diff options
Diffstat (limited to 'Source')
35 files changed, 1857 insertions, 248 deletions
diff --git a/Source/charon/Makefile b/Source/charon/Makefile index 601d527fd..5154d0207 100644 --- a/Source/charon/Makefile +++ b/Source/charon/Makefile @@ -52,6 +52,7 @@ include $(MAIN_DIR)sa/Makefile.sa include $(MAIN_DIR)threads/Makefile.threads include $(MAIN_DIR)transforms/Makefile.transforms include $(MAIN_DIR)utils/Makefile.utils +include $(MAIN_DIR)asn1/Makefile.asn1 build_dir: diff --git a/Source/charon/asn1/Makefile.asn1 b/Source/charon/asn1/Makefile.asn1 new file mode 100644 index 000000000..4aaedf4fe --- /dev/null +++ b/Source/charon/asn1/Makefile.asn1 @@ -0,0 +1,24 @@ +# Copyright (C) 2005 Jan Hutter, Martin Willi +# Hochschule fuer Technik Rapperswil +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. +# + +ASN1_DIR= $(MAIN_DIR)asn1/ + + +OBJS+= $(BUILD_DIR)asn1.o +$(BUILD_DIR)asn1.o : $(ASN1_DIR)asn1.c $(ASN1_DIR)asn1.h + $(CC) $(CFLAGS) -c -o $@ $< + +OBJS+= $(BUILD_DIR)der_decoder.o +$(BUILD_DIR)der_decoder.o : $(ASN1_DIR)der_decoder.c $(ASN1_DIR)der_decoder.h + $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file diff --git a/Source/charon/asn1/asn1.c b/Source/charon/asn1/asn1.c new file mode 100644 index 000000000..cbd030bb5 --- /dev/null +++ b/Source/charon/asn1/asn1.c @@ -0,0 +1,60 @@ + + + + + + +#include "asn1.h" + + + + + +mapping_t asn1_type_m[] = { + {ASN1_END, "ASN1_END"}, + {ASN1_BOOLEAN, "ASN1_BOOLEAN"}, + {ASN1_INTEGER, "ASN1_INTEGER"}, + {ASN1_BIT_STRING, "ASN1_BIT_STRING"}, + {ASN1_OCTET_STRING, "ASN1_OCTET_STRING"}, + {ASN1_NULL, "ASN1_NULL"}, + {ASN1_OID, "ASN1_OID"}, + {ASN1_ENUMERATED, "ASN1_ENUMERATED"}, + {ASN1_UTF8STRING, "ASN1_UTF8STRING"}, + {ASN1_NUMERICSTRING, "ASN1_NUMERICSTRING"}, + {ASN1_PRINTABLESTRING, "ASN1_PRINTABLESTRING"}, + {ASN1_T61STRING, "ASN1_T61STRING"}, + {ASN1_VIDEOTEXSTRING, "ASN1_VIDEOTEXSTRING"}, + {ASN1_IA5STRING, "ASN1_IA5STRING"}, + {ASN1_UTCTIME, "ASN1_UTCTIME"}, + {ASN1_GENERALIZEDTIME, "ASN1_GENERALIZEDTIME"}, + {ASN1_GRAPHICSTRING, "ASN1_GRAPHICSTRING"}, + {ASN1_VISIBLESTRING, "ASN1_VISIBLESTRING"}, + {ASN1_GENERALSTRING, "ASN1_GENERALSTRING"}, + {ASN1_UNIVERSALSTRING, "ASN1_UNIVERSALSTRING"}, + {ASN1_BMPSTRING, "ASN1_BMPSTRING"}, + {ASN1_CONSTRUCTED, "ASN1_CONSTRUCTED"}, + {ASN1_SEQUENCE, "ASN1_SEQUENCE"}, + {ASN1_SET, "ASN1_SET"}, + {ASN1_TAG_E_0, "ASN1_TAG_E_0"}, + {ASN1_TAG_E_1, "ASN1_TAG_E_1"}, + {ASN1_TAG_E_2, "ASN1_TAG_E_2"}, + {ASN1_TAG_E_3, "ASN1_TAG_E_3"}, + {ASN1_TAG_E_4, "ASN1_TAG_E_4"}, + {ASN1_TAG_E_5, "ASN1_TAG_E_5"}, + {ASN1_TAG_E_6, "ASN1_TAG_E_6"}, + {ASN1_TAG_E_7, "ASN1_TAG_E_7"}, + {ASN1_TAG_I_1, "ASN1_TAG_I_1"}, + {ASN1_TAG_I_2, "ASN1_TAG_I_2"}, + {ASN1_TAG_I_3, "ASN1_TAG_I_3"}, + {ASN1_TAG_I_4, "ASN1_TAG_I_4"}, + {ASN1_TAG_I_5, "ASN1_TAG_I_5"}, + {ASN1_TAG_I_6, "ASN1_TAG_I_6"}, + {ASN1_TAG_I_7, "ASN1_TAG_I_7"}, +}; + +mapping_t asn1_flag_m[] = { + {ASN1_OPTIONAL, "ASN1_OPTIONAL"}, + {ASN1_DEFAULT, "ASN1_DEFAULT"}, + {ASN1_MPZ, "ASN1_MPZ"}, + {ASN1_OF, "ASN1_OF"}, +}; diff --git a/Source/charon/asn1/asn1.h b/Source/charon/asn1/asn1.h new file mode 100644 index 000000000..a828034ee --- /dev/null +++ b/Source/charon/asn1/asn1.h @@ -0,0 +1,116 @@ +/** + * @file asn1.h + * + * @brief Definition of asn1_type_t and asn1_rule_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef ASN1_H_ +#define ASN1_H_ + +#include <types.h> + +typedef enum asn1_type_t asn1_type_t; + +enum asn1_type_t { + ASN1_END = 0x00, + ASN1_BOOLEAN = 0x01, + ASN1_INTEGER = 0x02, + ASN1_BIT_STRING = 0x03, + ASN1_OCTET_STRING = 0x04, + ASN1_NULL = 0x05, + ASN1_OID = 0x06, + ASN1_ENUMERATED = 0x0A, + ASN1_UTF8STRING = 0x0C, + ASN1_NUMERICSTRING = 0x12, + ASN1_PRINTABLESTRING = 0x13, + ASN1_T61STRING = 0x14, + ASN1_VIDEOTEXSTRING = 0x15, + ASN1_IA5STRING = 0x16, + ASN1_UTCTIME = 0x17, + ASN1_GENERALIZEDTIME = 0x18, + ASN1_GRAPHICSTRING = 0x19, + ASN1_VISIBLESTRING = 0x1A, + ASN1_GENERALSTRING = 0x1B, + ASN1_UNIVERSALSTRING = 0x1C, + ASN1_BMPSTRING = 0x1E, + ASN1_CONSTRUCTED = 0x20, + ASN1_SEQUENCE = 0x30, + ASN1_SET = 0x31, + ASN1_TAG_E_0 = 