diff options
Diffstat (limited to 'Source/lib/crypto/rsa')
| -rw-r--r-- | Source/lib/crypto/rsa/Makefile.rsa | 23 | ||||
| -rw-r--r-- | Source/lib/crypto/rsa/rsa_private_key.c | 615 | ||||
| -rw-r--r-- | Source/lib/crypto/rsa/rsa_private_key.h | 185 | ||||
| -rw-r--r-- | Source/lib/crypto/rsa/rsa_public_key.c | 468 | ||||
| -rw-r--r-- | Source/lib/crypto/rsa/rsa_public_key.h | 153 |
5 files changed, 1444 insertions, 0 deletions
diff --git a/Source/lib/crypto/rsa/Makefile.rsa b/Source/lib/crypto/rsa/Makefile.rsa new file mode 100644 index 000000000..1a0204c83 --- /dev/null +++ b/Source/lib/crypto/rsa/Makefile.rsa @@ -0,0 +1,23 @@ +# Copyright (C) 2005 Jan Hutter, Martin Willi +# Hochschule fuer Technik Rapperswil +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# + +RSA_DIR= $(CRYPTO_DIR)rsa/ + +LIB_OBJS+= $(BUILD_DIR)rsa_private_key.o +$(BUILD_DIR)rsa_private_key.o : $(RSA_DIR)rsa_private_key.c $(RSA_DIR)rsa_private_key.h + $(CC) $(CFLAGS) -c -o $@ $< + +LIB_OBJS+= $(BUILD_DIR)rsa_public_key.o +$(BUILD_DIR)rsa_public_key.o : $(RSA_DIR)rsa_public_key.c $(RSA_DIR)rsa_public_key.h + $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file diff --git a/Source/lib/crypto/rsa/rsa_private_key.c b/Source/lib/crypto/rsa/rsa_private_key.c new file mode 100644 index 000000000..0afadd179 --- /dev/null +++ b/Source/lib/crypto/rsa/rsa_private_key.c @@ -0,0 +1,615 @@ +/** + * @file rsa_private_key.c + * + * @brief Implementation of rsa_private_key_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <gmp.h> +#include <sys/stat.h> +#include <unistd.h> + +#include "rsa_private_key.h" + +#include <daemon.h> +#include <utils/allocator.h> +#include <asn1/der_decoder.h> + + +/* + * Oids for hash algorithms are defined in + * rsa_public_key.c. + */ +extern u_int8_t md2_oid[18]; +extern u_int8_t md5_oid[18]; +extern u_int8_t sha1_oid[15]; +extern u_int8_t sha256_oid[19]; +extern u_int8_t sha384_oid[19]; +extern u_int8_t sha512_oid[19]; + + +/** + * Public exponent to use for key generation. + */ +#define PUBLIC_EXPONENT 0x10001 + + +typedef struct private_rsa_private_key_t private_rsa_private_key_t; + +/** + * Private data of a rsa_private_key_t object. + */ +struct private_rsa_private_key_t { + /** + * Public interface for this signer. + */ + rsa_private_key_t public; + + /** + * Version of key, as encoded in PKCS#1 + */ + u_int version; + + /** + * Public modulus. + */ + mpz_t n; + + /** + * Public exponent. + */ + mpz_t e; + + /** + * Private prime 1. + */ + mpz_t p; + + /** + * Private Prime 2. + */ + mpz_t q; + + /** + * Private exponent. + */ + mpz_t d; + + /** + * Private exponent 1. + */ + mpz_t exp1; + + /** + * Private exponent 2. + */ + mpz_t exp2; + + /** + * Private coefficient. + */ + mpz_t coeff; + + /** + * Keysize in bytes. + */ + size_t k; + + /** + * @brief Implements the RSADP algorithm specified in PKCS#1. + * + * @param this calling object + * @param data data to process + * @return processed data + */ + chunk_t (*rsadp) (private_rsa_private_key_t *this, chunk_t data); + + /** + * @brief Implements the RSASP1 algorithm specified in PKCS#1. + * @param this calling object + * @param data data to process + * @return processed data + */ + chunk_t (*rsasp1) (private_rsa_private_key_t *this, chunk_t data); + + /** + * @brief Generate a prime value. + * + * @param this calling object + * @param prime_size size of the prime, in bytes + * @param[out] prime uninitialized mpz + */ + status_t (*compute_prime) (private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime); + +}; + +/** + * Rules for de-/encoding of a private key from/in ASN1 + */ +static asn1_rule_t rsa_private_key_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_INTEGER, 0, offsetof(private_rsa_private_key_t, version), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, n), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, e), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, d), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, p), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, q), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp1), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp2), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, coeff), 