diff options
Diffstat (limited to 'Source/charon/transforms')
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_private_key.c | 2 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_private_key.h | 102 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_public_key.c | 5 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_public_key.h | 80 |
4 files changed, 181 insertions, 8 deletions
diff --git a/Source/charon/transforms/rsa/rsa_private_key.c b/Source/charon/transforms/rsa/rsa_private_key.c index cc153f794..ce409979d 100644 --- a/Source/charon/transforms/rsa/rsa_private_key.c +++ b/Source/charon/transforms/rsa/rsa_private_key.c @@ -363,7 +363,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) mpz_t p, q, n, e, d, exp1, exp2, coeff; mpz_t m, q1, t; - if (key_size <= 0) + if (key_size < 0) { return INVALID_ARG; } diff --git a/Source/charon/transforms/rsa/rsa_private_key.h b/Source/charon/transforms/rsa/rsa_private_key.h index 15f903308..ca4d3ab75 100644 --- a/Source/charon/transforms/rsa/rsa_private_key.h +++ b/Source/charon/transforms/rsa/rsa_private_key.h @@ -37,31 +37,125 @@ typedef struct rsa_private_key_t rsa_private_key_t; * * Currently only supports signing using EMSA encoding. * - * @ingroup asymmetrics + * @todo Implement proper key set/get load/save + * methods using ASN1. + * + * @b Constructors: + * - rsa_private_key_create() + * + * @see rsa_public_key_t + * + * @ingroup rsa */ struct rsa_private_key_t { + /** + * @bief Build a signature over a chunk using EMSA-PKCS1 encoding. + * + * This signature creates a hash using the specied hash algorithm, concatenates + * it with an ASN1-OID of the hash algorithm and runs the RSASP1 function + * on it. + * + * @param this rsa_private_key to use + * @param hash_algorithm hash algorithm to use for hashing + * @param data data to sign + * @param[out] signature allocated signature + * @return + * - SUCCESS + * - INVALID_STATE, if key not set + * - NOT_SUPPORTED, if hash algorithm not supported + */ status_t (*build_emsa_pkcs1_signature) (rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature); + /** + * @brief Set the key. + * + * Currently uses a proprietary format which is only inteded + * for testing. This should be replaced with a proper + * ASN1 encoded key format, when charon gets the ASN1 + * capabilities. + * + * @param this calling object + * @param key key (in a propriarity format) + * @return currently SUCCESS in any case + */ status_t (*set_key) (rsa_private_key_t *this, chunk_t key); + /** + * @brief Gets the key. + * + * Currently uses a proprietary format which is only inteded + * for testing. This should be replaced with a proper + * ASN1 encoded key format, when charon gets the ASN1 + * capabilities. + * + * @param this calling object + * @param key key (in a propriarity format) + * @return + * - SUCCESS + * - INVALID_STATE, if key not set + */ status_t (*get_key) (rsa_private_key_t *this, chunk_t *key); + /** + * @brief Loads a key from a file. + * + * Not implemented! + * + * @param this calling object + * @param file file from which key should be read + * @return NOT_SUPPORTED + */ status_t (*load_key) (rsa_private_key_t *this, char *file); + /** + * @brief Saves a key to a file. + * + * Not implemented! + * + * @param this calling object + * @param file file to which the key should be written. + * @return NOT_SUPPORTED + */ status_t (*save_key) (rsa_private_key_t *this, char *file); + /** + * @brief Generate a new key. + * + * Generates a new private_key with specified key size + * + * @param this calling object + * @param key_size size of the key in bits + * @return + * - SUCCESS + * - INVALID_ARG if key_size invalid + */ status_t (*generate_key) (rsa_private_key_t *this, size_t key_size); + /** + * @brief Create a rsa_public_key_t with the public + * parts of the key. + * + * @param this calling