aboutsummaryrefslogtreecommitdiffstats
path: root/Source/lib/crypto/rsa
diff options
context:
space:
mode:
Diffstat (limited to 'Source/lib/crypto/rsa')
-rw-r--r--Source/lib/crypto/rsa/Makefile.rsa23
-rw-r--r--Source/lib/crypto/rsa/rsa_private_key.c772
-rw-r--r--Source/lib/crypto/rsa/rsa_private_key.h185
-rw-r--r--Source/lib/crypto/rsa/rsa_public_key.c458
-rw-r--r--Source/lib/crypto/rsa/rsa_public_key.h153
5 files changed, 0 insertions, 1591 deletions
diff --git a/Source/lib/crypto/rsa/Makefile.rsa b/Source/lib/crypto/rsa/Makefile.rsa
deleted file mode 100644
index 1a0204c83..000000000
--- a/Source/lib/crypto/rsa/Makefile.rsa
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright (C) 2005 Jan Hutter, Martin Willi
-# Hochschule fuer Technik Rapperswil
-#
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# for more details.
-#
-
-RSA_DIR= $(CRYPTO_DIR)rsa/
-
-LIB_OBJS+= $(BUILD_DIR)rsa_private_key.o
-$(BUILD_DIR)rsa_private_key.o : $(RSA_DIR)rsa_private_key.c $(RSA_DIR)rsa_private_key.h
- $(CC) $(CFLAGS) -c -o $@ $<
-
-LIB_OBJS+= $(BUILD_DIR)rsa_public_key.o
-$(BUILD_DIR)rsa_public_key.o : $(RSA_DIR)rsa_public_key.c $(RSA_DIR)rsa_public_key.h
- $(CC) $(CFLAGS) -c -o $@ $< \ No newline at end of file
diff --git a/Source/lib/crypto/rsa/rsa_private_key.c b/Source/lib/crypto/rsa/rsa_private_key.c
deleted file mode 100644
index 358653f0e..000000000
--- a/Source/lib/crypto/rsa/rsa_private_key.c
+++ /dev/null
@@ -1,772 +0,0 @@
-/**
- * @file rsa_private_key.c
- *
- * @brief Implementation of rsa_private_key_t.
- *
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <gmp.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <string.h>
-
-#include "rsa_private_key.h"
-
-#include <daemon.h>
-#include <asn1/asn1.h>
-
-/*
- * Oids for hash algorithms are defined in
- * rsa_public_key.c.
- */
-extern u_int8_t md2_oid[18];
-extern u_int8_t md5_oid[18];
-extern u_int8_t sha1_oid[15];
-extern u_int8_t sha256_oid[19];
-extern u_int8_t sha384_oid[19];
-extern u_int8_t sha512_oid[19];
-
-
-/**
- * Public exponent to use for key generation.
- */
-#define PUBLIC_EXPONENT 0x10001
-
-
-typedef struct private_rsa_private_key_t private_rsa_private_key_t;
-
-/**
- * Private data of a rsa_private_key_t object.
- */
-struct private_rsa_private_key_t {
- /**
- * Public interface for this signer.
- */
- rsa_private_key_t public;
-
- /**
- * Version of key, as encoded in PKCS#1
- */
- u_int version;
-
- /**
- * Public modulus.
- */
- mpz_t n;
-
- /**
- * Public exponent.
- */
- mpz_t e;
-
- /**
- * Private prime 1.
- */
- mpz_t p;
-
- /**
- * Private Prime 2.
- */
- mpz_t q;
-
- /**
- * Private exponent.
- */
- mpz_t d;
-
- /**
- * Private exponent 1.
- */
- mpz_t exp1;
-
- /**
- * Private exponent 2.
- */
- mpz_t exp2;
-
- /**
- * Private coefficient.
- */
- mpz_t coeff;
-
- /**
- * Keysize in bytes.
- */
- size_t k;
-
- /**
- * @brief Implements the RSADP algorithm specified in PKCS#1.
- *
- * @param this calling object
- * @param data data to process
- * @return processed data
- */
- chunk_t (*rsadp) (private_rsa_private_key_t *this, chunk_t data);
-
- /**
- * @brief Implements the RSASP1 algorithm specified in PKCS#1.
- * @param this calling object
- * @param data data to process
- * @return processed data
- */
- chunk_t (*rsasp1) (private_rsa_private_key_t *this, chunk_t data);
-
- /**
- * @brief Generate a prime value.
- *
- * @param this calling object
- * @param prime_size size of the prime, in bytes
- * @param[out] prime uninitialized mpz
- */
- status_t (*compute_prime) (private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime);
-
-};
-
-/* ASN.1 definition of a PKCS#1 RSA private key */
-static const asn1Object_t privkey_objects[] = {
- { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
- { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
- { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
- { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
- { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
- { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
- { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
- { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
- { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
- { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
- ASN1_LOOP }, /* 10 */
- { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
- { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
- { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
- { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
- { 1, "end opt or loop", ASN1_EOC, ASN1_END } /* 15 */
-};
-
-#define PRIV_KEY_VERSION 1
-#define PRIV_KEY_MODULUS 2
-#define PRIV_KEY_PUB_EXP 3
-#define PRIV_KEY_PRIV_EXP 4
-#define PRIV_KEY_PRIME1 5
-#define PRIV_KEY_PRIME2 6
-#define PRIV_KEY_EXP1 7
-#define PRIV_KEY_EXP2 8
-#define PRIV_KEY_COEFF 9
-#define PRIV_KEY_ROOF 16
-
-static private_rsa_private_key_t *rsa_private_key_create_empty();
-
-/**
- * Implementation of private_rsa_private_key_t.compute_prime.
