aboutsummaryrefslogtreecommitdiffstats
path: root/Source/charon/transforms/rsa
diff options
context:
space:
mode:
Diffstat (limited to 'Source/charon/transforms/rsa')
-rw-r--r--Source/charon/transforms/rsa/Makefile.rsa23
-rw-r--r--Source/charon/transforms/rsa/rsa_private_key.c530
-rw-r--r--Source/charon/transforms/rsa/rsa_private_key.h68
-rw-r--r--Source/charon/transforms/rsa/rsa_public_key.c364
-rw-r--r--Source/charon/transforms/rsa/rsa_public_key.h63
5 files changed, 1048 insertions, 0 deletions
diff --git a/Source/charon/transforms/rsa/Makefile.rsa b/Source/charon/transforms/rsa/Makefile.rsa
new file mode 100644
index 000000000..4afe373e7
--- /dev/null
+++ b/Source/charon/transforms/rsa/Makefile.rsa
@@ -0,0 +1,23 @@
+# Copyright (C) 2005 Jan Hutter, Martin Willi
+# Hochschule fuer Technik Rapperswil
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# for more details.
+#
+
+RSA_DIR= $(TRANSFORMS_DIR)rsa/
+
+OBJS+= $(BUILD_DIR)rsa_private_key.o
+$(BUILD_DIR)rsa_private_key.o : $(RSA_DIR)rsa_private_key.c $(RSA_DIR)rsa_private_key.h
+ $(CC) $(CFLAGS) -c -o $@ $<
+
+OBJS+= $(BUILD_DIR)rsa_public_key.o
+$(BUILD_DIR)rsa_public_key.o : $(RSA_DIR)rsa_public_key.c $(RSA_DIR)rsa_public_key.h
+ $(CC) $(CFLAGS) -c -o $@ $< \ No newline at end of file
diff --git a/Source/charon/transforms/rsa/rsa_private_key.c b/Source/charon/transforms/rsa/rsa_private_key.c
new file mode 100644
index 000000000..cc153f794
--- /dev/null
+++ b/Source/charon/transforms/rsa/rsa_private_key.c
@@ -0,0 +1,530 @@
+/**
+ * @file rsa_private_key.c
+ *
+ * @brief Implementation of rsa_private_key_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <gmp.h>
+
+#include "rsa_private_key.h"
+
+#include <daemon.h>
+#include <utils/allocator.h>
+
+
+/* oids for hash algorithms are defined in
+ * rsa_public_key.c
+ */
+extern u_int8_t md2_oid[18];
+extern u_int8_t md5_oid[18];
+extern u_int8_t sha1_oid[15];
+extern u_int8_t sha256_oid[19];
+extern u_int8_t sha384_oid[19];
+extern u_int8_t sha512_oid[19];
+
+/**
+ * Public exponent to use for key generation
+ */
+#define PUBLIC_EXPONENT 0x10001
+
+
+typedef struct private_rsa_private_key_t private_rsa_private_key_t;
+
+/**
+ * private data structure for rsa_private_key.
+ */
+struct private_rsa_private_key_t {
+ /**
+ * Public interface for this signer.
+ */
+ rsa_private_key_t public;
+
+ /**
+ * is the key already set ?
+ */
+ bool is_key_set;
+
+ /**
+ * public modulus
+ */
+ mpz_t n;
+
+ /**
+ * public exponent
+ */
+ mpz_t e;
+
+ /**
+ * private Prime 1
+ */
+ mpz_t p;
+
+ /**
+ * private Prime 2
+ */
+ mpz_t q;
+
+ /**
+ * private exponent
+ */
+ mpz_t d;
+
+ /**
+ * private exponent 1
+ */
+ mpz_t exp1;
+
+ /**
+ * private exponent 2
+ */
+ mpz_t exp2;
+
+ /**
+ * private coefficient
+ */
+ mpz_t coeff;
+
+ /**
+ * keysize in bytes
+ */
+ size_t k;
+
+ /**
+ * @brief Implements the RSADP algorithm specified in PKCS#1.
+ */
+ chunk_t (*rsadp) (private_rsa_private_key_t *this, chunk_t data);
+
+ /**
+ * @brief Implements the RSASP1 algorithm specified in PKCS#1.
