[pkg-opensc-commit] [libp11] 64/86: Refactored RSA getters
Eric Dorland
eric at moszumanska.debian.org
Sun Jul 24 21:40:23 UTC 2016
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit d216164760dde3ab7cbe809973c7ef4303b07616
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Thu Mar 10 01:00:14 2016 +0100
Refactored RSA getters
The getters are modified to use cached RSA parameters instead
of retrieving them every time from the PKCS#11 module.
---
src/p11_rsa.c | 68 ++++++++++++++++++++++++++++++-----------------------------
1 file changed, 35 insertions(+), 33 deletions(-)
diff --git a/src/p11_rsa.c b/src/p11_rsa.c
index 317bbfe..f636b2e 100644
--- a/src/p11_rsa.c
+++ b/src/p11_rsa.c
@@ -33,13 +33,23 @@ static int rsa_ex_index = 0;
#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
#endif
+static RSA *pkcs11_rsa(PKCS11_KEY *key)
+{
+ EVP_PKEY *evp_key = pkcs11_get_key(key, key->isPrivate);
+ if (evp_key == NULL)
+ return NULL;
+ return EVP_PKEY_get0_RSA(evp_key);
+}
+
/* PKCS#1 v1.5 RSA signature */
/* TODO: remove this function in libp11 0.5.0 */
int pkcs11_sign(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigret, unsigned int *siglen, PKCS11_KEY *key)
{
- EVP_PKEY *evp_key = pkcs11_get_key(key, 1);
- return RSA_sign(type, m, m_len, sigret, siglen, EVP_PKEY_get0_RSA(evp_key));
+ RSA *rsa = pkcs11_rsa(key);
+ if (rsa == NULL)
+ return -1;
+ return RSA_sign(type, m, m_len, sigret, siglen, rsa);
}
/* Setup PKCS#11 mechanisms for encryption/decryption */
@@ -53,19 +63,8 @@ static int pkcs11_mechanism(CK_MECHANISM *mechanism, const int padding)
case RSA_NO_PADDING:
mechanism->mechanism = CKM_RSA_X_509;
break;
- case RSA_PKCS1_OAEP_PADDING:
- mechanism->mechanism = CKM_RSA_PKCS_OAEP;
- break;
- case RSA_X931_PADDING:
- mechanism->mechanism = CKM_RSA_X9_31;
- break;
-#ifdef RSA_PKCS1_PSS_PADDING
- case RSA_PKCS1_PSS_PADDING:
- mechanism->mechanism = CKM_RSA_PKCS_PSS;
- break;
-#endif
default:
- printf("pkcs11 engine: padding type not supported\n");
+ printf("pkcs11 engine: unsupported padding type\n");
return -1;
}
return 0;
@@ -116,7 +115,7 @@ int pkcs11_private_encrypt(int flen,
}
int pkcs11_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
- PKCS11_KEY * key, int padding)
+ PKCS11_KEY *key, int padding)
{
PKCS11_SLOT *slot = KEY2SLOT(key);
PKCS11_CTX *ctx = KEY2CTX(key);
@@ -144,8 +143,9 @@ int pkcs11_private_decrypt(int flen, const unsigned char *from, unsigned char *t
return size;
}
+/* TODO: remove this function in libp11 0.5.0 */
int pkcs11_verify(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *signature, unsigned int siglen, PKCS11_KEY * key)
+ unsigned char *signature, unsigned int siglen, PKCS11_KEY *key)
{
(void)type;
(void)m;
@@ -162,7 +162,7 @@ int pkcs11_verify(int type, const unsigned char *m, unsigned int m_len,
/*
* Get RSA key material
*/
-static RSA *pkcs11_get_rsa(PKCS11_KEY * key)
+static RSA *pkcs11_get_rsa(PKCS11_KEY *key)
{
RSA *rsa;
PKCS11_KEY *keys = NULL;
@@ -216,7 +216,7 @@ static RSA *pkcs11_get_rsa(PKCS11_KEY * key)
/*
* Build an EVP_PKEY object
*/
-static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY * key)
+static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY *key)
{
EVP_PKEY *pk;
RSA *rsa;
@@ -245,31 +245,33 @@ static EVP_PKEY *pkcs11_get_evp_key_rsa(PKCS11_KEY * key)
return pk;
}
-int pkcs11_get_key_modulus(PKCS11_KEY * key, BIGNUM **bn)
+/* TODO: remove this function in libp11 0.5.0 */
+int pkcs11_get_key_modulus(PKCS11_KEY *key, BIGNUM **bn)
{
- if (pkcs11_getattr_bn(KEY2TOKEN(key), PRIVKEY(key)->object,
- CKA_MODULUS, bn))
+ RSA *rsa = pkcs11_rsa(key);
+ if (rsa == NULL)
return 0;
- return 1;
+ *bn = BN_dup(rsa->n);
+ return *bn == NULL ? 0 : 1;
}
-int pkcs11_get_key_exponent(PKCS11_KEY * key, BIGNUM **bn)
+/* TODO: remove this function in libp11 0.5.0 */
+int pkcs11_get_key_exponent(PKCS11_KEY *key, BIGNUM **bn)
{
- if (pkcs11_getattr_bn(KEY2TOKEN(key), PRIVKEY(key)->object,
- CKA_PUBLIC_EXPONENT, bn))
+ RSA *rsa = pkcs11_rsa(key);
+ if (rsa == NULL)
return 0;
- return 1;
+ *bn = BN_dup(rsa->e);
+ return *bn == NULL ? 0 : 1;
}
-int pkcs11_get_key_size(PKCS11_KEY * key)
+/* TODO: make this function static in libp11 0.5.0 */
+int pkcs11_get_key_size(PKCS11_KEY *key)
{
- BIGNUM *n = NULL;
- int numbytes = 0;
- if (key_getattr_bn(key, CKA_MODULUS, &n))
+ RSA *rsa = pkcs11_rsa(key);
+ if (rsa == NULL)
return 0;
- numbytes = BN_num_bytes(n);
- BN_clear_free(n);
- return numbytes;
+ return RSA_size(rsa);
}
static int pkcs11_rsa_priv_dec_method(int flen, const unsigned char *from,
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list