diff options
Diffstat (limited to 'Source/charon/transforms')
| -rw-r--r-- | Source/charon/transforms/Makefile.transforms | 1 | ||||
| -rw-r--r-- | Source/charon/transforms/crypters/crypter.h | 3 | ||||
| -rw-r--r-- | Source/charon/transforms/diffie_hellman.c | 26 | ||||
| -rw-r--r-- | Source/charon/transforms/hashers/hasher.c | 8 | ||||
| -rw-r--r-- | Source/charon/transforms/hashers/hasher.h | 8 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/Makefile.rsa | 23 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_private_key.c | 530 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_private_key.h | 68 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_public_key.c | 364 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_public_key.h | 63 |
10 files changed, 1074 insertions, 20 deletions
diff --git a/Source/charon/transforms/Makefile.transforms b/Source/charon/transforms/Makefile.transforms index 9bc807672..bed865c78 100644 --- a/Source/charon/transforms/Makefile.transforms +++ b/Source/charon/transforms/Makefile.transforms @@ -18,6 +18,7 @@ include $(TRANSFORMS_DIR)crypters/Makefile.crypters include $(TRANSFORMS_DIR)hashers/Makefile.hashers include $(TRANSFORMS_DIR)prfs/Makefile.prfs include $(TRANSFORMS_DIR)signers/Makefile.signers +include $(TRANSFORMS_DIR)rsa/Makefile.rsa OBJS+= $(BUILD_DIR)diffie_hellman.o $(BUILD_DIR)diffie_hellman.o : $(TRANSFORMS_DIR)diffie_hellman.c $(TRANSFORMS_DIR)diffie_hellman.h diff --git a/Source/charon/transforms/crypters/crypter.h b/Source/charon/transforms/crypters/crypter.h index cd9674775..1ff42299f 100644 --- a/Source/charon/transforms/crypters/crypter.h +++ b/Source/charon/transforms/crypters/crypter.h @@ -57,6 +57,9 @@ typedef struct crypter_t crypter_t; /** * @brief Generic interface for symmetric encryption algorithms. * + * @todo Distinguish between block_size and key_size, since not all + * algorithms use key_size == block_size (e.g. 3DES). + * * @ingroup crypters */ struct crypter_t { diff --git a/Source/charon/transforms/diffie_hellman.c b/Source/charon/transforms/diffie_hellman.c index dc2acc6ab..266c4b3dd 100644 --- a/Source/charon/transforms/diffie_hellman.c +++ b/Source/charon/transforms/diffie_hellman.c @@ -27,9 +27,9 @@ #include "diffie_hellman.h" +#include <daemon.h> #include <utils/allocator.h> #include <utils/randomizer.h> -#include <utils/gmp_helper.h> /** @@ -404,11 +404,6 @@ struct private_diffie_hellman_t { * True if shared secret is computed and stored in my_public_value. */ bool shared_secret_is_computed; - - /** - * helper class for gmp functions. - */ - gmp_helper_t *gmp_helper; /** * Sets the modulus for a specific diffie hellman group. @@ -450,7 +445,7 @@ static status_t set_modulus(private_diffie_hellman_t *this) chunk_t modulus_chunk; modulus_chunk.ptr = modulus_info_entries[i].modulus; modulus_chunk.len = modulus_info_entries[i].modulus_length; - this->gmp_helper->chunk_to_mpz(this->gmp_helper,&(this->modulus),modulus_chunk); + mpz_import(this->modulus, modulus_chunk.len, 1, 1, 1, 0, modulus_chunk.ptr); this->modulus_length = modulus_chunk.len; this->generator = modulus_info_entries[i].generator; status = SUCCESS; @@ -465,7 +460,7 @@ static status_t set_modulus(private_diffie_hellman_t *this) */ static void set_other_public_value(private_diffie_hellman_t *this,chunk_t public_value) { - this->gmp_helper->chunk_to_mpz(this->gmp_helper,&(this->other_public_value),public_value); + mpz_import(this->other_public_value, public_value.len, 1, 1, 1, 0, public_value.ptr); this->compute_shared_secret(this); } @@ -478,7 +473,8 @@ static status_t get_other_public_value(private_diffie_hellman_t *this,chunk_t *p { return