Refactor pgp_mpi_t to pgp::mpi.

.github/workflows/macos.yml

@@ -74,7 +74,7 @@ jobs:
  backend: [ 'botan' ]
  shared_libs: [ 'on' ]
  include:
- - { os: 'macos-11', backend: '[email protected]', shared_libs: 'on' }
+ - { os: 'macos-12', backend: '[email protected]', shared_libs: 'on' }
  - { os: 'macos-14', backend: 'openssl@3', shared_libs: 'on' }
  - { os: 'macos-14', backend: 'botan', shared_libs: 'off' }
  - { os: 'macos-14', backend: 'botan3', shared_libs: 'on' }

src/lib/crypto.cpp

@@ -243,20 +243,19 @@ key_material_equal(const pgp_key_material_t *key1, const pgp_key_material_t *key
  case PGP_PKA_RSA:
  case PGP_PKA_RSA_ENCRYPT_ONLY:
  case PGP_PKA_RSA_SIGN_ONLY:
- return mpi_equal(&key1->rsa.n, &key2->rsa.n) && mpi_equal(&key1->rsa.e, &key2->rsa.e);
+ return (key1->rsa.n == key2->rsa.n) && (key1->rsa.e == key2->rsa.e);
  case PGP_PKA_DSA:
- return mpi_equal(&key1->dsa.p, &key2->dsa.p) &&
- mpi_equal(&key1->dsa.q, &key2->dsa.q) &&
- mpi_equal(&key1->dsa.g, &key2->dsa.g) && mpi_equal(&key1->dsa.y, &key2->dsa.y);
+ return (key1->dsa.p == key2->dsa.p) && (key1->dsa.q == key2->dsa.q) &&
+ (key1->dsa.g == key2->dsa.g) && (key1->dsa.y == key2->dsa.y);
  case PGP_PKA_ELGAMAL:
  case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
- return mpi_equal(&key1->eg.p, &key2->eg.p) && mpi_equal(&key1->eg.g, &key2->eg.g) &&
- mpi_equal(&key1->eg.y, &key2->eg.y);
+ return (key1->eg.p == key2->eg.p) && (key1->eg.g == key2->eg.g) &&
+ (key1->eg.y == key2->eg.y);
  case PGP_PKA_EDDSA:
  case PGP_PKA_ECDH:
  case PGP_PKA_ECDSA:
  case PGP_PKA_SM2:
- return (key1->ec.curve == key2->ec.curve) && mpi_equal(&key1->ec.p, &key2->ec.p);
+ return (key1->ec.curve == key2->ec.curve) && (key1->ec.p == key2->ec.p);
 #if defined(ENABLE_CRYPTO_REFRESH)
  case PGP_PKA_ED25519:
  return (key1->ed25519.pub == key2->ed25519.pub);

src/lib/crypto/bn.cpp

@@ -46,7 +46,7 @@ bn_bn2bin(const bignum_t *a, unsigned char *b)
 }
 
 bignum_t *
-mpi2bn(const pgp_mpi_t *val)
+mpi2bn(const pgp::mpi *val)
 {
  assert(val);
  if (!val) {
@@ -65,7 +65,7 @@ mpi2bn(const pgp_mpi_t *val)
 }
 
 bool
-bn2mpi(const bignum_t *bn, pgp_mpi_t *val)
+bn2mpi(const bignum_t *bn, pgp::mpi *val)
 {
  val->len = bn_num_bytes(*bn);
  if (val->len > PGP_MPINT_SIZE) {

src/lib/crypto/bn.h

@@ -55,9 +55,9 @@ void bn_free(bignum_t * /*a*/);
 
 int bn_bn2bin(const bignum_t * /*a*/, unsigned char * /*b*/);
 
-bignum_t *mpi2bn(const pgp_mpi_t *val);
+bignum_t *mpi2bn(const pgp::mpi *val);
 
-bool bn2mpi(const bignum_t *bn, pgp_mpi_t *val);
+bool bn2mpi(const bignum_t *bn, pgp::mpi *val);
 
 size_t bn_num_bytes(const bignum_t &a);
 
@@ -71,7 +71,7 @@ class bn {
  {
  }
 
- bn(const pgp_mpi_t &val) : _bn(mpi2bn(&val))
+ bn(const pgp::mpi &val) : _bn(mpi2bn(&val))
  {
  }
 
