diff options
Diffstat (limited to 'Source/charon/transforms')
| -rw-r--r-- | Source/charon/transforms/Makefile.transforms | 4 | ||||
| -rwxr-xr-x | Source/charon/transforms/certificate.c | 567 | ||||
| -rwxr-xr-x | Source/charon/transforms/certificate.h | 16 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_private_key.c | 227 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_private_key.h | 85 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_public_key.c | 182 | ||||
| -rw-r--r-- | Source/charon/transforms/rsa/rsa_public_key.h | 72 |
7 files changed, 485 insertions, 668 deletions
diff --git a/Source/charon/transforms/Makefile.transforms b/Source/charon/transforms/Makefile.transforms index bed865c78..4be5d270b 100644 --- a/Source/charon/transforms/Makefile.transforms +++ b/Source/charon/transforms/Makefile.transforms @@ -31,3 +31,7 @@ $(BUILD_DIR)hmac.o : $(TRANSFORMS_DIR)hmac.c $(TRANSFORMS_DIR)hmac.h OBJS+= $(BUILD_DIR)prf_plus.o $(BUILD_DIR)prf_plus.o : $(TRANSFORMS_DIR)prf_plus.c $(TRANSFORMS_DIR)prf_plus.h $(CC) $(CFLAGS) -c -o $@ $< + +OBJS+= $(BUILD_DIR)certificate.o +$(BUILD_DIR)certificate.o : $(TRANSFORMS_DIR)certificate.c $(TRANSFORMS_DIR)certificate.h + $(CC) $(CFLAGS) -c -o $@ $< diff --git a/Source/charon/transforms/certificate.c b/Source/charon/transforms/certificate.c index 6d10d9f54..e8ee61bb2 100755 --- a/Source/charon/transforms/certificate.c +++ b/Source/charon/transforms/certificate.c @@ -21,6 +21,8 @@ */ #include <gmp.h> +#include <sys/stat.h> +#include <unistd.h> #include "certificate.h" @@ -39,480 +41,191 @@ struct private_certificate_t { * Public interface for this signer. */ certificate_t public; -}; - -#define OSET(x) offsetof(private_certiciate_t, x) - -/** - * Rules for de-/encoding of a certificate from/in ASN1 - */ -static asn1_rule_t certificate_rules[] = { - {ASN1_SEQUENCE, 0, 0, 0 }, /* certificate */ - { ASN1_SEQUENCE, 0, 0, 0 }, /* tbsCertificate */ - { ASN1_TAG_E_0, ASN1_DEFAULT, OSET(version), 0 }, /* EXPLICIT version DEFAULT v1(0) */ - { ASN1_INTEGER, 0, OSET(version), 0 }, - { ASN1_INTEGER, 0, OSET(serial), 0 }, /* serialNumber */ - { ASN1_SEQUENCE, 0, 0, 0 }, /* signature */ - { ASN1_OID, 0, OSET(sign_alg), 0 }, /* algorithm */ - { ASN1_END, 0, 0, 0 }, /* signature */ - { ASN1_CHOICE, 0, 0, 0 }, /* issuer */ - { ASN1_SEQUENCE, ASN1_OF, 0, 0 }, - /* name */ - { ASN1_END, 0, 0, 0 }, - { ASN1_END, 0, 0, 0 }, /* issuer */ - { ASN1_SEQUENCE, 0, 0, 0 }, /* validity */ - { ASN1_CHOICE, 0, 0, 0 }, /* notBefore */ - { ASN1_UTCTIME, 0, OSET(not_before), 0 }, /* utcTime */ - { ASN1_GENERALIZEDTIME, 0, OSET(not_before), 0 }, /* generalTime */ - { ASN1_END, 0, 0, 0 }, /* notBefore */ - { ASN1_CHOICE, 0, 0, 0 }, /* notAfter */ - { ASN1_UTCTIME, 0, OSET(not_after), 0 }, /* utcTime */ - { ASN1_GENERALIZEDTIME, 0, OSET(not_after), 0 }, /* generalTime */ - { ASN1_END, 0, 0, 0 }, /* notAfter */ - { ASN1_END, 0, 0, 0 }, /* validity */ - { ASN1_CHOICE, 0, 0, 0 }, /* subject */ - { ASN1_SEQUENCE, ASN1_OF, 0, 0 }, - /* name */ - { ASN1_END, 0, 0, 0 }, - { ASN1_END, 0, 0, 0 }, /* subject */ - { ASN1_SEQUENCE, 0, 0, 0 }, /* subjectPublicKeyInfo */ - { ASN1_OID, 0, OSET(pubkey_alg), 0 }, /* algorithm */ - { ASN1_BITSTRING, 0, OSET(pubkey), 0 }, /* subjectPublicKey */ - { ASN1_END, 0, 0, 0 }, /* subjectPublicKeyInfo */ - { ASN1_TAG_I_1, ASN1_OPTIONAL, 0, OSET(has_issuer_uid)}, /* IMPLICIT issuerUniqueID OPTIONAL */ - { ASN1_BITSTRING, 0, OSET(issuer_uid), 0 }, - { ASN1_TAG_I_2, ASN1_OPTIONAL, 0, OSET(has_subject_uid)},/* IMPLICIT subjectUniqueID OPTIONAL */ - { ASN1_BITSTRING, 0, OSET(subject_uid), 0 }, - { ASN1_TAG_E_3, ASN1_OPTIONAL, 0, 0 }, /* EXPLICIT extensions OPTIONAL*/ - { ASN1_SEQUENCE, ASN1_OF, 0, 0 }, - /* extension */ - { ASN1_END 0, 0, 0, }, /* extensions */ - { ASN1_END, 0, 0, 0 }, /* certificate */ -}; - -/** - * Implementation of private_certificate_t.compute_prime. - */ -static void compute_prime(private_certificate_t *this, size_t prime_size, mpz_t *prime) -{ - randomizer_t *randomizer; - chunk_t random_bytes; - randomizer = randomizer_create(); - mpz_init(*prime); + u_int version; - do - { - randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes); - - /* make sure most significant bit is set */ - random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80; - - /* convert chunk to mpz value */ - mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); - - /* get next prime */ - mpz_nextprime (*prime, *prime); - - allocator_free(random_bytes.ptr); - } - /* check if it isnt too large */ - while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size); + u_int serial; - randomizer->destroy(randomizer); -} - -/** - * Implementation of private_certificate_t.rsadp and private_certificate_t.rsasp1. - */ -static chunk_t rsadp(private_certificate_t *this, chunk_t data) -{ - mpz_t t1, t2; - chunk_t decrypted; - - mpz_init(t1); - mpz_init(t2); + chunk_t sign_alg; - mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); + time_t not_before; - mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ - mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ - mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ - mpz_mod(t2, t2, this->p); - mpz_mul(t2, t2, this->coeff); - mpz_mod(t2, t2, this->p); + time_t