FAILED; } - this->gmp_helper->mpz_to_chunk(this->gmp_helper,&(this->other_public_value), public_value,this->modulus_length); + public_value->len = this->modulus_length; + public_value->ptr = mpz_export(NULL, NULL, 1, public_value->len, 1, 0, this->other_public_value); return SUCCESS; } @@ -517,7 +513,8 @@ static void compute_public_value (private_diffie_hellman_t *this) */ static void get_my_public_value(private_diffie_hellman_t *this,chunk_t *public_value) { - this->gmp_helper->mpz_to_chunk(this->gmp_helper,&(this->my_public_value), public_value,this->modulus_length); + public_value->len = this->modulus_length; + public_value->ptr = mpz_export(NULL, NULL, 1, public_value->len, 1, 0, this->my_public_value); } /** @@ -529,7 +526,8 @@ static status_t get_shared_secret(private_diffie_hellman_t *this,chunk_t *secret { return FAILED; } - this->gmp_helper->mpz_to_chunk(this->gmp_helper,&(this->shared_secret), secret,this->modulus_length); + secret->len = this->modulus_length; + secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->shared_secret); return SUCCESS; } @@ -538,7 +536,6 @@ static status_t get_shared_secret(private_diffie_hellman_t *this,chunk_t *secret */ static void destroy(private_diffie_hellman_t *this) { - this->gmp_helper->destroy(this->gmp_helper); mpz_clear(this->modulus); mpz_clear(this->my_prime); mpz_clear(this->my_public_value); @@ -575,17 +572,14 @@ diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number) /* private variables */ this->dh_group_number = dh_group_number; - this->gmp_helper = gmp_helper_create(); - /* set this->modulus */ if (this->set_modulus(this) != SUCCESS) { - this->gmp_helper->destroy(this->gmp_helper); allocator_free(this); return NULL; } - this->gmp_helper->init_prime(this->gmp_helper,&(this->my_prime),this->modulus_length); + charon->prime_pool->get_prime(charon->prime_pool, this->modulus_length, &(this->my_prime)); this->compute_public_value(this); diff --git a/Source/charon/transforms/hashers/hasher.c b/Source/charon/transforms/hashers/hasher.c index 170dfe887..0b86eef37 100644 --- a/Source/charon/transforms/hashers/hasher.c +++ b/Source/charon/transforms/hashers/hasher.c @@ -30,8 +30,12 @@ * mappings for hash_algorithm_t */ mapping_t hash_algorithm_m[] = { - {HASH_SHA1, "HASH_SHA1"}, - {HASH_MD5, "HASH_MD5"}, + {HASH_MD2,"HASH_MD2"}, + {HASH_MD5,"HASH_MD5"}, + {HASH_SHA1,"HASH_SHA1"}, + {HASH_SHA256,"HASH_SHA256"}, + {HASH_SHA384,"HASH_SHA384"}, + {HASH_SHA512,"HASH_SHA512"}, {MAPPING_END, NULL} }; diff --git a/Source/charon/transforms/hashers/hasher.h b/Source/charon/transforms/hashers/hasher.h index eda6fe12f..90cf89eff 100644 --- a/Source/charon/transforms/hashers/hasher.h +++ b/Source/charon/transforms/hashers/hasher.h @@ -32,8 +32,12 @@ typedef enum hash_algorithm_t hash_algorithm_t; * @brief Algorithms to use for hashing. */ enum hash_algorithm_t { - HASH_SHA1, - HASH_MD5 + HASH_MD2, + HASH_MD5, /* supported */ + HASH_SHA1, /* supported */ + HASH_SHA256, + HASH_SHA384, + HASH_SHA512, }; /** diff --git a/Source/charon/transforms/rsa/Makefile.rsa b/Source/charon/transforms/rsa/Makefile.rsa new file mode 100644 index 000000000..4afe373e7 --- /dev/null +++ b/Source/charon/transforms/rsa/Makefile.rsa @@ -0,0 +1,23 @@ +# Copyright (C) 2005 Jan Hutter, Martin Willi +# Hochschule fuer Technik Rapperswil +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# + +RSA_DIR= $(TRANSFORMS_DIR)rsa/ + +OBJS+= $(BUILD_DIR)rsa_private_key.o +$(BUILD_DIR)rsa_private_key.o : $(RSA_DIR)rsa_private_key.c $(RSA_DIR)rsa_private_key.h + $(CC) $(CFLAGS) -c -o $@ $< + +OBJS+= $(BUILD_DIR)rsa_public_key.o +$(BUILD_DIR)rsa_public_key.o : $(RSA_DIR)rsa_public_key.c $(RSA_DIR)rsa_public_key.h + $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file diff --git a/Source/charon/transforms/rsa/rsa_private_key.c b/Source/charon/transforms/rsa/rsa_private_key.c new file mode 100644 index 000000000..cc153f794 --- /dev/null +++ b/Source/charon/transforms/rsa/rsa_private_key.c @@ -0,0 +1,530 @@ +/** + * @file rsa_private_key.c + * + * @brief Implementation of rsa_private_key_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <gmp.h> + +#include "rsa_private_key.h" + +#include <daemon.h> +#include <utils/allocator.h> + + +/* oids for hash algorithms are defined in + * rsa_public_key.c + */ +extern u_int8_t md2_oid[18]; +extern u_int8_t md5_oid[18]; +extern u_int8_t sha1_oid[15]; +extern u_int8_t sha256_oid[19]; +extern u_int8_t sha384_oid[19]; +extern u_int8_t sha512_oid[19]; + +/** + * Public exponent to use for key generation + */ +#define PUBLIC_EXPONENT 0x10001 + + +typedef struct private_rsa_private_key_t private_rsa_private_key_t; + +/** + * private data structure for rsa_private_key. + */ +struct private_rsa_private_key_t { + /** + * Public interface for this signer. + */ + rsa_private_key_t public; + + /** + * is the key already set ? + */ + bool is_key_set; + + /** + * public modulus + */ + mpz_t n; + + /** + * public exponent + */ + mpz_t e; + + /** + * private Prime 1 + */ + mpz_t p; + + /** + * private Prime 2 + */ + mpz_t q; + + /** + * private exponent + */ + mpz_t d; + + /** + * private exponent 1 + */ + mpz_t exp1; + + /** + * private exponent 2 + */ + mpz_t exp2; + + /** + * private coefficient + */ + mpz_t coeff; + + /** + * keysize in bytes + */ + size_t k; + + /** + * @brief Implements the RSADP algorithm specified in PKCS#1. + */ + chunk_t (*rsadp) (private_rsa_private_key_t *this, chunk_t data); + + /** + * @brief Implements the RSASP1 algorithm specified in PKCS#1. + */ + chunk_t (*rsasp1) (private_rsa_private_key_t *this, chunk_t data); + +}; + +/** + * Implements private_rsa_private_key_t.rsadp + * Implements private_rsa_private_key_t.rsasp1 + */ +static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data) +{ + mpz_t t1, t2; + chunk_t decrypted; + + mpz_init(t1); + mpz_init(t2); + + mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); + + mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ + mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ + mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ + mpz_mod(t2, t2, this->p); + mpz_mul(t2, t2, this->coeff); + mpz_mod(t2, t2, this->p); + + mpz_mul(t2, t2, this->q); /* m = m2 + h q */ + mpz_add(t1, t1, t2); + + decrypted.len = this->k; + decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); + + mpz_clear(t1); + mpz_clear(t2); + + return decrypted; +} + +/** + * implementation of rsa_private_key.build_emsa_signature. + */ +static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature) +{ + hasher_t *hasher; + chunk_t hash; + chunk_t oid; + chunk_t em; + + /* get oid string prepended to hash */ + switch (hash_algorithm) + { + case HASH_MD2: + { + oid.ptr = md2_oid; + oid.len = sizeof(md2_oid); + break; + } + case HASH_MD5: + { + oid.ptr = md5_oid; + oid.len = sizeof(md5_oid); + break; + } + case HASH_SHA1: + { + oid.ptr = sha1_oid; + oid.len = sizeof(sha1_oid); + break; + } + case HASH_SHA256: + { + oid.ptr = sha256_oid; + oid.len = sizeof(sha256_oid); + break; + } + case HASH_SHA384: + { + oid.ptr = sha384_oid; + oid.len = sizeof(sha384_oid); + break; + } + case HASH_SHA512: + { + oid.ptr = sha512_oid; + oid.len = sizeof(sha512_oid); + break; + } + default: + { + return NOT_SUPPORTED; + } + } + + /* get hasher */ + hasher = hasher_create(hash_algorithm); + if (hasher == NULL) + { + return NOT_SUPPORTED; + } + + /* build hash */ + hasher->allocate_hash(hasher, data, &hash); + hasher->destroy(hasher); + + /* build