Fix mixed declarations / code

LinuxJedi · LinuxJedi · commit 1de36de52bf6 · 2025-08-22T16:04:19.000+01:00
diff --git a/examples/nss_pkcs12_pbe_example.c b/examples/nss_pkcs12_pbe_example.c
@@ -166,20 +166,6 @@ static int demonstrate_pkcs12_pbe_key_generation(const char* library)
     CK_RV rv;
     CK_SESSION_HANDLE session;
     CK_OBJECT_HANDLE key;
-
-    printf("=== NSS PKCS#12 PBE SHA-256 HMAC Key Generation Example ===\n\n");
-
-    /* Initialize PKCS#11 and open session */
-    rv = pkcs11_init(library, &session);
-    if (rv != CKR_OK) {
-        printf("ERROR: PKCS#11 initialization failed: 0x%08lX\n", rv);
-        return -1;
-    }
-
-    /* Example 1: Basic key generation */
-    printf("1. Basic Key Generation\n");
-    printf("   Purpose: Generate a 256-bit encryption key from password\n\n");
-
     /* Example password and salt (in real use, these should be secure) */
     CK_BYTE password[] = "MySecurePassword2024";
     CK_BYTE salt[] = {
@@ -188,35 +174,13 @@ static int demonstrate_pkcs12_pbe_key_generation(const char* library)
     };
     CK_ULONG iterationCount = 100000; /* Modern recommended minimum */
     CK_ULONG keyLength = 32; /* 256-bit AES key */
-
-    printf("   Password: %s\n", (char*)password);
-    print_hex("   Salt", salt, sizeof(salt));
-    printf("   Iterations: %lu\n", iterationCount);
-    printf("   Key Length: %lu bytes (%lu bits)\n\n", keyLength, keyLength * 8);
-
-    /* Set up PBE parameters */
-    CK_PBE_PARAMS pbeParams = {
-        NULL,
-        password,
-        strlen((char*)password),
-        salt,
-        sizeof(salt),
-        iterationCount
-    };
-
-    CK_MECHANISM mechanism = {
-        CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN,
-        &pbeParams,
-        sizeof(pbeParams)
-    };
-
-    /* Define key attributes */
+    CK_PBE_PARAMS pbeParams;
+    CK_MECHANISM mechanism;
     CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
     CK_KEY_TYPE keyType = CKK_GENERIC_SECRET;
     CK_BBOOL ckTrue = CK_TRUE;
     CK_BBOOL ckFalse = CK_FALSE;
     CK_BYTE keyLabel[] = "PKCS12-PBE-Generated-Key";
-
     CK_ATTRIBUTE keyTemplate[] = {
         {CKA_CLASS, &keyClass, sizeof(keyClass)},
         {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
@@ -228,6 +192,108 @@ static int demonstrate_pkcs12_pbe_key_generation(const char* library)
         {CKA_TOKEN, &ckFalse, sizeof(ckFalse)}
     };
     CK_ULONG keyTemplateCount = sizeof(keyTemplate) / sizeof(keyTemplate[0]);
+    CK_BYTE keyValue[64];
+    CK_ULONG keyValueLen = sizeof(keyValue);
+    CK_ATTRIBUTE getTemplate[] = {
+        {CKA_VALUE, keyValue, keyValueLen}
+    };
+    struct {
+        CK_ULONG length;
+        const char* purpose;
+    } keyLengths[] = {
+        {16, "AES-128 encryption"},
+        {24, "AES-192 encryption"},
+        {32, "AES-256 encryption"},
+        {64, "HMAC-SHA512 authentication"}
+    };
+    int i;
+    CK_OBJECT_HANDLE testKey;
+    CK_ULONG testLen;
+    CK_OBJECT_HANDLE prodKey;
+    CK_BBOOL sensitive = CK_TRUE;
+    CK_BBOOL nonExtractable = CK_FALSE; /* Set to CK_TRUE for production */
+    CK_BYTE prodLabel[] = "Production-PKCS12-Key";
+    CK_ATTRIBUTE prodTemplate[] = {
+        {CKA_CLASS, &keyClass, sizeof(keyClass)},
+        {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
+        {CKA_VALUE_LEN, &keyLength, sizeof(keyLength)},
+        {CKA_LABEL, prodLabel, sizeof(prodLabel) - 1},
