Use bits instead of bytes for a private/public key

author: Martin Willi <martin@revosec.ch> 2010-08-10 15:56:10 +0200
committer: Martin Willi <martin@revosec.ch> 2010-08-10 18:46:30 +0200
commit: a944d2092bb8663be21f863bbe27fa475966c9d9 (patch)
tree: 7a3d6f2c612f7e9e229c0e8be2fa21fb05d3db2e /src
parent: 33ddaaabec136e358bf38a6aeb7855f466603007 (diff)
download: strongswan-a944d2092bb8663be21f863bbe27fa475966c9d9.tar.bz2
strongswan-a944d2092bb8663be21f863bbe27fa475966c9d9.tar.xz
22 files changed, 64 insertions, 46 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index a6de35466..f4ffa94c9 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -638,7 +638,7 @@ static void list_public_key(public_key_t *public, FILE *out)
 
 	fprintf(out, "  pubkey:    %N %d bits%s\n",
 			key_type_names, public->get_type(public),
-			public->get_keysize(public) * 8,
+			public->get_keysize(public),
 			private ? ", has private key" : "");
 	if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid))
 	{
diff --git a/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c
index 43688f60a..6ba5769b5 100644
--- a/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c
+++ b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c
@@ -110,7 +110,7 @@ bool test_rsa_load_any()
 	public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
 								BUILD_BLOB_ASN1_DER, chunk,
 								BUILD_END);
-	if (!public || public->get_keysize(public) != 256)
+	if (!public || public->get_keysize(public) != 2048)
 	{
 		return FALSE;
 	}
diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c
index 3c67f6db6..54b4338bb 100644
--- a/src/libcharon/sa/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c
@@ -84,15 +84,15 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message)
 			/* we try to deduct the signature scheme from the keysize */
 			switch (private->get_keysize(private))
 			{
-				case 32:
+				case 256:
 					scheme = SIGN_ECDSA_256;
 					auth_method = AUTH_ECDSA_256;
 					break;
-				case 48:
+				case 384:
 					scheme = SIGN_ECDSA_384;
 					auth_method = AUTH_ECDSA_384;
 					break;
-				case 66:
+				case 521:
 					scheme = SIGN_ECDSA_521;
 					auth_method = AUTH_ECDSA_521;
 					break;
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index cec920b02..e57d3f5a5 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -60,11 +60,11 @@ struct private_key_t {
 					chunk_t crypto, chunk_t *plain);
 
 	/**
-	 * Get the strength of the key in bytes.
+	 * Get the strength of the key in bits.
 	 *
-	 * @return			strength of the key in bytes
+	 * @return			strength of the key in bits
 	 */
-	size_t (*get_keysize) (private_key_t *this);
+	int (*get_keysize) (private_key_t *this);
 
 	/**
 	 * Get the public part from the private key.
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 3b45b6c3e..d20d2736b 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -165,11 +165,11 @@ struct public_key_t {
 	bool (*equals)(public_key_t *this, public_key_t *other);
 
 	/**
-	 * Get the strength of the key in bytes.
+	 * Get the strength of the key in bits.
 	 *
-	 * @return			strength of the key in bytes
+	 * @return			strength of the key in bits
 	 */
-	size_t (*get_keysize) (public_key_t *this);
+	int (*get_keysize) (public_key_t *this);
 
 	/**
 	 * Get the fingerprint of the key.
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index 7fc840f8b..31f0b0702 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -306,10 +306,10 @@ METHOD(private_key_t, decrypt, bool,
 	return FALSE;
 }
 
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
 	private_agent_private_key_t *this)
 {
-	return this->key_size;
+	return this->key_size * 8;
 }
 
 METHOD(private_key_t, get_public_key, public_key_t*,
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index 63002d2fe..2d9baa471 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -277,10 +277,10 @@ METHOD(private_key_t, decrypt, bool,
 	return TRUE;
 }
 
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
 	private_gcrypt_rsa_private_key_t *this)
 {
-	return gcry_pk_get_nbits(this->key) / 8;
+	return gcry_pk_get_nbits(this->key);
 }
 
 METHOD(private_key_t, get_public_key, public_key_t*,
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index 7eae5949d..a49a6e5e2 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -228,10 +228,10 @@ METHOD(public_key_t, encrypt_, bool,
 	return !!encrypted->len;
 }
 