chunk to rsa-decrypt: + * EM = 0x00 || 0x01 || PS || 0x00 || T. + * PS = 0xFF padding, with length to fill em + * T = oid || hash + */ + em.len = this->k; + em.ptr = allocator_alloc(em.len); + + /* fill em with padding */ + memset(em.ptr, 0xFF, em.len); + /* set magic bytes */ + *(em.ptr) = 0x00; + *(em.ptr+1) = 0x01; + *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00; + /* set hash */ + memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len); + /* set oid */ + memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len); + + + /* build signature */ + *signature = this->rsasp1(this, em); + + allocator_free(hash.ptr); + allocator_free(em.ptr); + + return SUCCESS; +} + + +/** + * implementation of rsa_private_key.set_key. + */ +static status_t set_key(private_rsa_private_key_t *this, chunk_t key) +{ + chunk_t n, e, p, q, d, exp1, exp2, coeff; + this->k = key.len / 8; + + n.len = this->k; + e.len = this->k; + p.len = this->k; + q.len = this->k; + d.len = this->k; + exp1.len = this->k; + exp2.len = this->k; + coeff.len = this->k; + + n.ptr = key.ptr + this->k * 0; + e.ptr = key.ptr + this->k * 1; + p.ptr = key.ptr + this->k * 2; + q.ptr = key.ptr + this->k * 3; + d.ptr = key.ptr + this->k * 4; + exp1.ptr = key.ptr + this->k * 5; + exp2.ptr = key.ptr + this->k * 6; + coeff.ptr = key.ptr + this->k * 7; + + mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr); + mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr); + mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr); + mpz_import(this->q, this->k, 1, 1, 1, 0, q.ptr); + mpz_import(this->d, this->k, 1, 1, 1, 0, d.ptr); + mpz_import(this->exp1, this->k, 1, 1, 1, 0, exp1.ptr); + mpz_import(this->exp2, this->k, 1, 1, 1, 0, exp2.ptr); + mpz_import(this->coeff, this->k, 1, 1, 1, 0, coeff.ptr); + + this->is_key_set = TRUE; + + return SUCCESS; + +} + +/** + * implementation of rsa_private_key.get_key. + */ +static status_t get_key(private_rsa_private_key_t *this, chunk_t *key) +{ + if (!this->is_key_set) + { + return INVALID_STATE; + } + + chunk_t n, e, p, q, d, exp1, exp2, coeff; + + n.len = this->k; + n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); + e.len = this->k; + e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); + p.len = this->k; + p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p); + q.len = this->k; + q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q); + d.len = this->k; + d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d); + exp1.len = this->k; + exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1); + exp2.len = this->k; + exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2); + coeff.len = this->k; + coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff); + + key->len = this->k * 8; + key->ptr = allocator_alloc(key->len); + memcpy(key->ptr + this->k * 0, n.ptr , n.len); + memcpy(key->ptr + this->k * 1, e.ptr, e.len); + memcpy(key->ptr + this->k * 2, p.ptr, p.len); + memcpy(key->ptr + this->k * 3, q.ptr, q.len); + memcpy(key->ptr + this->k * 4, d.ptr, d.len); + memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len); + memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len); + memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len); + + allocator_free(n.ptr); + allocator_free(e.ptr); + allocator_free(p.ptr); + allocator_free(q.ptr); + allocator_free(d.ptr); + allocator_free(exp1.ptr); + allocator_free(exp2.ptr); + allocator_free(coeff.ptr); + + return SUCCESS; +} + +/** + * implementation of rsa_private_key.load_key. + */ +static status_t load_key(private_rsa_private_key_t *this, char *file) +{ + return NOT_SUPPORTED; +} + +/** + * implementation of rsa_private_key.save_key. + */ +static