0xA0, + ASN1_TAG_E_1 = 0xA1, + ASN1_TAG_E_2 = 0xA2, + ASN1_TAG_E_3 = 0xA3, + ASN1_TAG_E_4 = 0xA4, + ASN1_TAG_E_5 = 0xA5, + ASN1_TAG_E_6 = 0xA6, + ASN1_TAG_E_7 = 0xA7, + ASN1_TAG_I_1 = 0x81, + ASN1_TAG_I_2 = 0x82, + ASN1_TAG_I_3 = 0x83, + ASN1_TAG_I_4 = 0x84, + ASN1_TAG_I_5 = 0x85, + ASN1_TAG_I_6 = 0x86, + ASN1_TAG_I_7 = 0x87, +}; + +extern mapping_t asn1_type_m[]; + +typedef enum asn1_flag_t asn1_flag_t; + +enum asn1_flag_t { + ASN1_OPTIONAL = 0x01, + ASN1_DEFAULT = 0x02, + ASN1_MPZ = 0x04, + ASN1_OF = 0x08, +}; + +extern mapping_t asn1_flag_m[]; + + +typedef struct asn1_rule_t asn1_rule_t; + +struct asn1_rule_t { + /** + * ASN1 type + */ + asn1_type_t type; + /** + * implicit or explicit tag, if any + */ + asn1_flag_t flags; + /** + * offset of data in structure + */ + u_int data_offset; +// union { + /** + * offset to a boolean, which says if optional + * data is available at data_offset. Used if + * flags & ASN1_OPTIONAL. + */ +// u_int available_offset; + /** + * default value, used if flags & ASN1_DEFAULT + */ + u_int default_value; +// }; +}; + + +#endif /* ASN1_H_ */ diff --git a/Source/charon/asn1/der_decoder.c b/Source/charon/asn1/der_decoder.c new file mode 100644 index 000000000..59ea4b077 --- /dev/null +++ b/Source/charon/asn1/der_decoder.c @@ -0,0 +1,218 @@ +/** + * @file der_decoder.c + * + * @brief Implementation of der_decoder_t. + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <gmp.h> + +#include "der_decoder.h" + +#include <utils/allocator.h> +#include <daemon.h> + + + +typedef struct private_der_decoder_t private_der_decoder_t; + +/** + * Private data of a der_decoder_t object. + */ +struct private_der_decoder_t { + /** + * Public interface for this signer. + */ + der_decoder_t public; + + asn1_rule_t *rule; + + asn1_rule_t *first_rule; + + void *output; + + logger_t *logger; +}; + +status_t read_hdr(private_der_decoder_t *this, chunk_t *data); + +status_t read_sequence(private_der_decoder_t *this, chunk_t data) +{ + while (this->rule->type != ASN1_END) + { + read_hdr(this, &data); + } + return SUCCESS; +} + + +status_t read_int(private_der_decoder_t *this, chunk_t data) +{ + this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER", data); + u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset); + + *integ = 0; + while (data.len-- > 0) + { + *integ = 256 * (*integ) + *data.ptr++; + } + return SUCCESS; +} + +status_t read_mpz(private_der_decoder_t *this, chunk_t data) +{ + this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER as mpz", data); + mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset); + + mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr); + return SUCCESS; +} + +u_int32_t read_length(chunk_t *data) +{ + u_int8_t n; + size_t len; + + /* read first octet of length field */ + n = *data->ptr++; + + if ((n & 0x80) == 0) + { + /* single length octet */ + return n; + } + + /* composite length, determine number of length octets */ + n &= 0x7f; + + if (n > data->len) + { + /* length longer than available bytes */ + return -1; + } + + if (n > sizeof(len)) + { + /* larger than size_t can hold */ + return -1; + } + + len = 0; + while (n-- > 0) + { + len = 256 * len + *data->ptr++; + } + return len; +} + +status_t read_hdr(private_der_decoder_t *this, chunk_t *data) +{ + chunk_t inner; + + /* advance to the next rule */ + this->rule++; + + if (this->rule->type == ASN1_END) + { + return SUCCESS; + } + + this->logger->log(this->logger, CONTROL|LEVEL2, "reading header of rule %s", + mapping_find(asn1_type_m, this->rule->type)); + + this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "reading from:", *data); + + /* read type, advance in data */ + if (*(data->ptr) != this->rule->type) + { + this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found (%x)", *data->ptr); + return PARSE_ERROR; + } + data->ptr++; + data->len--; + + /* read length, advance in data */ + inner.len = read_length(data); + if (inner.len == -1) + { + this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length"); + return PARSE_ERROR; + } + this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d", + inner.len); + inner.ptr = data->ptr; + + /* advance in data */ + data->ptr += inner.len; + data->len -= inner.len; + + /* process inner */ + switch (this->rule->type) + { + case ASN1_INTEGER: + if (this->rule->flags & ASN1_MPZ) + { + read_mpz(this, inner); + } + else + { + read_int(this, inner); + } + break; + case ASN1_SEQUENCE: + read_sequence(this, inner); + break; + default: + break; + } + + return SUCCESS; +} + + + +status_t decode(private_der_decoder_t *this, chunk_t input, void *output) +{ + this->rule = this->first_rule - 1; + this->output = output; + return read_hdr(this, &input); +} + +/** + * Implementation of der_decoder.destroy. + */ +static void destroy(private_der_decoder_t *this) +{ + allocator_free(this); +} + +/* + * Described in header. + */ +der_decoder_t *der_decoder_create(asn1_rule_t *rules) +{ + private_der_decoder_t *this = allocator_alloc_thing(private_der_decoder_t); + + /* public functions */ + this->public.decode = (status_t (*) (der_decoder_t*,chunk_t,void*))decode; + this->public.destroy = (void (*) (der_decoder_t*))destroy; + + this->first_rule = rules; + this->logger = charon->logger_manager->get_logger(charon->logger_manager, DER_DECODER); + + return &(this->public); +} diff --git a/Source/charon/asn1/der_decoder.h b/Source/charon/asn1/der_decoder.h new file mode 100644 index 000000000..d6ccaf4cc --- /dev/null +++ b/Source/charon/asn1/der_decoder.h @@ -0,0 +1,61 @@ +/** + * @file der_decoder.h + * + * @brief Interface of der_decoder_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef DER_DECODER_H_ +#define DER_DECODER_H_ + +#include <types.h> +#include <asn1/asn1.h> + +typedef struct der_decoder_t der_decoder_t; + +/** + * @brief Decode der_encoded bytes to usable structures. + * + * @b Constructors: + * - der_decoder_create() + * + * @ingroup asn1 + */ +struct der_decoder_t { + + status_t (*decode) (der_decoder_t *this, chunk_t input, void *output); + + /** + * @brief Destroys a der_decoder object. + * + * @param der_decoder calling object + */ + void (*destroy) (der_decoder_t *this); +}; + + +/** + * @brief Create a der_decoder instance. + * + * @return der_decoder_t object + * + * @ingroup ans1 + */ +der_decoder_t * der_decoder_create(asn1_rule_t* rules); + +#endif /* DER_DECODER_H_ */ diff --git a/Source/charon/asn1/der_encoder.c b/Source/charon/asn1/der_encoder.c new file mode 100644 index 000000000..669a140ed --- /dev/null +++ b/Source/charon/asn1/der_encoder.c @@ -0,0 +1,218 @@ +/** + * @file der_encoder.c + * + * @brief Implementation of der_encoder_t. + */ + +/* + * Copyright (C) 2005 Jan Hutter, Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <gmp.h> + +#include "der_encoder.h" + +#include <utils/allocator.h> +#include <daemon.h> + + + +typedef struct private_der_encoder_t private_der_encoder_t; + +/** + * Private data of a der_encoder_t object. + */ +struct private_der_encoder_t { + /** + * Public interface for this signer. + */ + der_encoder_t public; + + asn1_rule_t *rule; + + asn1_rule_t *first_rule; + + void *output; + + logger_t *logger; +}; + +status_t read_hdr(private_der_encoder_t *this, chunk_t *data); + +status_t read_sequence(private_der_encoder_t *this, chunk_t data) +{ + while (this->rule->type != ASN1_END) + { + read_hdr(this, &data); + } + return SUCCESS; +} + + +status_t read_int(private_der_encoder_t *this, chunk_t data) +{ + this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER", data); + u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset); + + *integ = 0; + while (data.len-- > 0) + { + *integ = 256 * (*integ) + *data.ptr++; + } + return SUCCESS; +} + +status_t read_mpz(private_der_encoder_t *this, chunk_t data) +{ + this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER as mpz", data); + mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset); + + mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr); + return SUCCESS; +} + +u_int32_t read_length(chunk_t *data) +{ + u_int8_t n; + size_t len; + + /* read first octet of length field */ + n = *data->ptr++; + + if ((n & 0x80) == 0) + { + /* single