint8_t *in, size_t in_len, pgp_hash_alg_t hash_algo, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { return RNP_ERROR_NOT_IMPLEMENTED; } rnp_result_t -sm2_decrypt(uint8_t * out, - size_t * out_len, +sm2_decrypt(uint8_t *out, + size_t *out_len, const pgp_sm2_encrypted_t *in, - const pgp_ec_key_t * key) + const pgp_ec_key_t *key) { return RNP_ERROR_NOT_IMPLEMENTED; } diff --git a/src/lib/crypto/symmetric.cpp b/src/lib/crypto/symmetric.cpp index aeed78432..1fd9f3b9a 100644 --- a/src/lib/crypto/symmetric.cpp +++ b/src/lib/crypto/symmetric.cpp @@ -156,7 +156,7 @@ pgp_aead_to_botan_string(pgp_symm_alg_t ealg, pgp_aead_alg_t aalg, char *buf, si #endif bool -pgp_cipher_cfb_start(pgp_crypt_t * crypt, +pgp_cipher_cfb_start(pgp_crypt_t *crypt, pgp_symm_alg_t alg, const uint8_t *key, const uint8_t *iv) @@ -451,7 +451,7 @@ pgp_is_sa_supported(int alg, bool silent) #if defined(ENABLE_AEAD) bool -pgp_cipher_aead_init(pgp_crypt_t * crypt, +pgp_cipher_aead_init(pgp_crypt_t *crypt, pgp_symm_alg_t ealg, pgp_aead_alg_t aalg, const uint8_t *key, diff --git a/src/lib/crypto/symmetric.h b/src/lib/crypto/symmetric.h index a50fe9a18..0a3288698 100644 --- a/src/lib/crypto/symmetric.h +++ b/src/lib/crypto/symmetric.h @@ -97,8 +97,8 @@ struct pgp_crypt_aead_param_t { struct botan_cipher_struct *obj; #endif #ifdef CRYPTO_BACKEND_OPENSSL - EVP_CIPHER_CTX * obj; - const EVP_CIPHER * cipher; + EVP_CIPHER_CTX *obj; + const EVP_CIPHER *cipher; rnp::secure_vector *key; uint8_t ad[PGP_AEAD_MAX_AD_LEN]; size_t ad_len; @@ -121,7 +121,7 @@ typedef struct pgp_crypt_t { pgp_symm_alg_t alg; size_t blocksize; - rnp::RNG * rng; + rnp::RNG *rng; } pgp_crypt_t; unsigned pgp_block_size(pgp_symm_alg_t); @@ -133,7 +133,7 @@ size_t pgp_cipher_block_size(pgp_crypt_t *crypt); * Initialize a cipher object. * @param iv if null an all-zero IV is assumed */ -bool pgp_cipher_cfb_start(pgp_crypt_t * crypt, +bool pgp_cipher_cfb_start(pgp_crypt_t *crypt, pgp_symm_alg_t alg, const uint8_t *key, const uint8_t *iv); @@ -155,7 +155,7 @@ void pgp_cipher_cfb_resync(pgp_crypt_t *crypt, const uint8_t *buf); * @param decrypt true for decryption, or false for encryption * @return true on success or false otherwise. */ -bool pgp_cipher_aead_init(pgp_crypt_t * crypt, +bool pgp_cipher_aead_init(pgp_crypt_t *crypt, pgp_symm_alg_t ealg, pgp_aead_alg_t aalg, const uint8_t *key, @@ -245,7 +245,7 @@ void pgp_cipher_aead_destroy(pgp_crypt_t *crypt); */ size_t pgp_cipher_aead_nonce(pgp_aead_alg_t aalg, const uint8_t *iv, - uint8_t * nonce, + uint8_t *nonce, size_t index); #endif // ENABLE_AEAD diff --git a/src/lib/crypto/symmetric_ossl.cpp b/src/lib/crypto/symmetric_ossl.cpp index 98e90eded..22d8d5811 100644 --- a/src/lib/crypto/symmetric_ossl.cpp +++ b/src/lib/crypto/symmetric_ossl.cpp @@ -79,7 +79,7 @@ pgp_sa_to_openssl_string(int alg, bool silent = false) } bool -pgp_cipher_cfb_start(pgp_crypt_t * crypt, +pgp_cipher_cfb_start(pgp_crypt_t *crypt, pgp_symm_alg_t alg, const uint8_t *key, const uint8_t *iv) @@ -421,7 +421,7 @@ openssl_aead_name(pgp_symm_alg_t ealg, pgp_aead_alg_t aalg) } bool -pgp_cipher_aead_init(pgp_crypt_t * crypt, +pgp_cipher_aead_init(pgp_crypt_t *crypt, pgp_symm_alg_t ealg, pgp_aead_alg_t aalg, const uint8_t *key, diff --git a/src/lib/crypto/x25519.cpp b/src/lib/crypto/x25519.cpp index ffa38308f..d1a651eaf 100644 --- a/src/lib/crypto/x25519.cpp +++ b/src/lib/crypto/x25519.cpp @@ -34,30 +34,42 @@ #include "utils.h" #include "botan/rfc3394.h" -static void x25519_hkdf(std::vector &derived_key, const std::vector &ephemeral_pubkey_material, const std::vector &recipient_pubkey_material, const std::vector &shared_key) +static void +x25519_hkdf(std::vector &derived_key, + const std::vector &ephemeral_pubkey_material, + const std::vector &recipient_pubkey_material, + const std::vector &shared_key) { - /* The shared secret is passed to HKDF (see {{RFC5869}}) using SHA256, and the UTF-8-encoded string "OpenPGP X25519" as the info parameter. */ - static const std::vector info = {'O', 'p', 'e', 'n', 'P', 'G', 'P', ' ', 'X', '2', '5', '5', '1', '9'}; + /* The shared secret is passed to HKDF (see {{RFC5869}}) using SHA256, and the + * UTF-8-encoded string "OpenPGP X25519" as the info parameter. */ + static const std::vector info = { + 'O', 'p', 'e', 'n', 'P', 'G', 'P', ' ', 'X', '2', '5', '5', '1', '9'}; auto kdf = rnp::Hkdf::create(PGP_HASH_SHA256); derived_key.resize(pgp_key_size(PGP_SA_AES_128)); // 128-bit AES key wrap std::vector kdf_input; - kdf_input.insert(kdf_input.end(), std::begin(ephemeral_pubkey_material), std::end(ephemeral_pubkey_material)); - kdf_input.insert(kdf_input.end(), std::begin(recipient_pubkey_material), std::end(recipient_pubkey_material)); + kdf_input.insert(kdf_input.end(), + std::begin(ephemeral_pubkey_material), + std::end(ephemeral_pubkey_material)); + kdf_input.insert(kdf_input.end(), + std::begin(recipient_pubkey_material), + std::end(recipient_pubkey_material)); kdf_input.insert(kdf_input.end(), std::begin(shared_key), std::end(shared_key)); - kdf->extract_expand(NULL, 0, // no salt - kdf_input.data(), - kdf_input.size(), - info.data(), - info.size(), - derived_key.data(), - derived_key.size()); + kdf->extract_expand(NULL, + 0, // no salt + kdf_input.data(), + kdf_input.size(), + info.data(), + info.size(), + derived_key.data(), + derived_key.size()); } -rnp_result_t generate_x25519_native(rnp::RNG * rng, - std::vector &privkey, - std::vector &pubkey) +rnp_result_t +generate_x25519_native(rnp::RNG *rng, + std::vector &privkey, + std::vector &pubkey) { Botan::Curve25519_PrivateKey priv_key(*(rng->obj())); pubkey = priv_key.public_value(); @@ -66,17 +78,18 @@ rnp_result_t generate_x25519_native(rnp::RNG * rng, return RNP_SUCCESS; } -rnp_result_t x25519_native_encrypt(rnp::RNG * rng, - const std::vector &pubkey, - const uint8_t * in, - size_t in_len, - pgp_x25519_encrypted_t *encrypted) +rnp_result_t +x25519_native_encrypt(rnp::RNG *rng, + const std::vector &pubkey, + const uint8_t *in, + size_t in_len, + pgp_x25519_encrypted_t *encrypted) { - rnp_result_t ret; + rnp_result_t ret; std::vector shared_key; std::vector derived_key; - if(!in_len || (in_len % 8) != 0) { + if (!in_len || (in_len % 8) != 0) { RNP_LOG("incorrect size of in, AES key wrap requires a multiple of 8 bytes"); return RNP_ERROR_BAD_FORMAT; } @@ -84,16 +97,17 @@ rnp_result_t x25519_native_encrypt(rnp::RNG * rng, /* encapsulation */ ecdh_kem_public_key_t ecdhkem_pubkey(pubkey, PGP_CURVE_25519); ret = ecdhkem_pubkey.encapsulate(rng, encrypted->eph_key, shared_key); - if(ret != RNP_SUCCESS) { + if (ret != RNP_SUCCESS) { RNP_LOG("encapsulation failed"); - return ret; + return ret; } x25519_hkdf(derived_key, encrypted->eph_key, pubkey, shared_key); Botan::SymmetricKey kek(derived_key); try { - encrypted->enc_sess_key = Botan::unlock(Botan::rfc3394_keywrap(Botan::secure_vector(in, in+in_len), kek)); + encrypted->enc_sess_key = Botan::unlock( + Botan::rfc3394_keywrap(Botan::secure_vector(in, in + in_len), kek)); } catch (const std::exception &e) { RNP_LOG("Keywrap failed: %s", e.what()); return RNP_ERROR_ENCRYPT_FAILED; @@ -102,22 +116,23 @@ rnp_result_t x25519_native_encrypt(rnp::RNG * rng, return RNP_SUCCESS; } -rnp_result_t x25519_native_decrypt(rnp::RNG * rng, - const pgp_x25519_key_t &keypair, - const pgp_x25519_encrypted_t *encrypted, - uint8_t *decbuf, - size_t *decbuf_len) +rnp_result_t +x25519_native_decrypt(rnp::RNG *rng, + const pgp_x25519_key_t &keypair, + const pgp_x25519_encrypted_t *encrypted, + uint8_t *decbuf, + size_t *decbuf_len) { - rnp_result_t ret; + rnp_result_t ret; std::vector shared_key; std::vector derived_key; static const size_t x25519_pubkey_size = 32; - if(encrypted->eph_key.size() != x25519_pubkey_size) { + if (encrypted->eph_key.size() != x25519_pubkey_size) { RNP_LOG("Wrong ephemeral public key size"); return RNP_ERROR_BAD_FORMAT; } - if(!encrypted->enc_sess_key.size()) { + if (!encrypted->enc_sess_key.size()) { // TODO: could do a check for possible sizes RNP_LOG("No encrypted session key provided"); return RNP_ERROR_BAD_FORMAT; @@ -126,16 +141,19 @@ rnp_result_t x25519_native_decrypt(rnp::RNG * rng, /* decapsulate */ ecdh_kem_private_key_t ecdhkem_privkey(keypair.priv, PGP_CURVE_25519); ret = ecdhkem_privkey.decapsulate(rng, encrypted->eph_key, shared_key); - if(ret != RNP_SUCCESS) { + if (ret != RNP_SUCCESS) { RNP_LOG("decapsulation failed"); - return ret; + return ret; } x25519_hkdf(derived_key, encrypted->eph_key, keypair.pub, shared_key); Botan::SymmetricKey kek(derived_key); - auto tmp_out = Botan::rfc3394_keyunwrap(Botan::secure_vector(encrypted->enc_sess_key.begin(), encrypted->enc_sess_key.end()), kek); - if(*decbuf_len < tmp_out.size()) { + auto tmp_out = + Botan::rfc3394_keyunwrap(Botan::secure_vector(encrypted->enc_sess_key.begin(), + encrypted->enc_sess_key.end()), + kek); + if (*decbuf_len < tmp_out.size()) { RNP_LOG("buffer for decryption result too small"); return RNP_ERROR_DECRYPT_FAILED; } @@ -154,8 +172,9 @@ x25519_validate_key_native(rnp::RNG *rng, const pgp_x25519_key_t *key, bool secr Botan::Curve25519_PublicKey pub_key(key->priv); valid_pub = pub_key.check_key(*(rng->obj()), false); - if(secret) { - Botan::Curve25519_PrivateKey priv_key(Botan::secure_vector(key->priv.begin(), key->priv.end())); + if (secret) { + Botan::Curve25519_PrivateKey priv_key( + Botan::secure_vector(key->priv.begin(), key->priv.end())); valid_priv = priv_key.check_key(*(rng->obj()), false); } else { valid_priv = true; diff --git a/src/lib/crypto/x25519.h b/src/lib/crypto/x25519.h index b0a22ba83..dd528dd16 100644 --- a/src/lib/crypto/x25519.h +++ b/src/lib/crypto/x25519.h @@ -38,23 +38,24 @@ #include "crypto/rng.h" #include "crypto/ec.h" -rnp_result_t generate_x25519_native(rnp::RNG * rng, - std::vector &privkey, +rnp_result_t generate_x25519_native(rnp::RNG *rng, + std::vector &privkey, std::vector &pubkey); -rnp_result_t x25519_native_encrypt(rnp::RNG * rng, - const std::vector &pubkey, - const uint8_t * in, - size_t in_len, +rnp_result_t x25519_native_encrypt(rnp::RNG *rng, + const std::vector &pubkey, + const uint8_t *in, + size_t in_len, pgp_x25519_encrypted_t *encrypted); -rnp_result_t x25519_native_decrypt(rnp::RNG * rng, +rnp_result_t x25519_native_decrypt(rnp::RNG *rng, const pgp_x25519_key_t &keypair, const pgp_x25519_encrypted_t *encrypted, uint8_t *decbuf, size_t *decbuf_len); - -rnp_result_t x25519_validate_key_native(rnp::RNG *rng, const pgp_x25519_key_t *key, bool secret); +rnp_result_t x25519_validate_key_native(rnp::RNG *rng, + const pgp_x25519_key_t *key, + bool secret); #endif \ No newline at end of file diff --git a/src/lib/ffi-priv-types.h b/src/lib/ffi-priv-types.h index 924343d74..9aff06984 100644 --- a/src/lib/ffi-priv-types.h +++ b/src/lib/ffi-priv-types.h @@ -35,8 +35,8 @@ struct rnp_key_handle_st { rnp_ffi_t ffi; pgp_key_search_t locator; - pgp_key_t * pub; - pgp_key_t * sec; + pgp_key_t *pub; + pgp_key_t *sec; }; struct rnp_uid_handle_st { @@ -48,7 +48,7 @@ struct rnp_uid_handle_st { struct rnp_signature_handle_st { rnp_ffi_t ffi; const pgp_key_t *key; - pgp_subsig_t * sig; + pgp_subsig_t *sig; bool own_sig; }; @@ -68,13 +68,13 @@ struct rnp_symenc_handle_st { }; struct rnp_ffi_st { - FILE * errs; - rnp_key_store_t * pubring; - rnp_key_store_t * secring; + FILE *errs; + rnp_key_store_t *pubring; + rnp_key_store_t *secring; rnp_get_key_cb getkeycb; - void * getkeycb_ctx; + void *getkeycb_ctx; rnp_password_cb getpasscb; - void * getpasscb_ctx; + void *getpasscb_ctx; pgp_key_provider_t key_provider; pgp_password_provider_t pass_provider; rnp::SecurityContext context; @@ -82,7 +82,7 @@ struct rnp_ffi_st { rnp_ffi_st(pgp_key_store_format_t pub_fmt, pgp_key_store_format_t sec_fmt); ~rnp_ffi_st(); - rnp::RNG & rng() noexcept; + rnp::RNG &rng() noexcept; rnp::SecurityProfile &profile() noexcept; }; @@ -92,7 +92,7 @@ struct rnp_input_st { std::string src_directory; rnp_input_reader_t *reader; rnp_input_closer_t *closer; - void * app_ctx; + void *app_ctx; rnp_input_st(); rnp_input_st(const rnp_input_st &) = delete; @@ -106,10 +106,10 @@ struct rnp_input_st { struct rnp_output_st { /* either dst or dst_directory are valid, not both */ pgp_dest_t dst; - char * dst_directory; + char *dst_directory; rnp_output_writer_t *writer; rnp_output_closer_t *closer; - void * app_ctx; + void *app_ctx; bool keep; }; @@ -165,7 +165,7 @@ struct rnp_op_verify_st { /* these fields are filled after operation execution */ rnp_op_verify_signature_t signatures{}; size_t signature_count{}; - char * filename{}; + char *filename{}; uint32_t file_mtime{}; /* encryption information */ bool encrypted{}; @@ -205,17 +205,17 @@ static_assert(RNP_LOCATOR_MAX_SIZE > MAX_ID_LENGTH, "Locator size mismatch."); struct rnp_identifier_iterator_st { rnp_ffi_t ffi; pgp_key_search_type_t type; - rnp_key_store_t * store; + rnp_key_store_t *store; std::list::iterator *keyp; unsigned uididx; - json_object * tbl; + json_object *tbl; char buf[RNP_LOCATOR_MAX_SIZE]; }; struct rnp_decryption_kp_param_t { rnp_op_verify_t op; bool has_hidden; /* key provider had hidden keyid request */ - pgp_key_t * last; /* last key, returned in hidden keyid request */ + pgp_key_t *last; /* last key, returned in hidden keyid request */ rnp_decryption_kp_param_t(rnp_op_verify_t opobj) : op(opobj), has_hidden(false), last(NULL){}; diff --git a/src/lib/fingerprint.cpp b/src/lib/fingerprint.cpp index 80c837a92..f2ae85edc 100644 --- a/src/lib/fingerprint.cpp +++ b/src/lib/fingerprint.cpp @@ -57,11 +57,11 @@ pgp_fingerprint(pgp_fingerprint_t &fp, const pgp_key_pkt_t &key) } } - if ((key.version != PGP_V4) && + if ((key.version != PGP_V4) && #if defined(ENABLE_CRYPTO_REFRESH) - (key.version != PGP_V6) + (key.version != PGP_V6) #else - true + true #endif ) { RNP_LOG("unsupported key version"); diff --git a/src/lib/generate-key.cpp b/src/lib/generate-key.cpp index d19ff0df5..ba64ff884 100644 --- a/src/lib/generate-key.cpp +++ b/src/lib/generate-key.cpp @@ -87,10 +87,10 @@ static const id_str_pair pubkey_alg_map[] = { {0, NULL}}; static bool -load_generated_g10_key(pgp_key_t * dst, - pgp_key_pkt_t * newkey, - pgp_key_t * primary_key, - pgp_key_t * pubkey, +load_generated_g10_key(pgp_key_t *dst, + pgp_key_pkt_t *newkey, + pgp_key_t *primary_key, + pgp_key_t *pubkey, rnp::SecurityContext &ctx) { // this should generally be zeroed @@ -279,18 +279,26 @@ get_numbits(const rnp_keygen_crypto_params_t *crypto) case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: return crypto->elgamal.key_bitlen; #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: return pgp_kyber_ecdh_composite_public_key_t::encoded_size(crypto->key_alg) * 8; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: return pgp_dilithium_exdsa_composite_public_key_t::encoded_size(crypto->key_alg) * 8; #endif @@ -342,8 +350,8 @@ keygen_primary_merge_defaults(rnp_keygen_primary_desc_t &desc) bool pgp_generate_primary_key(rnp_keygen_primary_desc_t &desc, bool merge_defaults, - pgp_key_t & primary_sec, - pgp_key_t & primary_pub, + pgp_key_t &primary_sec, + pgp_key_t &primary_pub, pgp_key_store_format_t secformat) { // validate args @@ -428,12 +436,12 @@ keygen_subkey_merge_defaults(rnp_keygen_subkey_desc_t &desc) } bool -pgp_generate_subkey(rnp_keygen_subkey_desc_t & desc, +pgp_generate_subkey(rnp_keygen_subkey_desc_t &desc, bool merge_defaults, - pgp_key_t & primary_sec, - pgp_key_t & primary_pub, - pgp_key_t & subkey_sec, - pgp_key_t & subkey_pub, + pgp_key_t &primary_sec, + pgp_key_t &primary_pub, + pgp_key_t &subkey_sec, + pgp_key_t &subkey_pub, const pgp_password_provider_t &password_provider, pgp_key_store_format_t secformat) { diff --git a/src/lib/key-provider.cpp b/src/lib/key-provider.cpp index 2a64b6332..07231545c 100644 --- a/src/lib/key-provider.cpp +++ b/src/lib/key-provider.cpp @@ -94,7 +94,7 @@ rnp_key_provider_chained(const pgp_key_request_ctx_t *ctx, void *userdata) pprovider && *pprovider; pprovider++) { pgp_key_provider_t *provider = *pprovider; - pgp_key_t * key = NULL; + pgp_key_t *key = NULL; if ((key = provider->callback(ctx, provider->userdata))) { return key; } diff --git a/src/lib/key-provider.h b/src/lib/key-provider.h index 4d09e2f82..cd9ac1ec8 100644 --- a/src/lib/key-provider.h +++ b/src/lib/key-provider.h @@ -69,7 +69,7 @@ typedef pgp_key_t *pgp_key_callback_t(const pgp_key_request_ctx_t *ctx, void *us typedef struct pgp_key_provider_t { pgp_key_callback_t *callback; - void * userdata; + void *userdata; pgp_key_provider_t(pgp_key_callback_t *cb = NULL, void *ud = NULL) : callback(cb), userdata(ud){}; @@ -92,7 +92,7 @@ bool rnp_key_matches_search(const pgp_key_t *key, const pgp_key_search_t *search * @param key pointer to the key structure will be stored here on success * @return a key pointer on success, or NULL if key was not found otherwise **/ -pgp_key_t *pgp_request_key(const pgp_key_provider_t * provider, +pgp_key_t *pgp_request_key(const pgp_key_provider_t *provider, const pgp_key_request_ctx_t *ctx); /** key provider callback that searches a list of pgp_key_t pointers diff --git a/src/lib/pass-provider.cpp b/src/lib/pass-provider.cpp index 788fc23ea..76b4c479f 100644 --- a/src/lib/pass-provider.cpp +++ b/src/lib/pass-provider.cpp @@ -29,9 +29,9 @@ bool rnp_password_provider_string(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata) + void *userdata) { char *passc = (char *) userdata; @@ -45,8 +45,8 @@ rnp_password_provider_string(const pgp_password_ctx_t *ctx, bool pgp_request_password(const pgp_password_provider_t *provider, - const pgp_password_ctx_t * ctx, - char * password, + const pgp_password_ctx_t *ctx, + char *password, size_t password_size) { if (!provider || !provider->callback || !ctx || !password || !password_size) { diff --git a/src/lib/pass-provider.h b/src/lib/pass-provider.h index fd79fc571..6873e7863 100644 --- a/src/lib/pass-provider.h +++ b/src/lib/pass-provider.h @@ -39,23 +39,23 @@ typedef struct pgp_password_ctx_t { } pgp_password_ctx_t; typedef bool pgp_password_callback_t(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata); + void *userdata); typedef struct pgp_password_provider_t { pgp_password_callback_t *callback; - void * userdata; + void *userdata; pgp_password_provider_t(pgp_password_callback_t *cb = NULL, void *ud = NULL) : callback(cb), userdata(ud){}; } pgp_password_provider_t; bool pgp_request_password(const pgp_password_provider_t *provider, - const pgp_password_ctx_t * ctx, - char * password, + const pgp_password_ctx_t *ctx, + char *password, size_t password_size); bool rnp_password_provider_string(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata); + void *userdata); #endif diff --git a/src/lib/pgp-key.cpp b/src/lib/pgp-key.cpp index baa89b2e5..4c93c88a8 100644 --- a/src/lib/pgp-key.cpp +++ b/src/lib/pgp-key.cpp @@ -75,8 +75,8 @@ pgp_key_pkt_t * pgp_decrypt_seckey_pgp(const pgp_rawpacket_t &raw, - const pgp_key_pkt_t & pubkey, - const char * password) + const pgp_key_pkt_t &pubkey, + const char *password) { try { rnp::MemorySource src(raw.raw.data(), raw.raw.size(), false); @@ -98,9 +98,9 @@ pgp_decrypt_seckey_pgp(const pgp_rawpacket_t &raw, * key->key.seckey by parsing the key data in packets[0]. */ pgp_key_pkt_t * -pgp_decrypt_seckey(const pgp_key_t & key, +pgp_decrypt_seckey(const pgp_key_t &key, const pgp_password_provider_t &provider, - const pgp_password_ctx_t & ctx) + const pgp_password_ctx_t &ctx) { // sanity checks if (!key.is_secret()) { @@ -208,19 +208,27 @@ pgp_pk_alg_capabilities(pgp_pubkey_alg_t alg) return PGP_KF_ENCRYPT; #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: return PGP_KF_ENCRYPT; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: return pgp_key_flags_t(PGP_KF_SIGN | PGP_KF_CERTIFY | PGP_KF_AUTH); #endif @@ -232,10 +240,10 @@ pgp_pk_alg_capabilities(pgp_pubkey_alg_t alg) } bool -pgp_key_t::write_sec_pgp(pgp_dest_t & dst, - pgp_key_pkt_t & seckey, +pgp_key_t::write_sec_pgp(pgp_dest_t &dst, + pgp_key_pkt_t &seckey, const std::string &password, - rnp::RNG & rng) + rnp::RNG &rng) { bool res = false; pgp_pkt_type_t oldtag = seckey.tag; @@ -256,8 +264,8 @@ pgp_key_t::write_sec_pgp(pgp_dest_t & dst, } bool -pgp_key_t::write_sec_rawpkt(pgp_key_pkt_t & seckey, - const std::string & password, +pgp_key_t::write_sec_rawpkt(pgp_key_pkt_t &seckey, + const std::string &password, rnp::SecurityContext &ctx) { // encrypt+write the key in the appropriate format @@ -291,7 +299,7 @@ pgp_key_t::write_sec_rawpkt(pgp_key_pkt_t & seckey, } static bool -update_sig_expiration(pgp_signature_t * dst, +update_sig_expiration(pgp_signature_t *dst, const pgp_signature_t *src, uint64_t create, uint32_t expiry) @@ -312,11 +320,11 @@ update_sig_expiration(pgp_signature_t * dst, } bool -pgp_key_set_expiration(pgp_key_t * key, - pgp_key_t * seckey, +pgp_key_set_expiration(pgp_key_t *key, + pgp_key_t *seckey, uint32_t expiry, const pgp_password_provider_t &prov, - rnp::SecurityContext & ctx) + rnp::SecurityContext &ctx) { if (!key->is_primary()) { RNP_LOG("Not a primary key"); @@ -396,12 +404,12 @@ pgp_key_set_expiration(pgp_key_t * key, } bool -pgp_subkey_set_expiration(pgp_key_t * sub, - pgp_key_t * primsec, - pgp_key_t * secsub, +pgp_subkey_set_expiration(pgp_key_t *sub, + pgp_key_t *primsec, + pgp_key_t *secsub, uint32_t expiry, const pgp_password_provider_t &prov, - rnp::SecurityContext & ctx) + rnp::SecurityContext &ctx) { if (!sub->is_subkey()) { RNP_LOG("Not a subkey"); @@ -458,7 +466,7 @@ pgp_subkey_set_expiration(pgp_key_t * sub, pgp_key_t * find_suitable_key(pgp_op_t op, - pgp_key_t * key, + pgp_key_t *key, pgp_key_provider_t *key_provider, bool no_primary) { @@ -1533,7 +1541,7 @@ pgp_key_t::unlock(const pgp_password_provider_t &provider, pgp_op_t op) } pgp_password_ctx_t ctx(op, this); - pgp_key_pkt_t * decrypted_seckey = pgp_decrypt_seckey(*this, provider, ctx); + pgp_key_pkt_t *decrypted_seckey = pgp_decrypt_seckey(*this, provider, ctx); if (!decrypted_seckey) { return false; } @@ -1567,8 +1575,8 @@ pgp_key_t::lock() bool pgp_key_t::protect(const rnp_key_protection_params_t &protection, - const pgp_password_provider_t & password_provider, - rnp::SecurityContext & sctx) + const pgp_password_provider_t &password_provider, + rnp::SecurityContext &sctx) { pgp_password_ctx_t ctx(PGP_OP_PROTECT, this); @@ -1581,10 +1589,10 @@ pgp_key_t::protect(const rnp_key_protection_params_t &protection, } bool -pgp_key_t::protect(pgp_key_pkt_t & decrypted, +pgp_key_t::protect(pgp_key_pkt_t &decrypted, const rnp_key_protection_params_t &protection, - const std::string & new_password, - rnp::SecurityContext & ctx) + const std::string &new_password, + rnp::SecurityContext &ctx) { if (!is_secret()) { RNP_LOG("Warning: this is not a secret key"); @@ -1622,7 +1630,7 @@ pgp_key_t::protect(pgp_key_pkt_t & decrypted, bool pgp_key_t::unprotect(const pgp_password_provider_t &password_provider, - rnp::SecurityContext & secctx) + rnp::SecurityContext &secctx) { /* sanity check */ if (!is_secret()) { @@ -1863,11 +1871,12 @@ pgp_key_t::is_signer(const pgp_subsig_t &sig) const if (!sig.sig.has_keyid()) { return false || ( #if defined(ENABLE_CRYPTO_REFRESH) - (version() == PGP_V6) // v6 packets MUST NOT include this subpacket, therefore return true for v6 + (version() == PGP_V6) // v6 packets MUST NOT include this subpacket, + // therefore return true for v6 #else - false + false #endif - ); + ); } return keyid() == sig.sig.keyid(); @@ -1916,8 +1925,8 @@ pgp_key_t::is_binding(const pgp_subsig_t &sig) const } void -pgp_key_t::validate_sig(const pgp_key_t & key, - pgp_subsig_t & sig, +pgp_key_t::validate_sig(const pgp_key_t &key, + pgp_subsig_t &sig, const rnp::SecurityContext &ctx) const noexcept { sig.validity.reset(); @@ -1986,8 +1995,8 @@ pgp_key_t::validate_sig(const pgp_key_t & key, } void -pgp_key_t::validate_sig(pgp_signature_info_t & sinfo, - rnp::Hash & hash, +pgp_key_t::validate_sig(pgp_signature_info_t &sinfo, + rnp::Hash &hash, const rnp::SecurityContext &ctx) const noexcept { sinfo.no_signer = false; @@ -2048,9 +2057,9 @@ pgp_key_t::validate_sig(pgp_signature_info_t & sinfo, } void -pgp_key_t::validate_cert(pgp_signature_info_t & sinfo, - const pgp_key_pkt_t & key, - const pgp_userid_pkt_t & uid, +pgp_key_t::validate_cert(pgp_signature_info_t &sinfo, + const pgp_key_pkt_t &key, + const pgp_userid_pkt_t &uid, const rnp::SecurityContext &ctx) const { auto hash = signature_hash_certification(*sinfo.sig, key, uid); @@ -2058,8 +2067,8 @@ pgp_key_t::validate_cert(pgp_signature_info_t & sinfo, } void -pgp_key_t::validate_binding(pgp_signature_info_t & sinfo, - const pgp_key_t & subkey, +pgp_key_t::validate_binding(pgp_signature_info_t &sinfo, + const pgp_key_t &subkey, const rnp::SecurityContext &ctx) const { if (!is_primary() || !subkey.is_subkey()) { @@ -2103,8 +2112,8 @@ pgp_key_t::validate_binding(pgp_signature_info_t & sinfo, } void -pgp_key_t::validate_sub_rev(pgp_signature_info_t & sinfo, - const pgp_key_pkt_t & subkey, +pgp_key_t::validate_sub_rev(pgp_signature_info_t &sinfo, + const pgp_key_pkt_t &subkey, const rnp::SecurityContext &ctx) const { auto hash = signature_hash_binding(*sinfo.sig, pkt(), subkey); @@ -2314,30 +2323,34 @@ pgp_key_t::mark_valid() } void -pgp_key_t::sign_init(rnp::RNG &rng, pgp_signature_t &sig, pgp_hash_alg_t hash, uint64_t creation, pgp_version_t version) const +pgp_key_t::sign_init(rnp::RNG &rng, + pgp_signature_t &sig, + pgp_hash_alg_t hash, + uint64_t creation, + pgp_version_t version) const { sig.version = version; sig.halg = pgp_hash_adjust_alg_to_key(hash, &pkt_); sig.palg = alg(); sig.set_keyfp(fp()); sig.set_creation(creation); - if(version == PGP_V4) { + if (version == PGP_V4) { // for v6 issuing keys, this MUST NOT be included sig.set_keyid(keyid()); } #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V6) { - sig.salt_size = rnp::Hash::size(sig.halg)/2; + if (version == PGP_V6) { + sig.salt_size = rnp::Hash::size(sig.halg) / 2; rng.get(sig.salt, sig.salt_size); } #endif } void -pgp_key_t::sign_cert(const pgp_key_pkt_t & key, +pgp_key_t::sign_cert(const pgp_key_pkt_t &key, const pgp_userid_pkt_t &uid, - pgp_signature_t & sig, - rnp::SecurityContext & ctx) + pgp_signature_t &sig, + rnp::SecurityContext &ctx) { sig.fill_hashed_data(); auto hash = signature_hash_certification(sig, key, uid); @@ -2345,8 +2358,8 @@ pgp_key_t::sign_cert(const pgp_key_pkt_t & key, } void -pgp_key_t::sign_direct(const pgp_key_pkt_t & key, - pgp_signature_t & sig, +pgp_key_t::sign_direct(const pgp_key_pkt_t &key, + pgp_signature_t &sig, rnp::SecurityContext &ctx) { sig.fill_hashed_data(); @@ -2355,8 +2368,8 @@ pgp_key_t::sign_direct(const pgp_key_pkt_t & key, } void -pgp_key_t::sign_binding(const pgp_key_pkt_t & key, - pgp_signature_t & sig, +pgp_key_t::sign_binding(const pgp_key_pkt_t &key, + pgp_signature_t &sig, rnp::SecurityContext &ctx) { sig.fill_hashed_data(); @@ -2366,10 +2379,10 @@ pgp_key_t::sign_binding(const pgp_key_pkt_t & key, } void -pgp_key_t::gen_revocation(const pgp_revoke_t & revoke, +pgp_key_t::gen_revocation(const pgp_revoke_t &revoke, pgp_hash_alg_t hash, - const pgp_key_pkt_t & key, - pgp_signature_t & sig, + const pgp_key_pkt_t &key, + pgp_signature_t &sig, rnp::SecurityContext &ctx) { sign_init(ctx.rng, sig, hash, ctx.time(), key.version); @@ -2384,8 +2397,8 @@ pgp_key_t::gen_revocation(const pgp_revoke_t & revoke, } void -pgp_key_t::sign_subkey_binding(pgp_key_t & sub, - pgp_signature_t & sig, +pgp_key_t::sign_subkey_binding(pgp_key_t &sub, + pgp_signature_t &sig, rnp::SecurityContext &ctx, bool subsign) { @@ -2406,8 +2419,8 @@ pgp_key_t::sign_subkey_binding(pgp_key_t & sub, void pgp_key_t::add_uid_cert(rnp_selfsig_cert_info_t &cert, pgp_hash_alg_t hash, - rnp::SecurityContext & ctx, - pgp_key_t * pubkey) + rnp::SecurityContext &ctx, + pgp_key_t *pubkey) { if (cert.userid.empty()) { /* todo: why not to allow empty uid? */ @@ -2464,11 +2477,11 @@ pgp_key_t::add_uid_cert(rnp_selfsig_cert_info_t &cert, } void -pgp_key_t::add_sub_binding(pgp_key_t & subsec, - pgp_key_t & subpub, +pgp_key_t::add_sub_binding(pgp_key_t &subsec, + pgp_key_t &subpub, const rnp_selfsig_binding_info_t &binding, pgp_hash_alg_t hash, - rnp::SecurityContext & ctx) + rnp::SecurityContext &ctx) { if (!is_primary()) { RNP_LOG("must be called on primary key"); @@ -2779,7 +2792,7 @@ pgp_key_t::subkey_pkt_hash() const auto pk_pkt_hash = rnp::Hash::create(pk_pkt_hash_alg); pk_pkt_hash->add(rawpkt_.raw); pk_pkt_hash->finish(out.data()); - + return out; } #endif @@ -2788,9 +2801,12 @@ pgp_curve_t pgp_key_material_t::curve() const { switch (alg) { - case PGP_PKA_ECDH: [[fallthrough]]; - case PGP_PKA_ECDSA: [[fallthrough]]; - case PGP_PKA_EDDSA: [[fallthrough]]; + case PGP_PKA_ECDH: + [[fallthrough]]; + case PGP_PKA_ECDSA: + [[fallthrough]]; + case PGP_PKA_EDDSA: + [[fallthrough]]; case PGP_PKA_SM2: return ec.curve; #if defined(ENABLE_CRYPTO_REFRESH) @@ -2817,31 +2833,44 @@ pgp_key_material_t::bits() const case PGP_PKA_ELGAMAL: case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN: return 8 * mpi_bytes(&eg.y); - case PGP_PKA_ECDH: [[fallthrough]]; - case PGP_PKA_ECDSA: [[fallthrough]]; - case PGP_PKA_EDDSA: [[fallthrough]]; + case PGP_PKA_ECDH: + [[fallthrough]]; + case PGP_PKA_ECDSA: + [[fallthrough]]; + case PGP_PKA_EDDSA: + [[fallthrough]]; #if defined(ENABLE_CRYPTO_REFRESH) - case PGP_PKA_ED25519: [[fallthrough]]; - case PGP_PKA_X25519: [[fallthrough]]; + case PGP_PKA_ED25519: + [[fallthrough]]; + case PGP_PKA_X25519: + [[fallthrough]]; #endif case PGP_PKA_SM2: { - /* handle ecc cases */ - const ec_curve_desc_t *curve_desc = get_curve_desc(curve()); - return curve_desc ? curve_desc->bitlen : 0; + /* handle ecc cases */ + const ec_curve_desc_t *curve_desc = get_curve_desc(curve()); + return curve_desc ? curve_desc->bitlen : 0; } #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; - case PGP_PKA_KYBER1024_BP384: - return 8 * kyber_ecdh.pub.get_encoded().size(); /* public key length */ - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_BP384: + return 8 * kyber_ecdh.pub.get_encoded().size(); /* public key length */ + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: return 8 * dilithium_exdsa.pub.get_encoded().size(); /* public key length*/ #endif diff --git a/src/lib/pgp-key.h b/src/lib/pgp-key.h index 89e66f276..1ee219bc9 100644 --- a/src/lib/pgp-key.h +++ b/src/lib/pgp-key.h @@ -110,9 +110,9 @@ typedef struct pgp_userid_t { private: std::vector sigs_{}; /* all signatures related to this userid */ public: - pgp_userid_pkt_t pkt{}; /* User ID or User Attribute packet as it was loaded */ - pgp_rawpacket_t rawpkt{}; /* Raw packet contents */ - std::string str{}; /* Human-readable representation of the userid */ + pgp_userid_pkt_t pkt{}; /* User ID or User Attribute packet as it was loaded */ + pgp_rawpacket_t rawpkt{}; /* Raw packet contents */ + std::string str{}; /* Human-readable representation of the userid */ bool valid{}; /* User ID is valid, i.e. has valid, non-expired self-signature */ bool revoked{}; pgp_revoke_t revocation{}; @@ -161,10 +161,10 @@ struct pgp_key_t { void validate_primary(rnp_key_store_t &keyring); void merge_validity(const pgp_validity_t &src); uint64_t valid_till_common(bool expiry) const; - bool write_sec_pgp(pgp_dest_t & dst, - pgp_key_pkt_t & seckey, + bool write_sec_pgp(pgp_dest_t &dst, + pgp_key_pkt_t &seckey, const std::string &password, - rnp::RNG & rng); + rnp::RNG &rng); public: pgp_key_store_format_t format{}; /* the format of the key in packets[0] */ @@ -179,21 +179,21 @@ struct pgp_key_t { pgp_key_t &operator=(pgp_key_t &&) = default; size_t sig_count() const; - pgp_subsig_t & get_sig(size_t idx); + pgp_subsig_t &get_sig(size_t idx); const pgp_subsig_t &get_sig(size_t idx) const; bool has_sig(const pgp_sig_id_t &id) const; - pgp_subsig_t & replace_sig(const pgp_sig_id_t &id, const pgp_signature_t &newsig); - pgp_subsig_t & get_sig(const pgp_sig_id_t &id); + pgp_subsig_t &replace_sig(const pgp_sig_id_t &id, const pgp_signature_t &newsig); + pgp_subsig_t &get_sig(const pgp_sig_id_t &id); const pgp_subsig_t &get_sig(const pgp_sig_id_t &id) const; - pgp_subsig_t & add_sig(const pgp_signature_t &sig, size_t uid = PGP_UID_NONE); + pgp_subsig_t &add_sig(const pgp_signature_t &sig, size_t uid = PGP_UID_NONE); bool del_sig(const pgp_sig_id_t &sigid); size_t del_sigs(const std::vector &sigs); size_t keysig_count() const; - pgp_subsig_t & get_keysig(size_t idx); + pgp_subsig_t &get_keysig(size_t idx); size_t uid_count() const; - pgp_userid_t & get_uid(size_t idx); + pgp_userid_t &get_uid(size_t idx); const pgp_userid_t &get_uid(size_t idx) const; - pgp_userid_t & add_uid(const pgp_transferable_userid_t &uid); + pgp_userid_t &add_uid(const pgp_transferable_userid_t &uid); bool has_uid(const std::string &uid) const; void del_uid(size_t idx); bool has_primary_uid() const; @@ -203,7 +203,7 @@ struct pgp_key_t { void clear_revokes(); const pgp_key_pkt_t &pkt() const; - pgp_key_pkt_t & pkt(); + pgp_key_pkt_t &pkt(); void set_pkt(const pgp_key_pkt_t &pkt); pgp_key_material_t &material(); @@ -280,16 +280,16 @@ struct pgp_key_t { * @brief Get the pgp key's subkey fingerprint * @return fingerprint or throws std::out_of_range exception */ - const pgp_fingerprint_t & get_subkey_fp(size_t idx) const; + const pgp_fingerprint_t &get_subkey_fp(size_t idx) const; const std::vector &subkey_fps() const; size_t rawpkt_count() const; - pgp_rawpacket_t & rawpkt(); + pgp_rawpacket_t &rawpkt(); const pgp_rawpacket_t &rawpkt() const; void set_rawpkt(const pgp_rawpacket_t &src); /** @brief write secret key data to the rawpkt, optionally encrypting with password */ - bool write_sec_rawpkt(pgp_key_pkt_t & seckey, - const std::string & password, + bool write_sec_rawpkt(pgp_key_pkt_t &seckey, + const std::string &password, rnp::SecurityContext &ctx); /** @brief Unlock a key, i.e. decrypt its secret data so it can be used for @@ -311,16 +311,16 @@ struct pgp_key_t { /** @brief Add protection to an unlocked key, i.e. encrypt its secret data with specified * parameters. */ bool protect(const rnp_key_protection_params_t &protection, - const pgp_password_provider_t & password_provider, - rnp::SecurityContext & ctx); + const pgp_password_provider_t &password_provider, + rnp::SecurityContext &ctx); /** @brief Add/change protection of a key */ - bool protect(pgp_key_pkt_t & decrypted, + bool protect(pgp_key_pkt_t &decrypted, const rnp_key_protection_params_t &protection, - const std::string & new_password, - rnp::SecurityContext & ctx); + const std::string &new_password, + rnp::SecurityContext &ctx); /** @brief Remove protection from a key, i.e. leave secret fields unencrypted */ bool unprotect(const pgp_password_provider_t &password_provider, - rnp::SecurityContext & ctx); + rnp::SecurityContext &ctx); /** @brief Write key's packets to the output. */ void write(pgp_dest_t &dst) const; @@ -392,8 +392,8 @@ struct pgp_key_t { * @param sig signature to validate. * @param ctx Populated security context. */ - void validate_sig(const pgp_key_t & key, - pgp_subsig_t & sig, + void validate_sig(const pgp_key_t &key, + pgp_subsig_t &sig, const rnp::SecurityContext &ctx) const noexcept; /** @@ -403,8 +403,8 @@ struct pgp_key_t { * @param hash hash, feed with all signed data except signature trailer. * @param ctx Populated security context. */ - void validate_sig(pgp_signature_info_t & sinfo, - rnp::Hash & hash, + void validate_sig(pgp_signature_info_t &sinfo, + rnp::Hash &hash, const rnp::SecurityContext &ctx) const noexcept; /** @@ -414,9 +414,9 @@ struct pgp_key_t { * @param key key packet to which certification belongs. * @param uid userid which is bound by certification to the key packet. */ - void validate_cert(pgp_signature_info_t & sinfo, - const pgp_key_pkt_t & key, - const pgp_userid_pkt_t & uid, + void validate_cert(pgp_signature_info_t &sinfo, + const pgp_key_pkt_t &key, + const pgp_userid_pkt_t &uid, const rnp::SecurityContext &ctx) const; /** @@ -425,8 +425,8 @@ struct pgp_key_t { * @param sinfo populated signature info. Validation results will be stored here. * @param subkey subkey packet. */ - void validate_binding(pgp_signature_info_t & sinfo, - const pgp_key_t & subkey, + void validate_binding(pgp_signature_info_t &sinfo, + const pgp_key_t &subkey, const rnp::SecurityContext &ctx) const; /** @@ -435,8 +435,8 @@ struct pgp_key_t { * @param sinfo populated signature info. Validation results will be stored here. * @param subkey subkey packet. */ - void validate_sub_rev(pgp_signature_info_t & sinfo, - const pgp_key_pkt_t & subkey, + void validate_sub_rev(pgp_signature_info_t &sinfo, + const pgp_key_pkt_t &subkey, const rnp::SecurityContext &ctx) const; /** @@ -460,7 +460,11 @@ struct pgp_key_t { * @param creation signature's creation time. * @param version signature version */ - void sign_init(rnp::RNG &rng, pgp_signature_t &sig, pgp_hash_alg_t hash, uint64_t creation, pgp_version_t version) const; + void sign_init(rnp::RNG &rng, + pgp_signature_t &sig, + pgp_hash_alg_t hash, + uint64_t creation, + pgp_version_t version) const; /** * @brief Calculate a certification and fill signature material. @@ -472,10 +476,10 @@ struct pgp_key_t { * @param sig signature, pre-populated with all of the required data, except the * signature material. */ - void sign_cert(const pgp_key_pkt_t & key, + void sign_cert(const pgp_key_pkt_t &key, const pgp_userid_pkt_t &uid, - pgp_signature_t & sig, - rnp::SecurityContext & ctx); + pgp_signature_t &sig, + rnp::SecurityContext &ctx); /** * @brief Calculate direct-key signature. @@ -485,8 +489,8 @@ struct pgp_key_t { * @param sig signature, pre-populated with all of the required data, except the * signature material. */ - void sign_direct(const pgp_key_pkt_t & key, - pgp_signature_t & sig, + void sign_direct(const pgp_key_pkt_t &key, + pgp_signature_t &sig, rnp::SecurityContext &ctx); /** @@ -498,8 +502,8 @@ struct pgp_key_t { * @param sig signature, pre-populated with all of the required data, except the * signature material. */ - void sign_binding(const pgp_key_pkt_t & key, - pgp_signature_t & sig, + void sign_binding(const pgp_key_pkt_t &key, + pgp_signature_t &sig, rnp::SecurityContext &ctx); /** @@ -513,8 +517,8 @@ struct pgp_key_t { * @param sig signature, pre-populated with all of the required data, except the * signature material. */ - void sign_subkey_binding(pgp_key_t & sub, - pgp_signature_t & sig, + void sign_subkey_binding(pgp_key_t &sub, + pgp_signature_t &sig, rnp::SecurityContext &ctx, bool subsign = false); @@ -525,10 +529,10 @@ struct pgp_key_t { * @param key key or subkey packet to revoke. * @param sig object to store revocation signature. Will be populated in method call. */ - void gen_revocation(const pgp_revoke_t & revoke, + void gen_revocation(const pgp_revoke_t &revoke, pgp_hash_alg_t hash, - const pgp_key_pkt_t & key, - pgp_signature_t & sig, + const pgp_key_pkt_t &key, + pgp_signature_t &sig, rnp::SecurityContext &ctx); /** @@ -543,8 +547,8 @@ struct pgp_key_t { */ void add_uid_cert(rnp_selfsig_cert_info_t &cert, pgp_hash_alg_t hash, - rnp::SecurityContext & ctx, - pgp_key_t * pubkey = nullptr); + rnp::SecurityContext &ctx, + pgp_key_t *pubkey = nullptr); /** * @brief Calculate and add subkey binding signature. @@ -557,11 +561,11 @@ struct pgp_key_t { * @param hash hash algorithm to use (may be adjusted according to key and subkey * algorithms) */ - void add_sub_binding(pgp_key_t & subsec, - pgp_key_t & subpub, + void add_sub_binding(pgp_key_t &subsec, + pgp_key_t &subpub, const rnp_selfsig_binding_info_t &binding, pgp_hash_alg_t hash, - rnp::SecurityContext & ctx); + rnp::SecurityContext &ctx); /** @brief Refresh internal fields after primary key is updated */ bool refresh_data(const rnp::SecurityContext &ctx); @@ -597,8 +601,8 @@ class KeyLocker { }; // namespace rnp pgp_key_pkt_t *pgp_decrypt_seckey_pgp(const pgp_rawpacket_t &raw, - const pgp_key_pkt_t & key, - const char * password); + const pgp_key_pkt_t &key, + const char *password); pgp_key_pkt_t *pgp_decrypt_seckey(const pgp_key_t &, const pgp_password_provider_t &, @@ -613,7 +617,7 @@ pgp_key_pkt_t *pgp_decrypt_seckey(const pgp_key_t &, * @return pointer to the key or NULL if key is not found. */ pgp_key_t *pgp_sig_get_signer(const pgp_subsig_t &sig, - rnp_key_store_t * keyring, + rnp_key_store_t *keyring, pgp_key_provider_t *prov); /** @@ -628,18 +632,18 @@ pgp_key_t *pgp_key_get_subkey(const pgp_key_t *key, rnp_key_store_t *store, size pgp_key_flags_t pgp_pk_alg_capabilities(pgp_pubkey_alg_t alg); -bool pgp_key_set_expiration(pgp_key_t * key, - pgp_key_t * signer, +bool pgp_key_set_expiration(pgp_key_t *key, + pgp_key_t *signer, uint32_t expiry, const pgp_password_provider_t &prov, - rnp::SecurityContext & ctx); + rnp::SecurityContext &ctx); -bool pgp_subkey_set_expiration(pgp_key_t * sub, - pgp_key_t * primsec, - pgp_key_t * secsub, +bool pgp_subkey_set_expiration(pgp_key_t *sub, + pgp_key_t *primsec, + pgp_key_t *secsub, uint32_t expiry, const pgp_password_provider_t &prov, - rnp::SecurityContext & ctx); + rnp::SecurityContext &ctx); /** Find a key or it's subkey, suitable for a particular operation * @@ -658,7 +662,7 @@ bool pgp_subkey_set_expiration(pgp_key_t * sub, * set or NULL if not found */ pgp_key_t *find_suitable_key(pgp_op_t op, - pgp_key_t * key, + pgp_key_t *key, pgp_key_provider_t *key_provider, bool no_primary = false); diff --git a/src/lib/rnp.cpp b/src/lib/rnp.cpp index 32c1af0c4..0bb0889cc 100644 --- a/src/lib/rnp.cpp +++ b/src/lib/rnp.cpp @@ -75,14 +75,14 @@ static pgp_key_t *get_key_prefer_public(rnp_key_handle_t handle); static pgp_key_t *get_key_require_secret(rnp_key_handle_t handle); static bool locator_to_str(const pgp_key_search_t &locator, - const char ** identifier_type, - char * identifier, + const char **identifier_type, + char *identifier, size_t identifier_size); static bool rnp_password_cb_bounce(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata_void); + void *userdata_void); static rnp_result_t rnp_dump_src_to_json(pgp_source_t *src, uint32_t flags, char **result); @@ -107,7 +107,7 @@ find_key(rnp_ffi_t ffi, const pgp_key_search_t &search, bool secret, bool try_key_provider, - pgp_key_t * after = NULL) + pgp_key_t *after = NULL) { pgp_key_t *key = rnp_key_store_search(secret ? ffi->secring : ffi->pubring, &search, after); @@ -346,13 +346,13 @@ pub_alg_supported(int alg) #endif #if defined(ENABLE_PQC) case PGP_PKA_KYBER768_X25519: - //case PGP_PKA_KYBER1024_X448: + // case PGP_PKA_KYBER1024_X448: case PGP_PKA_KYBER768_P256: case PGP_PKA_KYBER1024_P384: case PGP_PKA_KYBER768_BP256: case PGP_PKA_KYBER1024_BP384: case PGP_PKA_DILITHIUM3_ED25519: - //case PGP_PKA_DILITHIUM5_ED448: + // case PGP_PKA_DILITHIUM5_ED448: case PGP_PKA_DILITHIUM3_P256: case PGP_PKA_DILITHIUM5_P384: case PGP_PKA_DILITHIUM3_BP256: @@ -503,9 +503,9 @@ parse_ks_format(pgp_key_store_format_t *key_store_format, const char *format) } static rnp_result_t -hex_encode_value(const uint8_t * value, +hex_encode_value(const uint8_t *value, size_t len, - char ** res, + char **res, rnp::hex_format_t format = rnp::HEX_UPPERCASE) { size_t hex_len = len * 2 + 1; @@ -733,9 +733,9 @@ operation_description(uint8_t op) static bool rnp_password_cb_bounce(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata_void) + void *userdata_void) { rnp_ffi_t ffi = (rnp_ffi_t) userdata_void; @@ -1117,7 +1117,7 @@ try { ret = json_array_add_id_str(features, compress_alg_map, z_alg_supported); } else if (rnp::str_case_eq(type, RNP_FEATURE_CURVE)) { for (pgp_curve_t curve = PGP_CURVE_NIST_P_256; curve < PGP_CURVE_MAX; - curve = (pgp_curve_t)(curve + 1)) { + curve = (pgp_curve_t) (curve + 1)) { const ec_curve_desc_t *desc = get_curve_desc(curve); if (!desc) { ret = RNP_ERROR_BAD_STATE; @@ -1266,9 +1266,9 @@ rnp_get_security_rule(rnp_ffi_t ffi, const char *type, const char *name, uint64_t time, - uint32_t * flags, - uint64_t * from, - uint32_t * level) + uint32_t *flags, + uint64_t *from, + uint32_t *level) try { if (!ffi || !type || !name || !level) { return RNP_ERROR_NULL_POINTER; @@ -1329,7 +1329,7 @@ rnp_remove_security_rule(rnp_ffi_t ffi, uint32_t level, uint32_t flags, uint64_t from, - size_t * removed) + size_t *removed) try { if (!ffi) { return RNP_ERROR_NULL_POINTER; @@ -1651,8 +1651,8 @@ key_status_to_str(pgp_key_import_status_t status) } static rnp_result_t -add_key_status(json_object * keys, - const pgp_key_t * key, +add_key_status(json_object *keys, + const pgp_key_t *key, pgp_key_import_status_t pub, pgp_key_import_status_t sec) { @@ -1733,7 +1733,7 @@ try { return RNP_ERROR_OUT_OF_MEMORY; } rnp::JSONObject jsowrap(jsores); - json_object * jsokeys = json_object_new_array(); + json_object *jsokeys = json_object_new_array(); if (!obj_add_field_json(jsores, "keys", jsokeys)) { return RNP_ERROR_OUT_OF_MEMORY; } @@ -1791,8 +1791,8 @@ sig_status_to_str(pgp_sig_import_status_t status) } static rnp_result_t -add_sig_status(json_object * sigs, - const pgp_key_t * signer, +add_sig_status(json_object *sigs, + const pgp_key_t *signer, pgp_sig_import_status_t pub, pgp_sig_import_status_t sec) { @@ -1848,7 +1848,7 @@ try { return RNP_ERROR_OUT_OF_MEMORY; } rnp::JSONObject jsowrap(jsores); - json_object * jsosigs = json_object_new_array(); + json_object *jsosigs = json_object_new_array(); if (!obj_add_field_json(jsores, "sigs", jsosigs)) { return RNP_ERROR_OUT_OF_MEMORY; } @@ -2136,10 +2136,10 @@ input_closer_bounce(pgp_source_t *src) } rnp_result_t -rnp_input_from_callback(rnp_input_t * input, +rnp_input_from_callback(rnp_input_t *input, rnp_input_reader_t *reader, rnp_input_closer_t *closer, - void * app_ctx) + void *app_ctx) try { // checks if (!input || !reader) { @@ -2397,10 +2397,10 @@ try { FFI_GUARD rnp_result_t -rnp_output_to_callback(rnp_output_t * output, +rnp_output_to_callback(rnp_output_t *output, rnp_output_writer_t *writer, rnp_output_closer_t *closer, - void * app_ctx) + void *app_ctx) try { // checks if (!output || !writer) { @@ -2455,8 +2455,8 @@ static rnp_result_t rnp_op_add_signature(rnp_ffi_t ffi, rnp_op_sign_signatures_t &signatures, rnp_key_handle_t key, - rnp_ctx_t & ctx, - rnp_op_sign_signature_t * sig) + rnp_ctx_t &ctx, + rnp_op_sign_signature_t *sig) { if (!key) { return RNP_ERROR_NULL_POINTER; @@ -2660,10 +2660,10 @@ FFI_GUARD rnp_result_t rnp_op_encrypt_add_password(rnp_op_encrypt_t op, - const char * password, - const char * s2k_hash, + const char *password, + const char *s2k_hash, size_t iterations, - const char * s2k_cipher) + const char *s2k_cipher) try { // checks if (!op) { @@ -2744,8 +2744,11 @@ try { return RNP_ERROR_BAD_PARAMETERS; } #ifdef ENABLE_CRYPTO_REFRESH -if(op->rnpctx.aalg == PGP_AEAD_NONE && op->rnpctx.enable_pkesk_v6) { - FFI_LOG(op->ffi, "Setting AEAD algorithm to PGP_AEAD_NONE (%s) would contradict the previously enabled PKESKv6 setting", alg); + if (op->rnpctx.aalg == PGP_AEAD_NONE && op->rnpctx.enable_pkesk_v6) { + FFI_LOG(op->ffi, + "Setting AEAD algorithm to PGP_AEAD_NONE (%s) would contradict the previously " + "enabled PKESKv6 setting", + alg); return RNP_ERROR_BAD_PARAMETERS; } #endif @@ -2811,9 +2814,9 @@ FFI_GUARD static pgp_write_handler_t pgp_write_handler(pgp_password_provider_t *pass_provider, - rnp_ctx_t * rnpctx, - void * param, - pgp_key_provider_t * key_provider) + rnp_ctx_t *rnpctx, + void *param, + pgp_key_provider_t *key_provider) { pgp_write_handler_t handler; memset(&handler, 0, sizeof(handler)); @@ -3140,9 +3143,9 @@ rnp_verify_src_provider(pgp_parse_handler_t *handler, pgp_source_t *src) static bool rnp_verify_dest_provider(pgp_parse_handler_t *handler, - pgp_dest_t ** dst, - bool * closedst, - const char * filename, + pgp_dest_t **dst, + bool *closedst, + const char *filename, uint32_t mtime) { rnp_op_verify_t op = (rnp_op_verify_t) handler->param; @@ -3182,7 +3185,7 @@ symenc_handle_from_sk_sesskey(rnp_symenc_handle_t handle, const pgp_sk_sesskey_t static void rnp_verify_on_recipients(const std::vector &recipients, const std::vector &passwords, - void * param) + void *param) { rnp_op_verify_t op = (rnp_op_verify_t) param; /* store only top-level encrypted stream recipients info for now */ @@ -3682,7 +3685,7 @@ FFI_GUARD rnp_result_t rnp_op_verify_signature_get_handle(rnp_op_verify_signature_t sig, - rnp_signature_handle_t * handle) + rnp_signature_handle_t *handle) try { if (!sig || !handle) { return RNP_ERROR_NULL_POINTER; @@ -3750,8 +3753,8 @@ FFI_GUARD rnp_result_t rnp_op_verify_signature_get_times(rnp_op_verify_signature_t sig, - uint32_t * create, - uint32_t * expires) + uint32_t *create, + uint32_t *expires) try { if (create) { *create = sig->sig_pkt.creation(); @@ -3789,8 +3792,8 @@ FFI_GUARD static rnp_result_t str_to_locator(rnp_ffi_t ffi, pgp_key_search_t *locator, - const char * identifier_type, - const char * identifier) + const char *identifier_type, + const char *identifier) { // parse the identifier type locator->type = static_cast( @@ -3849,8 +3852,8 @@ str_to_locator(rnp_ffi_t ffi, static bool locator_to_str(const pgp_key_search_t &locator, - const char ** identifier_type, - char * identifier, + const char **identifier_type, + char *identifier, size_t identifier_size) { // find the identifier type string with the map @@ -3896,7 +3899,7 @@ locator_to_str(const pgp_key_search_t &locator, static rnp_result_t rnp_locate_key_int(rnp_ffi_t ffi, const pgp_key_search_t &locator, - rnp_key_handle_t * handle, + rnp_key_handle_t *handle, bool require_secret = false) { // search pubring @@ -3926,8 +3929,8 @@ rnp_locate_key_int(rnp_ffi_t ffi, rnp_result_t rnp_locate_key(rnp_ffi_t ffi, - const char * identifier_type, - const char * identifier, + const char *identifier_type, + const char *identifier, rnp_key_handle_t *handle) try { // checks @@ -3964,7 +3967,7 @@ try { // handle flags bool armored = extract_flag(flags, RNP_KEY_EXPORT_ARMORED); - pgp_key_t * key = NULL; + pgp_key_t *key = NULL; rnp_key_store_t *store = NULL; if (flags & RNP_KEY_EXPORT_PUBLIC) { extract_flag(flags, RNP_KEY_EXPORT_PUBLIC); @@ -4041,7 +4044,7 @@ FFI_GUARD rnp_result_t rnp_key_export_autocrypt(rnp_key_handle_t key, rnp_key_handle_t subkey, - const char * uid, + const char *uid, rnp_output_t output, uint32_t flags) try { @@ -4116,11 +4119,11 @@ rnp_key_get_revoker(rnp_key_handle_t key) static rnp_result_t rnp_key_get_revocation(rnp_ffi_t ffi, - pgp_key_t * key, - pgp_key_t * revoker, - const char * hash, - const char * code, - const char * reason, + pgp_key_t *key, + pgp_key_t *revoker, + const char *hash, + const char *code, + const char *reason, pgp_signature_t &sig) { if (!hash) { @@ -4167,9 +4170,9 @@ rnp_result_t rnp_key_export_revocation(rnp_key_handle_t key, rnp_output_t output, uint32_t flags, - const char * hash, - const char * code, - const char * reason) + const char *hash, + const char *code, + const char *reason) try { if (!key || !key->ffi || !output) { return RNP_ERROR_NULL_POINTER; @@ -4338,11 +4341,11 @@ FFI_GUARD static void report_signature_removal(rnp_ffi_t ffi, - const pgp_key_t & key, + const pgp_key_t &key, rnp_key_signatures_cb sigcb, - void * app_ctx, - pgp_subsig_t & keysig, - bool & remove) + void *app_ctx, + pgp_subsig_t &keysig, + bool &remove) { if (!sigcb) { return; @@ -4407,11 +4410,11 @@ signature_needs_removal(rnp_ffi_t ffi, const pgp_key_t &key, pgp_subsig_t &sig, static void remove_key_signatures(rnp_ffi_t ffi, - pgp_key_t & pub, - pgp_key_t * sec, + pgp_key_t &pub, + pgp_key_t *sec, uint32_t flags, rnp_key_signatures_cb sigcb, - void * app_ctx) + void *app_ctx) { std::vector sigs; @@ -4437,7 +4440,7 @@ rnp_result_t rnp_key_remove_signatures(rnp_key_handle_t handle, uint32_t flags, rnp_key_signatures_cb sigcb, - void * app_ctx) + void *app_ctx) try { if (!handle) { return RNP_ERROR_NULL_POINTER; @@ -4500,7 +4503,7 @@ static bool parse_preferences(json_object *jso, pgp_user_prefs_t &prefs) { static const struct { - const char * key; + const char *key; enum json_type type; } properties[] = {{"hashes", json_type_array}, {"ciphers", json_type_array}, @@ -4509,7 +4512,7 @@ parse_preferences(json_object *jso, pgp_user_prefs_t &prefs) for (size_t iprop = 0; iprop < ARRAY_SIZE(properties); iprop++) { json_object *value = NULL; - const char * key = properties[iprop].key; + const char *key = properties[iprop].key; if (!json_object_object_get_ex(jso, key, &value)) { continue; @@ -4575,7 +4578,7 @@ static bool parse_keygen_crypto(json_object *jso, rnp_keygen_crypto_params_t &crypto) { static const struct { - const char * key; + const char *key; enum json_type type; } properties[] = {{"type", json_type_string}, {"curve", json_type_string}, @@ -4584,7 +4587,7 @@ parse_keygen_crypto(json_object *jso, rnp_keygen_crypto_params_t &crypto) for (size_t i = 0; i < ARRAY_SIZE(properties); i++) { json_object *value = NULL; - const char * key = properties[i].key; + const char *key = properties[i].key; if (!json_object_object_get_ex(jso, key, &value)) { continue; @@ -4638,7 +4641,7 @@ static bool parse_protection(json_object *jso, rnp_key_protection_params_t &protection) { static const struct { - const char * key; + const char *key; enum json_type type; } properties[] = {{"cipher", json_type_string}, {"mode", json_type_string}, @@ -4647,7 +4650,7 @@ parse_protection(json_object *jso, rnp_key_protection_params_t &protection) for (size_t i = 0; i < ARRAY_SIZE(properties); i++) { json_object *value = NULL; - const char * key = properties[i].key; + const char *key = properties[i].key; if (!json_object_object_get_ex(jso, key, &value)) { continue; @@ -4682,8 +4685,8 @@ parse_protection(json_object *jso, rnp_key_protection_params_t &protection) } static bool -parse_keygen_primary(json_object * jso, - rnp_keygen_primary_desc_t & desc, +parse_keygen_primary(json_object *jso, + rnp_keygen_primary_desc_t &desc, rnp_key_protection_params_t &prot) { static const char *properties[] = { @@ -4695,7 +4698,7 @@ parse_keygen_primary(json_object * jso, } for (size_t i = 0; i < ARRAY_SIZE(properties); i++) { json_object *value = NULL; - const char * key = properties[i]; + const char *key = properties[i]; if (!json_object_object_get_ex(jso, key, &value)) { continue; @@ -4770,19 +4773,19 @@ parse_keygen_primary(json_object * jso, } static bool -parse_keygen_sub(json_object * jso, - rnp_keygen_subkey_desc_t & desc, +parse_keygen_sub(json_object *jso, + rnp_keygen_subkey_desc_t &desc, rnp_key_protection_params_t &prot) { static const char *properties[] = {"usage", "expiration", "protection"}; - auto & binding = desc.binding; + auto &binding = desc.binding; if (!parse_keygen_crypto(jso, desc.crypto)) { return false; } for (size_t i = 0; i < ARRAY_SIZE(properties); i++) { json_object *value = NULL; - const char * key = properties[i]; + const char *key = properties[i]; if (!json_object_object_get_ex(jso, key, &value)) { continue; @@ -4887,9 +4890,9 @@ gen_json_grips(char **result, const pgp_key_t *primary, const pgp_key_t *sub) static rnp_result_t gen_json_primary_key(rnp_ffi_t ffi, - json_object * jsoparams, + json_object *jsoparams, rnp_key_protection_params_t &prot, - pgp_fingerprint_t & fp, + pgp_fingerprint_t &fp, bool protect) { rnp_keygen_primary_desc_t desc = {}; @@ -4925,9 +4928,9 @@ gen_json_primary_key(rnp_ffi_t ffi, static rnp_result_t gen_json_subkey(rnp_ffi_t ffi, - json_object * jsoparams, - pgp_key_t & prim_pub, - pgp_key_t & prim_sec, + json_object *jsoparams, + pgp_key_t &prim_pub, + pgp_key_t &prim_sec, pgp_fingerprint_t &fp) { rnp_keygen_subkey_desc_t desc = {}; @@ -4978,7 +4981,7 @@ try { // parse the JSON json_tokener_error error; - json_object * jso = json_tokener_parse_verbose(json, &error); + json_object *jso = json_tokener_parse_verbose(json, &error); if (!jso) { // syntax error or some other issue FFI_LOG(ffi, "Invalid JSON: %s", json_tokener_error_desc(error)); @@ -5018,8 +5021,8 @@ try { } // generate primary key - pgp_key_t * prim_pub = NULL; - pgp_key_t * prim_sec = NULL; + pgp_key_t *prim_pub = NULL; + pgp_key_t *prim_sec = NULL; rnp_key_protection_params_t prim_prot = {}; pgp_fingerprint_t fp; if (jsoprimary) { @@ -5096,14 +5099,14 @@ FFI_GUARD rnp_result_t rnp_generate_key_ex(rnp_ffi_t ffi, - const char * key_alg, - const char * sub_alg, + const char *key_alg, + const char *sub_alg, uint32_t key_bits, uint32_t sub_bits, - const char * key_curve, - const char * sub_curve, - const char * userid, - const char * password, + const char *key_curve, + const char *sub_curve, + const char *userid, + const char *password, rnp_key_handle_t *key) try { rnp_op_generate_t op = NULL; @@ -5190,8 +5193,8 @@ rnp_result_t rnp_generate_key_rsa(rnp_ffi_t ffi, uint32_t bits, uint32_t subbits, - const char * userid, - const char * password, + const char *userid, + const char *password, rnp_key_handle_t *key) try { return rnp_generate_key_ex(ffi, @@ -5211,8 +5214,8 @@ rnp_result_t rnp_generate_key_dsa_eg(rnp_ffi_t ffi, uint32_t bits, uint32_t subbits, - const char * userid, - const char * password, + const char *userid, + const char *password, rnp_key_handle_t *key) try { return rnp_generate_key_ex(ffi, @@ -5230,9 +5233,9 @@ FFI_GUARD rnp_result_t rnp_generate_key_ec(rnp_ffi_t ffi, - const char * curve, - const char * userid, - const char * password, + const char *curve, + const char *userid, + const char *password, rnp_key_handle_t *key) try { return rnp_generate_key_ex( @@ -5242,8 +5245,8 @@ FFI_GUARD rnp_result_t rnp_generate_key_25519(rnp_ffi_t ffi, - const char * userid, - const char * password, + const char *userid, + const char *password, rnp_key_handle_t *key) try { return rnp_generate_key_ex(ffi, @@ -5261,8 +5264,8 @@ FFI_GUARD rnp_result_t rnp_generate_key_sm2(rnp_ffi_t ffi, - const char * userid, - const char * password, + const char *userid, + const char *password, rnp_key_handle_t *key) try { return rnp_generate_key_ex( @@ -5292,18 +5295,26 @@ default_key_flags(pgp_pubkey_alg_t alg, bool subkey) return PGP_KF_ENCRYPT; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: return PGP_KF_ENCRYPT; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: return subkey ? PGP_KF_SIGN : pgp_key_flags_t(PGP_KF_SIGN | PGP_KF_CERTIFY); #endif @@ -5349,7 +5360,7 @@ rnp_result_t rnp_op_generate_subkey_create(rnp_op_generate_t *op, rnp_ffi_t ffi, rnp_key_handle_t primary, - const char * alg) + const char *alg) try { if (!op || !ffi || !alg || !primary) { return RNP_ERROR_NULL_POINTER; @@ -5919,8 +5930,8 @@ key_get_uid_at(pgp_key_t *key, size_t idx, char **uid) rnp_result_t rnp_key_add_uid(rnp_key_handle_t handle, - const char * uid, - const char * hash, + const char *uid, + const char *hash, uint32_t expiration, uint8_t key_flags, bool primary) @@ -6124,8 +6135,8 @@ FFI_GUARD static rnp_result_t rnp_key_return_signature(rnp_ffi_t ffi, - pgp_key_t * key, - pgp_subsig_t * subsig, + pgp_key_t *key, + pgp_subsig_t *subsig, rnp_signature_handle_t *sig) { *sig = (rnp_signature_handle_t) calloc(1, sizeof(**sig)); @@ -6583,7 +6594,7 @@ FFI_GUARD rnp_result_t rnp_key_get_default_key(rnp_key_handle_t primary_key, - const char * usage, + const char *usage, uint32_t flags, rnp_key_handle_t *default_key) try { @@ -6688,7 +6699,7 @@ try { if (!handle || !curve) { return RNP_ERROR_NULL_POINTER; } - pgp_key_t * key = get_key_prefer_public(handle); + pgp_key_t *key = get_key_prefer_public(handle); pgp_curve_t _curve = key->curve(); if (_curve == PGP_CURVE_UNKNOWN) { return RNP_ERROR_BAD_PARAMETERS; @@ -7082,7 +7093,7 @@ try { } const pgp_s2k_t &s2k = key->sec->pkt().sec_protection.s2k; - const char * res = "Unknown"; + const char *res = "Unknown"; if (s2k.usage == PGP_S2KU_NONE) { res = "None"; } @@ -7265,10 +7276,10 @@ FFI_GUARD rnp_result_t rnp_key_protect(rnp_key_handle_t handle, - const char * password, - const char * cipher, - const char * cipher_mode, - const char * hash, + const char *password, + const char *cipher, + const char *cipher_mode, + const char *hash, size_t iterations) try { rnp_key_protection_params_t protection = {}; @@ -7297,7 +7308,7 @@ try { if (!key) { return RNP_ERROR_NO_SUITABLE_KEY; } - pgp_key_pkt_t * decrypted_key = NULL; + pgp_key_pkt_t *decrypted_key = NULL; const std::string pass = password; if (key->encrypted()) { pgp_password_ctx_t ctx(PGP_OP_PROTECT, key); @@ -7514,7 +7525,7 @@ static rnp_result_t add_json_mpis(json_object *jso, ...) { va_list ap; - const char * name; + const char *name; rnp_result_t ret = RNP_ERROR_GENERIC; va_start(ap, jso); @@ -7569,20 +7580,28 @@ add_json_public_mpis(json_object *jso, pgp_key_t *key) case PGP_PKA_ED25519: case PGP_PKA_X25519: return RNP_SUCCESS; /* TODO */ -#endif +#endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: return RNP_SUCCESS; /* TODO */ - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: return RNP_SUCCESS; /* TODO */ #endif @@ -7618,11 +7637,15 @@ add_json_secret_mpis(json_object *jso, pgp_key_t *key) return RNP_SUCCESS; /* TODO */ #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: return RNP_SUCCESS; /* TODO */ #endif @@ -7664,11 +7687,15 @@ add_json_sig_mpis(json_object *jso, const pgp_signature_t *sig) return RNP_SUCCESS; /* TODO */ #endif #if defined(ENABLE_PQC) - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: return RNP_SUCCESS; /* TODO */ #endif @@ -7691,7 +7718,7 @@ add_json_user_prefs(json_object *jso, const pgp_user_prefs_t &prefs) } json_object_object_add(jso, "ciphers", jsoarr); for (auto alg : prefs.symm_algs) { - const char * name = id_str_pair::lookup(symm_alg_map, alg, "Unknown"); + const char *name = id_str_pair::lookup(symm_alg_map, alg, "Unknown"); json_object *jsoname = json_object_new_string(name); if (!jsoname || json_object_array_add(jsoarr, jsoname)) { return false; @@ -7705,7 +7732,7 @@ add_json_user_prefs(json_object *jso, const pgp_user_prefs_t &prefs) } json_object_object_add(jso, "hashes", jsoarr); for (auto alg : prefs.hash_algs) { - const char * name = id_str_pair::lookup(hash_alg_map, alg, "Unknown"); + const char *name = id_str_pair::lookup(hash_alg_map, alg, "Unknown"); json_object *jsoname = json_object_new_string(name); if (!jsoname || json_object_array_add(jsoarr, jsoname)) { return false; @@ -7719,7 +7746,7 @@ add_json_user_prefs(json_object *jso, const pgp_user_prefs_t &prefs) } json_object_object_add(jso, "compression", jsoarr); for (auto alg : prefs.z_algs) { - const char * name = id_str_pair::lookup(compress_alg_map, alg, "Unknown"); + const char *name = id_str_pair::lookup(compress_alg_map, alg, "Unknown"); json_object *jsoname = json_object_new_string(name); if (!jsoname || json_object_array_add(jsoarr, jsoname)) { return false; @@ -7733,7 +7760,7 @@ add_json_user_prefs(json_object *jso, const pgp_user_prefs_t &prefs) } json_object_object_add(jso, "key server preferences", jsoarr); for (auto flag : prefs.ks_prefs) { - const char * name = id_str_pair::lookup(key_server_prefs_map, flag, "Unknown"); + const char *name = id_str_pair::lookup(key_server_prefs_map, flag, "Unknown"); json_object *jsoname = json_object_new_string(name); if (!jsoname || json_object_array_add(jsoarr, jsoname)) { return false; @@ -7929,18 +7956,26 @@ key_to_json(json_object *jso, rnp_key_handle_t handle, uint32_t flags) return RNP_SUCCESS; /* TODO */ #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: return RNP_SUCCESS; /* TODO */ - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: return RNP_SUCCESS; /* TODO */ #endif @@ -8375,7 +8410,7 @@ key_iter_get_item(const rnp_identifier_iterator_t it, char *buf, size_t buf_len) rnp_result_t rnp_identifier_iterator_create(rnp_ffi_t ffi, rnp_identifier_iterator_t *it, - const char * identifier_type) + const char *identifier_type) try { rnp_result_t ret = RNP_ERROR_GENERIC; struct rnp_identifier_iterator_st *obj = NULL; diff --git a/src/lib/sec_profile.hpp b/src/lib/sec_profile.hpp index a4d84563f..6805082c6 100644 --- a/src/lib/sec_profile.hpp +++ b/src/lib/sec_profile.hpp @@ -93,7 +93,7 @@ class SecurityProfile { class SecurityContext { std::unordered_map s2k_iterations_; uint64_t time_; - void * prov_state_; + void *prov_state_; public: SecurityProfile profile; diff --git a/src/lib/types.h b/src/lib/types.h index 1c698daea..98e278095 100644 --- a/src/lib/types.h +++ b/src/lib/types.h @@ -90,7 +90,7 @@ class id_str_pair { */ static const char *lookup(const id_str_pair pair[], int id, - const char * notfound = "unknown"); + const char *notfound = "unknown"); static int lookup(const id_str_pair pair[], const char *str, int notfound = 0); static int lookup(const id_str_pair pair[], const std::vector &bytes, @@ -190,14 +190,15 @@ typedef struct pgp_key_material_t { }; #if defined(ENABLE_CRYPTO_REFRESH) pgp_ed25519_key_t ed25519; /* non-trivial type, cannot be in a union */ - pgp_x25519_key_t x25519; /* non-trivial type, cannot be in a union */ + pgp_x25519_key_t x25519; /* non-trivial type, cannot be in a union */ #endif #if defined(ENABLE_PQC) - pgp_kyber_ecdh_key_t kyber_ecdh; /* non-trivial type, cannot be in a union */ + pgp_kyber_ecdh_key_t kyber_ecdh; /* non-trivial type, cannot be in a union */ pgp_dilithium_exdsa_key_t dilithium_exdsa; /* non-trivial type, cannot be in a union */ #endif - pgp_curve_t curve() const; /* return curve for EC algorithms, PGP_CURVE_UNKNOWN otherwise */ + pgp_curve_t curve() + const; /* return curve for EC algorithms, PGP_CURVE_UNKNOWN otherwise */ size_t bits() const; size_t qbits() const; void validate(rnp::SecurityContext &ctx, bool reset = true); @@ -218,7 +219,8 @@ typedef struct pgp_signature_material_t { pgp_ed25519_signature_t ed25519; // non-trivial type cannot be member in union #endif #if defined(ENABLE_PQC) - pgp_dilithium_exdsa_signature_t dilithium_exdsa; // non-trivial type cannot be member in union + pgp_dilithium_exdsa_signature_t + dilithium_exdsa; // non-trivial type cannot be member in union #endif } pgp_signature_material_t; @@ -227,10 +229,10 @@ typedef struct pgp_signature_material_t { */ typedef struct pgp_encrypted_material_t { union { - pgp_rsa_encrypted_t rsa; - pgp_eg_encrypted_t eg; - pgp_sm2_encrypted_t sm2; - pgp_ecdh_encrypted_t ecdh; + pgp_rsa_encrypted_t rsa; + pgp_eg_encrypted_t eg; + pgp_sm2_encrypted_t sm2; + pgp_ecdh_encrypted_t ecdh; }; #if defined(ENABLE_CRYPTO_REFRESH) pgp_x25519_encrypted_t x25519; // non-trivial type cannot be member in union @@ -271,15 +273,15 @@ typedef struct pgp_signature_t pgp_signature_t; typedef struct pgp_sig_subpkt_t { pgp_sig_subpacket_type_t type; /* type of the subpacket */ size_t len; /* length of the data */ - uint8_t * data; /* raw subpacket data, excluding the header */ + uint8_t *data; /* raw subpacket data, excluding the header */ bool critical : 1; /* critical flag */ bool hashed : 1; /* whether subpacket is hashed or not */ bool parsed : 1; /* whether subpacket was successfully parsed */ union { - uint32_t create; /* 5.2.3.4. Signature Creation Time */ - uint32_t expiry; /* 5.2.3.6. Key Expiration Time */ - /* 5.2.3.10. Signature Expiration Time */ - bool exportable; /* 5.2.3.11. Exportable Certification */ + uint32_t create; /* 5.2.3.4. Signature Creation Time */ + uint32_t expiry; /* 5.2.3.6. Key Expiration Time */ + /* 5.2.3.10. Signature Expiration Time */ + bool exportable; /* 5.2.3.11. Exportable Certification */ struct { uint8_t level; uint8_t amount; @@ -298,7 +300,7 @@ typedef struct pgp_sig_subpkt_t { struct { uint8_t klass; pgp_pubkey_alg_t pkalg; - uint8_t * fp; + uint8_t *fp; } revocation_key; /* 5.2.3.15. Revocation Key */ uint8_t *issuer; /* 5.2.3.5. Issuer */ struct { @@ -328,14 +330,14 @@ typedef struct pgp_sig_subpkt_t { } signer; /* 5.2.3.22. Signer's User ID */ struct { pgp_revocation_type_t code; - const char * str; + const char *str; unsigned len; } revocation_reason; /* 5.2.3.23. Reason for Revocation */ uint8_t features; /* 5.2.3.24. Features */ struct { pgp_pubkey_alg_t pkalg; pgp_hash_alg_t halg; - uint8_t * hash; + uint8_t *hash; unsigned hlen; } sig_target; /* 5.2.3.25. Signature Target */ pgp_signature_t *sig; /* 5.2.3.27. Embedded Signature */ @@ -385,11 +387,11 @@ typedef struct pgp_aead_hdr_t { } pgp_aead_hdr_t; typedef struct pgp_seipdv2_hdr_t { - pgp_seipd_version_t version; /* version of the SEIPD packet */ - pgp_symm_alg_t cipher_alg; /* underlying symmetric algorithm */ - pgp_aead_alg_t aead_alg; /* AEAD algorithm, i.e. EAX, OCB, etc */ - uint8_t chunk_size_octet; /* chunk size octet */ - uint8_t salt[PGP_SEIPDV2_SALT_LEN]; /* SEIPDv2 salt value */ + pgp_seipd_version_t version; /* version of the SEIPD packet */ + pgp_symm_alg_t cipher_alg; /* underlying symmetric algorithm */ + pgp_aead_alg_t aead_alg; /* AEAD algorithm, i.e. EAX, OCB, etc */ + uint8_t chunk_size_octet; /* chunk size octet */ + uint8_t salt[PGP_SEIPDV2_SALT_LEN]; /* SEIPDv2 salt value */ } pgp_seipdv2_hdr_t; /** litdata_type_t */ diff --git a/src/lib/utils.h b/src/lib/utils.h index 3035ee510..1b38c18ee 100644 --- a/src/lib/utils.h +++ b/src/lib/utils.h @@ -68,24 +68,24 @@ LOAD32LE(uint32_t &x, const uint8_t y[4]) inline void STORE32BE(uint8_t x[4], uint32_t y) { - x[0] = (uint8_t)(y >> 24) & 0xff; - x[1] = (uint8_t)(y >> 16) & 0xff; - x[2] = (uint8_t)(y >> 8) & 0xff; - x[3] = (uint8_t)(y >> 0) & 0xff; + x[0] = (uint8_t) (y >> 24) & 0xff; + x[1] = (uint8_t) (y >> 16) & 0xff; + x[2] = (uint8_t) (y >> 8) & 0xff; + x[3] = (uint8_t) (y >> 0) & 0xff; } /* Store big-endian 64-bit value x in y */ inline void STORE64BE(uint8_t x[8], uint64_t y) { - x[0] = (uint8_t)(y >> 56) & 0xff; - x[1] = (uint8_t)(y >> 48) & 0xff; - x[2] = (uint8_t)(y >> 40) & 0xff; - x[3] = (uint8_t)(y >> 32) & 0xff; - x[4] = (uint8_t)(y >> 24) & 0xff; - x[5] = (uint8_t)(y >> 16) & 0xff; - x[6] = (uint8_t)(y >> 8) & 0xff; - x[7] = (uint8_t)(y >> 0) & 0xff; + x[0] = (uint8_t) (y >> 56) & 0xff; + x[1] = (uint8_t) (y >> 48) & 0xff; + x[2] = (uint8_t) (y >> 40) & 0xff; + x[3] = (uint8_t) (y >> 32) & 0xff; + x[4] = (uint8_t) (y >> 24) & 0xff; + x[5] = (uint8_t) (y >> 16) & 0xff; + x[6] = (uint8_t) (y >> 8) & 0xff; + x[7] = (uint8_t) (y >> 0) & 0xff; } inline char * diff --git a/src/librekey/g23_sexp.hpp b/src/librekey/g23_sexp.hpp index b888680f5..acb195551 100644 --- a/src/librekey/g23_sexp.hpp +++ b/src/librekey/g23_sexp.hpp @@ -56,8 +56,8 @@ class gnupg_sexp_t : public sexp::sexp_list_t { void add_curve(const std::string &name, const pgp_ec_key_t &key); void add_pubkey(const pgp_key_pkt_t &key); void add_seckey(const pgp_key_pkt_t &key); - void add_protected_seckey(pgp_key_pkt_t & seckey, - const std::string & password, + void add_protected_seckey(pgp_key_pkt_t &seckey, + const std::string &password, rnp::SecurityContext &ctx); bool parse(const char *r_bytes, size_t r_length, size_t depth = 1); bool write(pgp_dest_t &dst) const noexcept; diff --git a/src/librekey/key_store_g10.cpp b/src/librekey/key_store_g10.cpp index dcf3fe112..e99a164da 100644 --- a/src/librekey/key_store_g10.cpp +++ b/src/librekey/key_store_g10.cpp @@ -59,7 +59,7 @@ typedef struct format_info { pgp_cipher_mode_t cipher_mode; pgp_hash_alg_t hash_alg; size_t cipher_block_size; - const char * g10_type; + const char *g10_type; size_t iv_size; size_t tag_length; bool with_associated_data; @@ -67,8 +67,8 @@ typedef struct format_info { } format_info; static bool g10_calculated_hash(const pgp_key_pkt_t &key, - const char * protected_at, - uint8_t * checksum); + const char *protected_at, + uint8_t *checksum); static const format_info formats[] = {{PGP_SA_AES_128, PGP_CIPHER_MODE_CBC, @@ -257,7 +257,7 @@ lookup_var(const sexp_list_t *list, const std::string &name) noexcept auto r1 = ptr->sexp_list_view(); if (r1 && r1->size() >= 2) { // conditions (1) and (2) auto r2 = r1->sexp_string_at(0); - if (r2 && r2 == name) // conditions (3) and (4) + if (r2 && r2 == name) // conditions (3) and (4) r = true; } return r; @@ -466,16 +466,16 @@ parse_seckey(pgp_key_pkt_t &seckey, const sexp_list_t *s_exp, pgp_pubkey_alg_t a static bool decrypt_protected_section(const sexp_simple_string_t &encrypted_data, - const pgp_key_pkt_t & seckey, - const std::string & password, - gnupg_sexp_t & r_s_exp, - uint8_t * associated_data, + const pgp_key_pkt_t &seckey, + const std::string &password, + gnupg_sexp_t &r_s_exp, + uint8_t *associated_data, size_t associated_data_len) { - const format_info * info = NULL; + const format_info *info = NULL; unsigned keysize = 0; uint8_t derived_key[PGP_MAX_KEY_SIZE]; - uint8_t * decrypted_data = NULL; + uint8_t *decrypted_data = NULL; size_t decrypted_data_len = 0; size_t output_written = 0; size_t input_consumed = 0; @@ -581,7 +581,7 @@ parse_protected_seckey(pgp_key_pkt_t &seckey, const sexp_list_t *list, const cha } // lookup the protection format - auto & fmt_bt = protected_key->sexp_string_at(1)->get_string(); + auto &fmt_bt = protected_key->sexp_string_at(1)->get_string(); const format_info *format = parse_format((const char *) fmt_bt.data(), fmt_bt.size()); if (!format) { RNP_LOG("Unsupported protected mode: '%.*s'\n", @@ -658,7 +658,7 @@ parse_protected_seckey(pgp_key_pkt_t &seckey, const sexp_list_t *list, const cha } // password was provided, so decrypt - auto & enc_bt = protected_key->sexp_string_at(3)->get_string(); + auto &enc_bt = protected_key->sexp_string_at(3)->get_string(); gnupg_sexp_t decrypted_s_exp; // Build associated data (AD) that is not included in the ciphertext but that should be @@ -751,7 +751,7 @@ static bool g23_parse_seckey(pgp_key_pkt_t &seckey, const uint8_t *data, size_t data_len, - const char * password) + const char *password) { gnupg_extended_private_key_t g23_extended_key; @@ -804,7 +804,7 @@ g23_parse_seckey(pgp_key_pkt_t &seckey, return false; } - auto & alg_bt = alg_s_exp->sexp_string_at(0)->get_string(); + auto &alg_bt = alg_s_exp->sexp_string_at(0)->get_string(); pgp_pubkey_alg_t alg = static_cast( id_str_pair::lookup(g10_alg_aliases, alg_bt.c_str(), PGP_PKA_NOTHING)); if (alg == PGP_PKA_NOTHING) { @@ -842,8 +842,8 @@ g23_parse_seckey(pgp_key_pkt_t &seckey, pgp_key_pkt_t * g10_decrypt_seckey(const pgp_rawpacket_t &raw, - const pgp_key_pkt_t & pubkey, - const char * password) + const pgp_key_pkt_t &pubkey, + const char *password) { if (!password) { return NULL; @@ -895,8 +895,8 @@ copy_secret_fields(pgp_key_pkt_t &dst, const pgp_key_pkt_t &src) } bool -rnp_key_store_g10_from_src(rnp_key_store_t * key_store, - pgp_source_t * src, +rnp_key_store_g10_from_src(rnp_key_store_t *key_store, + pgp_source_t *src, const pgp_key_provider_t *key_provider) { try { @@ -956,7 +956,7 @@ gnupg_sexp_t::write(pgp_dest_t &dst) const noexcept sexp_output_stream_t os(&oss); print_canonical(&os); const std::string &s = oss.str(); - const char * ss = s.c_str(); + const char *ss = s.c_str(); dst_write(&dst, ss, s.size()); res = (dst.werr == RNP_SUCCESS); @@ -1058,8 +1058,8 @@ gnupg_sexp_t::write_padded(size_t padblock) const } void -gnupg_sexp_t::add_protected_seckey(pgp_key_pkt_t & seckey, - const std::string & password, +gnupg_sexp_t::add_protected_seckey(pgp_key_pkt_t &seckey, + const std::string &password, rnp::SecurityContext &ctx) { pgp_key_protection_t &prot = seckey.sec_protection; @@ -1161,9 +1161,9 @@ gnupg_sexp_t::add_protected_seckey(pgp_key_pkt_t & seckey, } bool -g10_write_seckey(pgp_dest_t * dst, - pgp_key_pkt_t * seckey, - const char * password, +g10_write_seckey(pgp_dest_t *dst, + pgp_key_pkt_t *seckey, + const char *password, rnp::SecurityContext &ctx) { bool is_protected = true; diff --git a/src/librekey/key_store_g10.h b/src/librekey/key_store_g10.h index f770628c7..4deaaffd1 100644 --- a/src/librekey/key_store_g10.h +++ b/src/librekey/key_store_g10.h @@ -31,12 +31,12 @@ bool rnp_key_store_g10_from_src(rnp_key_store_t *, pgp_source_t *, const pgp_key_provider_t *); bool rnp_key_store_gnupg_sexp_to_dst(pgp_key_t *, pgp_dest_t *); -bool g10_write_seckey(pgp_dest_t * dst, - pgp_key_pkt_t * seckey, - const char * password, +bool g10_write_seckey(pgp_dest_t *dst, + pgp_key_pkt_t *seckey, + const char *password, rnp::SecurityContext &ctx); pgp_key_pkt_t *g10_decrypt_seckey(const pgp_rawpacket_t &raw, - const pgp_key_pkt_t & pubkey, - const char * password); + const pgp_key_pkt_t &pubkey, + const char *password); #endif // RNP_KEY_STORE_G10_H diff --git a/src/librekey/key_store_kbx.cpp b/src/librekey/key_store_kbx.cpp index 0b7e512e9..4550dc671 100644 --- a/src/librekey/key_store_kbx.cpp +++ b/src/librekey/key_store_kbx.cpp @@ -379,14 +379,14 @@ rnp_key_store_kbx_parse_blob(const uint8_t *image, size_t image_len) } bool -rnp_key_store_kbx_from_src(rnp_key_store_t * key_store, - pgp_source_t * src, +rnp_key_store_kbx_from_src(rnp_key_store_t *key_store, + pgp_source_t *src, const pgp_key_provider_t *key_provider) { try { rnp::MemorySource mem(*src); size_t has_bytes = mem.size(); - uint8_t * buf = (uint8_t *) mem.memory(); + uint8_t *buf = (uint8_t *) mem.memory(); if (has_bytes < BLOB_FIRST_SIZE) { RNP_LOG("Too few bytes for valid KBX"); @@ -464,7 +464,7 @@ static bool pu16(pgp_dest_t *dst, uint16_t f) { uint8_t p[2]; - p[0] = (uint8_t)(f >> 8); + p[0] = (uint8_t) (f >> 8); p[1] = (uint8_t) f; return pbuf(dst, p, 2); } @@ -493,7 +493,7 @@ rnp_key_store_kbx_write_header(rnp_key_store_t *key_store, pgp_dest_t *dst) || !pu16(dst, flags) || !pbuf(dst, "KBXf", 4) || !pu32(dst, 0) // RFU || !pu32(dst, 0) // RFU || !pu32(dst, file_created_at) || !pu32(dst, key_store->secctx.time()) || - !pu32(dst, 0)); // RFU + !pu32(dst, 0)); // RFU } static bool @@ -537,7 +537,8 @@ rnp_key_store_kbx_write_pgp(rnp_key_store_t *key_store, pgp_key_t *key, pgp_dest for (auto &sfp : key->subkey_fps()) { pgp_key_t *subkey = rnp_key_store_get_key_by_fpr(key_store, sfp); if (!subkey || !pbuf(&mem.dst(), subkey->fp().fingerprint, key->fp().length) || - //if (!subkey || !pbuf(&mem.dst(), subkey->fp().fingerprint, PGP_FINGERPRINT_SIZE) || // from upstream during merge 2023-03-20 + // if (!subkey || !pbuf(&mem.dst(), subkey->fp().fingerprint, PGP_FINGERPRINT_SIZE) + // || // from upstream during merge 2023-03-20 !pu32(&mem.dst(), mem.writeb() - 8) || // offset to keyid (part of fpr for V4) !pu16(&mem.dst(), 0) || // flags, not used by GnuPG !pu16(&mem.dst(), 0)) { // RFU @@ -612,7 +613,7 @@ rnp_key_store_kbx_write_pgp(rnp_key_store_t *key_store, pgp_key_t *key, pgp_dest // wrtite UID, we might redesign PGP write and use this information from keyblob for (size_t i = 0; i < key->uid_count(); i++) { const pgp_userid_t &uid = key->get_uid(i); - uint8_t * p = (uint8_t *) mem.memory() + uid_start + (12 * i); + uint8_t *p = (uint8_t *) mem.memory() + uid_start + (12 * i); /* store absolute uid offset in the output stream */ uint32_t pt = mem.writeb() + dst->writeb; STORE32BE(p, pt); diff --git a/src/librekey/key_store_pgp.cpp b/src/librekey/key_store_pgp.cpp index 6edc099b2..b2b0eb45f 100644 --- a/src/librekey/key_store_pgp.cpp +++ b/src/librekey/key_store_pgp.cpp @@ -68,9 +68,9 @@ __RCSID("$NetBSD: keyring.c,v 1.50 2011/06/25 00:37:44 agc Exp $"); #include "pgp-key.h" bool -rnp_key_store_add_transferable_subkey(rnp_key_store_t * keyring, +rnp_key_store_add_transferable_subkey(rnp_key_store_t *keyring, pgp_transferable_subkey_t *tskey, - pgp_key_t * pkey) + pgp_key_t *pkey) { try { /* create subkey */ @@ -130,7 +130,7 @@ rnp_key_store_add_transferable_key(rnp_key_store_t *keyring, pgp_transferable_ke rnp_result_t rnp_key_store_pgp_read_key_from_src(rnp_key_store_t &keyring, - pgp_source_t & src, + pgp_source_t &src, bool skiperrors) { pgp_transferable_key_t key; diff --git a/src/librekey/key_store_pgp.h b/src/librekey/key_store_pgp.h index d3dcd0625..46922cd72 100644 --- a/src/librekey/key_store_pgp.h +++ b/src/librekey/key_store_pgp.h @@ -61,21 +61,21 @@ /* Read the whole keyring from the src, processing all available keys or subkeys */ rnp_result_t rnp_key_store_pgp_read_from_src(rnp_key_store_t *keyring, - pgp_source_t * src, + pgp_source_t *src, bool skiperrors = false); /* Read the first key or subkey from the src */ rnp_result_t rnp_key_store_pgp_read_key_from_src(rnp_key_store_t &keyring, - pgp_source_t & src, + pgp_source_t &src, bool skiperrors = false); bool rnp_key_store_pgp_write_to_dst(rnp_key_store_t *key_store, pgp_dest_t *dst); -bool rnp_key_store_add_transferable_subkey(rnp_key_store_t * keyring, +bool rnp_key_store_add_transferable_subkey(rnp_key_store_t *keyring, pgp_transferable_subkey_t *tskey, - pgp_key_t * pkey); + pgp_key_t *pkey); -bool rnp_key_store_add_transferable_key(rnp_key_store_t * keyring, +bool rnp_key_store_add_transferable_key(rnp_key_store_t *keyring, pgp_transferable_key_t *tkey); std::vector rnp_key_to_vec(const pgp_key_t &key); diff --git a/src/librekey/rnp_key_store.cpp b/src/librekey/rnp_key_store.cpp index 35081bf95..0d7015b40 100644 --- a/src/librekey/rnp_key_store.cpp +++ b/src/librekey/rnp_key_store.cpp @@ -65,7 +65,7 @@ #endif bool -rnp_key_store_load_from_path(rnp_key_store_t * key_store, +rnp_key_store_load_from_path(rnp_key_store_t *key_store, const pgp_key_provider_t *key_provider) { pgp_source_t src = {}; @@ -108,8 +108,8 @@ rnp_key_store_load_from_path(rnp_key_store_t * key_store, } bool -rnp_key_store_load_from_src(rnp_key_store_t * key_store, - pgp_source_t * src, +rnp_key_store_load_from_src(rnp_key_store_t *key_store, + pgp_source_t *src, const pgp_key_provider_t *key_provider) { switch (key_store->format) { @@ -381,8 +381,8 @@ rnp_key_store_add_key(rnp_key_store_t *keyring, pgp_key_t *srckey) } pgp_key_t * -rnp_key_store_import_key(rnp_key_store_t * keyring, - pgp_key_t * srckey, +rnp_key_store_import_key(rnp_key_store_t *keyring, + pgp_key_t *srckey, bool pubkey, pgp_key_import_status_t *status) { @@ -436,8 +436,8 @@ rnp_key_store_get_signer_key(rnp_key_store_t *store, const pgp_signature_t *sig) } static pgp_sig_import_status_t -rnp_key_store_import_subkey_signature(rnp_key_store_t * keyring, - pgp_key_t * key, +rnp_key_store_import_subkey_signature(rnp_key_store_t *keyring, + pgp_key_t *key, const pgp_signature_t *sig) { if ((sig->type() != PGP_SIG_SUBKEY) && (sig->type() != PGP_SIG_REV_SUBKEY)) { @@ -476,8 +476,8 @@ rnp_key_store_import_subkey_signature(rnp_key_store_t * keyring, } pgp_sig_import_status_t -rnp_key_store_import_key_signature(rnp_key_store_t * keyring, - pgp_key_t * key, +rnp_key_store_import_key_signature(rnp_key_store_t *keyring, + pgp_key_t *key, const pgp_signature_t *sig) { if (key->is_subkey()) { @@ -511,8 +511,8 @@ rnp_key_store_import_key_signature(rnp_key_store_t * keyring, } pgp_key_t * -rnp_key_store_import_signature(rnp_key_store_t * keyring, - const pgp_signature_t * sig, +rnp_key_store_import_signature(rnp_key_store_t *keyring, + const pgp_signature_t *sig, pgp_sig_import_status_t *status) { pgp_sig_import_status_t tmp_status = PGP_SIG_IMPORT_STATUS_UNKNOWN; @@ -748,19 +748,27 @@ rnp_key_store_get_key_grip(const pgp_key_material_t *key, pgp_key_grip_t &grip) break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: hash->add(key->kyber_ecdh.pub.get_encoded()); break; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: hash->add(key->dilithium_exdsa.pub.get_encoded()); break; @@ -777,9 +785,9 @@ rnp_key_store_get_key_grip(const pgp_key_material_t *key, pgp_key_grip_t &grip) } pgp_key_t * -rnp_key_store_search(rnp_key_store_t * keyring, +rnp_key_store_search(rnp_key_store_t *keyring, const pgp_key_search_t *search, - pgp_key_t * after) + pgp_key_t *after) { // since keys are distinguished by fingerprint then just do map lookup if (search->type == PGP_KEY_SEARCH_FINGERPRINT) { @@ -811,8 +819,8 @@ rnp_key_store_search(rnp_key_store_t * keyring, } rnp_key_store_t::rnp_key_store_t(pgp_key_store_format_t _format, - const std::string & _path, - rnp::SecurityContext & ctx) + const std::string &_path, + rnp::SecurityContext &ctx) : secctx(ctx) { if (_format == PGP_KEY_STORE_UNKNOWN) { diff --git a/src/librepgp/stream-armor.cpp b/src/librepgp/stream-armor.cpp index 669c3057c..2d6b4ffe1 100644 --- a/src/librepgp/stream-armor.cpp +++ b/src/librepgp/stream-armor.cpp @@ -47,13 +47,13 @@ #define ARMORED_MAX_LINE_LENGTH (76) typedef struct pgp_source_armored_param_t { - pgp_source_t * readsrc; /* source to read from */ + pgp_source_t *readsrc; /* source to read from */ pgp_armored_msg_t type; /* type of the message */ - char * armorhdr; /* armor header */ - char * version; /* Version: header if any */ - char * comment; /* Comment: header if any */ - char * hash; /* Hash: header if any */ - char * charset; /* Charset: header if any */ + char *armorhdr; /* armor header */ + char *version; /* Version: header if any */ + char *comment; /* Comment: header if any */ + char *hash; /* Hash: header if any */ + char *charset; /* Charset: header if any */ uint8_t rest[ARMORED_BLOCK_SIZE]; /* unread decoded bytes, makes implementation easier */ unsigned restlen; /* number of bytes in rest */ unsigned restpos; /* index of first unread byte in rest, restpos <= restlen */ @@ -67,7 +67,7 @@ typedef struct pgp_source_armored_param_t { } pgp_source_armored_param_t; typedef struct pgp_dest_armored_param_t { - pgp_dest_t * writedst; + pgp_dest_t *writedst; pgp_armored_msg_t type; /* type of the message */ char eol[2]; /* end of line, all non-zeroes are written */ unsigned lout; /* chars written in current line */ @@ -260,7 +260,7 @@ armor_read_trailer(pgp_source_t *src) static bool armored_update_crc(pgp_source_armored_param_t *param, - const void * buf, + const void *buf, size_t len, bool finish = false) { @@ -368,7 +368,7 @@ armored_src_read(pgp_source_t *src, void *buf, size_t len, size_t *readres) dptr = decbuf; /* Processing full 4s which will go directly to the buf. After this left < 3 or decbuf has < 4 bytes */ - if ((size_t)(dend - dptr) / 4 * 3 < left) { + if ((size_t) (dend - dptr) / 4 * 3 < left) { pend = decbuf + (dend - dptr) / 4 * 4; left -= (dend - dptr) / 4 * 3; } else { @@ -663,7 +663,7 @@ static bool armor_parse_header(pgp_source_t *src) { char hdr[ARMORED_PEEK_BUF_SIZE]; - const char * armhdr; + const char *armhdr; size_t armhdrlen; size_t read; pgp_source_armored_param_t *param = (pgp_source_armored_param_t *) src->param; diff --git a/src/librepgp/stream-armor.h b/src/librepgp/stream-armor.h index 4c91fd20a..3811c1988 100644 --- a/src/librepgp/stream-armor.h +++ b/src/librepgp/stream-armor.h @@ -54,8 +54,8 @@ rnp_result_t init_armored_src(pgp_source_t *src, * @param msgtype type of the message (see pgp_armored_msg_t) * @return RNP_SUCCESS on success or error code otherwise **/ -rnp_result_t init_armored_dst(pgp_dest_t * dst, - pgp_dest_t * writedst, +rnp_result_t init_armored_dst(pgp_dest_t *dst, + pgp_dest_t *writedst, pgp_armored_msg_t msgtype); /* @brief Dearmor the source, outputting binary data diff --git a/src/librepgp/stream-common.cpp b/src/librepgp/stream-common.cpp index 6a7bae3cb..6de6dc363 100644 --- a/src/librepgp/stream-common.cpp +++ b/src/librepgp/stream-common.cpp @@ -488,7 +488,7 @@ typedef struct pgp_source_mem_param_t { typedef struct pgp_dest_mem_param_t { unsigned maxalloc; unsigned allocated; - void * memory; + void *memory; bool free; bool discard_overflow; bool secure; @@ -1168,7 +1168,7 @@ rnp_result_t dst_write_src(pgp_source_t *src, pgp_dest_t *dst, uint64_t limit) { const size_t bufsize = PGP_INPUT_CACHE_SIZE; - uint8_t * readbuf = (uint8_t *) malloc(bufsize); + uint8_t *readbuf = (uint8_t *) malloc(bufsize); if (!readbuf) { return RNP_ERROR_OUT_OF_MEMORY; } @@ -1211,28 +1211,28 @@ dst_write_src(pgp_source_t *src, pgp_dest_t *dst, uint64_t limit) return dst->werr; } - #if defined(ENABLE_CRYPTO_REFRESH) -bool have_pkesk_checksum(pgp_pubkey_alg_t alg) +bool +have_pkesk_checksum(pgp_pubkey_alg_t alg) { - switch(alg) - { - case PGP_PKA_X25519: + switch (alg) { + case PGP_PKA_X25519: #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: - //case PGP_PKA_KYBER1024_X448: - case PGP_PKA_KYBER768_P256: - case PGP_PKA_KYBER1024_P384: - case PGP_PKA_KYBER768_BP256: - case PGP_PKA_KYBER1024_BP384: + case PGP_PKA_KYBER768_X25519: + // case PGP_PKA_KYBER1024_X448: + case PGP_PKA_KYBER768_P256: + case PGP_PKA_KYBER1024_P384: + case PGP_PKA_KYBER768_BP256: + case PGP_PKA_KYBER1024_BP384: #endif - return false; - default: - return true; - } + return false; + default: + return true; + } } -bool do_encrypt_pkesk_v3_alg_id(pgp_pubkey_alg_t alg) +bool +do_encrypt_pkesk_v3_alg_id(pgp_pubkey_alg_t alg) { /* matches the same algorithms */ return have_pkesk_checksum(alg); diff --git a/src/librepgp/stream-common.h b/src/librepgp/stream-common.h index aec5e554f..8a7c0e64f 100644 --- a/src/librepgp/stream-common.h +++ b/src/librepgp/stream-common.h @@ -73,20 +73,20 @@ typedef struct pgp_source_cache_t { } pgp_source_cache_t; typedef struct pgp_source_t { - pgp_source_read_func_t * read; + pgp_source_read_func_t *read; pgp_source_finish_func_t *finish; - pgp_source_close_func_t * close; + pgp_source_close_func_t *close; pgp_stream_type_t type; uint64_t size; /* size of the data if available, see knownsize */ uint64_t readb; /* number of bytes read from the stream via src_read. Do not confuse with number of bytes as returned via the read since data may be cached */ pgp_source_cache_t *cache; /* cache if used */ - void * param; /* source-specific additional data */ + void *param; /* source-specific additional data */ - unsigned eof : 1; /* end of data as reported by read and empty cache */ - unsigned knownsize : 1; /* whether size of the data is known */ - unsigned error : 1; /* there were reading error */ + unsigned eof : 1; /* end of data as reported by read and empty cache */ + unsigned knownsize : 1; /* whether size of the data is known */ + unsigned error : 1; /* there were reading error */ } pgp_source_t; /** @brief helper function to allocate memory for source's cache and param @@ -233,18 +233,18 @@ rnp_result_t file_to_mem_src(pgp_source_t *src, const char *filename); const void *mem_src_get_memory(pgp_source_t *src, bool own = false); typedef struct pgp_dest_t { - pgp_dest_write_func_t * write; + pgp_dest_write_func_t *write; pgp_dest_finish_func_t *finish; - pgp_dest_close_func_t * close; + pgp_dest_close_func_t *close; pgp_stream_type_t type; rnp_result_t werr; /* write function may set this to some error code */ - size_t writeb; /* number of bytes written */ - void * param; /* source-specific additional data */ - bool no_cache; /* disable write caching */ + size_t writeb; /* number of bytes written */ + void *param; /* source-specific additional data */ + bool no_cache; /* disable write caching */ uint8_t cache[PGP_OUTPUT_CACHE_SIZE]; - unsigned clen; /* number of bytes in cache */ - bool finished; /* whether dst_finish was called on dest or not */ + unsigned clen; /* number of bytes in cache */ + bool finished; /* whether dst_finish was called on dest or not */ } pgp_dest_t; /** @brief helper function to allocate memory for dest's param. @@ -556,6 +556,6 @@ class MemoryDest : public Dest { #if defined(ENABLE_CRYPTO_REFRESH) bool have_pkesk_checksum(pgp_pubkey_alg_t alg); bool do_encrypt_pkesk_v3_alg_id(pgp_pubkey_alg_t alg); -#endif +#endif #endif diff --git a/src/librepgp/stream-ctx.cpp b/src/librepgp/stream-ctx.cpp index 5a2d388e1..fdc593ca6 100644 --- a/src/librepgp/stream-ctx.cpp +++ b/src/librepgp/stream-ctx.cpp @@ -68,12 +68,12 @@ rnp_ctx_t::add_encryption_password(const std::string &password, return RNP_SUCCESS; } - #if defined(ENABLE_CRYPTO_REFRESH) bool -rnp_ctx_t::pkeskv6_capable() { - for(pgp_key_t *key : recipients) { - if(key->version() < PGP_V6) { +rnp_ctx_t::pkeskv6_capable() +{ + for (pgp_key_t *key : recipients) { + if (key->version() < PGP_V6) { return false; } } diff --git a/src/librepgp/stream-ctx.h b/src/librepgp/stream-ctx.h index 539f11dce..acb4ab791 100644 --- a/src/librepgp/stream-ctx.h +++ b/src/librepgp/stream-ctx.h @@ -39,7 +39,7 @@ /* signature info structure */ typedef struct rnp_signer_info_t { - pgp_key_t * key{}; + pgp_key_t *key{}; pgp_hash_alg_t halg{}; int64_t sigcreate{}; uint64_t sigexpire{}; @@ -70,10 +70,12 @@ typedef struct rnp_symmetric_pass_info_t { * - halg : hash algorithm used during key derivation for password-based encryption * - ealg, aalg, abits : symmetric encryption algorithm and AEAD parameters if used * - recipients : list of key ids used to encrypt data to - * - enable_pkesk_v6 : if true and each recipient in the list of recipients has the capability, allows PKESKv5/SEIPDv2 + * - enable_pkesk_v6 : if true and each recipient in the list of recipients has the + * capability, allows PKESKv5/SEIPDv2 * - passwords : list of passwords used for password-based encryption * - filename, filemtime, zalg, zlevel : see previous - * - pkeskv6_capable() : returns true if all keys support PKESKv6+SEIPDv2, false otherwise (will use PKESKv3 + SEIPDv1) + * - pkeskv6_capable() : returns true if all keys support PKESKv6+SEIPDv2, false otherwise + * (will use PKESKv3 + SEIPDv1) * * For signing of any kind (attached, detached, cleartext): * - clearsign, detached : controls kind of the signed data. Both are mutually-exclusive. @@ -105,12 +107,12 @@ typedef struct rnp_ctx_t { bool armor{}; /* whether to use ASCII armor on output */ bool no_wrap{}; /* do not wrap source in literal data packet */ #if defined(ENABLE_CRYPTO_REFRESH) - bool enable_pkesk_v6{}; /* allows pkesk v6 if list of recipients is suitable */ + bool enable_pkesk_v6{}; /* allows pkesk v6 if list of recipients is suitable */ #endif std::list recipients{}; /* recipients of the encrypted message */ std::list passwords{}; /* passwords to encrypt message */ std::list signers{}; /* keys to which sign message */ - rnp::SecurityContext * ctx{}; /* pointer to rnp::RNG */ + rnp::SecurityContext *ctx{}; /* pointer to rnp::RNG */ rnp_ctx_t() = default; rnp_ctx_t(const rnp_ctx_t &) = delete; diff --git a/src/librepgp/stream-dump.cpp b/src/librepgp/stream-dump.cpp index d1ce9de25..76505f2d7 100644 --- a/src/librepgp/stream-dump.cpp +++ b/src/librepgp/stream-dump.cpp @@ -229,7 +229,7 @@ static rnp_result_t indent_dst_write(pgp_dest_t *dst, const void *buf, size_t len) { pgp_dest_indent_param_t *param = (pgp_dest_indent_param_t *) dst->param; - const char * line = (const char *) buf; + const char *line = (const char *) buf; char indent[4] = {' ', ' ', ' ', ' '}; if (!len) { @@ -342,7 +342,7 @@ dst_print_mpi(pgp_dest_t *dst, const char *name, pgp_mpi_t *mpi, bool dumpbin) static void dst_print_vec(pgp_dest_t *dst, const char *name, std::vector encoded, bool dumpbin) { - std::vector hex(2*encoded.size()); + std::vector hex(2 * encoded.size()); if (!dumpbin) { dst_printf(dst, "%s\n", name); } else { @@ -475,7 +475,6 @@ dst_print_fp(pgp_dest_t *dst, const char *name, const pgp_fingerprint_t &fp) dst_print_hex(dst, name, fp.fingerprint, fp.length, true); } - static void dst_print_s2k(pgp_dest_t *dst, pgp_s2k_t *s2k) { @@ -567,11 +566,11 @@ dst_hexdump(pgp_dest_t *dst, const uint8_t *src, size_t length) } static rnp_result_t stream_dump_packets_raw(rnp_dump_ctx_t *ctx, - pgp_source_t * src, - pgp_dest_t * dst); -static void stream_dump_signature_pkt(rnp_dump_ctx_t * ctx, + pgp_source_t *src, + pgp_dest_t *dst); +static void stream_dump_signature_pkt(rnp_dump_ctx_t *ctx, pgp_signature_t *sig, - pgp_dest_t * dst); + pgp_dest_t *dst); static void signature_dump_subpacket(rnp_dump_ctx_t *ctx, pgp_dest_t *dst, const pgp_sig_subpkt_t &subpkt) @@ -697,7 +696,8 @@ signature_dump_subpacket(rnp_dump_ctx_t *ctx, pgp_dest_t *dst, const pgp_sig_sub dst_printf(dst, "%s", subpkt.fields.features & PGP_KEY_FEATURE_MDC ? "mdc " : ""); dst_printf(dst, "%s", subpkt.fields.features & PGP_KEY_FEATURE_AEAD ? "aead " : ""); dst_printf(dst, "%s", subpkt.fields.features & PGP_KEY_FEATURE_V5 ? "v5 keys " : ""); - dst_printf(dst, "%s", subpkt.fields.features & PGP_KEY_FEATURE_SEIPDV2 ? "SEIPD v2 " : ""); + dst_printf( + dst, "%s", subpkt.fields.features & PGP_KEY_FEATURE_SEIPDV2 ? "SEIPD v2 " : ""); dst_printf(dst, ")\n"); break; case PGP_SIG_SUBPKT_EMBEDDED_SIGNATURE: @@ -725,8 +725,8 @@ signature_dump_subpacket(rnp_dump_ctx_t *ctx, pgp_dest_t *dst, const pgp_sig_sub } static void -signature_dump_subpackets(rnp_dump_ctx_t * ctx, - pgp_dest_t * dst, +signature_dump_subpackets(rnp_dump_ctx_t *ctx, + pgp_dest_t *dst, pgp_signature_t *sig, bool hashed) { @@ -818,13 +818,18 @@ stream_dump_signature_pkt(rnp_dump_ctx_t *ctx, pgp_signature_t *sig, pgp_dest_t break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: - dst_print_vec(dst, "dilithium-ecdsa/eddsa sig", material.dilithium_exdsa.sig, ctx->dump_mpi); + dst_print_vec( + dst, "dilithium-ecdsa/eddsa sig", material.dilithium_exdsa.sig, ctx->dump_mpi); break; #endif default: @@ -930,21 +935,35 @@ stream_dump_key(rnp_dump_ctx_t *ctx, pgp_source_t *src, pgp_dest_t *dst) break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: - dst_print_vec(dst, "kyber-ecdh encoded pubkey", key.material.kyber_ecdh.pub.get_encoded(), ctx->dump_mpi); - break; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + dst_print_vec(dst, + "kyber-ecdh encoded pubkey", + key.material.kyber_ecdh.pub.get_encoded(), + ctx->dump_mpi); + break; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: - dst_print_vec(dst, "dilithium-ecdsa/eddsa encodced pubkey", key.material.dilithium_exdsa.pub.get_encoded(), ctx->dump_mpi); + dst_print_vec(dst, + "dilithium-ecdsa/eddsa encodced pubkey", + key.material.dilithium_exdsa.pub.get_encoded(), + ctx->dump_mpi); break; #endif default: @@ -1011,7 +1030,7 @@ stream_dump_userid(pgp_source_t *src, pgp_dest_t *dst) { pgp_userid_pkt_t uid; rnp_result_t ret; - const char * utype; + const char *utype; try { ret = uid.parse(*src); @@ -1076,10 +1095,9 @@ stream_dump_pk_session_key(rnp_dump_ctx_t *ctx, pgp_source_t *src, pgp_dest_t *d dst_printf(dst, "version: %d\n", (int) pkey.version); #if defined(ENABLE_CRYPTO_REFRESH) - if(pkey.version == PGP_PKSK_V6) { + if (pkey.version == PGP_PKSK_V6) { dst_print_fp(dst, NULL, pkey.fp); - } - else { + } else { dst_print_keyid(dst, NULL, pkey.key_id); } #else @@ -1113,19 +1131,31 @@ stream_dump_pk_session_key(rnp_dump_ctx_t *ctx, pgp_source_t *src, pgp_dest_t *d break; #if defined(ENABLE_CRYPTO_REFRESH) case PGP_PKA_X25519: - dst_print_vec(dst, "x25519 ephemeral public key", material.x25519.eph_key, ctx->dump_mpi); - dst_print_vec(dst, "x25519 encrypted session key", material.x25519.enc_sess_key, ctx->dump_mpi); + dst_print_vec( + dst, "x25519 ephemeral public key", material.x25519.eph_key, ctx->dump_mpi); + dst_print_vec( + dst, "x25519 encrypted session key", material.x25519.enc_sess_key, ctx->dump_mpi); break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: - dst_print_vec(dst, "kyber-ecdh composite ciphertext", material.kyber_ecdh.composite_ciphertext, ctx->dump_mpi); - dst_print_vec(dst, "kyber-ecdh wrapped session key", material.kyber_ecdh.wrapped_sesskey, ctx->dump_mpi); + dst_print_vec(dst, + "kyber-ecdh composite ciphertext", + material.kyber_ecdh.composite_ciphertext, + ctx->dump_mpi); + dst_print_vec(dst, + "kyber-ecdh wrapped session key", + material.kyber_ecdh.wrapped_sesskey, + ctx->dump_mpi); break; #endif default: @@ -1487,7 +1517,7 @@ stream_skip_cleartext(pgp_source_t *src) char buf[4096]; size_t read = 0; size_t siglen = strlen(ST_SIG_BEGIN); - char * hdrpos; + char *hdrpos; while (!src_eof(src)) { if (!src_peek(src, buf, sizeof(buf) - 1, &read) || (read <= siglen)) { @@ -1668,14 +1698,14 @@ obj_add_s2k_json(json_object *obj, pgp_s2k_t *s2k) return true; } -static rnp_result_t stream_dump_signature_pkt_json(rnp_dump_ctx_t * ctx, +static rnp_result_t stream_dump_signature_pkt_json(rnp_dump_ctx_t *ctx, const pgp_signature_t *sig, - json_object * pkt); + json_object *pkt); static bool -signature_dump_subpacket_json(rnp_dump_ctx_t * ctx, +signature_dump_subpacket_json(rnp_dump_ctx_t *ctx, const pgp_sig_subpkt_t &subpkt, - json_object * obj) + json_object *obj) { switch (subpkt.type) { case PGP_SIG_SUBPKT_CREATION_TIME: @@ -1900,11 +1930,11 @@ signature_dump_subpackets_json(rnp_dump_ctx_t *ctx, const pgp_signature_t *sig) } static rnp_result_t -stream_dump_signature_pkt_json(rnp_dump_ctx_t * ctx, +stream_dump_signature_pkt_json(rnp_dump_ctx_t *ctx, const pgp_signature_t *sig, - json_object * pkt) + json_object *pkt) { - json_object * material = NULL; + json_object *material = NULL; pgp_signature_material_t sigmaterial = {}; rnp_result_t ret = RNP_ERROR_OUT_OF_MEMORY; @@ -1992,11 +2022,15 @@ stream_dump_signature_pkt_json(rnp_dump_ctx_t * ctx, break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: /* TODO */ break; @@ -2033,7 +2067,7 @@ stream_dump_key_json(rnp_dump_ctx_t *ctx, pgp_source_t *src, json_object *pkt) rnp_result_t ret; pgp_key_id_t keyid = {}; pgp_fingerprint_t keyfp = {}; - json_object * material = NULL; + json_object *material = NULL; try { ret = key.parse(*src); @@ -2132,19 +2166,27 @@ stream_dump_key_json(rnp_dump_ctx_t *ctx, pgp_source_t *src, json_object *pkt) break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: // TODO break; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: /* TODO */ break; @@ -2289,11 +2331,15 @@ stream_dump_pk_session_key_json(rnp_dump_ctx_t *ctx, pgp_source_t *src, json_obj break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: // TODO break; @@ -2414,8 +2460,8 @@ stream_dump_marker_json(pgp_source_t &src, json_object *pkt) } static rnp_result_t stream_dump_raw_packets_json(rnp_dump_ctx_t *ctx, - pgp_source_t * src, - json_object ** jso); + pgp_source_t *src, + json_object **jso); static rnp_result_t stream_dump_compressed_json(rnp_dump_ctx_t *ctx, pgp_source_t *src, json_object *pkt) diff --git a/src/librepgp/stream-dump.h b/src/librepgp/stream-dump.h index 6c2fcf1d4..b0230857f 100644 --- a/src/librepgp/stream-dump.h +++ b/src/librepgp/stream-dump.h @@ -47,7 +47,7 @@ typedef struct rnp_dump_ctx_t { rnp_result_t stream_dump_packets(rnp_dump_ctx_t *ctx, pgp_source_t *src, pgp_dest_t *dst); rnp_result_t stream_dump_packets_json(rnp_dump_ctx_t *ctx, - pgp_source_t * src, - json_object ** jso); + pgp_source_t *src, + json_object **jso); #endif diff --git a/src/librepgp/stream-key.cpp b/src/librepgp/stream-key.cpp index 6da190ff4..c3bf03cb9 100644 --- a/src/librepgp/stream-key.cpp +++ b/src/librepgp/stream-key.cpp @@ -311,7 +311,7 @@ process_pgp_subkey(pgp_source_t &src, pgp_transferable_subkey_t &subkey, bool sk } rnp_result_t -process_pgp_key_auto(pgp_source_t & src, +process_pgp_key_auto(pgp_source_t &src, pgp_transferable_key_t &key, bool allowsub, bool skiperrors) @@ -542,7 +542,7 @@ parse_secret_key_mpis(pgp_key_pkt_t &key, const uint8_t *mpis, size_t len) switch (key.sec_protection.s2k.usage) { case PGP_S2KU_NONE: #if defined(ENABLE_CRYPTO_REFRESH) - if(key.version == PGP_V6) { + if (key.version == PGP_V6) { break; /* checksum removed for v6 and usage byte zero */ } [[fallthrough]]; @@ -597,7 +597,7 @@ parse_secret_key_mpis(pgp_key_pkt_t &key, const uint8_t *mpis, size_t len) try { /* parse mpis depending on algorithm */ pgp_packet_body_t body(mpis, len); - + std::vector tmpbuf; switch (key.alg) { @@ -655,31 +655,41 @@ parse_secret_key_mpis(pgp_key_pkt_t &key, const uint8_t *mpis, size_t len) } #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: tmpbuf.resize(pgp_kyber_ecdh_composite_private_key_t::encoded_size(key.alg)); if (!body.get(tmpbuf.data(), tmpbuf.size())) { RNP_LOG("failed to parse kyber-ecdh secret key data"); return RNP_ERROR_BAD_FORMAT; } - key.material.kyber_ecdh.priv = pgp_kyber_ecdh_composite_private_key_t(tmpbuf.data(), tmpbuf.size(), key.alg); + key.material.kyber_ecdh.priv = + pgp_kyber_ecdh_composite_private_key_t(tmpbuf.data(), tmpbuf.size(), key.alg); break; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: tmpbuf.resize(pgp_dilithium_exdsa_composite_private_key_t::encoded_size(key.alg)); if (!body.get(tmpbuf.data(), tmpbuf.size())) { RNP_LOG("failed to parse dilithium-ecdsa/eddsa secret key data"); return RNP_ERROR_BAD_FORMAT; } - key.material.dilithium_exdsa.priv = pgp_dilithium_exdsa_composite_private_key_t(tmpbuf.data(), tmpbuf.size(), key.alg); + key.material.dilithium_exdsa.priv = pgp_dilithium_exdsa_composite_private_key_t( + tmpbuf.data(), tmpbuf.size(), key.alg); break; #endif default: @@ -814,30 +824,38 @@ write_secret_key_mpis(pgp_packet_body_t &body, pgp_key_pkt_t &key) break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: body.add(key.material.kyber_ecdh.priv.get_encoded()); break; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: body.add(key.material.dilithium_exdsa.priv.get_encoded()); break; #endif -default: + default: RNP_LOG("unknown pk alg : %d", (int) key.alg); throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } #if defined(ENABLE_CRYPTO_REFRESH) - if(key.version == PGP_V6 && key.sec_protection.s2k.usage == PGP_S2KU_NONE) { + if (key.version == PGP_V6 && key.sec_protection.s2k.usage == PGP_S2KU_NONE) { return; /* checksum removed for v6 and usage byte zero */ } #endif @@ -985,19 +1003,27 @@ forget_secret_key_fields(pgp_key_material_t *key) break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: key->kyber_ecdh.priv.secure_clear(); break; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: key->dilithium_exdsa.priv.secure_clear(); break; @@ -1342,14 +1368,14 @@ pgp_key_pkt_t::parse(pgp_source_t &src) tag = (pgp_pkt_type_t) atag; /* version */ uint8_t ver = 0; - if (!pkt.get(ver) || (ver < PGP_V2) || ((ver > PGP_V4) && + if (!pkt.get(ver) || (ver < PGP_V2) || + ((ver > PGP_V4) && #if defined(ENABLE_CRYPTO_REFRESH) - (ver != PGP_V6) + (ver != PGP_V6) #else - true + true #endif - ) - ) { + )) { RNP_LOG("wrong key packet version"); return RNP_ERROR_BAD_FORMAT; } @@ -1453,11 +1479,15 @@ pgp_key_pkt_t::parse(pgp_source_t &src) } #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: tmpbuf.resize(pgp_kyber_ecdh_composite_public_key_t::encoded_size(alg)); if (!pkt.get(tmpbuf.data(), tmpbuf.size())) { @@ -1466,11 +1496,15 @@ pgp_key_pkt_t::parse(pgp_source_t &src) } material.kyber_ecdh.pub = pgp_kyber_ecdh_composite_public_key_t(tmpbuf, alg); break; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: tmpbuf.resize(pgp_dilithium_exdsa_composite_public_key_t::encoded_size(alg)); if (!pkt.get(tmpbuf.data(), tmpbuf.size())) { @@ -1500,8 +1534,9 @@ pgp_key_pkt_t::parse(pgp_source_t &src) return RNP_ERROR_BAD_FORMAT; } #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V6 && usage == 255) { - RNP_LOG("Error when parsing S2K usage: A version 6 packet MUST NOT use the value 255."); + if (version == PGP_V6 && usage == 255) { + RNP_LOG( + "Error when parsing S2K usage: A version 6 packet MUST NOT use the value 255."); return RNP_ERROR_BAD_FORMAT; } #endif @@ -1509,7 +1544,7 @@ pgp_key_pkt_t::parse(pgp_source_t &src) sec_protection.cipher_mode = PGP_CIPHER_MODE_CFB; #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V6 && sec_protection.s2k.usage != PGP_S2KU_NONE) { + if (version == PGP_V6 && sec_protection.s2k.usage != PGP_S2KU_NONE) { // V6 packages contain the count of the optional 1-byte parameters uint8_t s2k_params_count; if (!pkt.get(s2k_params_count)) { @@ -1582,7 +1617,8 @@ pgp_key_pkt_t::parse(pgp_source_t &src) return RNP_SUCCESS; } -void pgp_key_pkt_t::make_alg_spec_fields_for_public_key(pgp_packet_body_t & hbody) +void +pgp_key_pkt_t::make_alg_spec_fields_for_public_key(pgp_packet_body_t &hbody) { switch (alg) { case PGP_PKA_RSA: @@ -1626,19 +1662,27 @@ void pgp_key_pkt_t::make_alg_spec_fields_for_public_key(pgp_packet_body_t & hbod break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: hbody.add(material.kyber_ecdh.pub.get_encoded()); break; - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: hbody.add(material.dilithium_exdsa.pub.get_encoded()); break; @@ -1655,9 +1699,9 @@ pgp_key_pkt_t::fill_hashed_data() /* we don't have a need to write v2-v3 signatures */ if (version != PGP_V4 && #if defined(ENABLE_CRYPTO_REFRESH) - (version != PGP_V6) + (version != PGP_V6) #else - true + true #endif ) { RNP_LOG("unknown key version %d", (int) version); @@ -1673,7 +1717,7 @@ pgp_key_pkt_t::fill_hashed_data() pgp_packet_body_t alg_spec_fields(PGP_PKT_RESERVED); make_alg_spec_fields_for_public_key(alg_spec_fields); #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V6) { + if (version == PGP_V6) { hbody.add_uint32(alg_spec_fields.size()); } #endif diff --git a/src/librepgp/stream-key.h b/src/librepgp/stream-key.h index d34639bd3..28bbfbc2e 100644 --- a/src/librepgp/stream-key.h +++ b/src/librepgp/stream-key.h @@ -41,16 +41,16 @@ typedef struct pgp_key_pkt_t { pgp_version_t version; /* Key packet version */ uint32_t creation_time; /* Key creation time */ pgp_pubkey_alg_t alg; - uint16_t v3_days; /* v2/v3 validity time */ + uint16_t v3_days; /* v2/v3 validity time */ - uint8_t *hashed_data; /* key's hashed data used for signature calculation */ + uint8_t *hashed_data; /* key's hashed data used for signature calculation */ size_t hashed_len; pgp_key_material_t material; /* secret key data, if available. sec_len == 0, sec_data == NULL for public key/subkey */ pgp_key_protection_t sec_protection; - uint8_t * sec_data; + uint8_t *sec_data; size_t sec_len; pgp_key_pkt_t() @@ -110,13 +110,13 @@ typedef struct pgp_key_sequence_t { rnp_result_t transferable_key_from_key(pgp_transferable_key_t &dst, const pgp_key_t &key); -rnp_result_t transferable_key_merge(pgp_transferable_key_t & dst, +rnp_result_t transferable_key_merge(pgp_transferable_key_t &dst, const pgp_transferable_key_t &src); rnp_result_t transferable_subkey_from_key(pgp_transferable_subkey_t &dst, - const pgp_key_t & key); + const pgp_key_t &key); -rnp_result_t transferable_subkey_merge(pgp_transferable_subkey_t & dst, +rnp_result_t transferable_subkey_merge(pgp_transferable_subkey_t &dst, const pgp_transferable_subkey_t &src); /* Process single primary key or subkey, skipping all key-related packets on error. @@ -125,7 +125,7 @@ rnp_result_t transferable_subkey_merge(pgp_transferable_subkey_t & dst, If returns RNP_ERROR_BAD_FORMAT then some packets failed parsing, but still key may contain successfully read key or subkey. */ -rnp_result_t process_pgp_key_auto(pgp_source_t & src, +rnp_result_t process_pgp_key_auto(pgp_source_t &src, pgp_transferable_key_t &key, bool allowsub, bool skiperrors); @@ -134,7 +134,7 @@ rnp_result_t process_pgp_keys(pgp_source_t &src, pgp_key_sequence_t &keys, bool rnp_result_t process_pgp_key(pgp_source_t &src, pgp_transferable_key_t &key, bool skiperrors); -rnp_result_t process_pgp_subkey(pgp_source_t & src, +rnp_result_t process_pgp_subkey(pgp_source_t &src, pgp_transferable_subkey_t &subkey, bool skiperrors); diff --git a/src/librepgp/stream-packet.cpp b/src/librepgp/stream-packet.cpp index 5f1f700b3..a155e0823 100644 --- a/src/librepgp/stream-packet.cpp +++ b/src/librepgp/stream-packet.cpp @@ -171,7 +171,7 @@ get_pkt_len(uint8_t *hdr, size_t *pktlen) } // 2-byte length if (hdr[1] < 224) { - *pktlen = ((size_t)(hdr[1] - 192) << 8) + (size_t) hdr[2] + 192; + *pktlen = ((size_t) (hdr[1] - 192) << 8) + (size_t) hdr[2] + 192; return true; } // partial length - we do not allow it here @@ -248,7 +248,7 @@ stream_read_partial_chunk_len(pgp_source_t *src, size_t *clen, bool *last) RNP_LOG("wrong 2-byte length"); return false; } - *clen = ((size_t)(hdr[0] - 192) << 8) + (size_t) hdr[1] + 192; + *clen = ((size_t) (hdr[0] - 192) << 8) + (size_t) hdr[1] + 192; return true; } // 4-byte length @@ -708,7 +708,6 @@ pgp_packet_body_t::add(const std::vector &data) add(data.data(), data.size()); } - void pgp_packet_body_t::add_byte(uint8_t bt) { @@ -756,7 +755,7 @@ pgp_packet_body_t::add(const pgp_mpi_t &val) hibyte = hibyte >> 1; } - uint8_t hdr[2] = {(uint8_t)(bits >> 8), (uint8_t)(bits & 0xff)}; + uint8_t hdr[2] = {(uint8_t) (bits >> 8), (uint8_t) (bits & 0xff)}; add(hdr, 2); add(val.mpi + idx, val.len - idx); } @@ -781,10 +780,9 @@ pgp_packet_body_t::add_subpackets(const pgp_signature_t &sig, bool hashed) if (spbody.data_.size() > 0xffff) { throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } - if(sig.version == PGP_V4) { + if (sig.version == PGP_V4) { add_uint16(spbody.data_.size()); - } - else { /* PGP_V6 */ + } else { /* PGP_V6 */ #if defined(ENABLE_CRYPTO_REFRESH) add_uint32(spbody.data_.size()); #else @@ -911,7 +909,7 @@ pgp_packet_body_t::write(pgp_dest_t &dst, bool hdr) noexcept { if (hdr) { uint8_t hdrbt[6] = { - (uint8_t)(tag_ | PGP_PTAG_ALWAYS_SET | PGP_PTAG_NEW_FORMAT), 0, 0, 0, 0, 0}; + (uint8_t) (tag_ | PGP_PTAG_ALWAYS_SET | PGP_PTAG_NEW_FORMAT), 0, 0, 0, 0, 0}; size_t hlen = 1 + write_packet_len(&hdrbt[1], data_.size()); dst_write(&dst, hdrbt, hlen); } @@ -1060,12 +1058,11 @@ pgp_pk_sesskey_t::write(pgp_dest_t &dst) const pgp_packet_body_t pktbody(PGP_PKT_PK_SESSION_KEY); pktbody.add_byte(version); #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_PKSK_V3) { + if (version == PGP_PKSK_V3) { #endif pktbody.add(key_id); #if defined(ENABLE_CRYPTO_REFRESH) - } - else { // PGP_PKSK_V6 + } else { // PGP_PKSK_V6 pktbody.add_byte(1 + fp.length); // A one-octet size of the following two fields. pktbody.add_byte((fp.length == PGP_FINGERPRINT_V6_SIZE) ? PGP_V6 : PGP_V4); pktbody.add(fp.fingerprint, fp.length); @@ -1073,7 +1070,7 @@ pgp_pk_sesskey_t::write(pgp_dest_t &dst) const #endif pktbody.add_byte(alg); #if defined(ENABLE_CRYPTO_REFRESH) - if((version == PGP_PKSK_V3) && !do_encrypt_pkesk_v3_alg_id(alg)) { + if ((version == PGP_PKSK_V3) && !do_encrypt_pkesk_v3_alg_id(alg)) { pktbody.add_byte(salg); /* added as plaintext */ } #endif @@ -1096,9 +1093,9 @@ pgp_pk_sesskey_t::parse(pgp_source_t &src) return RNP_ERROR_BAD_FORMAT; } #if defined(ENABLE_CRYPTO_REFRESH) - if((bt != PGP_PKSK_V3) && (bt != PGP_PKSK_V6)) { + if ((bt != PGP_PKSK_V3) && (bt != PGP_PKSK_V6)) { #else - if((bt != PGP_PKSK_V3)) { + if ((bt != PGP_PKSK_V3)) { #endif RNP_LOG("wrong packet version"); return RNP_ERROR_BAD_FORMAT; @@ -1116,40 +1113,40 @@ pgp_pk_sesskey_t::parse(pgp_source_t &src) } } #if defined(ENABLE_CRYPTO_REFRESH) - else { // PGP_PKSK_V6 + else { // PGP_PKSK_V6 uint8_t fp_and_key_ver_len; // A one-octet size of the following two fields. if (!pkt.get(fp_and_key_ver_len)) { RNP_LOG("Error when reading length of next two fields"); return RNP_ERROR_BAD_FORMAT; } - if((fp_and_key_ver_len != 1 + PGP_FINGERPRINT_V4_SIZE) - && (fp_and_key_ver_len != 1 + PGP_FINGERPRINT_V6_SIZE)) { + if ((fp_and_key_ver_len != 1 + PGP_FINGERPRINT_V4_SIZE) && + (fp_and_key_ver_len != 1 + PGP_FINGERPRINT_V6_SIZE)) { RNP_LOG("Invalid size for key version + length field"); return RNP_ERROR_BAD_FORMAT; } - size_t fp_len; + size_t fp_len; uint8_t fp_key_version; if (!pkt.get(fp_key_version)) { RNP_LOG("Error when reading key version"); return RNP_ERROR_BAD_FORMAT; } - switch(fp_key_version) { - case 0: // anonymous - fp_len = 0; - break; - case PGP_V4: - fp_len = PGP_FINGERPRINT_V4_SIZE; - break; - case PGP_V6: - fp_len = PGP_FINGERPRINT_V6_SIZE; - break; - default: - RNP_LOG("wrong key version used with PKESK v6"); - return RNP_ERROR_BAD_FORMAT; + switch (fp_key_version) { + case 0: // anonymous + fp_len = 0; + break; + case PGP_V4: + fp_len = PGP_FINGERPRINT_V4_SIZE; + break; + case PGP_V6: + fp_len = PGP_FINGERPRINT_V6_SIZE; + break; + default: + RNP_LOG("wrong key version used with PKESK v6"); + return RNP_ERROR_BAD_FORMAT; } fp.length = fp_len; - if(fp.length && (fp.length != fp_and_key_ver_len - 1)) { + if (fp.length && (fp.length != fp_and_key_ver_len - 1)) { RNP_LOG("size mismatch (fingerprint size and fp+key version length field)"); return RNP_ERROR_BAD_FORMAT; } @@ -1168,7 +1165,7 @@ pgp_pk_sesskey_t::parse(pgp_source_t &src) alg = (pgp_pubkey_alg_t) bt; #if defined(ENABLE_CRYPTO_REFRESH) - if((version == PGP_PKSK_V3) && !do_encrypt_pkesk_v3_alg_id(alg)) { + if ((version == PGP_PKSK_V3) && !do_encrypt_pkesk_v3_alg_id(alg)) { if (!pkt.get(bt)) { RNP_LOG("failed to get salg"); return RNP_ERROR_BAD_FORMAT; @@ -1258,7 +1255,7 @@ pgp_pk_sesskey_t::parse_material(pgp_encrypted_material_t &material) const return false; } uint8_t enc_sesskey_len; - if(!pkt.get(enc_sesskey_len)) { + if (!pkt.get(enc_sesskey_len)) { RNP_LOG("failed to parse X25519 PKESK (enc sesskey length)"); return false; } @@ -1271,15 +1268,21 @@ pgp_pk_sesskey_t::parse_material(pgp_encrypted_material_t &material) const } #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: { uint8_t wrapped_key_len = 0; - material.kyber_ecdh.composite_ciphertext.resize(pgp_kyber_ecdh_encrypted_t::composite_ciphertext_size(alg)); - if (!pkt.get(material.kyber_ecdh.composite_ciphertext.data(), material.kyber_ecdh.composite_ciphertext.size())) { + material.kyber_ecdh.composite_ciphertext.resize( + pgp_kyber_ecdh_encrypted_t::composite_ciphertext_size(alg)); + if (!pkt.get(material.kyber_ecdh.composite_ciphertext.data(), + material.kyber_ecdh.composite_ciphertext.size())) { RNP_LOG("failed to get kyber-ecdh ciphertext"); return false; } @@ -1288,7 +1291,8 @@ pgp_pk_sesskey_t::parse_material(pgp_encrypted_material_t &material) const return false; } material.kyber_ecdh.wrapped_sesskey.resize(wrapped_key_len); - if (!pkt.get(material.kyber_ecdh.wrapped_sesskey.data(), material.kyber_ecdh.wrapped_sesskey.size())) { + if (!pkt.get(material.kyber_ecdh.wrapped_sesskey.data(), + material.kyber_ecdh.wrapped_sesskey.size())) { RNP_LOG("failed to get kyber-ecdh session key"); return false; } @@ -1337,11 +1341,15 @@ pgp_pk_sesskey_t::write_material(const pgp_encrypted_material_t &material) break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: pktbody.add(material.kyber_ecdh.composite_ciphertext); pktbody.add_byte(static_cast(material.kyber_ecdh.wrapped_sesskey.size())); diff --git a/src/librepgp/stream-packet.h b/src/librepgp/stream-packet.h index 176311440..3fba6be02 100644 --- a/src/librepgp/stream-packet.h +++ b/src/librepgp/stream-packet.h @@ -162,12 +162,12 @@ typedef struct pgp_pk_sesskey_t { std::vector material_buf{}; /* v3 PKESK */ - pgp_key_id_t key_id{}; - pgp_symm_alg_t salg; + pgp_key_id_t key_id{}; + pgp_symm_alg_t salg; #if defined(ENABLE_CRYPTO_REFRESH) /* v6 PKESK */ - pgp_fingerprint_t fp{}; + pgp_fingerprint_t fp{}; #endif void write(pgp_dest_t &dst) const; @@ -219,7 +219,7 @@ typedef struct pgp_one_pass_sig_t { */ typedef struct pgp_userid_pkt_t { pgp_pkt_type_t tag; - uint8_t * uid; + uint8_t *uid; size_t uid_len; pgp_userid_pkt_t() : tag(PGP_PKT_RESERVED), uid(NULL), uid_len(0){}; @@ -243,7 +243,6 @@ void write_uint16(uint8_t *buf, uint16_t val); void write_uint32(uint8_t *buf, uint32_t val); - /** @brief write new packet length * @param buf pre-allocated buffer, must have 5 bytes * @param len packet length diff --git a/src/librepgp/stream-parse.cpp b/src/librepgp/stream-parse.cpp index 63517be31..38da5b9f0 100644 --- a/src/librepgp/stream-parse.cpp +++ b/src/librepgp/stream-parse.cpp @@ -67,8 +67,8 @@ typedef enum pgp_message_t { typedef struct pgp_processing_ctx_t { pgp_parse_handler_t handler; - pgp_source_t * signed_src; - pgp_source_t * literal_src; + pgp_source_t *signed_src; + pgp_source_t *literal_src; pgp_message_t msg_type; pgp_dest_t output; std::list sources; @@ -78,8 +78,8 @@ typedef struct pgp_processing_ctx_t { /* common fields for encrypted, compressed and literal data */ typedef struct pgp_source_packet_param_t { - pgp_source_t * readsrc; /* source to read from, could be partial*/ - pgp_source_t * origsrc; /* original source passed to init_*_src */ + pgp_source_t *readsrc; /* source to read from, could be partial*/ + pgp_source_t *origsrc; /* original source passed to init_*_src */ pgp_packet_hdr_t hdr; /* packet header info */ } pgp_source_packet_param_t; @@ -101,8 +101,8 @@ typedef struct pgp_source_encrypted_param_t { uint8_t aead_ad[PGP_AEAD_MAX_AD_LEN]; /* additional data */ size_t aead_adlen{}; /* length of the additional data */ pgp_symm_alg_t salg; /* data encryption algorithm */ - pgp_parse_handler_t * handler{}; /* parsing handler with callbacks */ - pgp_seipdv2_hdr_t seipdv2_hdr; /* SEIPDv2 encryption parameters */ + pgp_parse_handler_t *handler{}; /* parsing handler with callbacks */ + pgp_seipdv2_hdr_t seipdv2_hdr; /* SEIPDv2 encryption parameters */ pgp_source_encrypted_param_t() : auth_type(rnp::AuthType::None), salg(PGP_SA_UNKNOWN) { @@ -111,15 +111,16 @@ typedef struct pgp_source_encrypted_param_t { bool use_cfb() { - return (auth_type != rnp::AuthType::AEADv1 -#ifdef ENABLE_CRYPTO_REFRESH + return (auth_type != rnp::AuthType::AEADv1 +#ifdef ENABLE_CRYPTO_REFRESH && auth_type != rnp::AuthType::AEADv2 #endif - ); + ); } -#ifdef ENABLE_CRYPTO_REFRESH - bool is_v2_seipd() const +#ifdef ENABLE_CRYPTO_REFRESH + bool + is_v2_seipd() const { return auth_type == rnp::AuthType::AEADv2; } @@ -129,7 +130,7 @@ typedef struct pgp_source_encrypted_param_t { typedef struct pgp_source_signed_param_t { pgp_parse_handler_t *handler; /* parsing handler with callbacks */ - pgp_source_t * readsrc; /* source to read from */ + pgp_source_t *readsrc; /* source to read from */ bool detached; /* detached signature */ bool cleartext; /* source is cleartext signed */ bool clr_eod; /* cleartext data is over */ @@ -179,25 +180,23 @@ typedef struct pgp_source_partial_param_t { bool last; /* current part is last */ } pgp_source_partial_param_t; +namespace { -namespace +bool +is_valid_seipd_version(uint8_t version) { - - bool is_valid_seipd_version(uint8_t version) - { - if(version == 1 + if (version == 1 #ifdef ENABLE_CRYPTO_REFRESH - || version == 2 + || version == 2 #endif - ) - { - return true; - } - return false; + ) { + return true; } - + return false; } +} // namespace + static bool is_pgp_source(pgp_source_t &src) { @@ -511,8 +510,10 @@ encrypted_start_aead_chunk(pgp_source_encrypted_param_t *param, size_t idx, bool param->seipdv2_hdr.chunk_size_octet}; if (param->is_v2_seipd()) { - if(last) { - std::copy(¶m->aead_ad[5], ¶m->aead_ad[5 + 8], std::back_inserter(add_data_seipd_v2)); + if (last) { + std::copy(¶m->aead_ad[5], + ¶m->aead_ad[5 + 8], + std::back_inserter(add_data_seipd_v2)); } add_data = add_data_seipd_v2.data(); add_data_len = add_data_seipd_v2.size(); @@ -1006,8 +1007,8 @@ signed_src_close(pgp_source_t *src) static rnp_result_t signed_read_single_signature(pgp_source_signed_param_t *param, - pgp_source_t * readsrc, - pgp_signature_t ** sig) + pgp_source_t *readsrc, + pgp_signature_t **sig) { uint8_t ptag; if (!src_peek_eq(readsrc, &ptag, 1)) { @@ -1172,7 +1173,7 @@ cleartext_parse_headers(pgp_source_t *src) { pgp_source_signed_param_t *param = (pgp_source_signed_param_t *) src->param; char hdr[1024] = {0}; - char * hval; + char *hval; pgp_hash_alg_t halg; size_t hdrlen; @@ -1232,7 +1233,7 @@ static void cleartext_process_line(pgp_source_t *src, const uint8_t *buf, size_t len, bool eol) { pgp_source_signed_param_t *param = (pgp_source_signed_param_t *) src->param; - uint8_t * bufen = (uint8_t *) buf + len - 1; + uint8_t *bufen = (uint8_t *) buf + len - 1; /* check for dashes only if we are not in the middle */ if (!param->clr_mline && (len > 0) && (buf[0] == CH_DASH)) { @@ -1376,7 +1377,7 @@ cleartext_src_read(pgp_source_t *src, void *buf, size_t len, size_t *readres) static bool encrypted_decrypt_cfb_header(pgp_source_encrypted_param_t *param, pgp_symm_alg_t alg, - uint8_t * key) + uint8_t *key) { pgp_crypt_t crypt; uint8_t enchdr[PGP_MAX_BLOCK_SIZE + 2]; @@ -1449,9 +1450,8 @@ encrypted_start_aead(pgp_source_encrypted_param_t *param, pgp_symm_alg_t alg, ui seipd_v2_key_and_nonce_derivation(param->seipdv2_hdr, key); seipd_v2_key = aead_fields.key; key = std::move(seipd_v2_key.data()); - //param->seipd_v2_nonce = std::move(aead_fields.nonce); - if(aead_fields.nonce.size() > sizeof(param->aead_hdr.iv)) - { + // param->seipd_v2_nonce = std::move(aead_fields.nonce); + if (aead_fields.nonce.size() > sizeof(param->aead_hdr.iv)) { // signalling error would be better here aead_fields.nonce.resize(sizeof(param->aead_hdr.iv)); } @@ -1477,9 +1477,9 @@ encrypted_start_aead(pgp_source_encrypted_param_t *param, pgp_symm_alg_t alg, ui static bool encrypted_try_key(pgp_source_encrypted_param_t *param, - pgp_pk_sesskey_t * sesskey, - pgp_key_pkt_t * seckey, - rnp::SecurityContext & ctx) + pgp_pk_sesskey_t *sesskey, + pgp_key_pkt_t *seckey, + rnp::SecurityContext &ctx) { pgp_encrypted_material_t encmaterial; try { @@ -1508,15 +1508,16 @@ encrypted_try_key(pgp_source_encrypted_param_t *param, } /* Crypto Refresh: For X25519/X448 PKESKv3, AES is mandated */ - if(sesskey->alg == PGP_PKA_X25519 && sesskey->version == PGP_PKSK_V3) { - switch(sesskey->salg) { - case PGP_SA_AES_128: - case PGP_SA_AES_192: - case PGP_SA_AES_256: - break; - default: - RNP_LOG("attempting to use X25519 and v3 PKESK in combination with a symmetric algorithm that is not AES."); - return false; + if (sesskey->alg == PGP_PKA_X25519 && sesskey->version == PGP_PKSK_V3) { + switch (sesskey->salg) { + case PGP_SA_AES_128: + case PGP_SA_AES_192: + case PGP_SA_AES_256: + break; + default: + RNP_LOG("attempting to use X25519 and v3 PKESK in combination with a symmetric " + "algorithm that is not AES."); + return false; } } #endif @@ -1586,24 +1587,29 @@ encrypted_try_key(pgp_source_encrypted_param_t *param, #if defined(ENABLE_CRYPTO_REFRESH) case PGP_PKA_X25519: declen = decbuf.size(); - err = x25519_native_decrypt(&ctx.rng, keymaterial->x25519, &encmaterial.x25519, decbuf.data(), &declen); - if(err != RNP_SUCCESS) { + err = x25519_native_decrypt( + &ctx.rng, keymaterial->x25519, &encmaterial.x25519, decbuf.data(), &declen); + if (err != RNP_SUCCESS) { RNP_LOG("X25519 decryption error %u", err); return false; } break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; - case PGP_PKA_KYBER1024_BP384: - { + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_BP384: { pgp_key_t key(*seckey, true); /* make public-key `pgp_key_t` object from seckey */ declen = decbuf.size(); - err = keymaterial->kyber_ecdh.priv.decrypt(&ctx.rng, decbuf.data(), &declen, &encmaterial.kyber_ecdh, key.subkey_pkt_hash()); + err = keymaterial->kyber_ecdh.priv.decrypt( + &ctx.rng, decbuf.data(), &declen, &encmaterial.kyber_ecdh, key.subkey_pkt_hash()); if (err != RNP_SUCCESS) { RNP_LOG("Kyber ECC decryption failure"); return false; @@ -1616,10 +1622,10 @@ encrypted_try_key(pgp_source_encrypted_param_t *param, return false; } - uint8_t * decbuf_sesskey = decbuf.data(); - size_t decbuf_sesskey_len = declen; + uint8_t *decbuf_sesskey = decbuf.data(); + size_t decbuf_sesskey_len = declen; #if defined(ENABLE_CRYPTO_REFRESH) - if(do_encrypt_pkesk_v3_alg_id(sesskey->alg)) + if (do_encrypt_pkesk_v3_alg_id(sesskey->alg)) #endif { sesskey->salg = static_cast(decbuf[0]); @@ -1651,8 +1657,9 @@ encrypted_try_key(pgp_source_encrypted_param_t *param, #if defined(ENABLE_CRYPTO_REFRESH) else { // V6 PKESK /* compute the expected key length from the decbuf_sesskey_len and check */ - keylen = have_pkesk_checksum(sesskey->alg) ? decbuf_sesskey_len - 2 : decbuf_sesskey_len; - if(pgp_key_size(param->aead_hdr.ealg) != keylen) { + keylen = + have_pkesk_checksum(sesskey->alg) ? decbuf_sesskey_len - 2 : decbuf_sesskey_len; + if (pgp_key_size(param->aead_hdr.ealg) != keylen) { RNP_LOG("invalid symmetric key length"); return false; } @@ -1660,7 +1667,7 @@ encrypted_try_key(pgp_source_encrypted_param_t *param, #endif #if defined(ENABLE_CRYPTO_REFRESH) - if(have_pkesk_checksum(sesskey->alg)) + if (have_pkesk_checksum(sesskey->alg)) #endif { /* Validate checksum */ @@ -1691,10 +1698,12 @@ encrypted_try_key(pgp_source_encrypted_param_t *param, param->salg = sesskey->salg; } return res; - } + } #if defined(ENABLE_CRYPTO_REFRESH) - else { // PGP_PKSK_V6 - pgp_symm_alg_t salg = param->aead_hdr.ealg; // NOTEMTG: salg not part of the v6 PKESK, assignment here just to make the following call "happy" + else { // PGP_PKSK_V6 + pgp_symm_alg_t salg = + param->aead_hdr.ealg; // NOTEMTG: salg not part of the v6 PKESK, assignment here just + // to make the following call "happy" return encrypted_start_aead(param, salg, decbuf_sesskey); } #endif @@ -2048,7 +2057,7 @@ get_compressed_src_alg(pgp_source_t *src, uint8_t *alg) static bool parse_aead_chunk_size(uint8_t chunk_size_octet, size_t *chunk_size) -{ +{ if (chunk_size_octet > 56) { RNP_LOG("too large chunk size: %d", chunk_size_octet); return false; @@ -2222,10 +2231,12 @@ encrypted_read_packet_data(pgp_source_encrypted_param_t *param) } #ifdef ENABLE_CRYPTO_REFRESH else if (SEIPD_version == PGP_SE_IP_DATA_V2) { - /* SKESK v6 is not yet implemented, thus we must not attempt to decrypt SEIPDv2 here - TODO: Once SKESK v6 is implemented, replace this check with a check for consistency between SEIPD and SKESK version + /* SKESK v6 is not yet implemented, thus we must not attempt to decrypt SEIPDv2 + here + TODO: Once SKESK v6 is implemented, replace this check with a check for + consistency between SEIPD and SKESK version */ - if(param->symencs.size() > 0) { + if (param->symencs.size() > 0) { RNP_LOG("SEIPDv2 not usable with SKESK version"); return RNP_ERROR_BAD_FORMAT; } @@ -2250,7 +2261,8 @@ encrypted_read_packet_data(pgp_source_encrypted_param_t *param) } /* parse chunk size */ - if (!parse_aead_chunk_size(param->seipdv2_hdr.chunk_size_octet, ¶m->chunklen)) { + if (!parse_aead_chunk_size(param->seipdv2_hdr.chunk_size_octet, + ¶m->chunklen)) { return RNP_ERROR_BAD_FORMAT; } @@ -2262,8 +2274,8 @@ encrypted_read_packet_data(pgp_source_encrypted_param_t *param) param->aead_hdr.aalg = param->seipdv2_hdr.aead_alg; param->aead_hdr.csize = param->seipdv2_hdr.chunk_size_octet; // needed? param->aead_hdr.ealg = param->seipdv2_hdr.cipher_alg; - } -#endif + } +#endif else { RNP_LOG("unknown SEIPD version: %d", (int) SEIPD_version); return RNP_ERROR_BAD_FORMAT; @@ -2300,12 +2312,13 @@ init_encrypted_src(pgp_parse_handler_t *handler, pgp_source_t *src, pgp_source_t goto finish; } - src->read = (!param->use_cfb() + src->read = (!param->use_cfb() #ifdef ENABLE_CRYPTO_REFRESH - || param->is_v2_seipd() + || param->is_v2_seipd() #endif -) - ? encrypted_src_read_aead : encrypted_src_read_cfb; + ) ? + encrypted_src_read_aead : + encrypted_src_read_cfb; /* Obtaining the symmetric key */ if (!handler->password_provider) { @@ -2480,7 +2493,7 @@ init_signed_src(pgp_parse_handler_t *handler, pgp_source_t *src, pgp_source_t *r pgp_source_signed_param_t *param; uint8_t ptag; int ptype; - pgp_signature_t * sig = NULL; + pgp_signature_t *sig = NULL; bool cleartext; size_t sigerrors = 0; @@ -2782,11 +2795,11 @@ process_pgp_source(pgp_parse_handler_t *handler, pgp_source_t &src) rnp_result_t res = RNP_ERROR_BAD_FORMAT; rnp_result_t fres; pgp_processing_ctx_t ctx = {}; - pgp_source_t * decsrc = NULL; + pgp_source_t *decsrc = NULL; pgp_source_t datasrc = {0}; - pgp_dest_t * outdest = NULL; + pgp_dest_t *outdest = NULL; bool closeout = true; - uint8_t * readbuf = NULL; + uint8_t *readbuf = NULL; ctx.handler = *handler; /* Building readers sequence. Checking whether it is binary data */ @@ -2849,7 +2862,7 @@ process_pgp_source(pgp_parse_handler_t *handler, pgp_source_t &src) } /* file processing case */ decsrc = &ctx.sources.back(); - char * filename = NULL; + char *filename = NULL; uint32_t mtime = 0; if (ctx.literal_src) { diff --git a/src/librepgp/stream-parse.h b/src/librepgp/stream-parse.h index 1bee9fd82..1aebc4a29 100644 --- a/src/librepgp/stream-parse.h +++ b/src/librepgp/stream-parse.h @@ -38,42 +38,42 @@ typedef struct pgp_parse_handler_t pgp_parse_handler_t; typedef struct pgp_signature_info_t pgp_signature_info_t; typedef bool pgp_destination_func_t(pgp_parse_handler_t *handler, - pgp_dest_t ** dst, - bool * closedst, - const char * filename, + pgp_dest_t **dst, + bool *closedst, + const char *filename, uint32_t mtime); typedef bool pgp_source_func_t(pgp_parse_handler_t *handler, pgp_source_t *src); typedef void pgp_signatures_func_t(const std::vector &sigs, void *param); typedef void pgp_on_recipients_func_t(const std::vector &recipients, const std::vector &passwords, - void * param); + void *param); typedef void pgp_decryption_start_func_t(pgp_pk_sesskey_t *pubenc, pgp_sk_sesskey_t *symenc, - void * param); + void *param); typedef void pgp_decryption_info_func_t(bool mdc, pgp_aead_alg_t aead, pgp_symm_alg_t salg, - void * param); + void *param); typedef void pgp_decryption_done_func_t(bool validated, void *param); /* handler used to return needed information during pgp source processing */ typedef struct pgp_parse_handler_t { pgp_password_provider_t *password_provider; /* if NULL then default will be used */ - pgp_key_provider_t * key_provider; /* must be set when key is required, i.e. during + pgp_key_provider_t *key_provider; /* must be set when key is required, i.e. during signing/verification/public key encryption and deryption */ pgp_destination_func_t *dest_provider; /* called when destination stream is required */ - pgp_source_func_t * src_provider; /* required to provider source during the detached + pgp_source_func_t *src_provider; /* required to provider source during the detached signature verification */ - pgp_on_recipients_func_t * on_recipients; /* called before decryption start */ + pgp_on_recipients_func_t *on_recipients; /* called before decryption start */ pgp_decryption_start_func_t *on_decryption_start; /* called when decryption key obtained */ - pgp_decryption_info_func_t * on_decryption_info; /* called when decryption is started */ - pgp_decryption_done_func_t * on_decryption_done; /* called when decryption is finished */ - pgp_signatures_func_t * on_signatures; /* for signature verification results */ + pgp_decryption_info_func_t *on_decryption_info; /* called when decryption is started */ + pgp_decryption_done_func_t *on_decryption_done; /* called when decryption is finished */ + pgp_signatures_func_t *on_signatures; /* for signature verification results */ - rnp_ctx_t *ctx; /* operation context */ - void * param; /* additional parameters */ + rnp_ctx_t *ctx; /* operation context */ + void *param; /* additional parameters */ } pgp_parse_handler_t; /* @brief Process the OpenPGP source: file, memory, stdin diff --git a/src/librepgp/stream-sig.cpp b/src/librepgp/stream-sig.cpp index 0b8f8690f..445836fd6 100644 --- a/src/librepgp/stream-sig.cpp +++ b/src/librepgp/stream-sig.cpp @@ -48,7 +48,7 @@ void signature_hash_key(const pgp_key_pkt_t &key, rnp::Hash &hash) { - if(key.version <= PGP_V4) { + if (key.version <= PGP_V4) { uint8_t hdr[3] = {0x99, 0x00, 0x00}; if (key.hashed_data) { write_uint16(hdr + 1, key.hashed_len); @@ -56,8 +56,7 @@ signature_hash_key(const pgp_key_pkt_t &key, rnp::Hash &hash) hash.add(key.hashed_data, key.hashed_len); return; } - } - else { // PGP_V6 + } else { // PGP_V6 #if defined(ENABLE_CRYPTO_REFRESH) uint8_t hdr[5] = {0x9b, 0x00, 0x00, 0x00, 0x00}; if (key.hashed_data) { @@ -104,8 +103,8 @@ signature_hash_userid(const pgp_userid_pkt_t &uid, rnp::Hash &hash, pgp_version_ } std::unique_ptr -signature_hash_certification(const pgp_signature_t & sig, - const pgp_key_pkt_t & key, +signature_hash_certification(const pgp_signature_t &sig, + const pgp_key_pkt_t &key, const pgp_userid_pkt_t &userid) { auto hash = signature_init(key, sig); @@ -116,8 +115,8 @@ signature_hash_certification(const pgp_signature_t & sig, std::unique_ptr signature_hash_binding(const pgp_signature_t &sig, - const pgp_key_pkt_t & key, - const pgp_key_pkt_t & subkey) + const pgp_key_pkt_t &key, + const pgp_key_pkt_t &subkey) { auto hash = signature_init(key, sig); signature_hash_key(key, *hash); @@ -303,7 +302,8 @@ pgp_sig_subpkt_t::parse() } break; case PGP_SIG_SUBPKT_ISSUER_KEY_ID: - // TODO-V6: MUST NOT be included in signatures issued by v6 keys: ignore, warn, or fail here? + // TODO-V6: MUST NOT be included in signatures issued by v6 keys: ignore, warn, or fail + // here? if ((oklen = len == 8)) { fields.issuer = data; } @@ -392,7 +392,7 @@ pgp_sig_subpkt_t::parse() break; #if defined(ENABLE_CRYPTO_REFRESH) case PGP_SIG_SUBPKT_PREFERRED_AEAD_CIPHERSUITES: - // TODO-V6: needs implementation + // TODO-V6: needs implementation break; #endif case PGP_SIG_SUBPKT_PRIVATE_100: @@ -452,7 +452,7 @@ pgp_signature_t::pgp_signature_t(const pgp_signature_t &src) halg = src.halg; memcpy(lbits, src.lbits, sizeof(src.lbits)); #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V6) { + if (version == PGP_V6) { salt_size = src.salt_size; memcpy(salt, src.salt, salt_size); } @@ -487,7 +487,7 @@ pgp_signature_t::pgp_signature_t(pgp_signature_t &&src) halg = src.halg; memcpy(lbits, src.lbits, sizeof(src.lbits)); #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V6) { + if (version == PGP_V6) { salt_size = src.salt_size; memcpy(salt, src.salt, salt_size); } @@ -543,7 +543,7 @@ pgp_signature_t::operator=(const pgp_signature_t &src) halg = src.halg; memcpy(lbits, src.lbits, sizeof(src.lbits)); #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V6) { + if (version == PGP_V6) { salt_size = src.salt_size; memcpy(salt, src.salt, salt_size); } @@ -614,8 +614,7 @@ pgp_signature_t::get_id() const } pgp_sig_subpkt_t * -pgp_signature_t:: -get_subpkt(pgp_sig_subpacket_type_t stype, bool hashed) +pgp_signature_t::get_subpkt(pgp_sig_subpacket_type_t stype, bool hashed) { if (version < PGP_V4) { return NULL; @@ -1083,7 +1082,7 @@ pgp_signature_t::set_signer_uid(const std::string &uid) } void -pgp_signature_t::add_notation(const std::string & name, +pgp_signature_t::add_notation(const std::string &name, const std::vector &value, bool human, bool critical) @@ -1275,7 +1274,7 @@ pgp_signature_t::parse_subpackets(uint8_t *buf, size_t len, bool hashed) return false; } - subpkt.type = (pgp_sig_subpacket_type_t)(*buf & 0x7f); + subpkt.type = (pgp_sig_subpacket_type_t) (*buf & 0x7f); subpkt.critical = !!(*buf & 0x80); subpkt.hashed = hashed; subpkt.parsed = 0; @@ -1307,15 +1306,15 @@ pgp_signature_t::parse_v4v6(pgp_packet_body_t &pkt) /* hash algorithm */ halg = (pgp_hash_alg_t) buf[2]; /* hashed subpackets length */ - - uint8_t splen_buf[PGP_MAX_SIG_HASHED_AREA_SIZE_OCTETS]; // large enough to hold V4 and V6 lengths + + uint8_t + splen_buf[PGP_MAX_SIG_HASHED_AREA_SIZE_OCTETS]; // large enough to hold V4 and V6 lengths unsigned splen; - size_t splen_size; + size_t splen_size; - if(version == PGP_V4) { + if (version == PGP_V4) { splen_size = PGP_SIG_HASHED_AREA_SIZE_OCTETS_V4; - } - else { /* PGP_V6 */ + } else { /* PGP_V6 */ #if defined(ENABLE_CRYPTO_REFRESH) splen_size = PGP_SIG_HASHED_AREA_SIZE_OCTETS_V6; #else @@ -1328,20 +1327,19 @@ pgp_signature_t::parse_v4v6(pgp_packet_body_t &pkt) RNP_LOG("cannot get hashed len"); return RNP_ERROR_BAD_FORMAT; } - + #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V4) { + if (version == PGP_V4) { splen = read_uint16(splen_buf); - } - else { /* PGP_V6 */ + } else { /* PGP_V6 */ splen = read_uint32(splen_buf); } #else - splen = read_uint16(splen_buf); + splen = read_uint16(splen_buf); #endif /* hashed subpackets length + splen_size bytes of length of unhashed subpackets */ - if (pkt.left() < (size_t)(splen + splen_size)) { + if (pkt.left() < (size_t) (splen + splen_size)) { RNP_LOG("wrong packet or hashed subpackets length"); return RNP_ERROR_BAD_FORMAT; } @@ -1372,10 +1370,9 @@ pgp_signature_t::parse_v4v6(pgp_packet_body_t &pkt) return RNP_ERROR_BAD_FORMAT; } #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V4) { + if (version == PGP_V4) { splen = read_uint16(splen_buf); - } - else { /* PGP_V6 */ + } else { /* PGP_V6 */ splen = read_uint32(splen_buf); } #else @@ -1412,9 +1409,9 @@ pgp_signature_t::parse(pgp_packet_body_t &pkt) res = parse_v3(pkt); } else if ((ver == PGP_V4) || #if defined(ENABLE_CRYPTO_REFRESH) - (ver == PGP_V6) + (ver == PGP_V6) #else - false + false #endif ) { res = parse_v4v6(pkt); @@ -1432,18 +1429,18 @@ pgp_signature_t::parse(pgp_packet_body_t &pkt) RNP_LOG("not enough data for hash left bits"); return RNP_ERROR_BAD_FORMAT; } - + #if defined(ENABLE_CRYPTO_REFRESH) if (ver == PGP_V6) { - if(!pkt.get(salt_size)) { + if (!pkt.get(salt_size)) { RNP_LOG("not enough data for v6 salt size octet"); return RNP_ERROR_BAD_FORMAT; } - if(salt_size != rnp::Hash::size(halg)/2) { + if (salt_size != rnp::Hash::size(halg) / 2) { RNP_LOG("invalid salt size"); return RNP_ERROR_BAD_FORMAT; } - if(!pkt.get(salt, salt_size)) { + if (!pkt.get(salt, salt_size)) { RNP_LOG("not enough data for v6 signature salt"); return RNP_ERROR_BAD_FORMAT; } @@ -1529,14 +1526,20 @@ pgp_signature_t::parse_material(pgp_signature_material_t &material) const } #endif #if defined(ENABLE_PQC) - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: - material.dilithium_exdsa.sig.resize(pgp_dilithium_exdsa_signature_t::composite_signature_size(palg)); - if (!pkt.get(material.dilithium_exdsa.sig.data(), material.dilithium_exdsa.sig.size())) { + material.dilithium_exdsa.sig.resize( + pgp_dilithium_exdsa_signature_t::composite_signature_size(palg)); + if (!pkt.get(material.dilithium_exdsa.sig.data(), + material.dilithium_exdsa.sig.size())) { RNP_LOG("failed to get dilithium-ecdsa/eddsa signature"); return false; } @@ -1557,14 +1560,13 @@ pgp_signature_t::parse_material(pgp_signature_material_t &material) const void pgp_signature_t::write(pgp_dest_t &dst) const { - if ((version < PGP_V2) || ( (version > PGP_V4) && + if ((version < PGP_V2) || ((version > PGP_V4) && #if defined(ENABLE_CRYPTO_REFRESH) - (version != PGP_V6) + (version != PGP_V6) #else - true + true #endif - ) - ) { + )) { RNP_LOG("don't know version %d", (int) version); throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } @@ -1586,7 +1588,7 @@ pgp_signature_t::write(pgp_dest_t &dst) const } pktbody.add(lbits, 2); #if defined(ENABLE_CRYPTO_REFRESH) - if(version == PGP_V6) { + if (version == PGP_V6) { pktbody.add_byte(salt_size); pktbody.add(salt, salt_size); } @@ -1627,11 +1629,15 @@ pgp_signature_t::write_material(const pgp_signature_material_t &material) break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_DILITHIUM3_ED25519: [[fallthrough]]; - //case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_P256: [[fallthrough]]; - case PGP_PKA_DILITHIUM5_P384: [[fallthrough]]; - case PGP_PKA_DILITHIUM3_BP256: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_ED25519: + [[fallthrough]]; + // case PGP_PKA_DILITHIUM5_ED448: [[fallthrough]]; + case PGP_PKA_DILITHIUM3_P256: + [[fallthrough]]; + case PGP_PKA_DILITHIUM5_P384: + [[fallthrough]]; + case PGP_PKA_DILITHIUM3_BP256: + [[fallthrough]]; case PGP_PKA_DILITHIUM5_BP384: pktbody.add(material.dilithium_exdsa.sig); break; @@ -1654,14 +1660,13 @@ void pgp_signature_t::fill_hashed_data() { /* we don't have a need to write v2-v3 signatures */ - if ((version < PGP_V2) || ( (version > PGP_V4) && + if ((version < PGP_V2) || ((version > PGP_V4) && #if defined(ENABLE_CRYPTO_REFRESH) - (version != PGP_V6) + (version != PGP_V6) #else - true + true #endif - ) - ) { + )) { RNP_LOG("don't know version %d", (int) version); throw rnp::rnp_exception(RNP_ERROR_BAD_PARAMETERS); } diff --git a/src/librepgp/stream-sig.h b/src/librepgp/stream-sig.h index 150e28df4..50f5a18c1 100644 --- a/src/librepgp/stream-sig.h +++ b/src/librepgp/stream-sig.h @@ -49,9 +49,9 @@ typedef struct pgp_signature_t { pgp_pubkey_alg_t palg; pgp_hash_alg_t halg; uint8_t lbits[2]; - uint8_t * hashed_data; + uint8_t *hashed_data; size_t hashed_len; - uint8_t * material_buf; /* raw signature material */ + uint8_t *material_buf; /* raw signature material */ size_t material_len; /* raw signature material length */ /* v3 - only fields */ @@ -61,11 +61,11 @@ typedef struct pgp_signature_t { /* common v4 and v6 fields */ std::vector subpkts; - #if defined(ENABLE_CRYPTO_REFRESH) +#if defined(ENABLE_CRYPTO_REFRESH) /* v6 - only fields */ uint8_t salt[PGP_MAX_SALT_SIZE_V6_SIG]; uint8_t salt_size; - #endif +#endif pgp_signature_t() : type_(PGP_SIG_BINARY), version(PGP_VUNKNOWN), palg(PGP_PKA_NOTHING), @@ -107,7 +107,7 @@ typedef struct pgp_signature_t { * covered by signature) area, otherwise will search in both hashed and non-hashed areas. * @return pointer to the subpacket, or NULL if subpacket was not found. */ - pgp_sig_subpkt_t * get_subpkt(pgp_sig_subpacket_type_t stype, bool hashed = true); + pgp_sig_subpkt_t *get_subpkt(pgp_sig_subpacket_type_t stype, bool hashed = true); const pgp_sig_subpkt_t *get_subpkt(pgp_sig_subpacket_type_t stype, bool hashed = true) const; /* @brief Check whether v4 signature has subpacket of the specified type/hashedness */ @@ -311,7 +311,7 @@ typedef struct pgp_signature_t { /** * @brief Add notation. */ - void add_notation(const std::string & name, + void add_notation(const std::string &name, const std::vector &value, bool human = true, bool critical = false); @@ -418,16 +418,16 @@ void signature_hash_key(const pgp_key_pkt_t &key, rnp::Hash &hash); void signature_hash_userid(const pgp_userid_pkt_t &uid, rnp::Hash &hash, pgp_version_t sigver); -std::unique_ptr signature_hash_certification(const pgp_signature_t & sig, - const pgp_key_pkt_t & key, +std::unique_ptr signature_hash_certification(const pgp_signature_t &sig, + const pgp_key_pkt_t &key, const pgp_userid_pkt_t &userid); std::unique_ptr signature_hash_binding(const pgp_signature_t &sig, - const pgp_key_pkt_t & key, - const pgp_key_pkt_t & subkey); + const pgp_key_pkt_t &key, + const pgp_key_pkt_t &subkey); std::unique_ptr signature_hash_direct(const pgp_signature_t &sig, - const pgp_key_pkt_t & key); + const pgp_key_pkt_t &key); /** * @brief Parse stream with signatures to the signatures list. diff --git a/src/librepgp/stream-write.cpp b/src/librepgp/stream-write.cpp index 3345fbff9..3f381d341 100644 --- a/src/librepgp/stream-write.cpp +++ b/src/librepgp/stream-write.cpp @@ -87,7 +87,7 @@ typedef struct pgp_dest_compressed_param_t { typedef struct pgp_dest_encrypted_param_t { pgp_dest_packet_param_t pkt; /* underlying packet-related params */ - rnp_ctx_t * ctx; /* rnp operation context with additional parameters */ + rnp_ctx_t *ctx; /* rnp operation context with additional parameters */ rnp::AuthType auth_type; /* Authentication type: MDC, AEAD or none */ pgp_crypt_t encrypt; /* encrypting crypto */ std::unique_ptr mdc; /* mdc SHA1 hash */ @@ -104,34 +104,37 @@ typedef struct pgp_dest_encrypted_param_t { std::array v2_seipd_salt; /* SEIPDv2 salt value */ #endif - bool is_aead_auth() + bool + is_aead_auth() { return (this->auth_type == rnp::AuthType::AEADv1) #ifdef ENABLE_CRYPTO_REFRESH - || (this->auth_type == rnp::AuthType::AEADv2) + || (this->auth_type == rnp::AuthType::AEADv2) #endif - ; + ; }; #ifdef ENABLE_CRYPTO_REFRESH - bool is_v2_seipd() const + bool + is_v2_seipd() const { - return this->auth_type == rnp::AuthType::AEADv2;; + return this->auth_type == rnp::AuthType::AEADv2; + ; } #endif } pgp_dest_encrypted_param_t; typedef struct pgp_dest_signer_info_t { pgp_one_pass_sig_t onepass; - pgp_key_t * key; + pgp_key_t *key; pgp_hash_alg_t halg; int64_t sigcreate; uint64_t sigexpire; } pgp_dest_signer_info_t; typedef struct pgp_dest_signed_param_t { - pgp_dest_t * writedst; /* destination to write to */ - rnp_ctx_t * ctx; /* rnp operation context with additional parameters */ + pgp_dest_t *writedst; /* destination to write to */ + rnp_ctx_t *ctx; /* rnp operation context with additional parameters */ pgp_password_provider_t *password_provider; /* password provider from write handler */ std::vector siginfos; /* list of pgp_dest_signer_info_t */ rnp::HashList hashes; /* hashes to pass raw data through and then sign */ @@ -364,7 +367,7 @@ encrypted_start_aead_chunk(pgp_dest_encrypted_param_t *param, size_t idx, bool l } /* set chunk index for additional data */ - if (param->auth_type == rnp::AuthType::AEADv1) { + if (param->auth_type == rnp::AuthType::AEADv1) { STORE64BE(param->ad + param->adlen - 8, idx); } @@ -393,7 +396,7 @@ encrypted_start_aead_chunk(pgp_dest_encrypted_param_t *param, size_t idx, bool l /* set chunk index for nonce */ nlen = pgp_cipher_aead_nonce(param->aalg, param->iv, nonce, idx); - if(nlen == 0) { + if (nlen == 0) { RNP_LOG("ERROR: when starting encrypted AEAD chunk: could not determine nonce length"); } @@ -494,7 +497,8 @@ encrypted_dst_finish(pgp_dest_t *dst) } rnp_result_t res = encrypted_start_aead_chunk(param, chunks, true); - //pgp_cipher_aead_destroy(¶m->encrypt); // this caused memory error (most likely double free) + // pgp_cipher_aead_destroy(¶m->encrypt); // this caused memory error (most likely + // double free) #endif if (res) { finish_streamed_packet(¶m->pkt); @@ -542,9 +546,9 @@ encrypted_dst_close(pgp_dest_t *dst, bool discard) static rnp_result_t encrypted_add_recipient(pgp_write_handler_t *handler, - pgp_dest_t * dst, - pgp_key_t * userkey, - const uint8_t * key, + pgp_dest_t *dst, + pgp_key_t *userkey, + const uint8_t *key, const unsigned keylen, pgp_pkesk_version_t pkesk_version) { @@ -560,15 +564,16 @@ encrypted_add_recipient(pgp_write_handler_t *handler, #if defined(ENABLE_CRYPTO_REFRESH) /* Crypto Refresh: For X25519/X448 PKESKv3, AES is mandated */ - if(userkey->alg() == PGP_PKA_X25519 && pkesk_version == PGP_PKSK_V3) { - switch(param->ctx->ealg) { - case PGP_SA_AES_128: - case PGP_SA_AES_192: - case PGP_SA_AES_256: - break; - default: - RNP_LOG("attempting to use X25519 and v3 PKESK in combination with a symmetric algorithm that is not AES."); - return RNP_ERROR_DECRYPT_FAILED; + if (userkey->alg() == PGP_PKA_X25519 && pkesk_version == PGP_PKSK_V3) { + switch (param->ctx->ealg) { + case PGP_SA_AES_128: + case PGP_SA_AES_192: + case PGP_SA_AES_256: + break; + default: + RNP_LOG("attempting to use X25519 and v3 PKESK in combination with a symmetric " + "algorithm that is not AES."); + return RNP_ERROR_DECRYPT_FAILED; } } #endif @@ -581,7 +586,7 @@ encrypted_add_recipient(pgp_write_handler_t *handler, #if defined(ENABLE_CRYPTO_REFRESH) pkey.fp = userkey->fp(); #endif - + /* Encrypt the session key */ rnp::secure_array enckey; uint8_t *sesskey = enckey.data(); /* pointer to the actual session key */ @@ -592,7 +597,7 @@ encrypted_add_recipient(pgp_write_handler_t *handler, #if defined(ENABLE_CRYPTO_REFRESH) if (pkey.version == PGP_PKSK_V3) { size_t key_offset; - if(do_encrypt_pkesk_v3_alg_id(pkey.alg)) { + if (do_encrypt_pkesk_v3_alg_id(pkey.alg)) { /* for pre-crypto-refresh algorithms, algorithm ID is part of the session key */ key_offset = 1; enckey[0] = pkey.salg; @@ -600,21 +605,20 @@ encrypted_add_recipient(pgp_write_handler_t *handler, key_offset = 0; } #else - enckey[0] = pkey.salg; - size_t key_offset = 1; + enckey[0] = pkey.salg; + size_t key_offset = 1; #endif memcpy(&enckey[key_offset], key, keylen); sesskey += key_offset; enckey_len += key_offset; #if defined(ENABLE_CRYPTO_REFRESH) - } - else { // PGP_PKSK_V6 + } else { // PGP_PKSK_V6 memcpy(&enckey[0], key, keylen); } #endif #if defined(ENABLE_CRYPTO_REFRESH) - if(have_pkesk_checksum(pkey.alg)) + if (have_pkesk_checksum(pkey.alg)) #endif { /* Calculate checksum */ @@ -701,24 +705,28 @@ encrypted_add_recipient(pgp_write_handler_t *handler, enckey.data(), enckey_len, &material.x25519); - if(ret) { + if (ret) { RNP_LOG("x25519 encryption failed"); return ret; } break; #endif #if defined(ENABLE_PQC) - case PGP_PKA_KYBER768_X25519: [[fallthrough]]; - //case PGP_PKA_KYBER1024_X448: [[fallthrough]]; - case PGP_PKA_KYBER768_P256: [[fallthrough]]; - case PGP_PKA_KYBER1024_P384: [[fallthrough]]; - case PGP_PKA_KYBER768_BP256: [[fallthrough]]; + case PGP_PKA_KYBER768_X25519: + [[fallthrough]]; + // case PGP_PKA_KYBER1024_X448: [[fallthrough]]; + case PGP_PKA_KYBER768_P256: + [[fallthrough]]; + case PGP_PKA_KYBER1024_P384: + [[fallthrough]]; + case PGP_PKA_KYBER768_BP256: + [[fallthrough]]; case PGP_PKA_KYBER1024_BP384: ret = userkey->material().kyber_ecdh.pub.encrypt(&handler->ctx->ctx->rng, - &material.kyber_ecdh, - enckey.data(), - enckey_len, - userkey->subkey_pkt_hash()); + &material.kyber_ecdh, + enckey.data(), + enckey_len, + userkey->subkey_pkt_hash()); if (ret) { RNP_LOG("Kyber ECC Encrypt failed"); return ret; @@ -756,9 +764,9 @@ encrypted_sesk_set_ad(pgp_crypt_t *crypt, pgp_sk_sesskey_t *skey) #endif static rnp_result_t -encrypted_add_password(rnp_symmetric_pass_info_t * pass, +encrypted_add_password(rnp_symmetric_pass_info_t *pass, pgp_dest_encrypted_param_t *param, - uint8_t * key, + uint8_t *key, const unsigned keylen, bool singlepass) { @@ -925,7 +933,7 @@ encrypted_start_aead(pgp_dest_encrypted_param_t *param, uint8_t *enckey) nlen = pgp_cipher_aead_nonce_len(param->ctx->aalg); uint8_t *iv_or_salt = param->iv; size_t iv_or_salt_len = nlen; -#ifdef ENABLE_CRYPTO_REFRESH +#ifdef ENABLE_CRYPTO_REFRESH if (param->auth_type == rnp::AuthType::AEADv2) { iv_or_salt = param->v2_seipd_salt.data(); iv_or_salt_len = param->v2_seipd_salt.size(); @@ -973,8 +981,7 @@ encrypted_start_aead(pgp_dest_encrypted_param_t *param, uint8_t *enckey) memcpy(v2_seipd_hdr.salt, iv_or_salt, PGP_SEIPDV2_SALT_LEN); s2_fields = seipd_v2_key_and_nonce_derivation(v2_seipd_hdr, enckey); enckey = s2_fields.key.data(); - if(s2_fields.nonce.size() > sizeof(param->iv)) - { + if (s2_fields.nonce.size() > sizeof(param->iv)) { // would be better to indicate an error s2_fields.nonce.resize(sizeof(param->iv)); } @@ -1042,7 +1049,8 @@ init_encrypted_dst(pgp_write_handler_t *handler, pgp_dest_t *dst, pgp_dest_t *wr skeycount = handler->ctx->passwords.size(); #if defined(ENABLE_CRYPTO_REFRESH) - /* in the case of PKESK (pkeycount > 0) and all keys are PKESKv6/SEIPDv2 capable, ugprade to AEADv2 */ + /* in the case of PKESK (pkeycount > 0) and all keys are PKESKv6/SEIPDv2 capable, ugprade + * to AEADv2 */ if (handler->ctx->enable_pkesk_v6 && handler->ctx->pkeskv6_capable() && pkeycount > 0) { param->auth_type = rnp::AuthType::AEADv2; } @@ -1080,7 +1088,7 @@ init_encrypted_dst(pgp_write_handler_t *handler, pgp_dest_t *dst, pgp_dest_t *wr if (param->auth_type == rnp::AuthType::AEADv2) { pkesk_version = PGP_PKSK_V6; } - if(handler->ctx->aalg == PGP_AEAD_NONE) { + if (handler->ctx->aalg == PGP_AEAD_NONE) { // set default AEAD if not set // TODO-V6: is this the right place to set the default algorithm? param->ctx->aalg = DEFAULT_AEAD_ALG; @@ -1111,7 +1119,7 @@ init_encrypted_dst(pgp_write_handler_t *handler, pgp_dest_t *dst, pgp_dest_t *wr param->pkt.tag = param->auth_type == rnp::AuthType::MDC ? PGP_PKT_SE_IP_DATA : PGP_PKT_SE_DATA; #ifdef ENABLE_CRYPTO_REFRESH - if(param->auth_type == rnp::AuthType::AEADv2) { + if (param->auth_type == rnp::AuthType::AEADv2) { param->pkt.tag = PGP_PKT_SE_IP_DATA; } #endif @@ -1150,7 +1158,7 @@ signed_dst_write(pgp_dest_t *dst, const void *buf, size_t len) static void cleartext_dst_writeline(pgp_dest_signed_param_t *param, - const uint8_t * buf, + const uint8_t *buf, size_t len, bool eol) { @@ -1216,7 +1224,7 @@ cleartext_dst_scanline(const uint8_t *buf, size_t len, bool *eol) static rnp_result_t cleartext_dst_write(pgp_dest_t *dst, const void *buf, size_t len) { - const uint8_t * linebg = (const uint8_t *) buf; + const uint8_t *linebg = (const uint8_t *) buf; size_t linelen; size_t cplen; bool eol; @@ -1277,8 +1285,8 @@ cleartext_dst_write(pgp_dest_t *dst, const void *buf, size_t len) static void signed_fill_signature(pgp_dest_signed_param_t ¶m, - pgp_signature_t & sig, - pgp_dest_signer_info_t & signer) + pgp_signature_t &sig, + pgp_dest_signer_info_t &signer) { /* fill signature fields, assuming sign_init was called on it */ if (signer.sigcreate) { @@ -1306,19 +1314,25 @@ signed_fill_signature(pgp_dest_signed_param_t ¶m, static rnp_result_t signed_write_signature(pgp_dest_signed_param_t *param, - pgp_dest_signer_info_t * signer, - pgp_dest_t * writedst) + pgp_dest_signer_info_t *signer, + pgp_dest_t *writedst) { try { pgp_signature_t sig; if (signer->onepass.version) { - signer->key->sign_init( - param->ctx->ctx->rng, sig, signer->onepass.halg, param->ctx->ctx->time(), signer->key->version()); + signer->key->sign_init(param->ctx->ctx->rng, + sig, + signer->onepass.halg, + param->ctx->ctx->time(), + signer->key->version()); sig.palg = signer->onepass.palg; sig.set_type(signer->onepass.type); } else { - signer->key->sign_init( - param->ctx->ctx->rng, sig, signer->halg, param->ctx->ctx->time(), signer->key->version()); + signer->key->sign_init(param->ctx->ctx->rng, + sig, + signer->halg, + param->ctx->ctx->time(), + signer->key->version()); /* line below should be checked */ sig.set_type(param->ctx->detached ? PGP_SIG_BINARY : PGP_SIG_TEXT); } @@ -1890,10 +1904,10 @@ init_literal_dst(pgp_write_handler_t *handler, pgp_dest_t *dst, pgp_dest_t *writ static rnp_result_t process_stream_sequence(pgp_source_t *src, - pgp_dest_t * streams, + pgp_dest_t *streams, unsigned count, - pgp_dest_t * sstream, - pgp_dest_t * wstream) + pgp_dest_t *sstream, + pgp_dest_t *wstream) { std::unique_ptr readbuf(new (std::nothrow) uint8_t[PGP_INPUT_CACHE_SIZE]); if (!readbuf) { @@ -1950,9 +1964,9 @@ rnp_sign_src(pgp_write_handler_t *handler, pgp_source_t *src, pgp_dest_t *dst) pgp_dest_t dests[4]; unsigned destc = 0; rnp_result_t ret = RNP_ERROR_GENERIC; - rnp_ctx_t & ctx = *handler->ctx; - pgp_dest_t * wstream = NULL; - pgp_dest_t * sstream = NULL; + rnp_ctx_t &ctx = *handler->ctx; + pgp_dest_t *wstream = NULL; + pgp_dest_t *sstream = NULL; /* pushing armoring stream, which will write to the output */ if (ctx.armor && !ctx.clearsign) { @@ -2017,8 +2031,8 @@ rnp_encrypt_sign_src(pgp_write_handler_t *handler, pgp_source_t *src, pgp_dest_t pgp_dest_t dests[5]; size_t destc = 0; rnp_result_t ret = RNP_SUCCESS; - rnp_ctx_t & ctx = *handler->ctx; - pgp_dest_t * sstream = NULL; + rnp_ctx_t &ctx = *handler->ctx; + pgp_dest_t *sstream = NULL; /* we may use only attached signatures here */ if (ctx.clearsign || ctx.detached) { @@ -2116,9 +2130,9 @@ rnp_wrap_src(pgp_source_t &src, pgp_dest_t &dst, const std::string &filename, ui } rnp_result_t -rnp_raw_encrypt_src(pgp_source_t & src, - pgp_dest_t & dst, - const std::string & password, +rnp_raw_encrypt_src(pgp_source_t &src, + pgp_dest_t &dst, + const std::string &password, rnp::SecurityContext &secctx) { pgp_write_handler_t handler = {}; diff --git a/src/librepgp/stream-write.h b/src/librepgp/stream-write.h index 49431f915..d7ebf86fe 100644 --- a/src/librepgp/stream-write.h +++ b/src/librepgp/stream-write.h @@ -36,8 +36,8 @@ typedef struct pgp_write_handler_t { pgp_password_provider_t *password_provider; - pgp_key_provider_t * key_provider; - rnp_ctx_t * ctx; + pgp_key_provider_t *key_provider; + rnp_ctx_t *ctx; void *param; } pgp_write_handler_t; @@ -59,25 +59,25 @@ rnp_result_t rnp_sign_src(pgp_write_handler_t *handler, pgp_source_t *src, pgp_d * @param dst output destination: file, stdout, memory, whatever else conforming to pgp_dest_t **/ rnp_result_t rnp_encrypt_sign_src(pgp_write_handler_t *handler, - pgp_source_t * src, - pgp_dest_t * dst); + pgp_source_t *src, + pgp_dest_t *dst); /* Following functions are used only in tests currently. Later could be used in CLI for debug * commands like --wrap-literal, --encrypt-raw, --compress-raw, etc. */ -rnp_result_t rnp_compress_src(pgp_source_t & src, - pgp_dest_t & dst, +rnp_result_t rnp_compress_src(pgp_source_t &src, + pgp_dest_t &dst, pgp_compression_type_t zalg, int zlevel); -rnp_result_t rnp_wrap_src(pgp_source_t & src, - pgp_dest_t & dst, +rnp_result_t rnp_wrap_src(pgp_source_t &src, + pgp_dest_t &dst, const std::string &filename, uint32_t modtime); -rnp_result_t rnp_raw_encrypt_src(pgp_source_t & src, - pgp_dest_t & dst, - const std::string & password, +rnp_result_t rnp_raw_encrypt_src(pgp_source_t &src, + pgp_dest_t &dst, + const std::string &password, rnp::SecurityContext &secctx); #endif diff --git a/src/librepgp/v2_seipd.h b/src/librepgp/v2_seipd.h index 00243036e..a6051a50a 100644 --- a/src/librepgp/v2_seipd.h +++ b/src/librepgp/v2_seipd.h @@ -32,5 +32,5 @@ struct seipd_v2_aead_fields_t { std::vector key, nonce; }; -seipd_v2_aead_fields_t -seipd_v2_key_and_nonce_derivation(pgp_seipdv2_hdr_t &hdr, uint8_t *sesskey); +seipd_v2_aead_fields_t seipd_v2_key_and_nonce_derivation(pgp_seipdv2_hdr_t &hdr, + uint8_t *sesskey); diff --git a/src/libsexp b/src/libsexp index ee796f53a..b6bf03369 160000 --- a/src/libsexp +++ b/src/libsexp @@ -1 +1 @@ -Subproject commit ee796f53ad83a40f7b81e52e27ec9ca9a19707fa +Subproject commit b6bf0336904d8d8e0c169236e56cf55075fe4d36 diff --git a/src/rnp/fficli.cpp b/src/rnp/fficli.cpp index 011645af5..e29e8a63c 100644 --- a/src/rnp/fficli.cpp +++ b/src/rnp/fficli.cpp @@ -94,7 +94,7 @@ disable_core_dumps(void) ERR_MSG("Warning - cannot turn off core dumps"); return false; } else if (limit.rlim_cur == 0) { - return true; // disabling core dumps ok + return true; // disabling core dumps ok } else { return false; // failed for some reason? } @@ -371,16 +371,16 @@ stdin_getpass(const char *prompt, char *buffer, size_t size, cli_rnp_t &rnp) static bool ffi_pass_callback_stdin(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, + const char *pgp_context, char buf[], size_t buf_len) { - char * keyid = NULL; + char *keyid = NULL; char target[64] = {0}; char prompt[128] = {0}; - char * buffer = NULL; + char *buffer = NULL; bool ok = false; bool protect = false; bool add_subkey = false; @@ -487,9 +487,9 @@ ffi_pass_callback_stdin(rnp_ffi_t ffi, static bool ffi_pass_callback_file(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, + const char *pgp_context, char buf[], size_t buf_len) { @@ -507,9 +507,9 @@ ffi_pass_callback_file(rnp_ffi_t ffi, static bool ffi_pass_callback_string(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, + const char *pgp_context, char buf[], size_t buf_len) { @@ -528,7 +528,7 @@ ffi_pass_callback_string(rnp_ffi_t ffi, static void ffi_key_callback(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, const char *identifier_type, const char *identifier, bool secret) @@ -726,7 +726,7 @@ cli_rnp_t::load_keyring(bool secret) return true; } - const char * format = secret ? secformat().c_str() : pubformat().c_str(); + const char *format = secret ? secformat().c_str() : pubformat().c_str(); uint32_t flags = secret ? RNP_LOAD_SAVE_SECRET_KEYS : RNP_LOAD_SAVE_PUBLIC_KEYS; rnp_result_t ret = rnp_load_keys(ffi, format, keyin, flags); if (ret) { @@ -785,7 +785,7 @@ cli_rnp_t::set_defkey() { rnp_identifier_iterator_t it = NULL; rnp_key_handle_t handle = NULL; - const char * grip = NULL; + const char *grip = NULL; cfg_.unset(CFG_KR_DEF_KEY); if (rnp_identifier_iterator_create(ffi, &it, "grip")) { @@ -858,9 +858,9 @@ cli_rnp_t::is_cv25519_subkey(rnp_key_handle_t handle) bool cli_rnp_t::get_protection(rnp_key_handle_t handle, - std::string & hash, - std::string & cipher, - size_t & iterations) + std::string &hash, + std::string &cipher, + size_t &iterations) { bool prot = false; if (rnp_key_is_protected(handle, &prot)) { @@ -931,7 +931,7 @@ cli_rnp_t::fix_cv25519_subkey(const std::string &key, bool checkonly) std::string prot_hash; std::string prot_cipher; size_t prot_iterations; - char * prot_password = NULL; + char *prot_password = NULL; bool tweaked = false; if (keys.size() > 1) { @@ -1057,7 +1057,7 @@ cli_rnp_t::add_new_subkey(const std::string &key) bool res = false; rnp_op_generate_t genkey = NULL; rnp_key_handle_t subkey = NULL; - char * password = NULL; + char *password = NULL; if (keys.size() > 1) { ERR_MSG("Ambiguous input: too many keys found for '%s'.", key.c_str()); @@ -1355,7 +1355,7 @@ cli_rnp_print_sig_info(FILE *fp, rnp_ffi_t ffi, rnp_signature_handle_t sig) (void) rnp_signature_get_key_fprint(sig, &keyfp); (void) rnp_signature_get_keyid(sig, &keyid); - char * signer_uid = NULL; + char *signer_uid = NULL; rnp_key_handle_t signer = NULL; if (keyfp) { /* Fingerprint lookup is faster */ @@ -1376,7 +1376,7 @@ cli_rnp_print_sig_info(FILE *fp, rnp_ffi_t ffi, rnp_signature_handle_t sig) /* signer's userid */ fprintf(fp, " %s", signer_uid ? signer_uid : "[unknown]"); /* signature validity */ - const char * valmsg = NULL; + const char *valmsg = NULL; rnp_result_t validity = rnp_signature_is_valid(sig, 0); switch (validity) { case RNP_SUCCESS: @@ -1626,8 +1626,8 @@ cli_rnp_generate_key(cli_rnp_t *rnp, const char *username) } #if defined(ENABLE_CRYPTO_REFRESH) - if(cfg.get_bool(CFG_KG_V6_KEY)) { - rnp_op_generate_set_v6_key(genkey); + if (cfg.get_bool(CFG_KG_V6_KEY)) { + rnp_op_generate_set_v6_key(genkey); } #endif @@ -1673,8 +1673,8 @@ cli_rnp_generate_key(cli_rnp_t *rnp, const char *username) goto done; } #if defined(ENABLE_CRYPTO_REFRESH) - if(cfg.get_bool(CFG_KG_V6_KEY)) { - rnp_op_generate_set_v6_key(genkey); + if (cfg.get_bool(CFG_KG_V6_KEY)) { + rnp_op_generate_set_v6_key(genkey); } #endif if (rnp_op_generate_execute(genkey) || rnp_op_generate_get_key(genkey, &subkey)) { @@ -1724,7 +1724,7 @@ static bool key_matches_string(rnp_key_handle_t handle, const std::string &str) { bool matches = false; - char * id = NULL; + char *id = NULL; size_t idlen = 0; #ifndef RNP_USE_STD_REGEX regex_t r = {}; @@ -1761,7 +1761,8 @@ key_matches_string(rnp_key_handle_t handle, const std::string &str) /* check fingerprint */ int key_version; rnp_key_get_version(handle, &key_version); - const size_t fp_size = (key_version == RNP_PGP_VER_6) ? RNP_FP_V6_SIZE : RNP_FP_V4_SIZE; + const size_t fp_size = + (key_version == RNP_PGP_VER_6) ? RNP_FP_V6_SIZE : RNP_FP_V4_SIZE; if (len == fp_size * 2) { if (rnp_key_get_fprint(handle, &id)) { goto done; @@ -1942,15 +1943,15 @@ add_key_to_array(rnp_ffi_t ffi, } bool -cli_rnp_keys_matching_string(cli_rnp_t * rnp, +cli_rnp_keys_matching_string(cli_rnp_t *rnp, std::vector &keys, - const std::string & str, + const std::string &str, int flags) { bool res = false; rnp_identifier_iterator_t it = NULL; rnp_key_handle_t handle = NULL; - const char * fp = NULL; + const char *fp = NULL; /* iterate through the keys */ if (rnp_identifier_iterator_create(rnp->ffi, &it, "fingerprint")) { @@ -1984,8 +1985,8 @@ cli_rnp_keys_matching_string(cli_rnp_t * rnp, } bool -cli_rnp_keys_matching_strings(cli_rnp_t * rnp, - std::vector & keys, +cli_rnp_keys_matching_strings(cli_rnp_t *rnp, + std::vector &keys, const std::vector &strs, int flags) { @@ -2731,7 +2732,7 @@ cli_rnp_sign(const rnp_cfg &cfg, cli_rnp_t *rnp, rnp_input_t input, rnp_output_t static bool cli_rnp_encrypt_and_sign(const rnp_cfg &cfg, - cli_rnp_t * rnp, + cli_rnp_t *rnp, rnp_input_t input, rnp_output_t output) { @@ -2807,8 +2808,6 @@ cli_rnp_encrypt_and_sign(const rnp_cfg &cfg, } } - - /* adding encrypting keys if pk-encryption is used */ if (cfg.get_bool(CFG_ENCRYPT_PK)) { std::vector keynames = cfg.get_list(CFG_RECIPIENTS); @@ -2972,7 +2971,7 @@ cli_rnp_print_signatures(cli_rnp_t *rnp, const std::vectorresfp; + FILE *resfp = rnp->resfp; for (auto sig : sigs) { rnp_result_t status = rnp_op_verify_signature_get_status(sig); @@ -3228,7 +3227,7 @@ cli_rnp_print_praise(void) void cli_rnp_print_feature(FILE *fp, const char *type, const char *printed_type) { - char * result = NULL; + char *result = NULL; size_t count; if (rnp_supported_features(type, &result) != RNP_SUCCESS) { ERR_MSG("Failed to list supported features: %s", type); diff --git a/src/rnp/fficli.h b/src/rnp/fficli.h index 9d32ebdc3..e163424f7 100644 --- a/src/rnp/fficli.h +++ b/src/rnp/fficli.h @@ -48,21 +48,21 @@ class cli_rnp_t { bool load_keyring(bool secret); bool is_cv25519_subkey(rnp_key_handle_t handle); bool get_protection(rnp_key_handle_t handle, - std::string & hash, - std::string & cipher, - size_t & iterations); + std::string &hash, + std::string &cipher, + size_t &iterations); bool check_cv25519_bits(rnp_key_handle_t key, char *prot_password, bool &tweaked); public: rnp_ffi_t ffi{}; - FILE * resfp{}; /* where to put result messages, defaults to stdout */ - FILE * passfp{}; /* file pointer for password input */ - FILE * userio_in{}; /* file pointer for user's inputs */ - FILE * userio_out{}; /* file pointer for user's outputs */ + FILE *resfp{}; /* where to put result messages, defaults to stdout */ + FILE *passfp{}; /* file pointer for password input */ + FILE *userio_in{}; /* file pointer for user's inputs */ + FILE *userio_out{}; /* file pointer for user's outputs */ int pswdtries{}; /* number of password tries, -1 for unlimited */ bool reuse_password_for_subkey{}; std::string reuse_primary_fprint; - char * reused_password{}; + char *reused_password{}; bool hidden_msg{}; /* true if hidden recipient message was displayed */ static int ret_code(bool success); @@ -126,9 +126,9 @@ class cli_rnp_t { }; typedef enum cli_search_flags_t { - CLI_SEARCH_SECRET = 1 << 0, /* search secret keys only */ - CLI_SEARCH_SUBKEYS = 1 << 1, /* add subkeys as well */ - CLI_SEARCH_FIRST_ONLY = 1 << 2, /* return only first key matching */ + CLI_SEARCH_SECRET = 1 << 0, /* search secret keys only */ + CLI_SEARCH_SUBKEYS = 1 << 1, /* add subkeys as well */ + CLI_SEARCH_FIRST_ONLY = 1 << 2, /* return only first key matching */ CLI_SEARCH_SUBKEYS_AFTER = (1 << 3) | CLI_SEARCH_SUBKEYS, /* put subkeys after the primary key */ CLI_SEARCH_DEFAULT = 1 << 4 /* add default key if nothing found */ @@ -156,9 +156,9 @@ bool cli_cfg_set_keystore_info(rnp_cfg &cfg); * needed. * @return rnp_input_t object or NULL if operation failed. */ -rnp_input_t cli_rnp_input_from_specifier(cli_rnp_t & rnp, +rnp_input_t cli_rnp_input_from_specifier(cli_rnp_t &rnp, const std::string &spec, - bool * is_path); + bool *is_path); /** * @brief Create output object from the specifier, which may represent: @@ -170,7 +170,7 @@ rnp_input_t cli_rnp_input_from_specifier(cli_rnp_t & rnp, * @param discard just discard output * @return rnp_output_t or NULL if operation failed. */ -rnp_output_t cli_rnp_output_to_specifier(cli_rnp_t & rnp, +rnp_output_t cli_rnp_output_to_specifier(cli_rnp_t &rnp, const std::string &spec, bool discard = false); @@ -195,9 +195,9 @@ bool cli_rnp_generate_key(cli_rnp_t *rnp, const char *username); * if subkey is orphaned or primary key matches search. * @return true if operation succeeds and at least one key is found, or false otherwise. */ -bool cli_rnp_keys_matching_string(cli_rnp_t * rnp, +bool cli_rnp_keys_matching_string(cli_rnp_t *rnp, std::vector &keys, - const std::string & str, + const std::string &str, int flags); /** * @brief Find key(s) matching set of flags and search string(s). @@ -211,8 +211,8 @@ bool cli_rnp_keys_matching_string(cli_rnp_t * rnp, * @return true if operation succeeds and at least one key is found for each search string, or * false otherwise. */ -bool cli_rnp_keys_matching_strings(cli_rnp_t * rnp, - std::vector & keys, +bool cli_rnp_keys_matching_strings(cli_rnp_t *rnp, + std::vector &keys, const std::vector &strs, int flags); bool cli_rnp_export_keys(cli_rnp_t *rnp, const char *filter); diff --git a/src/rnp/rnp.cpp b/src/rnp/rnp.cpp index 289de3c73..90a5f18b1 100644 --- a/src/rnp/rnp.cpp +++ b/src/rnp/rnp.cpp @@ -61,7 +61,8 @@ static const char *usage = " -e, --encrypt Encrypt data using the public key(s).\n" " -r, --recipient Specify recipient's key via uid/keyid/fingerprint.\n" #if defined(ENABLE_CRYPTO_REFRESH) - " --v3-pkesk-only Only create v3 PKESK (otherwise v6 will be created if appropirate).\n" + " --v3-pkesk-only Only create v3 PKESK (otherwise v6 will be created if " + "appropirate).\n" #endif " --cipher name Specify symmetric cipher, used for encryption.\n" " --aead[=EAX, OCB] Use AEAD for encryption.\n" diff --git a/src/rnp/rnpcfg.cpp b/src/rnp/rnpcfg.cpp index e1c35a30a..8be96d738 100644 --- a/src/rnp/rnpcfg.cpp +++ b/src/rnp/rnpcfg.cpp @@ -359,9 +359,9 @@ rnp_cfg::get_expiration(const std::string &key, uint32_t &seconds) const if (!std::regex_search(val, result, re)) { return false; } - std::string delta_stdstr = result[1].str(); - const char *delta_str = delta_stdstr.c_str(); - char mult = result[2].str()[0]; + std::string delta_stdstr = result[1].str(); + const char *delta_str = delta_stdstr.c_str(); + char mult = result[2].str()[0]; #endif errno = 0; delta = strtoul(delta_str, NULL, 10); diff --git a/src/rnp/rnpcfg.h b/src/rnp/rnpcfg.h index 120f77d9a..975e7eaea 100644 --- a/src/rnp/rnpcfg.h +++ b/src/rnp/rnpcfg.h @@ -35,26 +35,26 @@ /* cfg variables known by rnp */ #define CFG_OVERWRITE "overwrite" /* overwrite output file if it is already exist or fail */ #define CFG_ARMOR "armor" /* armor output data or not */ -#define CFG_ARMOR_DATA_TYPE "armor_type" /* armor data type, used with ``enarmor`` option */ -#define CFG_COMMAND "command" /* command to execute over input data */ -#define CFG_DETACHED "detached" /* produce the detached signature */ -#define CFG_CLEARTEXT "cleartext" /* cleartext signing should be used */ -#define CFG_SIGN_NEEDED "sign_needed" /* signing is needed during data protection */ -#define CFG_OUTFILE "outfile" /* name/path of the output file */ -#define CFG_NO_OUTPUT "no_output" /* do not output any data - just verify or process */ -#define CFG_INFILE "infile" /* name/path of the input file */ -#define CFG_SETFNAME "setfname" /* file name to embed into the literal data packet */ -#define CFG_RESULTS "results" /* name/path for results, not used right now */ -#define CFG_KEYSTOREFMT "keystorefmt" /* keyring format : GPG, G10, KBX */ -#define CFG_COREDUMPS "coredumps" /* enable/disable core dumps. 1 or 0. */ -#define CFG_NEEDSSECKEY "needsseckey" /* needs secret key for the ongoing operation */ -#define CFG_USERID "userid" /* userid for the ongoing operation */ -#define CFG_RECIPIENTS "recipients" /* list of encrypted data recipients */ +#define CFG_ARMOR_DATA_TYPE "armor_type" /* armor data type, used with ``enarmor`` option */ +#define CFG_COMMAND "command" /* command to execute over input data */ +#define CFG_DETACHED "detached" /* produce the detached signature */ +#define CFG_CLEARTEXT "cleartext" /* cleartext signing should be used */ +#define CFG_SIGN_NEEDED "sign_needed" /* signing is needed during data protection */ +#define CFG_OUTFILE "outfile" /* name/path of the output file */ +#define CFG_NO_OUTPUT "no_output" /* do not output any data - just verify or process */ +#define CFG_INFILE "infile" /* name/path of the input file */ +#define CFG_SETFNAME "setfname" /* file name to embed into the literal data packet */ +#define CFG_RESULTS "results" /* name/path for results, not used right now */ +#define CFG_KEYSTOREFMT "keystorefmt" /* keyring format : GPG, G10, KBX */ +#define CFG_COREDUMPS "coredumps" /* enable/disable core dumps. 1 or 0. */ +#define CFG_NEEDSSECKEY "needsseckey" /* needs secret key for the ongoing operation */ +#define CFG_USERID "userid" /* userid for the ongoing operation */ +#define CFG_RECIPIENTS "recipients" /* list of encrypted data recipients */ #if defined(ENABLE_CRYPTO_REFRESH) - #define CFG_V3_PKESK_ONLY "v3-pkesk-only" /* disable v6 PKESK */ +#define CFG_V3_PKESK_ONLY "v3-pkesk-only" /* disable v6 PKESK */ #endif -#define CFG_SIGNERS "signers" /* list of signers */ -#define CFG_HOMEDIR "homedir" /* home directory - folder with keyrings and so on */ +#define CFG_SIGNERS "signers" /* list of signers */ +#define CFG_HOMEDIR "homedir" /* home directory - folder with keyrings and so on */ #define CFG_KEYFILE "keyfile" /* path to the file with key(s), used instead of keyring */ #define CFG_PASSFD "pass-fd" /* password file descriptor */ #define CFG_PASSWD "password" /* password as command-line constant */ @@ -78,17 +78,17 @@ #define CFG_AEAD "aead" /* if nonzero then AEAD enryption mode, int */ #define CFG_AEAD_CHUNK "aead_chunk" /* AEAD chunk size bits, int from 0 to 56 */ #define CFG_KEYSTORE_DISABLED \ - "disable_keystore" /* indicates whether keystore must be initialized */ -#define CFG_FORCE "force" /* force command to succeed operation */ -#define CFG_SECRET "secret" /* indicates operation on secret key */ -#define CFG_WITH_SIGS "with-sigs" /* list keys with signatures */ -#define CFG_JSON "json" /* list packets with JSON output */ -#define CFG_GRIPS "grips" /* dump grips when dumping key packets */ -#define CFG_MPIS "mpis" /* dump MPI values when dumping packets */ -#define CFG_RAW "raw" /* dump raw packet contents */ -#define CFG_REV_TYPE "rev-type" /* revocation reason code */ -#define CFG_REV_REASON "rev-reason" /* revocation reason human-readable string */ -#define CFG_PERMISSIVE "permissive" /* ignore bad packets during key import */ + "disable_keystore" /* indicates whether keystore must be initialized */ +#define CFG_FORCE "force" /* force command to succeed operation */ +#define CFG_SECRET "secret" /* indicates operation on secret key */ +#define CFG_WITH_SIGS "with-sigs" /* list keys with signatures */ +#define CFG_JSON "json" /* list packets with JSON output */ +#define CFG_GRIPS "grips" /* dump grips when dumping key packets */ +#define CFG_MPIS "mpis" /* dump MPI values when dumping packets */ +#define CFG_RAW "raw" /* dump raw packet contents */ +#define CFG_REV_TYPE "rev-type" /* revocation reason code */ +#define CFG_REV_REASON "rev-reason" /* revocation reason human-readable string */ +#define CFG_PERMISSIVE "permissive" /* ignore bad packets during key import */ #define CFG_NOTTY "notty" /* disable tty usage and do input/output via stdin/stdout */ #define CFG_FIX_25519_BITS "fix-25519-bits" /* fix Cv25519 secret key via --edit-key */ #define CFG_CHK_25519_BITS "check-25519-bits" /* check Cv25519 secret key bits */ @@ -119,7 +119,8 @@ #define CFG_KG_PROT_HASH "kg-prot-hash" #define CFG_KG_PROT_ALG "kg-prot-alg" #define CFG_KG_PROT_ITERATIONS "kg-prot-iterations" -#define CFG_KG_V6_KEY "kg-v6-key" /* represents a boolean property: non-empty string means 'true' */ +#define CFG_KG_V6_KEY \ + "kg-v6-key" /* represents a boolean property: non-empty string means 'true' */ /* rnp CLI config : contains all the system-dependent and specified by the user configuration * options */ diff --git a/src/rnpkeys/main.cpp b/src/rnpkeys/main.cpp index 8bcb7e111..135f3e69e 100644 --- a/src/rnpkeys/main.cpp +++ b/src/rnpkeys/main.cpp @@ -39,7 +39,7 @@ #include "rnpkeys.h" extern struct option options[]; -extern const char * usage; +extern const char *usage; optdefs_t get_short_cmd(int ch) diff --git a/src/rnpkeys/rnpkeys.cpp b/src/rnpkeys/rnpkeys.cpp index 1a6997c28..4c0e3bc7b 100644 --- a/src/rnpkeys/rnpkeys.cpp +++ b/src/rnpkeys/rnpkeys.cpp @@ -189,7 +189,7 @@ import_keys(cli_rnp_t *rnp, rnp_input_t input, const std::string &inname) do { /* load keys one-by-one */ - char * results = NULL; + char *results = NULL; rnp_result_t ret = rnp_import_keys(rnp->ffi, input, flags, &results); if (ret == RNP_ERROR_EOF) { res = true; @@ -221,7 +221,7 @@ import_keys(cli_rnp_t *rnp, rnp_input_t input, const std::string &inname) } processed_keys += json_object_array_length(keys); for (size_t idx = 0; idx < (size_t) json_object_array_length(keys); idx++) { - json_object * keyinfo = json_object_array_get_idx(keys, idx); + json_object *keyinfo = json_object_array_get_idx(keys, idx); rnp_key_handle_t key = NULL; if (!keyinfo) { continue; @@ -287,7 +287,7 @@ static bool import_sigs(cli_rnp_t *rnp, rnp_input_t input, const std::string &inname) { bool res = false; - char * results = NULL; + char *results = NULL; json_object *jso = NULL; json_object *sigs = NULL; int unknown_sigs = 0; diff --git a/src/rnpkeys/tui.cpp b/src/rnpkeys/tui.cpp index b4a0f2faa..4940a8c3f 100644 --- a/src/rnpkeys/tui.cpp +++ b/src/rnpkeys/tui.cpp @@ -201,28 +201,29 @@ rnpkeys_ask_generate_params(rnp_cfg &cfg, FILE *input_fp) { long option = 0; do { - printf("Please select what kind of key you want:\n" - "\t(1) RSA (Encrypt or Sign)\n" - "\t(16) DSA + ElGamal\n" - "\t(17) DSA + RSA\n" // TODO: See #584 - "\t(19) ECDSA + ECDH\n" + printf( + "Please select what kind of key you want:\n" + "\t(1) RSA (Encrypt or Sign)\n" + "\t(16) DSA + ElGamal\n" + "\t(17) DSA + RSA\n" // TODO: See #584 + "\t(19) ECDSA + ECDH\n" #if defined(ENABLE_CRYPTO_REFRESH) - "\t(21) EDDSA + ECDH (v6 key) \n" + "\t(21) EDDSA + ECDH (v6 key) \n" #endif - "\t(22) EDDSA + ECDH (v4 key) \n" + "\t(22) EDDSA + ECDH (v4 key) \n" #if defined(ENABLE_CRYPTO_REFRESH) - "\t(23) ED25519 + X25519 (v6 key) \n" + "\t(23) ED25519 + X25519 (v6 key) \n" #endif #if defined(ENABLE_PQC) - "\t(25) (Dilithium3 + Ed25519) + (Kyber768 + X25519)\n" - //"\t(26) (Dilithium5 + Ed448) + (Kyber1024 + X448)\n" - "\t(27) (Dilithium3 + ECDSA-NIST-P-256) + (Kyber768 + ECDH-NIST-P-256)\n" - "\t(28) (Dilithium5 + ECDSA-NIST-P-384) + (Kyber1024 + ECDH-NIST-P-384)\n" - "\t(29) (Dilithium3 + ECDSA-brainpoolP256r1) + (Kyber768 + ECDH-brainpoolP256r1)\n" - "\t(30) (Dilithium5 + ECDSA-brainpoolP384r1) + (Kyber1024 + ECDH-brainpoolP384r1)\n" + "\t(25) (Dilithium3 + Ed25519) + (Kyber768 + X25519)\n" + //"\t(26) (Dilithium5 + Ed448) + (Kyber1024 + X448)\n" + "\t(27) (Dilithium3 + ECDSA-NIST-P-256) + (Kyber768 + ECDH-NIST-P-256)\n" + "\t(28) (Dilithium5 + ECDSA-NIST-P-384) + (Kyber1024 + ECDH-NIST-P-384)\n" + "\t(29) (Dilithium3 + ECDSA-brainpoolP256r1) + (Kyber768 + ECDH-brainpoolP256r1)\n" + "\t(30) (Dilithium5 + ECDSA-brainpoolP384r1) + (Kyber1024 + ECDH-brainpoolP384r1)\n" #endif - "\t(99) SM2\n" - "> "); + "\t(99) SM2\n" + "> "); if (!rnp_secure_get_long_from_fd(input_fp, option, false)) { option = 0; continue; @@ -289,13 +290,13 @@ rnpkeys_ask_generate_params(rnp_cfg &cfg, FILE *input_fp) cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER768_X25519); cfg.set_str(CFG_KG_V6_KEY, "true"); break; -/* - case 26: - cfg.set_str(CFG_KG_PRIMARY_ALG, RNP_ALGNAME_DILITHIUM5_ED448); - cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER1024_X448); - cfg.set_str(CFG_KG_V6_KEY, "true"); - break; -*/ + /* + case 26: + cfg.set_str(CFG_KG_PRIMARY_ALG, RNP_ALGNAME_DILITHIUM5_ED448); + cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER1024_X448); + cfg.set_str(CFG_KG_V6_KEY, "true"); + break; + */ case 27: cfg.set_str(CFG_KG_PRIMARY_ALG, RNP_ALGNAME_DILITHIUM3_P256); cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER768_P256); @@ -402,22 +403,22 @@ rnpkeys_ask_generate_params_subkey(rnp_cfg &cfg, FILE *input_fp) break; } #if defined(ENABLE_PQC) - case 25: + case 25: cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER768_X25519); break; - case 26: + case 26: cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER1024_X448); break; - case 27: + case 27: cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER768_P256); break; - case 28: + case 28: cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER1024_P384); break; - case 29: + case 29: cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER768_BP256); break; - case 30: + case 30: cfg.set_str(CFG_KG_SUBKEY_ALG, RNP_ALGNAME_KYBER1024_BP384); break; #endif diff --git a/src/tests/cipher.cpp b/src/tests/cipher.cpp index 6de6b0622..58daa1231 100644 --- a/src/tests/cipher.cpp +++ b/src/tests/cipher.cpp @@ -51,21 +51,21 @@ TEST_F(rnp_tests, hash_test_success) PGP_HASH_UNKNOWN}; const uint8_t test_input[3] = {'a', 'b', 'c'}; - const char * hash_alg_expected_outputs[] = { + const char *hash_alg_expected_outputs[] = { "900150983CD24FB0D6963F7D28E17F72", "A9993E364706816ABA3E25717850C26C9CD0D89D", "BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD", "CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1" - "E7CC2358BAECA" - "134C825A7", + "E7CC2358BAECA" + "134C825A7", "DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A27" - "4FC1A836BA3C2" - "3A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F", + "4FC1A836BA3C2" + "3A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F", "23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7", "66C7F0F462EEEDD9D1F2D46BDC10E4E24167C4875CF2F7A2297DA02B8F4BA8E0", "3A985DA74FE225B2045C172D6BD390BD855F086E3E9D525B46BFE24511431532", ("B751850B1A57168A5693CD924B6B096E08F621827444F70D884F5D0240D2712E1" - "0E116E9192AF3C91A7EC57647E3934057340B4CF408D5A56592F8274EEC53F0")}; + "0E116E9192AF3C91A7EC57647E3934057340B4CF408D5A56592F8274EEC53F0")}; for (int i = 0; hash_algs[i] != PGP_HASH_UNKNOWN; ++i) { #if !defined(ENABLE_SM2) @@ -468,7 +468,7 @@ TEST_F(rnp_tests, sm2_sm3_signature_test) #if defined(ENABLE_SM2) TEST_F(rnp_tests, sm2_sha256_signature_test) { - const char * msg = "hi chappy"; + const char *msg = "hi chappy"; pgp_ec_key_t sm2_key; pgp_ec_signature_t sig; pgp_hash_alg_t hash_alg = PGP_HASH_SHA256; @@ -609,16 +609,15 @@ TEST_F(rnp_tests, kyber_ecdh_roundtrip) /* PGP_PKA_KYBER1024_X448, */ // X448 not yet implemented PGP_PKA_KYBER1024_P384, PGP_PKA_KYBER768_BP256, - PGP_PKA_KYBER1024_BP384 - }; + PGP_PKA_KYBER1024_BP384}; pgp_kyber_ecdh_encrypted_t enc; - uint8_t plaintext[32] = {0}; - size_t plaintext_len = sizeof(plaintext); - uint8_t result[32] = {0}; - size_t result_len = sizeof(result); + uint8_t plaintext[32] = {0}; + size_t plaintext_len = sizeof(plaintext); + uint8_t result[32] = {0}; + size_t result_len = sizeof(result); - for(size_t i = 0; i < plaintext_len; i++) { + for (size_t i = 0; i < plaintext_len; i++) { plaintext[i] = i; // assures that we do not have a special case with all-zeroes } @@ -635,8 +634,10 @@ TEST_F(rnp_tests, kyber_ecdh_roundtrip) assert_rnp_success(pgp_fingerprint(key_fpr, key_pkt)); pgp_key_t key(key_pkt); - assert_rnp_success(key_pkt.material.kyber_ecdh.pub.encrypt(&global_ctx.rng, &enc, plaintext, plaintext_len, key.subkey_pkt_hash())); - assert_rnp_success(key_pkt.material.kyber_ecdh.priv.decrypt(&global_ctx.rng, result, &result_len, &enc, key.subkey_pkt_hash())); + assert_rnp_success(key_pkt.material.kyber_ecdh.pub.encrypt( + &global_ctx.rng, &enc, plaintext, plaintext_len, key.subkey_pkt_hash())); + assert_rnp_success(key_pkt.material.kyber_ecdh.priv.decrypt( + &global_ctx.rng, result, &result_len, &enc, key.subkey_pkt_hash())); assert_int_equal(plaintext_len, result_len); assert_int_equal(memcmp(plaintext, result, result_len), 0); @@ -648,14 +649,18 @@ TEST_F(rnp_tests, dilithium_exdsa_signverify_success) uint8_t message[64]; const pgp_hash_alg_t hash_alg = PGP_HASH_SHA512; - pgp_pubkey_alg_t algs[] = {PGP_PKA_DILITHIUM3_ED25519, /* PGP_PKA_DILITHIUM5_ED448,*/ PGP_PKA_DILITHIUM3_P256, PGP_PKA_DILITHIUM5_P384, PGP_PKA_DILITHIUM3_BP256, PGP_PKA_DILITHIUM5_BP384}; - + pgp_pubkey_alg_t algs[] = {PGP_PKA_DILITHIUM3_ED25519, + /* PGP_PKA_DILITHIUM5_ED448,*/ PGP_PKA_DILITHIUM3_P256, + PGP_PKA_DILITHIUM5_P384, + PGP_PKA_DILITHIUM3_BP256, + PGP_PKA_DILITHIUM5_BP384}; + for (size_t i = 0; i < ARRAY_SIZE(algs); i++) { // Generate test data. Mainly to make valgrind not to complain about uninitialized data global_ctx.rng.get(message, sizeof(message)); pgp_dilithium_exdsa_signature_t sig; - rnp_keygen_crypto_params_t key_desc; + rnp_keygen_crypto_params_t key_desc; key_desc.key_alg = algs[i]; key_desc.hash_alg = hash_alg; key_desc.ctx = &global_ctx; @@ -755,7 +760,7 @@ read_key_pkt(pgp_key_pkt_t *key, const char *path) TEST_F(rnp_tests, test_validate_key_material) { pgp_key_pkt_t key; - rnp::RNG & rng = global_ctx.rng; + rnp::RNG &rng = global_ctx.rng; /* RSA key and subkey */ assert_true(read_key_pkt(&key, KEYS "rsa-pub.pgp")); diff --git a/src/tests/cipher_cxx.cpp b/src/tests/cipher_cxx.cpp index a33e38e6e..b75126705 100644 --- a/src/tests/cipher_cxx.cpp +++ b/src/tests/cipher_cxx.cpp @@ -56,11 +56,11 @@ test_cipher(pgp_symm_alg_t alg, pgp_cipher_mode_t mode, size_t tag_size, bool disable_padding, - const char * key_hex, - const char * iv_hex, - const char * ad_hex, - const char * pt_hex, - const char * expected_ct_hex) + const char *key_hex, + const char *iv_hex, + const char *ad_hex, + const char *pt_hex, + const char *expected_ct_hex) { const std::vector key(decode_hex(key_hex)); const std::vector iv(decode_hex(iv_hex)); diff --git a/src/tests/cli.cpp b/src/tests/cli.cpp index a96115cf0..4f3b04560 100644 --- a/src/tests/cli.cpp +++ b/src/tests/cli.cpp @@ -53,7 +53,7 @@ call_rnp(const char *cmd, ...) { int argc = 0; int res; - char ** argv = (char **) calloc(32, sizeof(char *)); + char **argv = (char **) calloc(32, sizeof(char *)); va_list args; if (!argv) { @@ -445,7 +445,7 @@ TEST_F(rnp_tests, test_cli_rnpkeys_unicode) assert_non_null(uid); size_t size = 0; - char * data = NULL; + char *data = NULL; assert_rnp_success(rnp_uid_get_data(uid, (void **) &data, &size)); std::string uid_read(data, data + size); assert_int_equal(0, uid_read.compare(uid_utf8)); @@ -618,7 +618,7 @@ TEST_F(rnp_tests, test_cli_rnpkeys) // check both primary key and subkey for the given userid static int key_expiration_check(rnp_key_store_t *keystore, - const char * userid, + const char *userid, uint32_t expectedExpiration) { int res = -1; // not found @@ -837,8 +837,8 @@ TEST_F(rnp_tests, test_cli_dump) TEST_F(rnp_tests, test_cli_logname) { - char * logname = getenv("LOGNAME"); - char * user = getenv("USER"); + char *logname = getenv("LOGNAME"); + char *user = getenv("USER"); std::string testname(user ? user : "user"); testname.append("-test-user"); diff --git a/src/tests/data/test_key_validity/case5/generate.cpp b/src/tests/data/test_key_validity/case5/generate.cpp index 23735f427..f6aeee227 100644 --- a/src/tests/data/test_key_validity/case5/generate.cpp +++ b/src/tests/data/test_key_validity/case5/generate.cpp @@ -44,9 +44,9 @@ load_transferable_key(pgp_transferable_key_t *key, const char *fname) bool calculate_primary_binding(const pgp_key_pkt_t &key, const pgp_key_pkt_t &subkey, pgp_hash_alg_t halg, - pgp_signature_t & sig, - rnp::Hash & hash, - rnp::RNG & rng); + pgp_signature_t &sig, + rnp::Hash &hash, + rnp::RNG &rng); int main(int argc, char **argv) diff --git a/src/tests/exdsa_ecdhkem.cpp b/src/tests/exdsa_ecdhkem.cpp index 462e2f79e..c8cf87c71 100644 --- a/src/tests/exdsa_ecdhkem.cpp +++ b/src/tests/exdsa_ecdhkem.cpp @@ -28,7 +28,6 @@ * POSSIBILITY OF SUCH DAMAGE. */ - #include "rnp_tests.h" #include "crypto/exdsa_ecdhkem.h" #include "crypto/bn.h" @@ -40,16 +39,25 @@ TEST_F(rnp_tests, test_ecdh_kem) std::vector ciphertext; std::vector symmetric_key; std::vector symmetric_key2; - ecdh_kem_key_t key_pair; - pgp_curve_t curve_list[] = {PGP_CURVE_NIST_P_256, PGP_CURVE_NIST_P_384, PGP_CURVE_NIST_P_521, PGP_CURVE_BP256, PGP_CURVE_BP384, PGP_CURVE_BP512, PGP_CURVE_25519}; + ecdh_kem_key_t key_pair; + pgp_curve_t curve_list[] = {PGP_CURVE_NIST_P_256, + PGP_CURVE_NIST_P_384, + PGP_CURVE_NIST_P_521, + PGP_CURVE_BP256, + PGP_CURVE_BP384, + PGP_CURVE_BP512, + PGP_CURVE_25519}; for (auto curve : curve_list) { /* keygen */ - assert_rnp_success(ec_key_t::generate_ecdh_kem_key_pair(&global_ctx.rng, &key_pair, curve)); + assert_rnp_success( + ec_key_t::generate_ecdh_kem_key_pair(&global_ctx.rng, &key_pair, curve)); /* kem encaps / decaps */ - assert_rnp_success(key_pair.pub.encapsulate(&global_ctx.rng, ciphertext, symmetric_key)); - assert_rnp_success(key_pair.priv.decapsulate(&global_ctx.rng, ciphertext, symmetric_key2)); + assert_rnp_success( + key_pair.pub.encapsulate(&global_ctx.rng, ciphertext, symmetric_key)); + assert_rnp_success( + key_pair.priv.decapsulate(&global_ctx.rng, ciphertext, symmetric_key2)); /* both parties should have the same key share */ assert_int_equal(symmetric_key.size(), symmetric_key2.size()); @@ -57,27 +65,36 @@ TEST_F(rnp_tests, test_ecdh_kem) /* test invalid ciphertext */ ciphertext.data()[4] += 1; - if(curve != PGP_CURVE_25519) { // Curve25519 accepts any 32-byte array - assert_throw(key_pair.priv.decapsulate(&global_ctx.rng, ciphertext, symmetric_key)); + if (curve != PGP_CURVE_25519) { // Curve25519 accepts any 32-byte array + assert_throw( + key_pair.priv.decapsulate(&global_ctx.rng, ciphertext, symmetric_key)); } } } TEST_F(rnp_tests, test_exdsa) { - pgp_hash_alg_t hash_alg = PGP_HASH_SHA256; + pgp_hash_alg_t hash_alg = PGP_HASH_SHA256; std::vector msg(32); - exdsa_key_t key_pair; - pgp_curve_t curve_list[] = {PGP_CURVE_NIST_P_256, PGP_CURVE_NIST_P_384, PGP_CURVE_NIST_P_521, PGP_CURVE_BP256, PGP_CURVE_BP384, PGP_CURVE_BP512, PGP_CURVE_ED25519}; - //pgp_curve_t curve_list[] = {PGP_CURVE_ED25519}; + exdsa_key_t key_pair; + pgp_curve_t curve_list[] = {PGP_CURVE_NIST_P_256, + PGP_CURVE_NIST_P_384, + PGP_CURVE_NIST_P_521, + PGP_CURVE_BP256, + PGP_CURVE_BP384, + PGP_CURVE_BP512, + PGP_CURVE_ED25519}; + // pgp_curve_t curve_list[] = {PGP_CURVE_ED25519}; for (auto curve : curve_list) { /* keygen */ - assert_rnp_success(ec_key_t::generate_exdsa_key_pair(&global_ctx.rng, &key_pair, curve)); - + assert_rnp_success( + ec_key_t::generate_exdsa_key_pair(&global_ctx.rng, &key_pair, curve)); + /* sign and verify */ std::vector sig; - assert_rnp_success(key_pair.priv.sign(&global_ctx.rng, sig, msg.data(), msg.size(), hash_alg)); + assert_rnp_success( + key_pair.priv.sign(&global_ctx.rng, sig, msg.data(), msg.size(), hash_alg)); assert_rnp_success(key_pair.pub.verify(sig, msg.data(), msg.size(), hash_alg)); /* test invalid msg / hash */ diff --git a/src/tests/ffi-enc.cpp b/src/tests/ffi-enc.cpp index 9d5f88599..05e2ed266 100644 --- a/src/tests/ffi-enc.cpp +++ b/src/tests/ffi-enc.cpp @@ -44,10 +44,10 @@ static bool getpasscb_once(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { const char **pass = (const char **) app_ctx; @@ -65,13 +65,13 @@ getpasscb_once(rnp_ffi_t ffi, static bool getpasscb_inc(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { - int * num = (int *) app_ctx; + int *num = (int *) app_ctx; std::string pass = "pass" + std::to_string(*num); (*num)++; strncpy(buf, pass.c_str(), buf_len - 1); @@ -83,14 +83,14 @@ typedef struct key_tbl_t { const uint8_t *key_data; size_t key_data_size; bool secret; - const char * keyid; - const char * grip; - const char * userids[TBL_MAX_USERIDS + 1]; + const char *keyid; + const char *grip; + const char *userids[TBL_MAX_USERIDS + 1]; } key_tbl_t; static void tbl_getkeycb(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, const char *identifier_type, const char *identifier, bool secret) @@ -138,7 +138,7 @@ TEST_F(rnp_tests, test_ffi_encrypt_pass) rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_encrypt_t op = NULL; - const char * plaintext = "data1"; + const char *plaintext = "data1"; // setup FFI assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); @@ -499,7 +499,7 @@ TEST_F(rnp_tests, test_ffi_encrypt_pk) rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_encrypt_t op = NULL; - const char * plaintext = "data1"; + const char *plaintext = "data1"; // setup FFI assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); @@ -600,10 +600,10 @@ TEST_F(rnp_tests, test_ffi_encrypt_pk) bool first_key_password_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { if (!key) { @@ -624,7 +624,7 @@ TEST_F(rnp_tests, test_ffi_decrypt_pk_unlocked) rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_encrypt_t op = NULL; - const char * plaintext = "data1"; + const char *plaintext = "data1"; // setup FFI assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); @@ -738,9 +738,9 @@ TEST_F(rnp_tests, test_ffi_decrypt_pk_unlocked) #if defined(ENABLE_CRYPTO_REFRESH) TEST_F(rnp_tests, test_ffi_decrypt_v6_pkesk_test_vector) { - rnp_ffi_t ffi = NULL; - rnp_input_t input = NULL; - rnp_output_t output = NULL; + rnp_ffi_t ffi = NULL; + rnp_input_t input = NULL; + rnp_output_t output = NULL; assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); assert_true(import_all_keys(ffi, "data/test_v6_valid_data/transferable_seckey_v6.asc")); @@ -761,89 +761,89 @@ TEST_F(rnp_tests, test_ffi_encrypt_pk_with_v6_key) rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_encrypt_t op = NULL; - const char * plaintext = "data1"; + const char *plaintext = "data1"; // setup FFI assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); assert_true(import_all_keys(ffi, "data/test_v6_valid_data/transferable_seckey_v6.asc")); - //RNP_LOG_HEX("key id", ffi->secring->keys.front().keyid().data(), ffi->secring->keys.front().keyid().size()); - //RNP_LOG_HEX("key id", ffi->secring->keys.back().keyid().data(), ffi->secring->keys.back().keyid().size()); + // RNP_LOG_HEX("key id", ffi->secring->keys.front().keyid().data(), + // ffi->secring->keys.front().keyid().size()); RNP_LOG_HEX("key id", + // ffi->secring->keys.back().keyid().data(), ffi->secring->keys.back().keyid().size()); std::vector ciphers = {"AES128", "AES192", "AES256"}; std::vector aead_modes = {"None", "EAX", "OCB"}; - std::vector enable_pkeskv6_modes = {true, false}; - - for(auto enable_pkeskv6 : enable_pkeskv6_modes) - for(auto aead : aead_modes) - for(auto cipher : ciphers) - { - // write out some data - FILE *fp = fopen("plaintext", "wb"); - assert_non_null(fp); - assert_int_equal(1, fwrite(plaintext, strlen(plaintext), 1, fp)); - assert_int_equal(0, fclose(fp)); - - // create input+output - assert_rnp_success(rnp_input_from_path(&input, "plaintext")); - assert_non_null(input); - assert_rnp_success(rnp_output_to_path(&output, "encrypted")); - assert_non_null(output); - // create encrypt operation - assert_rnp_success(rnp_op_encrypt_create(&op, ffi, input, output)); - // add recipients - rnp_key_handle_t key = NULL; - assert_rnp_success(rnp_locate_key(ffi, "keyid", "d1db378da9930885", &key)); - assert_non_null(key); - - assert_rnp_failure(rnp_op_encrypt_add_recipient(op, NULL)); // what for ? - assert_rnp_success(rnp_op_encrypt_add_recipient(op, key)); - if(enable_pkeskv6) { - assert_rnp_success(rnp_op_encrypt_enable_pkesk_v6(op)); - } - rnp_key_handle_destroy(key); - key = NULL; - - // set the data encryption cipher - if((aead == "None") && enable_pkeskv6) { - // already enabled v6 pkesk, does not make any sense to set AEAD to None explicitly. - assert_rnp_failure(rnp_op_encrypt_set_aead(op, aead.c_str())); - } - else { - assert_rnp_success(rnp_op_encrypt_set_aead(op, aead.c_str())); - } - assert_rnp_success(rnp_op_encrypt_set_cipher(op, cipher.c_str())); - - // execute the operation - assert_rnp_success(rnp_op_encrypt_execute(op)); - - // make sure the output file was created - assert_true(rnp_file_exists("encrypted")); - - // cleanup - assert_rnp_success(rnp_input_destroy(input)); - input = NULL; - assert_rnp_success(rnp_output_destroy(output)); - output = NULL; - assert_rnp_success(rnp_op_encrypt_destroy(op)); - op = NULL; - - /* decrypt */ - - // decrypt - assert_rnp_success(rnp_input_from_path(&input, "encrypted")); - assert_non_null(input); - assert_rnp_success(rnp_output_to_path(&output, "decrypted")); - assert_non_null(output); - assert_rnp_success(rnp_ffi_set_pass_provider(ffi, NULL, NULL)); - assert_rnp_success(rnp_decrypt(ffi, input, output)); - // cleanup - rnp_input_destroy(input); - input = NULL; - rnp_output_destroy(output); - output = NULL; - } + std::vector enable_pkeskv6_modes = {true, false}; + + for (auto enable_pkeskv6 : enable_pkeskv6_modes) + for (auto aead : aead_modes) + for (auto cipher : ciphers) { + // write out some data + FILE *fp = fopen("plaintext", "wb"); + assert_non_null(fp); + assert_int_equal(1, fwrite(plaintext, strlen(plaintext), 1, fp)); + assert_int_equal(0, fclose(fp)); + + // create input+output + assert_rnp_success(rnp_input_from_path(&input, "plaintext")); + assert_non_null(input); + assert_rnp_success(rnp_output_to_path(&output, "encrypted")); + assert_non_null(output); + // create encrypt operation + assert_rnp_success(rnp_op_encrypt_create(&op, ffi, input, output)); + // add recipients + rnp_key_handle_t key = NULL; + assert_rnp_success(rnp_locate_key(ffi, "keyid", "d1db378da9930885", &key)); + assert_non_null(key); + + assert_rnp_failure(rnp_op_encrypt_add_recipient(op, NULL)); // what for ? + assert_rnp_success(rnp_op_encrypt_add_recipient(op, key)); + if (enable_pkeskv6) { + assert_rnp_success(rnp_op_encrypt_enable_pkesk_v6(op)); + } + rnp_key_handle_destroy(key); + key = NULL; + + // set the data encryption cipher + if ((aead == "None") && enable_pkeskv6) { + // already enabled v6 pkesk, does not make any sense to set AEAD to None + // explicitly. + assert_rnp_failure(rnp_op_encrypt_set_aead(op, aead.c_str())); + } else { + assert_rnp_success(rnp_op_encrypt_set_aead(op, aead.c_str())); + } + assert_rnp_success(rnp_op_encrypt_set_cipher(op, cipher.c_str())); + + // execute the operation + assert_rnp_success(rnp_op_encrypt_execute(op)); + + // make sure the output file was created + assert_true(rnp_file_exists("encrypted")); + + // cleanup + assert_rnp_success(rnp_input_destroy(input)); + input = NULL; + assert_rnp_success(rnp_output_destroy(output)); + output = NULL; + assert_rnp_success(rnp_op_encrypt_destroy(op)); + op = NULL; + + /* decrypt */ + + // decrypt + assert_rnp_success(rnp_input_from_path(&input, "encrypted")); + assert_non_null(input); + assert_rnp_success(rnp_output_to_path(&output, "decrypted")); + assert_non_null(output); + assert_rnp_success(rnp_ffi_set_pass_provider(ffi, NULL, NULL)); + assert_rnp_success(rnp_decrypt(ffi, input, output)); + // cleanup + rnp_input_destroy(input); + input = NULL; + rnp_output_destroy(output); + output = NULL; + } rnp_ffi_destroy(ffi); } #endif @@ -854,10 +854,10 @@ TEST_F(rnp_tests, test_ffi_encrypt_pk_key_provider) rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_encrypt_t op = NULL; - const char * plaintext = "data1"; - uint8_t * primary_sec_key_data = NULL; + const char *plaintext = "data1"; + uint8_t *primary_sec_key_data = NULL; size_t primary_sec_size = 0; - uint8_t * sub_sec_key_data = NULL; + uint8_t *sub_sec_key_data = NULL; size_t sub_sec_size = 0; /* first, let's generate some encrypted data */ @@ -979,7 +979,7 @@ TEST_F(rnp_tests, test_ffi_encrypt_and_sign) rnp_output_t output = NULL; rnp_op_encrypt_t op = NULL; rnp_op_sign_signature_t signsig = NULL; - const char * plaintext = "data1"; + const char *plaintext = "data1"; rnp_key_handle_t key = NULL; const uint32_t issued = 1516211899; // Unix epoch, nowish const uint32_t expires = 1000000000; // expires later @@ -1162,7 +1162,7 @@ TEST_F(rnp_tests, test_ffi_encrypt_and_sign) size_t sig_count; uint32_t sig_create; uint32_t sig_expires; - char * hname = NULL; + char *hname = NULL; assert_rnp_success(rnp_op_verify_get_signature_count(verify, &sig_count)); assert_int_equal(sig_count, 2); @@ -1223,7 +1223,7 @@ TEST_F(rnp_tests, test_ffi_encrypt_pk_subkey_selection) rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_encrypt_t op = NULL; - const char * plaintext = "data1"; + const char *plaintext = "data1"; /* check whether a latest subkey is selected for encryption */ assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); diff --git a/src/tests/ffi-key-prop.cpp b/src/tests/ffi-key-prop.cpp index 95185cfa2..95fba492a 100644 --- a/src/tests/ffi-key-prop.cpp +++ b/src/tests/ffi-key-prop.cpp @@ -1167,7 +1167,7 @@ TEST_F(rnp_tests, test_ffi_key_default_subkey) rnp_ffi_t ffi = NULL; rnp_key_handle_t primary = NULL; rnp_key_handle_t def_key = NULL; - char * keyid = NULL; + char *keyid = NULL; test_ffi_init(&ffi); assert_rnp_success(rnp_locate_key(ffi, "keyid", "7bc6709b15c23a4a", &primary)); @@ -1264,7 +1264,7 @@ TEST_F(rnp_tests, test_ffi_rnp_key_get_primary_grip) { rnp_ffi_t ffi = NULL; rnp_key_handle_t key = NULL; - char * grip = NULL; + char *grip = NULL; // setup FFI assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); diff --git a/src/tests/ffi-key-sig.cpp b/src/tests/ffi-key-sig.cpp index 01bfdd262..98fcca479 100644 --- a/src/tests/ffi-key-sig.cpp +++ b/src/tests/ffi-key-sig.cpp @@ -33,9 +33,9 @@ #include "support.h" static bool check_sig_status(json_object *sig, - const char * pub, - const char * sec, - const char * fp); + const char *pub, + const char *sec, + const char *fp); TEST_F(rnp_tests, test_ffi_key_signatures) { @@ -287,7 +287,7 @@ TEST_F(rnp_tests, test_ffi_import_signatures) { rnp_ffi_t ffi = NULL; rnp_input_t input = NULL; - char * results = NULL; + char *results = NULL; assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); assert_true(import_pub_keys(ffi, "data/test_key_validity/alice-pub.asc")); @@ -1217,7 +1217,7 @@ static std::string sig_info(rnp_signature_handle_t sig) { int type = sig->sig->sig.type(); - char * keyid = NULL; + char *keyid = NULL; uint32_t sigid = sig->sig->sigid[0] + (sig->sig->sigid[1] << 8); rnp_signature_get_keyid(sig, &keyid); std::stringstream ss; @@ -1235,7 +1235,7 @@ uid_info(rnp_uid_handle_t uid) if (type == RNP_USER_ATTR) { res = ":uid(photo)"; } else { - char * uidstr = NULL; + char *uidstr = NULL; size_t len = 0; rnp_uid_get_data(uid, (void **) &uidstr, &len); res = ":uid(" + std::string(uidstr, uidstr + len) + ")"; @@ -1320,9 +1320,9 @@ sigremove_remove(rnp_ffi_t ffi, void *app_ctx, rnp_signature_handle_t sig, uint3 static void sigremove_revocation(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_signature_handle_t sig, - uint32_t * action) + uint32_t *action) { assert_true((*(int *) app_ctx) == 48); char *type = NULL; @@ -1607,7 +1607,7 @@ TEST_F(rnp_tests, test_ffi_key_import_invalid_issuer) rnp_input_t input = NULL; assert_rnp_success( rnp_input_from_path(&input, "data/test_key_edge_cases/alice-sub-sig-fp.pgp")); - char * keys = NULL; + char *keys = NULL; uint32_t flags = RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SECRET_KEYS | RNP_LOAD_SAVE_SINGLE; assert_rnp_success(rnp_import_keys(ffi, input, flags, &keys)); diff --git a/src/tests/ffi-key.cpp b/src/tests/ffi-key.cpp index 9f78c0c87..bdd10e9ce 100644 --- a/src/tests/ffi-key.cpp +++ b/src/tests/ffi-key.cpp @@ -60,7 +60,7 @@ check_key_properties(rnp_key_handle_t key, TEST_F(rnp_tests, test_ffi_keygen_json_pair) { rnp_ffi_t ffi = NULL; - char * results = NULL; + char *results = NULL; size_t count = 0; // setup FFI @@ -136,7 +136,7 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair) TEST_F(rnp_tests, test_ffi_keygen_json_pair_dsa_elg) { rnp_ffi_t ffi = NULL; - char * results = NULL; + char *results = NULL; size_t count = 0; // setup FFI @@ -214,7 +214,7 @@ TEST_F(rnp_tests, test_ffi_keygen_json_pair_dsa_elg) TEST_F(rnp_tests, test_ffi_keygen_json_primary) { rnp_ffi_t ffi = NULL; - char * results = NULL; + char *results = NULL; size_t count = 0; // setup FFI @@ -270,7 +270,7 @@ TEST_F(rnp_tests, test_ffi_keygen_json_primary) */ TEST_F(rnp_tests, test_ffi_keygen_json_sub) { - char * results = NULL; + char *results = NULL; size_t count = 0; rnp_ffi_t ffi = NULL; @@ -295,7 +295,7 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub) results = NULL; // get a handle+grip for the primary rnp_key_handle_t primary = NULL; - char * primary_grip = NULL; + char *primary_grip = NULL; { json_object *jsokey = NULL; assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey)); @@ -393,7 +393,7 @@ TEST_F(rnp_tests, test_ffi_keygen_json_edge_cases) /* Attempt to generate with invalid parameters */ std::string json = ""; - char * results = NULL; + char *results = NULL; assert_rnp_failure(rnp_generate_key_json(NULL, json.c_str(), &results)); assert_rnp_failure(rnp_generate_key_json(ffi, NULL, &results)); assert_rnp_failure(rnp_generate_key_json(ffi, "{ something, wrong }", &results)); @@ -697,7 +697,7 @@ TEST_F(rnp_tests, test_ffi_key_generate_rsa) assert_null(curve); /* user ids */ size_t uids = 0; - char * uid = NULL; + char *uid = NULL; assert_rnp_success(rnp_key_get_uid_count(key, &uids)); assert_int_equal(uids, 1); assert_rnp_failure(rnp_key_get_uid_at(key, 1, &uid)); @@ -804,7 +804,7 @@ TEST_F(rnp_tests, test_ffi_key_generate_dsa) assert_false(flag); /* user ids */ size_t uids = 0; - char * uid = NULL; + char *uid = NULL; assert_rnp_success(rnp_key_get_uid_count(key, &uids)); assert_int_equal(uids, 1); assert_rnp_success(rnp_key_get_uid_at(key, 0, &uid)); @@ -909,7 +909,7 @@ TEST_F(rnp_tests, test_ffi_key_generate_ecdsa) assert_false(flag); /* user ids */ size_t uids = 0; - char * uid = NULL; + char *uid = NULL; assert_rnp_success(rnp_key_get_uid_count(key, &uids)); assert_int_equal(uids, 1); assert_rnp_success(rnp_key_get_uid_at(key, 0, &uid)); @@ -1006,7 +1006,7 @@ TEST_F(rnp_tests, test_ffi_key_generate_eddsa) assert_false(flag); /* user ids */ size_t uids = 0; - char * uid = NULL; + char *uid = NULL; assert_rnp_success(rnp_key_get_uid_count(key, &uids)); assert_int_equal(uids, 1); assert_rnp_success(rnp_key_get_uid_at(key, 0, &uid)); @@ -1109,7 +1109,7 @@ TEST_F(rnp_tests, test_ffi_key_generate_sm2) assert_false(flag); /* user ids */ size_t uids = 0; - char * uid = NULL; + char *uid = NULL; assert_rnp_success(rnp_key_get_uid_count(key, &uids)); assert_int_equal(uids, 1); assert_rnp_success(rnp_key_get_uid_at(key, 0, &uid)); @@ -1946,7 +1946,7 @@ TEST_F(rnp_tests, test_ffi_key_generate_protection) TEST_F(rnp_tests, test_ffi_keygen_json_sub_pass_required) { - char * results = NULL; + char *results = NULL; size_t count = 0; rnp_ffi_t ffi = NULL; @@ -1972,7 +1972,7 @@ TEST_F(rnp_tests, test_ffi_keygen_json_sub_pass_required) results = NULL; // get a handle+grip for the primary rnp_key_handle_t primary = NULL; - char * primary_grip = NULL; + char *primary_grip = NULL; { json_object *jsokey = NULL; assert_int_equal(true, json_object_object_get_ex(parsed_results, "primary", &jsokey)); @@ -2120,13 +2120,13 @@ get_json_obj(json_object *jso, const char *field) TEST_F(rnp_tests, test_ffi_key_to_json) { rnp_ffi_t ffi = NULL; - char * pub_format = NULL; - char * pub_path = NULL; - char * sec_format = NULL; - char * sec_path = NULL; + char *pub_format = NULL; + char *pub_path = NULL; + char *sec_format = NULL; + char *sec_path = NULL; rnp_key_handle_t key = NULL; - char * json = NULL; - json_object * jso = NULL; + char *json = NULL; + json_object *jso = NULL; // detect the formats+paths assert_rnp_success(rnp_detect_homedir_info( @@ -2288,10 +2288,10 @@ TEST_F(rnp_tests, test_ffi_key_to_json) TEST_F(rnp_tests, test_ffi_key_iter) { rnp_ffi_t ffi = NULL; - char * pub_format = NULL; - char * pub_path = NULL; - char * sec_format = NULL; - char * sec_path = NULL; + char *pub_format = NULL; + char *pub_path = NULL; + char *sec_format = NULL; + char *sec_path = NULL; // detect the formats+paths assert_rnp_success(rnp_detect_homedir_info( @@ -2374,7 +2374,7 @@ TEST_F(rnp_tests, test_ffi_key_iter) "54505A936A4A970E", "326EF111425D14A5"}; size_t i = 0; - const char * ident = NULL; + const char *ident = NULL; do { ident = NULL; assert_rnp_success(rnp_identifier_iterator_next(it, &ident)); @@ -2402,7 +2402,7 @@ TEST_F(rnp_tests, test_ffi_key_iter) "43C01D6D96BE98C3C87FE0F175870ED92DE7BE45", "8082FE753013923972632550838A5F13D81F43B9"}; size_t i = 0; - const char * ident = NULL; + const char *ident = NULL; do { ident = NULL; assert_rnp_success(rnp_identifier_iterator_next(it, &ident)); @@ -2453,7 +2453,7 @@ TEST_F(rnp_tests, test_ffi_key_iter) "A3E94DE61A8CB229413D348E54505A936A4A970E", "57F8ED6E5C197DB63C60FFAF326EF111425D14A5"}; size_t i = 0; - const char * ident = NULL; + const char *ident = NULL; do { ident = NULL; assert_rnp_success(rnp_identifier_iterator_next(it, &ident)); @@ -2472,18 +2472,18 @@ TEST_F(rnp_tests, test_ffi_key_iter) } void -check_loaded_keys(const char * format, +check_loaded_keys(const char *format, bool armored, - uint8_t * buf, + uint8_t *buf, size_t buf_len, - const char * id_type, + const char *id_type, const std::vector &expected_ids, bool secret) { rnp_ffi_t ffi = NULL; rnp_input_t input = NULL; rnp_identifier_iterator_t it = NULL; - const char * identifier = NULL; + const char *identifier = NULL; if (armored) { assert_memory_equal("-----", buf, 5); @@ -2531,7 +2531,7 @@ TEST_F(rnp_tests, test_ffi_key_export) rnp_ffi_t ffi = NULL; rnp_output_t output = NULL; rnp_key_handle_t key = NULL; - uint8_t * buf = NULL; + uint8_t *buf = NULL; size_t buf_len = 0; // setup FFI @@ -2740,7 +2740,7 @@ check_import_keys_ex(rnp_ffi_t ffi, size_t seccount) { bool res = false; - char * keys = NULL; + char *keys = NULL; size_t keycount = 0; json_object *keyarr = NULL; *jso = NULL; @@ -2787,7 +2787,7 @@ check_import_keys_ex(rnp_ffi_t ffi, static bool check_import_keys(rnp_ffi_t ffi, json_object **jso, - const char * keypath, + const char *keypath, size_t rescount, size_t pubcount, size_t seccount) @@ -3141,7 +3141,7 @@ TEST_F(rnp_tests, test_ffi_malformed_keys_import) #if defined(ENABLE_CRYPTO_REFRESH) TEST_F(rnp_tests, test_ffi_v6_sig_subpackets) { - rnp_ffi_t ffi = NULL; + rnp_ffi_t ffi = NULL; assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); assert_rnp_success(rnp_ffi_set_key_provider(ffi, unused_getkeycb, NULL)); @@ -3157,9 +3157,11 @@ TEST_F(rnp_tests, test_ffi_v6_sig_subpackets) assert_rnp_success(rnp_op_generate_execute(op)); rnp_key_handle_t primary = NULL; assert_rnp_success(rnp_op_generate_get_key(op, &primary)); - - assert_true(primary->pub->get_sig(0).sig.has_subpkt(PGP_SIG_SUBPKT_ISSUER_FPR, false)); // MUST NOT have issuer key id extension - assert_false(primary->pub->get_sig(0).sig.has_subpkt(PGP_SIG_SUBPKT_ISSUER_KEY_ID, false)); // SHOULD have issuer fingerprint + + assert_true(primary->pub->get_sig(0).sig.has_subpkt( + PGP_SIG_SUBPKT_ISSUER_FPR, false)); // MUST NOT have issuer key id extension + assert_false(primary->pub->get_sig(0).sig.has_subpkt( + PGP_SIG_SUBPKT_ISSUER_KEY_ID, false)); // SHOULD have issuer fingerprint rnp_op_generate_destroy(op); } @@ -3168,38 +3170,44 @@ TEST_F(rnp_tests, test_ffi_v6_cert_import) { rnp_ffi_t ffi = NULL; rnp_input_t input = NULL; - size_t keycount = 255; + size_t keycount = 255; assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); assert_rnp_success( rnp_input_from_path(&input, "data/test_v6_valid_data/transferable_pubkey_v6.asc")); assert_rnp_success( - rnp_import_keys(ffi, input, RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SINGLE | RNP_LOAD_SAVE_BASE64, NULL)); + rnp_import_keys(ffi, + input, + RNP_LOAD_SAVE_PUBLIC_KEYS | RNP_LOAD_SAVE_SINGLE | RNP_LOAD_SAVE_BASE64, + NULL)); rnp_input_destroy(input); assert_rnp_success(rnp_get_public_key_count(ffi, &keycount)); assert_int_equal(keycount, 2); assert_rnp_success(rnp_get_secret_key_count(ffi, &keycount)); assert_int_equal(keycount, 0); - /* check that fingerprint is correct by checking the fingerprint in the signature (coming from the correct input data) vs the computed fingerprint value of the primary key. - Issuer fingerprint is the priamry's key fingerprint for the primary and its subkeys */ + /* check that fingerprint is correct by checking the fingerprint in the signature (coming + from the correct input data) vs the computed fingerprint value of the primary key. Issuer + fingerprint is the priamry's key fingerprint for the primary and its subkeys */ pgp_fingerprint_t primary_fp; for (pgp_key_t key : ffi->pubring->keys) { - if(key.is_primary()) - { - primary_fp = key.fp(); - } + if (key.is_primary()) { + primary_fp = key.fp(); + } } for (pgp_key_t key : ffi->pubring->keys) { - /* get first sig and its issuer fpr subpacket */ - pgp_subsig_t subsig = key.get_sig(0); - const pgp_sig_subpkt_t* issuer_fpr = subsig.sig.get_subpkt(PGP_SIG_SUBPKT_ISSUER_FPR, false); - assert_non_null(issuer_fpr); - - /* check that fingerprints match */ - assert_int_equal(key.fp().length, PGP_FINGERPRINT_V6_SIZE); - assert_memory_equal(issuer_fpr->data + 1, primary_fp.fingerprint, primary_fp.length); // first byte in data is the version - skip + /* get first sig and its issuer fpr subpacket */ + pgp_subsig_t subsig = key.get_sig(0); + const pgp_sig_subpkt_t *issuer_fpr = + subsig.sig.get_subpkt(PGP_SIG_SUBPKT_ISSUER_FPR, false); + assert_non_null(issuer_fpr); + + /* check that fingerprints match */ + assert_int_equal(key.fp().length, PGP_FINGERPRINT_V6_SIZE); + assert_memory_equal(issuer_fpr->data + 1, + primary_fp.fingerprint, + primary_fp.length); // first byte in data is the version - skip } } @@ -3207,13 +3215,16 @@ TEST_F(rnp_tests, test_ffi_v6_seckey_import) { rnp_ffi_t ffi = NULL; rnp_input_t input = NULL; - size_t keycount = 255; + size_t keycount = 255; assert_rnp_success(rnp_ffi_create(&ffi, "GPG", "GPG")); assert_rnp_success( rnp_input_from_path(&input, "data/test_v6_valid_data/transferable_seckey_v6.asc")); assert_rnp_success( - rnp_import_keys(ffi, input, RNP_LOAD_SAVE_SECRET_KEYS | RNP_LOAD_SAVE_SINGLE | RNP_LOAD_SAVE_BASE64, NULL)); + rnp_import_keys(ffi, + input, + RNP_LOAD_SAVE_SECRET_KEYS | RNP_LOAD_SAVE_SINGLE | RNP_LOAD_SAVE_BASE64, + NULL)); rnp_input_destroy(input); assert_rnp_success(rnp_get_secret_key_count(ffi, &keycount)); assert_int_equal(keycount, 2); @@ -4019,7 +4030,7 @@ TEST_F(rnp_tests, test_ffi_key_export_autocrypt) rnp_key_export_autocrypt(key, NULL, "key0-uid2", output, RNP_KEY_EXPORT_BASE64)); /* Make sure it is base64-encoded */ const std::string reg = "^[A-Za-z0-9\\+\\/]+={0,2}$"; - uint8_t * buf = NULL; + uint8_t *buf = NULL; size_t len = 0; assert_rnp_success(rnp_output_memory_get_buf(output, &buf, &len, false)); std::string val((char *) buf, (char *) buf + len); @@ -4247,7 +4258,7 @@ is_self_signature(const char *keyid, rnp_signature_handle_t sig) static bool is_weak_signature(rnp_ffi_t ffi, rnp_signature_handle_t sig) { - char * hash = NULL; + char *hash = NULL; uint32_t creation = 0; rnp_signature_get_hash_alg(sig, &hash); rnp_signature_get_creation(sig, &creation); @@ -4271,7 +4282,7 @@ get_uid_str(rnp_uid_handle_t uid) rnp_uid_get_type(uid, &type); switch (type) { case RNP_USER_ID: { - void * data = NULL; + void *data = NULL; size_t len = 0; rnp_uid_get_data(uid, &data, &len); std::string res((const char *) data, (const char *) data + len); diff --git a/src/tests/ffi-uid.cpp b/src/tests/ffi-uid.cpp index c8aada97f..05dde789b 100644 --- a/src/tests/ffi-uid.cpp +++ b/src/tests/ffi-uid.cpp @@ -56,7 +56,7 @@ TEST_F(rnp_tests, test_ffi_uid_properties) assert_int_equal(uid_type, RNP_USER_ID); size_t size = 0; - void * data = NULL; + void *data = NULL; assert_rnp_failure(rnp_uid_get_data(NULL, &data, &size)); assert_rnp_failure(rnp_uid_get_data(uid, NULL, &size)); assert_rnp_failure(rnp_uid_get_data(uid, &data, NULL)); diff --git a/src/tests/ffi.cpp b/src/tests/ffi.cpp index 81da38efd..ff167c449 100644 --- a/src/tests/ffi.cpp +++ b/src/tests/ffi.cpp @@ -46,10 +46,10 @@ TEST_F(rnp_tests, test_ffi_homedir) { rnp_ffi_t ffi = NULL; - char * pub_format = NULL; - char * pub_path = NULL; - char * sec_format = NULL; - char * sec_path = NULL; + char *pub_format = NULL; + char *pub_path = NULL; + char *sec_format = NULL; + char *sec_path = NULL; // get the default homedir (not a very thorough test) { @@ -646,11 +646,11 @@ get_longest_line_length(const std::string &str, const std::set line TEST_F(rnp_tests, test_ffi_add_userid) { rnp_ffi_t ffi = NULL; - char * results = NULL; + char *results = NULL; size_t count = 0; rnp_uid_handle_t uid; rnp_signature_handle_t sig; - char * hash_alg_name = NULL; + char *hash_alg_name = NULL; const char *new_userid = "my new userid "; const char *default_hash_userid = "default hash lines_to_skip{"-----BEGIN PGP MESSAGE-----", "-----END PGP MESSAGE-----"}; @@ -2043,7 +2043,7 @@ TEST_F(rnp_tests, test_ffi_customized_enarmor) for (size_t llen = 16; llen <= 76; llen++) { std::string data; - uint8_t * buf = NULL; + uint8_t *buf = NULL; size_t buf_size = 0; input = NULL; @@ -2126,11 +2126,11 @@ TEST_F(rnp_tests, test_ffi_backend_version) assert_true(strlen(rnp_backend_version()) > 0 && strlen(rnp_backend_version()) < 255); } -void check_loaded_keys(const char * format, +void check_loaded_keys(const char *format, bool armored, - uint8_t * buf, + uint8_t *buf, size_t buf_len, - const char * id_type, + const char *id_type, const std::vector &expected_ids, bool secret); @@ -2140,7 +2140,7 @@ TEST_F(rnp_tests, test_ffi_key_export_customized_enarmor) rnp_output_t output = NULL; rnp_output_t armor_layer = NULL; rnp_key_handle_t key = NULL; - uint8_t * buf = NULL; + uint8_t *buf = NULL; size_t buf_len = 0; std::set lines_to_skip{"-----BEGIN PGP PUBLIC KEY BLOCK-----", "-----END PGP PUBLIC KEY BLOCK-----", @@ -2317,8 +2317,8 @@ TEST_F(rnp_tests, test_ffi_key_dump) { rnp_ffi_t ffi = NULL; rnp_key_handle_t key = NULL; - char * json = NULL; - json_object * jso = NULL; + char *json = NULL; + json_object *jso = NULL; // setup FFI test_ffi_init(&ffi); @@ -2430,9 +2430,9 @@ TEST_F(rnp_tests, test_ffi_key_dump_edge_cases) TEST_F(rnp_tests, test_ffi_key_userid_dump_has_no_special_chars) { rnp_ffi_t ffi = NULL; - char * json = NULL; + char *json = NULL; json_object *jso = NULL; - const char * trackers[] = { + const char *trackers[] = { "userid\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f@rnp", "userid\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f@rnp"}; // setup FFI @@ -2478,7 +2478,7 @@ TEST_F(rnp_tests, test_ffi_pkt_dump) { rnp_ffi_t ffi = NULL; rnp_input_t input = NULL; - char * json = NULL; + char *json = NULL; json_object *jso = NULL; // setup FFI @@ -2575,7 +2575,7 @@ TEST_F(rnp_tests, test_ffi_pkt_dump) TEST_F(rnp_tests, test_ffi_rsa_v3_dump) { rnp_input_t input = NULL; - char * json = NULL; + char *json = NULL; /* dump rsav3 key to json via FFI */ assert_rnp_success(rnp_input_from_path(&input, "data/keyrings/4/rsav3-p.asc")); @@ -2992,7 +2992,7 @@ check_features(const char *type, const char *json, size_t count) } for (size_t i = 0; i < count; i++) { json_object *val = json_object_array_get_idx(features, i); - const char * str = json_object_get_string(val); + const char *str = json_object_get_string(val); bool supported = false; if (!str || rnp_supports_feature(type, str, &supported) || !supported) { goto done; @@ -3115,7 +3115,8 @@ TEST_F(rnp_tests, test_ffi_supported_features) #if defined(ENABLE_PQC) pqc_opt = 10; // kyber+ecc and dilithium+ecc variants #endif - assert_true(check_features(RNP_FEATURE_PK_ALG, features, 6 + has_sm2 + pqc_opt + crypto_refresh_opt)); + assert_true(check_features( + RNP_FEATURE_PK_ALG, features, 6 + has_sm2 + pqc_opt + crypto_refresh_opt)); rnp_buffer_destroy(features); assert_rnp_success(rnp_supports_feature(RNP_FEATURE_PK_ALG, "RSA", &supported)); assert_true(supported); @@ -3289,7 +3290,7 @@ TEST_F(rnp_tests, test_ffi_output_to_armor) TEST_F(rnp_tests, test_ffi_rnp_guess_contents) { - char * msgt = NULL; + char *msgt = NULL; rnp_input_t input = NULL; assert_rnp_failure(rnp_guess_contents(NULL, &msgt)); @@ -3398,7 +3399,7 @@ TEST_F(rnp_tests, test_ffi_literal_filename) rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_sign_t op = NULL; - uint8_t * signed_buf; + uint8_t *signed_buf; size_t signed_len; // init ffi @@ -3451,7 +3452,7 @@ TEST_F(rnp_tests, test_ffi_op_set_hash) rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_sign_t op = NULL; - uint8_t * signed_buf; + uint8_t *signed_buf; size_t signed_len; // init ffi @@ -3496,7 +3497,7 @@ TEST_F(rnp_tests, test_ffi_op_set_compression) rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_sign_t op = NULL; - uint8_t * signed_buf; + uint8_t *signed_buf; size_t signed_len; // init ffi @@ -4453,10 +4454,10 @@ TEST_F(rnp_tests, test_ffi_op_verify_get_protection_info) static bool getpasscb_for_key(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { if (!key) { @@ -4499,7 +4500,7 @@ TEST_F(rnp_tests, test_ffi_op_verify_recipients_info) assert_rnp_success(rnp_op_verify_create(&verify, ffi, input, output)); assert_rnp_success(rnp_op_verify_execute(verify)); /* check filename and mtime */ - char * filename = NULL; + char *filename = NULL; uint32_t mtime = 0; assert_rnp_failure(rnp_op_verify_get_file_info(NULL, &filename, &mtime)); assert_rnp_success(rnp_op_verify_get_file_info(verify, &filename, &mtime)); @@ -4959,10 +4960,10 @@ TEST_F(rnp_tests, test_ffi_secret_sig_import) static bool getpasscb_fail(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { return false; @@ -4970,10 +4971,10 @@ getpasscb_fail(rnp_ffi_t ffi, static bool getpasscb_context(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { strncpy(buf, pgp_context, buf_len - 1); @@ -4982,10 +4983,10 @@ getpasscb_context(rnp_ffi_t ffi, static bool getpasscb_keyid(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { if (!key) { @@ -5999,7 +6000,7 @@ TEST_F(rnp_tests, test_ffi_security_profile) TEST_F(rnp_tests, test_result_to_string) { - const char * result_string = NULL; + const char *result_string = NULL; rnp_result_t code; std::set stringset; diff --git a/src/tests/generatekey.cpp b/src/tests/generatekey.cpp index 4a9993e6a..c35af203d 100644 --- a/src/tests/generatekey.cpp +++ b/src/tests/generatekey.cpp @@ -623,7 +623,7 @@ ask_expert_details(cli_rnp_t *ctx, rnp_cfg &ops, const char *rsp) } static bool -check_key_props(cli_rnp_t * rnp, +check_key_props(cli_rnp_t *rnp, const char *uid, const char *primary_alg, const char *sub_alg, @@ -637,7 +637,7 @@ check_key_props(cli_rnp_t * rnp, rnp_key_handle_t subkey = NULL; rnp_signature_handle_t sig = NULL; uint32_t kbits = 0; - char * str = NULL; + char *str = NULL; bool res = false; /* check primary key properties */ @@ -702,10 +702,10 @@ check_key_props(cli_rnp_t * rnp, static bool check_cfg_props(const rnp_cfg &cfg, - const char * primary_alg, - const char * sub_alg, - const char * primary_curve, - const char * sub_curve, + const char *primary_alg, + const char *sub_alg, + const char *primary_curve, + const char *sub_curve, int bits, int sub_bits) { @@ -997,17 +997,17 @@ TEST_F(rnp_tests, test_generated_key_sigs) { rnp_key_store_t *pubring = new rnp_key_store_t(global_ctx); rnp_key_store_t *secring = new rnp_key_store_t(global_ctx); - pgp_key_t * primary_pub = NULL, *primary_sec = NULL; - pgp_key_t * sub_pub = NULL, *sub_sec = NULL; + pgp_key_t *primary_pub = NULL, *primary_sec = NULL; + pgp_key_t *sub_pub = NULL, *sub_sec = NULL; // primary { pgp_key_t pub; pgp_key_t sec; rnp_keygen_primary_desc_t desc; - pgp_sig_subpkt_t * subpkt = NULL; - pgp_signature_t * psig = NULL; - pgp_signature_t * ssig = NULL; + pgp_sig_subpkt_t *subpkt = NULL; + pgp_signature_t *psig = NULL; + pgp_signature_t *ssig = NULL; pgp_signature_info_t psiginfo = {}; pgp_signature_info_t ssiginfo = {}; @@ -1141,9 +1141,9 @@ TEST_F(rnp_tests, test_generated_key_sigs) pgp_key_t pub; pgp_key_t sec; rnp_keygen_subkey_desc_t desc; - pgp_sig_subpkt_t * subpkt = NULL; - pgp_signature_t * psig = NULL; - pgp_signature_t * ssig = NULL; + pgp_sig_subpkt_t *subpkt = NULL; + pgp_signature_t *psig = NULL; + pgp_signature_t *ssig = NULL; pgp_signature_info_t psiginfo = {}; pgp_signature_info_t ssiginfo = {}; diff --git a/src/tests/hkdf.cpp b/src/tests/hkdf.cpp index 4a1c92b26..c9167c0c8 100644 --- a/src/tests/hkdf.cpp +++ b/src/tests/hkdf.cpp @@ -5,7 +5,7 @@ TEST_F(rnp_tests, hkdf_test_case_1) { - /* rfc5869 Test Case 1 + /* rfc5869 Test Case 1 Hash = SHA-256 IKM = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b (22 octets) salt = 0x000102030405060708090a0b0c (13 octets) @@ -19,17 +19,27 @@ TEST_F(rnp_tests, hkdf_test_case_1) 34007208d5b887185865 (42 octets) */ - std::vector IKM = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}; - std::vector salt = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c}; + std::vector IKM = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b}; + std::vector salt = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c}; std::vector info = {0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9}; - std::vector PRK_expected = {0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5}; - std::vector OKM_expected = {0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65}; + std::vector PRK_expected = {0x07, 0x77, 0x09, 0x36, 0x2c, 0x2e, 0x32, 0xdf, + 0x0d, 0xdc, 0x3f, 0x0d, 0xc4, 0x7b, 0xba, 0x63, + 0x90, 0xb6, 0xc7, 0x3b, 0xb5, 0x0f, 0x9c, 0x31, + 0x22, 0xec, 0x84, 0x4a, 0xd7, 0xc2, 0xb3, 0xe5}; + std::vector OKM_expected = { + 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, + 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, + 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65}; size_t L = 42; std::unique_ptr hkdf = rnp::Hkdf::create(PGP_HASH_SHA256); uint8_t OKM[L]; - hkdf->extract_expand(salt.data(), salt.size(), IKM.data(), IKM.size(), info.data(), info.size(), OKM, L); + hkdf->extract_expand( + salt.data(), salt.size(), IKM.data(), IKM.size(), info.data(), info.size(), OKM, L); assert_memory_equal(OKM, OKM_expected.data(), OKM_expected.size()); } diff --git a/src/tests/issues/oss-fuzz-25489.cpp b/src/tests/issues/oss-fuzz-25489.cpp index 6e22df123..67b5a15e8 100644 --- a/src/tests/issues/oss-fuzz-25489.cpp +++ b/src/tests/issues/oss-fuzz-25489.cpp @@ -31,7 +31,7 @@ TEST_F(rnp_tests, test_sxp_depth) { gnupg_sexp_t sxp = {}; - const char * bytes; + const char *bytes; size_t len; auto mksxp = [](size_t depth) { std::string data; diff --git a/src/tests/kbx-nsigs-test.cpp b/src/tests/kbx-nsigs-test.cpp index 7b4b8b80a..9872960ce 100644 --- a/src/tests/kbx-nsigs-test.cpp +++ b/src/tests/kbx-nsigs-test.cpp @@ -41,8 +41,8 @@ ru8(uint8_t *p) static uint32_t ru32(uint8_t *p) { - return (uint32_t)(((uint8_t) p[0] << 24) | ((uint8_t) p[1] << 16) | ((uint8_t) p[2] << 8) | - (uint8_t) p[3]); + return (uint32_t) (((uint8_t) p[0] << 24) | ((uint8_t) p[1] << 16) | + ((uint8_t) p[2] << 8) | (uint8_t) p[3]); } // This is rnp_key_store_kbx_parse_header_blob() adjusted for test diff --git a/src/tests/key-add-userid.cpp b/src/tests/key-add-userid.cpp index b80dbb6cf..b492091c4 100644 --- a/src/tests/key-add-userid.cpp +++ b/src/tests/key-add-userid.cpp @@ -33,7 +33,7 @@ */ TEST_F(rnp_tests, test_key_add_userid) { - pgp_key_t * key = NULL; + pgp_key_t *key = NULL; pgp_source_t src = {}; pgp_dest_t dst = {}; const uint32_t base_expiry = 1234567890; diff --git a/src/tests/key-protect.cpp b/src/tests/key-protect.cpp index c9acf382d..89234ca37 100644 --- a/src/tests/key-protect.cpp +++ b/src/tests/key-protect.cpp @@ -37,7 +37,7 @@ */ TEST_F(rnp_tests, test_key_protect_load_pgp) { - pgp_key_t * key = NULL; + pgp_key_t *key = NULL; static const char *keyids[] = {"7bc6709b15c23a4a", // primary "1ed63ee56fadc34d", "1d7e8a5393c997a8", @@ -259,8 +259,8 @@ TEST_F(rnp_tests, test_key_protect_sec_data) /* copy keys and delete, making sure secret data is wiped*/ pgp_key_t *skeycp = new pgp_key_t(skey); pgp_key_t *ssubcp = new pgp_key_t(ssub); - uint8_t * raw_skey_ptr = skeycp->pkt().sec_data; - uint8_t * raw_ssub_ptr = ssubcp->pkt().sec_data; + uint8_t *raw_skey_ptr = skeycp->pkt().sec_data; + uint8_t *raw_ssub_ptr = ssubcp->pkt().sec_data; assert_int_equal(memcmp(raw_skey, raw_skey_ptr, 32), 0); assert_int_equal(memcmp(raw_ssub, raw_ssub_ptr, 32), 0); delete skeycp; diff --git a/src/tests/key-store-search.cpp b/src/tests/key-store-search.cpp index aabd4bd01..faa411808 100644 --- a/src/tests/key-store-search.cpp +++ b/src/tests/key-store-search.cpp @@ -105,7 +105,7 @@ TEST_F(rnp_tests, test_key_store_search) // keyid search (by_name) for (size_t i = 0; i < ARRAY_SIZE(testdata); i++) { std::set seen_keys; - pgp_key_t * key = NULL; + pgp_key_t *key = NULL; key = rnp_tests_get_key_by_id(store, testdata[i].keyid); while (key) { // check that the keyid actually matches @@ -131,7 +131,7 @@ TEST_F(rnp_tests, test_key_store_search) for (size_t uidn = 0; testdata[i].userids[uidn]; uidn++) { std::set seen_keys; const std::string userid = testdata[i].userids[uidn]; - pgp_key_t * key = rnp_tests_key_search(store, userid); + pgp_key_t *key = rnp_tests_key_search(store, userid); while (key) { // check that the userid actually matches bool found = false; @@ -159,10 +159,10 @@ TEST_F(rnp_tests, test_key_store_search) TEST_F(rnp_tests, test_key_store_search_by_name) { const pgp_key_t *key; - pgp_key_t * primsec; - pgp_key_t * subsec; - pgp_key_t * primpub; - pgp_key_t * subpub; + pgp_key_t *primsec; + pgp_key_t *subsec; + pgp_key_t *primpub; + pgp_key_t *subpub; // load pubring rnp_key_store_t *pub_store = diff --git a/src/tests/key-unlock.cpp b/src/tests/key-unlock.cpp index 445c70463..cf6cf2895 100644 --- a/src/tests/key-unlock.cpp +++ b/src/tests/key-unlock.cpp @@ -35,15 +35,15 @@ TEST_F(rnp_tests, test_key_unlock_pgp) { cli_rnp_t rnp = {}; - const char * data = "my test data"; + const char *data = "my test data"; pgp_password_provider_t provider = {0}; - static const char * keyids[] = {"7bc6709b15c23a4a", // primary - "1ed63ee56fadc34d", - "1d7e8a5393c997a8", - "8a05b89fad5aded1", - "2fcadf05ffa501bb", // primary - "54505a936a4a970e", - "326ef111425d14a5"}; + static const char *keyids[] = {"7bc6709b15c23a4a", // primary + "1ed63ee56fadc34d", + "1d7e8a5393c997a8", + "8a05b89fad5aded1", + "2fcadf05ffa501bb", // primary + "54505a936a4a970e", + "326ef111425d14a5"}; assert_true(setup_cli_rnp_common(&rnp, RNP_KEYSTORE_GPG, "data/keyrings/1/", NULL)); assert_true(rnp.load_keyrings(true)); diff --git a/src/tests/key-validate.cpp b/src/tests/key-validate.cpp index 928415bf4..60d7051d4 100644 --- a/src/tests/key-validate.cpp +++ b/src/tests/key-validate.cpp @@ -57,7 +57,7 @@ TEST_F(rnp_tests, test_key_validate) { rnp_key_store_t *pubring; rnp_key_store_t *secring; - pgp_key_t * key = NULL; + pgp_key_t *key = NULL; pubring = new rnp_key_store_t(PGP_KEY_STORE_GPG, "data/keyrings/1/pubring.gpg", global_ctx); @@ -174,7 +174,7 @@ key_check(rnp_key_store_t *keyring, const std::string &keyid, bool valid, bool e TEST_F(rnp_tests, test_forged_key_validate) { rnp_key_store_t *pubring; - pgp_key_t * key = NULL; + pgp_key_t *key = NULL; pubring = new rnp_key_store_t(PGP_KEY_STORE_GPG, "", global_ctx); @@ -350,7 +350,7 @@ TEST_F(rnp_tests, test_forged_key_validate) TEST_F(rnp_tests, test_key_validity) { rnp_key_store_t *pubring; - pgp_key_t * key = NULL; + pgp_key_t *key = NULL; /* Case1: * Keys: Alice [pub] @@ -681,7 +681,7 @@ TEST_F(rnp_tests, test_key_expiry_direct_sig) /* add primary userid with smaller expiration date */ rnp_selfsig_cert_info_t selfsig1 = {}; - const char * boris = "Boris "; + const char *boris = "Boris "; selfsig1.userid = boris; selfsig1.key_expiration = 100; selfsig1.primary = true; diff --git a/src/tests/load-g10.cpp b/src/tests/load-g10.cpp index 3e2c2c014..edc2027d5 100644 --- a/src/tests/load-g10.cpp +++ b/src/tests/load-g10.cpp @@ -32,8 +32,8 @@ TEST_F(rnp_tests, test_invalid_g10) { - rnp_key_store_t * pub_store = NULL; - rnp_key_store_t * sec_store = NULL; + rnp_key_store_t *pub_store = NULL; + rnp_key_store_t *sec_store = NULL; pgp_key_provider_t key_provider(rnp_key_provider_store); // load pubring pub_store = @@ -56,8 +56,8 @@ TEST_F(rnp_tests, test_invalid_g10) */ TEST_F(rnp_tests, test_load_g10) { - rnp_key_store_t * pub_store = NULL; - rnp_key_store_t * sec_store = NULL; + rnp_key_store_t *pub_store = NULL; + rnp_key_store_t *sec_store = NULL; pgp_key_provider_t key_provider(rnp_key_provider_store); // load pubring diff --git a/src/tests/load-g23.cpp b/src/tests/load-g23.cpp index f9873448d..066866dee 100644 --- a/src/tests/load-g23.cpp +++ b/src/tests/load-g23.cpp @@ -35,8 +35,8 @@ */ TEST_F(rnp_tests, test_load_g23) { - rnp_key_store_t * pub_store = NULL; - rnp_key_store_t * sec_store = NULL; + rnp_key_store_t *pub_store = NULL; + rnp_key_store_t *sec_store = NULL; pgp_key_provider_t key_provider(rnp_key_provider_store); /* another store */ diff --git a/src/tests/load-pgp.cpp b/src/tests/load-pgp.cpp index 560ed3df2..f1a3abcf6 100644 --- a/src/tests/load-pgp.cpp +++ b/src/tests/load-pgp.cpp @@ -112,7 +112,7 @@ TEST_F(rnp_tests, test_load_v4_keyring_pgp) // find the key by keyid static const std::string keyid = "8a05b89fad5aded1"; - const pgp_key_t * key = rnp_tests_get_key_by_id(key_store, keyid); + const pgp_key_t *key = rnp_tests_get_key_by_id(key_store, keyid); assert_non_null(key); // confirm the key flags are correct @@ -124,7 +124,7 @@ TEST_F(rnp_tests, test_load_v4_keyring_pgp) /* Just a helper for the below test */ static void -check_pgp_keyring_counts(const char * path, +check_pgp_keyring_counts(const char *path, unsigned primary_count, const unsigned subkey_counts[]) { @@ -186,7 +186,7 @@ TEST_F(rnp_tests, test_load_keyring_and_count_pgp) */ TEST_F(rnp_tests, test_load_check_bitfields_and_times) { - const pgp_key_t * key; + const pgp_key_t *key; const pgp_signature_t *sig = NULL; // load keyring @@ -330,7 +330,7 @@ TEST_F(rnp_tests, test_load_check_bitfields_and_times) TEST_F(rnp_tests, test_load_check_bitfields_and_times_v3) { pgp_key_id_t keyid = {}; - const pgp_key_t * key; + const pgp_key_t *key; const pgp_signature_t *sig = NULL; // load keyring @@ -458,7 +458,7 @@ check_subkey_fp(pgp_key_t *key, pgp_key_t *subkey, size_t index) TEST_F(rnp_tests, test_load_merge) { - pgp_key_t * key, *skey1, *skey2; + pgp_key_t *key, *skey1, *skey2; pgp_transferable_key_t tkey = {}; pgp_transferable_subkey_t tskey = {}; pgp_password_provider_t provider = {}; diff --git a/src/tests/partial-length.cpp b/src/tests/partial-length.cpp index 1e0b3cb96..359025828 100644 --- a/src/tests/partial-length.cpp +++ b/src/tests/partial-length.cpp @@ -203,7 +203,7 @@ TEST_F(rnp_tests, test_partial_length_first_packet_length) assert_rnp_success(rnp_op_sign_execute(sign)); // read from the saved packets pgp_source_t src; - uint8_t * mem = NULL; + uint8_t *mem = NULL; size_t len = 0; assert_rnp_success(rnp_output_memory_get_buf(output, &mem, &len, false)); assert_rnp_success(init_mem_src(&src, mem, len, false)); diff --git a/src/tests/pipe.cpp b/src/tests/pipe.cpp index 6f680872b..df63816c5 100644 --- a/src/tests/pipe.cpp +++ b/src/tests/pipe.cpp @@ -52,7 +52,7 @@ error_writer(void *app_ctx, const void *buf, size_t len) TEST_F(rnp_tests, test_pipe) { - uint8_t * buf = NULL; + uint8_t *buf = NULL; size_t buf_size = 0; rnp_input_t input = NULL; rnp_output_t output = NULL; diff --git a/src/tests/pqc.cpp b/src/tests/pqc.cpp index 856e1f957..314ec3fc9 100644 --- a/src/tests/pqc.cpp +++ b/src/tests/pqc.cpp @@ -39,17 +39,17 @@ TEST_F(rnp_tests, test_kyber_key_function) { kyber_parameter_e params[2] = {kyber_768, kyber_1024}; - for(kyber_parameter_e param : params) - { + for (kyber_parameter_e param : params) { + auto public_and_private_key = kyber_generate_keypair(&global_ctx.rng, param); - auto public_and_private_key = kyber_generate_keypair(&global_ctx.rng, param); - - kyber_encap_result_t encap_res = public_and_private_key.first.encapsulate(&global_ctx.rng); - - std::vector decrypted = public_and_private_key.second.decapsulate(&global_ctx.rng, encap_res.ciphertext.data(), encap_res.ciphertext.size()); - assert_int_equal(encap_res.symmetric_key.size(), decrypted.size()); - assert_memory_equal(encap_res.symmetric_key.data(), decrypted.data(), decrypted.size()); + kyber_encap_result_t encap_res = + public_and_private_key.first.encapsulate(&global_ctx.rng); + std::vector decrypted = public_and_private_key.second.decapsulate( + &global_ctx.rng, encap_res.ciphertext.data(), encap_res.ciphertext.size()); + assert_int_equal(encap_res.symmetric_key.size(), decrypted.size()); + assert_memory_equal( + encap_res.symmetric_key.data(), decrypted.data(), decrypted.size()); } } @@ -69,23 +69,28 @@ TEST_F(rnp_tests, test_dilithium_key_function) } } -TEST_F(rnp_tests, test_dilithium_exdsa_direct) +TEST_F(rnp_tests, test_dilithium_exdsa_direct) { - pgp_pubkey_alg_t algs[] = {PGP_PKA_DILITHIUM3_ED25519, /* PGP_PKA_DILITHIUM5_ED448,*/ PGP_PKA_DILITHIUM3_P256, PGP_PKA_DILITHIUM5_P384, PGP_PKA_DILITHIUM3_BP256, PGP_PKA_DILITHIUM5_BP384}; - + pgp_pubkey_alg_t algs[] = {PGP_PKA_DILITHIUM3_ED25519, + /* PGP_PKA_DILITHIUM5_ED448,*/ PGP_PKA_DILITHIUM3_P256, + PGP_PKA_DILITHIUM5_P384, + PGP_PKA_DILITHIUM3_BP256, + PGP_PKA_DILITHIUM5_BP384}; + for (size_t i = 0; i < ARRAY_SIZE(algs); i++) { uint8_t message[64]; const pgp_hash_alg_t hash_alg = PGP_HASH_SHA512; // Generate test data. Mainly to make valgrind not to complain about uninitialized data global_ctx.rng.get(message, sizeof(message)); - - pgp_dilithium_exdsa_key_t key; + + pgp_dilithium_exdsa_key_t key; pgp_dilithium_exdsa_signature_t sig; assert_rnp_success( - pgp_dilithium_exdsa_composite_key_t::gen_keypair(&global_ctx.rng, &key, algs[i])); + pgp_dilithium_exdsa_composite_key_t::gen_keypair(&global_ctx.rng, &key, algs[i])); - assert_rnp_success(key.priv.sign(&global_ctx.rng, &sig, hash_alg, message, sizeof(message))); + assert_rnp_success( + key.priv.sign(&global_ctx.rng, &sig, hash_alg, message, sizeof(message))); assert_rnp_success(key.pub.verify(&sig, hash_alg, message, sizeof(message))); // Fails because message won't verify @@ -99,9 +104,9 @@ TEST_F(rnp_tests, test_dilithium_exdsa_direct) sig.sig.data()[0] = ~sig.sig.data()[0]; // Fails because second sig won't verify - sig.sig.data()[sig.sig.size()-1] = ~sig.sig.data()[sig.sig.size()-1]; + sig.sig.data()[sig.sig.size() - 1] = ~sig.sig.data()[sig.sig.size() - 1]; assert_rnp_failure(key.pub.verify(&sig, hash_alg, message, sizeof(message))); - sig.sig.data()[sig.sig.size()-1] = ~sig.sig.data()[sig.sig.size()-1]; + sig.sig.data()[sig.sig.size() - 1] = ~sig.sig.data()[sig.sig.size() - 1]; } } diff --git a/src/tests/s2k-iterations.cpp b/src/tests/s2k-iterations.cpp index 594fe0f22..5941ea7bf 100644 --- a/src/tests/s2k-iterations.cpp +++ b/src/tests/s2k-iterations.cpp @@ -40,7 +40,7 @@ test_s2k_iterations_value(rnp_ffi_t ffi, rnp_input_t input = NULL; rnp_output_t output = NULL; rnp_op_encrypt_t op = NULL; - const char * message = "RNP encryption sample message"; + const char *message = "RNP encryption sample message"; assert_rnp_success( rnp_input_from_memory(&input, (uint8_t *) message, strlen(message), false)); assert_rnp_success(rnp_output_to_memory(&output, 1024)); @@ -52,8 +52,8 @@ test_s2k_iterations_value(rnp_ffi_t ffi, // testing the saved packets { rnp_input_t input_dump = NULL; - char * json = NULL; - uint8_t * mem = NULL; + char *json = NULL; + uint8_t *mem = NULL; size_t len = 0; // get the output and dump it to JSON assert_rnp_success(rnp_output_memory_get_buf(output, &mem, &len, false)); diff --git a/src/tests/streams.cpp b/src/tests/streams.cpp index c0bf69830..bf1d0a9e5 100644 --- a/src/tests/streams.cpp +++ b/src/tests/streams.cpp @@ -73,8 +73,8 @@ TEST_F(rnp_tests, test_stream_memory) const char *data = "Sample data to test memory streams"; size_t datalen; pgp_dest_t memdst; - void * mown; - void * mcpy; + void *mown; + void *mcpy; datalen = strlen(data) + 1; @@ -103,7 +103,7 @@ TEST_F(rnp_tests, test_stream_memory_discard) { pgp_dest_t memdst = {}; char mem[32]; - const char * hexes = "123456789ABCDEF"; + const char *hexes = "123456789ABCDEF"; const size_t hexes_len = 15; /* init mem dst and write some data */ @@ -176,10 +176,10 @@ copy_tmp_path(char *buf, size_t buflen, pgp_dest_t *dst) TEST_F(rnp_tests, test_stream_file) { - const char * filename = "dummyfile.dat"; - const char * dirname = "dummydir"; - const char * file2name = "dummydir/dummyfile.dat"; - const char * filedata = "dummy message to be stored in the file"; + const char *filename = "dummyfile.dat"; + const char *dirname = "dummydir"; + const char *file2name = "dummydir/dummyfile.dat"; + const char *filedata = "dummy message to be stored in the file"; const int iterations = 10000; const int filedatalen = strlen(filedata); char tmpname[128] = {0}; @@ -338,7 +338,7 @@ TEST_F(rnp_tests, test_stream_signatures) rnp_key_store_t *secring; pgp_signature_t sig; pgp_source_t sigsrc; - pgp_key_t * key = NULL; + pgp_key_t *key = NULL; /* load keys */ pubring = new rnp_key_store_t( @@ -439,7 +439,7 @@ TEST_F(rnp_tests, test_stream_key_load) pgp_key_sequence_t keyseq; pgp_key_id_t keyid = {}; pgp_fingerprint_t keyfp; - pgp_transferable_key_t * key = NULL; + pgp_transferable_key_t *key = NULL; pgp_transferable_subkey_t *skey = NULL; /* public keyring, read-save-read-save armored-read */ @@ -746,7 +746,7 @@ buggy_key_load_single(const void *keydata, size_t keylen) pgp_source_t memsrc = {0}; pgp_key_sequence_t keyseq; size_t partlen; - uint8_t * dataptr; + uint8_t *dataptr; /* try truncated load */ for (partlen = 1; partlen < keylen; partlen += 15) { @@ -827,7 +827,7 @@ TEST_F(rnp_tests, test_stream_key_decrypt) { pgp_source_t keysrc = {0}; pgp_key_sequence_t keyseq; - pgp_transferable_key_t * key = NULL; + pgp_transferable_key_t *key = NULL; pgp_transferable_subkey_t *subkey = NULL; /* load and decrypt secret keyring */ @@ -995,7 +995,7 @@ TEST_F(rnp_tests, test_stream_key_signatures) { pgp_source_t keysrc = {0}; pgp_key_sequence_t keyseq; - pgp_key_t * pkey = NULL; + pgp_key_t *pkey = NULL; pgp_signature_info_t sinfo = {}; /* v3 public key */ @@ -1255,7 +1255,7 @@ check_dump_file_json(const char *file, bool mpi, bool grip) { pgp_source_t src; rnp_dump_ctx_t ctx = {0}; - json_object * jso = NULL; + json_object *jso = NULL; ctx.dump_mpi = mpi; ctx.dump_grips = grip; @@ -1466,7 +1466,7 @@ TEST_F(rnp_tests, test_stream_814_dearmor_double_free) { pgp_source_t src; pgp_dest_t dst; - const char * buf = "-----BEGIN PGP BAD HEADER-----"; + const char *buf = "-----BEGIN PGP BAD HEADER-----"; assert_rnp_success(init_mem_src(&src, buf, strlen(buf), false)); assert_rnp_success(init_null_dest(&dst)); @@ -1620,7 +1620,7 @@ add_openpgp_layers(const char *msg, pgp_dest_t &pgpdst, int compr, int encr) /* add compression layers */ for (int i = 0; i < compr; i++) { - pgp_compression_type_t alg = (pgp_compression_type_t)((i % 3) + 1); + pgp_compression_type_t alg = (pgp_compression_type_t) ((i % 3) + 1); assert_rnp_success(init_mem_dest(&dst, NULL, 0)); assert_rnp_success(rnp_compress_src(src, dst, alg, 9)); src_close(&src); diff --git a/src/tests/support.cpp b/src/tests/support.cpp index fbec319bf..59c8b1575 100644 --- a/src/tests/support.cpp +++ b/src/tests/support.cpp @@ -209,7 +209,7 @@ is_tmp_path(const char *path) rlpath = strdup(path); } const char *tmp = get_tmp(); - char * rltmp = realpath(tmp, NULL); + char *rltmp = realpath(tmp, NULL); if (!rltmp) { rltmp = strdup(tmp); } @@ -311,7 +311,7 @@ make_temp_dir() } const char *tmplate = "/rnp-gtest-XXXXXX"; - char * buffer = (char *) calloc(1, strlen(rltmp) + strlen(tmplate) + 1); + char *buffer = (char *) calloc(1, strlen(rltmp) + strlen(tmplate) + 1); if (buffer == NULL) { return NULL; } @@ -545,19 +545,19 @@ cli_set_default_rsa_key_desc(rnp_cfg &cfg, const char *hashalg) // this is a password callback that will always fail bool failing_password_callback(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata) + void *userdata) { return false; } bool ffi_failing_password_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { return false; @@ -565,10 +565,10 @@ ffi_failing_password_provider(rnp_ffi_t ffi, bool ffi_asserting_password_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { EXPECT_TRUE(false); @@ -577,10 +577,10 @@ ffi_asserting_password_provider(rnp_ffi_t ffi, bool ffi_string_password_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { size_t pass_len = strlen((const char *) app_ctx); @@ -594,9 +594,9 @@ ffi_string_password_provider(rnp_ffi_t ffi, // this is a password callback that should never be called bool asserting_password_callback(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata) + void *userdata) { EXPECT_TRUE(false); return false; @@ -606,9 +606,9 @@ asserting_password_callback(const pgp_password_ctx_t *ctx, // the password buffer bool string_copy_password_callback(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata) + void *userdata) { const char *str = (const char *) userdata; strncpy(password, str, password_size - 1); @@ -617,7 +617,7 @@ string_copy_password_callback(const pgp_password_ctx_t *ctx, void unused_getkeycb(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, const char *identifier_type, const char *identifier, bool secret) @@ -627,10 +627,10 @@ unused_getkeycb(rnp_ffi_t ffi, bool unused_getpasscb(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len) { EXPECT_TRUE(false); diff --git a/src/tests/support.h b/src/tests/support.h index 620692450..b49ca0cb4 100644 --- a/src/tests/support.h +++ b/src/tests/support.h @@ -141,65 +141,65 @@ bool setupPasswordfd(int *pipefd); /* Common initialization of rnp structure : home path, keystore format and pointer to store * password fd */ -bool setup_cli_rnp_common(cli_rnp_t * rnp, +bool setup_cli_rnp_common(cli_rnp_t *rnp, const char *ks_format, const char *homedir, - int * pipefd); + int *pipefd); /* Initialize key generation params with default values and specified hash algorithm */ void cli_set_default_rsa_key_desc(rnp_cfg &cfg, const char *hash); // this is a password callback that will always fail bool failing_password_callback(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata); + void *userdata); bool ffi_failing_password_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len); // this is a password callback that should never be called bool asserting_password_callback(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata); + void *userdata); bool ffi_asserting_password_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len); // this is a password callback that just copies the string in userdata to // the password buffer bool string_copy_password_callback(const pgp_password_ctx_t *ctx, - char * password, + char *password, size_t password_size, - void * userdata); + void *userdata); bool ffi_string_password_provider(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len); void unused_getkeycb(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, const char *identifier_type, const char *identifier, bool secret); bool unused_getpasscb(rnp_ffi_t ffi, - void * app_ctx, + void *app_ctx, rnp_key_handle_t key, - const char * pgp_context, - char * buf, + const char *pgp_context, + char *buf, size_t buf_len); bool starts_with(const std::string &data, const std::string &match); @@ -209,16 +209,16 @@ std::string fmt(const char *format, ...); std::string strip_eol(const std::string &str); std::string lowercase(const std::string &str); -bool check_json_field_str(json_object * obj, +bool check_json_field_str(json_object *obj, const std::string &field, const std::string &value); bool check_json_field_int(json_object *obj, const std::string &field, int value); bool check_json_field_bool(json_object *obj, const std::string &field, bool value); bool check_json_pkt_type(json_object *pkt, int tag); -pgp_key_t *rnp_tests_get_key_by_id(rnp_key_store_t * keyring, +pgp_key_t *rnp_tests_get_key_by_id(rnp_key_store_t *keyring, const std::string &keyid, - pgp_key_t * after = NULL); + pgp_key_t *after = NULL); pgp_key_t *rnp_tests_get_key_by_fpr(rnp_key_store_t *keyring, const std::string &keyid); pgp_key_t *rnp_tests_get_key_by_grip(rnp_key_store_t *keyring, const std::string &grip); pgp_key_t *rnp_tests_get_key_by_grip(rnp_key_store_t *keyring, const pgp_key_grip_t &grip); @@ -255,11 +255,11 @@ size_t get_key_uids(rnp_key_handle_t key); bool check_sub_valid(rnp_key_handle_t key, size_t idx, bool validity); bool check_uid_valid(rnp_key_handle_t key, size_t idx, bool valid); bool check_uid_primary(rnp_key_handle_t key, size_t idx, bool primary); -void check_loaded_keys(const char * format, +void check_loaded_keys(const char *format, bool armored, - uint8_t * buf, + uint8_t *buf, size_t buf_len, - const char * id_type, + const char *id_type, const std::vector &expected_ids, bool secret);