updated gcrypt plugin to new private/public key API, use encoder framework

author: Martin Willi <martin@strongswan.org> 2009-08-24 14:07:32 +0200
committer: Martin Willi <martin@strongswan.org> 2009-08-26 11:23:52 +0200
commit: cbd51389481b0b0ce11261cb16ae2a2e9c3939bb (patch)
tree: cd7f610bd71f0a5d662a11a01cc21095204423f5 /src
parent: 741680d1799f617ec806a865a9fa69ccffb774c2 (diff)
download: strongswan-cbd51389481b0b0ce11261cb16ae2a2e9c3939bb.tar.bz2
strongswan-cbd51389481b0b0ce11261cb16ae2a2e9c3939bb.tar.xz
2 files changed, 96 insertions, 218 deletions
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index eac5c7f48..0d8f3d207 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -40,16 +40,6 @@ struct private_gcrypt_rsa_private_key_t {
 	gcry_sexp_t key;
 	
 	/**
-	 * Keyid formed as a SHA-1 hash of a publicKey object
-	 */
-	identification_t* keyid;
-	
-	/**
-	 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
-	 */
-	identification_t* keyid_info;
-	
-	/**
 	 * reference count
 	 */
 	refcount_t ref;
@@ -294,23 +284,6 @@ static size_t get_keysize(private_gcrypt_rsa_private_key_t *this)
 }
 
 /**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static identification_t* get_id(private_gcrypt_rsa_private_key_t *this,
-								id_type_t type)
-{
-	switch (type)
-	{
-		case ID_PUBKEY_INFO_SHA1:
-			return this->keyid_info;
-		case ID_PUBKEY_SHA1:
-			return this->keyid;
-		default:
-			return NULL;
-	}
-}
-
-/**
  * Implementation of gcrypt_rsa_private_key.get_public_key.
  */
 static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this)
@@ -330,66 +303,15 @@ static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this)
 }
 
 /**
- * Implementation of gcrypt_rsa_private_key.equals.
- */
-static bool equals(private_gcrypt_rsa_private_key_t *this, private_key_t *other)
-{
-	identification_t *keyid;
-
-	if (&this->public.interface == other)
-	{
-		return TRUE;
-	}
-	if (other->get_type(other) != KEY_RSA)
-	{
-		return FALSE;
-	}
-	keyid = other->get_id(other, ID_PUBKEY_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid))
-	{
-		return TRUE;
-	}
-	keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid_info))
-	{
-		return TRUE;
-	}
-	return FALSE;
-}
-
-/**
- * Implementation of gcrypt_rsa_private_key.belongs_to.
- */
-static bool belongs_to(private_gcrypt_rsa_private_key_t *this,
-					   public_key_t *public)
-{
-	identification_t *keyid;
-	
-	if (public->get_type(public) != KEY_RSA)
-	{
-		return FALSE;
-	}
-	keyid = public->get_id(public, ID_PUBKEY_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid))
-	{
-		return TRUE;
-	}
-	keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid_info))
-	{
-		return TRUE;
-	}
-	return FALSE;
-}
-
-/**
- * Implementation of private_key_t.get_encoding.
+ * Implementation of private_key_t.get_encoding
  */
-static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
+static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
+						 key_encoding_type_t type, chunk_t *encoding)
 {
-	chunk_t cp, cq, cd, cexp1 = chunk_empty, cexp2 = chunk_empty;
+	chunk_t cn, ce, cp, cq, cd, cu, cexp1 = chunk_empty, cexp2 = chunk_empty;
 	gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2;
 	gcry_error_t err;
+	bool success;
 	
 	/* p and q are swapped, gcrypt expects p < q */
 	cp = gcrypt_rsa_find_token(this->key, "q", NULL);
@@ -408,7 +330,7 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
 		chunk_clear(&cq);
 		chunk_clear(&cd);
 		DBG1("scanning mpi for export failed: %s", gpg_strerror(err));
-		return chunk_empty;
+		return FALSE;
 	}
 	
 	gcry_mpi_sub_ui(p, p, 1);
@@ -436,18 +358,53 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
 		chunk_clear(&cd);
 		chunk_clear(&cexp1);
 		chunk_clear(&cexp2);
-		return chunk_empty;
+		return FALSE;
 	}
 	