@@ -88,7 +88,7 @@ class bn {
  }
 
  void
- set(const pgp_mpi_t &val) noexcept
+ set(const pgp::mpi &val) noexcept
  {
  BN_free(_bn);
  _bn = mpi2bn(&val);
@@ -131,7 +131,7 @@ class bn {
  }
 
  bool
- mpi(pgp_mpi_t &mpi) const noexcept
+ mpi(pgp::mpi &mpi) const noexcept
  {
  return bn2mpi(_bn, &mpi);
  }

src/lib/crypto/bn_ossl.cpp

@@ -40,7 +40,7 @@ bn_bn2bin(const bignum_t *a, unsigned char *b)
 }
 
 bignum_t *
-mpi2bn(const pgp_mpi_t *val)
+mpi2bn(const pgp::mpi *val)
 {
  assert(val);
  if (!val) {
@@ -59,7 +59,7 @@ mpi2bn(const pgp_mpi_t *val)
 }
 
 bool
-bn2mpi(const bignum_t *bn, pgp_mpi_t *val)
+bn2mpi(const bignum_t *bn, pgp::mpi *val)
 {
  val->len = bn_num_bytes(*bn);
  return bn_bn2bin(bn, val->mpi) == 0;

src/lib/crypto/dl_ossl.cpp

@@ -63,11 +63,11 @@ dl_build_params(bignum_t *p, bignum_t *q, bignum_t *g, bignum_t *y, bignum_t *x)
 #endif
 
 EVP_PKEY *
-dl_load_key(const pgp_mpi_t &mp,
- const pgp_mpi_t *mq,
- const pgp_mpi_t &mg,
- const pgp_mpi_t &my,
- const pgp_mpi_t *mx)
+dl_load_key(const pgp::mpi &mp,
+ const pgp::mpi *mq,
+ const pgp::mpi &mg,
+ const pgp::mpi &my,
+ const pgp::mpi *mx)
 {
  EVP_PKEY *evpkey = NULL;
  rnp::bn p(mpi2bn(&mp));
@@ -153,7 +153,7 @@ dl_load_key(const pgp_mpi_t &mp,
 
 #if !defined(CRYPTO_BACKEND_OPENSSL3)
 static rnp_result_t
-dl_validate_secret_key(EVP_PKEY *dlkey, const pgp_mpi_t &mx)
+dl_validate_secret_key(EVP_PKEY *dlkey, const pgp::mpi &mx)
 {
  const DH *dh = EVP_PKEY_get0_DH(dlkey);
  assert(dh);
@@ -217,7 +217,7 @@ dl_validate_secret_key(EVP_PKEY *dlkey, const pgp_mpi_t &mx)
 #endif
 
 rnp_result_t
-dl_validate_key(EVP_PKEY *pkey, const pgp_mpi_t *x)
+dl_validate_key(EVP_PKEY *pkey, const pgp::mpi *x)
 {
  rnp_result_t ret = RNP_ERROR_GENERIC;
  EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(pkey, NULL);

src/lib/crypto/dl_ossl.h

@@ -33,12 +33,12 @@
 #include "mpi.h"
 #include <openssl/evp.h>
 
-EVP_PKEY *dl_load_key(const pgp_mpi_t &mp,
- const pgp_mpi_t *mq,
- const pgp_mpi_t &mg,
- const pgp_mpi_t &my,
- const pgp_mpi_t *mx);
+EVP_PKEY *dl_load_key(const pgp::mpi &mp,
+ const pgp::mpi *mq,
+ const pgp::mpi &mg,
+ const pgp::mpi &my,
+ const pgp::mpi *mx);
 
-rnp_result_t dl_validate_key(EVP_PKEY *pkey, const pgp_mpi_t *mx);
+rnp_result_t dl_validate_key(EVP_PKEY *pkey, const pgp::mpi *mx);
 
 #endif

src/lib/crypto/dsa.cpp

@@ -160,7 +160,6 @@ dsa_sign(rnp::RNG * rng,
 {
  botan_privkey_t dsa_key = NULL;
  botan_pk_op_sign_t sign_op = NULL;
- size_t q_order = 0;
  uint8_t sign_buf[2 * BITS_TO_BYTES(DSA_MAX_Q_BITLEN)] = {0};
  bignum_t * p = NULL, *q = NULL, *g = NULL, *x = NULL;
  rnp_result_t ret = RNP_ERROR_SIGNING_FAILED;
@@ -169,7 +168,7 @@ dsa_sign(rnp::RNG * rng,
  size_t z_len = 0;
 
  memset(sig, 0, sizeof(*sig));
- q_order = mpi_bytes(&key->q);
+ size_t q_order = key->q.bytes();
  if ((2 * q_order) > sizeof(sign_buf)) {
  RNP_LOG("wrong q order");
  return RNP_ERROR_BAD_PARAMETERS;
@@ -209,8 +208,7 @@ dsa_sign(rnp::RNG * rng,
  }
 