- */
-static status_t compute_prime(private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime)
-{
- randomizer_t *randomizer;
- chunk_t random_bytes;
- status_t status;
-
- randomizer = randomizer_create();
- mpz_init(*prime);
-
- do
- {
- status = randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes);
- if (status != SUCCESS)
- {
- randomizer->destroy(randomizer);
- mpz_clear(*prime);
- return FAILED;
- }
-
- /* make sure most significant bit is set */
- random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
-
- /* convert chunk to mpz value */
- mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
-
- /* get next prime */
- mpz_nextprime (*prime, *prime);
-
- free(random_bytes.ptr);
- }
- /* check if it isnt too large */
- while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
-
- randomizer->destroy(randomizer);
- return SUCCESS;
-}
-
-/**
- * Implementation of private_rsa_private_key_t.rsadp and private_rsa_private_key_t.rsasp1.
- */
-static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data)
-{
- mpz_t t1, t2;
- chunk_t decrypted;
-
- mpz_init(t1);
- mpz_init(t2);
-
- mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
-
- mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
- mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
- mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
- mpz_mod(t2, t2, this->p);
- mpz_mul(t2, t2, this->coeff);
- mpz_mod(t2, t2, this->p);
-
- mpz_mul(t2, t2, this->q); /* m = m2 + h q */
- mpz_add(t1, t1, t2);
-
- decrypted.len = this->k;
- decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
-
- mpz_clear(t1);
- mpz_clear(t2);
-
- return decrypted;
-}
-
-/**
- * Implementation of rsa_private_key.build_emsa_signature.
- */
-static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature)
-{
- hasher_t *hasher;
- chunk_t hash;
- chunk_t oid;
- chunk_t em;
-
- /* get oid string prepended to hash */
- switch (hash_algorithm)
- {
- case HASH_MD2:
- {
- oid.ptr = md2_oid;
- oid.len = sizeof(md2_oid);
- break;
- }
- case HASH_MD5:
- {
- oid.ptr = md5_oid;
- oid.len = sizeof(md5_oid);
- break;
- }
- case HASH_SHA1:
- {
- oid.ptr = sha1_oid;
- oid.len = sizeof(sha1_oid);
- break;
- }
- case HASH_SHA256:
- {
- oid.ptr = sha256_oid;
- oid.len = sizeof(sha256_oid);
- break;
- }
- case HASH_SHA384:
- {
- oid.ptr = sha384_oid;
- oid.len = sizeof(sha384_oid);
- break;
- }
- case HASH_SHA512:
- {
- oid.ptr = sha512_oid;
- oid.len = sizeof(sha512_oid);
- break;
- }
- default:
- {
- return NOT_SUPPORTED;
- }
- }
-
- /* get hasher */
- hasher = hasher_create(hash_algorithm);
- if (hasher == NULL)
- {
- return NOT_SUPPORTED;
- }
-
- /* build hash */
- hasher->allocate_hash(hasher, data, &hash);
- hasher->destroy(hasher);
-
- /* build chunk to rsa-decrypt:
- * EM = 0x00 || 0x01 || PS || 0x00 || T.
- * PS = 0xFF padding, with length to fill em
- * T = oid || hash
- */
- em.len = this->k;
- em.ptr = malloc(em.len);
-
- /* fill em with padding */
- memset(em.ptr, 0xFF, em.len);
- /* set magic bytes */
- *(em.ptr) = 0x00;
- *(em.ptr+1) = 0x01;
- *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00;
- /* set hash */
- memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len);
- /* set oid */
- memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len);
-
- /* build signature */
- *signature = this->rsasp1(this, em);
-
- free(hash.ptr);
- free(em.ptr);
-
- return SUCCESS;
-}
-
-/**
- * Implementation of rsa_private_key.get_key.
- */
-static status_t get_key(private_rsa_private_key_t *this, chunk_t *key)
-{
- chunk_t n, e, p, q, d, exp1, exp2, coeff;
-
- n.len = this->k;
- n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
- e.len = this->k;
- e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
- p.len = this->k;
- p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p);
- q.len = this->k;
- q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q);
- d.len = this->k;
- d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d);
- exp1.len = this->k;
- exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1);
- exp2.len = this->k;
- exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2);
- coeff.len = this->k;
- coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff);
-
- key->len = this->k * 8;
- key->ptr = malloc(key->len);
- memcpy(key->ptr + this->k * 0, n.ptr , n.len);
- memcpy(key->ptr + this->k * 1, e.ptr, e.len);
- memcpy(key->ptr + this->k * 2, p.ptr, p.len);
- memcpy(key->ptr + this->k * 3, q.ptr, q.len);
- memcpy(key->ptr + this->k * 4, d.ptr, d.len);
- memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len);
- memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len);
- memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len);
-
- free(n.ptr);
- free(e.ptr);
- free(p.ptr);
- free(q.ptr);
- free(d.ptr);
- free(exp1.ptr);
- free(exp2.ptr);
- free(coeff.ptr);
-
- return SUCCESS;
-}
-
-/**
- * Implementation of rsa_private_key.save_key.
