- x509 certificate loading with pluto asn1 code

- x509 needs a lot more attention!

2 files changed, 83 insertions, 157 deletions

diff --git a/Source/lib/crypto/rsa/rsa_private_key.c b/Source/lib/crypto/rsa/rsa_private_key.c
index c53dac37b..8286612a9 100644
--- a/Source/lib/crypto/rsa/rsa_private_key.c
+++ b/Source/lib/crypto/rsa/rsa_private_key.c
@@ -28,13 +28,7 @@
 #include "rsa_private_key.h"
 
 #include <daemon.h>
-#ifdef NEW_ASN1
-# include <asn1/asn1.h>
-# include <asn1/der_decoder.h>
-#else
-# include <asn1-pluto/asn1-pluto.h>
-#endif
-
+#include <asn1/asn1.h>
 
 /* 
  * Oids for hash algorithms are defined in
@@ -143,41 +137,8 @@ struct private_rsa_private_key_t {
 	
 };
 
-#ifdef NEW_ASN1
-/**
- * Rules for de-/encoding of a private key from/in ASN1 
- */
-static asn1_rule_t rsa_private_key_rules[] = {
-	{ASN1_SEQUENCE, 0, 0, 0},
-	{	ASN1_INTEGER, 0, 		offsetof(private_rsa_private_key_t, version), 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, n), 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, e), 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, d), 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, p), 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, q), 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp1), 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp2), 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, coeff), 0},
-	{ASN1_END, 0, 0, 0},
-};
-#else
-struct {
-	const char *name;
-	size_t offset;
-} RSA_private_field[] = {
-	{ "Modulus",         offsetof(private_rsa_private_key_t, n) },
-	{ "PublicExponent",  offsetof(private_rsa_private_key_t, e) },
-	{ "PrivateExponent", offsetof(private_rsa_private_key_t, d) },
-	{ "Prime1",          offsetof(private_rsa_private_key_t, p) },
-	{ "Prime2",          offsetof(private_rsa_private_key_t, q) },
-	{ "Exponent1",       offsetof(private_rsa_private_key_t, exp1) },
-	{ "Exponent2",       offsetof(private_rsa_private_key_t, exp2) },
-	{ "Coefficient",     offsetof(private_rsa_private_key_t, coeff) },
-};
-
 /* ASN.1 definition of a PKCS#1 RSA private key */
-
-static const asn1Object_t privkeyObjects[] = {
+static const asn1Object_t privkey_objects[] = {
 	{ 0, "RSAPrivateKey",		ASN1_SEQUENCE,     ASN1_NONE }, /*  0 */
 	{ 1,   "version",			ASN1_INTEGER,      ASN1_BODY }, /*  1 */
 	{ 1,   "modulus",			ASN1_INTEGER,      ASN1_BODY }, /*  2 */
@@ -197,13 +158,16 @@ static const asn1Object_t privkeyObjects[] = {
 	{ 1,   "end opt or loop",	ASN1_EOC,          ASN1_END  }  /* 15 */
 };
 
-#define PKCS1_PRIV_KEY_VERSION		 1
-#define PKCS1_PRIV_KEY_MODULUS		 2
-#define PKCS1_PRIV_KEY_PUB_EXP		 3
-#define PKCS1_PRIV_KEY_COEFF		 9
-#define PKCS1_PRIV_KEY_ROOF			16
-#endif
-
+#define PRIV_KEY_VERSION		 1
+#define PRIV_KEY_MODULUS		 2
+#define PRIV_KEY_PUB_EXP		 3
+#define PRIV_KEY_PRIV_EXP		 4
+#define PRIV_KEY_PRIME1			 5
+#define PRIV_KEY_PRIME2			 6
+#define PRIV_KEY_EXP1			 7
+#define PRIV_KEY_EXP2			 8
+#define PRIV_KEY_COEFF			 9
+#define PRIV_KEY_ROOF			16
 
 static private_rsa_private_key_t *rsa_private_key_create_empty();
 
@@ -628,7 +592,6 @@ rsa_private_key_t *rsa_private_key_create(size_t key_size)
 		return NULL;
 	}
 	
-	
 	mpz_init(t);	
 	mpz_init(n);
 	mpz_init(d);
@@ -636,7 +599,6 @@ rsa_private_key_t *rsa_private_key_create(size_t key_size)
 	mpz_init(exp2);
 	mpz_init(coeff);
 	
