summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/ncrypto/ncrypto.h70
-rw-r--r--lib/ncrypto_nss.c242
-rw-r--r--tests/rsa.c120
3 files changed, 204 insertions, 228 deletions
diff --git a/include/ncrypto/ncrypto.h b/include/ncrypto/ncrypto.h
index fe10d9f..16d8258 100644
--- a/include/ncrypto/ncrypto.h
+++ b/include/ncrypto/ncrypto.h
@@ -86,42 +86,50 @@ CK_RV ncr_private_key_export (struct ncr_private_key *key, void *dest,
size_t *dest_size_ptr);
CK_RV ncr_private_key_destroy (struct ncr_private_key *key);
+ /* Multi-precision integers */
+
+/* This is used to avoid e.g. 8 separate parameters for RSA private key
+ passing. */
+struct ncr_mpi
+{
+ void *data;
+ size_t size;
+};
+
/* RSA keys */
+enum
+ {
+ NCR_RSA_PUBLIC_MPI_MODULUS,
+ NCR_RSA_PUBLIC_MPI_PUBLIC_EXPONENT,
+ NCR_RSA_PUBLIC_NUM_MPIS
+ };
+
+enum
+ {
+ NCR_RSA_PRIVATE_MPI_MODULUS,
+ NCR_RSA_PRIVATE_MPI_PUBLIC_EXPONENT,
+ NCR_RSA_PRIVATE_MPI_PRIVATE_EXPONENT,
+ NCR_RSA_PRIVATE_MPI_PRIME_1,
+ NCR_RSA_PRIVATE_MPI_PRIME_2,
+ NCR_RSA_PRIVATE_MPI_EXPONENT_1,
+ NCR_RSA_PRIVATE_MPI_EXPONENT_2,
+ NCR_RSA_PRIVATE_MPI_COEFFICIENT,
+ NCR_RSA_PRIVATE_NUM_MPIS
+ };
+
CK_RV ncr_public_key_create_rsa (struct ncr_public_key **key,
- const void *modulus, size_t modulus_size,
- const void *public_exponent,
- size_t public_exponent_size);
+ const struct ncr_mpi
+ mpis[static NCR_RSA_PUBLIC_NUM_MPIS]);
CK_RV ncr_public_key_export_rsa (struct ncr_public_key *key,
- void *modulus, size_t *modulus_size_ptr,
- void *public_exponent,
- size_t *public_exponent_size_ptr);
+ struct ncr_mpi
+ mpis [static NCR_RSA_PUBLIC_NUM_MPIS]);
CK_RV ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive,
- const void *modulus, size_t modulus_size,
- const void *public_exponent,
- size_t public_exponent_size,
- const void *private_exponent,
- size_t private_exponent_size,
- const void *prime_1, size_t prime_1_size,
- const void *prime_2, size_t prime_2_size,
- const void *exponent_1,
- size_t exponent_1_size,
- const void *exponent_2,
- size_t exponent_2_size,
- const void *coefficient,
- size_t coefficient_size);
-CK_RV ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus,
- size_t *modulus_size_ptr,
- void *public_exponent,
- size_t *public_exponent_size_ptr,
- void *private_exponent,
- size_t *private_exponent_size_ptr,
- void *prime_1, size_t *prime_1_size_ptr,
- void *prime_2, size_t *prime_2_size_ptr,
- void *exponent_1, size_t *exponent_1_size_ptr,
- void *exponent_2, size_t *exponent_2_size_ptr,
- void *coefficient,
- size_t *coefficient_size_ptr);
+ const struct ncr_mpi
+ mpis[static NCR_RSA_PRIVATE_NUM_MPIS]);
+CK_RV ncr_private_key_export_rsa (struct ncr_private_key *key,
+ struct ncr_mpi
+ mpis[static NCR_RSA_PRIVATE_NUM_MPIS]);
/* Asymmetric operations */
diff --git a/lib/ncrypto_nss.c b/lib/ncrypto_nss.c
index ac0818b..dfd342c 100644
--- a/lib/ncrypto_nss.c
+++ b/lib/ncrypto_nss.c
@@ -652,20 +652,81 @@ ncr_private_key_destroy (struct ncr_private_key *key)
return CKR_OK;