- */
-static status_t save_key(private_rsa_private_key_t *this, char *file)
-{
- return NOT_SUPPORTED;
-}
-
-/**
- * Implementation of rsa_private_key.get_public_key.
- */
-rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
-{
- return NULL;
-}
-
-/**
- * Implementation of rsa_private_key.belongs_to.
- */
-static bool belongs_to(private_rsa_private_key_t *this, rsa_public_key_t *public)
-{
- if (mpz_cmp(this->n, *public->get_modulus(public)) == 0)
- {
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- * Check the loaded key if it is valid and usable
- * TODO: Log errors
- */
-static status_t check(private_rsa_private_key_t *this)
-{
- mpz_t t, u, q1;
- status_t status = SUCCESS;
-
- /* PKCS#1 1.5 section 6 requires modulus to have at least 12 octets.
- * We actually require more (for security).
- */
- if (this->k < 512/8)
- {
- return FAILED;
- }
-
- /* we picked a max modulus size to simplify buffer allocation */
- if (this->k > 8192/8)
- {
- return FAILED;
- }
-
- mpz_init(t);
- mpz_init(u);
- mpz_init(q1);
-
- /* check that n == p * q */
- mpz_mul(u, this->p, this->q);
- if (mpz_cmp(u, this->n) != 0)
- {
- status = FAILED;
- }
-
- /* check that e divides neither p-1 nor q-1 */
- mpz_sub_ui(t, this->p, 1);
- mpz_mod(t, t, this->e);
- if (mpz_cmp_ui(t, 0) == 0)
- {
- status = FAILED;
- }
-
- mpz_sub_ui(t, this->q, 1);
- mpz_mod(t, t, this->e);
- if (mpz_cmp_ui(t, 0) == 0)
- {
- status = FAILED;
- }
-
- /* check that d is e^-1 (mod lcm(p-1, q-1)) */
- /* see PKCS#1v2, aka RFC 2437, for the "lcm" */
- mpz_sub_ui(q1, this->q, 1);
- mpz_sub_ui(u, this->p, 1);
- mpz_gcd(t, u, q1); /* t := gcd(p-1, q-1) */
- mpz_mul(u, u, q1); /* u := (p-1) * (q-1) */
- mpz_divexact(u, u, t); /* u := lcm(p-1, q-1) */
-
- mpz_mul(t, this->d, this->e);
- mpz_mod(t, t, u);
- if (mpz_cmp_ui(t, 1) != 0)
- {
- status = FAILED;
- }
-
- /* check that exp1 is d mod (p-1) */
- mpz_sub_ui(u, this->p, 1);
- mpz_mod(t, this->d, u);
- if (mpz_cmp(t, this->exp1) != 0)
- {
- status = FAILED;
- }
-
- /* check that exp2 is d mod (q-1) */
- mpz_sub_ui(u, this->q, 1);
- mpz_mod(t, this->d, u);
- if (mpz_cmp(t, this->exp2) != 0)
- {
- status = FAILED;
- }
-
- /* check that coeff is (q^-1) mod p */
- mpz_mul(t, this->coeff, this->q);
- mpz_mod(t, t, this->p);
- if (mpz_cmp_ui(t, 1) != 0)
- {
- status = FAILED;
- }
-
- mpz_clear(t);
- mpz_clear(u);
- mpz_clear(q1);
- return status;
-}
-
-/**
- * Implementation of rsa_private_key.clone.
- */
-static rsa_private_key_t* _clone(private_rsa_private_key_t *this)
-{
- private_rsa_private_key_t *clone = rsa_private_key_create_empty();
-
- mpz_init_set(clone->n, this->n);
- mpz_init_set(clone->e, this->e);
- mpz_init_set(clone->p, this->p);
- mpz_init_set(clone->q, this->q);
- mpz_init_set(clone->d, this->d);
- mpz_init_set(clone->exp1, this->exp1);
- mpz_init_set(clone->exp2, this->exp2);
- mpz_init_set(clone->coeff, this->coeff);
- clone->k = this->k;
-
- return &clone->public;
-}
-
-/**
- * Implementation of rsa_private_key.destroy.