length octet */ + return n; + } + + /* composite length, determine number of length octets */ + n &= 0x7f; + + if (n > data->len) + { + /* length longer than available bytes */ + return -1; + } + + if (n > sizeof(len)) + { + /* larger than size_t can hold */ + return -1; + } + + len = 0; + while (n-- > 0) + { + len = 256 * len + *data->ptr++; + } + return len; +} + +status_t read_hdr(private_der_encoder_t *this, chunk_t *data) +{ + chunk_t inner; + + /* advance to the next rule */ + this->rule++; + + if (this->rule->type == ASN1_END) + { + return SUCCESS; + } + + this->logger->log(this->logger, CONTROL|LEVEL2, "reading header of rule %s", + mapping_find(asn1_type_m, this->rule->type)); + + this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "reading from:", *data); + + /* read type, advance in data */ + if (*(data->ptr) != this->rule->type) + { + this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found (%x)", *data->ptr); + return PARSE_ERROR; + } + data->ptr++; + data->len--; + + /* read length, advance in data */ + inner.len = read_length(data); + if (inner.len == -1) + { + this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length"); + return PARSE_ERROR; + } + this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d", + inner.len); + inner.ptr = data->ptr; + + /* advance in data */ + data->ptr += inner.len; + data->len -= inner.len; + + /* process inner */ + switch (this->rule->type) + { + case ASN1_INTEGER: + if (this->rule->flags & ASN1_MPZ) + { + read_mpz(this, inner); + } + else + { + read_int(this, inner); + } + break; + case ASN1_SEQUENCE: + read_sequence(this, inner); + break; + default: + break; + } + + return SUCCESS; +} + + + +status_t decode(private_der_encoder_t *this, chunk_t input, void *output) +{ + this->rule = this->first_rule - 1; + this->output = output; + return read_hdr(this, &input); +} + +/** + * Implementation of der_encoder.destroy. + */ +static void destroy(private_der_encoder_t *this) +{ + allocator_free(this); +} + +/* + * Described in header. + */ +der_encoder_t *der_encoder_create(asn1_rule_t *rules) +{ + private_der_encoder_t *this = allocator_alloc_thing(private_der_encoder_t); + + /* public functions */ + this->public.decode = (status_t (*) (der_encoder_t*,chunk_t,void*))decode; + this->public.destroy = (void (*) (der_encoder_t*))destroy; + + this->first_rule = rules; + this->logger = charon->logger_manager->get_logger(charon->logger_manager, DER_DECODER); + + return &(this->public); +} diff --git a/Source/charon/asn1/der_encoder.h b/Source/charon/asn1/der_encoder.h new file mode 100644 index 000000000..ee4443eb8 --- /dev/null +++ b/Source/charon/asn1/der_encoder.h @@ -0,0 +1,60 @@ +/** + * @file der_encoder.h + * + * @brief Interface of der_encoder_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef DER_ENCODER_H_ +#define DER_ENCODER_H_ + +#include <types.h> + +typedef struct der_encoder_t der_encoder_t; + +/** + * @brief Decode der_encoded bytes to usable structures. + * + * @b Constructors: + * - der_encoder_create() + * + * @ingroup asn1 + */ +struct der_encoder_t { + + status_t encode(der_encoder_t *this, void *input, chunk_t output); + + /** + * @brief Destroys a der_encoder object. + * + * @param der_encoder calling object + */ + void (*destroy) (der_encoder_t *this); +}; + + +/** + * @brief Create a der_encoder instance. + * + * @return der_encoder_t object + * + * @ingroup ans1 + */ +der_encoder_t * der_encoder_create(asn1_rule_t *rules); + +#endif /* DER_ENCODER_H_ */ diff --git a/Source/charon/sa/authenticator.c b/Source/charon/sa/authenticator.c index 92dee5c62..2ec1733e1 100644 --- a/Source/charon/sa/authenticator.c +++ b/Source/charon/sa/authenticator.c @@ -388,7 +388,7 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa) /* private data */ this->ike_sa = ike_sa; this->prf = this->ike_sa->get_prf(this->ike_sa); - this->logger = this->ike_sa->get_logger(this->ike_sa); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA); return &(this->public); } diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c index 622ea3402..cbdd22a84 