0}, + {ASN1_END, 0, 0, 0}, +}; + +static private_rsa_private_key_t *rsa_private_key_create_empty(); + +/** + * Implementation of private_rsa_private_key_t.compute_prime. + */ +static status_t compute_prime(private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime) +{ + randomizer_t *randomizer; + chunk_t random_bytes; + status_t status; + + randomizer = randomizer_create(); + mpz_init(*prime); + + do + { + status = randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes); + if (status != SUCCESS) + { + randomizer->destroy(randomizer); + mpz_clear(*prime); + return FAILED; + } + + /* make sure most significant bit is set */ + random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80; + + /* convert chunk to mpz value */ + mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); + + /* get next prime */ + mpz_nextprime (*prime, *prime); + + allocator_free(random_bytes.ptr); + } + /* check if it isnt too large */ + while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size); + + randomizer->destroy(randomizer); + return SUCCESS; +} + +/** + * Implementation of private_rsa_private_key_t.rsadp and private_rsa_private_key_t.rsasp1. + */ +static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data) +{ + mpz_t t1, t2; + chunk_t decrypted; + + mpz_init(t1); + mpz_init(t2); + + mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); + + mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ + mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ + mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ + mpz_mod(t2, t2, this->p); + mpz_mul(t2, t2, this->coeff); + mpz_mod(t2, t2, this->p); + + mpz_mul(t2, t2, this->q); /* m = m2 + h q */ + mpz_add(t1, t1, t2); + + decrypted.len = this->k; + decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); + + mpz_clear(t1); + mpz_clear(t2); + + return decrypted; +} + +/** + * Implementation of rsa_private_key.build_emsa_signature. + */ +static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature) +{ + hasher_t *hasher; + chunk_t hash; + chunk_t oid; + chunk_t em; + + /* get oid string prepended to hash */ + switch (hash_algorithm) + { + case HASH_MD2: + { + oid.ptr = md2_oid; + oid.len = sizeof(md2_oid); + break; + } + case HASH_MD5: + { + oid.ptr = md5_oid; + oid.len = sizeof(md5_oid); + break; + } + case HASH_SHA1: + { + oid.ptr = sha1_oid; + oid.len = sizeof(sha1_oid); + break; + } + case HASH_SHA256: + { + oid.ptr = sha256_oid; + oid.len = sizeof(sha256_oid); + break; + } + case HASH_SHA384: + { + oid.ptr = sha384_oid; + oid.len = sizeof(sha384_oid); + break; + } + case HASH_SHA512: + { + oid.ptr = sha512_oid; + oid.len = sizeof(sha512_oid); + break; + } + default: + { + return NOT_SUPPORTED; + } + } + + /* get hasher */ + hasher = hasher_create(hash_algorithm); + if (hasher == NULL) + { + return NOT_SUPPORTED; + } + + /* build hash */ + hasher->allocate_hash(hasher, data, &hash); + hasher->destroy(hasher); + + /* build chunk to rsa-decrypt: + * EM = 0x00 || 0x01 || PS || 0x00 || T. + * PS = 0xFF padding, with length to fill em + * T = oid || hash + */ + em.len = this->k; + em.ptr = allocator_alloc(em.len); + + /* fill em with padding */ + memset(em.ptr, 0xFF, em.len); + /* set magic bytes */ + *(em.ptr) = 0x00; + *(em.ptr+1) = 0x01; + *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00; + /* set hash */ + memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len); + /* set oid */ + memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len); + + + /* build signature */ + *signature = this->rsasp1(this, em); + + allocator_free(hash.ptr); + allocator_free(em.ptr); + + return SUCCESS; +} + +/** + * Implementation of rsa_private_key.get_key. + */ +static status_t get_key(private_rsa_private_key_t *this, chunk_t *key) +{ + chunk_t n, e, p, q, d, exp1, exp2, coeff; + + n.len = this->k; + n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); + e.len = this->k; + e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); + p.len = this->k; + p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p); + q.len = this->k; + q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q); + d.len = this->k; + d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d); + exp1.len = this->k; + exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1); + exp2.len = this->k; + exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2); + coeff.len = this->k; + coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff); + + key->len = this->k * 8; + key->ptr = allocator_alloc(key->len); + memcpy(key->ptr + this->k * 0, n.ptr , n.len); + memcpy(key->ptr + this->k * 1, e.ptr, e.len); + memcpy(key->ptr + this->k * 2, p.ptr, p.len); + memcpy(key->ptr + this->k * 3, q.ptr, q.len); + memcpy(key->ptr + this->k * 4, d.ptr, d.len); + memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len); + memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len); + memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len); + + allocator_free(n.ptr); + allocator_free(e.ptr); + allocator_free(p.ptr); + allocator_free(q.ptr); + allocator_free(d.ptr); + allocator_free(exp1.ptr); + allocator_free(exp2.ptr); + allocator_free(coeff.ptr); + + return SUCCESS; +} + +/** + * Implementation of rsa_private_key.save_key. + */ +static status_t save_key(private_rsa_private_key_t *this, char *file) +{ + return NOT_SUPPORTED; +} + +/** + * Implementation of rsa_private_key.get_public_key. + */ +rsa_public_key_t *get_public_key(private_rsa_private_key_t *this) +{ + return NULL; +} + +/** + * Implementation of rsa_private_key.belongs_to. + */ +static bool belongs_to(private_rsa_private_key_t *this, rsa_public_key_t *public) +{ + if (mpz_cmp(this->n, *public->get_modulus(public)) == 0) + { + return TRUE; + } + return FALSE; +} + +/** + * Implementation of rsa_private_key.clone. + */ +static rsa_private_key_t* _clone(private_rsa_private_key_t *this) +{ + private_rsa_private_key_t *clone = rsa_private_key_create_empty(); + + mpz_init_set(clone->n, this->n); + mpz_init_set(clone->e, this->e); + mpz_init_set(clone->p, this->p); + mpz_init_set(clone->q, this->q); + mpz_init_set(clone->d, this->d); + mpz_init_set(clone->exp1, this->exp1); + mpz_init_set(clone->exp2, this->exp2); + mpz_init_set(clone->coeff, this->coeff); + clone->k = this->k; + + return &clone->public; +} + +/** + * Implementation of rsa_private_key.destroy. + */ +static void destroy(private_rsa_private_key_t *this) +{ + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->p); + mpz_clear(this->q); + mpz_clear(this->d); + mpz_clear(this->exp1); + mpz_clear(this->exp2); + mpz_clear(this->coeff); + allocator_free(this); +} + +/** + * Internal generic constructor + */ +static private_rsa_private_key_t *rsa_private_key_create_empty() +{ + private_rsa_private_key_t *this = allocator_alloc_thing(private_rsa_private_key_t); + + /* public functions */ + this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature; + this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key; + this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key; + this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key; + this->public.belongs_to = (bool (*) (rsa_private_key_t*,rsa_public_key_t*))belongs_to; + this->public.clone = (rsa_private_key_t*(*)(rsa_private_key_t*))_clone; + this->public.destroy = (void (*) (rsa_private_key_t*))destroy; + + /* private functions */ + this->rsadp = rsadp; + this->rsasp1 = rsadp; /* same algorithm */ + this->compute_prime = compute_prime; + + return this; +} + +/* + * See header + */ +rsa_private_key_t *rsa_private_key_create(size_t key_size) +{ + mpz_t p, q, n, e, d, exp1, exp2, coeff; + mpz_t m, q1, t; + private_rsa_private_key_t *this; + + this = rsa_private_key_create_empty(); + key_size = key_size / 8; + + /* Get values of primes p and q */ + if (this->compute_prime(this, key_size/2, &p) != SUCCESS) + { + allocator_free(this); + return NULL; + } + if (this->compute_prime(this, key_size/2, &q) != SUCCESS) + { + mpz_clear(p); + allocator_free(this); + return NULL; + } + + + mpz_init(t); + mpz_init(n); + mpz_init(d); + mpz_init(exp1); + mpz_init(exp2); + mpz_init(coeff); + + + /* Swapping Primes so p is larger then q */ + if (mpz_cmp(p, q) < 