Skip to content

Commit

Permalink
Refactor pgp_mpi_t to pgp::mpi.
Browse files Browse the repository at this point in the history
  • Loading branch information
ni4 authored and ronaldtse committed Jun 25, 2024
1 parent af091cc commit 59a4e92
Show file tree
Hide file tree
Showing 44 changed files with 306 additions and 314 deletions.
13 changes: 6 additions & 7 deletions src/lib/crypto.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -243,20 +243,19 @@ key_material_equal(const pgp_key_material_t *key1, const pgp_key_material_t *key
case PGP_PKA_RSA:
case PGP_PKA_RSA_ENCRYPT_ONLY:
case PGP_PKA_RSA_SIGN_ONLY:
return mpi_equal(&key1->rsa.n, &key2->rsa.n) && mpi_equal(&key1->rsa.e, &key2->rsa.e);
return (key1->rsa.n == key2->rsa.n) && (key1->rsa.e == key2->rsa.e);
case PGP_PKA_DSA:
return mpi_equal(&key1->dsa.p, &key2->dsa.p) &&
mpi_equal(&key1->dsa.q, &key2->dsa.q) &&
mpi_equal(&key1->dsa.g, &key2->dsa.g) && mpi_equal(&key1->dsa.y, &key2->dsa.y);
return (key1->dsa.p == key2->dsa.p) && (key1->dsa.q == key2->dsa.q) &&
(key1->dsa.g == key2->dsa.g) && (key1->dsa.y == key2->dsa.y);
case PGP_PKA_ELGAMAL:
case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
return mpi_equal(&key1->eg.p, &key2->eg.p) && mpi_equal(&key1->eg.g, &key2->eg.g) &&
mpi_equal(&key1->eg.y, &key2->eg.y);
return (key1->eg.p == key2->eg.p) && (key1->eg.g == key2->eg.g) &&
(key1->eg.y == key2->eg.y);
case PGP_PKA_EDDSA:
case PGP_PKA_ECDH:
case PGP_PKA_ECDSA:
case PGP_PKA_SM2:
return (key1->ec.curve == key2->ec.curve) && mpi_equal(&key1->ec.p, &key2->ec.p);
return (key1->ec.curve == key2->ec.curve) && (key1->ec.p == key2->ec.p);
#if defined(ENABLE_CRYPTO_REFRESH)
case PGP_PKA_ED25519:
return (key1->ed25519.pub == key2->ed25519.pub);
Expand Down
4 changes: 2 additions & 2 deletions src/lib/crypto/bn.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ bn_bn2bin(const bignum_t *a, unsigned char *b)
}

bignum_t *
mpi2bn(const pgp_mpi_t *val)
mpi2bn(const pgp::mpi *val)
{
assert(val);
if (!val) {
Expand All @@ -65,7 +65,7 @@ mpi2bn(const pgp_mpi_t *val)
}

bool
bn2mpi(const bignum_t *bn, pgp_mpi_t *val)
bn2mpi(const bignum_t *bn, pgp::mpi *val)
{
val->len = bn_num_bytes(*bn);
if (val->len > PGP_MPINT_SIZE) {
Expand Down
10 changes: 5 additions & 5 deletions src/lib/crypto/bn.h
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,9 @@ void bn_free(bignum_t * /*a*/);

int bn_bn2bin(const bignum_t * /*a*/, unsigned char * /*b*/);

bignum_t *mpi2bn(const pgp_mpi_t *val);
bignum_t *mpi2bn(const pgp::mpi *val);

bool bn2mpi(const bignum_t *bn, pgp_mpi_t *val);
bool bn2mpi(const bignum_t *bn, pgp::mpi *val);

size_t bn_num_bytes(const bignum_t &a);

Expand All @@ -71,7 +71,7 @@ class bn {
{
}

bn(const pgp_mpi_t &val) : _bn(mpi2bn(&val))
bn(const pgp::mpi &val) : _bn(mpi2bn(&val))
{
}