-
 	/* Swapping Primes so p is larger then q */
 	if (mpz_cmp(p, q) < 0)
 	{
@@ -692,48 +654,6 @@ rsa_private_key_t *rsa_private_key_create(size_t key_size)
 	return &this->public;
 }
 
-#ifdef NEW_ASN1
-/*
- * see header
- */
-rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t chunk)
-{
-	private_rsa_private_key_t *this;
-	der_decoder_t *dd;
-	status_t status;
-	
-	this = rsa_private_key_create_empty();
-	
-	mpz_init(this->n);
-	mpz_init(this->e);
-	mpz_init(this->p);
-	mpz_init(this->q);
-	mpz_init(this->d);
-	mpz_init(this->exp1);
-	mpz_init(this->exp2);
-	mpz_init(this->coeff);
-	
-	dd = der_decoder_create(rsa_private_key_rules);
-	status = dd->decode(dd, chunk, this);
-	dd->destroy(dd);
-	if (status != SUCCESS)
-	{
-		destroy(this);
-		return NULL;
-	}
-	this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
-	
-	if (check(this) != SUCCESS)
-	{
-		destroy(this);
-		return NULL;
-	}
-	else
-	{
-		return &this->public;
-	}
-}
-#else
 /*
  * see header
  */
@@ -758,28 +678,46 @@ rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t blob)
 	
 	asn1_init(&ctx, blob, 0, FALSE);
 	
-	while (objectID < PKCS1_PRIV_KEY_ROOF) 
+	while (objectID < PRIV_KEY_ROOF) 
 	{
-		if (!extract_object(privkeyObjects, &objectID, &object, &level, &ctx))
+		if (!extract_object(privkey_objects, &objectID, &object, &level, &ctx))
 		{
 			destroy(this);
 			return FALSE;
 		}
-		if (objectID == PKCS1_PRIV_KEY_VERSION)
-		{
-			if (object.len > 0 && *object.ptr != 0)
-			{
-				destroy(this);
-				return NULL;
-			}
-		}
-		else if (objectID >= PKCS1_PRIV_KEY_MODULUS &&
-					   objectID <= PKCS1_PRIV_KEY_COEFF)
+		switch (objectID)
 		{
-			mpz_t *u = (mpz_t *) ((char *)this
-					+ RSA_private_field[objectID - PKCS1_PRIV_KEY_MODULUS].offset);
-			
-			mpz_import(*u, object.len, 1, 1, 1, 0, object.ptr);
+			case PRIV_KEY_VERSION:
+				if (object.len > 0 && *object.ptr != 0)
+				{
+					destroy(this);
+					return NULL;
+				}
+				break;
+			case PRIV_KEY_MODULUS:
+				mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
+				break;
+			case PRIV_KEY_PUB_EXP:
+				mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
+				break;
+			case PRIV_KEY_PRIV_EXP:
+				mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr);
+				break;
+			case PRIV_KEY_PRIME1:
+				mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr);
+				break;
+			case PRIV_KEY_PRIME2:
+				mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr);
+				break;
+			case PRIV_KEY_EXP1:
+				mpz_import(this->exp1, object.len, 1, 1, 1, 0, object.ptr);
+				break;
+			case PRIV_KEY_EXP2:
+				mpz_import(this->exp2, object.len, 1, 1, 1, 0, object.ptr);
+				break;
+			case PRIV_KEY_COEFF:
+				mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr);
+				break;
 		}
 		objectID++;
 	}
@@ -796,7 +734,6 @@ rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t blob)
 		return &this->public;
 	}
 }
-#endif
 
 /*
  * see header
diff --git a/Source/lib/crypto/rsa/rsa_public_key.c b/Source/lib/crypto/rsa/rsa_public_key.c
index 61739dd38..6b6988b62 100644
--- a/Source/lib/crypto/rsa/rsa_public_key.c
+++ b/Source/lib/crypto/rsa/rsa_public_key.c
@@ -29,7 +29,7 @@
 
 #include <daemon.h>
 #include <crypto/hashers/hasher.h>
-#include <asn1/der_decoder.h>
+#include <asn1/asn1.h>
 
 /* 
  * For simplicity,
@@ -75,6 +75,17 @@ u_int8_t sha512_oid[] = {
 	0x00,0x04,0x40
 };
 
