summaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2010-11-26 02:00:31 +0100
committerMiloslav Trmač <mitr@redhat.com>2010-11-26 02:00:31 +0100
commite7fa04556e265d65232d6ef2afc6c0c472198011 (patch)
tree643f5a76d98b49b051ccc47575d5a72f6a763afe /lib
parent21c90e0365ac50c57ad5a3493582e996a236d1a3 (diff)
downloadncrypto-e7fa04556e265d65232d6ef2afc6c0c472198011.tar.gz
ncrypto-e7fa04556e265d65232d6ef2afc6c0c472198011.tar.xz
ncrypto-e7fa04556e265d65232d6ef2afc6c0c472198011.zip
Pass MPIs around in arrays, not named parameters
Diffstat (limited to 'lib')
-rw-r--r--lib/ncrypto_nss.c242
1 files changed, 108 insertions, 134 deletions
diff --git a/lib/ncrypto_nss.c b/lib/ncrypto_nss.c
index ac0818b..dfd342c 100644
--- a/lib/ncrypto_nss.c
+++ b/lib/ncrypto_nss.c
@@ -652,20 +652,81 @@ ncr_private_key_destroy (struct ncr_private_key *key)
return CKR_OK;
}
+ /* Multi-precision integers */
+
+/* Validate SRC and use it to set up DEST for ASN.1 encoding */
+static CK_RV
+mpi_create_SECItems_for_encoding (SECItem *dest, const struct ncr_mpi *src,
+ size_t num)
+{
+ size_t i;
+
+ g_return_val_if_fail (src != NULL, CKR_ARGUMENTS_BAD);
+ for (i = 0; i < num; i++)
+ g_return_val_if_fail (src[i].data != NULL, CKR_ARGUMENTS_BAD);
+
+ for (i = 0; i < num; i++)
+ {
+ dest[i].type = siUnsignedInteger;
+ dest[i].data = src[i].data;
+ dest[i].len = src[i].size;
+ }
+ return CKR_OK;
+}
+
+/* Handle of decoded SRC to DEST */
+static CK_RV
+mpi_output_decoded_SECItems (struct ncr_mpi *dest, const SECItem *src,
+ size_t num)
+{
+ size_t i;
+ CK_RV res;
+
+ for (i = 0; i < num; i++)
+ {
+ if (dest[i].data == NULL)
+ goto sizes_only;
+ }
+
+ res = CKR_OK;
+ for (i = 0; i < num; i++)
+ {
+ if (dest[i].size < src[i].len)
+ res = CKR_BUFFER_TOO_SMALL;
+ dest[i].size = src[i].len;
+ }
+ if (res != CKR_OK)
+ return res;
+
+ for (i = 0; i < num; i++)
+ memcpy (dest[i].data, src[i].data, src[i].len);
+
+ return CKR_OK;
+
+ sizes_only:
+ for (i = 0; i < num; i++)
+ dest[i].size = src[i].len;
+ return CKR_OK;
+}
+
/* RSA keys */
struct rsa_public_key
{
- SECItem modulus, public_exponent;
+ SECItem items[NCR_RSA_PUBLIC_NUM_MPIS];
};
static const SEC_ASN1Template rsa_public_key_asn1_template[] =
{
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof (struct rsa_public_key) },
#define INT(X) \
- { SEC_ASN1_INTEGER, offsetof (struct rsa_public_key, X), NULL, 0, }
+ { \
+ SEC_ASN1_INTEGER, \
+ offsetof (struct rsa_public_key, items) + (X) * sizeof (SECItem), NULL, \
+ 0 \
+ }
- INT (modulus), INT (public_exponent),
+ INT (NCR_RSA_PUBLIC_MPI_MODULUS), INT (NCR_RSA_PUBLIC_MPI_PUBLIC_EXPONENT),
#undef INT
{ 0, 0, NULL, 0 }
};
@@ -673,27 +734,34 @@ static const SEC_ASN1Template rsa_public_key_asn1_template[] =
struct rsa_private_key
{
SECItem version;
- SECItem modulus, public_exponent, private_exponent, prime_1, prime_2;
- SECItem exponent_1, exponent_2, coefficient;
+ SECItem items[NCR_RSA_PRIVATE_NUM_MPIS];
};
