X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=rsa.c;h=44b9b818b7e5a28440d7d78f83486e4a2b3bb23f;hb=ed72f5c5b371013c39fd3438b67a9e4d55544507;hp=63816ee232b3638963bacc6b29a97fd477ae5ffa;hpb=5a27ac7f18712b0666ad4a9d8afca8e69d353bd5;p=secnet.git

diff --git a/rsa.c b/rsa.c
index 63816ee..44b9b81 100644
--- a/rsa.c
+++ b/rsa.c
@@ -45,6 +45,39 @@ struct rsacommon {
     uint8_t *hashbuf;
 };
 
+#define FREE(b)                ({ free((b)); (b)=0; })
+
+struct load_ctx {
+    void (*verror)(struct load_ctx *l,
+		   FILE *maybe_f, bool_t unsup,
+		   const char *message, va_list args);
+    bool_t (*postreadcheck)(struct load_ctx *l, FILE *f);
+    const char *what;
+    struct cloc *loc;
+    union {
+	struct {
+	    struct log_if *log;
+	} tryload;
+    } u;
+};
+
+FORMAT(printf,4,0)
+static void verror_tryload(struct load_ctx *l,
+			   FILE *maybe_f, bool_t unsup,
+			   const char *message, va_list args)
+{
+    int class=unsup ? M_DEBUG : M_ERR;
+    slilog_part(l->u.tryload.log,class,"%s: ",l->what);
+    vslilog(l->u.tryload.log,class,message,args);
+}
+
+static void verror_cfgfatal(struct load_ctx *l,
+			    FILE *maybe_f, bool_t unsup,
+			    const char *message, va_list args)
+{
+    vcfgfatal_maybefile(maybe_f,*l->loc,l->what,message,args);
+}
+
 struct rsapriv {
     closure_t cl;
     struct sigprivkey_if ops;
@@ -55,6 +88,14 @@ struct rsapriv {
     MP_INT q, dq;
     MP_INT w;
 };
+
+#define RSAPUB_BNS(each)			\
+    each(0,e,"public exponent")			\
+    each(1,n,"modulus")
+
+#define RSAPUB_LOADCORE_PASSBN(ix,en,what) \
+    en##s, en##_loc,
+
 struct rsapub {
     closure_t cl;
     struct sigpubkey_if ops;
@@ -271,12 +312,16 @@ static void rsapub_dispose(void *sst) {
     free(st);
 }
 
-static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
-			    list_t *args)
+#define RSAPUB_LOADCORE_DEFBN(ix,en,what) \
+    const char *en##s, struct cloc en##_loc,
+
+#define LDPUBFATAL(enloc,...) \
+    cfgfatal(enloc, "rsa-public", __VA_ARGS__)
+
+static struct rsapub *rsa_loadpub_core(RSAPUB_BNS(RSAPUB_LOADCORE_DEFBN)
+				       struct cloc overall_loc)
 {
     struct rsapub *st;
-    item_t *i;
-    string_t e,n;
 