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
 	private_gcrypt_rsa_public_key_t *this)
 {
-	return gcry_pk_get_nbits(this->key) / 8;
+	return gcry_pk_get_nbits(this->key);
 }
 
 METHOD(public_key_t, get_encoding, bool,
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index e21e7131d..5001a872b 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -250,7 +250,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
 	{
 		free(digestInfo.ptr);
 		DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
-			 this->k * 8);
+			 mpz_sizeinbase(this->n, 2));
 		return FALSE;
 	}
 
@@ -356,10 +356,10 @@ end:
 	return success;
 }
 
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
 	private_gmp_rsa_private_key_t *this)
 {
-	return this->k;
+	return mpz_sizeinbase(this->n, 2);
 }
 
 METHOD(private_key_t, get_public_key, public_key_t*,
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 762238f49..4beeaa51c 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -375,10 +375,10 @@ METHOD(public_key_t, encrypt_, bool,
 	return TRUE;
 }
 
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
 	private_gmp_rsa_public_key_t *this)
 {
-	return this->k;
+	return mpz_sizeinbase(this->n, 2);
 }
 
 METHOD(public_key_t, get_encoding, bool,
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index ffd9ac62e..15b0f577b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -178,10 +178,20 @@ METHOD(private_key_t, decrypt, bool,
 	return FALSE;
 }
 
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
 	private_openssl_ec_private_key_t *this)
 {
-	return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+	switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
+	{
+		case NID_X9_62_prime256v1:
+			return 256;
+		case NID_secp384r1:
+			return 384;
+		case NID_secp521r1:
+			return 521;
+		default:
+			return 0;
+	}
 }
 
 METHOD(private_key_t, get_type, key_type_t,
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index 16257178d..f680749a3 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -176,10 +176,20 @@ METHOD(public_key_t, encrypt, bool,
 	return FALSE;
 }
 
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
 	private_openssl_ec_public_key_t *this)
 {
-	return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+	switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
+	{
+		case NID_X9_62_prime256v1:
+			return 256;
+		case NID_secp384r1:
+			return 384;
+		case NID_secp521r1:
+			return 521;
+		default:
+			return 0;
+	}
 }
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 291acb0c3..dbf990e81 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -173,10 +173,10 @@ METHOD(private_key_t, decrypt, bool,
 	return FALSE;
 }
 
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
 	private_openssl_rsa_private_key_t *this)
 {
-	return RSA_size(this->rsa);
+	return RSA_size(this->rsa) * 8;
 }
 
 METHOD(private_key_t, get_public_key, public_key_t*,
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index e3ce66db5..80a571058 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -155,10 +155,10 @@ METHOD(public_key_t, encrypt, bool,
 	return FALSE;
 }
 
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
 	private_openssl_rsa_public_key_t *this)
 {
-	return RSA_size(this->rsa);
+	return RSA_size(this->rsa) * 8;
 }
 
 /**
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index 87ef89e00..52a9e09c2 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -80,7 +80,7 @@ METHOD(private_key_t, get_type, key_type_t,
 	return this->pubkey->get_type(this->pubkey);
 }
 
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
 	private_pkcs11_private_key_t *this)
 {
 	return this->pubkey->get_keysize(this->pubkey);
@@ -178,7 +178,7 @@ METHOD(private_key_t, sign, bool,
 		DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv);
 		return FALSE;
 	}
-	len = get_keysize(this);
+	len = (get_keysize(this) + 7) / 8;
 	buf = malloc(len);
 	rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len);
 	this->mutex->unlock(this->mutex);
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
index 468c2bb27..affd8cafc 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
@@ -125,10 +125,10 @@ METHOD(public_key_t, encrypt, bool,
 	return FALSE;
 }
 
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
 	private_pkcs11_public_key_t *this)
 {
-	return this->k;
+	return this->k * 8;
 }
 