100644 --- a/Source/charon/sa/ike_sa.c +++ b/Source/charon/sa/ike_sa.c @@ -412,14 +412,6 @@ static void set_new_state (private_ike_sa_t *this, state_t *state) } /** - * Implementation of protected_ike_sa_t.get_logger. - */ -static logger_t *get_logger (private_ike_sa_t *this) -{ - return this->logger; -} - -/** * Implementation of protected_ike_sa_t.get_connection. */ static connection_t *get_connection (private_ike_sa_t *this) @@ -1050,7 +1042,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id) this->protected.get_prf_auth_i = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_i; this->protected.get_prf_auth_r = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_r; this->protected.add_child_sa = (void (*) (protected_ike_sa_t*,child_sa_t*)) add_child_sa; - this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger; this->protected.set_connection = (void (*) (protected_ike_sa_t *,connection_t *)) set_connection; this->protected.get_connection = (connection_t *(*) (protected_ike_sa_t *)) get_connection; this->protected.set_policy = (void (*) (protected_ike_sa_t *,policy_t *)) set_policy; diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h index 2bf697889..0a2661541 100644 --- a/Source/charon/sa/ike_sa.h +++ b/Source/charon/sa/ike_sa.h @@ -171,16 +171,6 @@ struct protected_ike_sa_t { void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message); /** - * @brief Get the internal stored logger_t object for given ike_sa_t object. - * - * @warning Returned logger_t object is original one and managed by this object. - * - * @param this calling object - * @return pointer to the internal stored logger_t object - */ - logger_t *(*get_logger) (protected_ike_sa_t *this); - - /** * @brief Get the internal stored connection_t object. * * @param this calling object diff --git a/Source/charon/sa/states/ike_auth_requested.c b/Source/charon/sa/states/ike_auth_requested.c index eecfaab1e..16eea7b03 100644 --- a/Source/charon/sa/states/ike_auth_requested.c +++ b/Source/charon/sa/states/ike_auth_requested.c @@ -660,7 +660,7 @@ ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa,chunk this->received_nonce = received_nonce; this->sent_nonce = sent_nonce; this->ike_sa_init_reply_data = ike_sa_init_reply_data; - this->logger = this->ike_sa->get_logger(this->ike_sa); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA); this->my_ts = NULL; this->other_ts = NULL; this->proposal = NULL; diff --git a/Source/charon/sa/states/ike_sa_established.c b/Source/charon/sa/states/ike_sa_established.c index 37b69c29c..f96734423 100644 --- a/Source/charon/sa/states/ike_sa_established.c +++ b/Source/charon/sa/states/ike_sa_established.c @@ -22,6 +22,7 @@ #include "ike_sa_established.h" +#include <daemon.h> #include <utils/allocator.h> #include <encoding/payloads/delete_payload.h> @@ -233,7 +234,7 @@ ike_sa_established_t *ike_sa_established_create(protected_ike_sa_t *ike_sa) /* private data */ this->ike_sa = ike_sa; - this->logger = ike_sa->get_logger(ike_sa); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA); return &(this->public); } diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c index 904dadf05..a5b7fbcbd 100644 --- a/Source/charon/sa/states/ike_sa_init_requested.c +++ b/Source/charon/sa/states/ike_sa_init_requested.c @@ -748,7 +748,7 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa /* private data */ this->ike_sa = ike_sa; this->received_nonce = CHUNK_INITIALIZER; - this->logger = this->ike_sa->get_logger(this->ike_sa); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA); this->diffie_hellman = diffie_hellman; this->proposal = NULL; this->sent_nonce = sent_nonce; diff --git a/Source/charon/sa/states/ike_sa_init_responded.c b/Source/charon/sa/states/ike_sa_init_responded.c index da3b68ce6..eef8ea3c4 100644 --- a/Source/charon/sa/states/ike_sa_init_responded.c +++ b/Source/charon/sa/states/ike_sa_init_responded.c @@ -696,7 +696,7 @@ ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa this->my_ts = NULL; this->other_ts = NULL; this->child_sa = NULL; - this->logger = this->ike_sa->get_logger(this->ike_sa); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA); return &(this->public); } diff --git a/Source/charon/sa/states/initiator_init.c b/Source/charon/sa/states/initiator_init.c index e23cd7a44..18ffe0e0a 100644 --- a/Source/charon/sa/states/initiator_init.c +++ b/Source/charon/sa/states/initiator_init.c @@ -342,7 +342,7 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa) /* private data */ this->ike_sa = ike_sa; - this->logger = this->ike_sa->get_logger(this->ike_sa); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA); this->sent_nonce = CHUNK_INITIALIZER; this->diffie_hellman = NULL; diff --git a/Source/charon/sa/states/responder_init.c b/Source/charon/sa/states/responder_init.c index a1d951b5f..2710080a0 100644 --- a/Source/charon/sa/states/responder_init.c +++ b/Source/charon/sa/states/responder_init.c @@ -553,7 +553,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa) /* private data */ this->ike_sa = ike_sa; - this->logger = this->ike_sa->get_logger(this->ike_sa); + this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA); this->sent_nonce = CHUNK_INITIALIZER; this->received_nonce = CHUNK_INITIALIZER; this->dh_group_number = MODP_UNDEFINED; diff --git a/Source/charon/testcases/Makefile.testcases b/Source/charon/testcases/Makefile.testcases index 366bf744f..c3fe498d8 100644 --- a/Source/charon/testcases/Makefile.testcases +++ b/Source/charon/testcases/Makefile.testcases @@ -131,4 +131,8 @@ $(BUILD_DIR)kernel_interface_test.o : $(TESTCASES_DIR)kernel_interface_test.c $( TEST_OBJS+= $(BUILD_DIR)child_sa_test.o $(BUILD_DIR)child_sa_test.o : $(TESTCASES_DIR)child_sa_test.c $(TESTCASES_DIR)child_sa_test.h $(CC) $(CFLAGS) -c -o $@ $< + +TEST_OBJS+= $(BUILD_DIR)der_decoder_test.o +$(BUILD_DIR)der_decoder_test.o : $(TESTCASES_DIR)der_decoder_test.c $(TESTCASES_DIR)der_decoder_test.h + $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file diff --git a/Source/charon/testcases/child_sa_test.c b/Source/charon/testcases/child_sa_test.c index 09b49b78a..0a3aec9f2 100644 --- a/Source/charon/testcases/child_sa_test.c +++ b/Source/charon/testcases/child_sa_test.c @@ -54,10 +54,10 @@ void test_child_sa(protected_tester_t *tester) remote_sa = child_sa_create(remote_me, remote_other); proposal1 = proposal_create(1); - proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); proposal2 = proposal_create(2); - proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); + proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0); list = linked_list_create(); list->insert_last(list, proposal1); diff --git a/Source/charon/testcases/connection_test.c b/Source/charon/testcases/connection_test.c index 204534b24..ae8ed3c04 100644 --- a/Source/charon/testcases/connection_test.c +++ b/Source/charon/testcases/connection_test.c @@ -41,28 +41,28 @@ void test_connection(protected_tester_t *tester) linked_list_t *list; prop1 = proposal_create(1); - prop1->add_algorithm(prop1, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20); - prop1->add_algorithm(prop1, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); - prop1->add_algorithm(prop1, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 20); - prop1->add_algorithm(prop1, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + prop1->add_algorithm(prop1, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20); + prop1->add_algorithm(prop1, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + prop1->add_algorithm(prop1, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 20); + prop1->add_algorithm(prop1, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); prop2 = proposal_create(2); - prop2->add_algorithm(prop2, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20); - prop2->add_algorithm(prop2, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); - prop2->add_algorithm(prop2, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20); - prop2->add_algorithm(prop2, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + prop2->add_algorithm(prop2, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20); + prop2->add_algorithm(prop2, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + prop2->add_algorithm(prop2, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20); + prop2->add_algorithm(prop2, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); prop3 = proposal_create(3); - prop3->add_algorithm(prop3, IKE, ENCRYPTION_ALGORITHM, ENCR_DES, 20); - prop3->add_algorithm(prop3, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); - prop3->add_algorithm(prop3, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20); - prop3->add_algorithm(prop3, IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0); + prop3->add_algorithm(prop3, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_DES, 20); + prop3->add_algorithm(prop3, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + prop3->add_algorithm(prop3, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20); + prop3->add_algorithm(prop3, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0); prop4 = proposal_create(4); - prop4->add_algorithm(prop4, IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 20); - prop4->add_algorithm(prop4, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); - prop4->add_algorithm(prop4, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_TIGER, 20); - prop4->add_algorithm(prop4, IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0); + prop4->add_algorithm(prop4, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 20); + prop4->add_algorithm(prop4, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + prop4->add_algorithm(prop4, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_TIGER, 20); + prop4->add_algorithm(prop4, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0); connection->add_proposal(connection, prop1); connection->add_proposal(connection, prop2); diff --git a/Source/charon/testcases/der_decoder_test.c b/Source/charon/testcases/der_decoder_test.c new file mode 100644 index 000000000..c5683fae8 --- /dev/null +++ b/Source/charon/testcases/der_decoder_test.c @@ -0,0 +1,140 @@ +/** + * @file der_decoder_test.c + * + * @brief Tests for the der_decoder_t class. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "der_decoder_test.h" + +#include <daemon.h> +#include <asn1/der_decoder.h> +#include <utils/allocator.h> +#include <utils/logger.h> + + + +static char private_key_buffer[] = { + 0x30,0x82,0x04,0xa2,0x02,0x00,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2, + 0x43,0x5b,0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4, + 0xd7,0xbb,0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88, + 0x5b,0x02,0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7, + 0x39,0xc1,0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1, + 0x9b,0x92,0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1, + 0x2d,0x5b,0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c, + 0x51,0xfb,0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb, + 0x6b,0x91,0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b, + 0x99,0xfb,0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8, + 0x10,0x1b,0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61, + 0xac,0xed,0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71, + 0xb0,0x37,0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe, + 0x31,0x96,0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05, + 0xce,0x7d,0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf, + 0x6e,0xc4,0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7, + 0x40,0x25,0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01, + 0x02,0x82,0x01,0x00,0x12,0x42,0x38,0x58,0x21,0xfc,0x51,0x34,0xa0,0x8b,0x4f,0x58, + 0x28,0x2c,0x7a,0x14,0xd8,0x98,0xfb,0xee,0x5b,0x85,0x69,0x0e,0x63,0x83,0x16,0xd9, + 0xc9,0x5f,0xcc,0x12,0x5d,0xa5,0x15,0x41,0xd6,0xb8,0x0c,0x6b,0xda,0x67,0x3a,0x83, + 0x09,0xf3,0xb8,0x89,0xd4,0x1d,0xc7,0x99,0x8f,0x23,0x59,0xe3,0x78,0x2b,0x41,0x8b, + 0xab,0x78,0x2c,0x7e,0x3b,0xbb,0xe0,0xf4,0x96,0xa8,0xd3,0x1d,0xc6,0xea,0x67,0x91, + 0x2c,0x30,0x1c,0xe9,0x4f,0xb8,0xa2,0xc3,0x5d,0x2c,0xf9,0x99,0x1c,0x6c,0xee,0xd7, + 0x16,0x28,0x3c,0x5a,0x32,0x35,0xb8,0x3a,0xf3,0xa7,0xa6,0x35,0x02,0xba,0xbf,0x67, + 