static const SEC_ASN1Template rsa_private_key_asn1_template[] =
{
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof (struct rsa_private_key) },
+ { SEC_ASN1_INTEGER, offsetof (struct rsa_private_key, version), NULL, 0 },
#define INT(X) \
- { SEC_ASN1_INTEGER, offsetof (struct rsa_private_key, X), NULL, 0 }
+ { \
+ SEC_ASN1_INTEGER, \
+ offsetof (struct rsa_private_key, items) + (X) * sizeof (SECItem), NULL, \
+ 0 \
+ }
- INT (version),
- INT (modulus), INT (public_exponent), INT (private_exponent), INT (prime_1),
- INT (prime_2), INT (exponent_1), INT (exponent_2), INT (coefficient),
+ INT (NCR_RSA_PRIVATE_MPI_MODULUS),
+ INT (NCR_RSA_PRIVATE_MPI_PUBLIC_EXPONENT),
+ INT (NCR_RSA_PRIVATE_MPI_PRIVATE_EXPONENT),
+ INT (NCR_RSA_PRIVATE_MPI_PRIME_1), INT (NCR_RSA_PRIVATE_MPI_PRIME_2),
+ INT (NCR_RSA_PRIVATE_MPI_EXPONENT_1), INT (NCR_RSA_PRIVATE_MPI_EXPONENT_2),
+ INT (NCR_RSA_PRIVATE_MPI_COEFFICIENT),
#undef INT
{ 0, 0, NULL, 0 }
};
CK_RV
-ncr_public_key_create_rsa (struct ncr_public_key **key, const void *modulus,
- size_t modulus_size, const void *public_exponent,
- size_t public_exponent_size)
+ncr_public_key_create_rsa (struct ncr_public_key **key,
+ const struct ncr_mpi
+ mpis[static NCR_RSA_PUBLIC_NUM_MPIS])
{
struct rsa_public_key der_input;
SECItem der_key;
@@ -703,17 +771,10 @@ ncr_public_key_create_rsa (struct ncr_public_key **key, const void *modulus,
if (res != CKR_OK)
return res;
- g_return_val_if_fail (modulus != NULL, CKR_ARGUMENTS_BAD);
- g_return_val_if_fail (public_exponent != NULL, CKR_ARGUMENTS_BAD);
-
-#define INT(X) \
- der_input.X.type = siUnsignedInteger; \
- der_input.X.data = (void *)X; \
- der_input.X.len = X##_size;
-
- INT (modulus);
- INT (public_exponent);
-#undef INT
+ res = mpi_create_SECItems_for_encoding (der_input.items, mpis,
+ NCR_RSA_PUBLIC_NUM_MPIS);
+ if (res != CKR_OK)
+ return res;
der_key.data = NULL;
der_key.len = 0;
@@ -728,9 +789,8 @@ ncr_public_key_create_rsa (struct ncr_public_key **key, const void *modulus,
}
CK_RV
-ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
- size_t *modulus_size_ptr, void *public_exponent,
- size_t *public_exponent_size_ptr)
+ncr_public_key_export_rsa (struct ncr_public_key *key,
+ struct ncr_mpi mpis[static NCR_RSA_PUBLIC_NUM_MPIS])
{
struct rsa_public_key der_output;
PRArenaPool *arena;
@@ -738,13 +798,13 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
void *der_key;
size_t der_key_size;
CK_RV res;
+ size_t i;
res = ensure_ncr_is_open ();
if (res != CKR_OK)
return res;
- g_return_val_if_fail (modulus_size_ptr != NULL, CKR_ARGUMENTS_BAD);
- g_return_val_if_fail (public_exponent_size_ptr != NULL, CKR_ARGUMENTS_BAD);
+ g_return_val_if_fail (mpis != NULL, CKR_ARGUMENTS_BAD);
/* Ugly... the PLArenaPool type is from NSPR, but NSS implementation accesses
memory only initialized through NSS's PORT_* */
@@ -764,8 +824,8 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
goto end_der_spki;
}