+ */
+ chunk_t (*rsasp1) (private_rsa_private_key_t *this, chunk_t data);
+
+};
+
+/**
+ * Implements private_rsa_private_key_t.rsadp
+ * Implements private_rsa_private_key_t.rsasp1
+ */
+static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data)
+{
+ mpz_t t1, t2;
+ chunk_t decrypted;
+
+ mpz_init(t1);
+ mpz_init(t2);
+
+ mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
+
+ mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
+ mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
+ mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
+ mpz_mod(t2, t2, this->p);
+ mpz_mul(t2, t2, this->coeff);
+ mpz_mod(t2, t2, this->p);
+
+ mpz_mul(t2, t2, this->q); /* m = m2 + h q */
+ mpz_add(t1, t1, t2);
+
+ decrypted.len = this->k;
+ decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
+
+ mpz_clear(t1);
+ mpz_clear(t2);
+
+ return decrypted;
+}
+
+/**
+ * implementation of rsa_private_key.build_emsa_signature.
+ */
+static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature)
+{
+ hasher_t *hasher;
+ chunk_t hash;
+ chunk_t oid;
+ chunk_t em;
+
+ /* get oid string prepended to hash */
+ switch (hash_algorithm)
+ {
+ case HASH_MD2:
+ {
+ oid.ptr = md2_oid;
+ oid.len = sizeof(md2_oid);
+ break;
+ }
+ case HASH_MD5:
+ {
+ oid.ptr = md5_oid;
+ oid.len = sizeof(md5_oid);
+ break;
+ }
+ case HASH_SHA1:
+ {
+ oid.ptr = sha1_oid;
+ oid.len = sizeof(sha1_oid);
+ break;
+ }
+ case HASH_SHA256:
+ {
+ oid.ptr = sha256_oid;
+ oid.len = sizeof(sha256_oid);
+ break;
+ }
+ case HASH_SHA384:
+ {
+ oid.ptr = sha384_oid;
+ oid.len = sizeof(sha384_oid);
+ break;
+ }
+ case HASH_SHA512:
+ {
+ oid.ptr = sha512_oid;
+ oid.len = sizeof(sha512_oid);
+ break;
+ }
+ default:
+ {
+ return NOT_SUPPORTED;
+ }
+ }
+
+ /* get hasher */
+ hasher = hasher_create(hash_algorithm);
+ if (hasher == NULL)
+ {
+ return NOT_SUPPORTED;
+ }
+
+ /* build hash */
+ hasher->allocate_hash(hasher, data, &hash);
+ hasher->destroy(hasher);
+
+ /* build chunk to rsa-decrypt:
+ * EM = 0x00 || 0x01 || PS || 0x00 || T.
+ * PS = 0xFF padding, with length to fill em
+ * T = oid || hash
+ */
+ em.len = this->k;
+ em.ptr = allocator_alloc(em.len);
+
+ /* fill em with padding */
+ memset(em.ptr, 0xFF, em.len);
+ /* set magic bytes */
+ *(em.ptr) = 0x00;
+ *(em.ptr+1) = 0x01;
+ *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00;
+ /* set hash */
+ memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len);
+ /* set oid */
+ memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len);
+
+
+ /* build signature */
+ *signature = this->rsasp1(this, em);
+
+ allocator_free(hash.ptr);
+ allocator_free(em.ptr);
+
+ return SUCCESS;
+}
+
+
+/**
+ * implementation of rsa_private_key.set_key.