Expand All @@ -88,7 +88,7 @@ class bn {
}

void
set(const pgp_mpi_t &val) noexcept
set(const pgp::mpi &val) noexcept
{
BN_free(_bn);
_bn = mpi2bn(&val);
Expand Down Expand Up @@ -131,7 +131,7 @@ class bn {
}

bool
mpi(pgp_mpi_t &mpi) const noexcept
mpi(pgp::mpi &mpi) const noexcept
{
return bn2mpi(_bn, &mpi);
}
Expand Down
4 changes: 2 additions & 2 deletions src/lib/crypto/bn_ossl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ bn_bn2bin(const bignum_t *a, unsigned char *b)
}

bignum_t *
mpi2bn(const pgp_mpi_t *val)
mpi2bn(const pgp::mpi *val)
{
assert(val);
if (!val) {
Expand All @@ -59,7 +59,7 @@ mpi2bn(const pgp_mpi_t *val)
}

bool
bn2mpi(const bignum_t *bn, pgp_mpi_t *val)
bn2mpi(const bignum_t *bn, pgp::mpi *val)
{
val->len = bn_num_bytes(*bn);
return bn_bn2bin(bn, val->mpi) == 0;
Expand Down
14 changes: 7 additions & 7 deletions src/lib/crypto/dl_ossl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,11 @@ dl_build_params(bignum_t *p, bignum_t *q, bignum_t *g, bignum_t *y, bignum_t *x)
#endif

EVP_PKEY *
dl_load_key(const pgp_mpi_t &mp,
const pgp_mpi_t *mq,
const pgp_mpi_t &mg,
const pgp_mpi_t &my,
const pgp_mpi_t *mx)
dl_load_key(const pgp::mpi &mp,
const pgp::mpi *mq,
const pgp::mpi &mg,
const pgp::mpi &my,
const pgp::mpi *mx)
{
EVP_PKEY *evpkey = NULL;
rnp::bn p(mpi2bn(&mp));
Expand Down Expand Up @@ -153,7 +153,7 @@ dl_load_key(const pgp_mpi_t &mp,

#if !defined(CRYPTO_BACKEND_OPENSSL3)
static rnp_result_t
dl_validate_secret_key(EVP_PKEY *dlkey, const pgp_mpi_t &mx)
dl_validate_secret_key(EVP_PKEY *dlkey, const pgp::mpi &mx)
{
const DH *dh = EVP_PKEY_get0_DH(dlkey);
assert(dh);
Expand Down Expand Up @@ -217,7 +217,7 @@ dl_validate_secret_key(EVP_PKEY *dlkey, const pgp_mpi_t &mx)
#endif

rnp_result_t
dl_validate_key(EVP_PKEY *pkey, const pgp_mpi_t *x)
dl_validate_key(EVP_PKEY *pkey, const pgp::mpi *x)
{
rnp_result_t ret = RNP_ERROR_GENERIC;
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey, NULL);
Expand Down
12 changes: 6 additions & 6 deletions src/lib/crypto/dl_ossl.h
Original file line number Diff line number Diff line change
Expand Up @@ -33,12 +33,12 @@
#include "mpi.h"
#include <openssl/evp.h>

EVP_PKEY *dl_load_key(const pgp_mpi_t &mp,
const pgp_mpi_t *mq,
const pgp_mpi_t &mg,
const pgp_mpi_t &my,
const pgp_mpi_t *mx);
EVP_PKEY *dl_load_key(const pgp::mpi &mp,
const pgp::mpi *mq,
const pgp::mpi &mg,
const pgp::mpi &my,
const pgp::mpi *mx);

rnp_result_t dl_validate_key(EVP_PKEY *pkey, const pgp_mpi_t *mx);
rnp_result_t dl_validate_key(EVP_PKEY *pkey, const pgp::mpi *mx);