- */
-static void destroy(private_rsa_private_key_t *this)
-{
- mpz_clear(this->n);
- mpz_clear(this->e);
- mpz_clear(this->p);
- mpz_clear(this->q);
- mpz_clear(this->d);
- mpz_clear(this->exp1);
- mpz_clear(this->exp2);
- mpz_clear(this->coeff);
- free(this);
-}
-
-/**
- * Internal generic constructor
- */
-static private_rsa_private_key_t *rsa_private_key_create_empty()
-{
- private_rsa_private_key_t *this = malloc_thing(private_rsa_private_key_t);
-
- /* public functions */
- this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature;
- this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key;
- this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key;
- this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key;
- this->public.belongs_to = (bool (*) (rsa_private_key_t*,rsa_public_key_t*))belongs_to;
- this->public.clone = (rsa_private_key_t*(*)(rsa_private_key_t*))_clone;
- this->public.destroy = (void (*) (rsa_private_key_t*))destroy;
-
- /* private functions */
- this->rsadp = rsadp;
- this->rsasp1 = rsadp; /* same algorithm */
- this->compute_prime = compute_prime;
-
- return this;
-}
-
-/*
- * See header
- */
-rsa_private_key_t *rsa_private_key_create(size_t key_size)
-{
- mpz_t p, q, n, e, d, exp1, exp2, coeff;
- mpz_t m, q1, t;
- private_rsa_private_key_t *this;
-
- this = rsa_private_key_create_empty();
- key_size = key_size / 8;
-
- /* Get values of primes p and q */
- if (this->compute_prime(this, key_size/2, &p) != SUCCESS)
- {
- free(this);
- return NULL;
- }
- if (this->compute_prime(this, key_size/2, &q) != SUCCESS)
- {
- mpz_clear(p);
- free(this);
- return NULL;
- }
-
- mpz_init(t);
- mpz_init(n);
- mpz_init(d);
- mpz_init(exp1);
- mpz_init(exp2);
- mpz_init(coeff);
-
- /* Swapping Primes so p is larger then q */
- if (mpz_cmp(p, q) < 0)
- {
- mpz_set(t, p);
- mpz_set(p, q);
- mpz_set(q, t);
- }
-
- mpz_mul(n, p, q); /* n = p*q */
- mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */
- mpz_init_set(m, p); /* m = p */
- mpz_sub_ui(m, m, 1); /* m = m -1 */
- mpz_init_set(q1, q); /* q1 = q */
- mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */
- mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */
- mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */
- mpz_divexact(m, m, t); /* m = m / t */
- mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */
-
- mpz_invert(d, e, m); /* e has an inverse mod m */
- if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */
- {
- mpz_add(d, d, m);
- }
- mpz_sub_ui(t, p, 1); /* t = p-1 */
- mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */
- mpz_sub_ui(t, q, 1); /* t = q-1 */
- mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */
-
- mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */
- if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */
- {
- mpz_add(coeff, coeff, p);
- }
-
- mpz_clear(q1);
- mpz_clear(m);
- mpz_clear(t);
-
- /* apply values */
- *(this->p) = *p;
- *(this->q) = *q;
- *(this->n) = *n;
- *(this->e) = *e;
- *(this->d) = *d;
- *(this->exp1) = *exp1;
- *(this->exp2) = *exp2;
- *(this->coeff) = *coeff;
-
- /* set key size in bytes */
- this->k = key_size;
-
- return &this->public;
-}
-
-/*
- * see header
- */
-rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t blob)
-{
- asn1_ctx_t ctx;
- chunk_t object;
- u_int level;
- int objectID = 0;
- private_rsa_private_key_t *this;
-
- this = rsa_private_key_create_empty();
-
- mpz_init(this->n);
- mpz_init(this->e);
- mpz_init(this->p);
- mpz_init(this->q);
- mpz_init(this->d);
- mpz_init(this->exp1);
- mpz_init(this->exp2);
- mpz_init(this->coeff);
-
- asn1_init(&ctx, blob, 0, FALSE);
-
- while (objectID < PRIV_KEY_ROOF)
- {
- if (!extract_object(privkey_objects, &objectID, &object, &level, &ctx))
- {
- destroy(this);
- return FALSE;
- }
- switch (objectID)
- {
- case PRIV_KEY_VERSION:
- if (object.len > 0 && *object.ptr != 0)
- {
- destroy(this);
- return NULL;
- }
- break;
- case PRIV_KEY_MODULUS:
- mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
- break;
- case PRIV_KEY_PUB_EXP:
- mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
- break;
- case PRIV_KEY_PRIV_EXP:
- mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr);
- break;
- case PRIV_KEY_PRIME1:
- mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr);
- break;
- case PRIV_KEY_PRIME2:
- mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr);
- break;
- case PRIV_KEY_EXP1:
- mpz_import(this->exp1, object.len, 1, 1, 1, 0, object.ptr);
- break;
- case PRIV_KEY_EXP2:
- mpz_import(this->exp2, object.len, 1, 1, 1, 0, object.ptr);
- break;
- case PRIV_KEY_COEFF:
- mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr);
- break;
- }
- objectID++;
- }
-
- this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
-
- if (check(this) != SUCCESS)
- {
- destroy(this);
- return NULL;
- }
- else
- {
- return &this->public;
- }
-}
-
-/*
- * see header
- * TODO: PEM files
- */
-rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase)
-{
- chunk_t chunk;
- struct stat stb;
- FILE *file;
- char *buffer;
-
- if (stat(filename, &stb) == -1)
- {
- return NULL;
- }
-
- buffer = alloca(stb.st_size);
-
- file = fopen(filename, "r");
- if (file == NULL)
- {
- return NULL;
- }
-
- if (fread(buffer, stb.st_size, 1, file) != 1)
- {
- fclose(file);
- return NULL;
- }
- fclose(file);
-
- chunk.ptr = buffer;
- chunk.len = stb.st_size;
-
- return rsa_private_key_create_from_chunk(chunk);
-}
diff --git a/Source/lib/crypto/rsa/rsa_private_key.h b/Source/lib/crypto/rsa/rsa_private_key.h
deleted file mode 100644
index b3b8ae87f..000000000
--- a/Source/lib/crypto/rsa/rsa_private_key.h
+++ /dev/null
@@ -1,185 +0,0 @@
-/**
- * @file rsa_private_key.h
- *
- * @brief Interface of rsa_private_key_t.