-	return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", ASN1_INTEGER_0,
-			asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)),
-			asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL)),
-			asn1_integer("m", cd),
-			asn1_integer("m", cp),
-			asn1_integer("m", cq),
-			asn1_integer("m", cexp1),
-			asn1_integer("m", cexp2),
-			asn1_integer("m", gcrypt_rsa_find_token(this->key, "u", NULL)));
+	cn = gcrypt_rsa_find_token(this->key, "n", NULL);
+	ce = gcrypt_rsa_find_token(this->key, "e", NULL);
+	cu = gcrypt_rsa_find_token(this->key, "u", NULL);
+	
+	success = lib->encoding->encode(lib->encoding, type, NULL, encoding,
+							KEY_PART_RSA_MODULUS, cn,
+							KEY_PART_RSA_PUB_EXP, ce, KEY_PART_RSA_PRIV_EXP, cd,
+							KEY_PART_RSA_PRIME1, cp, KEY_PART_RSA_PRIME2, cq,
+							KEY_PART_RSA_EXP1, cexp1, KEY_PART_RSA_EXP2, cexp2,
+							KEY_PART_RSA_COEFF, cu, KEY_PART_END);
+	chunk_free(&cn);
+	chunk_free(&ce);
+	chunk_clear(&cd);
+	chunk_clear(&cp);
+	chunk_clear(&cq);
+	chunk_clear(&cexp1);
+	chunk_clear(&cexp2);
+	chunk_clear(&cu);
+	
+	return success;
+}
+
+/**
+ * Implementation of private_key_t.get_fingerprint
+ */
+static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this,
+							key_encoding_type_t type, chunk_t *fp)
+{
+	chunk_t n, e;
+	bool success;
+	
+	if (lib->encoding->get_cache(lib->encoding, type, this, fp))
+	{
+		return TRUE;
+	}
+	n = gcrypt_rsa_find_token(this->key, "n", NULL);
+	e = gcrypt_rsa_find_token(this->key, "e", NULL);
+	
+	success = lib->encoding->encode(lib->encoding,
+								type, this, fp, KEY_PART_RSA_MODULUS, n,
+								KEY_PART_RSA_PUB_EXP, e, KEY_PART_END);
+	chunk_free(&n);
+	chunk_free(&e);
+	return success;
 }
 
 /**
@@ -466,9 +423,8 @@ static void destroy(private_gcrypt_rsa_private_key_t *this)
 {
 	if (ref_put(&this->ref))
 	{
-		DESTROY_IF(this->keyid);
-		DESTROY_IF(this->keyid_info);
 		gcry_sexp_release(this->key);
+		lib->encoding->clear_cache(lib->encoding, this);
 		free(this);
 	}
 }
@@ -484,58 +440,21 @@ static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty()
 	this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
 	this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
 	this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
-	this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
 	this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
-	this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
-	this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
-	this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
+	this->public.interface.equals = private_key_equals;
+	this->public.interface.belongs_to = private_key_belongs_to;
+	this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint;
+	this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding;
 	this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
 	this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
 	
 	this->key = NULL;
-	this->keyid = NULL;
-	this->keyid_info = NULL;
 	this->ref = 1;
 	
 	return this;
 }
 
 /**
- * build the keyids of a private/public key
- */
-bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid,
-							 identification_t **keyid_info)
-{
-	chunk_t publicKeyInfo, publicKey, hash;
-	hasher_t *hasher;
-	
-	hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-	if (!hasher)
-	{
-		DBG1("SHA1 hash algorithm not supported, unable to use RSA");
-		return FALSE;
-	}
-	publicKey = asn1_wrap(ASN1_SEQUENCE, "mm",
-				 asn1_integer("m", gcrypt_rsa_find_token(key, "n", NULL)),
-				 asn1_integer("m", gcrypt_rsa_find_token(key, "e", NULL)));
-	hasher->allocate_hash(hasher, publicKey, &hash);
-	*keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
-	chunk_free(&hash);
-	
-	publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
-						asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
-						asn1_bitstring("m", publicKey));
-	hasher->allocate_hash(hasher, publicKeyInfo, &hash);
-	*keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash);
-	chunk_free(&hash);
-	
-	hasher->destroy(hasher);
-	chunk_free(&publicKeyInfo);
-	
-	return TRUE;
-}
-
-/**
  * Generate an RSA key of specified key size
  */
 static gcrypt_rsa_private_key_t *generate(size_t key_size)
@@ -561,12 +480,6 @@ static gcrypt_rsa_private_key_t *generate(size_t key_size)
 	this = gcrypt_rsa_private_key_create_empty();
 	this->key = key;
 	
-	if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
-	{
-		destroy(this);
-		return NULL;
-	}
-	
 	return &this->public;
 }
 
@@ -596,11 +509,6 @@ static gcrypt_rsa_private_key_t *load(chunk_t n, chunk_t e, chunk_t d,
 		destroy(this);
 		return NULL;
 	}
-	if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
-	{
-		destroy(this);
-		return NULL;
-	}
 	return &this->public;
 }
 
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index 4eb9cbaac..2f86774dc 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -41,16 +41,6 @@ struct private_gcrypt_rsa_public_key_t {
 	gcry_sexp_t key;
 	
 	/**
-	 * Keyid formed as a SHA-1 hash of a publicKey object
-	 */
-	identification_t* keyid;
-	
-	/**
-	 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
-	 */
-	identification_t* keyid_info;
-	
-	/**
 	 * reference counter
 	 */
 	refcount_t ref;
@@ -60,8 +50,6 @@ struct private_gcrypt_rsa_public_key_t {
  * Implemented in gcrypt_rsa_private_key.c
  */
 chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key);
-bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid,
-							 identification_t **keyid_info);
 