  // Now load the DSA (r,s) values from the signature.
- if (!mem2mpi(&sig->r, sign_buf, q_order) ||
- !mem2mpi(&sig->s, sign_buf + q_order, q_order)) {
+ if (!sig->r.from_mem(sign_buf, q_order) || !sig->s.from_mem(sign_buf + q_order, q_order)) {
  goto end;
  }
  ret = RNP_SUCCESS;
@@ -234,30 +232,27 @@ dsa_verify(const pgp_dsa_signature_t *sig,
  botan_pubkey_t dsa_key = NULL;
  botan_pk_op_verify_t verify_op = NULL;
  uint8_t sign_buf[2 * BITS_TO_BYTES(DSA_MAX_Q_BITLEN)] = {0};
- size_t q_order = 0;
- size_t r_blen, s_blen;
- bignum_t * p = NULL, *q = NULL, *g = NULL, *y = NULL;
  rnp_result_t ret = RNP_ERROR_GENERIC;
  size_t z_len = 0;
 
- q_order = mpi_bytes(&key->q);
+ size_t q_order = key->q.bytes();
  if ((2 * q_order) > sizeof(sign_buf)) {
  return RNP_ERROR_BAD_PARAMETERS;
  }
 
  z_len = hash_len < q_order ? hash_len : q_order;
 
- r_blen = mpi_bytes(&sig->r);
- s_blen = mpi_bytes(&sig->s);
+ size_t r_blen = sig->r.bytes();
+ size_t s_blen = sig->s.bytes();
  if ((r_blen > q_order) || (s_blen > q_order)) {
  RNP_LOG("Wrong signature");
  return RNP_ERROR_BAD_PARAMETERS;
  }
 
- p = mpi2bn(&key->p);
- q = mpi2bn(&key->q);
- g = mpi2bn(&key->g);
- y = mpi2bn(&key->y);
+ bignum_t *p = mpi2bn(&key->p);
+ bignum_t *q = mpi2bn(&key->q);
+ bignum_t *g = mpi2bn(&key->g);
+ bignum_t *y = mpi2bn(&key->y);
 
  if (!p || !q || !g || !y) {
  RNP_LOG("out of memory");
@@ -271,8 +266,8 @@ dsa_verify(const pgp_dsa_signature_t *sig,
  goto end;
  }
 
- mpi2mem(&sig->r, sign_buf + q_order - r_blen);
- mpi2mem(&sig->s, sign_buf + 2 * q_order - s_blen);
+ sig->r.to_mem(sign_buf + q_order - r_blen);
+ sig->s.to_mem(sign_buf + 2 * q_order - s_blen);
 
  if (botan_pk_op_verify_create(&verify_op, dsa_key, "Raw", 0)) {
  RNP_LOG("Can't create verifier");

src/lib/crypto/dsa.h

@@ -37,17 +37,17 @@
 #include "crypto/mpi.h"
 
 typedef struct pgp_dsa_key_t {
- pgp_mpi_t p;
- pgp_mpi_t q;
- pgp_mpi_t g;
- pgp_mpi_t y;
+ pgp::mpi p;
+ pgp::mpi q;
+ pgp::mpi g;
+ pgp::mpi y;
  /* secret mpi */
- pgp_mpi_t x;
+ pgp::mpi x;
 } pgp_dsa_key_t;
 
 typedef struct pgp_dsa_signature_t {
- pgp_mpi_t r;
- pgp_mpi_t s;
+ pgp::mpi r;
+ pgp::mpi s;
 } pgp_dsa_signature_t;
 
 /**

src/lib/crypto/dsa_ossl.cpp

@@ -215,7 +215,7 @@ dsa_sign(rnp::RNG * rng,
  size_t hash_len,
  const pgp_dsa_key_t *key)
 {
- if (mpi_bytes(&key->x) == 0) {
+ if (!key->x.bytes()) {
  RNP_LOG("private key not set");
  return RNP_ERROR_BAD_PARAMETERS;
  }
@@ -283,7 +283,7 @@ dsa_verify(const pgp_dsa_signature_t *sig,
  RNP_LOG("Failed to initialize verify: %lu", ERR_peek_last_error());
  goto done;
  }
- pgp_mpi_t sigbuf;
+ pgp::mpi sigbuf;
  if (!dsa_encode_sig(sigbuf.mpi, &sigbuf.len, *sig)) {
  goto done;
  }

src/lib/crypto/ec.h

@@ -77,17 +77,17 @@ typedef struct ec_curve_desc_t {
 
 typedef struct pgp_ec_key_t {
  pgp_curve_t curve;
- pgp_mpi_t p;
+ pgp::mpi  p;
  /* secret mpi */
- pgp_mpi_t x;
+ pgp::mpi x;
  /* ecdh params */
  pgp_hash_alg_t kdf_hash_alg; /* Hash used by kdf */
  pgp_symm_alg_t key_wrap_alg; /* Symmetric algorithm used to wrap KEK*/
 } pgp_ec_key_t;
 
 typedef struct pgp_ec_signature_t {
- pgp_mpi_t r;
- pgp_mpi_t s;
+ pgp::mpi r;
+ pgp::mpi s;
 } pgp_ec_signature_t;
 