- *
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef RSA_PRIVATE_KEY_H_
-#define RSA_PRIVATE_KEY_H_
-
-#include <types.h>
-#include <definitions.h>
-#include <crypto/rsa/rsa_public_key.h>
-#include <crypto/hashers/hasher.h>
-
-
-typedef struct rsa_private_key_t rsa_private_key_t;
-
-/**
- * @brief RSA private key with associated functions.
- *
- * Currently only supports signing using EMSA encoding.
- *
- * @b Constructors:
- * - rsa_private_key_create()
- * - rsa_private_key_create_from_chunk()
- * - rsa_private_key_create_from_file()
- *
- * @see rsa_public_key_t
- *
- * @todo Implement get_key(), save_key(), get_public_key()
- *
- * @ingroup rsa
- */
-struct rsa_private_key_t {
-
- /**
- * @brief Build a signature over a chunk using EMSA-PKCS1 encoding.
- *
- * This signature creates a hash using the specified hash algorithm, concatenates
- * it with an ASN1-OID of the hash algorithm and runs the RSASP1 function
- * on it.
- *
- * @param this calling object
- * @param hash_algorithm hash algorithm to use for hashing
- * @param data data to sign
- * @param[out] signature allocated signature
- * @return
- * - SUCCESS
- * - INVALID_STATE, if key not set
- * - NOT_SUPPORTED, if hash algorithm not supported
- */
- status_t (*build_emsa_pkcs1_signature) (rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature);
-
- /**
- * @brief Gets the key.
- *
- * UNIMPLEMENTED!
- *
- * @param this calling object
- * @param key key (in a propriarity format)
- * @return
- * - SUCCESS
- * - INVALID_STATE, if key not set
- */
- status_t (*get_key) (rsa_private_key_t *this, chunk_t *key);
-
- /**
- * @brief Saves a key to a file.
- *
- * Not implemented!
- *
- * @param this calling object
- * @param file file to which the key should be written.
- * @return NOT_SUPPORTED
- */
- status_t (*save_key) (rsa_private_key_t *this, char *file);
-
- /**
- * @brief Generate a new key.
- *
- * Generates a new private_key with specified key size
- *
- * @param this calling object
- * @param key_size size of the key in bits
- * @return
- * - SUCCESS
- * - INVALID_ARG if key_size invalid
- */
- status_t (*generate_key) (rsa_private_key_t *this, size_t key_size);
-
- /**
- * @brief Create a rsa_public_key_t with the public
- * parts of the key.
- *
- * @param this calling object
- * @return public_key
- */
- rsa_public_key_t *(*get_public_key) (rsa_private_key_t *this);
-
- /**
- * @brief Check if a private key belongs to a public key.
- *
- * Compares the public part of the private key with the
- * public key, return TRUE if it equals.
- *
- * @param this private key
- * @param public public key
- * @return TRUE, if keys belong together
- */
- bool (*belongs_to) (rsa_private_key_t *this, rsa_public_key_t *public);
-
- /**
- * @brief Clone the private key.
- *
- * @param this private key to clone
- * @return clone of this
- */
- rsa_private_key_t *(*clone) (rsa_private_key_t *this);
-
- /**
- * @brief Destroys the private key.
- *
- * @param this private key to destroy
- */
- void (*destroy) (rsa_private_key_t *this);
-};
-
-/**
- * @brief Generate a new RSA key with specified key lenght.
- *
- * @param key_size size of the key in bits
- * @return generated rsa_private_key_t.
- *
- * @ingroup rsa
- */
-rsa_private_key_t *rsa_private_key_create(size_t key_size);
-
-/**
- * @brief Load an RSA private key from a chunk.
- *
- * Load a key from a chunk, encoded as described in PKCS#1
- * (ASN1 DER encoded).
- *
- * @param chunk chunk containing the DER encoded key
- * @return loaded rsa_private_key_t, or NULL
- *
- * @ingroup rsa
- */
-rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t chunk);
-
-/**
- * @brief Load an RSA private key from a file.
- *
- * Load a key from a file, which is either in a unencrypted binary
- * format (DER), or in a (encrypted) PEM format. The supplied
- * passphrase is used to decrypt an ecrypted key.
