diff options
24 files changed, 71 insertions, 53 deletions
diff --git a/scripts/key2keyid.c b/scripts/key2keyid.c index 551d031c6..6a8301c6a 100644 --- a/scripts/key2keyid.c +++ b/scripts/key2keyid.c @@ -35,7 +35,7 @@ int main(int argc, char *argv[]) if (private) { printf("parsed %d bits %N private key.\n", - private->get_keysize(private)*8, + private->get_keysize(private), key_type_names, private->get_type(private)); if (private->get_fingerprint(private, KEYID_PUBKEY_INFO_SHA1, &chunk)) { @@ -65,7 +65,7 @@ int main(int argc, char *argv[]) if (public) { printf("parsed %d bits %N public key.\n", - public->get_keysize(public)*8, + public->get_keysize(public), key_type_names, public->get_type(public)); if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &chunk)) { diff --git a/scripts/pubkey_speed.c b/scripts/pubkey_speed.c index 255f650f5..6402e606d 100644 --- a/scripts/pubkey_speed.c +++ b/scripts/pubkey_speed.c @@ -79,23 +79,23 @@ int main(int argc, char *argv[]) { switch (private->get_keysize(private)) { - case 32: + case 256: scheme = SIGN_ECDSA_256; break; - case 48: + case 384: scheme = SIGN_ECDSA_384; break; - case 66: + case 521: scheme = SIGN_ECDSA_521; break; default: printf("%d bit ECDSA private key size not supported", - private->get_keysize(private) * 8); + private->get_keysize(private)); exit(1); } } - printf("%4d bit %N: ", private->get_keysize(private)*8, + printf("%4d bit %N: ", private->get_keysize(private), key_type_names, type); sigs = malloc(sizeof(chunk_t) * rounds); diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index a6de35466..f4ffa94c9 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -638,7 +638,7 @@ static void list_public_key(public_key_t *public, FILE *out) fprintf(out, " pubkey: %N %d bits%s\n", key_type_names, public->get_type(public), - public->get_keysize(public) * 8, + public->get_keysize(public), private ? ", has private key" : ""); if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid)) { diff --git a/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c index 43688f60a..6ba5769b5 100644 --- a/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c +++ b/src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c @@ -110,7 +110,7 @@ bool test_rsa_load_any() public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, chunk, BUILD_END); - if (!public || public->get_keysize(public) != 256) + if (!public || public->get_keysize(public) != 2048) { return FALSE; } diff --git a/src/libcharon/sa/authenticators/pubkey_authenticator.c b/src/libcharon/sa/authenticators/pubkey_authenticator.c index 3c67f6db6..54b4338bb 100644 --- a/src/libcharon/sa/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/authenticators/pubkey_authenticator.c @@ -84,15 +84,15 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message) /* we try to deduct the signature scheme from the keysize */ switch (private->get_keysize(private)) { - case 32: + case 256: scheme = SIGN_ECDSA_256; auth_method = AUTH_ECDSA_256; break; - case 48: + case 384: scheme = SIGN_ECDSA_384; auth_method = AUTH_ECDSA_384; break; - case 66: + case 521: scheme = SIGN_ECDSA_521; auth_method = AUTH_ECDSA_521; break; diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h index cec920b02..e57d3f5a5 100644 --- a/src/libstrongswan/credentials/keys/private_key.h +++ b/src/libstrongswan/credentials/keys/private_key.h @@ -60,11 +60,11 @@ struct private_key_t { chunk_t crypto, chunk_t *plain); /** - * Get the strength of the key in bytes. + * Get the strength of the key in bits. * - * @return strength of the key in bytes + * @return strength of the key in bits */ - size_t (*get_keysize) (private_key_t *this); + int (*get_keysize) (private_key_t *this); /** * Get the public part from the private key. diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 3b45b6c3e..d20d2736b 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -165,11 +165,11 @@ struct public_key_t { bool (*equals)(public_key_t *this, public_key_t *other); /** - * Get the strength of the key in bytes. + * Get the strength of the key in bits. * - * @return strength of the key in bytes + * @return strength of the key in bits */ - size_t (*get_keysize) (public_key_t *this); + int (*get_keysize) (public_key_t *this); /** * Get the fingerprint of the key. diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index 7fc840f8b..31f0b0702 