+ */
+static status_t set_key(private_rsa_private_key_t *this, chunk_t key)
+{
+ chunk_t n, e, p, q, d, exp1, exp2, coeff;
+ this->k = key.len / 8;
+
+ n.len = this->k;
+ e.len = this->k;
+ p.len = this->k;
+ q.len = this->k;
+ d.len = this->k;
+ exp1.len = this->k;
+ exp2.len = this->k;
+ coeff.len = this->k;
+
+ n.ptr = key.ptr + this->k * 0;
+ e.ptr = key.ptr + this->k * 1;
+ p.ptr = key.ptr + this->k * 2;
+ q.ptr = key.ptr + this->k * 3;
+ d.ptr = key.ptr + this->k * 4;
+ exp1.ptr = key.ptr + this->k * 5;
+ exp2.ptr = key.ptr + this->k * 6;
+ coeff.ptr = key.ptr + this->k * 7;
+
+ mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr);
+ mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr);
+ mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr);
+ mpz_import(this->q, this->k, 1, 1, 1, 0, q.ptr);
+ mpz_import(this->d, this->k, 1, 1, 1, 0, d.ptr);
+ mpz_import(this->exp1, this->k, 1, 1, 1, 0, exp1.ptr);
+ mpz_import(this->exp2, this->k, 1, 1, 1, 0, exp2.ptr);
+ mpz_import(this->coeff, this->k, 1, 1, 1, 0, coeff.ptr);
+
+ this->is_key_set = TRUE;
+
+ return SUCCESS;
+
+}
+
+/**
+ * implementation of rsa_private_key.get_key.
+ */
+static status_t get_key(private_rsa_private_key_t *this, chunk_t *key)
+{
+ if (!this->is_key_set)
+ {
+ return INVALID_STATE;
+ }
+
+ chunk_t n, e, p, q, d, exp1, exp2, coeff;
+
+ n.len = this->k;
+ n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
+ e.len = this->k;
+ e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
+ p.len = this->k;
+ p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p);
+ q.len = this->k;
+ q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q);
+ d.len = this->k;
+ d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d);
+ exp1.len = this->k;
+ exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1);
+ exp2.len = this->k;
+ exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2);
+ coeff.len = this->k;
+ coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff);
+
+ key->len = this->k * 8;
+ key->ptr = allocator_alloc(key->len);
+ memcpy(key->ptr + this->k * 0, n.ptr , n.len);
+ memcpy(key->ptr + this->k * 1, e.ptr, e.len);
+ memcpy(key->ptr + this->k * 2, p.ptr, p.len);
+ memcpy(key->ptr + this->k * 3, q.ptr, q.len);
+ memcpy(key->ptr + this->k * 4, d.ptr, d.len);
+ memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len);
+ memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len);
+ memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len);
+
+ allocator_free(n.ptr);
+ allocator_free(e.ptr);
+ allocator_free(p.ptr);
+ allocator_free(q.ptr);
+ allocator_free(d.ptr);
+ allocator_free(exp1.ptr);
+ allocator_free(exp2.ptr);
+ allocator_free(coeff.ptr);
+
+ return SUCCESS;
+}
+
+/**
+ * implementation of rsa_private_key.load_key.
+ */
+static status_t load_key(private_rsa_private_key_t *this, char *file)
+{
+ return NOT_SUPPORTED;
+}
+
+/**
+ * implementation of rsa_private_key.save_key.
+ */
+static status_t save_key(private_rsa_private_key_t *this, char *file)
+{
+ return NOT_SUPPORTED;
+}
+
+/**
+ * implementation of rsa_private_key.generate_key.
+ */
+static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
+{
+ mpz_t p, q, n, e, d, exp1, exp2, coeff;
+ mpz_t m, q1, t;
+
+ if (key_size <= 0)
+ {
+ return INVALID_ARG;
+ }
+
+ if (this->is_key_set)
+ {
+ mpz_clear(this->n);
+ mpz_clear(this->e);
+ mpz_clear(this->p);
+ mpz_clear(this->q);
+ mpz_clear(this->d);
+ mpz_clear(this->exp1);
+ mpz_clear(this->exp2);
+ mpz_clear(this->coeff);
+ }
+
+ key_size = key_size / 8;
+
+ mpz_init(t);
+ mpz_init(n);
+ mpz_init(d);
+ mpz_init(exp1);
+ mpz_init(exp2);
+ mpz_init(coeff);
+
+ /* Get values of primes p and q */
+ charon->prime_pool->get_prime(charon->prime_pool, key_size/2, &p);
+ charon->prime_pool->get_prime(charon->prime_pool, key_size/2, &q);
+
+ /* Swapping Primes so p is larger then q */
+ if (mpz_cmp(p, q) < 0)
+ {
+ mpz_set(t, p);
+ mpz_set(p, q);
+ mpz_set(q, t);
+ }
+