}
+ /* Multi-precision integers */
+
+/* Validate SRC and use it to set up DEST for ASN.1 encoding */
+static CK_RV
+mpi_create_SECItems_for_encoding (SECItem *dest, const struct ncr_mpi *src,
+ size_t num)
+{
+ size_t i;
+
+ g_return_val_if_fail (src != NULL, CKR_ARGUMENTS_BAD);
+ for (i = 0; i < num; i++)
+ g_return_val_if_fail (src[i].data != NULL, CKR_ARGUMENTS_BAD);
+
+ for (i = 0; i < num; i++)
+ {
+ dest[i].type = siUnsignedInteger;
+ dest[i].data = src[i].data;
+ dest[i].len = src[i].size;
+ }
+ return CKR_OK;
+}
+
+/* Handle of decoded SRC to DEST */
+static CK_RV
+mpi_output_decoded_SECItems (struct ncr_mpi *dest, const SECItem *src,
+ size_t num)
+{
+ size_t i;
+ CK_RV res;
+
+ for (i = 0; i < num; i++)
+ {
+ if (dest[i].data == NULL)
+ goto sizes_only;
+ }
+
+ res = CKR_OK;
+ for (i = 0; i < num; i++)
+ {
+ if (dest[i].size < src[i].len)
+ res = CKR_BUFFER_TOO_SMALL;
+ dest[i].size = src[i].len;
+ }
+ if (res != CKR_OK)
+ return res;
+
+ for (i = 0; i < num; i++)
+ memcpy (dest[i].data, src[i].data, src[i].len);
+
+ return CKR_OK;
+
+ sizes_only:
+ for (i = 0; i < num; i++)
+ dest[i].size = src[i].len;
+ return CKR_OK;
+}
+
/* RSA keys */
struct rsa_public_key
{
- SECItem modulus, public_exponent;
+ SECItem items[NCR_RSA_PUBLIC_NUM_MPIS];
};
static const SEC_ASN1Template rsa_public_key_asn1_template[] =
{
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof (struct rsa_public_key) },
#define INT(X) \
- { SEC_ASN1_INTEGER, offsetof (struct rsa_public_key, X), NULL, 0, }
+ { \
+ SEC_ASN1_INTEGER, \
+ offsetof (struct rsa_public_key, items) + (X) * sizeof (SECItem), NULL, \
+ 0 \
+ }
- INT (modulus), INT (public_exponent),
+ INT (NCR_RSA_PUBLIC_MPI_MODULUS), INT (NCR_RSA_PUBLIC_MPI_PUBLIC_EXPONENT),
#undef INT
{ 0, 0, NULL, 0 }
};
@@ -673,27 +734,34 @@ static const SEC_ASN1Template rsa_public_key_asn1_template[] =
struct rsa_private_key
{
SECItem version;
- SECItem modulus, public_exponent, private_exponent, prime_1, prime_2;
- SECItem exponent_1, exponent_2, coefficient;
+ SECItem items[NCR_RSA_PRIVATE_NUM_MPIS];
};
static const SEC_ASN1Template rsa_private_key_asn1_template[] =
{
{ SEC_ASN1_SEQUENCE, 0, NULL, sizeof (struct rsa_private_key) },
+ { SEC_ASN1_INTEGER, offsetof (struct rsa_private_key, version), NULL, 0 },
#define INT(X) \
- { SEC_ASN1_INTEGER, offsetof (struct rsa_private_key, X), NULL, 0 }
+ { \
+ SEC_ASN1_INTEGER, \
+ offsetof (struct rsa_private_key, items) + (X) * sizeof (SECItem), NULL, \
+ 0 \
+ }
- INT (version),
- INT (modulus), INT (public_exponent), INT (private_exponent), INT (prime_1),
- INT (prime_2), INT (exponent_1), INT (exponent_2), INT (coefficient),
+ INT (NCR_RSA_PRIVATE_MPI_MODULUS),
+ INT (NCR_RSA_PRIVATE_MPI_PUBLIC_EXPONENT),
+ INT (NCR_RSA_PRIVATE_MPI_PRIVATE_EXPONENT),
+ INT (NCR_RSA_PRIVATE_MPI_PRIME_1), INT (NCR_RSA_PRIVATE_MPI_PRIME_2),
+ INT (NCR_RSA_PRIVATE_MPI_EXPONENT_1), INT (NCR_RSA_PRIVATE_MPI_EXPONENT_2),
+ INT (NCR_RSA_PRIVATE_MPI_COEFFICIENT),
#undef INT
