diff options
| -rw-r--r-- | src/pluto/Makefile.am | 3 | ||||
| -rw-r--r-- | src/pluto/ipsec_doi.c | 1 | ||||
| -rw-r--r-- | src/pluto/keys.c | 1 | ||||
| -rw-r--r-- | src/pluto/mp_defs.c | 85 | ||||
| -rw-r--r-- | src/pluto/mp_defs.h | 35 | ||||
| -rw-r--r-- | src/pluto/pgpcert.c | 1 | ||||
| -rw-r--r-- | src/pluto/smartcard.c | 35 | ||||
| -rw-r--r-- | src/pluto/x509.c | 1 | ||||
| -rw-r--r-- | src/scepclient/Makefile.am | 9 | ||||
| -rw-r--r-- | src/scepclient/scepclient.c | 1 |
10 files changed, 27 insertions, 145 deletions
diff --git a/src/pluto/Makefile.am b/src/pluto/Makefile.am index 269401121..359a493a3 100644 --- a/src/pluto/Makefile.am +++ b/src/pluto/Makefile.am @@ -33,7 +33,6 @@ keys.c keys.h \ lex.c lex.h \ log.c log.h \ modecfg.c modecfg.h \ -mp_defs.c mp_defs.h \ nat_traversal.c nat_traversal.h \ ocsp.c ocsp.h \ packet.c packet.h \ @@ -82,7 +81,7 @@ AM_CFLAGS = \ pluto_LDADD = \ $(LIBSTRONGSWANDIR)/libstrongswan.la \ $(LIBFREESWANDIR)/libfreeswan.a \ --lgmp -lresolv -lpthread $(DLLIB) +-lresolv -lpthread $(DLLIB) _pluto_adns_LDADD = \ $(LIBFREESWANDIR)/libfreeswan.a \ diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index 181040a6d..2a9d9d4c1 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -39,7 +39,6 @@ #include "constants.h" #include "defs.h" -#include "mp_defs.h" #include "state.h" #include "id.h" #include "x509.h" diff --git a/src/pluto/keys.c b/src/pluto/keys.c index 4a4968175..c494b8ba6 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -38,7 +38,6 @@ #include "constants.h" #include "defs.h" -#include "mp_defs.h" #include "id.h" #include "x509.h" #include "pgpcert.h" diff --git a/src/pluto/mp_defs.c b/src/pluto/mp_defs.c deleted file mode 100644 index 41663337e..000000000 --- a/src/pluto/mp_defs.c +++ /dev/null @@ -1,85 +0,0 @@ -/* some multiprecision utilities - * Copyright (C) 1998-2001 D. Hugh Redelmeier. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <freeswan.h> - -#include <utils.h> -#include <asn1/asn1.h> - -#include "constants.h" -#include "defs.h" -#include "mp_defs.h" -#include "log.h" - -/* Convert MP_INT to network form (binary octets, big-endian). - * We do the malloc; caller must eventually do free. - */ -chunk_t -mpz_to_n(const MP_INT *mp, size_t bytes) -{ - chunk_t r; - MP_INT temp1, temp2; - int i; - - r.len = bytes; - r.ptr = malloc(r.len); - - mpz_init(&temp1); - mpz_init(&temp2); - - mpz_set(&temp1, mp); - - for (i = r.len-1; i >= 0; i--) - { - r.ptr[i] = mpz_mdivmod_ui(&temp2, NULL, &temp1, 1 << BITS_PER_BYTE); - mpz_set(&temp1, &temp2); - } - - passert(mpz_sgn(&temp1) == 0); /* we must have done all the bits */ - mpz_clear(&temp1); - mpz_clear(&temp2); - - return r; -} - -/* Convert network form (binary bytes, big-endian) to MP_INT. - * The *mp must not be previously mpz_inited. - */ -void -n_to_mpz(MP_INT *mp, const u_char *nbytes, size_t nlen) -{ - size_t i; - - mpz_init_set_ui(mp, 0); - - for (i = 0; i != nlen; i++) - { - mpz_mul_ui(mp, mp, 1 << BITS_PER_BYTE); - mpz_add_ui(mp, mp, nbytes[i]); - } -} - -/* - * convert a MP integer into a DER coded ASN.1 object - */ -chunk_t -asn1_integer_from_mpz(const mpz_t value) -{ - size_t bits = mpz_sizeinbase(value, 2); /* size in bits */ - size_t size = 1 + bits / BITS_PER_BYTE; /* size in bytes */ - chunk_t n = mpz_to_n(value, size); - - return asn1_wrap(ASN1_INTEGER, "m", n); -} - diff --git a/src/pluto/mp_defs.h b/src/pluto/mp_defs.h deleted file mode 100644 index 2c9718525..000000000 --- a/src/pluto/mp_defs.h +++ /dev/null @@ -1,35 +0,0 @@ -/* some multiprecision utilities - * Copyright (C) 1997 Angelos D. Keromytis. - * Copyright (C) 1998-2001 D. Hugh Redelmeier. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef _MP_DEFS_H -#define _MP_DEFS_H - -#include <gmp.h> - -#include <utils.h> - -extern void n_to_mpz(MP_INT *mp, const u_char *nbytes, size_t nlen); -extern chunk_t mpz_to_n(const MP_INT *mp, size_t bytes); -extern chunk_t asn1_integer_from_mpz(const mpz_t value); - -/* var := mod(base ** exp, mod), ensuring var is mpz_inited */ -#define mpz_init_powm(flag, var, base, exp, mod) { \ - if (!