diff options
-rw-r--r-- | include/ncrypto/ncrypto.h | 70 | ||||
-rw-r--r-- | lib/ncrypto_nss.c | 242 | ||||
-rw-r--r-- | tests/rsa.c | 120 |
3 files changed, 204 insertions, 228 deletions
diff --git a/include/ncrypto/ncrypto.h b/include/ncrypto/ncrypto.h index fe10d9f..16d8258 100644 --- a/include/ncrypto/ncrypto.h +++ b/include/ncrypto/ncrypto.h @@ -86,42 +86,50 @@ CK_RV ncr_private_key_export (struct ncr_private_key *key, void *dest, size_t *dest_size_ptr); CK_RV ncr_private_key_destroy (struct ncr_private_key *key); + /* Multi-precision integers */ + +/* This is used to avoid e.g. 8 separate parameters for RSA private key + passing. */ +struct ncr_mpi +{ + void *data; + size_t size; +}; + /* RSA keys */ +enum + { + NCR_RSA_PUBLIC_MPI_MODULUS, + NCR_RSA_PUBLIC_MPI_PUBLIC_EXPONENT, + NCR_RSA_PUBLIC_NUM_MPIS + }; + +enum + { + NCR_RSA_PRIVATE_MPI_MODULUS, + NCR_RSA_PRIVATE_MPI_PUBLIC_EXPONENT, + NCR_RSA_PRIVATE_MPI_PRIVATE_EXPONENT, + NCR_RSA_PRIVATE_MPI_PRIME_1, + NCR_RSA_PRIVATE_MPI_PRIME_2, + NCR_RSA_PRIVATE_MPI_EXPONENT_1, + NCR_RSA_PRIVATE_MPI_EXPONENT_2, + NCR_RSA_PRIVATE_MPI_COEFFICIENT, + NCR_RSA_PRIVATE_NUM_MPIS + }; + CK_RV ncr_public_key_create_rsa (struct ncr_public_key **key, - const void *modulus, size_t modulus_size, - const void *public_exponent, - size_t public_exponent_size); + const struct ncr_mpi + mpis[static NCR_RSA_PUBLIC_NUM_MPIS]); CK_RV ncr_public_key_export_rsa (struct ncr_public_key *key, - void *modulus, size_t *modulus_size_ptr, - void *public_exponent, - size_t *public_exponent_size_ptr); + struct ncr_mpi + mpis [static NCR_RSA_PUBLIC_NUM_MPIS]); CK_RV ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive, - const void *modulus, size_t modulus_size, - const void *public_exponent, - size_t public_exponent_size, - const void *private_exponent, - size_t private_exponent_size, - const void *prime_1, size_t prime_1_size, - const void *prime_2, size_t prime_2_size, - const void *exponent_1, - size_t exponent_1_size, - const void *exponent_2, - size_t exponent_2_size, - const void *coefficient, - size_t coefficient_size); -CK_RV ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus, - size_t *modulus_size_ptr, - void *public_exponent, - size_t *public_exponent_size_ptr, - void *private_exponent, - size_t *private_exponent_size_ptr, - void *prime_1, size_t *prime_1_size_ptr, - void *prime_2, size_t *prime_2_size_ptr, - void *exponent_1, size_t *exponent_1_size_ptr, - void *exponent_2, size_t *exponent_2_size_ptr, - void *coefficient, - size_t *coefficient_size_ptr); + const struct ncr_mpi + mpis[static NCR_RSA_PRIVATE_NUM_MPIS]); +CK_RV ncr_private_key_export_rsa (struct ncr_private_key *key, + struct ncr_mpi + mpis[static NCR_RSA_PRIVATE_NUM_MPIS]); /* Asymmetric operations */ diff --git a/lib/ncrypto_nss.c b/lib/ncrypto_nss.c index ac0818b..dfd342c 100644 --- a/lib/ncrypto_nss.c +++ b/lib/ncrypto_nss.c @@ -652,20 +652,81 @@ ncr_private_key_destroy (struct ncr_private_key *key) return CKR_OK; } + /* Multi-precision integers */ + +/* Validate SRC and use it to set up DEST for ASN.1 encoding */ +static CK_RV +mpi_create_SECItems_for_encoding (SECItem *dest, const struct ncr_mpi *src, + size_t num) +{ + size_t i; + + g_return_val_if_fail (src != NULL, CKR_ARGUMENTS_BAD); + for (i = 0; i < num; i++) + g_return_val_if_fail (src[i].data != NULL, CKR_ARGUMENTS_BAD); + + for (i = 0; i < num; i++) + { + dest[i].type = siUnsignedInteger; + dest[i].data = src[i].data; + dest[i].len = src[i].size; + } + return CKR_OK; +} + +/* Handle of decoded SRC to DEST */ +static CK_RV +mpi_output_decoded_SECItems (struct ncr_mpi *dest, const SECItem *src, + size_t num) +{ + size_t i; + CK_RV res; + + for (i = 0; i < num; i++) + { + if (dest[i].data == NULL) + goto sizes_only; + } + + res = CKR_OK; + for (i = 0; i < num; i++) + { + if (dest[i].size < src[i].len) + res = CKR_BUFFER_TOO_SMALL; + dest[i].size = src[i].len; + } + if (res != CKR_OK) + return res; + + for (i = 0; i < num; i++) + memcpy (dest[i].data, src[i].data, src[i].len); + + return CKR_OK; + + sizes_only: + for (i = 0; i < num; i++) + dest[i].size = src[i].len; + return CKR_OK; +} + /* RSA keys */ struct rsa_public_key { - SECItem modulus, public_exponent; + SECItem items[NCR_RSA_PUBLIC_NUM_MPIS]; }; static const SEC_ASN1Template rsa_public_key_asn1_template[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (struct rsa_public_key) }, #define INT(X) \ - { SEC_ASN1_INTEGER, offsetof (struct rsa_public_key, X), NULL, 0, } + { \ + SEC_ASN1_INTEGER, \ + offsetof (struct rsa_public_key, items) + (X) * sizeof (SECItem), NULL, \ + 0 \ + } - INT (modulus), INT (public_exponent), + INT (NCR_RSA_PUBLIC_MPI_MODULUS), INT (NCR_RSA_PUBLIC_MPI_PUBLIC_EXPONENT), #undef INT { 0, 0, NULL, 0 } }; @@ -673,27 +734,34 @@ static const SEC_ASN1Template rsa_public_key_asn1_template[] = struct rsa_private_key { SECItem version; - SECItem modulus, public_exponent, private_exponent, prime_1, prime_2; - SECItem exponent_1, exponent_2, coefficient; + SECItem items[NCR_RSA_PRIVATE_NUM_MPIS]; }; static const SEC_ASN1Template rsa_private_key_asn1_template[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (struct rsa_private_key) }, + { SEC_ASN1_INTEGER, offsetof (struct rsa_private_key, version), NULL, 0 }, #define INT(X) \ - { SEC_ASN1_INTEGER, offsetof (struct rsa_private_key, X), NULL, 0 } + { \ + SEC_ASN1_INTEGER, \ + offsetof (struct rsa_private_key, items) + (X) * sizeof (SECItem), NULL, \ + 0 \ + } - INT (version), - INT (modulus), INT (public_exponent), INT (private_exponent), INT (prime_1), - INT (prime_2), INT (exponent_1), INT (exponent_2), INT (coefficient), + INT (NCR_RSA_PRIVATE_MPI_MODULUS), + INT (NCR_RSA_PRIVATE_MPI_PUBLIC_EXPONENT), + INT (NCR_RSA_PRIVATE_MPI_PRIVATE_EXPONENT), + INT (NCR_RSA_PRIVATE_MPI_PRIME_1), INT (NCR_RSA_PRIVATE_MPI_PRIME_2), + INT (NCR_RSA_PRIVATE_MPI_EXPONENT_1), INT (NCR_RSA_PRIVATE_MPI_EXPONENT_2), + INT (NCR_RSA_PRIVATE_MPI_COEFFICIENT), #undef INT { 0, 0, NULL, 0 } }; CK_RV -ncr_public_key_create_rsa (struct ncr_public_key **key, const void *modulus, - size_t modulus_size, const void *public_exponent, - size_t public_exponent_size) +ncr_public_key_create_rsa (struct ncr_public_key **key, + const struct ncr_mpi + mpis[static NCR_RSA_PUBLIC_NUM_MPIS]) { struct rsa_public_key der_input; SECItem der_key; @@ -703,17 +771,10 @@ ncr_public_key_create_rsa (struct ncr_public_key **key, const void *modulus, if (res != CKR_OK) return res; - g_return_val_if_fail (modulus != NULL, CKR_ARGUMENTS_BAD); - g_return_val_if_fail (public_exponent != NULL, CKR_ARGUMENTS_BAD); - -#define INT(X) \ - der_input.X.type = siUnsignedInteger; \ - der_input.X.data = (void *)X; \ - der_input.X.len = X##_size; - - INT (modulus); - INT (public_exponent); -#undef INT + res = mpi_create_SECItems_for_encoding (der_input.items, mpis, + NCR_RSA_PUBLIC_NUM_MPIS); + if (res != CKR_OK) + return res; der_key.data = NULL; der_key.len = 0; @@ -728,9 +789,8 @@ ncr_public_key_create_rsa (struct ncr_public_key **key, const void *modulus, } CK_RV -ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus, - size_t *modulus_size_ptr, void *public_exponent, - size_t *public_exponent_size_ptr) +ncr_public_key_export_rsa (struct ncr_public_key *key, + struct ncr_mpi mpis[static NCR_RSA_PUBLIC_NUM_MPIS]) { struct rsa_public_key der_output; PRArenaPool *arena; @@ -738,13 +798,13 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus, void *der_key; size_t der_key_size; CK_RV res; + size_t i; res = ensure_ncr_is_open (); if (res != CKR_OK) return res; - g_return_val_if_fail (modulus_size_ptr != NULL, CKR_ARGUMENTS_BAD); - g_return_val_if_fail (public_exponent_size_ptr != NULL, CKR_ARGUMENTS_BAD); + g_return_val_if_fail (mpis != NULL, CKR_ARGUMENTS_BAD); /* Ugly... the PLArenaPool type is from NSPR, but NSS implementation accesses memory only initialized through NSS's PORT_* */ @@ -764,8 +824,8 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus, goto end_der_spki; } /* Setting type to siUnsignedInteger requests removal of leading zeroes. */ - der_output.modulus.type = siUnsignedInteger; - der_output.public_exponent.type = siUnsignedInteger; + for (i = 0; i < NCR_RSA_PUBLIC_NUM_MPIS; i++) + der_output.items[i].type = siUnsignedInteger; if (SEC_QuickDERDecodeItem (arena, &der_output, rsa_public_key_asn1_template, &der_key_item) != SECSuccess) { @@ -773,26 +833,8 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus, goto end_der_spki; } - if (modulus == NULL || public_exponent == NULL) - { - *modulus_size_ptr = der_output.modulus.len; - *public_exponent_size_ptr = der_output.public_exponent.len; - res = CKR_OK; - goto end_der_spki; - } - res = CKR_OK; - if (*modulus_size_ptr < der_output.modulus.len) - res = CKR_BUFFER_TOO_SMALL; - *modulus_size_ptr = der_output.modulus.len; - if (*public_exponent_size_ptr < der_output.public_exponent.len) - res = CKR_BUFFER_TOO_SMALL; - *public_exponent_size_ptr = der_output.public_exponent.len; - if (res != CKR_OK) - goto end_der_spki; - - memcpy (modulus, der_output.modulus.data, der_output.modulus.len); - memcpy (public_exponent, der_output.public_exponent.data, - der_output.public_exponent.len); + res = mpi_output_decoded_SECItems(mpis, der_output.items, + NCR_RSA_PUBLIC_NUM_MPIS); end_der_spki: SECITEM_FreeItem (der_spki, PR_TRUE); @@ -803,16 +845,8 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus, CK_RV ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive, - const void *modulus, size_t modulus_size, - const void *public_exponent, - size_t public_exponent_size, - const void *private_exponent, - size_t private_exponent_size, const void *prime_1, - size_t prime_1_size, const void *prime_2, - size_t prime_2_size, const void *exponent_1, - size_t exponent_1_size, const void *exponent_2, - size_t exponent_2_size, const void *coefficient, - size_t coefficient_size) + const struct ncr_mpi + mpis[static NCR_RSA_PRIVATE_NUM_MPIS]) { static const uint8_t zero; /* = 0; */ @@ -824,27 +858,14 @@ ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive, if (res != CKR_OK) return res; - g_return_val_if_fail (modulus != NULL, CKR_ARGUMENTS_BAD); - g_return_val_if_fail (public_exponent != NULL, CKR_ARGUMENTS_BAD); + res = mpi_create_SECItems_for_encoding (der_input.items, mpis, + NCR_RSA_PRIVATE_NUM_MPIS); + if (res != CKR_OK) + return res; der_input.version.type = siUnsignedInteger; der_input.version.data = (void *)&zero; der_input.version.len = sizeof (zero); -#define INT(X) \ - der_input.X.type = siUnsignedInteger; \ - der_input.X.data = (void *)X; \ - der_input.X.len = X##_size; - - INT (modulus); - INT (public_exponent); - INT (private_exponent); - INT (prime_1); - INT (prime_2); - INT (exponent_1); - INT (exponent_2); - INT (coefficient); -#undef INT - der_key.data = NULL; der_key.len = 0; if (SEC_ASN1EncodeItem (NULL, &der_key, &der_input, @@ -852,48 +873,28 @@ ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive, return CKR_HOST_MEMORY; res = private_key_create (key, CKK_RSA, sensitive, &der_key, - &der_input.modulus); + &der_input.items[NCR_RSA_PRIVATE_MPI_MODULUS]); PORT_Free (der_key.data); return res; } CK_RV -ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus, - size_t *modulus_size_ptr, void *public_exponent, - size_t *public_exponent_size_ptr, - void *private_exponent, - size_t *private_exponent_size_ptr, - void *prime_1, size_t *prime_1_size_ptr, - void *prime_2, size_t *prime_2_size_ptr, - void *exponent_1, size_t *exponent_1_size_ptr, - void *exponent_2, size_t *exponent_2_size_ptr, - void *coefficient, size_t *coefficient_size_ptr) +ncr_private_key_export_rsa (struct ncr_private_key *key, + struct ncr_mpi + mpis[static NCR_RSA_PRIVATE_NUM_MPIS]) { struct rsa_private_key der_output; PRArenaPool *arena; SECItem der_key; CK_RV res; - - /* This works in C because "INT" is expanded only at the point