/* Setting type to siUnsignedInteger requests removal of leading zeroes. */
- der_output.modulus.type = siUnsignedInteger;
- der_output.public_exponent.type = siUnsignedInteger;
+ for (i = 0; i < NCR_RSA_PUBLIC_NUM_MPIS; i++)
+ der_output.items[i].type = siUnsignedInteger;
if (SEC_QuickDERDecodeItem (arena, &der_output, rsa_public_key_asn1_template,
&der_key_item) != SECSuccess)
{
@@ -773,26 +833,8 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
goto end_der_spki;
}
- if (modulus == NULL || public_exponent == NULL)
- {
- *modulus_size_ptr = der_output.modulus.len;
- *public_exponent_size_ptr = der_output.public_exponent.len;
- res = CKR_OK;
- goto end_der_spki;
- }
- res = CKR_OK;
- if (*modulus_size_ptr < der_output.modulus.len)
- res = CKR_BUFFER_TOO_SMALL;
- *modulus_size_ptr = der_output.modulus.len;
- if (*public_exponent_size_ptr < der_output.public_exponent.len)
- res = CKR_BUFFER_TOO_SMALL;
- *public_exponent_size_ptr = der_output.public_exponent.len;
- if (res != CKR_OK)
- goto end_der_spki;
-
- memcpy (modulus, der_output.modulus.data, der_output.modulus.len);
- memcpy (public_exponent, der_output.public_exponent.data,
- der_output.public_exponent.len);
+ res = mpi_output_decoded_SECItems(mpis, der_output.items,
+ NCR_RSA_PUBLIC_NUM_MPIS);
end_der_spki:
SECITEM_FreeItem (der_spki, PR_TRUE);
@@ -803,16 +845,8 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
CK_RV
ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive,
- const void *modulus, size_t modulus_size,
- const void *public_exponent,
- size_t public_exponent_size,
- const void *private_exponent,
- size_t private_exponent_size, const void *prime_1,
- size_t prime_1_size, const void *prime_2,
- size_t prime_2_size, const void *exponent_1,
- size_t exponent_1_size, const void *exponent_2,
- size_t exponent_2_size, const void *coefficient,
- size_t coefficient_size)
+ const struct ncr_mpi
+ mpis[static NCR_RSA_PRIVATE_NUM_MPIS])
{
static const uint8_t zero; /* = 0; */
@@ -824,27 +858,14 @@ ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive,
if (res != CKR_OK)
return res;
- g_return_val_if_fail (modulus != NULL, CKR_ARGUMENTS_BAD);
- g_return_val_if_fail (public_exponent != NULL, CKR_ARGUMENTS_BAD);
+ res = mpi_create_SECItems_for_encoding (der_input.items, mpis,
+ NCR_RSA_PRIVATE_NUM_MPIS);
+ if (res != CKR_OK)
+ return res;
der_input.version.type = siUnsignedInteger;
der_input.version.data = (void *)&zero;
der_input.version.len = sizeof (zero);
-#define INT(X) \
- der_input.X.type = siUnsignedInteger; \
- der_input.X.data = (void *)X; \
- der_input.X.len = X##_size;
-
- INT (modulus);
- INT (public_exponent);
- INT (private_exponent);
- INT (prime_1);
- INT (prime_2);
- INT (exponent_1);
- INT (exponent_2);
- INT (coefficient);
-#undef INT
-
der_key.data = NULL;
der_key.len = 0;
if (SEC_ASN1EncodeItem (NULL, &der_key, &der_input,
@@ -852,48 +873,28 @@ ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive,