+ mpz_mul(n, p, q); /* n = p*q */
+ mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */
+ mpz_init_set(m, p); /* m = p */
+ mpz_sub_ui(m, m, 1); /* m = m -1 */
+ mpz_init_set(q1, q); /* q1 = q */
+ mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */
+ mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */
+ mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */
+ mpz_divexact(m, m, t); /* m = m / t */
+ mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */
+
+ mpz_invert(d, e, m); /* e has an inverse mod m */
+ if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */
+ {
+ mpz_add(d, d, m);
+ }
+ mpz_sub_ui(t, p, 1); /* t = p-1 */
+ mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */
+ mpz_sub_ui(t, q, 1); /* t = q-1 */
+ mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */
+
+ mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */
+ if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */
+ {
+ mpz_add(coeff, coeff, p);
+ }
+
+ mpz_clear(q1);
+ mpz_clear(m);
+ mpz_clear(t);
+
+ /* apply values */
+ *(this->p) = *p;
+ *(this->q) = *q;
+ *(this->n) = *n;
+ *(this->e) = *e;
+ *(this->d) = *d;
+ *(this->exp1) = *exp1;
+ *(this->exp2) = *exp2;
+ *(this->coeff) = *coeff;
+
+ /* set key size in bytes */
+
+ this->is_key_set = TRUE;
+ this->k = key_size;
+
+ return SUCCESS;
+}
+
+
+rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
+{
+ rsa_public_key_t *public_key;
+ //chunk_t key;
+
+ public_key = rsa_public_key_create();
+
+ if (this->is_key_set)
+ {
+
+ chunk_t n, e, key;
+
+ n.len = this->k;
+ n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
+ e.len = this->k;
+ e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
+
+ key.len = this->k * 2;
+ key.ptr = allocator_alloc(key.len);
+ memcpy(key.ptr, n.ptr, n.len);
+ memcpy(key.ptr + n.len, e.ptr, e.len);
+ allocator_free(n.ptr);
+ allocator_free(e.ptr);
+
+ public_key->set_key(public_key, key);
+ allocator_free(key.ptr);
+
+ }
+
+ return public_key;
+}
+
+
+/**
+ * implementation of rsa_private_key.destroy.
+ */
+static void destroy(private_rsa_private_key_t *this)
+{
+ if (this->is_key_set)
+ {
+ mpz_clear(this->n);
+ mpz_clear(this->e);
+ mpz_clear(this->p);
+ mpz_clear(this->q);
+ mpz_clear(this->d);
+ mpz_clear(this->exp1);
+ mpz_clear(this->exp2);
+ mpz_clear(this->coeff);
+ }
+ allocator_free(this);
+}
+
+/*
+ * Described in header
+ */
+rsa_private_key_t *rsa_private_key_create(hash_algorithm_t hash_algoritm)
+{
+ private_rsa_private_key_t *this = allocator_alloc_thing(private_rsa_private_key_t);
+
+ /* public functions */
+ this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature;
+ this->public.set_key = (status_t (*) (rsa_private_key_t*,chunk_t))set_key;
+ this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key;
+ this->public.load_key = (status_t (*) (rsa_private_key_t*,char*))load_key;
+ this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key;
+ this->public.generate_key = (status_t (*) (rsa_private_key_t*,size_t))generate_key;
+ this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key;
+ this->public.destroy = (void (*) (rsa_private_key_t*))destroy;
+
+ /* private functions */
+ this->rsadp = rsadp;
+ this->rsasp1 = rsadp; /* same algorithm */
+
+ this->is_key_set = FALSE;
+
+ return &(this->public);
+}
diff --git a/Source/charon/transforms/rsa/rsa_private_key.h b/Source/charon/transforms/rsa/rsa_private_key.h
new file mode 100644
index 000000000..15f903308
--- /dev/null
+++ b/Source/charon/transforms/rsa/rsa_private_key.h
@@ -0,0 +1,68 @@
+/**
+ * @file rsa_private_key.h
+ *
+ * @brief Interface rsa_private_key_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef RSA_PRIVATE_KEY_H_
+#define RSA_PRIVATE_KEY_H_
+
+#include <types.h>
+#include <definitions.h>
+
+#include <transforms/rsa/rsa_public_key.h>
+#include <transforms/hashers/hasher.h>
+
+
+typedef struct rsa_private_key_t rsa_private_key_t;
+
+/**
+ * @brief RSA private key with associated functions.