where ALL_INTS - is used. */ -#define ALL_INTS \ - INT (modulus); \ - INT (public_exponent); \ - INT (private_exponent); \ - INT (prime_1); \ - INT (prime_2); \ - INT (exponent_1); \ - INT (exponent_2); \ - INT (coefficient); + size_t i; res = ensure_ncr_is_open (); if (res != CKR_OK) return res; -#define INT(X) g_return_val_if_fail (X##_size_ptr != NULL, CKR_ARGUMENTS_BAD) - ALL_INTS; -#undef INT + g_return_val_if_fail (mpis != NULL, CKR_ARGUMENTS_BAD); /* Ugly... the PLArenaPool type is from NSPR, but NSS implementation accesses memory only initialized through NSS's PORT_* */ @@ -907,9 +908,8 @@ ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus, /* Setting type to siUnsignedInteger requests removal of leading zeroes. */ der_output.version.type = siUnsignedInteger; -#define INT(X) der_output.X.type = siUnsignedInteger - ALL_INTS; -#undef INT + for (i = 0; i < NCR_RSA_PRIVATE_NUM_MPIS; i++) + der_output.items[i].type = siUnsignedInteger; if (SEC_QuickDERDecodeItem (arena, &der_output, rsa_private_key_asn1_template, &der_key) != SECSuccess) { @@ -917,38 +917,12 @@ ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus, goto end; } - if (modulus == NULL || public_exponent == NULL || private_exponent == NULL - || prime_1 == NULL || prime_2 == NULL || exponent_1 == NULL - || exponent_2 == NULL || coefficient == NULL) - { -#define INT(X) *X##_size_ptr = der_output.X.len - ALL_INTS; -#undef INT - res = CKR_OK; - goto end; - } - res = CKR_OK; -#define INT(X) \ - do \ - { \ - if (*X##_size_ptr < der_output.X.len) \ - res = CKR_BUFFER_TOO_SMALL; \ - *X##_size_ptr = der_output.X.len; \ - } \ - while (0) - ALL_INTS; -#undef INT - if (res != CKR_OK) - goto end; - -#define INT(X) memcpy((X), der_output.X.data, der_output.X.len) - ALL_INTS; -#undef INT + res = mpi_output_decoded_SECItems(mpis, der_output.items, + NCR_RSA_PRIVATE_NUM_MPIS); end: PORT_FreeArena (arena, PR_TRUE); return res; -#undef DO_INTS } /* Asymmetric operations */ diff --git a/tests/rsa.c b/tests/rsa.c index 85e1fe6..2eeaa47 100644 --- a/tests/rsa.c +++ b/tests/rsa.c @@ -34,57 +34,61 @@ Red Hat author: Miloslav Trmač <mitr@redhat.com> */ #include <glib.h> #include <ncrypto/ncrypto.h> -static const uint8_t modulus[64] = "\xB8\xC7\x54\x15\x90\xCF\x91\x7A\xF3\x4C\x45\x53\xC2\x0A\xDA\x84\x4C\x09\x48\x10\x06\x41\xC5\x97\x57\x02\xDA\x0E\x7E\x64\x46\xBD\xC6\x75\x42\xCD\x32\x23\x0C\xEC\x2B\x1C\x60\x03\x68\x1E\x4F\x28\x78\xD8\xB0\xC1\xAC\xA7\x21\xE4\x15\x74\x65\x16\x1C\x59\xC8\x85"; -static const uint8_t public_exponent[3] = "\x01\x00\x01"; -static const uint8_t private_exponent[64] = "\x7B\xD6\xC3\xC8\xEC\x53\xE1\x09\xC9\x13\xDE\x06\xE3\xAE\xC8\x83\x10\x3E\xCC\x38\x49\x29\x3D\x97\x4F\x6E\x8E\xDC\x55\xE3\x38\xF1\x03\xEB\xC1\x09\x80\x16\xB8\x9F\xE1\xC0\x21\x77\xD4\xEE\xF7\x30\xD1\x85\x2B\x1F\x4F\xFE\xD1\x01\xCD\x35\x78\x4A\x97\x6F\x38\x65"; -static const uint8_t prime_1[32] = "\xF5\x7E\xFA\xED\xE0\xEC\x9C\x4E\x6F\xDF\xED\x64\x58\xEC\x18\xA9\x8E\x60\x2E\x49\x7E\xDF\x8E\xCF\x9F\xA5\x4A\x32\xA3\x27\x7E\x1B"; -static