not_after; - mpz_mul(t2, t2, this->q); /* m = m2 + h q */ - mpz_add(t1, t1, t2); + chunk_t pubkey; - decrypted.len = this->k; - decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); + chunk_t pubkey_alg; - mpz_clear(t1); - mpz_clear(t2); - - return decrypted; -} - -/** - * Implementation of certificate.build_emsa_signature. - */ -static status_t build_emsa_pkcs1_signature(private_certificate_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature) -{ - hasher_t *hasher; - chunk_t hash; - chunk_t oid; - chunk_t em; - - /* get oid string prepended to hash */ - switch (hash_algorithm) - { - case HASH_MD2: - { - oid.ptr = md2_oid; - oid.len = sizeof(md2_oid); - break; - } - case HASH_MD5: - { - oid.ptr = md5_oid; - oid.len = sizeof(md5_oid); - break; - } - case HASH_SHA1: - { - oid.ptr = sha1_oid; - oid.len = sizeof(sha1_oid); - break; - } - case HASH_SHA256: - { - oid.ptr = sha256_oid; - oid.len = sizeof(sha256_oid); - break; - } - case HASH_SHA384: - { - oid.ptr = sha384_oid; - oid.len = sizeof(sha384_oid); - break; - } - case HASH_SHA512: - { - oid.ptr = sha512_oid; - oid.len = sizeof(sha512_oid); - break; - } - default: - { - return NOT_SUPPORTED; - } - } - - /* get hasher */ - hasher = hasher_create(hash_algorithm); - if (hasher == NULL) - { - return NOT_SUPPORTED; - } + bool has_issuer_uid; + chunk_t issuer_uid; - /* build hash */ - hasher->allocate_hash(hasher, data, &hash); - hasher->destroy(hasher); + bool has_subject_uid; + chunk_t subject_uid; - /* build chunk to rsa-decrypt: - * EM = 0x00 || 0x01 || PS || 0x00 || T. - * PS = 0xFF padding, with length to fill em - * T = oid || hash - */ - em.len = this->k; - em.ptr = allocator_alloc(em.len); + chunk_t tbs_cert; + chunk_t signature; - /* fill em with padding */ - memset(em.ptr, 0xFF, em.len); - /* set magic bytes */ - *(em.ptr) = 0x00; - *(em.ptr+1) = 0x01; - *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00; - /* set hash */ - memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len); - /* set oid */ - memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len); + rsa_public_key_t *public_key; +}; - - /* build signature */ - *signature = this->rsasp1(this, em); - - allocator_free(hash.ptr); - allocator_free(em.ptr); - - return SUCCESS; -} +#define OSET(x) offsetof(private_certificate_t, x) - /** - * Implementation of certificate.set_key. + * Rules for de-/encoding of a certificate from/in ASN1 */ -static status_t set_key(private_certificate_t *this, chunk_t key) -{ - der_decoder_t *dd; - status_t status; - - dd = der_decoder_create(certificate_rules); - - status = dd->decode(dd, key, this); - if (status == SUCCESS) - { - this->is_key_set = TRUE; - this->k = mpz_sizeinbase(this->n, 2) / 8; - } - dd->destroy(dd); - return status; -} +static asn1_rule_t certificate_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0 }, /* certificate */ + { ASN1_SEQUENCE, ASN1_RAW, OSET(tbs_cert), 0 }, /* tbsCertificate */ + { ASN1_TAG_E_0, ASN1_DEFAULT, OSET(version), 0 }, /* EXPLICIT */ + { ASN1_INTEGER, ASN1_DEFAULT, OSET(version), 0 }, /* version DEFAULT v1(0) */ + { ASN1_INTEGER, 0, OSET(serial), 0 }, /* serialNumber */ + { ASN1_SEQUENCE, 0, 0, 0 }, /* signature */ + { ASN1_OID, 0, OSET(sign_alg), 0 }, /* algorithm-oid */ + { ASN1_NULL, 0, 0, 0 }, /* parameters */ + { ASN1_END, 0, 0, 0 }, /* signature */ + { ASN1_SEQUENCE, ASN1_OF, 0, 0 }, /* issuer */ +// { ASN1_SET, ASN1_OF, 0, 0, }, /* RelativeDistinguishedName */ +// { ASN1_SEQUENCE, 0, 0, 0, }, /* AttributeTypeAndValue */ +// { ASN1_OID, 0, 0, 0 }, /* AttributeType */ +// { ASN1_ANY, 0, 0, 0 }, /* AttributeValue */ +// { ASN1_END, 0, 0, 0 }, /* AttributeTypeAndValue */ +// { ASN1_END, 0, 0, 0 }, /* RelativeDistinguishedName */ + { ASN1_END, 0, 0, 0 }, /* issuer */ + { ASN1_SEQUENCE, 0, 0, 0 }, /* validity */ + { ASN1_CHOICE, 0, 0, 0 }, /* notBefore */ + { ASN1_UTCTIME, 0, OSET(not_before), 0 }, /* utcTime */ + { ASN1_GENERALIZEDTIME, 0, OSET(not_before), 0 }, /* generalTime */ + { ASN1_END, 0, 0, 0 }, /* notBefore */ + { ASN1_CHOICE, 0, 0, 0 }, /* notAfter */ + { ASN1_UTCTIME, 0, OSET(not_after), 0 }, /* utcTime */ + { ASN1_GENERALIZEDTIME, 0, OSET(not_after), 0 }, /* generalTime */ + { ASN1_END, 0, 0, 0 }, /* notAfter */ + { ASN1_END, 0, 0, 0 }, /* validity */ + { ASN1_SEQUENCE, ASN1_OF, 0, 0 }, /* subject */ +// { ASN1_SET, ASN1_OF, 0, 0, }, /* RelativeDistinguishedName */ +// { ASN1_SEQUENCE, 0, 0, 0, }, /* AttributeTypeAndValue */ +// { ASN1_OID, 0, 0, 0 }, /* AttributeType */ +// { ASN1_ANY, 0, 0, 0 }, /* AttributeValue */ +// { ASN1_END, 0, 0, 0 }, /* AttributeTypeAndValue */ +// { ASN1_END, 0, 0, 0 }, /* RelativeDistinguishedName */ + { ASN1_END, 0, 0, 0 }, /* subject */ + { ASN1_SEQUENCE, 0, 0, 0 }, /* subjectPublicKeyInfo */ + { ASN1_SEQUENCE, 0, 0, 0 }, /* algorithm */ + { ASN1_OID, 0, OSET(pubkey_alg), 0 }, /* algorithm-oid */ + { ASN1_NULL, 0, 0, 0 }, /* parameters */ + { ASN1_END, 0, 0, 0 }, /* algorithm */ + { ASN1_BITSTRING, 0, OSET(pubkey), 0 }, /* subjectPublicKey */ + { ASN1_END, 0, 0, 0 }, /* subjectPublicKeyInfo */ + { ASN1_TAG_I_1, ASN1_OPTIONAL, 0, OSET(has_issuer_uid)}, /* IMPLICIT */ + { ASN1_BITSTRING, ASN1_OPTIONAL, OSET(issuer_uid), 