#endif
27 changes: 11 additions & 16 deletions src/lib/crypto/dsa.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,6 @@ dsa_sign(rnp::RNG * rng,
{
botan_privkey_t dsa_key = NULL;
botan_pk_op_sign_t sign_op = NULL;
size_t q_order = 0;
uint8_t sign_buf[2 * BITS_TO_BYTES(DSA_MAX_Q_BITLEN)] = {0};
bignum_t * p = NULL, *q = NULL, *g = NULL, *x = NULL;
rnp_result_t ret = RNP_ERROR_SIGNING_FAILED;
Expand All @@ -169,7 +168,7 @@ dsa_sign(rnp::RNG * rng,
size_t z_len = 0;

memset(sig, 0, sizeof(*sig));
q_order = mpi_bytes(&key->q);
size_t q_order = key->q.bytes();
if ((2 * q_order) > sizeof(sign_buf)) {
RNP_LOG("wrong q order");
return RNP_ERROR_BAD_PARAMETERS;
Expand Down Expand Up @@ -209,8 +208,7 @@ dsa_sign(rnp::RNG * rng,
}

// Now load the DSA (r,s) values from the signature.
if (!mem2mpi(&sig->r, sign_buf, q_order) ||
!mem2mpi(&sig->s, sign_buf + q_order, q_order)) {
if (!sig->r.from_mem(sign_buf, q_order) || !sig->s.from_mem(sign_buf + q_order, q_order)) {
goto end;
}
ret = RNP_SUCCESS;
Expand All @@ -234,30 +232,27 @@ dsa_verify(const pgp_dsa_signature_t *sig,
botan_pubkey_t dsa_key = NULL;
botan_pk_op_verify_t verify_op = NULL;
uint8_t sign_buf[2 * BITS_TO_BYTES(DSA_MAX_Q_BITLEN)] = {0};
size_t q_order = 0;
size_t r_blen, s_blen;
bignum_t * p = NULL, *q = NULL, *g = NULL, *y = NULL;
rnp_result_t ret = RNP_ERROR_GENERIC;
size_t z_len = 0;

q_order = mpi_bytes(&key->q);
size_t q_order = key->q.bytes();
if ((2 * q_order) > sizeof(sign_buf)) {
return RNP_ERROR_BAD_PARAMETERS;
}

z_len = hash_len < q_order ? hash_len : q_order;

r_blen = mpi_bytes(&sig->r);
s_blen = mpi_bytes(&sig->s);
size_t r_blen = sig->r.bytes();
size_t s_blen = sig->s.bytes();
if ((r_blen > q_order) || (s_blen > q_order)) {
RNP_LOG("Wrong signature");
return RNP_ERROR_BAD_PARAMETERS;
}

p = mpi2bn(&key->p);
q = mpi2bn(&key->q);
g = mpi2bn(&key->g);
y = mpi2bn(&key->y);
bignum_t *p = mpi2bn(&key->p);
bignum_t *q = mpi2bn(&key->q);
bignum_t *g = mpi2bn(&key->g);
bignum_t *y = mpi2bn(&key->y);

if (!p || !q || !g || !y) {
RNP_LOG("out of memory");
Expand All @@ -271,8 +266,8 @@ dsa_verify(const pgp_dsa_signature_t *sig,
goto end;
}

mpi2mem(&sig->r, sign_buf + q_order - r_blen);
mpi2mem(&sig->s, sign_buf + 2 * q_order - s_blen);
sig->r.to_mem(sign_buf + q_order - r_blen);
sig->s.to_mem(sign_buf + 2 * q_order - s_blen);

if (botan_pk_op_verify_create(&verify_op, dsa_key, "Raw", 0)) {
RNP_LOG("Can't create verifier");
Expand Down
14 changes: 7 additions & 7 deletions src/lib/crypto/dsa.h
Original file line number Diff line number Diff line change
Expand Up @@ -37,17 +37,17 @@
#include "crypto/mpi.h"