status_t save_key(private_rsa_private_key_t *this, char *file) +{ + return NOT_SUPPORTED; +} + +/** + * implementation of rsa_private_key.generate_key. + */ +static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) +{ + mpz_t p, q, n, e, d, exp1, exp2, coeff; + mpz_t m, q1, t; + + if (key_size <= 0) + { + return INVALID_ARG; + } + + if (this->is_key_set) + { + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->p); + mpz_clear(this->q); + mpz_clear(this->d); + mpz_clear(this->exp1); + mpz_clear(this->exp2); + mpz_clear(this->coeff); + } + + key_size = key_size / 8; + + mpz_init(t); + mpz_init(n); + mpz_init(d); + mpz_init(exp1); + mpz_init(exp2); + mpz_init(coeff); + + /* Get values of primes p and q */ + charon->prime_pool->get_prime(charon->prime_pool, key_size/2, &p); + charon->prime_pool->get_prime(charon->prime_pool, key_size/2, &q); + + /* Swapping Primes so p is larger then q */ + if (mpz_cmp(p, q) < 0) + { + mpz_set(t, p); + mpz_set(p, q); + mpz_set(q, t); + } + + mpz_mul(n, p, q); /* n = p*q */ + mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */ + mpz_init_set(m, p); /* m = p */ + mpz_sub_ui(m, m, 1); /* m = m -1 */ + mpz_init_set(q1, q); /* q1 = q */ + mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */ + mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */ + mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */ + mpz_divexact(m, m, t); /* m = m / t */ + mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */ + + mpz_invert(d, e, m); /* e has an inverse mod m */ + if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */ + { + mpz_add(d, d, m); + } + mpz_sub_ui(t, p, 1); /* t = p-1 */ + mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */ + mpz_sub_ui(t, q, 1); /* t = q-1 */ + mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */ + + mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */ + if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */ + { + mpz_add(coeff, coeff, p); + } + + mpz_clear(q1); + mpz_clear(m); + mpz_clear(t); + + /* apply values */ + *(this->p) = *p; + *(this->q) = *q; + *(this->n) = *n; + *(this->e) = *e; + *(this->d) = *d; + *(this->exp1) = *exp1; + *(this->exp2) = *exp2; + *(this->coeff) = *coeff; + + /* set key size in bytes */ + + this->is_key_set = TRUE; + this->k = key_size; + + return SUCCESS; +} + + +rsa_public_key_t *get_public_key(private_rsa_private_key_t *this) +{ + rsa_public_key_t *public_key; + //chunk_t key; + + public_key = rsa_public_key_create(); + + if (this->is_key_set) + { + + chunk_t n, e, key; + + n.len = this->k; + n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); + e.len = this->k; + e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); + + key.len = this->k * 2; + key.ptr = allocator_alloc(key.len); + memcpy(key.ptr, n.ptr, n.len); + memcpy(key.ptr + n.len, e.ptr, e.len); + allocator_free(n.ptr); + allocator_free(e.ptr); + + public_key->set_key(public_key, key); + allocator_free(key.ptr); + + } + + return public_key; +} + + +/** + * implementation of rsa_private_key.destroy. + */ +static void destroy(private_rsa_private_key_t *this) +{ + if (this->is_key_set) + { + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->p); + mpz_clear(this->q); + mpz_clear(this->d); + mpz_clear(this->exp1); + mpz_clear(this->exp2); + mpz_clear(this->coeff); + } + allocator_free(this); +} + +/* + * Described in header + */ +rsa_private_key_t *rsa_private_key_create(hash_algorithm_t hash_algoritm) +{ + private_rsa_private_key_t *this = allocator_alloc_thing(private_rsa_private_key_t); + + /* public functions */ + this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature; + this->public.set_key = (status_t (*) (rsa_private_key_t*,chunk_t))set_key; + this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key; + this->public.load_key = (status_t (*) (rsa_private_key_t*,char*))load_key; + this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key; + this->public.generate_key = (status_t (*) (rsa_private_key_t*,size_t))generate_key; + this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key; + this->public.destroy = (void (*) (rsa_private_key_t*))destroy; + + /* private functions */ + this->rsadp = rsadp; + this->rsasp1 = rsadp; /* same algorithm */ + + this->is_key_set = FALSE; + + return &(this->public); +} diff --git a/Source/charon/transforms/rsa/rsa_private_key.h b/Source/charon/transforms/rsa/rsa_private_key.h new file mode 100644 index 000000000..15f903308 --- /dev/null +++ b/Source/charon/transforms/rsa/rsa_private_key.h @@ -0,0 +1,68 @@ +/** + * @file rsa_private_key.h + * + * @brief Interface rsa_private_key_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef RSA_PRIVATE_KEY_H_ +#define RSA_PRIVATE_KEY_H_ + +#include <types.h> +#include <definitions.h> + +#include <transforms/rsa/rsa_public_key.h> +#include <transforms/hashers/hasher.h> + + +typedef struct rsa_private_key_t rsa_private_key_t; + +/** + * @brief RSA private key with associated functions. + * + * Currently only supports signing using EMSA encoding. + * + * @ingroup asymmetrics + */ +struct rsa_private_key_t { + + status_t (*build_emsa_pkcs1_signature) (rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature); + + status_t (*set_key) (rsa_private_key_t *this, chunk_t key); + + status_t (*get_key) (rsa_private_key_t *this, chunk_t *key); + + status_t (*load_key) (rsa_private_key_t *this, char *file); + + status_t (*save_key) (rsa_private_key_t *this, char *file); + + status_t (*generate_key) (rsa_private_key_t *this, size_t key_size); + + rsa_public_key_t *(*get_public_key) (rsa_private_key_t *this); + + void (*destroy) (rsa_private_key_t *this); +}; + +/** + * Types are defined in public_key.h + * + * @ingroup asymmetrics + */ +rsa_private_key_t *rsa_private_key_create(); + +#endif /*RSA_PRIVATE_KEY_H_*/ diff --git a/Source/charon/transforms/rsa/rsa_public_key.c b/Source/charon/transforms/rsa/rsa_public_key.c new file mode 100644 index 000000000..3856fc89d --- /dev/null +++ b/Source/charon/transforms/rsa/rsa_public_key.c @@ -0,0 +1,364 @@ +/** + * @file rsa_public_key.c + * + * @brief Implementation of rsa_public_key_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <gmp.h> + +#include "rsa_public_key.h" + +#include <daemon.h> +#include <utils/allocator.h> +#include <transforms/hashers/hasher.h> + +/* since we don't have an ASN1 parser/generator, + * we use these predefined values for + * hash algorithm oids. These also contain + * the length of the following hash. + * These values are also used in rsa_private_key.c + */ + +u_int8_t md2_oid[18] = { + 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86, + 0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00, + 0x04,0x10 +}; + +u_int8_t md5_oid[] = { + 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86, + 0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00, + 0x04,0x10 +}; + +u_int8_t sha1_oid[] = { + 0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e, + 0x03,0x02,0x1a,0x05,0x00,0x04,0x14 +}; + +u_int8_t sha256_oid[] = { + 0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86, + 0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05, + 0x00,0x04,0x20 +}; + +u_int8_t sha384_oid[] = { + 0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86, + 0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05, + 0x00,0x04,0x30 +}; + +u_int8_t sha512_oid[] = { + 0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86, + 