+        {CKA_ENCRYPT, &ckTrue, sizeof(ckTrue)},
+        {CKA_DECRYPT, &ckTrue, sizeof(ckTrue)},
+        {CKA_SENSITIVE, &sensitive, sizeof(sensitive)},
+        {CKA_EXTRACTABLE, &nonExtractable, sizeof(nonExtractable)},
+        {CKA_TOKEN, &ckFalse, sizeof(ckFalse)}
+    };
+    CK_ULONG prodTemplateCount = sizeof(prodTemplate) / sizeof(prodTemplate[0]);
+    CK_OBJECT_HANDLE aesKey;
+    CK_OBJECT_CLASS aesKeyClass = CKO_SECRET_KEY;
+    CK_KEY_TYPE aesKeyType = CKK_AES;
+    CK_ULONG aesKeyLength = 32; /* 256-bit AES key */
+    CK_BYTE aesKeyLabel[] = "PKCS12-PBE-AES-Key";
+    CK_ATTRIBUTE aesKeyTemplate[] = {
+        {CKA_CLASS, &aesKeyClass, sizeof(aesKeyClass)},
+        {CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType)},
+        {CKA_VALUE_LEN, &aesKeyLength, sizeof(aesKeyLength)},
+        {CKA_LABEL, aesKeyLabel, sizeof(aesKeyLabel) - 1},
+        {CKA_ENCRYPT, &ckTrue, sizeof(ckTrue)},
+        {CKA_DECRYPT, &ckTrue, sizeof(ckTrue)},
+        {CKA_EXTRACTABLE, &ckTrue, sizeof(ckTrue)},
+        {CKA_TOKEN, &ckFalse, sizeof(ckFalse)}
+    };
+    CK_ULONG aesKeyTemplateCount = sizeof(aesKeyTemplate) / sizeof(aesKeyTemplate[0]);
+    CK_BYTE plaintext[] = "Hello, PKCS#12 PBE!";
+    CK_BYTE ciphertext[256];
+    CK_ULONG ciphertextLen = sizeof(ciphertext);
+    CK_BYTE decrypted[256];
+    CK_ULONG decryptedLen = sizeof(decrypted);
+    CK_BYTE iv[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+                      0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
+    CK_MECHANISM encMech = { CKM_AES_CBC_PAD, iv, sizeof(iv) };
+    CK_ULONG plaintextLen;
+    CK_BYTE extractedKeyValue[32];
+    CK_ULONG extractedKeyValueLen = sizeof(extractedKeyValue);
+    CK_ATTRIBUTE extractTemplate[] = {
+        {CKA_VALUE, extractedKeyValue, extractedKeyValueLen}
+    };
+    CK_OBJECT_HANDLE newAesKey;
+    CK_ATTRIBUTE newKeyTemplate[] = {
+        {CKA_CLASS, &aesKeyClass, sizeof(aesKeyClass)},
+        {CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType)},
+        {CKA_VALUE, extractedKeyValue, 0}, /* Will be set later */
+        {CKA_ENCRYPT, &ckTrue, sizeof(ckTrue)},
+        {CKA_DECRYPT, &ckTrue, sizeof(ckTrue)},
+        {CKA_TOKEN, &ckFalse, sizeof(ckFalse)}
+    };
+
+    printf("=== NSS PKCS#12 PBE SHA-256 HMAC Key Generation Example ===\n\n");
+
+    /* Initialize PKCS#11 and open session */
+    rv = pkcs11_init(library, &session);
+    if (rv != CKR_OK) {
+        printf("ERROR: PKCS#11 initialization failed: 0x%08lX\n", rv);
+        return -1;
+    }
+
+    /* Example 1: Basic key generation */
+    printf("1. Basic Key Generation\n");
+    printf("   Purpose: Generate a 256-bit encryption key from password\n\n");
+
+    printf("   Password: %s\n", (char*)password);
+    print_hex("   Salt", salt, sizeof(salt));
+    printf("   Iterations: %lu\n", iterationCount);
+    printf("   Key Length: %lu bytes (%lu bits)\n\n", keyLength, keyLength * 8);
+
+    /* Set up PBE parameters */
+    pbeParams.pInitVector = NULL;
+    pbeParams.pPassword = password;
+    pbeParams.ulPasswordLen = strlen((char*)password);
+    pbeParams.pSalt = salt;
+    pbeParams.ulSaltLen = sizeof(salt);
+    pbeParams.ulIteration = iterationCount;
+
+    mechanism.mechanism = CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN;
+    mechanism.pParameter = &pbeParams;
+    mechanism.ulParameterLen = sizeof(pbeParams);
 