- *
- * @param filename filename which holds the key
- * @param passphrase optional passphase for decryption
- * @return loaded rsa_private_key_t, or NULL
- *
- * @todo Implement PEM file loading
- * @todo Implement key decryption
- *
- * @ingroup rsa
- */
-rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase);
-
-#endif /*RSA_PRIVATE_KEY_H_*/
diff --git a/Source/lib/crypto/rsa/rsa_public_key.c b/Source/lib/crypto/rsa/rsa_public_key.c
deleted file mode 100644
index 6601b6cda..000000000
--- a/Source/lib/crypto/rsa/rsa_public_key.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/**
- * @file rsa_public_key.c
- *
- * @brief Implementation of rsa_public_key_t.
- *
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <gmp.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <string.h>
-
-#include "rsa_public_key.h"
-
-#include <daemon.h>
-#include <crypto/hashers/hasher.h>
-#include <asn1/asn1.h>
-
-/*
- * For simplicity,
- * we use these predefined values for
- * hash algorithm OIDs. These also contain
- * the length of the following hash.
- * These values are also used in rsa_private_key.c.
- * TODO: We may move them in asn1 sometime...
- */
-
-u_int8_t md2_oid[] = {
- 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
- 0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,
- 0x04,0x10
-};
-
-u_int8_t md5_oid[] = {
- 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
- 0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,
- 0x04,0x10
-};
-
-u_int8_t sha1_oid[] = {
- 0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,
- 0x03,0x02,0x1a,0x05,0x00,0x04,0x14
-};
-
-u_int8_t sha256_oid[] = {
- 0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,
- 0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,
- 0x00,0x04,0x20
-};
-
-u_int8_t sha384_oid[] = {
- 0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,
- 0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,
- 0x00,0x04,0x30
-};
-
-u_int8_t sha512_oid[] = {
- 0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,
- 0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,
- 0x00,0x04,0x40
-};
-
-/* ASN.1 definition public key */
-static const asn1Object_t pubkey_objects[] = {
- { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
- { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */
- { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */
-};
-
-#define PUB_KEY_RSA_PUBLIC_KEY 0
-#define PUB_KEY_MODULUS 1
-#define PUB_KEY_EXPONENT 2
-#define PUB_KEY_ROOF 3
-
-typedef struct private_rsa_public_key_t private_rsa_public_key_t;
-
-/**
- * Private data structure with signing context.
- */
-struct private_rsa_public_key_t {
- /**
- * Public interface for this signer.
- */
- rsa_public_key_t public;
-
- /**
- * Public modulus.
- */
- mpz_t n;
-
- /**
- * Public exponent.
- */
- mpz_t e;
-
- /**
- * Keysize in bytes.
- */
- size_t k;
-
- /**
- * @brief Implements the RSAEP algorithm specified in PKCS#1.
- *
- * @param this calling object
- * @param data data to process
- * @return processed data
- */
- chunk_t (*rsaep) (private_rsa_public_key_t *this, chunk_t data);
-
- /**
- * @brief Implements the RSASVP1 algorithm specified in PKCS#1.
- *
- * @param this calling object
- * @param data data to process
- * @return processed data
- */
- chunk_t (*rsavp1) (private_rsa_public_key_t *this, chunk_t data);
-};
-
-
-typedef struct rsa_public_key_info_t rsa_public_key_info_t;
-
-/**
- * KeyInfo, as it appears in a public key file
- */
-struct rsa_public_key_info_t {
- /**
- * Algorithm for this key
- */
- chunk_t algorithm_oid;
-
- /**
- * Public key, parseable with rsa_public_key_rules
- */
- chunk_t public_key;
-};
-
-private_rsa_public_key_t *rsa_public_key_create_empty();
-
-/**
- * Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1
- */
-static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
-{
- mpz_t m, c;
- chunk_t encrypted;
-
- mpz_init(c);
- mpz_init(m);
-
- mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
-
- mpz_powm(c, m, this->e, this->n);
-
- encrypted.len = this->k;
- encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
-
- mpz_clear(c);
- mpz_clear(m);
-
- return encrypted;
-}
-
-/**
- * Implementation of rsa_public_key.verify_emsa_pkcs1_signature.
- */
-static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature)
-{
- hasher_t *hasher = NULL;
- chunk_t hash;
- chunk_t em;
- u_int8_t *pos;
-
- if (signature.len > this->k)
- {
- return INVALID_ARG;
- }
-
- /* unpack signature */
- em = this->rsavp1(this, signature);
-
- /* result should look like this:
- * EM = 0x00 || 0x01 || PS || 0x00 || T.