0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05, + 0x00,0x04,0x40 +}; + + +typedef struct private_rsa_public_key_t private_rsa_public_key_t; + +/** + * private data structure with signing context. + */ +struct private_rsa_public_key_t { + /** + * Public interface for this signer. + */ + rsa_public_key_t public; + + /** + * is the key already set ? + */ + bool is_key_set; + + /** + * public modulus + */ + mpz_t n; + /** + * public exponent + */ + mpz_t e; + + /** + * keysize in bytes + */ + size_t k; + + /** + * @brief Implements the RSAEP algorithm specified in PKCS#1. + */ + chunk_t (*rsaep) (private_rsa_public_key_t *this, chunk_t data); + + /** + * @brief Implements the RSASVP1 algorithm specified in PKCS#1. + */ + chunk_t (*rsavp1) (private_rsa_public_key_t *this, chunk_t data); +}; + +/** + * Implements private_rsa_public_key_t.rsadp + * Implements private_rsa_public_key_t.rsavp1 + */ +static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data) +{ + mpz_t m, c; + chunk_t encrypted; + + mpz_init(c); + mpz_init(m); + + mpz_import(m, data.len, 1, 1, 1, 0, data.ptr); + + mpz_powm(c, m, this->e, this->n); + + encrypted.len = this->k; + encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c); + + mpz_clear(c); + mpz_clear(m); + + return encrypted; +} + +/** + * implementation of rsa_public_key.verify_emsa_signature. + */ +static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature) +{ + hasher_t *hasher = NULL; + chunk_t hash; + chunk_t em; + u_int8_t *pos; + + if (signature.len > this->k) + { + return INVALID_ARG; + } + + /* unpack signature */ + em = this->rsavp1(this, signature); + + /* result should look like this: + * EM = 0x00 || 0x01 || PS || 0x00 || T. + * PS = 0xFF padding, with length to fill em + * T = oid || hash + */ + + /* check magic bytes */ + if ((*(em.ptr) != 0x00) || + (*(em.ptr+1) != 0x01)) + { + allocator_free(em.ptr); + return FAILED; + } + + /* find magic 0x00 */ + pos = em.ptr + 2; + while (pos <= em.ptr + em.len) + { + if (*pos == 0x00) + { + /* found magic byte, stop */ + pos++; + break; + } + else if (*pos != 0xFF) + { + /* bad padding, decryption failed ?!*/ + allocator_free(em.ptr); + return FAILED; + } + pos++; + } + + if (pos + 20 > em.ptr + em.len) + { + /* not enought room for oid compare */ + allocator_free(em.ptr); + return FAILED; + } + + if (memcmp(md2_oid, pos, sizeof(md2_oid)) == 0) + { + hasher = hasher_create(HASH_MD2); + pos += sizeof(md2_oid); + } + else if (memcmp(md5_oid, pos, sizeof(md5_oid)) == 0) + { + hasher = hasher_create(HASH_MD5); + pos += sizeof(md5_oid); + } + else if (memcmp(sha1_oid, pos, sizeof(sha1_oid)) == 0) + { + hasher = hasher_create(HASH_SHA1); + pos += sizeof(sha1_oid); + } + else if (memcmp(sha256_oid, pos, sizeof(sha256_oid)) == 0) + { + hasher = hasher_create(HASH_SHA256); + pos += sizeof(sha256_oid); + } + else if (memcmp(sha384_oid, pos, sizeof(sha384_oid)) == 0) + { + hasher = hasher_create(HASH_SHA384); + pos += sizeof(sha384_oid); + } + else if (memcmp(sha512_oid, pos, sizeof(sha512_oid)) == 0) + { + hasher = hasher_create(HASH_SHA512); + pos += sizeof(sha512_oid); + } + + if (hasher == NULL) + { + /* not supported hash algorithm */ + allocator_free(em.ptr); + return NOT_SUPPORTED; + } + + if (pos + hasher->get_block_size(hasher) != em.ptr + em.len) + { + /* bad length */ + allocator_free(em.ptr); + hasher->destroy(hasher); + return FAILED; + } + + /* build own hash for a compare */ + hasher->allocate_hash(hasher, data, &hash); + hasher->destroy(hasher); + + if (memcmp(hash.ptr, pos, hash.len) != 0) + { + /* hash does not equal */ + allocator_free(hash.ptr); + allocator_free(em.ptr); + return FAILED; + + } + + /* seems good */ + allocator_free(hash.ptr); + allocator_free(em.ptr); + return SUCCESS; +} + +/** + * implementation of rsa_public_key.set_key. + */ +static status_t set_key(private_rsa_public_key_t *this, chunk_t key) +{ + chunk_t n, e; + + n.len = key.len/2; + n.ptr = key.ptr; + e.len = n.len; + e.ptr = key.ptr + n.len; + + mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr); + mpz_import(this->e, n.len, 1, 1, 1, 0, e.ptr); + + this->k = n.len; + + this->is_key_set = TRUE; + + return SUCCESS; +} + + +/** + * implementation of rsa_public_key.get_key. + */ +static status_t get_key(private_rsa_public_key_t *this, chunk_t *key) +{ + if (!this->is_key_set) + { + return INVALID_STATE; + } + + chunk_t n, e; + + n.len = this->k; + n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); + e.len = this->k; + e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); + + key->len = this->k * 2; + key->ptr = allocator_alloc(key->len); + memcpy(key->ptr, n.ptr, n.len); + memcpy(key->ptr + n.len, e.ptr, e.len); + allocator_free(n.ptr); + allocator_free(e.ptr); + + return SUCCESS; +} + +/** + * implementation of rsa_public_key.load_key. + */ +static status_t load_key(private_rsa_public_key_t *this, char *file) +{ + return NOT_SUPPORTED; +} + +/** + * implementation of rsa_public_key.save_key. + */ +static status_t save_key(private_rsa_public_key_t *this, char *file) +{ + return NOT_SUPPORTED; +} + +/** + * implementation of rsa_public_key.destroy. + */ +static void destroy(private_rsa_public_key_t *this) +{ + if (this->is_key_set) + { + mpz_clear(this->n); + mpz_clear(this->e); + } + allocator_free(this); +} + +/* + * Described in header + */ +rsa_public_key_t *rsa_public_key_create() +{ + private_rsa_public_key_t *this = allocator_alloc_thing(private_rsa_public_key_t); + + /* public functions */ + this->public.verify_emsa_pkcs1_signature = (status_t (*) (rsa_public_key_t*,chunk_t,chunk_t))verify_emsa_pkcs1_signature; + this->public.set_key = (status_t (*) (rsa_public_key_t*,chunk_t))set_key; + this->public.get_key = (status_t (*) (rsa_public_key_t*,chunk_t*))get_key; + this->public.load_key = (status_t (*) (rsa_public_key_t*,char*))load_key; + this->public.save_key = (status_t (*) (rsa_public_key_t*,char*))save_key; + this->public.destroy = (void (*) (rsa_public_key_t*))destroy; + + /* private functions */ + this->rsaep = rsaep; + this->rsavp1 = rsaep; /* same algorithm */ + + this->is_key_set = FALSE; + + return &(this->public); +} diff --git a/Source/charon/transforms/rsa/rsa_public_key.h b/Source/charon/transforms/rsa/rsa_public_key.h new file mode 100644 index 000000000..10343f5da --- /dev/null +++ b/Source/charon/transforms/rsa/rsa_public_key.h @@ -0,0 +1,63 @@ +/** + * @file rsa_public_key.h + * + * @brief Interface rsa_public_key_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef RSA_PUBLIC_KEY_H_ +#define RSA_PUBLIC_KEY_H_ + +#include <gmp.h> + +#include <types.h> +#include <definitions.h> + + +typedef struct rsa_public_key_t rsa_public_key_t; + +/** + * @brief RSA public key with associated functions. + * + * Currently only supports signature verification using + * the EMSA encoding (see PKCS1) + * + * @ingroup asymmetrics + */ +struct rsa_public_key_t { + + status_t (*verify_emsa_pkcs1_signature) (rsa_public_key_t *this, chunk_t data, chunk_t signature); + + status_t (*set_key) (rsa_public_key_t *this, chunk_t key); + + status_t (*get_key) (rsa_public_key_t *this, chunk_t *key); + + status_t (*load_key) (rsa_public_key_t *this, char *file); + + status_t (*save_key) (rsa_public_key_t *this, char *file); + + void (*destroy) (rsa_public_key_t *this); +}; + +/** + * + * @ingroup asymmetrics + */ +rsa_public_key_t *rsa_public_key_create(); + +#endif /*RSA_PUBLIC_KEY_H_*/ |