0) + { + mpz_set(t, p); + mpz_set(p, q); + mpz_set(q, t); + } + + mpz_mul(n, p, q); /* n = p*q */ + mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */ + mpz_init_set(m, p); /* m = p */ + mpz_sub_ui(m, m, 1); /* m = m -1 */ + mpz_init_set(q1, q); /* q1 = q */ + mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */ + mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */ + mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */ + mpz_divexact(m, m, t); /* m = m / t */ + mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */ + + mpz_invert(d, e, m); /* e has an inverse mod m */ + if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */ + { + mpz_add(d, d, m); + } + mpz_sub_ui(t, p, 1); /* t = p-1 */ + mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */ + mpz_sub_ui(t, q, 1); /* t = q-1 */ + mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */ + + mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */ + if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */ + { + mpz_add(coeff, coeff, p); + } + + mpz_clear(q1); + mpz_clear(m); + mpz_clear(t); + + /* apply values */ + *(this->p) = *p; + *(this->q) = *q; + *(this->n) = *n; + *(this->e) = *e; + *(this->d) = *d; + *(this->exp1) = *exp1; + *(this->exp2) = *exp2; + *(this->coeff) = *coeff; + + /* set key size in bytes */ + this->k = key_size; + + return &this->public; +} + +/* + * see header + */ +rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t chunk) +{ + private_rsa_private_key_t *this; + der_decoder_t *dd; + status_t status; + + this = rsa_private_key_create_empty(); + + mpz_init(this->n); + mpz_init(this->e); + mpz_init(this->p); + mpz_init(this->q); + mpz_init(this->d); + mpz_init(this->exp1); + mpz_init(this->exp2); + mpz_init(this->coeff); + + dd = der_decoder_create(rsa_private_key_rules); + status = dd->decode(dd, chunk, this); + dd->destroy(dd); + if (status != SUCCESS) + { + destroy(this); + return NULL; + } + this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8; + return &this->public; +} + +/* + * see header + */ +rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase) +{ + chunk_t chunk; + struct stat stb; + FILE *file; + char *buffer; + + if (stat(filename, &stb) == -1) + { + return NULL; + } + + buffer = alloca(stb.st_size); + + file = fopen(filename, "r"); + if (file == NULL) + { + return NULL; + } + + if (fread(buffer, stb.st_size, 1, file) != 1) + { + return NULL; + } + + chunk.ptr = buffer; + chunk.len = stb.st_size; + + return rsa_private_key_create_from_chunk(chunk); +} diff --git a/Source/lib/crypto/rsa/rsa_private_key.h b/Source/lib/crypto/rsa/rsa_private_key.h new file mode 100644 index 000000000..b3b8ae87f --- /dev/null +++ b/Source/lib/crypto/rsa/rsa_private_key.h @@ -0,0 +1,185 @@ +/** + * @file rsa_private_key.h + * + * @brief Interface of rsa_private_key_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef RSA_PRIVATE_KEY_H_ +#define RSA_PRIVATE_KEY_H_ + +#include <types.h> +#include <definitions.h> +#include <crypto/rsa/rsa_public_key.h> +#include <crypto/hashers/hasher.h> + + +typedef struct rsa_private_key_t rsa_private_key_t; + +/** + * @brief RSA private key with associated functions. + * + * Currently only supports signing using EMSA encoding. + * + * @b Constructors: + * - rsa_private_key_create() + * - rsa_private_key_create_from_chunk() + * - rsa_private_key_create_from_file() + * + * @see rsa_public_key_t + * + * @todo Implement get_key(), save_key(), get_public_key() + * + * @ingroup rsa + */ +struct rsa_private_key_t { + + /** + * @brief Build a signature over a chunk using EMSA-PKCS1 encoding. + * + * This signature creates a hash using the specified hash algorithm, concatenates + * it with an ASN1-OID of the hash algorithm and runs the RSASP1 function + * on it. + * + * @param this calling object + * @param hash_algorithm hash algorithm to use for hashing + * @param data data to sign + * @param[out] signature allocated signature + * @return + * - SUCCESS + * - INVALID_STATE, if key not set + * - NOT_SUPPORTED, if hash algorithm not supported + */ + status_t (*build_emsa_pkcs1_signature) (rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature); + + /** + * @brief Gets the