+ *
+ * Currently only supports signing using EMSA encoding.
+ *
+ * @ingroup asymmetrics
+ */
+struct rsa_private_key_t {
+
+ status_t (*build_emsa_pkcs1_signature) (rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature);
+
+ status_t (*set_key) (rsa_private_key_t *this, chunk_t key);
+
+ status_t (*get_key) (rsa_private_key_t *this, chunk_t *key);
+
+ status_t (*load_key) (rsa_private_key_t *this, char *file);
+
+ status_t (*save_key) (rsa_private_key_t *this, char *file);
+
+ status_t (*generate_key) (rsa_private_key_t *this, size_t key_size);
+
+ rsa_public_key_t *(*get_public_key) (rsa_private_key_t *this);
+
+ void (*destroy) (rsa_private_key_t *this);
+};
+
+/**
+ * Types are defined in public_key.h
+ *
+ * @ingroup asymmetrics
+ */
+rsa_private_key_t *rsa_private_key_create();
+
+#endif /*RSA_PRIVATE_KEY_H_*/
diff --git a/Source/charon/transforms/rsa/rsa_public_key.c b/Source/charon/transforms/rsa/rsa_public_key.c
new file mode 100644
index 000000000..3856fc89d
--- /dev/null
+++ b/Source/charon/transforms/rsa/rsa_public_key.c
@@ -0,0 +1,364 @@
+/**
+ * @file rsa_public_key.c
+ *
+ * @brief Implementation of rsa_public_key_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <gmp.h>
+
+#include "rsa_public_key.h"
+
+#include <daemon.h>
+#include <utils/allocator.h>
+#include <transforms/hashers/hasher.h>
+
+/* since we don't have an ASN1 parser/generator,
+ * we use these predefined values for
+ * hash algorithm oids. These also contain
+ * the length of the following hash.
+ * These values are also used in rsa_private_key.c
+ */
+
+u_int8_t md2_oid[18] = {
+ 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
+ 0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,
+ 0x04,0x10
+};
+
+u_int8_t md5_oid[] = {
+ 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
+ 0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,
+ 0x04,0x10
+};
+
+u_int8_t sha1_oid[] = {
+ 0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,
+ 0x03,0x02,0x1a,0x05,0x00,0x04,0x14
+};
+
+u_int8_t sha256_oid[] = {
+ 0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,
+ 0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,
+ 0x00,0x04,0x20
+};
+
+u_int8_t sha384_oid[] = {
+ 0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,
+ 0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,
+ 0x00,0x04,0x30
+};
+
+u_int8_t sha512_oid[] = {
+ 0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,
+ 0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,
+ 0x00,0x04,0x40
+};
+
+
+typedef struct private_rsa_public_key_t private_rsa_public_key_t;
+
+/**
+ * private data structure with signing context.
+ */
+struct private_rsa_public_key_t {
+ /**
+ * Public interface for this signer.
+ */
+ rsa_public_key_t public;
+
+ /**
+ * is the key already set ?
+ */
+ bool is_key_set;
+
+ /**
+ * public modulus
+ */
+ mpz_t n;
+ /**
+ * public exponent
+ */
+ mpz_t e;
+
+ /**
+ * keysize in bytes
+ */
+ size_t k;
+
+ /**
+ * @brief Implements the RSAEP algorithm specified in PKCS#1.
+ */
+ chunk_t (*rsaep) (private_rsa_public_key_t *this, chunk_t data);
+
+ /**
+ * @brief Implements the RSASVP1 algorithm specified in PKCS#1.
+ */
+ chunk_t (*rsavp1) (private_rsa_public_key_t *this, chunk_t data);
+};
+
+/**
+ * Implements private_rsa_public_key_t.rsadp
+ * Implements private_rsa_public_key_t.rsavp1
+ */
+static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
+{
+ mpz_t m, c;
+ chunk_t encrypted;
+
+ mpz_init(c);
+ mpz_init(m);
+
+ mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
+
+ mpz_powm(c, m, this->e, this->n);
+
+ encrypted.len = this->k;
+ encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
+
+ mpz_clear(c);
+ mpz_clear(m);
+
+ return encrypted;
+}
+
+/**
+ * implementation of rsa_public_key.verify_emsa_signature.