 /**
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 6d5462783..1f449de4e 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -29,7 +29,7 @@ static void print_pubkey(public_key_t *key)
 	chunk_t chunk;
 
 	printf("pubkey:    %N %d bits\n", key_type_names, key->get_type(key),
-		   key->get_keysize(key) * 8);
+		   key->get_keysize(key));
 	if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &chunk))
 	{
 		printf("keyid:     %#B\n", &chunk);
diff --git a/src/pluto/certs.c b/src/pluto/certs.c
index 414f2430a..a9179c449 100644
--- a/src/pluto/certs.c
+++ b/src/pluto/certs.c
@@ -232,7 +232,7 @@ void list_pgp_end_certs(bool utc)
 
 				whack_log(RC_COMMENT, "  pubkey:    %N %4d bits%s",
 						key_type_names, key->get_type(key),
-						key->get_keysize(key) * BITS_PER_BYTE,
+						key->get_keysize(key),
 						has_private_key(cert)? ", has private key" : "");
 				if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &keyid))
 				{
diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c
index 7521dd33b..08353907e 100644
--- a/src/pluto/ike_alg.c
+++ b/src/pluto/ike_alg.c
@@ -194,18 +194,16 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy)
 
 		if (policy & POLICY_PUBKEY)
 		{
-			int auth_method = 0;
-			size_t key_size = 0;
+			int auth_method = 0, key_size = 0;
 			key_type_t key_type = KEY_ANY;
 
-
 			if (c->spd.this.cert)
 			{
 				certificate_t *certificate = c->spd.this.cert->cert;
 				public_key_t *key = certificate->get_public_key(certificate);
 
 				if (key == NULL)
-				{				
+				{
 					plog("ike alg: unable to retrieve my public key");
 					continue;
 				}
@@ -233,13 +231,13 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy)
 				case KEY_ECDSA:
 					switch (key_size)
 					{
-						case 32:
+						case 256:
 							auth_method = OAKLEY_ECDSA_256;
 							break;
-						case 48:
+						case 384:
 							auth_method = OAKLEY_ECDSA_384;
 							break;
-						case 66:
+						case 521:
 							auth_method = OAKLEY_ECDSA_521;
 							break;
 						default:
diff --git a/src/pluto/keys.c b/src/pluto/keys.c
index 12a3ccfc9..a79c2c0d2 100644
--- a/src/pluto/keys.c
+++ b/src/pluto/keys.c
@@ -1449,7 +1449,7 @@ void list_public_keys(bool utc)
 		whack_log(RC_COMMENT, "  identity: '%Y'", key->id);
 		whack_log(RC_COMMENT, "  pubkey:    %N %4d bits, until %T %s",
 			key_type_names, public->get_type(public),
-			public->get_keysize(public) * BITS_PER_BYTE,
+			public->get_keysize(public),
 			&key->until_time, utc,
 			check_expiry(key->until_time, PUBKEY_WARNING_INTERVAL, TRUE));
 		if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid))
diff --git a/src/pluto/x509.c b/src/pluto/x509.c
index 2b8681246..d717beb15 100644
--- a/src/pluto/x509.c
+++ b/src/pluto/x509.c
@@ -427,7 +427,7 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
 			{
 				whack_log(RC_COMMENT, "  pubkey:    %N %4d bits%s",
 					key_type_names, key->get_type(key),
-					key->get_keysize(key) * BITS_PER_BYTE,
+					key->get_keysize(key),
 					cert->smartcard ? ", on smartcard" :
 					(has_private_key(cert)? ", has private key" : ""));
 
diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c
index b7d029f2d..448854acd 100644
--- a/src/scepclient/scepclient.c
+++ b/src/scepclient/scepclient.c
@@ -807,7 +807,7 @@ int main(int argc, char **argv)
 	public_key = private_key->get_public_key(private_key);
 
 	/* check for minimum key length */
-	if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS)
+	if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE)
 	{
 		exit_scepclient("length of RSA key has to be at least %d bits"
 			,RSA_MIN_OCTETS * BITS_PER_BYTE);
author	Martin Willi <martin@revosec.ch>	2010-08-10 15:56:10 +0200
committer	Martin Willi <martin@revosec.ch>	2010-08-10 18:46:30 +0200
commit	a944d2092bb8663be21f863bbe27fa475966c9d9 (patch)
tree	7a3d6f2c612f7e9e229c0e8be2fa21fb05d3db2e /src
parent	33ddaaabec136e358bf38a6aeb7855f466603007 (diff)
download	strongswan-a944d2092bb8663be21f863bbe27fa475966c9d9.tar.bz2 strongswan-a944d2092bb8663be21f863bbe27fa475966c9d9.tar.xz