key. + * + * UNIMPLEMENTED! + * + * @param this calling object + * @param key key (in a propriarity format) + * @return + * - SUCCESS + * - INVALID_STATE, if key not set + */ + status_t (*get_key) (rsa_private_key_t *this, chunk_t *key); + + /** + * @brief Saves a key to a file. + * + * Not implemented! + * + * @param this calling object + * @param file file to which the key should be written. + * @return NOT_SUPPORTED + */ + status_t (*save_key) (rsa_private_key_t *this, char *file); + + /** + * @brief Generate a new key. + * + * Generates a new private_key with specified key size + * + * @param this calling object + * @param key_size size of the key in bits + * @return + * - SUCCESS + * - INVALID_ARG if key_size invalid + */ + status_t (*generate_key) (rsa_private_key_t *this, size_t key_size); + + /** + * @brief Create a rsa_public_key_t with the public + * parts of the key. + * + * @param this calling object + * @return public_key + */ + rsa_public_key_t *(*get_public_key) (rsa_private_key_t *this); + + /** + * @brief Check if a private key belongs to a public key. + * + * Compares the public part of the private key with the + * public key, return TRUE if it equals. + * + * @param this private key + * @param public public key + * @return TRUE, if keys belong together + */ + bool (*belongs_to) (rsa_private_key_t *this, rsa_public_key_t *public); + + /** + * @brief Clone the private key. + * + * @param this private key to clone + * @return clone of this + */ + rsa_private_key_t *(*clone) (rsa_private_key_t *this); + + /** + * @brief Destroys the private key. + * + * @param this private key to destroy + */ + void (*destroy) (rsa_private_key_t *this); +}; + +/** + * @brief Generate a new RSA key with specified key lenght. + * + * @param key_size size of the key in bits + * @return generated rsa_private_key_t. + * + * @ingroup rsa + */ +rsa_private_key_t *rsa_private_key_create(size_t key_size); + +/** + * @brief Load an RSA private key from a chunk. + * + * Load a key from a chunk, encoded as described in PKCS#1 + * (ASN1 DER encoded). + * + * @param chunk chunk containing the DER encoded key + * @return loaded rsa_private_key_t, or NULL + * + * @ingroup rsa + */ +rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t chunk); + +/** + * @brief Load an RSA private key from a file. + * + * Load a key from a file, which is either in a unencrypted binary + * format (DER), or in a (encrypted) PEM format. The supplied + * passphrase is used to decrypt an ecrypted key. + * + * @param filename filename which holds the key + * @param passphrase optional passphase for decryption + * @return loaded rsa_private_key_t, or NULL + * + * @todo Implement PEM file loading + * @todo Implement key decryption + * + * @ingroup rsa + */ +rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase); + +#endif /*RSA_PRIVATE_KEY_H_*/ diff --git a/Source/lib/crypto/rsa/rsa_public_key.c b/Source/lib/crypto/rsa/rsa_public_key.c new file mode 100644 index 000000000..57ad10128 --- /dev/null +++ b/Source/lib/crypto/rsa/rsa_public_key.c @@ -0,0 +1,468 @@ +/** + * @file rsa_public_key.c + * + * @brief Implementation of rsa_public_key_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <gmp.h> +#include <sys/stat.h> +#include <unistd.h> + +#include "rsa_public_key.h" + +#include <daemon.h> +#include <utils/allocator.h> +#include <crypto/hashers/hasher.h> +#include <asn1/der_decoder.h> + +/* + * For simplicity, + * we use these predefined values for + * hash algorithm OIDs. These also contain + * the length of the following hash. + * These values are also used in rsa_private_key.c. + */ + +u_int8_t md2_oid[] = { + 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86, + 0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00, + 0x04,0x10 +}; + +u_int8_t md5_oid[] = { + 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86, + 0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00, + 0x04,0x10 +}; + +u_int8_t sha1_oid[] = { + 0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e, + 0x03,0x02,0x1a,0x05,0x00,0x04,0x14 +}; + +u_int8_t sha256_oid[] = { + 0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86, + 