+ */
+static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature)
+{
+ hasher_t *hasher = NULL;
+ chunk_t hash;
+ chunk_t em;
+ u_int8_t *pos;
+
+ if (signature.len > this->k)
+ {
+ return INVALID_ARG;
+ }
+
+ /* unpack signature */
+ em = this->rsavp1(this, signature);
+
+ /* result should look like this:
+ * EM = 0x00 || 0x01 || PS || 0x00 || T.
+ * PS = 0xFF padding, with length to fill em
+ * T = oid || hash
+ */
+
+ /* check magic bytes */
+ if ((*(em.ptr) != 0x00) ||
+ (*(em.ptr+1) != 0x01))
+ {
+ allocator_free(em.ptr);
+ return FAILED;
+ }
+
+ /* find magic 0x00 */
+ pos = em.ptr + 2;
+ while (pos <= em.ptr + em.len)
+ {
+ if (*pos == 0x00)
+ {
+ /* found magic byte, stop */
+ pos++;
+ break;
+ }
+ else if (*pos != 0xFF)
+ {
+ /* bad padding, decryption failed ?!*/
+ allocator_free(em.ptr);
+ return FAILED;
+ }
+ pos++;
+ }
+
+ if (pos + 20 > em.ptr + em.len)
+ {
+ /* not enought room for oid compare */
+ allocator_free(em.ptr);
+ return FAILED;
+ }
+
+ if (memcmp(md2_oid, pos, sizeof(md2_oid)) == 0)
+ {
+ hasher = hasher_create(HASH_MD2);
+ pos += sizeof(md2_oid);
+ }
+ else if (memcmp(md5_oid, pos, sizeof(md5_oid)) == 0)
+ {
+ hasher = hasher_create(HASH_MD5);
+ pos += sizeof(md5_oid);
+ }
+ else if (memcmp(sha1_oid, pos, sizeof(sha1_oid)) == 0)
+ {
+ hasher = hasher_create(HASH_SHA1);
+ pos += sizeof(sha1_oid);
+ }
+ else if (memcmp(sha256_oid, pos, sizeof(sha256_oid)) == 0)
+ {
+ hasher = hasher_create(HASH_SHA256);
+ pos += sizeof(sha256_oid);
+ }
+ else if (memcmp(sha384_oid, pos, sizeof(sha384_oid)) == 0)
+ {
+ hasher = hasher_create(HASH_SHA384);
+ pos += sizeof(sha384_oid);
+ }
+ else if (memcmp(sha512_oid, pos, sizeof(sha512_oid)) == 0)
+ {
+ hasher = hasher_create(HASH_SHA512);
+ pos += sizeof(sha512_oid);
+ }
+
+ if (hasher == NULL)
+ {
+ /* not supported hash algorithm */
+ allocator_free(em.ptr);
+ return NOT_SUPPORTED;
+ }
+
+ if (pos + hasher->get_block_size(hasher) != em.ptr + em.len)
+ {
+ /* bad length */
+ allocator_free(em.ptr);
+ hasher->destroy(hasher);
+ return FAILED;
+ }
+
+ /* build own hash for a compare */
+ hasher->allocate_hash(hasher, data, &hash);
+ hasher->destroy(hasher);
+
+ if (memcmp(hash.ptr, pos, hash.len) != 0)
+ {
+ /* hash does not equal */
+ allocator_free(hash.ptr);
+ allocator_free(em.ptr);
+ return FAILED;
+
+ }
+
+ /* seems good */
+ allocator_free(hash.ptr);
+ allocator_free(em.ptr);
+ return SUCCESS;
+}
+
+/**
+ * implementation of rsa_public_key.set_key.
+ */
+static status_t set_key(private_rsa_public_key_t *this, chunk_t key)
+{
+ chunk_t n, e;
+
+ n.len = key.len/2;
+ n.ptr = key.ptr;
+ e.len = n.len;
+ e.ptr = key.ptr + n.len;
+
+ mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr);
+ mpz_import(this->e, n.len, 1, 1, 1, 0, e.ptr);
+
+ this->k = n.len;
+
+ this->is_key_set = TRUE;
+
+ return SUCCESS;
+}
+
+
+/**
+ * implementation of rsa_public_key.get_key.