+/* ASN.1 definition public key */
+static const asn1Object_t pubkey_objects[] = {
+	{ 0, "RSAPublicKey",		ASN1_SEQUENCE,     ASN1_OBJ  }, /*  0 */
+	{ 1,   "modulus",			ASN1_INTEGER,      ASN1_BODY }, /*  1 */
+	{ 1,   "publicExponent",	ASN1_INTEGER,      ASN1_BODY }, /*  2 */
+};
+
+#define PUB_KEY_RSA_PUBLIC_KEY		0
+#define PUB_KEY_MODULUS				1
+#define PUB_KEY_EXPONENT			2
+#define PUB_KEY_ROOF				3
 
 typedef struct private_rsa_public_key_t private_rsa_public_key_t;
 
@@ -139,29 +150,6 @@ struct rsa_public_key_info_t {
 	chunk_t public_key;
 };
 
-/**
- * Rules for de-/encoding of a public key from/in ASN1 
- */
-static asn1_rule_t rsa_public_key_rules[] = {
-	{ASN1_SEQUENCE, 0, 0, 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, n), 0},
-	{	ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, e), 0},
-	{ASN1_END, 0, 0, 0},
-};
-
-/**
- * Rules for de-/encoding of a PublicKeyInfo from/in ASN1 
- */
-static asn1_rule_t rsa_public_key_info_rules[] = {
-	{ASN1_SEQUENCE, 0, 0, 0},
-	{	ASN1_SEQUENCE, 0, 0, 0},
-	{		ASN1_OID, 0, offsetof(rsa_public_key_info_t, algorithm_oid), 0},
-	{		ASN1_NULL, 0, 0, 0},
-	{	ASN1_END, 0, 0, 0},
-	{	ASN1_BITSTRING, 0, offsetof(rsa_public_key_info_t, public_key), 0},
-	{ASN1_END, 0, 0, 0},
-};
-
 private_rsa_public_key_t *rsa_public_key_create_empty();
 
 /**
@@ -398,24 +386,39 @@ private_rsa_public_key_t *rsa_public_key_create_empty()
 /*
  * See header
  */
-rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk)
+rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t blob)
 {
-	der_decoder_t *dd;
-	status_t status;
+	asn1_ctx_t ctx;
+	chunk_t object;
+	u_int level;
+	int objectID = 0;
 	private_rsa_public_key_t *this;
 	
 	this = rsa_public_key_create_empty();
 	mpz_init(this->n);
 	mpz_init(this->e);
 	
-	dd = der_decoder_create(rsa_public_key_rules);
-	status = dd->decode(dd, chunk, this);
-	dd->destroy(dd);
-	if (status != SUCCESS)
+	asn1_init(&ctx, blob, 0, FALSE);
+	
+	while (objectID < PUB_KEY_ROOF) 
 	{
-		destroy(this);
-		return NULL;
+		if (!extract_object(pubkey_objects, &objectID, &object, &level, &ctx))
+		{
+			destroy(this);
+			return FALSE;
+		}
+		switch (objectID)
+		{
+			case PUB_KEY_MODULUS:
+				mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
+				break;
+			case PUB_KEY_EXPONENT:
+				mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
+				break;
+		}
+		objectID++;
 	}
+	
 	this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
 	return &this->public;
 }
@@ -429,10 +432,6 @@ rsa_public_key_t *rsa_public_key_create_from_file(char *filename)
 	FILE *file;
 	char *buffer;
 	chunk_t chunk;
-	rsa_public_key_info_t key_info = {CHUNK_INITIALIZER, CHUNK_INITIALIZER};
-	der_decoder_t *dd;
-	status_t status;
-	rsa_public_key_t *public_key = NULL;
 	
 	if (stat(filename, &stb) == -1)
 	{
@@ -455,15 +454,5 @@ rsa_public_key_t *rsa_public_key_create_from_file(char *filename)
 	chunk.ptr = buffer;
 	chunk.len = stb.st_size;
 	
-	/* parse public key info first */
-	dd = der_decoder_create(rsa_public_key_info_rules);
-	status = dd->decode(dd, chunk, &key_info);
-	dd->destroy(dd);
-	chunk_free(&key_info.algorithm_oid);
-	if (status == SUCCESS)
-	{
-		public_key = rsa_public_key_create_from_chunk(chunk);
-	}
-	chunk_free(&key_info.public_key);
-	return public_key;
+	return rsa_public_key_create_from_chunk(chunk);
 }