return CKR_HOST_MEMORY;
res = private_key_create (key, CKK_RSA, sensitive, &der_key,
- &der_input.modulus);
+ &der_input.items[NCR_RSA_PRIVATE_MPI_MODULUS]);
PORT_Free (der_key.data);
return res;
}
CK_RV
-ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus,
- size_t *modulus_size_ptr, void *public_exponent,
- size_t *public_exponent_size_ptr,
- void *private_exponent,
- size_t *private_exponent_size_ptr,
- void *prime_1, size_t *prime_1_size_ptr,
- void *prime_2, size_t *prime_2_size_ptr,
- void *exponent_1, size_t *exponent_1_size_ptr,
- void *exponent_2, size_t *exponent_2_size_ptr,
- void *coefficient, size_t *coefficient_size_ptr)
+ncr_private_key_export_rsa (struct ncr_private_key *key,
+ struct ncr_mpi
+ mpis[static NCR_RSA_PRIVATE_NUM_MPIS])
{
struct rsa_private_key der_output;
PRArenaPool *arena;
SECItem der_key;
CK_RV res;
-
- /* This works in C because "INT" is expanded only at the point where ALL_INTS
- is used. */
-#define ALL_INTS \
- INT (modulus); \
- INT (public_exponent); \
- INT (private_exponent); \
- INT (prime_1); \
- INT (prime_2); \
- INT (exponent_1); \
- INT (exponent_2); \
- INT (coefficient);
+ size_t i;
res = ensure_ncr_is_open ();
if (res != CKR_OK)
return res;
-#define INT(X) g_return_val_if_fail (X##_size_ptr != NULL, CKR_ARGUMENTS_BAD)
- ALL_INTS;
-#undef INT
+ g_return_val_if_fail (mpis != NULL, CKR_ARGUMENTS_BAD);
/* Ugly... the PLArenaPool type is from NSPR, but NSS implementation accesses
memory only initialized through NSS's PORT_* */
@@ -907,9 +908,8 @@ ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus,
/* Setting type to siUnsignedInteger requests removal of leading zeroes. */
der_output.version.type = siUnsignedInteger;
-#define INT(X) der_output.X.type = siUnsignedInteger
- ALL_INTS;
-#undef INT
+ for (i = 0; i < NCR_RSA_PRIVATE_NUM_MPIS; i++)
+ der_output.items[i].type = siUnsignedInteger;
if (SEC_QuickDERDecodeItem (arena, &der_output, rsa_private_key_asn1_template,
&der_key) != SECSuccess)
{
@@ -917,38 +917,12 @@ ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus,
goto end;
}
- if (modulus == NULL || public_exponent == NULL || private_exponent == NULL
- || prime_1 == NULL || prime_2 == NULL || exponent_1 == NULL
- || exponent_2 == NULL || coefficient == NULL)
- {
-#define INT(X) *X##_size_ptr = der_output.X.len
- ALL_INTS;
-#undef INT
- res = CKR_OK;
- goto end;
- }
- res = CKR_OK;
-#define INT(X) \
- do \
- { \
- if (*X##_size_ptr < der_output.X.len) \
- res = CKR_BUFFER_TOO_SMALL; \
- *X##_size_ptr = der_output.X.len; \
- } \
- while (0)
- ALL_INTS;
-#undef INT
- if (res != CKR_OK)
- goto end;
-
-#define INT(X) memcpy((X), der_output.X.data, der_output.X.len)
- ALL_INTS;
-#undef INT
+ res = mpi_output_decoded_SECItems(mpis, der_output.items,
+ NCR_RSA_PRIVATE_NUM_MPIS);
end:
PORT_FreeArena (arena, PR_TRUE);
return res;
-#undef DO_INTS
}
/* Asymmetric operations */
generated by cgit (git 2.34.1) at 2026-01-06 01:00:52 +0000