- * PS = 0xFF padding, with length to fill em
- * T = oid || hash
- */
-
- /* check magic bytes */
- if ((*(em.ptr) != 0x00) ||
- (*(em.ptr+1) != 0x01))
- {
- free(em.ptr);
- return FAILED;
- }
-
- /* find magic 0x00 */
- pos = em.ptr + 2;
- while (pos <= em.ptr + em.len)
- {
- if (*pos == 0x00)
- {
- /* found magic byte, stop */
- pos++;
- break;
- }
- else if (*pos != 0xFF)
- {
- /* bad padding, decryption failed ?!*/
- free(em.ptr);
- return FAILED;
- }
- pos++;
- }
-
- if (pos + 20 > em.ptr + em.len)
- {
- /* not enought room for oid compare */
- free(em.ptr);
- return FAILED;
- }
-
- if (memcmp(md2_oid, pos, sizeof(md2_oid)) == 0)
- {
- hasher = hasher_create(HASH_MD2);
- pos += sizeof(md2_oid);
- }
- else if (memcmp(md5_oid, pos, sizeof(md5_oid)) == 0)
- {
- hasher = hasher_create(HASH_MD5);
- pos += sizeof(md5_oid);
- }
- else if (memcmp(sha1_oid, pos, sizeof(sha1_oid)) == 0)
- {
- hasher = hasher_create(HASH_SHA1);
- pos += sizeof(sha1_oid);
- }
- else if (memcmp(sha256_oid, pos, sizeof(sha256_oid)) == 0)
- {
- hasher = hasher_create(HASH_SHA256);
- pos += sizeof(sha256_oid);
- }
- else if (memcmp(sha384_oid, pos, sizeof(sha384_oid)) == 0)
- {
- hasher = hasher_create(HASH_SHA384);
- pos += sizeof(sha384_oid);
- }
- else if (memcmp(sha512_oid, pos, sizeof(sha512_oid)) == 0)
- {
- hasher = hasher_create(HASH_SHA512);
- pos += sizeof(sha512_oid);
- }
-
- if (hasher == NULL)
- {
- /* not supported hash algorithm */
- free(em.ptr);
- return NOT_SUPPORTED;
- }
-
- if (pos + hasher->get_hash_size(hasher) != em.ptr + em.len)
- {
- /* bad length */
- free(em.ptr);
- hasher->destroy(hasher);
- return FAILED;
- }
-
- /* build own hash for a compare */
- hasher->allocate_hash(hasher, data, &hash);
- hasher->destroy(hasher);
-
- if (memcmp(hash.ptr, pos, hash.len) != 0)
- {
- /* hash does not equal */
- free(hash.ptr);
- free(em.ptr);
- return FAILED;
-
- }
-
- /* seems good */
- free(hash.ptr);
- free(em.ptr);
- return SUCCESS;
-}
-
-/**
- * Implementation of rsa_public_key.get_key.
- */
-static status_t get_key(private_rsa_public_key_t *this, chunk_t *key)
-{
- chunk_t n, e;
-
- n.len = this->k;
- n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
- e.len = this->k;
- e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
-
- key->len = this->k * 2;
- key->ptr = malloc(key->len);
- memcpy(key->ptr, n.ptr, n.len);
- memcpy(key->ptr + n.len, e.ptr, e.len);
- free(n.ptr);
- free(e.ptr);
-
- return SUCCESS;
-}
-
-/**
- * Implementation of rsa_public_key.save_key.
- */
-static status_t save_key(private_rsa_public_key_t *this, char *file)
-{
- return NOT_SUPPORTED;
-}
-
-/**
- * Implementation of rsa_public_key.get_modulus.
- */
-static mpz_t *get_modulus(private_rsa_public_key_t *this)
-{
- return &this->n;
-}
-
-/**
- * Implementation of rsa_public_key.clone.
- */
-static rsa_public_key_t* _clone(private_rsa_public_key_t *this)
-{
- private_rsa_public_key_t *clone = rsa_public_key_create_empty();
-
- mpz_init_set(clone->n, this->n);
- mpz_init_set(clone->e, this->e);
- clone->k = this->k;
-
- return &clone->public;
-}
-
-/**
- * Implementation of rsa_public_key.destroy.
- */
-static void destroy(private_rsa_public_key_t *this)
-{
- mpz_clear(this->n);
- mpz_clear(this->e);
- free(this);
-}
-
-/**
- * Generic private constructor
- */
-private_rsa_public_key_t *rsa_public_key_create_empty()
-{
- private_rsa_public_key_t *this = malloc_thing(private_rsa_public_key_t);
-
- /* public functions */
- this->public.verify_emsa_pkcs1_signature = (status_t (*) (rsa_public_key_t*,chunk_t,chunk_t))verify_emsa_pkcs1_signature;
- this->public.get_key = (status_t (*) (rsa_public_key_t*,chunk_t*))get_key;
- this->public.save_key = (status_t (*) (rsa_public_key_t*,char*))save_key;
- this->public.get_modulus = (mpz_t *(*) (rsa_public_key_t*))get_modulus;
- this->public.clone = (rsa_public_key_t* (*) (rsa_public_key_t*))_clone;
- this->public.destroy = (void (*) (rsa_public_key_t*))destroy;
-
- /* private functions */
- this->rsaep = rsaep;
- this->rsavp1 = rsaep; /* same algorithm */
-
- return this;
-}
-
-/*
- * See header
- */
-rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t blob)
-{
- asn1_ctx_t ctx;
- chunk_t object;
- u_int level;
- int objectID = 0;
- private_rsa_public_key_t *this;
-
- this = rsa_public_key_create_empty();
- mpz_init(this->n);
- mpz_init(this->e);
-
- asn1_init(&ctx, blob, 0, FALSE);
-
- while (objectID < PUB_KEY_ROOF)
- {
- if (!extract_object(pubkey_objects, &objectID, &object, &level, &ctx))
- {
- destroy(this);
- return FALSE;
- }
- switch (objectID)
- {
- case PUB_KEY_MODULUS:
- mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
- break;
- case PUB_KEY_EXPONENT:
- mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
- break;
- }
- objectID++;
- }
-
- this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
- return &this->public;
-}
-
-/*
- * See header
- */
-rsa_public_key_t *rsa_public_key_create_from_file(char *filename)
-{
- struct stat stb;
- FILE *file;
- char *buffer;
- chunk_t chunk;
-
- if (stat(filename, &stb) == -1)
- {
- return NULL;
- }
-
- buffer = alloca(stb.st_size);
-
- file = fopen(filename, "r");
- if (file == NULL)
- {
- return NULL;
- }
-
- if (fread(buffer, stb.st_size, 1, file) != 1)
- {
- return NULL;
- }
-
- chunk.ptr = buffer;
- chunk.len = stb.st_size;
-
- return rsa_public_key_create_from_chunk(chunk);
-}
diff --git a/Source/lib/crypto/rsa/rsa_public_key.h b/Source/lib/crypto/rsa/rsa_public_key.h
deleted file mode 100644
index ef79153d6..000000000
--- a/Source/lib/crypto/rsa/rsa_public_key.h
+++ /dev/null
@@ -1,153 +0,0 @@
-/**
- * @file rsa_public_key.h
- *
- * @brief Interface of rsa_public_key_t.