{ 0, 0, NULL, 0 }
};
CK_RV
-ncr_public_key_create_rsa (struct ncr_public_key **key, const void *modulus,
- size_t modulus_size, const void *public_exponent,
- size_t public_exponent_size)
+ncr_public_key_create_rsa (struct ncr_public_key **key,
+ const struct ncr_mpi
+ mpis[static NCR_RSA_PUBLIC_NUM_MPIS])
{
struct rsa_public_key der_input;
SECItem der_key;
@@ -703,17 +771,10 @@ ncr_public_key_create_rsa (struct ncr_public_key **key, const void *modulus,
if (res != CKR_OK)
return res;
- g_return_val_if_fail (modulus != NULL, CKR_ARGUMENTS_BAD);
- g_return_val_if_fail (public_exponent != NULL, CKR_ARGUMENTS_BAD);
-
-#define INT(X) \
- der_input.X.type = siUnsignedInteger; \
- der_input.X.data = (void *)X; \
- der_input.X.len = X##_size;
-
- INT (modulus);
- INT (public_exponent);
-#undef INT
+ res = mpi_create_SECItems_for_encoding (der_input.items, mpis,
+ NCR_RSA_PUBLIC_NUM_MPIS);
+ if (res != CKR_OK)
+ return res;
der_key.data = NULL;
der_key.len = 0;
@@ -728,9 +789,8 @@ ncr_public_key_create_rsa (struct ncr_public_key **key, const void *modulus,
}
CK_RV
-ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
- size_t *modulus_size_ptr, void *public_exponent,
- size_t *public_exponent_size_ptr)
+ncr_public_key_export_rsa (struct ncr_public_key *key,
+ struct ncr_mpi mpis[static NCR_RSA_PUBLIC_NUM_MPIS])
{
struct rsa_public_key der_output;
PRArenaPool *arena;
@@ -738,13 +798,13 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
void *der_key;
size_t der_key_size;
CK_RV res;
+ size_t i;
res = ensure_ncr_is_open ();
if (res != CKR_OK)
return res;
- g_return_val_if_fail (modulus_size_ptr != NULL, CKR_ARGUMENTS_BAD);
- g_return_val_if_fail (public_exponent_size_ptr != NULL, CKR_ARGUMENTS_BAD);
+ g_return_val_if_fail (mpis != NULL, CKR_ARGUMENTS_BAD);
/* Ugly... the PLArenaPool type is from NSPR, but NSS implementation accesses
memory only initialized through NSS's PORT_* */
@@ -764,8 +824,8 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
goto end_der_spki;
}
/* Setting type to siUnsignedInteger requests removal of leading zeroes. */
- der_output.modulus.type = siUnsignedInteger;
- der_output.public_exponent.type = siUnsignedInteger;
+ for (i = 0; i < NCR_RSA_PUBLIC_NUM_MPIS; i++)
+ der_output.items[i].type = siUnsignedInteger;
if (SEC_QuickDERDecodeItem (arena, &der_output, rsa_public_key_asn1_template,
&der_key_item) != SECSuccess)
{
@@ -773,26 +833,8 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
goto end_der_spki;
}
- if (modulus == NULL || public_exponent == NULL)
- {
- *modulus_size_ptr = der_output.modulus.len;
- *public_exponent_size_ptr = der_output.public_exponent.len;
- res = CKR_OK;
- goto end_der_spki;
- }
- res = CKR_OK;
- if (*modulus_size_ptr < der_output.modulus.len)
- res = CKR_BUFFER_TOO_SMALL;
- *modulus_size_ptr = der_output.modulus.len;
- if (*public_exponent_size_ptr < der_output.public_exponent.len)
- res = CKR_BUFFER_TOO_SMALL;
- *public_exponent_size_ptr = der_output.public_exponent.len;