typedef struct pgp_dsa_key_t {
pgp_mpi_t p;
pgp_mpi_t q;
pgp_mpi_t g;
pgp_mpi_t y;
pgp::mpi p;
pgp::mpi q;
pgp::mpi g;
pgp::mpi y;
/* secret mpi */
pgp_mpi_t x;
pgp::mpi x;
} pgp_dsa_key_t;

typedef struct pgp_dsa_signature_t {
pgp_mpi_t r;
pgp_mpi_t s;
pgp::mpi r;
pgp::mpi s;
} pgp_dsa_signature_t;

/**
Expand Down
4 changes: 2 additions & 2 deletions src/lib/crypto/dsa_ossl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ dsa_sign(rnp::RNG * rng,
size_t hash_len,
const pgp_dsa_key_t *key)
{
if (mpi_bytes(&key->x) == 0) {
if (!key->x.bytes()) {
RNP_LOG("private key not set");
return RNP_ERROR_BAD_PARAMETERS;
}
Expand Down Expand Up @@ -283,7 +283,7 @@ dsa_verify(const pgp_dsa_signature_t *sig,
RNP_LOG("Failed to initialize verify: %lu", ERR_peek_last_error());
goto done;
}
pgp_mpi_t sigbuf;
pgp::mpi sigbuf;
if (!dsa_encode_sig(sigbuf.mpi, &sigbuf.len, *sig)) {
goto done;
}
Expand Down
8 changes: 4 additions & 4 deletions src/lib/crypto/ec.h
Original file line number Diff line number Diff line change
Expand Up @@ -77,17 +77,17 @@ typedef struct ec_curve_desc_t {

typedef struct pgp_ec_key_t {
pgp_curve_t curve;
pgp_mpi_t p;
pgp::mpi p;
/* secret mpi */
pgp_mpi_t x;
pgp::mpi x;
/* ecdh params */
pgp_hash_alg_t kdf_hash_alg; /* Hash used by kdf */
pgp_symm_alg_t key_wrap_alg; /* Symmetric algorithm used to wrap KEK*/
} pgp_ec_key_t;

typedef struct pgp_ec_signature_t {
pgp_mpi_t r;
pgp_mpi_t s;
pgp::mpi r;
pgp::mpi s;
} pgp_ec_signature_t;

#if defined(ENABLE_CRYPTO_REFRESH) || defined(ENABLE_PQC)
Expand Down
22 changes: 11 additions & 11 deletions src/lib/crypto/ec_ossl.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ ec_write_raw_seckey(EVP_PKEY *pkey, pgp_ec_key_t *key)
}

static bool
ec_write_seckey(EVP_PKEY *pkey, pgp_mpi_t &key)
ec_write_seckey(EVP_PKEY *pkey, pgp::mpi &key)
{
#if defined(CRYPTO_BACKEND_OPENSSL3)
rnp::bn x;
Expand Down Expand Up @@ -182,17 +182,17 @@ ec_generate(rnp::RNG * rng,
}

static EVP_PKEY *
ec_load_raw_key(const pgp_mpi_t &keyp, const pgp_mpi_t *keyx, int nid)
ec_load_raw_key(const pgp::mpi &keyp, const pgp::mpi *keyx, int nid)
{
if (!keyx) {
/* as per RFC, EdDSA & 25519 keys must use 0x40 byte for encoding */
if ((mpi_bytes(&keyp) != 33) || (keyp.mpi[0] != 0x40)) {
if ((keyp.bytes() != 33) || (keyp.mpi[0] != 0x40)) {
RNP_LOG("Invalid 25519 public key.");
return NULL;
}