- *
- */
-
-/*
- * Copyright (C) 2005 Jan Hutter, Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef RSA_PUBLIC_KEY_H_
-#define RSA_PUBLIC_KEY_H_
-
-#include <gmp.h>
-
-#include <types.h>
-#include <definitions.h>
-
-
-typedef struct rsa_public_key_t rsa_public_key_t;
-
-/**
- * @brief RSA public key with associated functions.
- *
- * Currently only supports signature verification using
- * the EMSA encoding (see PKCS1)
- *
- * @b Constructors:
- * - rsa_public_key_create_from_chunk()
- * - rsa_public_key_create_from_file()
- * - rsa_private_key_t.get_public_key()
- *
- * @see rsa_private_key_t
- *
- * @todo Implement getkey() and savekey()
- *
- * @ingroup rsa
- */
-struct rsa_public_key_t {
-
- /**
- * @brief Verify a EMSA-PKCS1 encodined signature.
- *
- * Processes the supplied signature with the RSAVP1 function,
- * selects the hash algorithm form the resultign ASN1-OID and
- * verifies the hash against the supplied data.
- *
- * @param this rsa_public_key to use
- * @param data data to sign
- * @param signature signature to verify
- * @return
- * - SUCCESS, if signature ok
- * - INVALID_STATE, if key not set
- * - NOT_SUPPORTED, if hash algorithm not supported
- * - INVALID_ARG, if signature is not a signature
- * - FAILED if signature invalid or unable to verify
- */
- status_t (*verify_emsa_pkcs1_signature) (rsa_public_key_t *this, chunk_t data, chunk_t signature);
-
- /**
- * @brief Gets the key.
- *
- * Currently uses a proprietary format which is only inteded
- * for testing. This should be replaced with a proper
- * ASN1 encoded key format, when charon gets the ASN1
- * capabilities.
- *
- * @param this calling object
- * @param key key (in a propriarity format)
- * @return
- * - SUCCESS
- * - INVALID_STATE, if key not set
- */
- status_t (*get_key) (rsa_public_key_t *this, chunk_t *key);
-
- /**
- * @brief Saves a key to a file.
- *
- * Not implemented!
- *
- * @param this calling object
- * @param file file to which the key should be written.
- * @return NOT_SUPPORTED
- */
- status_t (*save_key) (rsa_public_key_t *this, char *file);
-
- /**
- * @brief Get the modulus of the key.
- *
- * @param this calling object
- * @return modulus (n) of the key
- */
- mpz_t *(*get_modulus) (rsa_public_key_t *this);
-
- /**
- * @brief Clone the public key.
- *
- * @param this public key to clone
- * @return clone of this
- */
- rsa_public_key_t *(*clone) (rsa_public_key_t *this);
-
- /**
- * @brief Destroys the public key.
- *
- * @param this public key to destroy
- */
- void (*destroy) (rsa_public_key_t *this);
-};
-
-/**
- * @brief Load an RSA public key from a chunk.
- *
- * Load a key from a chunk, encoded in the more frequently
- * used PublicKeyInfo struct (ASN1 DER encoded).
- *
- * @param chunk chunk containing the DER encoded key
- * @return loaded rsa_public_key_t, or NULL
- *
- * @todo Check OID in PublicKeyInfo
- *
- * @ingroup rsa
- */
-rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk);
-
-/**
- * @brief Load an RSA public key from a file.
- *
- * Load a key from a file, which is either in binary
- * format (DER), or in PEM format.
- *
- * @param filename filename which holds the key
- * @return loaded rsa_public_key_t, or NULL
- *
- * @todo Implement PEM file loading
- *
- * @ingroup rsa
- */
-rsa_public_key_t *rsa_public_key_create_from_file(char *filename);
-
-#endif /*RSA_PUBLIC_KEY_H_*/