- if (res != CKR_OK)
- goto end_der_spki;
-
- memcpy (modulus, der_output.modulus.data, der_output.modulus.len);
- memcpy (public_exponent, der_output.public_exponent.data,
- der_output.public_exponent.len);
+ res = mpi_output_decoded_SECItems(mpis, der_output.items,
+ NCR_RSA_PUBLIC_NUM_MPIS);
end_der_spki:
SECITEM_FreeItem (der_spki, PR_TRUE);
@@ -803,16 +845,8 @@ ncr_public_key_export_rsa (struct ncr_public_key *key, void *modulus,
CK_RV
ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive,
- const void *modulus, size_t modulus_size,
- const void *public_exponent,
- size_t public_exponent_size,
- const void *private_exponent,
- size_t private_exponent_size, const void *prime_1,
- size_t prime_1_size, const void *prime_2,
- size_t prime_2_size, const void *exponent_1,
- size_t exponent_1_size, const void *exponent_2,
- size_t exponent_2_size, const void *coefficient,
- size_t coefficient_size)
+ const struct ncr_mpi
+ mpis[static NCR_RSA_PRIVATE_NUM_MPIS])
{
static const uint8_t zero; /* = 0; */
@@ -824,27 +858,14 @@ ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive,
if (res != CKR_OK)
return res;
- g_return_val_if_fail (modulus != NULL, CKR_ARGUMENTS_BAD);
- g_return_val_if_fail (public_exponent != NULL, CKR_ARGUMENTS_BAD);
+ res = mpi_create_SECItems_for_encoding (der_input.items, mpis,
+ NCR_RSA_PRIVATE_NUM_MPIS);
+ if (res != CKR_OK)
+ return res;
der_input.version.type = siUnsignedInteger;
der_input.version.data = (void *)&zero;
der_input.version.len = sizeof (zero);
-#define INT(X) \
- der_input.X.type = siUnsignedInteger; \
- der_input.X.data = (void *)X; \
- der_input.X.len = X##_size;
-
- INT (modulus);
- INT (public_exponent);
- INT (private_exponent);
- INT (prime_1);
- INT (prime_2);
- INT (exponent_1);
- INT (exponent_2);
- INT (coefficient);
-#undef INT
-
der_key.data = NULL;
der_key.len = 0;
if (SEC_ASN1EncodeItem (NULL, &der_key, &der_input,
@@ -852,48 +873,28 @@ ncr_private_key_create_rsa (struct ncr_private_key **key, _Bool sensitive,
return CKR_HOST_MEMORY;
res = private_key_create (key, CKK_RSA, sensitive, &der_key,
- &der_input.modulus);
+ &der_input.items[NCR_RSA_PRIVATE_MPI_MODULUS]);
PORT_Free (der_key.data);
return res;
}
CK_RV
-ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus,
- size_t *modulus_size_ptr, void *public_exponent,
- size_t *public_exponent_size_ptr,
- void *private_exponent,
- size_t *private_exponent_size_ptr,
- void *prime_1, size_t *prime_1_size_ptr,
- void *prime_2, size_t *prime_2_size_ptr,
- void *exponent_1, size_t *exponent_1_size_ptr,
- void *exponent_2, size_t *exponent_2_size_ptr,
- void *coefficient, size_t *coefficient_size_ptr)
+ncr_private_key_export_rsa (struct ncr_private_key *key,
+ struct ncr_mpi
+ mpis[static NCR_RSA_PRIVATE_NUM_MPIS])
{
struct rsa_private_key der_output;
PRArenaPool *arena;
SECItem der_key;
CK_RV res;
-
- /* This works in C because "INT" is expanded only at the point where ALL_INTS
- is used. */