0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05, + 0x00,0x04,0x20 +}; + +u_int8_t sha384_oid[] = { + 0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86, + 0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05, + 0x00,0x04,0x30 +}; + +u_int8_t sha512_oid[] = { + 0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86, + 0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05, + 0x00,0x04,0x40 +}; + + +typedef struct private_rsa_public_key_t private_rsa_public_key_t; + +/** + * Private data structure with signing context. + */ +struct private_rsa_public_key_t { + /** + * Public interface for this signer. + */ + rsa_public_key_t public; + + /** + * Public modulus. + */ + mpz_t n; + + /** + * Public exponent. + */ + mpz_t e; + + /** + * Keysize in bytes. + */ + size_t k; + + /** + * @brief Implements the RSAEP algorithm specified in PKCS#1. + * + * @param this calling object + * @param data data to process + * @return processed data + */ + chunk_t (*rsaep) (private_rsa_public_key_t *this, chunk_t data); + + /** + * @brief Implements the RSASVP1 algorithm specified in PKCS#1. + * + * @param this calling object + * @param data data to process + * @return processed data + */ + chunk_t (*rsavp1) (private_rsa_public_key_t *this, chunk_t data); +}; + + +typedef struct rsa_public_key_info_t rsa_public_key_info_t; + +/** + * KeyInfo, as it appears in a public key file + */ +struct rsa_public_key_info_t { + /** + * Algorithm for this key + */ + chunk_t algorithm_oid; + + /** + * Public key, parseable with rsa_public_key_rules + */ + chunk_t public_key; +}; + +/** + * Rules for de-/encoding of a public key from/in ASN1 + */ +static asn1_rule_t rsa_public_key_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, n), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, e), 0}, + {ASN1_END, 0, 0, 0}, +}; + +/** + * Rules for de-/encoding of a PublicKeyInfo from/in ASN1 + */ +static asn1_rule_t rsa_public_key_info_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_OID, 0, offsetof(rsa_public_key_info_t, algorithm_oid), 0}, + { ASN1_NULL, 0, 0, 0}, + { ASN1_END, 0, 0, 0}, + { ASN1_BITSTRING, 0, offsetof(rsa_public_key_info_t, public_key), 0}, + {ASN1_END, 0, 0, 0}, +}; + +private_rsa_public_key_t *rsa_public_key_create_empty(); + +/** + * Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1 + */ +static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data) +{ + mpz_t m, c; + chunk_t encrypted; + + mpz_init(c); + mpz_init(m); + + mpz_import(m, data.len, 1, 1, 1, 0, data.ptr); + + mpz_powm(c, m, this->e, this->n); + + encrypted.len = this->k; + encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c); + + mpz_clear(c); + mpz_clear(m); + + return encrypted; +} + +/** + * Implementation of rsa_public_key.verify_emsa_pkcs1_signature. + */ +static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature) +{ + hasher_t *hasher = NULL; + chunk_t hash; + chunk_t em; + u_int8_t *pos; + + if (signature.len > this->k) + { + return INVALID_ARG; + } + + /* unpack signature */ + em = this->rsavp1(this, signature); + + /* result should look like this: + * EM = 0x00 || 0x01 || PS || 0x00 || T. + * PS = 0xFF padding, with length to fill em + * T = oid || hash + */ + + /* check magic bytes */ + if ((*(em.ptr) != 0x00) || + (*(em.ptr+1) != 0x01)) + { + allocator_free(em.ptr); + return FAILED; + } + + /* find magic 0x00 */ + pos = em.ptr + 2; + while (pos <= em.ptr + em.len) + { + if (*pos == 0x00) + { + /* found magic byte, stop */ + pos++; + break; + } + else if (*pos != 0xFF) + { + /* bad padding, decryption failed ?!