 #if defined(ENABLE_CRYPTO_REFRESH) || defined(ENABLE_PQC)

src/lib/crypto/ec_ossl.cpp

@@ -122,7 +122,7 @@ ec_write_raw_seckey(EVP_PKEY *pkey, pgp_ec_key_t *key)
 }
 
 static bool
-ec_write_seckey(EVP_PKEY *pkey, pgp_mpi_t &key)
+ec_write_seckey(EVP_PKEY *pkey, pgp::mpi &key)
 {
 #if defined(CRYPTO_BACKEND_OPENSSL3)
  rnp::bn x;
@@ -182,17 +182,17 @@ ec_generate(rnp::RNG * rng,
 }
 
 static EVP_PKEY *
-ec_load_raw_key(const pgp_mpi_t &keyp, const pgp_mpi_t *keyx, int nid)
+ec_load_raw_key(const pgp::mpi &keyp, const pgp::mpi *keyx, int nid)
 {
  if (!keyx) {
  /* as per RFC, EdDSA & 25519 keys must use 0x40 byte for encoding */
- if ((mpi_bytes(&keyp) != 33) || (keyp.mpi[0] != 0x40)) {
+ if ((keyp.bytes() != 33) || (keyp.mpi[0] != 0x40)) {
  RNP_LOG("Invalid 25519 public key.");
  return NULL;
  }
 
  EVP_PKEY *evpkey =
- EVP_PKEY_new_raw_public_key(nid, NULL, &keyp.mpi[1], mpi_bytes(&keyp) - 1);
+ EVP_PKEY_new_raw_public_key(nid, NULL, &keyp.mpi[1], keyp.bytes() - 1);
  if (!evpkey) {
  RNP_LOG("Failed to load public key: %lu", ERR_peek_last_error()); // LCOV_EXCL_LINE
  }
@@ -229,7 +229,7 @@ ec_load_raw_key(const pgp_mpi_t &keyp, const pgp_mpi_t *keyx, int nid)
 
 #if defined(CRYPTO_BACKEND_OPENSSL3)
 static OSSL_PARAM *
-ec_build_params(const pgp_mpi_t &p, bignum_t *x, const char *curve)
+ec_build_params(const pgp::mpi &p, bignum_t *x, const char *curve)
 {
  OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new();
  if (!bld) {
@@ -249,8 +249,8 @@ ec_build_params(const pgp_mpi_t &p, bignum_t *x, const char *curve)
 }
 
 static EVP_PKEY *
-ec_load_key_openssl3(const pgp_mpi_t & keyp,
- const pgp_mpi_t * keyx,
+ec_load_key_openssl3(const pgp::mpi &  keyp,
+ const pgp::mpi *  keyx,
  const ec_curve_desc_t *curv_desc)
 {
  rnp::bn x(keyx ? mpi2bn(keyx) : NULL);
@@ -286,7 +286,7 @@ ec_load_key_openssl3(const pgp_mpi_t & keyp,
 #endif
 
 EVP_PKEY *
-ec_load_key(const pgp_mpi_t &keyp, const pgp_mpi_t *keyx, pgp_curve_t curve)
+ec_load_key(const pgp::mpi &keyp, const pgp::mpi *keyx, pgp_curve_t curve)
 {
  const ec_curve_desc_t *curv_desc = get_curve_desc(curve);
  if (!curv_desc) {
@@ -392,10 +392,10 @@ ec_validate_key(const pgp_ec_key_t &key, bool secret)
  if (key.curve == PGP_CURVE_25519) {
  /* No key check implementation for x25519 in the OpenSSL yet, so just basic size checks
  */
- if ((mpi_bytes(&key.p) != 33) || (key.p.mpi[0] != 0x40)) {
+ if ((key.p.bytes() != 33) || (key.p.mpi[0] != 0x40)) {
  return RNP_ERROR_BAD_PARAMETERS;
  }
- if (secret && mpi_bytes(&key.x) != 32) {
+ if (secret && key.x.bytes() != 32) {
  return RNP_ERROR_BAD_PARAMETERS;
  }
  return RNP_SUCCESS;
@@ -430,7 +430,7 @@ ec_validate_key(const pgp_ec_key_t &key, bool secret)
 }
 
 bool
-ec_write_pubkey(EVP_PKEY *pkey, pgp_mpi_t &mpi, pgp_curve_t curve)
+ec_write_pubkey(EVP_PKEY *pkey, pgp::mpi &mpi, pgp_curve_t curve)
 {
  if (ec_is_raw_key(curve)) {
  /* EdDSA and X25519 keys are saved in a different way */