 /**
  * verification of a padded PKCS1 signature without an OID
@@ -233,34 +221,6 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain,
 }
 
 /**
- * Implementation of gcrypt_rsa_public_key.equals.
- */
-static bool equals(private_gcrypt_rsa_public_key_t *this, public_key_t *other)
-{
-	identification_t *keyid;
-
-	if (&this->public.interface == other)
-	{
-		return TRUE;
-	}
-	if (other->get_type(other) != KEY_RSA)
-	{
-		return FALSE;
-	}
-	keyid = other->get_id(other, ID_PUBKEY_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid))
-	{
-		return TRUE;
-	}
-	keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid_info))
-	{
-		return TRUE;
-	}
-	return FALSE;
-}
-
-/**
  * Implementation of public_key_t.get_keysize.
  */
 static size_t get_keysize(private_gcrypt_rsa_public_key_t *this)
@@ -269,30 +229,47 @@ static size_t get_keysize(private_gcrypt_rsa_public_key_t *this)
 }
 
 /**
- * Implementation of public_key_t.get_id.
+ * Implementation of private_key_t.get_encoding
  */
-static identification_t *get_id(private_gcrypt_rsa_public_key_t *this,
-								id_type_t type)
+static bool get_encoding(private_gcrypt_rsa_public_key_t *this,
+						 key_encoding_type_t type, chunk_t *encoding)
 {
-	switch (type)
-	{
-		case ID_PUBKEY_INFO_SHA1:
-			return this->keyid_info;
-		case ID_PUBKEY_SHA1:
-			return this->keyid;
-		default:
-			return NULL;
-	}
+	chunk_t n, e;
+	bool success;
+	
+	n = gcrypt_rsa_find_token(this->key, "n", NULL);
+	e = gcrypt_rsa_find_token(this->key, "e", NULL);
+	success = lib->encoding->encode(lib->encoding, type, NULL, encoding,
+							KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e,
+							KEY_PART_END);
+	chunk_free(&n);
+	chunk_free(&e);
+	
+	return success;
 }
 
-/*
- * Implementation of public_key_t.get_encoding.
+/**
+ * Implementation of private_key_t.get_fingerprint
  */
-static chunk_t get_encoding(private_gcrypt_rsa_public_key_t *this)
+static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this,
+							key_encoding_type_t type, chunk_t *fp)
 {
-	return asn1_wrap(ASN1_SEQUENCE, "mm",
-			asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)),
-			asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL)));
+	chunk_t n, e;
+	bool success;
+	
+	if (lib->encoding->get_cache(lib->encoding, type, this, fp))
+	{
+		return TRUE;
+	}
+	n = gcrypt_rsa_find_token(this->key, "n", NULL);
+	e = gcrypt_rsa_find_token(this->key, "e", NULL);
+	
+	success = lib->encoding->encode(lib->encoding,
+								type, this, fp, KEY_PART_RSA_MODULUS, n,
+								KEY_PART_RSA_PUB_EXP, e, KEY_PART_END);
+	chunk_free(&n);
+	chunk_free(&e);
+	return success;
 }
 
 /**
@@ -311,9 +288,8 @@ static void destroy(private_gcrypt_rsa_public_key_t *this)
 {
 	if (ref_put(&this->ref))
 	{
-		DESTROY_IF(this->keyid);
-		DESTROY_IF(this->keyid_info);
 		gcry_sexp_release(this->key);
+		lib->encoding->clear_cache(lib->encoding, this);
 		free(this);
 	}
 }
@@ -328,16 +304,14 @@ static private_gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_create_empty()
 	this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
 	this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
 	this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
-	this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals;
+	this->public.interface.equals = public_key_equals;
 	this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
-	this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
-	this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
+	this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint;
+	this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding;
 	this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
 	this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
 	
 	this->key = NULL;
-	this->keyid = NULL;
-	this->keyid_info = NULL;
 	this->ref = 1;
 	
 	return this;
@@ -360,15 +334,11 @@ static gcrypt_rsa_public_key_t *load(chunk_t n, chunk_t e)
 		free(this);
 		return NULL;
 	}
-	if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
-	{
-		destroy(this);
-		return NULL;
-	}
 	return &this->public;
 }
 
 typedef struct private_builder_t private_builder_t;
+
 /**
  * Builder implementation for key loading
  */
author	Martin Willi <martin@strongswan.org>	2009-08-24 14:07:32 +0200
committer	Martin Willi <martin@strongswan.org>	2009-08-26 11:23:52 +0200
commit	cbd51389481b0b0ce11261cb16ae2a2e9c3939bb (patch)
tree	cd7f610bd71f0a5d662a11a01cc21095204423f5 /src
parent	741680d1799f617ec806a865a9fa69ccffb774c2 (diff)
download	strongswan-cbd51389481b0b0ce11261cb16ae2a2e9c3939bb.tar.bz2 strongswan-cbd51389481b0b0ce11261cb16ae2a2e9c3939bb.tar.xz