const uint8_t prime_2[32] = "\xC0\xAF\x49\x15\x49\x8D\x88\xFB\x28\x7D\x33\x25\x07\x37\xE0\x99\x2C\xA8\x6D\x46\x4F\x7D\x7D\x6E\x01\x95\x6B\x2B\x18\x1B\xBD\xDF"; -static const uint8_t exponent_1[32] = "\xC3\x34\x0F\xB4\xBC\x87\x87\x95\xFA\xF1\x14\x63\x19\x2D\xCA\x42\x70\x5A\x5C\x13\xC6\x95\x5E\x8A\x0B\x08\x34\x22\x65\x87\x0E\x87"; -static const uint8_t exponent_2[32] = "\x27\x3B\x89\x85\xEC\x14\x05\x70\x1E\x2E\x5F\xDB\x8A\x3C\xB6\x5E\x79\xD9\x51\x66\x9F\x88\xCD\xA1\x38\x71\x54\x00\xD2\x47\xD3\xC1"; -static const uint8_t coefficient[32] = "\x39\x09\x3A\x43\xCF\xE3\x65\x63\x2F\x5F\x11\xED\x2C\x42\x88\xEF\xCA\x26\x1E\x08\x96\xCF\x0A\x8F\xCB\x88\x45\x50\xEF\x6A\x38\x07"; + +static const struct ncr_mpi import_mpis[NCR_RSA_PRIVATE_NUM_MPIS] = + { +#define INT(NAME, VAL) \ + [NCR_RSA_PRIVATE_MPI_##NAME] = { (void *)(VAL), sizeof (VAL) - 1 } + + INT (MODULUS, + "\xB8\xC7\x54\x15\x90\xCF\x91\x7A\xF3\x4C\x45\x53\xC2\x0A\xDA\x84\x4C\x09\x48\x10\x06\x41\xC5\x97\x57\x02\xDA\x0E\x7E\x64\x46\xBD\xC6\x75\x42\xCD\x32\x23\x0C\xEC\x2B\x1C\x60\x03\x68\x1E\x4F\x28\x78\xD8\xB0\xC1\xAC\xA7\x21\xE4\x15\x74\x65\x16\x1C\x59\xC8\x85"), + INT (PUBLIC_EXPONENT, "\x01\x00\x01"), + INT (PRIVATE_EXPONENT, "\x7B\xD6\xC3\xC8\xEC\x53\xE1\x09\xC9\x13\xDE\x06\xE3\xAE\xC8\x83\x10\x3E\xCC\x38\x49\x29\x3D\x97\x4F\x6E\x8E\xDC\x55\xE3\x38\xF1\x03\xEB\xC1\x09\x80\x16\xB8\x9F\xE1\xC0\x21\x77\xD4\xEE\xF7\x30\xD1\x85\x2B\x1F\x4F\xFE\xD1\x01\xCD\x35\x78\x4A\x97\x6F\x38\x65"), + INT (PRIME_1, "\xF5\x7E\xFA\xED\xE0\xEC\x9C\x4E\x6F\xDF\xED\x64\x58\xEC\x18\xA9\x8E\x60\x2E\x49\x7E\xDF\x8E\xCF\x9F\xA5\x4A\x32\xA3\x27\x7E\x1B"), + INT (PRIME_2, "\xC0\xAF\x49\x15\x49\x8D\x88\xFB\x28\x7D\x33\x25\x07\x37\xE0\x99\x2C\xA8\x6D\x46\x4F\x7D\x7D\x6E\x01\x95\x6B\x2B\x18\x1B\xBD\xDF"), + INT (EXPONENT_1, "\xC3\x34\x0F\xB4\xBC\x87\x87\x95\xFA\xF1\x14\x63\x19\x2D\xCA\x42\x70\x5A\x5C\x13\xC6\x95\x5E\x8A\x0B\x08\x34\x22\x65\x87\x0E\x87"), + INT (EXPONENT_2, "\x27\x3B\x89\x85\xEC\x14\x05\x70\x1E\x2E\x5F\xDB\x8A\x3C\xB6\x5E\x79\xD9\x51\x66\x9F\x88\xCD\xA1\x38\x71\x54\x00\xD2\x47\xD3\xC1"), + INT (COEFFICIENT, "\x39\x09\x3A\x43\xCF\xE3\x65\x63\x2F\x5F\x11\xED\x2C\x42\x88\xEF\xCA\x26\x1E\x08\x96\xCF\x0A\x8F\xCB\x88\x45\x50\xEF\x6A\x38\x07") +#undef INT + }; static const uint8_t input[] = "\x00\x01\x02\x03\x04\x05"; +static void +validate_mpis (const struct ncr_mpi *mpis, size_t num_mpis) +{ + size_t i; + + for (i = 0; i < num_mpis; i++) + assert (mpis[i].size == import_mpis[i].size); + for (i = 0; i < num_mpis; i++) + assert (memcmp (mpis[i].data, import_mpis[i].data, mpis[i].size) == 0); +} + int main (void) { - /* This works in C because "INT" is expanded only at the point where the other - macros are used. */ -#define PUBLIC_INTS_COMMAS INT (modulus), INT (public_exponent) -#define PUBLIC_INTS \ - INT (modulus); \ - INT (public_exponent); -#define ALL_INTS_COMMAS \ - INT (modulus), INT (public_exponent), INT (private_exponent), INT (prime_1), \ - INT (prime_2), INT (exponent_1), INT (exponent_2), INT (coefficient) -#define ALL_INTS \ - INT (modulus); \ - INT (public_exponent); \ - INT (private_exponent); \ - INT (prime_1); \ - INT (prime_2); \ - INT (exponent_1); \ - INT (exponent_2); \ - INT (coefficient); - struct ncr_public_key *public; struct ncr_private_key *private; - uint8_t dest[4096]; - size_t src_size, dest_size; -#define INT(X) uint8_t export_##X[256]; size_t export_##X##_size - ALL_INTS; -#undef INT + struct ncr_mpi dest_mpis[NCR_RSA_PRIVATE_NUM_MPIS]; + uint8_t dest[4096], mpi_dest[NCR_RSA_PRIVATE_NUM_MPIS][256]; + size_t src_size, dest_size, i; CK_RV res; + /* We took a few shortcuts... validate them now. Note that these are NOT + guaranteed by the API. */ + assert ((size_t)NCR_RSA_PUBLIC_NUM_MPIS <= (size_t)NCR_RSA_PRIVATE_NUM_MPIS); + assert ((size_t)NCR_RSA_PUBLIC_MPI_MODULUS + == (size_t)NCR_RSA_PRIVATE_MPI_MODULUS); + assert ((size_t)NCR_RSA_PUBLIC_MPI_PUBLIC_EXPONENT + == (size_t)NCR_RSA_PRIVATE_MPI_PUBLIC_EXPONENT); + + /* Test key loading. Should we test the generic version as well? */ -#define INT(X) X, sizeof (X) - res = ncr_public_key_create_rsa (&public, - PUBLIC_INTS_COMMAS); + res = ncr_public_key_create_rsa (&public, import_mpis); assert (res == CKR_OK); - res = ncr_private_key_create_rsa (&private, false, - ALL_INTS_COMMAS); + res = ncr_private_key_create_rsa (&private, false, import_mpis); assert (res == CKR_OK); -#undef INT /* Test encryption */ @@ -114,33 +118,23 @@ main (void) sizeof (input)); assert (res != CKR_OK); -#define INT(X) export_##X##_size = sizeof (export_##X); - PUBLIC_INTS; -#undef INT -#define INT(X) export_##X, &export_##X##_size - res = ncr_public_key_export_rsa (public, PUBLIC_INTS_COMMAS); -#undef INT + for (i = 0; i < NCR_RSA_PUBLIC_NUM_MPIS; i++) + { + dest_mpis[i].data = mpi_dest[i]; + dest_mpis[i].size = sizeof (mpi_dest[i]); + } + res = ncr_public_key_export_rsa (public, dest_mpis); assert (res == CKR_OK); -#define INT(X) assert (export_##X##_size == sizeof (X)) - PUBLIC_INTS; -#undef INT -#define INT(X) assert (memcmp (export_##X, (X), export_##X##_size) == 0); - PUBLIC_INTS; -#undef INT - -#define INT(X) export_##X##_size = sizeof (export_##X); - ALL_INTS; -#undef INT -#define INT(X) export_##X, &export_##X##_size - res = ncr_private_key_export_rsa (private, ALL_INTS_COMMAS); -#undef INT + validate_mpis (dest_mpis, NCR_RSA_PUBLIC_NUM_MPIS); + + for (i = 0; i < NCR_RSA_PRIVATE_NUM_MPIS; i++) + { + dest_mpis[i].data = mpi_dest[i]; + dest_mpis[i].size = sizeof (mpi_dest[i]); + } + res = ncr_private_key_export_rsa (private, dest_mpis); assert (res == CKR_OK); -#define INT(X) assert (export_##X##_size == sizeof (X)) - ALL_INTS; -#undef INT -#define INT(X) assert (memcmp (export_##X, (X), export_##X##_size) == 0); - ALL_INTS; -#undef INT + validate_mpis (dest_mpis, NCR_RSA_PRIVATE_NUM_MPIS); res = ncr_private_key_destroy (private); assert (res == CKR_OK); |