0 }, /* issuerUniqueID OPTIONAL */ + { ASN1_TAG_I_2, ASN1_OPTIONAL, 0, OSET(has_subject_uid)},/* IMPLICIT */ + { ASN1_BITSTRING, ASN1_OPTIONAL, OSET(subject_uid), 0 }, /* subjectUniqueID OPTIONAL */ + { ASN1_TAG_E_3, ASN1_OPTIONAL, 0, 0 }, /* EXPLICIT */ + { ASN1_SEQUENCE, ASN1_OF|ASN1_OPTIONAL, 0, 0 }, /* extensions OPTIONAL */ +// { ASN1_SEQUENCE, 0, 0, 0, }, /* extension */ +// { ASN1_OID, 0, 0, 0 }, /* extnID */ +// { ASN1_BOOLEAN, ASN1_DEFAULT, 0, FALSE }, /* critical */ +// { ASN1_OCTETSTRING, 0, 0, 0, }, /* extnValue */ +// { ASN1_END, 0, 0, 0, }, /* extension */ + { ASN1_END, 0, 0, 0, }, /* extensions */ + { ASN1_END, 0, 0, 0 }, /* tbsCertificate */ + { ASN1_SEQUENCE, 0, 0, 0 }, /* signatureAlgorithm */ + { ASN1_OID, 0, OSET(sign_alg), 0 }, /* algorithm-oid */ + { ASN1_NULL, 0, 0, 0 }, /* parameters */ + { ASN1_END, 0, 0, 0 }, /* signatureAlgorithm */ + { ASN1_BITSTRING, 0, OSET(signature), 0 }, /* signatureValue */ + {ASN1_END, 0, 0, 0 }, /* certificate */ +}; /** - * Implementation of certificate.get_key. - */ -static status_t get_key(private_certificate_t *this, chunk_t *key) -{ - if (!this->is_key_set) - { - return INVALID_STATE; - } - - chunk_t n, e, p, q, d, exp1, exp2, coeff; - - n.len = this->k; - n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); - e.len = this->k; - e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); - p.len = this->k; - p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p); - q.len = this->k; - q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q); - d.len = this->k; - d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d); - exp1.len = this->k; - exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1); - exp2.len = this->k; - exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2); - coeff.len = this->k; - coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff); - - key->len = this->k * 8; - key->ptr = allocator_alloc(key->len); - memcpy(key->ptr + this->k * 0, n.ptr , n.len); - memcpy(key->ptr + this->k * 1, e.ptr, e.len); - memcpy(key->ptr + this->k * 2, p.ptr, p.len); - memcpy(key->ptr + this->k * 3, q.ptr, q.len); - memcpy(key->ptr + this->k * 4, d.ptr, d.len); - memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len); - memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len); - memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len); - - allocator_free(n.ptr); - allocator_free(e.ptr); - allocator_free(p.ptr); - allocator_free(q.ptr); - allocator_free(d.ptr); - allocator_free(exp1.ptr); - allocator_free(exp2.ptr); - allocator_free(coeff.ptr); - - return SUCCESS; -} - -/** - * Implementation of certificate.load_key. + * Implementation of certificate.get_public_key. */ -static status_t load_key(private_certificate_t *this, char *file) +static rsa_public_key_t *get_public_key(private_certificate_t *this) { - return NOT_SUPPORTED; + return this->public_key->clone(this->public_key); } + /** - * Implementation of certificate.save_key. + * Implementation of certificate.destroy. */ -static status_t save_key(private_certificate_t *this, char *file) +static void destroy(private_certificate_t *this) { - return NOT_SUPPORTED; + this->public_key->destroy(this->public_key); + allocator_free(this->pubkey.ptr); + allocator_free(this->signature.ptr); + allocator_free(this->tbs_cert.ptr); + allocator_free(this); } -/** - * Implementation of certificate.generate_key. +/* + * Described in header. */ -static status_t generate_key(private_certificate_t *this, size_t key_size) +certificate_t *certificate_create_from_chunk(chunk_t chunk) { - mpz_t p, q, n, e, d, exp1, exp2, coeff; - mpz_t m, q1, t; - - if (key_size < 0) - { - return INVALID_ARG; - } - - mpz_clear(this->n); - mpz_clear(this->e); - mpz_clear(this->p); - mpz_clear(this->q); - mpz_clear(this->d); - mpz_clear(this->exp1); - mpz_clear(this->exp2); - mpz_clear(this->coeff); + private_certificate_t *this = allocator_alloc_thing(private_certificate_t); + der_decoder_t *dd; - key_size = key_size / 8; + /* public functions */ + this->public.get_public_key = (rsa_public_key_t *(*) (certificate_t*))get_public_key; + this->public.destroy = (void (*) (certificate_t*))destroy; - mpz_init(t); - mpz_init(n); - mpz_init(d); - mpz_init(exp1); - mpz_init(exp2); - mpz_init(coeff); + /* initialize */ + this->pubkey = CHUNK_INITIALIZER; + this->signature = CHUNK_INITIALIZER; + this->tbs_cert = CHUNK_INITIALIZER; - /* Get values of primes p and q */ - this->compute_prime(this, key_size/2, &p); - this->compute_prime(this, key_size/2, &q); - - /* Swapping Primes so p is larger then q */ - if (mpz_cmp(p, q) < 0) - { - mpz_set(t, p); - mpz_set(p, q); - mpz_set(q, t); - } + dd = der_decoder_create(certificate_rules); - mpz_mul(n, p, q); /* n = p*q */ - mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */ - mpz_init_set(m, p); /* m = p */ - mpz_sub_ui(m, m, 1); /* m = m -1 */ - mpz_init_set(q1, q); /* q1 = q */ - mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */ - mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */ - mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */ - mpz_divexact(m, m, t); /* m = m / t */ - mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */ - - mpz_invert(d, e, m); /* e