-#define ALL_INTS \
- INT (modulus); \
- INT (public_exponent); \
- INT (private_exponent); \
- INT (prime_1); \
- INT (prime_2); \
- INT (exponent_1); \
- INT (exponent_2); \
- INT (coefficient);
+ size_t i;
res = ensure_ncr_is_open ();
if (res != CKR_OK)
return res;
-#define INT(X) g_return_val_if_fail (X##_size_ptr != NULL, CKR_ARGUMENTS_BAD)
- ALL_INTS;
-#undef INT
+ g_return_val_if_fail (mpis != NULL, CKR_ARGUMENTS_BAD);
/* Ugly... the PLArenaPool type is from NSPR, but NSS implementation accesses
memory only initialized through NSS's PORT_* */
@@ -907,9 +908,8 @@ ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus,
/* Setting type to siUnsignedInteger requests removal of leading zeroes. */
der_output.version.type = siUnsignedInteger;
-#define INT(X) der_output.X.type = siUnsignedInteger
- ALL_INTS;
-#undef INT
+ for (i = 0; i < NCR_RSA_PRIVATE_NUM_MPIS; i++)
+ der_output.items[i].type = siUnsignedInteger;
if (SEC_QuickDERDecodeItem (arena, &der_output, rsa_private_key_asn1_template,
&der_key) != SECSuccess)
{
@@ -917,38 +917,12 @@ ncr_private_key_export_rsa (struct ncr_private_key *key, void *modulus,
goto end;
}
- if (modulus == NULL || public_exponent == NULL || private_exponent == NULL
- || prime_1 == NULL || prime_2 == NULL || exponent_1 == NULL
- || exponent_2 == NULL || coefficient == NULL)
- {
-#define INT(X) *X##_size_ptr = der_output.X.len
- ALL_INTS;
-#undef INT
- res = CKR_OK;
- goto end;
- }
- res = CKR_OK;
-#define INT(X) \
- do \
- { \
- if (*X##_size_ptr < der_output.X.len) \
- res = CKR_BUFFER_TOO_SMALL; \
- *X##_size_ptr = der_output.X.len; \
- } \
- while (0)
- ALL_INTS;
-#undef INT
- if (res != CKR_OK)
- goto end;
-
-#define INT(X) memcpy((X), der_output.X.data, der_output.X.len)
- ALL_INTS;
-#undef INT
+ res = mpi_output_decoded_SECItems(mpis, der_output.items,
+ NCR_RSA_PRIVATE_NUM_MPIS);
end:
PORT_FreeArena (arena, PR_TRUE);
return res;
-#undef DO_INTS
}
/* Asymmetric operations */
diff --git a/tests/rsa.c b/tests/rsa.c
index 85e1fe6..2eeaa47 100644
--- a/tests/rsa.c
+++ b/tests/rsa.c
@@ -34,57 +34,61 @@ Red Hat author: Miloslav Trmač <mitr@redhat.com> */
#include <glib.h>
#include <ncrypto/ncrypto.h>
-static const uint8_t modulus[64] = "\xB8\xC7\x54\x15\x90\xCF\x91\x7A\xF3\x4C\x45\x53\xC2\x0A\xDA\x84\x4C\x09\x48\x10\x06\x41\xC5\x97\x57\x02\xDA\x0E\x7E\x64\x46\xBD\xC6\x75\x42\xCD\x32\x23\x0C\xEC\x2B\x1C\x60\x03\x68\x1E\x4F\x28\x78\xD8\xB0\xC1\xAC\xA7\x21\xE4\x15\x74\x65\x16\x1C\x59\xC8\x85";
-static const uint8_t public_exponent[3] = "\x01\x00\x01";
-static const uint8_t private_exponent[64] = "\x7B\xD6\xC3\xC8\xEC\x53\xE1\x09\xC9\x13\xDE\x06\xE3\xAE\xC8\x83\x10\x3E\xCC\x38\x49\x29\x3D\x97\x4F\x6E\x8E\xDC\x55\xE3\x38\xF1\x03\xEB\xC1\x09\x80\x16\xB8\x9F\xE1\xC0\x21\x77\xD4\xEE\xF7\x30\xD1\x85\x2B\x1F\x4F\xFE\xD1\x01\xCD\x35\x78\x4A\x97\x6F\x38\x65";
-static const uint8_t prime_1[32] = "\xF5\x7E\xFA\xED\xE0\xEC\x9C\x4E\x6F\xDF\xED\x64\x58\xEC\x18\xA9\x8E\x60\x2E\x49\x7E\xDF\x8E\xCF\x9F\xA5\x4A\x32\xA3\x27\x7E\x1B";