     NEW(st);
     st->cl.description="rsapub";
@@ -290,68 +335,67 @@ static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
     st->ops.check=rsa_sig_check;
     st->ops.hash=0;
     st->ops.dispose=rsapub_dispose;
-    st->loc=loc;
-
-    i=list_elem(args,0);
-    if (i) {
-	if (i->type!=t_string) {
-	    cfgfatal(i->loc,"rsa-public","first argument must be a string\n");
-	}
-	e=i->data.string;
-	if (mpz_init_set_str(&st->e,e,10)!=0) {
-	    cfgfatal(i->loc,"rsa-public","encryption key \"%s\" is not a "
-		     "decimal number string\n",e);
-	}
-    } else {
-	cfgfatal(loc,"rsa-public","you must provide an encryption key\n");
-    }
-    if (mpz_sizeinbase(&st->e, 256) > RSA_MAX_MODBYTES) {
-	cfgfatal(loc, "rsa-public", "implausibly large public exponent\n");
-    }
-    
-    i=list_elem(args,1);
-    if (i) {
-	if (i->type!=t_string) {
-	    cfgfatal(i->loc,"rsa-public","second argument must be a string\n");
-	}
-	n=i->data.string;
-	if (mpz_init_set_str(&st->n,n,10)!=0) {
-	    cfgfatal(i->loc,"rsa-public","modulus \"%s\" is not a decimal "
-		     "number string\n",n);
-	}
-    } else {
-	cfgfatal(loc,"rsa-public","you must provide a modulus\n");
-    }
-    if (mpz_sizeinbase(&st->n, 256) > RSA_MAX_MODBYTES) {
-	cfgfatal(loc, "rsa-public", "implausibly large modulus\n");
+    st->loc=overall_loc;
+
+#define RSAPUB_LOADCORE_GETBN(ix,en,what)				\
+    if (mpz_init_set_str(&st->en,en##s,10)!=0) {			\
+	LDPUBFATAL(en##_loc, what " \"%s\" is not a "			\
+		 "decimal number string\n",en##s);			\
+    }									\
+    if (mpz_sizeinbase(&st->en, 256) > RSA_MAX_MODBYTES) {		\
+	LDPUBFATAL(en##_loc, "implausibly large " what "\n");		\
     }
+
+    RSAPUB_BNS(RSAPUB_LOADCORE_GETBN)
+
+    return st;
+}
+
+static list_t *rsapub_apply(closure_t *self, struct cloc loc, dict_t *context,
+			    list_t *args)
+{
+
+#define RSAPUB_APPLY_GETBN(ix,en,what)				\
+    item_t *en##i;						\
+    const char *en##s;						\
+    en##i=list_elem(args,ix);					\
+    if (!en##i)							\
+        cfgfatal(loc,"rsa-public",				\
+                 "you must provide an encryption key\n");	\
+    struct cloc en##_loc=en##i->loc;				\
+    if (en##i->type!=t_string)					\
+	cfgfatal(en##_loc,"rsa-public",				\
+		 "first argument must be a string\n");		\
+    en##s=en##i->data.string;
+
+    RSAPUB_BNS(RSAPUB_APPLY_GETBN)
+
+    struct rsapub *st=rsa_loadpub_core(RSAPUB_BNS(RSAPUB_LOADCORE_PASSBN)
+				       loc);
+
     return new_closure(&st->cl);
 }
 
-struct rsapriv_load_ctx {
-    void (*verror)(struct rsapriv_load_ctx *l,
-		   FILE *maybe_f, bool_t unsup,
-		   const char *message, va_list args);
-    bool_t (*postreadcheck)(struct rsapriv_load_ctx *l, FILE *f);
-    union {
-	struct {
-	    struct cloc loc;
-	} apply;
-    } u;
-};
+static void load_error(struct load_ctx *l, FILE *maybe_f,
+		       bool_t unsup, const char *fmt, ...)
+{
+    va_list al;
+    va_start(al,fmt);
+    l->verror(l,maybe_f,unsup,fmt,al);
+    va_end(al);
+}
 
 #define LDFATAL(...)      ({ load_error(l,0,0,__VA_ARGS__); goto error_out; })
 #define LDUNSUP(...)      ({ load_error(l,0,1,__VA_ARGS__); goto error_out; })
 #define LDFATAL_FILE(...) ({ load_error(l,f,0,__VA_ARGS__); goto error_out; })
 #define LDUNSUP_FILE(...) ({ load_error(l,f,1,__VA_ARGS__); goto error_out; })
-#define FREE(b)                ({ free((b)); (b)=0; })
 #define KEYFILE_GET(is)   ({					\
 	uint##is##_t keyfile_get_tmp=keyfile_get_##is(l,f);	\
 	if (!l->postreadcheck(l,f)) goto error_out;		\
 	keyfile_get_tmp;					\
     })
 
-static uint32_t keyfile_get_32(struct rsapriv_load_ctx *l, FILE *f)
+static uint32_t keyfile_get_32(struct load_ctx *l, FILE *f)
 {
     uint32_t r;
     r=fgetc(f)<<24;
@@ -361,7 +405,7 @@ static uint32_t keyfile_get_32(struct rsapriv_load_ctx *l, FILE *f)
     return r;
 }
 
-static uint16_t keyfile_get_16(struct rsapriv_load_ctx *l, FILE *f)
+static uint16_t keyfile_get_16(struct load_ctx *l, FILE *f)
 {
     uint16_t r;
     r=fgetc(f)<<8;
@@ -369,15 +413,6 @@ static uint16_t keyfile_get_16(struct rsapriv_load_ctx *l, FILE *f)
     return r;
 }
 
-static void load_error(struct rsapriv_load_ctx *l, FILE *maybe_f,
-		       bool_t unsup, const char *fmt, ...)
-{
-    va_list al;
-    va_start(al,fmt);
-    l->verror(l,maybe_f,unsup,fmt,al);
-    va_end(al);
-}
-
 static void rsapriv_dispose(void *sst)
 {
     struct rsapriv *st=sst;
@@ -389,10 +424,9 @@ static void rsapriv_dispose(void *sst)
     free(st);
 }
 