     /* Generate the key */
     printf("   Generating key...\n");
@@ -250,11 +316,6 @@ static int demonstrate_pkcs12_pbe_key_generation(const char* library)
     printf("   ✓ Key generated successfully (handle: %lu)\n\n", key);
 
     /* Retrieve and display key information */
-    CK_BYTE keyValue[64];
-    CK_ULONG keyValueLen = sizeof(keyValue);
-    CK_ATTRIBUTE getTemplate[] = {
-        {CKA_VALUE, keyValue, keyValueLen}
-    };
 
     rv = funcList->C_GetAttributeValue(session, key, getTemplate, 1);
     if (rv == CKR_OK) {
@@ -271,19 +332,8 @@ static int demonstrate_pkcs12_pbe_key_generation(const char* library)
     printf("2. Multiple Key Lengths Example\n");
     printf("   Purpose: Generate keys for different cryptographic needs\n\n");
 
-    struct {
-        CK_ULONG length;
-        const char* purpose;
-    } keyLengths[] = {
-        {16, "AES-128 encryption"},
-        {24, "AES-192 encryption"},
-        {32, "AES-256 encryption"},
-        {64, "HMAC-SHA512 authentication"}
-    };
-
-    for (int i = 0; i < 4; i++) {
-        CK_OBJECT_HANDLE testKey;
-        CK_ULONG testLen = keyLengths[i].length;
+    for (i = 0; i < 4; i++) {
+        testLen = keyLengths[i].length;
 
         keyTemplate[2].pValue = &testLen; /* Update CKA_VALUE_LEN */
 
@@ -312,24 +362,6 @@ static int demonstrate_pkcs12_pbe_key_generation(const char* library)
     printf("4. Production Key Generation\n");
     printf("   Purpose: Generate a non-extractable key for production use\n\n");
 
-    CK_OBJECT_HANDLE prodKey;
-    CK_BBOOL sensitive = CK_TRUE;
-    CK_BBOOL nonExtractable = CK_FALSE; /* Set to CK_TRUE for production */
-    CK_BYTE prodLabel[] = "Production-PKCS12-Key";
-
-    CK_ATTRIBUTE prodTemplate[] = {
-        {CKA_CLASS, &keyClass, sizeof(keyClass)},
-        {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
-        {CKA_VALUE_LEN, &keyLength, sizeof(keyLength)},
-        {CKA_LABEL, prodLabel, sizeof(prodLabel) - 1},
-        {CKA_ENCRYPT, &ckTrue, sizeof(ckTrue)},
-        {CKA_DECRYPT, &ckTrue, sizeof(ckTrue)},
-        {CKA_SENSITIVE, &sensitive, sizeof(sensitive)},
-        {CKA_EXTRACTABLE, &nonExtractable, sizeof(nonExtractable)},
-        {CKA_TOKEN, &ckFalse, sizeof(ckFalse)}
-    };
-    CK_ULONG prodTemplateCount = sizeof(prodTemplate) / sizeof(prodTemplate[0]);
-
     rv = funcList->C_GenerateKey(session, &mechanism, prodTemplate,
                                 prodTemplateCount, &prodKey);
     if (rv == CKR_OK) {
@@ -343,25 +375,6 @@ static int demonstrate_pkcs12_pbe_key_generation(const char* library)
     printf("5. AES Key Generation and Usage Test\n");
     printf("   Purpose: Generate an AES key using PBE and test encryption\n\n");
 