EVP_PKEY *evpkey =
EVP_PKEY_new_raw_public_key(nid, NULL, &keyp.mpi[1], mpi_bytes(&keyp) - 1);
EVP_PKEY_new_raw_public_key(nid, NULL, &keyp.mpi[1], keyp.bytes() - 1);
if (!evpkey) {
RNP_LOG("Failed to load public key: %lu", ERR_peek_last_error()); // LCOV_EXCL_LINE
}
Expand Down Expand Up @@ -229,7 +229,7 @@ ec_load_raw_key(const pgp_mpi_t &keyp, const pgp_mpi_t *keyx, int nid)

#if defined(CRYPTO_BACKEND_OPENSSL3)
static OSSL_PARAM *
ec_build_params(const pgp_mpi_t &p, bignum_t *x, const char *curve)
ec_build_params(const pgp::mpi &p, bignum_t *x, const char *curve)
{
OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
if (!bld) {
Expand All @@ -249,8 +249,8 @@ ec_build_params(const pgp_mpi_t &p, bignum_t *x, const char *curve)
}

static EVP_PKEY *
ec_load_key_openssl3(const pgp_mpi_t & keyp,
const pgp_mpi_t * keyx,
ec_load_key_openssl3(const pgp::mpi & keyp,
const pgp::mpi * keyx,
const ec_curve_desc_t *curv_desc)
{
rnp::bn x(keyx ? mpi2bn(keyx) : NULL);
Expand Down Expand Up @@ -286,7 +286,7 @@ ec_load_key_openssl3(const pgp_mpi_t & keyp,
#endif

EVP_PKEY *
ec_load_key(const pgp_mpi_t &keyp, const pgp_mpi_t *keyx, pgp_curve_t curve)
ec_load_key(const pgp::mpi &keyp, const pgp::mpi *keyx, pgp_curve_t curve)
{
const ec_curve_desc_t *curv_desc = get_curve_desc(curve);
if (!curv_desc) {
Expand Down Expand Up @@ -392,10 +392,10 @@ ec_validate_key(const pgp_ec_key_t &key, bool secret)
if (key.curve == PGP_CURVE_25519) {
/* No key check implementation for x25519 in the OpenSSL yet, so just basic size checks
*/
if ((mpi_bytes(&key.p) != 33) || (key.p.mpi[0] != 0x40)) {
if ((key.p.bytes() != 33) || (key.p.mpi[0] != 0x40)) {
return RNP_ERROR_BAD_PARAMETERS;
}
if (secret && mpi_bytes(&key.x) != 32) {
if (secret && key.x.bytes() != 32) {
return RNP_ERROR_BAD_PARAMETERS;
}
return RNP_SUCCESS;
Expand Down Expand Up @@ -430,7 +430,7 @@ ec_validate_key(const pgp_ec_key_t &key, bool secret)
}

bool
ec_write_pubkey(EVP_PKEY *pkey, pgp_mpi_t &mpi, pgp_curve_t curve)
ec_write_pubkey(EVP_PKEY *pkey, pgp::mpi &mpi, pgp_curve_t curve)
{
if (ec_is_raw_key(curve)) {
/* EdDSA and X25519 keys are saved in a different way */
Expand Down
4 changes: 2 additions & 2 deletions src/lib/crypto/ec_ossl.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,12 @@
#include "ec.h"
#include <openssl/evp.h>

EVP_PKEY *ec_load_key(const pgp_mpi_t &keyp, const pgp_mpi_t *keyx, pgp_curve_t curve);
EVP_PKEY *ec_load_key(const pgp::mpi &keyp, const pgp::mpi *keyx, pgp_curve_t curve);

rnp_result_t ec_validate_key(const pgp_ec_key_t &key, bool secret);

EVP_PKEY *ec_generate_pkey(const pgp_pubkey_alg_t alg_id, const pgp_curve_t curve);

bool ec_write_pubkey(EVP_PKEY *key, pgp_mpi_t &mpi, pgp_curve_t curve);
bool ec_write_pubkey(EVP_PKEY *key, pgp::mpi &mpi, pgp_curve_t curve);

#endif
Loading

0 comments on commit 59a4e92

Please sign in to comment.