has an inverse mod m */ - if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */ + if (dd->decode(dd, chunk, this) != SUCCESS) { - mpz_add(d, d, m); + allocator_free(this); + dd->destroy(dd); + return NULL; } - mpz_sub_ui(t, p, 1); /* t = p-1 */ - mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */ - mpz_sub_ui(t, q, 1); /* t = q-1 */ - mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */ + dd->destroy(dd); - mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */ - if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */ + this->public_key = rsa_public_key_create_from_chunk(this->pubkey); + if (this->public_key == NULL) { - mpz_add(coeff, coeff, p); + allocator_free(this->pubkey.ptr); + allocator_free(this); + return NULL; } - - mpz_clear(q1); - mpz_clear(m); - mpz_clear(t); - - /* apply values */ - *(this->p) = *p; - *(this->q) = *q; - *(this->n) = *n; - *(this->e) = *e; - *(this->d) = *d; - *(this->exp1) = *exp1; - *(this->exp2) = *exp2; - *(this->coeff) = *coeff; - - /* set key size in bytes */ - - this->is_key_set = TRUE; - this->k = key_size; - return SUCCESS; + return &this->public; } -/** - * Implementation of certificate.get_public_key. +/* + * Described in header. */ -rsa_public_key_t *get_public_key(private_certificate_t *this) +certificate_t *certificate_create_from_file(char *filename) { - rsa_public_key_t *public_key; - //chunk_t key; - - public_key = rsa_public_key_create(); - - if (this->is_key_set) - { + struct stat stb; + FILE *file; + char *buffer; + chunk_t chunk; - chunk_t n, e, key; - - n.len = this->k; - n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); - e.len = this->k; - e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); - - key.len = this->k * 2; - key.ptr = allocator_alloc(key.len); - memcpy(key.ptr, n.ptr, n.len); - memcpy(key.ptr + n.len, e.ptr, e.len); - allocator_free(n.ptr); - allocator_free(e.ptr); - - public_key->set_key(public_key, key); - allocator_free(key.ptr); - + if (stat(filename, &stb) == -1) + { + return NULL; } - return public_key; -} - - -/** - * Implementation of certificate.destroy. - */ -static void destroy(private_certificate_t *this) -{ - mpz_clear(this->n); - mpz_clear(this->e); - mpz_clear(this->p); - mpz_clear(this->q); - mpz_clear(this->d); - mpz_clear(this->exp1); - mpz_clear(this->exp2); - mpz_clear(this->coeff); - allocator_free(this); -} - -/* - * Described in header. - */ -certificate_t *certificate_create(hash_algorithm_t hash_algoritm) -{ - private_certificate_t *this = allocator_alloc_thing(private_certificate_t); + buffer = alloca(stb.st_size); - /* public functions */ - this->public.build_emsa_pkcs1_signature = (status_t (*) (certificate_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature; - this->public.set_key = (status_t (*) (certificate_t*,chunk_t))set_key; - this->public.get_key = (status_t (*) (certificate_t*,chunk_t*))get_key; - this->public.load_key = (status_t (*) (certificate_t*,char*))load_key; - this->public.save_key = (status_t (*) (certificate_t*,char*))save_key; - this->public.generate_key = (status_t (*) (certificate_t*,size_t))generate_key; - this->public.get_public_key = (rsa_public_key_t *(*) (certificate_t*))get_public_key; - this->public.destroy = (void (*) (certificate_t*))destroy; + file = fopen(filename, "r"); + if (file == NULL) + { + return NULL; + } - /* private functions */ - this->rsadp = rsadp; - this->rsasp1 = rsadp; /* same algorithm */ - this->compute_prime = compute_prime; + if (fread(buffer, stb.st_size, 1, file) == -1) + { + return NULL; + } - mpz_init(this->n); - mpz_init(this->e); - mpz_init(this->p); - mpz_init(this->q); - mpz_init(this->d); - mpz_init(this->exp1); - mpz_init(this->exp2); - mpz_init(this->coeff); - this->is_key_set = FALSE; + chunk.ptr = buffer; + chunk.len = stb.st_size; - return &(this->public); + return certificate_create_from_chunk(chunk); } diff --git a/Source/charon/transforms/certificate.h b/Source/charon/transforms/certificate.h index 3cbe7f9ba..69baed0da 100755 --- a/Source/charon/transforms/certificate.h +++ b/Source/charon/transforms/certificate.h @@ -26,7 +26,6 @@ #include <types.h> #include <definitions.h> #include <transforms/rsa/rsa_public_key.h> -#include <transforms/hashers/hasher.h> typedef struct certificate_t certificate_t; @@ -34,12 +33,10 @@ typedef struct certificate_t certificate_t; /** * @brief X509 certificate. * - * Currently only supports signing using EMSA encoding. - * * @b Constructors: - * - certificate_create() + * - certificate_create_from_chunk() * - * @ingroup rsa + * @ingroup transforms */ struct certificate_t { @@ -60,13 +57,14 @@ struct certificate_t { }; /** - * @brief Create a new certificate without - * any key inside. + * @brief Read a certificate from a blob. * * @return created certificate_t. * - * @ingroup rsa + * @ingroup transforms */ -certificate_t *certificate_create(); +certificate_t *certificate_create_from_chunk(chunk_t chunk); + +certificate_t *certificate_create_from_file(char *filename); #endif /* CERTIFICATE_H_ */ diff --git a/Source/charon/transforms/rsa/rsa_private_key.c b/Source/charon/transforms/rsa/rsa_private_key.c index 22315e90e..4da3baf7c 100644 --- a/Source/charon/transforms/rsa/rsa_private_key.c +++ b/Source/charon/transforms/rsa/rsa_private_key.c @@ -21,6 +21,8 @@ */ #include <gmp.h> +#include <sys/stat.h> +#include <unistd.h> #include "rsa_private_key.h" @@ -64,11 +66,6 @@ struct private_rsa_private_key_t { u_int version; /** - * Is the key already set ? - */ - bool is_key_set; - - /** * Public modulus. */ mpz_t n; @@ -317,37 +314,11 @@ static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash return SUCCESS; } - -/** - * Implementation of rsa_private_key.set_key. - */ -static status_t set_key(private_rsa_private_key_t *this, chunk_t key) -{ - der_decoder_t *dd; - status_t status; - - dd = der_decoder_create(rsa_private_key_rules); - - status = dd->decode(dd, key, this); - if (status == SUCCESS) - { - this->is_key_set = TRUE; - this->k = mpz_sizeinbase(this->n, 2) / 8; - } - dd->destroy(dd); - return status; -} - /** * Implementation of rsa_private_key.get_key. */ static status_t get_key(private_rsa_private_key_t *this, chunk_t *key) -{ - if (!this->is_key_set) - { - return INVALID_STATE; - } - +{ chunk_t n, e, p, q, d, exp1, exp2, coeff; n.len = this->k; @@ -389,36 +360,41 @@ static status_t get_key(private_rsa_private_key_t *this, chunk_t *key) return SUCCESS; } - + /** - * Implementation of rsa_private_key.load_key. + * Implementation of rsa_private_key.save_key. */ -static status_t load_key(private_rsa_private_key_t *this, char *file) +static status_t save_key(private_rsa_private_key_t *this, char *file) { return NOT_SUPPORTED; } /** - * Implementation of rsa_private_key.save_key. + * Implementation of rsa_private_key.get_public_key. */ -static status_t save_key(private_rsa_private_key_t *this, char *file) +rsa_public_key_t *get_public_key(private_rsa_private_key_t *this) { - return NOT_SUPPORTED; + return NULL; } /** - * Implementation of rsa_private_key.generate_key. + * Implementation of rsa_private_key.belongs_to. */ -static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) +bool belongs_to(private_rsa_private_key_t *this, rsa_public_key_t *public) { - mpz_t p, q, n, e, d, exp1, exp2, coeff; - mpz_t m, q1, t; - - if (key_size < 0) + if (mpz_cmp(this->n, *public->get_modulus(public)) == 0) { - return INVALID_ARG; + return TRUE; } - + return FALSE; +} + + +/** + * Implementation of rsa_private_key.destroy. + */ +static void destroy(private_rsa_private_key_t *this) +{ mpz_clear(this->n); mpz_clear(this->e); mpz_clear(this->p); @@ -427,6 +403,42 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) mpz_clear(this->exp1); mpz_clear(this->exp2); mpz_clear(this->coeff); + allocator_free(this); +} + +/** + * Internal generic constructor + */ +static private_rsa_private_key_t *rsa_private_key_create_empty() +{ + private_rsa_private_key_t *this = allocator_alloc_thing(private_rsa_private_key_t); + + /* public functions */ + this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature; + this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key; + this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key; + this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key; + this->public.belongs_to = (bool (*) (rsa_private_key_t*,rsa_public_key_t*))belongs_to; + this->public.destroy = (void (*) (rsa_private_key_t*))destroy; + + /* private functions */ + this->rsadp = rsadp; + this->rsasp1 = rsadp; /* same algorithm */ + this->compute_prime = compute_prime; + + return this; +} + +/* + * See header + */ +rsa_private_key_t *rsa_private_key_create(size_t key_size) +{ + mpz_t p, q, n, e, d, exp1, exp2, coeff; + mpz_t m, q1, t; + private_rsa_private_key_t *this; + + this = rsa_private_key_create_empty(); key_size = key_size / 8; @@ -491,96 +503,73 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) *(this->coeff) = *coeff; /* set key size in bytes */ - - this->is_key_set = TRUE; this->k = key_size; - return SUCCESS; + return &this->public; } -/** - * Implementation of rsa_private_key.get_public_key. +/* + * see header */ -rsa_public_key_t *get_public_key(private_rsa_private_key_t *this) +rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t chunk) { - rsa_public_key_t *public_key; - //chunk_t key; + private_rsa_private_key_t *this; + der_decoder_t *dd; + status_t status; - public_key = rsa_public_key_create(); + this = rsa_private_key_create_empty(); - if (this->is_key_set) - { + mpz_init(this->n); + mpz_init(this->e); + mpz_init(this->p); + mpz_init(this->q); + mpz_init(this->d); + mpz_init(this->exp1); + mpz_init(this->exp2); + mpz_init(this->coeff); - chunk_t n, e, key; - - n.len = this->k; - n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); - e.len = this->k; - e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); - - key.len = this->k * 2; - key.ptr = allocator_alloc(key.len); - memcpy(key.ptr, n.ptr, n.len); - memcpy(key.ptr + n.len, e.ptr, e.len); - allocator_free(n.ptr); - allocator_free(e.ptr); - - public_key->set_key(public_key, key); - allocator_free(key.ptr); - + dd = der_decoder_create(rsa_private_key_rules); + status = dd->decode(dd, chunk, this); + dd->destroy(dd); + if (status != SUCCESS) + { + destroy(this); + return NULL; } - - return public_key; -} - - -/** - * Implementation of rsa_private_key.destroy. - */ -static void destroy(private_rsa_private_key_t *this) -{ - mpz_clear(this->n); - mpz_clear(this->e); - mpz_clear(this->p); - mpz_clear(this->q); - mpz_clear(this->d); - mpz_clear(this->exp1); - mpz_clear(this->exp2); - mpz_clear(this->coeff); - allocator_free(this); + this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8; + return &this->public; } /* - * Described in header. + * see header */ -rsa_private_key_t *rsa_private_key_create(hash_algorithm_t hash_algoritm) +rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase) { - private_rsa_private_key_t *this = allocator_alloc_thing(private_rsa_private_key_t); + chunk_t chunk; + struct stat stb; + FILE *file; + char *buffer; - /* public functions */ - this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature; - this->public.set_key = (status_t (*) (rsa_private_key_t*,chunk_t))set_key; - this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key; - this->public.load_key = (status_t (*) (rsa_private_key_t*,char*))load_key; - this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key; - this->public.generate_key = (status_t (*) (rsa_private_key_t*,size_t))generate_key; - this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key; - this->public.destroy = (void (*) (rsa_private_key_t*))destroy; + if (stat(filename, &stb) == -1) + { + return NULL; + } - /* private functions */ - this->rsadp = rsadp; - this->rsasp1 = rsadp; /* same algorithm */ - this->compute_prime = compute_prime; + buffer = alloca(stb.st_size); - mpz_init(this->n); - mpz_init(this->e); - mpz_init(this->p); - mpz_init(this->q); - mpz_init(this->d); - mpz_init(this->exp1); - mpz_init(this->exp2); - mpz_init(this->coeff); - this->is_key_set = FALSE; + file = fopen(filename, "r"); + if (file == NULL) + { + return NULL; + } + + if (fread(buffer, stb.st_size, 1, file) != 1) + { + return NULL; + } + + chunk.ptr = buffer; + chunk.len = stb.st_size; - return &(this->public); + return rsa_private_key_create_from_chunk(chunk); } diff --git a/Source/charon/transforms/rsa/rsa_private_key.h b/Source/charon/transforms/rsa/rsa_private_key.h index 094c3e249..ffbe419f5 100644 --- a/Source/charon/transforms/rsa/rsa_private_key.h +++ b/Source/charon/transforms/rsa/rsa_private_key.h @@ -38,10 +38,12 @@ typedef struct rsa_private_key_t rsa_private_key_t; * * @b Constructors: * - rsa_private_key_create() + * - rsa_private_key_create_from_chunk() + * - rsa_private_key_create_from_file() * * @see rsa_public_key_t * - * @todo Implement proper key set/get load/save methods using ASN1. + * @todo Implement get_key(), save_key(), get_public_key() * * @ingroup rsa */ @@ -66,26 +68,9 @@ struct rsa_private_key_t { status_t (*build_emsa_pkcs1_signature) (rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature); /** - * @brief Set the key. - * - * Currently uses a proprietary format which is only inteded - * for testing. This should be replaced with a proper - * ASN1 encoded key format, when charon gets the ASN1 - * capabilities. - * - * @param this calling object - * @param key key (in a propriarity format) - * @return currently SUCCESS in any case - */ - status_t (*set_key) (rsa_private_key_t *this, chunk_t key); - - /** * @brief Gets the key. * - * Currently uses a proprietary format which is only inteded - * for testing. This should be replaced with a proper - * ASN1 encoded key format, when charon gets the ASN1 - * capabilities. + * UNIMPLEMENTED! * * @param this calling object * @param key key (in a propriarity format) @@ -96,17 +81,6 @@ struct rsa_private_key_t { status_t (*get_key) (rsa_private_key_t *this, chunk_t *key); /** - * @brief Loads a key from a file. - * - * Not implemented! - * - * @param this calling object - * @param file file from which key should be read - * @return NOT_SUPPORTED - */ - status_t (*load_key) (rsa_private_key_t *this, char *file); - - /** * @brief Saves a key to a file. * * Not implemented! @@ -140,6 +114,18 @@ struct rsa_private_key_t { rsa_public_key_t *(*get_public_key) (rsa_private_key_t *this); /** + * @brief Check if a private key belongs to a public key. + * + * Compares the public part of the private key with the + * public key, return TRUE if it equals. + * + * @param this private key + * @param public public key + * @return TRUE, if keys belong together + */ + bool (*belongs_to) (rsa_private_key_t *this, rsa_public_key_t *public); + + /** * @brief Destroys the private key. * * @param this private key to destroy @@ -148,13 +134,44 @@ struct rsa_private_key_t { }; /** - * @brief Create a new rsa_private_key without - * any key inside. + * @brief Generate a new RSA key with specified key lenght. + * + * @param key_size size of the key in bits + * @return generated rsa_private_key_t. + * + * @ingroup rsa + */ +rsa_private_key_t *rsa_private_key_create(size_t key_size); + +/** + * @brief Load an RSA private key from a chunk. + * + * Load a key from a chunk, encoded as described in PKCS#1 + * (ASN1 DER encoded). + * + * @param chunk chunk containing the DER encoded key + * @return loaded rsa_private_key_t, or NULL + * + * @ingroup rsa + */ +rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t chunk); + +/** + * @brief Load an RSA private key from a file. + * + * Load a key from a file, which is either in a unencrypted