(flag)) \ - mpz_init(&(var)); \ - (flag) = TRUE; \ - mpz_powm(&(var), &(base), &(exp), (mod)); \ - } - -#endif /* _MP_DEFS_H */ diff --git a/src/pluto/pgpcert.c b/src/pluto/pgpcert.c index f22aed1a5..7fb8232d5 100644 --- a/src/pluto/pgpcert.c +++ b/src/pluto/pgpcert.c @@ -26,7 +26,6 @@ #include "constants.h" #include "defs.h" -#include "mp_defs.h" #include "log.h" #include "id.h" #include "pgpcert.h" diff --git a/src/pluto/smartcard.c b/src/pluto/smartcard.c index 10ab26214..7e4452d89 100644 --- a/src/pluto/smartcard.c +++ b/src/pluto/smartcard.c @@ -29,6 +29,9 @@ #include <freeswan.h> +#include <asn1/asn1.h> +#include <credentials/keys/public_key.h> + #include "constants.h" #ifdef SMARTCARD @@ -37,7 +40,6 @@ #endif #include "defs.h" -#include "mp_defs.h" #include "log.h" #include "x509.h" #include "ca.h" @@ -1438,9 +1440,9 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen { if (rv == CKR_FUNCTION_NOT_SUPPORTED) { - RSA_public_key_t rsa; + public_key_t *key; + chunk_t rsa_modulus, rsa_exponent, rsa_key, cipher_text; chunk_t plain_text = {(u_char*)in, inlen}; - chunk_t cipher_text; DBG(DBG_CONTROL, DBG_log("doing RSA encryption in software") @@ -1458,19 +1460,30 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen scx_release_context(sc); return FALSE; } - rsa.k = attr[0].ulValueLen; - n_to_mpz(&rsa.n, attr[0].pValue, attr[0].ulValueLen); - n_to_mpz(&rsa.e, attr[1].pValue, attr[1].ulValueLen); - free(attr[0].pValue); - free(attr[1].pValue); - - cipher_text = RSA_encrypt(&rsa, plain_text); - free_RSA_public_content(&rsa); + rsa_modulus = chunk_create((u_char*) attr[0].pValue, + (size_t) attr[0].ulValueLen); + rsa_exponent = chunk_create((u_char*) attr[1].pValue, + (size_t) attr[1].ulValueLen); + rsa_key = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_integer("m", rsa_modulus), + asn1_integer("m", rsa_exponent)); + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_BLOB_ASN1_DER, rsa_key, BUILD_END); + free(rsa_key.ptr); + if (key == NULL) + { + return FALSE; + } + key->encrypt(key, plain_text, &cipher_text); + key->destroy(key); + if (cipher_text.ptr == NULL) { plog("smartcard input data length is too large"); if (!pkcs11_keep_state) + { scx_release_context(sc); + } return FALSE; } diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 535499618..05eb0a02e 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -32,7 +32,6 @@ #include "constants.h" #include "defs.h" -#include "mp_defs.h" #include "log.h" #include "id.h" #include "x509.h" diff --git a/src/scepclient/Makefile.am b/src/scepclient/Makefile.am index a6e43a4f1..20bf76065 100644 --- a/src/scepclient/Makefile.am +++ b/src/scepclient/Makefile.am @@ -24,14 +24,12 @@ AM_CFLAGS = \ LIBSTRONGSWANBUILDDIR=$(top_builddir)/src/libstrongswan LIBFREESWANBUILDDIR=$(top_builddir)/src/libfreeswan -LIBCRYPTOBUILDDIR=$(top_builddir)/src/libcrypto scepclient_LDADD = \ ca.o crl.o certs.o constants.o defs.o fetch.o id.o keys.o lex.o \ -mp_defs.o ocsp.o pem.o pgpcert.o pkcs7.o smartcard.o x509.o \ +ocsp.o pem.o pgpcert.o pkcs7.o smartcard.o x509.o \ $(LIBSTRONGSWANBUILDDIR)/libstrongswan.la \ -$(LIBFREESWANBUILDDIR)/libfreeswan.a \ --lgmp +$(LIBFREESWANBUILDDIR)/libfreeswan.a # This compile option activates smartcard support if USE_SMARTCARD @@ -56,9 +54,6 @@ crl.o : $(PLUTODIR)/crl.c $(PLUTODIR)/crl.h defs.o : $(PLUTODIR)/defs.c $(PLUTODIR)/defs.h $(COMPILE) $(INCLUDES) -c -o $@ $< -mp_defs.o : $(PLUTODIR)/mp_defs.c $(PLUTODIR)/mp_defs.h - $(COMPILE) $(INCLUDES) -c -o $@ $< - fetch.o : $(PLUTODIR)/fetch.c $(PLUTODIR)/fetch.h $(COMPILE) $(INCLUDES) -c -o $@ $< diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index eb3197689..9f979309e 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -32,7 +32,6 @@ #include <ctype.h> #include <unistd.h> #include <time.h> -#include <gmp.h> #include <freeswan.h> |