*/ + allocator_free(em.ptr); + return FAILED; + } + pos++; + } + + if (pos + 20 > em.ptr + em.len) + { + /* not enought room for oid compare */ + allocator_free(em.ptr); + return FAILED; + } + + if (memcmp(md2_oid, pos, sizeof(md2_oid)) == 0) + { + hasher = hasher_create(HASH_MD2); + pos += sizeof(md2_oid); + } + else if (memcmp(md5_oid, pos, sizeof(md5_oid)) == 0) + { + hasher = hasher_create(HASH_MD5); + pos += sizeof(md5_oid); + } + else if (memcmp(sha1_oid, pos, sizeof(sha1_oid)) == 0) + { + hasher = hasher_create(HASH_SHA1); + pos += sizeof(sha1_oid); + } + else if (memcmp(sha256_oid, pos, sizeof(sha256_oid)) == 0) + { + hasher = hasher_create(HASH_SHA256); + pos += sizeof(sha256_oid); + } + else if (memcmp(sha384_oid, pos, sizeof(sha384_oid)) == 0) + { + hasher = hasher_create(HASH_SHA384); + pos += sizeof(sha384_oid); + } + else if (memcmp(sha512_oid, pos, sizeof(sha512_oid)) == 0) + { + hasher = hasher_create(HASH_SHA512); + pos += sizeof(sha512_oid); + } + + if (hasher == NULL) + { + /* not supported hash algorithm */ + allocator_free(em.ptr); + return NOT_SUPPORTED; + } + + if (pos + hasher->get_block_size(hasher) != em.ptr + em.len) + { + /* bad length */ + allocator_free(em.ptr); + hasher->destroy(hasher); + return FAILED; + } + + /* build own hash for a compare */ + hasher->allocate_hash(hasher, data, &hash); + hasher->destroy(hasher); + + if (memcmp(hash.ptr, pos, hash.len) != 0) + { + /* hash does not equal */ + allocator_free(hash.ptr); + allocator_free(em.ptr); + return FAILED; + + } + + /* seems good */ + allocator_free(hash.ptr); + allocator_free(em.ptr); + return SUCCESS; +} + +/** + * Implementation of rsa_public_key.get_key. + */ +static status_t get_key(private_rsa_public_key_t *this, chunk_t *key) +{ + chunk_t n, e; + + n.len = this->k; + n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); + e.len = this->k; + e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); + + key->len = this->k * 2; + key->ptr = allocator_alloc(key->len); + memcpy(key->ptr, n.ptr, n.len); + memcpy(key->ptr + n.len, e.ptr, e.len); + allocator_free(n.ptr); + allocator_free(e.ptr); + + return SUCCESS; +} + +/** + * Implementation of rsa_public_key.save_key. + */ +static status_t save_key(private_rsa_public_key_t *this, char *file) +{ + return NOT_SUPPORTED; +} + +/** + * Implementation of rsa_public_key.get_modulus. + */ +static mpz_t *get_modulus(private_rsa_public_key_t *this) +{ + return &this->n; +} + +/** + * Implementation of rsa_public_key.clone. + */ +static rsa_public_key_t* _clone(private_rsa_public_key_t *this) +{ + private_rsa_public_key_t *clone = rsa_public_key_create_empty(); + + mpz_init_set(clone->n, this->n); + mpz_init_set(clone->e, this->e); + clone->k = this->k; + + return &clone->public; +} + +/** + * Implementation of rsa_public_key.destroy. + */ +static void destroy(private_rsa_public_key_t *this) +{ + mpz_clear(this->n); + mpz_clear(this->e); + allocator_free(this); +} + +/** + * Generic private constructor + */ +private_rsa_public_key_t *rsa_public_key_create_empty() +{ + private_rsa_public_key_t *this = allocator_alloc_thing(private_rsa_public_key_t); + + /* public functions */ + this->public.verify_emsa_pkcs1_signature = (status_t (*) (rsa_public_key_t*,chunk_t,chunk_t))verify_emsa_pkcs1_signature; + this->public.get_key = (status_t (*) (rsa_public_key_t*,chunk_t*))get_key; + this->public.save_key = (status_t (*) (rsa_public_key_t*,char*))save_key; + this->public.get_modulus = (mpz_t *(*) (rsa_public_key_t*))get_modulus; + this->public.clone = (rsa_public_key_t* (*) (rsa_public_key_t*))_clone; + this->public.destroy = (void (*) (rsa_public_key_t*))destroy; + + /* private functions */ + this->rsaep = rsaep; + this->rsavp1 = rsaep; /* same algorithm */ + + return this; +} + +/* + * See header + */ +rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk) +{ + der_decoder_t *dd; + status_t status; + private_rsa_public_key_t *this; + + this = rsa_public_key_create_empty(); + mpz_init(this->n); + mpz_init(this->e); + + dd = der_decoder_create(rsa_public_key_rules); + status = dd->decode(dd, chunk, this); + dd->destroy(dd); + if (status != SUCCESS) + { + destroy(this); + return NULL; + } + this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8; + return &this->public; +} + +/* + * See header + */ +rsa_public_key_t *rsa_public_key_create_from_file(char *filename) +{ + struct stat stb; + FILE *file; + char *buffer; + chunk_t chunk; + rsa_public_key_info_t key_info = {CHUNK_INITIALIZER, CHUNK_INITIALIZER}; + der_decoder_t *dd; + status_t status; + rsa_public_key_t *public_key = NULL; + + if (stat(filename, &stb) == -1) + { + return NULL; + } + + buffer = alloca(stb.st_size); + + file = fopen(filename, "r"); + if (file == NULL) + { + return NULL; + } + + if (fread(buffer, stb.st_size, 1, file) != 1) + { + return NULL; + } + + chunk.ptr = buffer; + chunk.len = stb.st_size; + + /* parse public key info first */ + dd = der_decoder_create(rsa_public_key_info_rules); + status = dd->decode(dd, chunk, &key_info); + dd->destroy(dd); + allocator_free_chunk(&key_info.algorithm_oid); + if (status == SUCCESS) + { + public_key = rsa_public_key_create_from_chunk(chunk); + } + allocator_free_chunk(&key_info.public_key); + return public_key; +} diff --git a/Source/lib/crypto/rsa/rsa_public_key.h b/Source/lib/crypto/rsa/rsa_public_key.h new file mode 100644 index 000000000..ef79153d6 --- /dev/null +++ b/Source/lib/crypto/rsa/rsa_public_key.h @@ -0,0 +1,153 @@ +/** + * @file rsa_public_key.h + * + * @brief Interface of rsa_public_key_t. + * + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef RSA_PUBLIC_KEY_H_ +#define RSA_PUBLIC_KEY_H_ + +#include <gmp.h> + +#include <types.h> +#include <definitions.h> + + +typedef struct rsa_public_key_t rsa_public_key_t; + +/** + * @brief RSA public key with associated functions. + * + * Currently only supports signature verification using + * the EMSA encoding (see PKCS1) + * + * @b Constructors: + * - rsa_public_key_create_from_chunk() + * - rsa_public_key_create_from_file() + * - rsa_private_key_t.get_public_key() + * + * @see rsa_private_key_t + * + * @todo Implement getkey() and savekey() + * + * @ingroup rsa + */ +struct rsa_public_key_t { + + /** + * @brief Verify a EMSA-PKCS1 encodined signature. + * + * Processes the supplied signature with the RSAVP1 function, + * selects the hash algorithm form the resultign ASN1-OID and + * verifies the hash against the supplied data. + * + * @param this rsa_public_key to use + * @param data data to sign + * @param signature signature to verify + * @return + * - SUCCESS, if signature ok + * - INVALID_STATE, if key not set + * - NOT_SUPPORTED, if hash algorithm not supported + * - INVALID_ARG, if signature is not a signature + * - FAILED if signature invalid or unable to verify + */ + status_t (*verify_emsa_pkcs1_signature) (rsa_public_key_t *this, chunk_t data, chunk_t signature); + + /** + * @brief Gets the key. + * + * Currently uses a proprietary format which is only inteded + * for testing. This should be replaced with a proper + * ASN1 encoded key format, when charon gets the ASN1 + * capabilities. + * + * @param this calling object + * @param key key (in a propriarity format) + * @return + * - SUCCESS + * - INVALID_STATE, if key not set + */ + status_t (*get_key) (rsa_public_key_t *this, chunk_t *key); + + /** + * @brief Saves a key to a file. + * + * Not implemented! + * + * @param this calling object + * @param file file to which the key should be written. + * @return NOT_SUPPORTED + */ + status_t (*save_key) (rsa_public_key_t *this, char *file); + + /** + * @brief Get the modulus of the key. + * + * @param this calling object + * @return modulus (n) of the key + */ + mpz_t *(*get_modulus) (rsa_public_key_t *this); + + /** + * @brief Clone the public key. + * + * @param this public key to clone + * @return clone of this + */ + rsa_public_key_t *(*clone) (rsa_public_key_t *this); + + /** + * @brief Destroys the public key. + * + * @param this public key to destroy + */ + void (*destroy) (rsa_public_key_t *this); +}; + +/** + * @brief Load an RSA public key from a chunk. + * + * Load a key from a chunk, encoded in the more frequently + * used PublicKeyInfo struct (ASN1 DER encoded). + * + * @param chunk chunk containing the DER encoded key + * @return loaded rsa_public_key_t, or NULL + * + * @todo Check OID in PublicKeyInfo + * + * @ingroup rsa + */ +rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk); + +/** + * @brief Load an RSA public key from a file. + * + * Load a key from a file, which is either in binary + * format (DER), or in PEM format. + * + * @param filename filename which holds the key + * @return loaded rsa_public_key_t, or NULL + * + * @todo Implement PEM file loading + * + * @ingroup rsa + */ +rsa_public_key_t *rsa_public_key_create_from_file(char *filename); + +#endif /*RSA_PUBLIC_KEY_H_*/ |