-static const uint8_t prime_2[32] = "\xC0\xAF\x49\x15\x49\x8D\x88\xFB\x28\x7D\x33\x25\x07\x37\xE0\x99\x2C\xA8\x6D\x46\x4F\x7D\x7D\x6E\x01\x95\x6B\x2B\x18\x1B\xBD\xDF";
-static const uint8_t exponent_1[32] = "\xC3\x34\x0F\xB4\xBC\x87\x87\x95\xFA\xF1\x14\x63\x19\x2D\xCA\x42\x70\x5A\x5C\x13\xC6\x95\x5E\x8A\x0B\x08\x34\x22\x65\x87\x0E\x87";
-static const uint8_t exponent_2[32] = "\x27\x3B\x89\x85\xEC\x14\x05\x70\x1E\x2E\x5F\xDB\x8A\x3C\xB6\x5E\x79\xD9\x51\x66\x9F\x88\xCD\xA1\x38\x71\x54\x00\xD2\x47\xD3\xC1";
-static const uint8_t coefficient[32] = "\x39\x09\x3A\x43\xCF\xE3\x65\x63\x2F\x5F\x11\xED\x2C\x42\x88\xEF\xCA\x26\x1E\x08\x96\xCF\x0A\x8F\xCB\x88\x45\x50\xEF\x6A\x38\x07";
+
+static const struct ncr_mpi import_mpis[NCR_RSA_PRIVATE_NUM_MPIS] =
+ {
+#define INT(NAME, VAL) \
+ [NCR_RSA_PRIVATE_MPI_##NAME] = { (void *)(VAL), sizeof (VAL) - 1 }
+
+ INT (MODULUS,
+ "\xB8\xC7\x54\x15\x90\xCF\x91\x7A\xF3\x4C\x45\x53\xC2\x0A\xDA\x84\x4C\x09\x48\x10\x06\x41\xC5\x97\x57\x02\xDA\x0E\x7E\x64\x46\xBD\xC6\x75\x42\xCD\x32\x23\x0C\xEC\x2B\x1C\x60\x03\x68\x1E\x4F\x28\x78\xD8\xB0\xC1\xAC\xA7\x21\xE4\x15\x74\x65\x16\x1C\x59\xC8\x85"),
+ INT (PUBLIC_EXPONENT, "\x01\x00\x01"),
+ INT (PRIVATE_EXPONENT, "\x7B\xD6\xC3\xC8\xEC\x53\xE1\x09\xC9\x13\xDE\x06\xE3\xAE\xC8\x83\x10\x3E\xCC\x38\x49\x29\x3D\x97\x4F\x6E\x8E\xDC\x55\xE3\x38\xF1\x03\xEB\xC1\x09\x80\x16\xB8\x9F\xE1\xC0\x21\x77\xD4\xEE\xF7\x30\xD1\x85\x2B\x1F\x4F\xFE\xD1\x01\xCD\x35\x78\x4A\x97\x6F\x38\x65"),
+ INT (PRIME_1, "\xF5\x7E\xFA\xED\xE0\xEC\x9C\x4E\x6F\xDF\xED\x64\x58\xEC\x18\xA9\x8E\x60\x2E\x49\x7E\xDF\x8E\xCF\x9F\xA5\x4A\x32\xA3\x27\x7E\x1B"),
+ INT (PRIME_2, "\xC0\xAF\x49\x15\x49\x8D\x88\xFB\x28\x7D\x33\x25\x07\x37\xE0\x99\x2C\xA8\x6D\x46\x4F\x7D\x7D\x6E\x01\x95\x6B\x2B\x18\x1B\xBD\xDF"),
+ INT (EXPONENT_1, "\xC3\x34\x0F\xB4\xBC\x87\x87\x95\xFA\xF1\x14\x63\x19\x2D\xCA\x42\x70\x5A\x5C\x13\xC6\x95\x5E\x8A\x0B\x08\x34\x22\x65\x87\x0E\x87"),
+ INT (EXPONENT_2, "\x27\x3B\x89\x85\xEC\x14\x05\x70\x1E\x2E\x5F\xDB\x8A\x3C\xB6\x5E\x79\xD9\x51\x66\x9F\x88\xCD\xA1\x38\x71\x54\x00\xD2\x47\xD3\xC1"),
+ INT (COEFFICIENT, "\x39\x09\x3A\x43\xCF\xE3\x65\x63\x2F\x5F\x11\xED\x2C\x42\x88\xEF\xCA\x26\x1E\x08\x96\xCF\x0A\x8F\xCB\x88\x45\x50\xEF\x6A\x38\x07")
+#undef INT
+ };
static const uint8_t input[] = "\x00\x01\x02\x03\x04\x05";
+static void
+validate_mpis (const struct ncr_mpi *mpis, size_t num_mpis)
+{
+ size_t i;
+
+ for (i = 0; i < num_mpis; i++)
+ assert (mpis[i].size == import_mpis[i].size);
+ for (i = 0; i < num_mpis; i++)
+ assert (memcmp (mpis[i].data, import_mpis[i].data, mpis[i].size) == 0);
+}
+
int
main (void)
{
- /* This works in C because "INT" is expanded only at the point where the other
- macros are used. */
-#define PUBLIC_INTS_COMMAS INT (modulus), INT (public_exponent)
-#define PUBLIC_INTS \
- INT (modulus); \
- INT (public_exponent);
-#define ALL_INTS_COMMAS \
- INT (modulus), INT (public_exponent), INT (private_exponent), INT (prime_1), \
