diff options
| author | Martin Willi <martin@strongswan.org> | 2006-03-24 15:37:49 +0000 |
|---|---|---|
| committer | Martin Willi <martin@strongswan.org> | 2006-03-24 15:37:49 +0000 |
| commit | 9c781c152ad66a73139447e40a2081c38080c651 (patch) | |
| tree | e214ab37398230685621ac3732444e279c40b785 /Source/charon/transforms/rsa/rsa_private_key.c | |
| parent | dec598220b9a293c4ec75e593ab642a8945fa4fc (diff) | |
| download | strongswan-9c781c152ad66a73139447e40a2081c38080c651.tar.bz2 strongswan-9c781c152ad66a73139447e40a2081c38080c651.tar.xz | |
- starter work on asn1 with der de/encoder
- RSA private and public key can load read key from ASN1 DER
- some other fixes here and there
Diffstat (limited to 'Source/charon/transforms/rsa/rsa_private_key.c')
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_private_key.c | 184 |
1 files changed, 80 insertions, 104 deletions
diff --git a/Source/charon/transforms/rsa/rsa_private_key.c b/Source/charon/transforms/rsa/rsa_private_key.c index 34a217c6a..22315e90e 100644 --- a/Source/charon/transforms/rsa/rsa_private_key.c +++ b/Source/charon/transforms/rsa/rsa_private_key.c @@ -26,6 +26,7 @@ #include <daemon.h> #include <utils/allocator.h> +#include <asn1/der_decoder.h> /* @@ -39,20 +40,6 @@ extern u_int8_t sha256_oid[19]; extern u_int8_t sha384_oid[19]; extern u_int8_t sha512_oid[19]; -/* -asn1_module_t rsa_private_key_module = { - {ASN1_SEQUENCE, 0, 0, 0}, - { ASN1_INTEGER, 0, offsetof(private_rsa_private_key, version), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, n), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, e), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, d), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, p), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, q), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp1), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp2), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, coeff), 0}, - {ASN1_END, 0, 0, 0}, -};*/ /** * Public exponent to use for key generation. @@ -155,6 +142,23 @@ struct private_rsa_private_key_t { }; /** + * Rules for de-/encoding of a private key from/in ASN1 + */ +static asn1_rule_t rsa_private_key_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_INTEGER, 0, offsetof(private_rsa_private_key_t, version), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, n), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, e), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, d), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, p), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, q), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp1), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp2), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, coeff), 0}, + {ASN1_END, 0, 0, 0}, +}; + +/** * Implementation of private_rsa_private_key_t.compute_prime. */ static void compute_prime(private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime) @@ -174,10 +178,10 @@ static void compute_prime(private_rsa_private_key_t *this, size_t prime_size, mp /* convert chunk to mpz value */ mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); - + /* get next prime */ mpz_nextprime (*prime, *prime); - + allocator_free(random_bytes.ptr); } /* check if it isnt too large */ @@ -194,28 +198,28 @@ static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data) mpz_t t1, t2; chunk_t decrypted; - mpz_init(t1); - mpz_init(t2); - - mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); - - mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ - mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ - mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ - mpz_mod(t2, t2, this->p); - mpz_mul(t2, t2, this->coeff); - mpz_mod(t2, t2, this->p); - - mpz_mul(t2, t2, this->q); /* m = m2 + h q */ - mpz_add(t1, t1, t2); - - decrypted.len = this->k; - decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); - - mpz_clear(t1); - mpz_clear(t2); - - return decrypted; + mpz_init(t1); + mpz_init(t2); + + mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); + + mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ + mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ + mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ + mpz_mod(t2, t2, this->p); + mpz_mul(t2, t2, this->coeff); + mpz_mod(t2, t2, this->p); + + mpz_mul(t2, t2, this->q); /* m = m2 + h q */ + mpz_add(t1, t1, t2); + + decrypted.len = this->k; + decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); + + mpz_clear(t1); + mpz_clear(t2); + + return decrypted; } /** @@ -319,51 +323,21 @@ static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash */ static status_t set_key(private_rsa_private_key_t *this, chunk_t key) { - chunk_t n, e, p, q, d, exp1, exp2, coeff; - this->k = key.len / 8; - - n.len = this->k; - e.len = this->k; - p.len = this->k; - q.len = this->k; - d.len = this->k; - exp1.len = this->k; - exp2.len = this->k; - coeff.len = this->k; + der_decoder_t *dd; + status_t status; - n.ptr = key.ptr + this->k * 0; - e.ptr = key.ptr + this->k * 1; - p.ptr = key.ptr + this->k * 2; - q.ptr = key.ptr + this->k * 3; - d.ptr = key.ptr + this->k * 4; - exp1.ptr = key.ptr + this->k * 5; - exp2.ptr = key.ptr + this->k * 6; - coeff.ptr = key.ptr + this->k * 7; + dd = der_decoder_create(rsa_private_key_rules); - mpz_init(this->n); - mpz_init(this->e); - mpz_init(this->p); - mpz_init(this->q); - mpz_init(this->d); - mpz_init(this->exp1); - mpz_init(this->exp2); - mpz_init(this->coeff); - - mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr); - mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr); - mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr); - mpz_import(this->q, this->k, 1, 1, 1, 0, q.ptr); - mpz_import(this->d, this->k, 1, 1, 1, 0, d.ptr); - mpz_import(this->exp1, this->k, 1, 1, 1, 0, exp1.ptr); - mpz_import(this->exp2, this->k, 1, 1, 1, 0, exp2.ptr); - mpz_import(this->coeff, this->k, 1, 1, 1, 0, coeff.ptr); - - this->is_key_set = TRUE; - - return SUCCESS; - + status = dd->decode(dd, key, this); + if (status == SUCCESS) + { + this->is_key_set = TRUE; + this->k = mpz_sizeinbase(this->n, 2) / 8; + } + dd->destroy(dd); + return status; } - + /** * Implementation of rsa_private_key.get_key. */ @@ -445,17 +419,14 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) return INVALID_ARG; } - if (this->is_key_set) - { - mpz_clear(this->n); - mpz_clear(this->e); - mpz_clear(this->p); - mpz_clear(this->q); - mpz_clear(this->d); - mpz_clear(this->exp1); - mpz_clear(this->exp2); - mpz_clear(this->coeff); - } + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->p); + mpz_clear(this->q); + mpz_clear(this->d); + mpz_clear(this->exp1); + mpz_clear(this->exp2); + mpz_clear(this->coeff); key_size = key_size / 8; @@ -471,7 +442,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) this->compute_prime(this, key_size/2, &q); /* Swapping Primes so p is larger then q */ - if (mpz_cmp(p, q) < 0) + if (mpz_cmp(p, q) < 0) { mpz_set(t, p); mpz_set(p, q); @@ -510,7 +481,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) mpz_clear(t); /* apply values */ - *(this->p) = *p; + *(this->p) = *p; *(this->q) = *q; *(this->n) = *n; *(this->e) = *e; @@ -568,17 +539,14 @@ rsa_public_key_t *get_public_key(private_rsa_private_key_t *this) */ static void destroy(private_rsa_private_key_t *this) { - if (this->is_key_set) - { - mpz_clear(this->n); - mpz_clear(this->e); - mpz_clear(this->p); - mpz_clear(this->q); - mpz_clear(this->d); - mpz_clear(this->exp1); - mpz_clear(this->exp2); - mpz_clear(this->coeff); - } + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->p); + mpz_clear(this->q); + mpz_clear(this->d); + mpz_clear(this->exp1); + mpz_clear(this->exp2); + mpz_clear(this->coeff); allocator_free(this); } @@ -604,6 +572,14 @@ rsa_private_key_t *rsa_private_key_create(hash_algorithm_t hash_algoritm) this->rsasp1 = rsadp; /* same algorithm */ this->compute_prime = compute_prime; + mpz_init(this->n); + mpz_init(this->e); + mpz_init(this->p); + mpz_init(this->q); + mpz_init(this->d); + mpz_init(this->exp1); + mpz_init(this->exp2); + mpz_init(this->coeff); this->is_key_set = FALSE; return &(this->public); |