-static struct rsapriv *rsa_loadpriv_core(struct rsapriv_load_ctx *l,
+static struct rsapriv *rsa_loadpriv_core(struct load_ctx *l,
 					 FILE *f, struct cloc loc,
-					 bool_t do_validity_check,
-					 const char *filename)
+					 bool_t do_validity_check)
 {
     struct rsapriv *st=0;
     long length;
@@ -437,8 +471,7 @@ static struct rsapriv *rsa_loadpriv_core(struct rsapriv_load_ctx *l,
     b=safe_malloc(length,"rsapriv_apply");
     if (fread(b,length,1,f)!=1 || memcmp(b,AUTHFILE_ID_STRING,length)!=0) {
 	LDUNSUP_FILE("failed to read magic ID"
-			   " string from SSH1 private keyfile \"%s\"\n",
-			   filename);
+		     " string from SSH1 private keyfile\n");
     }
     FREE(b);
 
@@ -596,8 +629,8 @@ static struct rsapriv *rsa_loadpriv_core(struct rsapriv_load_ctx *l,
     
 done_checks:
     if (!valid) {
-	LDFATAL("file \"%s\" does not contain a "
-		 "valid RSA key!\n",filename);
+	LDFATAL("file does not contain a "
+		 "valid RSA key!\n");
     }
 
 assume_valid:
@@ -620,16 +653,50 @@ error_out:
     goto out;
 }
 
-static void verror_cfgfatal(struct rsapriv_load_ctx *l,
-			    FILE *maybe_f, bool_t unsup,
-			    const char *message, va_list args)
+static bool_t postreadcheck_tryload(struct load_ctx *l, FILE *f)
 {
-    vcfgfatal_maybefile(maybe_f,l->u.apply.loc,"rsa-private",message,args);
+    assert(!ferror(f));
+    if (feof(f)) { load_error(l,0,0,"eof mid-integer"); return False; }
+    return True;
+}
+
+bool_t rsa1_loadpriv(const struct sigscheme_info *algo,
+		     struct buffer_if *privkeydata,
+		     struct sigprivkey_if **sigpriv_r,
+		     struct log_if *log, struct cloc loc)
+{
+    FILE *f=0;
+    struct rsapriv *st=0;
+
+    f=fmemopen(privkeydata->start,privkeydata->size,"r");
+    if (!f) {
+	slilog(log,M_ERR,"failed to fmemopen private key file\n");
+	goto error_out;
+    }
+
+    struct load_ctx l[1];
+    l->what="rsa1priv load";
+    l->verror=verror_tryload;
+    l->postreadcheck=postreadcheck_tryload;
+    l->loc=&loc;
+    l->u.tryload.log=log;
+
+    st=rsa_loadpriv_core(l,f,loc,False);
+    if (!st) goto error_out;
+    goto out;
+
+ error_out:
+    if (st) { free(st); st=0; }
+ out:
+    if (f) fclose(f);
+    if (!st) return False;
+    *sigpriv_r=&st->ops;
+    return True;
 }
 
-static bool_t postreadcheck_apply(struct rsapriv_load_ctx *l, FILE *f)
+static bool_t postreadcheck_apply(struct load_ctx *l, FILE *f)
 {
-    cfgfile_postreadcheck(l->u.apply.loc,f);
+    cfgfile_postreadcheck(*l->loc,f);
     return True;
 }
 
@@ -640,11 +707,12 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
     item_t *i;
     cstring_t filename;
     FILE *f;
-    struct rsapriv_load_ctx l[1];
+    struct load_ctx l[1];
 
+    l->what="rsa-private";
     l->verror=verror_cfgfatal;
     l->postreadcheck=postreadcheck_apply;
-    l->u.apply.loc=loc;
+    l->loc=&loc;
 
     /* Argument is filename pointing to SSH1 private key file */
     i=list_elem(args,0);
@@ -678,7 +746,7 @@ static list_t *rsapriv_apply(closure_t *self, struct cloc loc, dict_t *context,
 	do_validity_check=False;
     }
 
-    st=rsa_loadpriv_core(l,f,loc,do_validity_check,filename);
+    st=rsa_loadpriv_core(l,f,loc,do_validity_check);
     fclose(f);
     return new_closure(&st->cl);
 }