+ */
+static status_t get_key(private_rsa_public_key_t *this, chunk_t *key)
+{
+ if (!this->is_key_set)
+ {
+ return INVALID_STATE;
+ }
+
+ chunk_t n, e;
+
+ n.len = this->k;
+ n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
+ e.len = this->k;
+ e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
+
+ key->len = this->k * 2;
+ key->ptr = allocator_alloc(key->len);
+ memcpy(key->ptr, n.ptr, n.len);
+ memcpy(key->ptr + n.len, e.ptr, e.len);
+ allocator_free(n.ptr);
+ allocator_free(e.ptr);
+
+ return SUCCESS;
+}
+
+/**
+ * implementation of rsa_public_key.load_key.
+ */
+static status_t load_key(private_rsa_public_key_t *this, char *file)
+{
+ return NOT_SUPPORTED;
+}
+
+/**
+ * implementation of rsa_public_key.save_key.
+ */
+static status_t save_key(private_rsa_public_key_t *this, char *file)
+{
+ return NOT_SUPPORTED;
+}
+
+/**
+ * implementation of rsa_public_key.destroy.
+ */
+static void destroy(private_rsa_public_key_t *this)
+{
+ if (this->is_key_set)
+ {
+ mpz_clear(this->n);
+ mpz_clear(this->e);
+ }
+ allocator_free(this);
+}
+
+/*
+ * Described in header
+ */
+rsa_public_key_t *rsa_public_key_create()
+{
+ private_rsa_public_key_t *this = allocator_alloc_thing(private_rsa_public_key_t);
+
+ /* public functions */
+ this->public.verify_emsa_pkcs1_signature = (status_t (*) (rsa_public_key_t*,chunk_t,chunk_t))verify_emsa_pkcs1_signature;
+ this->public.set_key = (status_t (*) (rsa_public_key_t*,chunk_t))set_key;
+ this->public.get_key = (status_t (*) (rsa_public_key_t*,chunk_t*))get_key;
+ this->public.load_key = (status_t (*) (rsa_public_key_t*,char*))load_key;
+ this->public.save_key = (status_t (*) (rsa_public_key_t*,char*))save_key;
+ this->public.destroy = (void (*) (rsa_public_key_t*))destroy;
+
+ /* private functions */
+ this->rsaep = rsaep;
+ this->rsavp1 = rsaep; /* same algorithm */
+
+ this->is_key_set = FALSE;
+
+ return &(this->public);
+}
diff --git a/Source/charon/transforms/rsa/rsa_public_key.h b/Source/charon/transforms/rsa/rsa_public_key.h
new file mode 100644
index 000000000..10343f5da
--- /dev/null
+++ b/Source/charon/transforms/rsa/rsa_public_key.h
@@ -0,0 +1,63 @@
+/**
+ * @file rsa_public_key.h
+ *
+ * @brief Interface rsa_public_key_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef RSA_PUBLIC_KEY_H_
+#define RSA_PUBLIC_KEY_H_
+
+#include <gmp.h>
+
+#include <types.h>
+#include <definitions.h>
+
+
+typedef struct rsa_public_key_t rsa_public_key_t;
+
+/**
+ * @brief RSA public key with associated functions.
+ *
+ * Currently only supports signature verification using
+ * the EMSA encoding (see PKCS1)
+ *
+ * @ingroup asymmetrics
+ */
+struct rsa_public_key_t {
+
+ status_t (*verify_emsa_pkcs1_signature) (rsa_public_key_t *this, chunk_t data, chunk_t signature);
+
+ status_t (*set_key) (rsa_public_key_t *this, chunk_t key);
+
+ status_t (*get_key) (rsa_public_key_t *this, chunk_t *key);
+
+ status_t (*load_key) (rsa_public_key_t *this, char *file);
+
+ status_t (*save_key) (rsa_public_key_t *this, char *file);
+
+ void (*destroy) (rsa_public_key_t *this);
+};
+
+/**
+ *
+ * @ingroup asymmetrics
+ */
+rsa_public_key_t *rsa_public_key_create();
+
+#endif /*RSA_PUBLIC_KEY_H_*/
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 13:14:32 +0000