-    /* Generate an AES key specifically for encryption testing */
-    CK_OBJECT_HANDLE aesKey;
-    CK_OBJECT_CLASS aesKeyClass = CKO_SECRET_KEY;
-    CK_KEY_TYPE aesKeyType = CKK_AES;
-    CK_ULONG aesKeyLength = 32; /* 256-bit AES key */
-    CK_BYTE aesKeyLabel[] = "PKCS12-PBE-AES-Key";
-
-    CK_ATTRIBUTE aesKeyTemplate[] = {
-        {CKA_CLASS, &aesKeyClass, sizeof(aesKeyClass)},
-        {CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType)},
-        {CKA_VALUE_LEN, &aesKeyLength, sizeof(aesKeyLength)},
-        {CKA_LABEL, aesKeyLabel, sizeof(aesKeyLabel) - 1},
-        {CKA_ENCRYPT, &ckTrue, sizeof(ckTrue)},
-        {CKA_DECRYPT, &ckTrue, sizeof(ckTrue)},
-        {CKA_EXTRACTABLE, &ckTrue, sizeof(ckTrue)},
-        {CKA_TOKEN, &ckFalse, sizeof(ckFalse)}
-    };
-    CK_ULONG aesKeyTemplateCount = sizeof(aesKeyTemplate) / sizeof(aesKeyTemplate[0]);
-
     printf("   Generating AES-256 key using PBE...\n");
     rv = funcList->C_GenerateKey(session, &mechanism, aesKeyTemplate,
                                 aesKeyTemplateCount, &aesKey);
@@ -372,23 +385,12 @@ static int demonstrate_pkcs12_pbe_key_generation(const char* library)
         printf("   ✓ AES key generated successfully (handle: %lu)\n", aesKey);
 
         /* Test encryption/decryption with the AES key */
-        CK_BYTE plaintext[] = "Hello, PKCS#12 PBE!";
-        CK_BYTE ciphertext[256];
-        CK_ULONG ciphertextLen = sizeof(ciphertext);
-        CK_BYTE decrypted[256];
-        CK_ULONG decryptedLen = sizeof(decrypted);
-
-        /* Use AES-CBC-PAD mode which handles padding automatically */
-        CK_BYTE iv[16] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-                          0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
-        CK_MECHANISM encMech = { CKM_AES_CBC_PAD, iv, sizeof(iv) };
-
         printf("   Plaintext: %s\n", plaintext);
         print_hex("   IV", iv, sizeof(iv));
         printf("   Testing AES-CBC-PAD encryption...\n");
 
         /* Use original plaintext without manual padding since CBC_PAD handles it */
-        CK_ULONG plaintextLen = strlen((char*)plaintext);
+        plaintextLen = strlen((char*)plaintext);
 
         rv = funcList->C_EncryptInit(session, &encMech, aesKey);
         if (rv == CKR_OK) {
@@ -435,26 +437,13 @@ static int demonstrate_pkcs12_pbe_key_generation(const char* library)
             printf("     Trying to extract and re-import key...\n");
 
             /* Try to extract the PBE-generated key value and create a new AES key */
-            CK_BYTE extractedKeyValue[32];
-            CK_ULONG extractedKeyValueLen = sizeof(extractedKeyValue);
-            CK_ATTRIBUTE extractTemplate[] = {
-                {CKA_VALUE, extractedKeyValue, extractedKeyValueLen}
-            };
 
             rv = funcList->C_GetAttributeValue(session, aesKey, extractTemplate, 1);
             if (rv == CKR_OK) {
                 printf("     Extracted key value, creating new AES key object...\n");
 
                 /* Create a new AES key from the extracted value */
-                CK_OBJECT_HANDLE newAesKey;
-                CK_ATTRIBUTE newKeyTemplate[] = {
-                    {CKA_CLASS, &aesKeyClass, sizeof(aesKeyClass)},
-                    {CKA_KEY_TYPE, &aesKeyType, sizeof(aesKeyType)},
-                    {CKA_VALUE, extractedKeyValue, extractTemplate[0].ulValueLen},
-                    {CKA_ENCRYPT, &ckTrue, sizeof(ckTrue)},
-                    {CKA_DECRYPT, &ckTrue, sizeof(ckTrue)},
-                    {CKA_TOKEN, &ckFalse, sizeof(ckFalse)}
-                };
+                newKeyTemplate[2].ulValueLen = extractTemplate[0].ulValueLen;
 
                 rv = funcList->C_CreateObject(session, newKeyTemplate,
                                              sizeof(newKeyTemplate)/sizeof(newKeyTemplate[0]),
