From: Dmitry Eremin-Solenikov Date: Mon, 17 Sep 2018 21:53:17 +0000 (+0300) Subject: lib: use little endian when importing/exporting GOST keys X-Git-Tag: gnutls_3_6_4~10^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=13c19bdf1726da4e7358c5db648c7d094b4c6179;p=thirdparty%2Fgnutls.git lib: use little endian when importing/exporting GOST keys GOST R 34.10 native format is little endian. It is better for the application code to use native format data to interface library, rather than convert buffers on their own. Signed-off-by: Dmitry Eremin-Solenikov --- diff --git a/lib/pk.c b/lib/pk.c index b395f1741a..c5f5c05ed3 100644 --- a/lib/pk.c +++ b/lib/pk.c @@ -1096,11 +1096,7 @@ int _gnutls_params_get_gost_raw(const gnutls_pk_params_st* params, unsigned int flags) { int ret; - mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; - - if (flags & GNUTLS_EXPORT_FLAG_NO_LZ) - dprint = _gnutls_mpi_dprint; - + mpi_dprint_func dprint = _gnutls_mpi_dprint_le; if (params == NULL) { gnutls_assert(); diff --git a/lib/privkey_raw.c b/lib/privkey_raw.c index 69c810d140..c78c6b71f8 100644 --- a/lib/privkey_raw.c +++ b/lib/privkey_raw.c @@ -273,6 +273,9 @@ int ret; * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * Note: parameters will be stored with least significant byte first. On + * version 3.6.3 this was incorrectly returned in big-endian format. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.6.3 @@ -481,6 +484,9 @@ error: * GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on * @digest. * + * Note: parameters should be stored with least significant byte first. On + * version 3.6.3 big-endian format was used incorrectly. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * diff --git a/lib/pubkey.c b/lib/pubkey.c index ad8986f6f2..34aea10ad8 100644 --- a/lib/pubkey.c +++ b/lib/pubkey.c @@ -985,6 +985,9 @@ int gnutls_pubkey_export_ecc_x962(gnutls_pubkey_t key, * the given key. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * Note: parameters will be stored with least significant byte first. On + * version 3.6.3 this was incorrectly returned in big-endian format. + * * Returns: %GNUTLS_E_SUCCESS on success, otherwise a negative error code. * * Since: 3.6.3 @@ -999,10 +1002,7 @@ gnutls_pubkey_export_gost_raw2(gnutls_pubkey_t key, { int ret; - mpi_dprint_func dprint = _gnutls_mpi_dprint_lz; - - if (flags & GNUTLS_EXPORT_FLAG_NO_LZ) - dprint = _gnutls_mpi_dprint; + mpi_dprint_func dprint = _gnutls_mpi_dprint_le; if (key == NULL) { gnutls_assert(); @@ -1530,6 +1530,9 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key, * GNUTLS_DIG_STREEBOG_512. If @paramset is set to GNUTLS_GOST_PARAMSET_UNKNOWN * default one will be selected depending on @digest. * + * Note: parameters should be stored with least significant byte first. On + * version 3.6.3 big-endian format was used incorrectly. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -1564,7 +1567,7 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, key->params.curve = curve; key->params.gost_params = paramset; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_X], x->data, x->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1572,7 +1575,7 @@ gnutls_pubkey_import_gost_raw(gnutls_pubkey_t key, } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_Y], y->data, y->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 0ee32ed960..c018f6dc97 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1197,6 +1197,9 @@ gnutls_x509_privkey_import_ecc_raw(gnutls_x509_privkey_t key, * GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on * @digest. * + * Note: parameters should be stored with least significant byte first. On + * version 3.6.3 big-endian format was used incorrectly. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * @@ -1226,7 +1229,7 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, key->params.gost_params = paramset; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_X], x->data, x->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1234,7 +1237,7 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_Y], y->data, y->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1242,7 +1245,7 @@ gnutls_x509_privkey_import_gost_raw(gnutls_x509_privkey_t key, } key->params.params_nr++; - if (_gnutls_mpi_init_scan_nz + if (_gnutls_mpi_init_scan_le (&key->params.params[GOST_K], k->data, k->size)) { gnutls_assert(); ret = GNUTLS_E_MPI_SCAN_FAILED; @@ -1562,6 +1565,9 @@ int gnutls_x509_privkey_export_ecc_raw(gnutls_x509_privkey_t key, * in the given structure. The new parameters will be allocated using * gnutls_malloc() and will be stored in the appropriate datum. * + * Note: parameters will be stored with least significant byte first. On + * version 3.6.3 this was incorrectly returned in big-endian format. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * diff --git a/tests/key-export-pkcs8.c b/tests/key-export-pkcs8.c index 9e684e719b..aa11bd7405 100644 --- a/tests/key-export-pkcs8.c +++ b/tests/key-export-pkcs8.c @@ -55,9 +55,9 @@ unsigned char false_ed25519_x[] = "\xac\xac\x9a\xb3\xc3\x41\x8d\x41\x22\x21\xc1\ unsigned char ed25519_x[] = "\xab\xaf\x98\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x86\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; unsigned char ed25519_k[] = "\x1c\xa9\x23\xdc\x35\xa8\xfd\xd6\x2d\xa8\x98\xb9\x60\x7b\xce\x10\x3d\xf4\x64\xc6\xe5\x4b\x0a\x65\x56\x6a\x3c\x73\x65\x51\xa2\x2f"; -unsigned char gost_x[] = "\x00\xc0\x0f\x88\x63\xd2\xdd\x10\xdf\x3c\x5e\xd8\x1a\xbc\x5a\x3d\x2c\xdd\x50\xbd\xcf\x55\x44\x91\x73\x3c\x60\xa8\xc6\xf4\xe9\xbb\xd0"; -unsigned char gost_y[] = "\x37\x5b\xbd\x56\xfa\xb0\x3c\x6f\x21\x43\xac\x41\x86\xba\xc6\x24\xf5\xb4\x39\x94\x78\x66\x5f\x57\xff\x33\xc8\x0b\x3c\x96\xec\x8a"; -unsigned char gost_k[] = "\x00\xa5\x7f\x2e\x14\xb8\x90\x98\x34\x23\x78\x2f\xcd\x43\xd8\xf9\x66\x19\x31\xca\x1f\x82\xc3\xe0\x67\x1a\x58\xf8\x8a\x2c\x41\x59\x47"; +unsigned char gost_x[] = "\xd0\xbb\xe9\xf4\xc6\xa8\x60\x3c\x73\x91\x44\x55\xcf\xbd\x50\xdd\x2c\x3d\x5a\xbc\x1a\xd8\x5e\x3c\xdf\x10\xdd\xd2\x63\x88\x0f\xc0"; +unsigned char gost_y[] = "\x8a\xec\x96\x3c\x0b\xc8\x33\xff\x57\x5f\x66\x78\x94\x39\xb4\xf5\x24\xc6\xba\x86\x41\xac\x43\x21\x6f\x3c\xb0\xfa\x56\xbd\x5b\x37"; +unsigned char gost_k[] = "\x47\x59\x41\x2c\x8a\xf8\x58\x1a\x67\xe0\xc3\x82\x1f\xca\x31\x19\x66\xf9\xd8\x43\xcd\x2f\x78\x23\x34\x98\x90\xb8\x14\x2e\x7f\xa5"; gnutls_datum_t _dsa_p = {dsa_p, sizeof(dsa_p)-1}; gnutls_datum_t _dsa_q = {dsa_q, sizeof(dsa_q)-1}; diff --git a/tests/key-import-export.c b/tests/key-import-export.c index 143db05632..8fdea07f95 100644 --- a/tests/key-import-export.c +++ b/tests/key-import-export.c @@ -88,9 +88,9 @@ unsigned char false_ed25519_x[] = "\xac\xac\x9a\xb3\xc3\x41\x8d\x41\x22\x21\xc1\ unsigned char ed25519_x[] = "\xab\xaf\x98\xb3\xc3\x41\x8d\x41\x22\x21\xc1\x86\xa7\xb8\x70\xfb\x44\x6e\xc7\x7e\x20\x87\x7b\xd9\x22\xa4\x5d\xd2\x97\x09\xd5\x48"; unsigned char ed25519_k[] = "\x1c\xa9\x23\xdc\x35\xa8\xfd\xd6\x2d\xa8\x98\xb9\x60\x7b\xce\x10\x3d\xf4\x64\xc6\xe5\x4b\x0a\x65\x56\x6a\x3c\x73\x65\x51\xa2\x2f"; -unsigned char gost_x[] = "\x00\xc0\x0f\x88\x63\xd2\xdd\x10\xdf\x3c\x5e\xd8\x1a\xbc\x5a\x3d\x2c\xdd\x50\xbd\xcf\x55\x44\x91\x73\x3c\x60\xa8\xc6\xf4\xe9\xbb\xd0"; -unsigned char gost_y[] = "\x37\x5b\xbd\x56\xfa\xb0\x3c\x6f\x21\x43\xac\x41\x86\xba\xc6\x24\xf5\xb4\x39\x94\x78\x66\x5f\x57\xff\x33\xc8\x0b\x3c\x96\xec\x8a"; -unsigned char gost_k[] = "\x00\xa5\x7f\x2e\x14\xb8\x90\x98\x34\x23\x78\x2f\xcd\x43\xd8\xf9\x66\x19\x31\xca\x1f\x82\xc3\xe0\x67\x1a\x58\xf8\x8a\x2c\x41\x59\x47"; +unsigned char gost_x[] = "\xd0\xbb\xe9\xf4\xc6\xa8\x60\x3c\x73\x91\x44\x55\xcf\xbd\x50\xdd\x2c\x3d\x5a\xbc\x1a\xd8\x5e\x3c\xdf\x10\xdd\xd2\x63\x88\x0f\xc0"; +unsigned char gost_y[] = "\x8a\xec\x96\x3c\x0b\xc8\x33\xff\x57\x5f\x66\x78\x94\x39\xb4\xf5\x24\xc6\xba\x86\x41\xac\x43\x21\x6f\x3c\xb0\xfa\x56\xbd\x5b\x37"; +unsigned char gost_k[] = "\x47\x59\x41\x2c\x8a\xf8\x58\x1a\x67\xe0\xc3\x82\x1f\xca\x31\x19\x66\xf9\xd8\x43\xcd\x2f\x78\x23\x34\x98\x90\xb8\x14\x2e\x7f\xa5"; gnutls_datum_t _dsa_p = {dsa_p, sizeof(dsa_p)-1}; gnutls_datum_t _dsa_q = {dsa_q, sizeof(dsa_q)-1};