object + * @return public_key + */ rsa_public_key_t *(*get_public_key) (rsa_private_key_t *this); - + + /** + * @brief Destroys the private key. + * + * @param this private key to destroy + */ void (*destroy) (rsa_private_key_t *this); }; /** - * Types are defined in public_key.h + * @brief Create a new rsa_private_key without + * any key inside. + * + * @return created rsa_private_key_t. * - * @ingroup asymmetrics + * @ingroup rsa */ rsa_private_key_t *rsa_private_key_create(); diff --git a/Source/charon/transforms/rsa/rsa_public_key.c b/Source/charon/transforms/rsa/rsa_public_key.c index 3856fc89d..72520cd22 100644 --- a/Source/charon/transforms/rsa/rsa_public_key.c +++ b/Source/charon/transforms/rsa/rsa_public_key.c @@ -147,6 +147,11 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun chunk_t em; u_int8_t *pos; + if(!this->is_key_set) + { + return INVALID_STATE; + } + if (signature.len > this->k) { return INVALID_ARG; diff --git a/Source/charon/transforms/rsa/rsa_public_key.h b/Source/charon/transforms/rsa/rsa_public_key.h index 10343f5da..6653bc643 100644 --- a/Source/charon/transforms/rsa/rsa_public_key.h +++ b/Source/charon/transforms/rsa/rsa_public_key.h @@ -37,26 +37,100 @@ typedef struct rsa_public_key_t rsa_public_key_t; * Currently only supports signature verification using * the EMSA encoding (see PKCS1) * - * @ingroup asymmetrics + * @b Constructors: + * - rsa_public_key_create() + * + * @see rsa_private_key_t + * + * @ingroup rsa */ struct rsa_public_key_t { + /** + * @bief Verify a EMSA-PKCS1 encodined signature. + * + * Processes the supplied signature with the RSAVP1 function, + * selects the hash algorithm form the resultign ASN1-OID and + * verifies the hash against the supplied data. + * + * @param this rsa_private_key to use + * @param data data to sign + * @param signature signature to verify + * @return + * - SUCCESS, if signature ok + * - INVALID_STATE, if key not set + * - NOT_SUPPORTED, if hash algorithm not supported + * - INVALID_ARG, if signature is not a signature + * - FAILED if signature invalid or unable to verify + */ status_t (*verify_emsa_pkcs1_signature) (rsa_public_key_t *this, chunk_t data, chunk_t signature); + /** + * @brief Set the key. + * + * Currently uses a proprietary format which is only inteded + * for testing. This should be replaced with a proper + * ASN1 encoded key format, when charon gets the ASN1 + * capabilities. + * + * @param this calling object + * @param key key (in a propriarity format) + * @return currently SUCCESS in any case + */ status_t (*set_key) (rsa_public_key_t *this, chunk_t key); + /** + * @brief Gets the key. + * + * Currently uses a proprietary format which is only inteded + * for testing. This should be replaced with a proper + * ASN1 encoded key format, when charon gets the ASN1 + * capabilities. + * + * @param this calling object + * @param key key (in a propriarity format) + * @return + * - SUCCESS + * - INVALID_STATE, if key not set + */ status_t (*get_key) (rsa_public_key_t *this, chunk_t *key); + /** + * @brief Loads a key from a file. + * + * Not implemented! + * + * @param this calling object + * @param file file from which key should be read + * @return NOT_SUPPORTED + */ status_t (*load_key) (rsa_public_key_t *this, char *file); + /** + * @brief Saves a key to a file. + * + * Not implemented! + * + * @param this calling object + * @param file file to which the key should be written. + * @return NOT_SUPPORTED + */ status_t (*save_key) (rsa_public_key_t *this, char *file); - + + /** + * @brief Destroys the public key. + * + * @param this public key to destroy + */ void (*destroy) (rsa_public_key_t *this); }; /** + * @brief Create a public key without any key inside. + * + * @return created rsa_public_key_t. * - * @ingroup asymmetrics + * @ingroup rsa */ rsa_public_key_t *rsa_public_key_create(); |