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -306,10 +306,10 @@ METHOD(private_key_t, decrypt, bool, return FALSE; } -METHOD(private_key_t, get_keysize, size_t, +METHOD(private_key_t, get_keysize, int, private_agent_private_key_t *this) { - return this->key_size; + return this->key_size * 8; } METHOD(private_key_t, get_public_key, public_key_t*, diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index 63002d2fe..2d9baa471 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -277,10 +277,10 @@ METHOD(private_key_t, decrypt, bool, return TRUE; } -METHOD(private_key_t, get_keysize, size_t, +METHOD(private_key_t, get_keysize, int, private_gcrypt_rsa_private_key_t *this) { - return gcry_pk_get_nbits(this->key) / 8; + return gcry_pk_get_nbits(this->key); } METHOD(private_key_t, get_public_key, public_key_t*, diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index 7eae5949d..a49a6e5e2 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -228,10 +228,10 @@ METHOD(public_key_t, encrypt_, bool, return !!encrypted->len; } -METHOD(public_key_t, get_keysize, size_t, +METHOD(public_key_t, get_keysize, int, private_gcrypt_rsa_public_key_t *this) { - return gcry_pk_get_nbits(this->key) / 8; + return gcry_pk_get_nbits(this->key); } METHOD(public_key_t, get_encoding, bool, diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index e21e7131d..5001a872b 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -250,7 +250,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, { free(digestInfo.ptr); DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len, - this->k * 8); + mpz_sizeinbase(this->n, 2)); return FALSE; } @@ -356,10 +356,10 @@ end: return success; } -METHOD(private_key_t, get_keysize, size_t, +METHOD(private_key_t, get_keysize, int, private_gmp_rsa_private_key_t *this) { - return this->k; + return mpz_sizeinbase(this->n, 2); } METHOD(private_key_t, get_public_key, public_key_t*, diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 762238f49..4beeaa51c 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -375,10 +375,10 @@ METHOD(public_key_t, encrypt_, bool, return TRUE; } -METHOD(public_key_t, get_keysize, size_t, +METHOD(public_key_t, get_keysize, int, private_gmp_rsa_public_key_t *this) { - return this->k; + return mpz_sizeinbase(this->n, 2); } METHOD(public_key_t, get_encoding, bool, diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index ffd9ac62e..15b0f577b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -178,10 +178,20 @@ METHOD(private_key_t, decrypt, bool, return FALSE; } -METHOD(private_key_t, get_keysize, size_t, +METHOD(private_key_t, get_keysize, int, private_openssl_ec_private_key_t *this) { - return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)); + switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec))) + { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; + case NID_secp521r1: + return 521; + default: + return 0; + } } METHOD(private_key_t, get_type, key_type_t, diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index 16257178d..f680749a3 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -176,10 +176,20 @@ METHOD(public_key_t, encrypt, bool, return FALSE; } -METHOD(public_key_t, get_keysize, size_t, +METHOD(public_key_t, get_keysize, int, private_openssl_ec_public_key_t *this) { - return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)); + switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec))) + { + case NID_X9_62_prime256v1: + return 256; + case NID_secp384r1: + return 384; + case NID_secp521r1: + return 521; + default: + return 0; + } } /** diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 291acb0c3..dbf990e81 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -173,10 +173,10 @@ METHOD(private_key_t, decrypt, bool, return FALSE; } -METHOD(private_key_t, get_keysize, size_t, +METHOD(private_key_t, get_keysize, int, private_openssl_rsa_private_key_t *this) { - return RSA_size(this->rsa); + return RSA_size(this->rsa) * 8; } METHOD(private_key_t, get_public_key, public_key_t*, diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index e3ce66db5..80a571058 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -155,10 +155,10 @@ METHOD(public_key_t, encrypt, bool, return FALSE; } -METHOD(public_key_t, get_keysize, size_t, +METHOD(public_key_t, get_keysize, int, private_openssl_rsa_public_key_t *this) { - return RSA_size(this->rsa); + return RSA_size(this->rsa) * 