binary + * format (DER), or in a (encrypted) PEM format. The supplied + * passphrase is used to decrypt an ecrypted key. + * + * @param filename filename which holds the key + * @param passphrase optional passphase for decryption + * @return loaded rsa_private_key_t, or NULL * - * @return created rsa_private_key_t. + * @todo Implement PEM file loading + * @todo Implement key decryption * * @ingroup rsa */ -rsa_private_key_t *rsa_private_key_create(); +rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase); #endif /*RSA_PRIVATE_KEY_H_*/ diff --git a/Source/charon/transforms/rsa/rsa_public_key.c b/Source/charon/transforms/rsa/rsa_public_key.c index fb3fe3c67..5a3df1f10 100644 --- a/Source/charon/transforms/rsa/rsa_public_key.c +++ b/Source/charon/transforms/rsa/rsa_public_key.c @@ -21,6 +21,8 @@ */ #include <gmp.h> +#include <sys/stat.h> +#include <unistd.h> #include "rsa_public_key.h" @@ -85,11 +87,6 @@ struct private_rsa_public_key_t { rsa_public_key_t public; /** - * Is the key already set ? - */ - bool is_key_set; - - /** * Public modulus. */ mpz_t n; @@ -123,6 +120,24 @@ struct private_rsa_public_key_t { chunk_t (*rsavp1) (private_rsa_public_key_t *this, chunk_t data); }; + +typedef struct rsa_public_key_info_t rsa_public_key_info_t; + +/** + * KeyInfo, as it appears in a public key file + */ +struct rsa_public_key_info_t { + /** + * Algorithm for this key + */ + chunk_t algorithm_oid; + + /** + * Public key, parseable with rsa_public_key_rules + */ + chunk_t public_key; +}; + /** * Rules for de-/encoding of a public key from/in ASN1 */ @@ -134,6 +149,21 @@ static asn1_rule_t rsa_public_key_rules[] = { }; /** + * Rules for de-/encoding of a PublicKeyInfo from/in ASN1 + */ +static asn1_rule_t rsa_public_key_info_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_OID, 0, offsetof(rsa_public_key_info_t, algorithm_oid), 0}, + { ASN1_NULL, 0, 0, 0}, + { ASN1_END, 0, 0, 0}, + { ASN1_BITSTRING, 0, offsetof(rsa_public_key_info_t, public_key), 0}, + {ASN1_END, 0, 0, 0}, +}; + +private_rsa_public_key_t *rsa_public_key_create_empty(); + +/** * Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1 */ static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data) @@ -167,11 +197,6 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun chunk_t em; u_int8_t *pos; - if(!this->is_key_set) - { - return INVALID_STATE; - } - if (signature.len > this->k) { return INVALID_ARG; @@ -286,36 +311,10 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun } /** - * Implementation of rsa_public_key.set_key. - */ -static status_t set_key(private_rsa_public_key_t *this, chunk_t key) -{ - der_decoder_t *dd; - status_t status; - - dd = der_decoder_create(rsa_public_key_rules); - - status = dd->decode(dd, key, this); - if (status == SUCCESS) - { - this->is_key_set = TRUE; - this->k = mpz_sizeinbase(this->n, 2) / 8; - } - dd->destroy(dd); - return status; -} - - -/** * Implementation of rsa_public_key.get_key. */ static status_t get_key(private_rsa_public_key_t *this, chunk_t *key) -{ - if (!this->is_key_set) - { - return INVALID_STATE; - } - +{ chunk_t n, e; n.len = this->k; @@ -332,21 +331,35 @@ static status_t get_key(private_rsa_public_key_t *this, chunk_t *key) return SUCCESS; } - + /** - * Implementation of rsa_public_key.load_key. + * Implementation of rsa_public_key.save_key. */ -static status_t load_key(private_rsa_public_key_t *this, char *file) +static status_t save_key(private_rsa_public_key_t *this, char *file) { return NOT_SUPPORTED; } /** - * Implementation of rsa_public_key.save_key. + * Implementation of rsa_public_key.get_modulus. */ -static status_t save_key(private_rsa_public_key_t *this, char *file) +static mpz_t *get_modulus(private_rsa_public_key_t *this) { - return NOT_SUPPORTED; + return &this->n; +} + +/** + * Implementation of rsa_public_key.clone. + */ +static rsa_public_key_t* _clone(private_rsa_public_key_t *this) +{ + private_rsa_public_key_t *clone = rsa_public_key_create_empty(); + + mpz_init_set(clone->n, this->n); + mpz_init_set(clone->e, this->e); + clone->k = this->k; + + return &clone->public; } /** @@ -359,28 +372,97 @@ static void destroy(private_rsa_public_key_t *this) allocator_free(this); } -/* - * Described in header. +/** + * Generic private constructor */ -rsa_public_key_t *rsa_public_key_create() +private_rsa_public_key_t *rsa_public_key_create_empty() { private_rsa_public_key_t *this = allocator_alloc_thing(private_rsa_public_key_t); /* public functions */ this->public.verify_emsa_pkcs1_signature = (status_t (*) (rsa_public_key_t*,chunk_t,chunk_t))verify_emsa_pkcs1_signature; - this->public.set_key = (status_t (*) (rsa_public_key_t*,chunk_t))set_key; this->public.get_key = (status_t (*) (rsa_public_key_t*,chunk_t*))get_key; - this->public.load_key = (status_t (*) (rsa_public_key_t*,char*))load_key; this->public.save_key = (status_t (*) (rsa_public_key_t*,char*))save_key; + this->public.get_modulus = (mpz_t *(*) (rsa_public_key_t*))get_modulus; + this->public.clone = (rsa_public_key_t* (*) (rsa_public_key_t*))_clone; this->public.destroy = (void (*) (rsa_public_key_t*))destroy; /* private functions */ this->rsaep = rsaep; this->rsavp1 = rsaep; /* same algorithm */ + return