Open Bug 212864 Opened 21 years ago Updated 2 years ago

Need a function to convert an ascii decimal string to an DER integer string

Categories

(NSS :: Libraries, enhancement, P4)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: tejbiz, Unassigned)

Details

(Whiteboard: [xmlsec-nss]) 

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
Build Identifier: 


XMLDSIG: Need this function to convert cert serial numbers that
can be found in an XML file, pointing to a cert to be
used for verifying a signature.



Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Nelson, could you take a stab at this?  Thanks.
Assignee: wtc → nelsonb
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
The untested code below should do what is wanted.  It uses MPI, the bignum
package in NSS.  Presently, MPI is linked into the softoken3 shared library 
on most platforms and is not callable from outside of that shared library.  
On some platforms, it is linked into a separate shared library that is 
dynamically linked by the softoken.  

The first question is: 
  do we want to make MPI directly callable outside of softoken?

If we do that, people will be tempted to bypass softoken alltogether and 
use MPI directly for other cryptographic purposes, instead.  Also there's
the issue of loading the right shared library on platforms that support 
multiple versions for multiple instruct sets.  

Another question is:
  Do we need to coordinate dynamic loading of this library so that softoken
  and other code won't load it twice?  


- - - - - possible implementation - - - - - -
#include "mpi.h"

/* decimal is a null terminated non-negative ascii decimal string.
** out points to a user-supplied SECItem, into which will be placed
** the address and length of a PR_Malloc'ed byte array, suitable for
** use as a DER INTEGER.  Caller frees it with PORT_Free or PR_Free.
*/
mp_err
NSS_DecimalStringToIntegerString(const char * decimal, SECItem * out)
{
     mp_int tmp;
     mp_err err;
     int size;
     out->len = 0;
     out->data = 0;
     MP_DIGITS(&tmp) = 0;
     err = mp_init(&tmp);
     if (err == MP_OKAY)
         err = mp_read_variable_radix(&tmp, decimal, 10);
     if (err == MP_OKAY) {
         size = mp_unsigned_octet_size(&tmp);
         if (size <= 0)
             err = MP_BADARG;
     }
     if (err == MP_OKAY) {
         out->data = PORT_Alloc(++size); /* one extra for sign. */
         if (!out->data)
             err = MP_NOMEM;
     }
     if (err == MP_OKAY) {
         size = mp_to_signed_octets(&tmp, out->data, size);
         if (size < 0)
             err = size;
         else
             out->len = size;
     }
     if (err != MP_OKAY && out->data) {
         PORT_Free(out->data);
         out->data = 0;
         out->len = 0;
     }
     mp_clear(&tmp);
     return err;
}

- - - - - - end possible implementation - - - - -
Version: unspecified → 3.8
Nelson,

A few comments :
1) memory management for the "out" argument.
I don't like returning a "PRMalloc"ed byte-array. Let's have SECItem** as the
argument, so that the caller can use SECITEM_FreeItem to destroy it if one is
returned.

2) is there any other way to perform this task that doesn't use mpi ?

Using mpi here means trouble. We don't want to have nss3.dll have an explicit
dependency on softokn3.dll, which is a PKCS#11 module . So we can't export mpi
from softokn.

What we could do is put another copy of mpi statically into nss3, or for those
platforms that use it, dynamically load libfreebl_hybrid .

Ultimately it would be best not to duplicate the mpi code, though.

1. Is there any practical advantage to allocating both the SECItem and the 
think it points to, compared to only allocating the latter?

As it is, the caller could also use SECItem_FreeItem to free the memory.
The caller would pass PR_FALSE for the second argument to that function,
unless the caller had also allocated the SECItem itself.  
I could change the comment to say that.  

2. Fundamentally, this is bignum arithmetic being done, and some bignum code
is needed to make it work.  I would not propose that we try to expose the MPI
API from softoken, but rather that we build an MPI shared library on all 
platforms, and link both softoken and NSS shared libs against that MPI 
shared lib.  
Nelson,

1. You are right, one has to call SECITEM_FreeItem anyway.
That second argument has got to be one of the most confusing things in NSS and a
sure source of memory leaks.

I think it should be 2 separate functions. Eg. SECITEM_FreeContent and
SECITEM_DestroyItem . I will file an enhancement request for NSS 4.0 - this
seems a good candidate for cleaning up the API.

2. having mpi in its shared library would work indeed, except that exposes it to
everyone.

However, I'm not certain how this plays out with the softoken's ability to
self-check itself. Unless I'm mistaken, that requires some bignum architecture.

Which brings the next question - on those platforms that already have a separate
libfreebl.so (eg. Solaris), is the self-check partially defeated ? Ie. couldn't
someone replace both the signature file for softoken and the freebl DLL and get
it to run in FIPS mode ? Of course this whole self-check test is bogus anyway ...
Whiteboard: [xmlsec-nss]
Also need the reverse function i.e. convert a DER integer string to
an ascii decimal string.
Bob,  What do you think of this proposal?

I propose to write two new functions, one that converts a large ASCII decimal
number string into a binary form (e.g. like a DER INTEGER), and one that 
converts a DER INTEGER into an ascii decimal string.  These functions will 
use MPI to handle the bignums.  

I propose to add these two new functions to blapi, and have softoken just pass
them through.  That is, the softoken DLL would have two new entry points that 
are not defined in PKCS11, that have nothing to do with PKCS11, but simply 
call the underlying blapi function directly.  

On platforms where freebl is linked directly into libsoftoken, this provides
acceess to the MPI functions.  On platforms where freebl is a separate DLL
that is dynamically loaded by softoken, This proposal avoids libNSS3 (or an
application calling these functions) needing to load the freebl DLL directly 
to get access to these functions.  It makes the interface seen by libNSS3 
(or an application) uniform, whether freebl is a separate DLL or not.
QA Contact: bishakhabanerjee → jason.m.reid
QA Contact: jason.m.reid → libraries
See also bug 404199.
Priority: P2 → P4
Blocks: FIPS2008
Target Milestone: --- → Future
No longer blocks: FIPS2008
Assignee: nelson → nobody
Target Milestone: Future → ---
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.