8; } /** diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index 87ef89e00..52a9e09c2 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -80,7 +80,7 @@ METHOD(private_key_t, get_type, key_type_t, return this->pubkey->get_type(this->pubkey); } -METHOD(private_key_t, get_keysize, size_t, +METHOD(private_key_t, get_keysize, int, private_pkcs11_private_key_t *this) { return this->pubkey->get_keysize(this->pubkey); @@ -178,7 +178,7 @@ METHOD(private_key_t, sign, bool, DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv); return FALSE; } - len = get_keysize(this); + len = (get_keysize(this) + 7) / 8; buf = malloc(len); rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len); this->mutex->unlock(this->mutex); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c index 468c2bb27..affd8cafc 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c @@ -125,10 +125,10 @@ METHOD(public_key_t, encrypt, bool, return FALSE; } -METHOD(public_key_t, get_keysize, size_t, +METHOD(public_key_t, get_keysize, int, private_pkcs11_public_key_t *this) { - return this->k; + return this->k * 8; } /** diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 6d5462783..1f449de4e 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -29,7 +29,7 @@ static void print_pubkey(public_key_t *key) chunk_t chunk; printf("pubkey: %N %d bits\n", key_type_names, key->get_type(key), - key->get_keysize(key) * 8); + key->get_keysize(key)); if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &chunk)) { printf("keyid: %#B\n", &chunk); diff --git a/src/pluto/certs.c b/src/pluto/certs.c index 414f2430a..a9179c449 100644 --- a/src/pluto/certs.c +++ b/src/pluto/certs.c @@ -232,7 +232,7 @@ void list_pgp_end_certs(bool utc) whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", key_type_names, key->get_type(key), - key->get_keysize(key) * BITS_PER_BYTE, + key->get_keysize(key), has_private_key(cert)? ", has private key" : ""); if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &keyid)) { diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index 7521dd33b..08353907e 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -194,18 +194,16 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy) if (policy & POLICY_PUBKEY) { - int auth_method = 0; - size_t key_size = 0; + int auth_method = 0, key_size = 0; key_type_t key_type = KEY_ANY; - if (c->spd.this.cert) { certificate_t *certificate = c->spd.this.cert->cert; public_key_t *key = certificate->get_public_key(certificate); if (key == NULL) - { + { plog("ike alg: unable to retrieve my public key"); continue; } @@ -233,13 +231,13 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy) case KEY_ECDSA: switch (key_size) { - case 32: + case 256: auth_method = OAKLEY_ECDSA_256; break; - case 48: + case 384: auth_method = OAKLEY_ECDSA_384; break; - case 66: + case 521: auth_method = OAKLEY_ECDSA_521; break; default: diff --git a/src/pluto/keys.c b/src/pluto/keys.c index 12a3ccfc9..a79c2c0d2 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -1449,7 +1449,7 @@ void list_public_keys(bool utc) whack_log(RC_COMMENT, " identity: '%Y'", key->id); whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s", key_type_names, public->get_type(public), - public->get_keysize(public) * BITS_PER_BYTE, + public->get_keysize(public), &key->until_time, utc, check_expiry(key->until_time, PUBKEY_WARNING_INTERVAL, TRUE)); if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid)) diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 2b8681246..d717beb15 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -427,7 +427,7 @@ void list_x509cert_chain(const char *caption, cert_t* cert, { whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", key_type_names, key->get_type(key), - key->get_keysize(key) * BITS_PER_BYTE, + key->get_keysize(key), cert->smartcard ? ", on smartcard" : (has_private_key(cert)? ", has private key" : "")); diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index b7d029f2d..448854acd 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -807,7 +807,7 @@ int main(int argc, char **argv) public_key = private_key->get_public_key(private_key); /* check for minimum key length */ - if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS) + if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE) { exit_scepclient("length of RSA key has to be at least %d bits" ,RSA_MIN_OCTETS * BITS_PER_BYTE); |