- INT (prime_2), INT (exponent_1), INT (exponent_2), INT (coefficient)
-#define ALL_INTS \
- INT (modulus); \
- INT (public_exponent); \
- INT (private_exponent); \
- INT (prime_1); \
- INT (prime_2); \
- INT (exponent_1); \
- INT (exponent_2); \
- INT (coefficient);
-
struct ncr_public_key *public;
struct ncr_private_key *private;
- uint8_t dest[4096];
- size_t src_size, dest_size;
-#define INT(X) uint8_t export_##X[256]; size_t export_##X##_size
- ALL_INTS;
-#undef INT
+ struct ncr_mpi dest_mpis[NCR_RSA_PRIVATE_NUM_MPIS];
+ uint8_t dest[4096], mpi_dest[NCR_RSA_PRIVATE_NUM_MPIS][256];
+ size_t src_size, dest_size, i;
CK_RV res;
+ /* We took a few shortcuts... validate them now. Note that these are NOT
+ guaranteed by the API. */
+ assert ((size_t)NCR_RSA_PUBLIC_NUM_MPIS <= (size_t)NCR_RSA_PRIVATE_NUM_MPIS);
+ assert ((size_t)NCR_RSA_PUBLIC_MPI_MODULUS
+ == (size_t)NCR_RSA_PRIVATE_MPI_MODULUS);
+ assert ((size_t)NCR_RSA_PUBLIC_MPI_PUBLIC_EXPONENT
+ == (size_t)NCR_RSA_PRIVATE_MPI_PUBLIC_EXPONENT);
+
+
/* Test key loading. Should we test the generic version as well? */
-#define INT(X) X, sizeof (X)
- res = ncr_public_key_create_rsa (&public,
- PUBLIC_INTS_COMMAS);
+ res = ncr_public_key_create_rsa (&public, import_mpis);
assert (res == CKR_OK);
- res = ncr_private_key_create_rsa (&private, false,
- ALL_INTS_COMMAS);
+ res = ncr_private_key_create_rsa (&private, false, import_mpis);
assert (res == CKR_OK);
-#undef INT
/* Test encryption */
@@ -114,33 +118,23 @@ main (void)
sizeof (input));
assert (res != CKR_OK);
-#define INT(X) export_##X##_size = sizeof (export_##X);
- PUBLIC_INTS;
-#undef INT
-#define INT(X) export_##X, &export_##X##_size
- res = ncr_public_key_export_rsa (public, PUBLIC_INTS_COMMAS);
-#undef INT
+ for (i = 0; i < NCR_RSA_PUBLIC_NUM_MPIS; i++)
+ {
+ dest_mpis[i].data = mpi_dest[i];
+ dest_mpis[i].size = sizeof (mpi_dest[i]);
+ }
+ res = ncr_public_key_export_rsa (public, dest_mpis);
assert (res == CKR_OK);
-#define INT(X) assert (export_##X##_size == sizeof (X))
- PUBLIC_INTS;
-#undef INT
-#define INT(X) assert (memcmp (export_##X, (X), export_##X##_size) == 0);
- PUBLIC_INTS;
-#undef INT
-
-#define INT(X) export_##X##_size = sizeof (export_##X);
- ALL_INTS;
-#undef INT
-#define INT(X) export_##X, &export_##X##_size
- res = ncr_private_key_export_rsa (private, ALL_INTS_COMMAS);
-#undef INT
+ validate_mpis (dest_mpis, NCR_RSA_PUBLIC_NUM_MPIS);
+
+ for (i = 0; i < NCR_RSA_PRIVATE_NUM_MPIS; i++)
+ {
+ dest_mpis[i].data = mpi_dest[i];
+ dest_mpis[i].size = sizeof (mpi_dest[i]);
+ }
+ res = ncr_private_key_export_rsa (private, dest_mpis);
assert (res == CKR_OK);
-#define INT(X) assert (export_##X##_size == sizeof (X))
- ALL_INTS;
-#undef INT
-#define INT(X) assert (memcmp (export_##X, (X), export_##X##_size) == 0);
- ALL_INTS;
-#undef INT
+ validate_mpis (dest_mpis, NCR_RSA_PRIVATE_NUM_MPIS);
res = ncr_private_key_destroy (private);
assert (res == CKR_OK);
generated by cgit (git 2.34.1) at 2024-06-09 04:52:50 +0000