this; +} + +/* + * See header + */ +rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk) +{ + der_decoder_t *dd; + status_t status; + private_rsa_public_key_t *this; + + this = rsa_public_key_create_empty(); mpz_init(this->n); mpz_init(this->e); - this->is_key_set = FALSE; - return &(this->public); + dd = der_decoder_create(rsa_public_key_rules); + status = dd->decode(dd, chunk, this); + dd->destroy(dd); + if (status != SUCCESS) + { + destroy(this); + return NULL; + } + this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8; + return &this->public; +} + +/* + * See header + */ +rsa_public_key_t *rsa_public_key_create_from_file(char *filename) +{ + struct stat stb; + FILE *file; + char *buffer; + chunk_t chunk; + rsa_public_key_info_t key_info = {CHUNK_INITIALIZER, CHUNK_INITIALIZER}; + der_decoder_t *dd; + status_t status; + rsa_public_key_t *public_key = NULL; + + if (stat(filename, &stb) == -1) + { + return NULL; + } + + buffer = alloca(stb.st_size); + + file = fopen(filename, "r"); + if (file == NULL) + { + return NULL; + } + + if (fread(buffer, stb.st_size, 1, file) != 1) + { + return NULL; + } + + chunk.ptr = buffer; + chunk.len = stb.st_size; + + /* parse public key info first */ + dd = der_decoder_create(rsa_public_key_info_rules); + status = dd->decode(dd, chunk, &key_info); + dd->destroy(dd); + allocator_free_chunk(&key_info.algorithm_oid); + if (status == SUCCESS) + { + public_key = rsa_public_key_create_from_chunk(chunk); + } + allocator_free_chunk(&key_info.public_key); + return public_key; } diff --git a/Source/charon/transforms/rsa/rsa_public_key.h b/Source/charon/transforms/rsa/rsa_public_key.h index a4671b148..ef79153d6 100644 --- a/Source/charon/transforms/rsa/rsa_public_key.h +++ b/Source/charon/transforms/rsa/rsa_public_key.h @@ -38,11 +38,13 @@ typedef struct rsa_public_key_t rsa_public_key_t; * the EMSA encoding (see PKCS1) * * @b Constructors: - * - rsa_public_key_create() + * - rsa_public_key_create_from_chunk() + * - rsa_public_key_create_from_file() + * - rsa_private_key_t.get_public_key() * * @see rsa_private_key_t * - * @todo Implement proper key set/get load/save methods using ASN1. + * @todo Implement getkey() and savekey() * * @ingroup rsa */ @@ -55,7 +57,7 @@ struct rsa_public_key_t { * selects the hash algorithm form the resultign ASN1-OID and * verifies the hash against the supplied data. * - * @param this rsa_private_key to use + * @param this rsa_public_key to use * @param data data to sign * @param signature signature to verify * @return @@ -68,20 +70,6 @@ struct rsa_public_key_t { status_t (*verify_emsa_pkcs1_signature) (rsa_public_key_t *this, chunk_t data, chunk_t signature); /** - * @brief Set the key. - * - * Currently uses a proprietary format which is only inteded - * for testing. This should be replaced with a proper - * ASN1 encoded key format, when charon gets the ASN1 - * capabilities. - * - * @param this calling object - * @param key key (in a propriarity format) - * @return currently SUCCESS in any case - */ - status_t (*set_key) (rsa_public_key_t *this, chunk_t key); - - /** * @brief Gets the key. * * Currently uses a proprietary format which is only inteded @@ -98,26 +86,31 @@ struct rsa_public_key_t { status_t (*get_key) (rsa_public_key_t *this, chunk_t *key); /** - * @brief Loads a key from a file. + * @brief Saves a key to a file. * * Not implemented! * * @param this calling object - * @param file file from which key should be read + * @param file file to which the key should be written. * @return NOT_SUPPORTED */ - status_t (*load_key) (rsa_public_key_t *this, char *file); + status_t (*save_key) (rsa_public_key_t *this, char *file); /** - * @brief Saves a key to a file. - * - * Not implemented! + * @brief Get the modulus of the key. * * @param this calling object - * @param file file to which the key should be written. - * @return NOT_SUPPORTED + * @return modulus (n) of the key */ - status_t (*save_key) (rsa_public_key_t *this, char *file); + mpz_t *(*get_modulus) (rsa_public_key_t *this); + + /** + * @brief Clone the public key. + * + * @param this public key to clone + * @return clone of this + */ + rsa_public_key_t *(*clone) (rsa_public_key_t *this); /** * @brief Destroys the public key. @@ -128,12 +121,33 @@ struct rsa_public_key_t { }; /** - * @brief Create a public key without any key inside. + * @brief Load an RSA public key from a chunk. + * + * Load a key from a chunk, encoded in the more frequently + * used PublicKeyInfo struct (ASN1 DER encoded). + * + * @param chunk chunk containing the DER encoded key + * @return loaded rsa_public_key_t, or NULL + * + * @todo Check OID in PublicKeyInfo + * + * @ingroup rsa + */ +rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk); + +/** + * @brief Load an RSA public key from a file. + * + * Load a key from a file, which is either in binary + * format (DER), or in PEM format. + * + * @param filename filename which holds the key + * @return loaded rsa_public_key_t, or NULL * - * @return created rsa_public_key_t. + * @todo Implement PEM file loading * * @ingroup rsa */ -rsa_public_key_t *rsa_public_key_create(); +rsa_public_key_t *rsa_public_key_create_from_file(char *filename); #endif /*RSA_PUBLIC_KEY_H_*/ |