(rsa_keypair_from_sexp_alist): New function.

(rsa_keypair_from_sexp): Use it.

Rev: src/nettle/rsa.h:1.16
Rev: src/nettle/sexp2rsa.c:1.7

diff --git a/rsa.h b/rsa.h
index 7ba9a4a04cb4f5dc864bd5bb6e4e6ef53b11ed13..ebf8a15151083b83fea9c404c747efe242b67010 100644 (file)
--- a/rsa.h
+++ b/rsa.h
@@ -223,6 +223,13 @@ rsa_keypair_to_sexp(struct nettle_buffer *buffer,
                    const struct rsa_public_key *pub,
                    const struct rsa_private_key *priv);
 
+struct sexp_iterator;
+
+int
+rsa_keypair_from_sexp_alist(struct rsa_public_key *pub,
+                           struct rsa_private_key *priv,
+                           struct sexp_iterator *i);
+
 /* If PRIV is NULL, expect a public-key expression. If PUB is NULL,
  * expect a private key expression and ignore the parts not needed for
  * the public key. */

diff --git a/sexp2rsa.c b/sexp2rsa.c
index 51f16d2b33f2c45cf9b65baeb42317ce702d9080..5d87bdf2ad79c171da3e943cc4f13e91989d8fe9 100644 (file)
--- a/sexp2rsa.c
+++ b/sexp2rsa.c
@@ -50,42 +50,26 @@ get_value(mpz_t x, struct sexp_iterator *i)
 
 #define GET(x, v) do { if (!get_value(x, v)) return 0; } while(0)
 
+/* FIXME: Pass in a maximum key size, to avoid denial-of-service
+ * problems. */
+
+/* Iterator should point past the algorithm tag, e.g.
+ *
+ *   (public-key (rsa (n |xxxx|) (e |xxxx|))
+ *                    ^ here
+ */
+
 int
-rsa_keypair_from_sexp(struct rsa_public_key *pub,
-                     struct rsa_private_key *priv,
-                     unsigned length, const uint8_t *expr)
+rsa_keypair_from_sexp_alist(struct rsa_public_key *pub,
+                           struct rsa_private_key *priv,
+                           struct sexp_iterator *i)
 {
-  struct sexp_iterator i;
-
-  static const uint8_t *inner[8]
+  static const uint8_t *names[8]
     = { "n", "e", "d", "p", "q", "a", "b", "c" };
-  static const uint8_t *names[3]
-    = { "rsa", "rsa-pkcs1", "rsa-pkcs1-sha1" };
-  const uint8_t *outer;
   struct sexp_iterator values[8];
-  unsigned nvalues;
-  
-  if (!sexp_iterator_first(&i, length, expr))
-    return 0;
-  
-  if (priv)
-    {
-      outer = "private-key";
-      nvalues = 8;
-    }
-  else
-    {
-      outer = "public-key";
-      nvalues = 2;
-    }
-
-  if (!sexp_iterator_check_type(&i, outer))
-    return 0;
-
-  if (!sexp_iterator_check_types(&i, 3, names))
-    return 0;
+  unsigned nvalues = priv ? 8 : 2;
   
-  if (!sexp_iterator_assoc(&i, nvalues, inner, values))
+  if (!sexp_iterator_assoc(i, nvalues, names, values))
     return 0;
 
   if (priv)
@@ -109,8 +93,29 @@ rsa_keypair_from_sexp(struct rsa_public_key *pub,
       if (!rsa_prepare_public_key(pub))
        return 0;
     }
-    
+  
   return 1;
 }
 
+int
+rsa_keypair_from_sexp(struct rsa_public_key *pub,
+                     struct rsa_private_key *priv,
+                     unsigned length, const uint8_t *expr)
+{
+  struct sexp_iterator i;
+  static const uint8_t *names[3]
+    = { "rsa", "rsa-pkcs1", "rsa-pkcs1-sha1" };
+
+  if (!sexp_iterator_first(&i, length, expr))
+    return 0;
+  
+  if (!sexp_iterator_check_type(&i, priv ? "private-key" : "public-key"))
+    return 0;
+
+  if (!sexp_iterator_check_types(&i, 3, names))
+    return 0;
+
+  return rsa_keypair_from_sexp_alist(pub, priv, &i);
+}
+
 #endif /* WITH_PUBLIC_KEY */