0xab,0x44,0xe1,0x09,0x9b,0x48,0x5d,0xa5,0x9e,0xf4,0xb7,0xf4,0xd1,0xfc,0x68,0x9e, + 0x98,0x26,0x69,0x28,0xcc,0x19,0x75,0xf2,0x61,0x0e,0x23,0xeb,0xf9,0x6d,0x2c,0x2b, + 0x01,0x3f,0x4d,0x18,0x41,0xc5,0x31,0x9d,0x1c,0x20,0x81,0x4e,0x38,0x92,0xd5,0xbb, + 0xd7,0xe7,0x49,0x0c,0x3a,0xf3,0x8f,0x9e,0xf0,0xb3,0x32,0x1e,0xa7,0x77,0xe8,0x9c, + 0xf3,0xce,0x88,0x66,0xcc,0xe8,0x16,0xbb,0xfd,0xbc,0x62,0xc7,0xc3,0xeb,0x0a,0xf5, + 0xd8,0x53,0x02,0x6c,0x45,0xcb,0x1d,0xa3,0x96,0xfb,0xa5,0x26,0x18,0x7f,0x04,0x9f, + 0x80,0x4a,0xdb,0x3b,0x74,0xcf,0x0d,0x45,0xf4,0xd5,0x49,0xe9,0x27,0x54,0x9c,0x57, + 0x92,0x48,0x78,0x52,0xb6,0x40,0x89,0x3f,0xf3,0x95,0x06,0x3d,0x90,0xab,0xa0,0x8a, + 0xc7,0x54,0xf1,0x63,0xcf,0xa6,0xd2,0x83,0x1e,0x69,0x54,0xe0,0x77,0x2c,0x9e,0x3a, + 0x4f,0xdd,0x14,0x6d,0x02,0x81,0x81,0x00,0xd9,0x40,0x76,0x90,0x7c,0xe7,0x3b,0xa3, + 0x59,0x23,0x14,0x6b,0xf3,0x5f,0x6e,0x6b,0x82,0x34,0xf6,0xbd,0x3e,0xfb,0x65,0xac, + 0x2f,0x46,0xd5,0x6e,0x9b,0xb8,0x62,0x80,0xc3,0x0c,0xa9,0xa6,0x00,0xd6,0xb8,0x1c, + 0x12,0x8d,0x4d,0xd0,0x64,0x29,0x4c,0xac,0x38,0xe8,0x6c,0xe4,0x82,0x02,0x4e,0x10, + 0xd5,0x39,0x19,0x29,0x0c,0x58,0x3f,0x68,0xa0,0x11,0x0e,0x11,0x74,0x22,0x2b,0x7e, + 0xc2,0xa7,0x88,0xe3,0x33,0xe8,0xb4,0x50,0x6e,0x0c,0x54,0xc5,0x3f,0xb7,0x16,0xcb, + 0x39,0xed,0x23,0xd0,0x66,0x26,0x57,0xf9,0xcb,0xc9,0xac,0xe2,0xa4,0xb8,0xba,0xd8, + 0xd2,0x1f,0x4a,0xed,0x73,0x89,0xda,0x42,0x27,0x5a,0x26,0x30,0x33,0xc8,0x42,0x2a, + 0x3d,0xc5,0xf3,0xc2,0x29,0x3d,0x58,0x67,0x02,0x81,0x81,0x00,0xb6,0xd4,0x61,0x05, + 0x49,0xcb,0xf4,0x29,0x8a,0x22,0xd3,0xa3,0x7c,0x9c,0xd2,0x07,0xa4,0x66,0xe4,0x36, + 0xfa,0x5e,0xf6,0x64,0xb7,0x59,0x74,0x2f,0x36,0x6d,0x12,0xd0,0xc9,0x4d,0xf8,0xd1, + 0xba,0xd1,0xee,0xd2,0x78,0xcd,0x51,0x69,0x33,0x6a,0x03,0xff,0xc2,0x35,0x1d,0x0d, + 0x9c,0x0a,0x87,0x5e,0x09,0xa3,0x23,0x4c,0xab,0xc3,0x4c,0x4a,0x1c,0xa4,0xc5,0xe2, + 0x70,0x42,0x1c,0xcf,0xea,0x79,0xfb,0xb9,0x87,0x67,0x4d,0xc3,0xfc,0xcc,0x86,0x9d, + 0xfa,0xea,0x99,0xa5,0x1b,0xc1,0x96,0xf4,0x79,0x4d,0x66,0x12,0x8f,0x90,0x98,0xb4, + 0xa1,0x3b,0xd6,0x2f,0x64,0xb4,0x5f,0x8f,0x47,0x7f,0x43,0xa5,0x6d,0xeb,0x06,0x58, + 0xfb,0x04,0x9e,0xef,0xaf,0x88,0x35,0x88,0xa1,0x15,0x30,0x97,0x02,0x81,0x80,0x59, + 0xbe,0xe0,0x7b,0xc5,0xad,0x3c,0x1c,0xb9,0x98,0xdd,0x39,0xce,0xfa,0xd0,0x41,0x87, + 0x33,0x5b,0xee,0x47,0x93,0x50,0xa7,0xf5,0x8b,0xbc,0x65,0x89,0xdc,0x7c,0x8c,0x96, + 0x86,0xa7,0x9a,0x54,0xe4,0x5e,0x7f,0xf2,0x45,0xff,0x2c,0x24,0x04,0x4f,0x91,0x21, + 0x9d,0x1a,0x46,0xb7,0x52,0x3e,0x6f,0x83,0xb5,0xa7,0xa8,0x26,0x5a,0x5a,0x2f,0x5d, + 0x58,0x4e,0x48,0x75,0x82,0x1c,0x17,0xac,0x4f,0xcb,0x23,0x98,0x70,0xfb,0xf3,0xf1, + 0xd2,0x14,0x3e,0xbb,0x98,0x65,0xc9,0x24,0x2f,0xcb,0x48,0xae,0xba,0x0e,0x43,0xb9, + 0xa4,0xa1,0x4f,0xab,0x1e,0x48,0xc9,0x82,0xdb,0xbc,0x77,0x24,0xf0,0x80,0x82,0x2d, + 0x81,0x77,0x1f,0x18,0x75,0x14,0xa8,0x20,0x86,0xa2,0xb0,0xc5,0x9a,0x7a,0xe7,0x02, + 0x81,0x80,0x1b,0x6d,0xb1,0x40,0x81,0xd9,0xbf,0x3f,0x9c,0x21,0xad,0x6e,0x91,0x7b, + 0x55,0x67,0x20,0x1a,0xef,0x91,0xef,0xed,0xdf,0x39,0x2c,0xe8,0x96,0xad,0x9e,0x94, + 0xae,0x85,0xf4,0x2d,0x66,0x6e,0xd0,0x80,0x3e,0x3c,0x05,0x33,0x88,0x4b,0x28,0x13, + 0x77,0x96,0x1f,0x24,0xa8,0xbf,0x29,0xf1,0xca,0x6d,0x29,0x34,0xf8,0x4e,0xc0,0x56, + 0x04,0x53,0xfa,0x08,0x1e,0x47,0xe2,0x5f,0x88,0xc3,0x08,0x82,0x54,0x69,0x79,0x0e, + 0xde,0x73,0xd0,0xb1,0x3e,0x60,0xe5,0x0b,0xdd,0x11,0x10,0x20,0xf2,0xec,0xaa,0x66, + 0x1a,0x32,0x1e,0xa7,0xaa,0xc1,0x2e,0x8f,0x33,0x8a,0xd8,0xa8,0xd6,0xcd,0x40,0x04, + 0xaf,0xb9,0x59,0xcc,0x30,0x9f,0x98,0xc9,0x10,0xaf,0x14,0xbe,0x72,0x89,0x94,0xe1, + 0x00,0xf1,0x02,0x81,0x81,0x00,0xd6,0xac,0x26,0xd2,0x42,0x5b,0x16,0xa9,0x39,0x02, + 0x63,0x76,0xa4,0xf5,0x40,0x3a,0xde,0xfa,0xea,0xd8,0xd3,0x12,0xee,0x44,0x00,0xfe, + 0xcb,0xa1,0x78,0x18,0xaa,0xa7,0x08,0xea,0x5e,0x36,0x52,0x28,0x0d,0x02,0x5a,0x9e, + 0x2d,0xc1,0x22,0x29,0x08,0x4f,0xed,0xff,0xa9,0xa6,0x08,0x8d,0x77,0xa4,0x5c,0xae, + 0xa7,0x8a,0x19,0x90,0xc2,0x12,0xc8,0x0f,0xb8,0x24,0xb5,0xba,0x45,0x2f,0xa6,0xc2, + 0x10,0x4c,0x0d,0x7e,0xf2,0xfd,0x11,0x26,0x16,0x34,0xbe,0x08,0x25,0x41,0x8b,0xcc, + 0x60,0xe7,0x02,0x3e,0x6a,0x54,0x05,0x80,0x66,0x2d,0x55,0x06,0xe6,0xbe,0x9b,0x15, + 0x9d,0xd3,0x5d,0xc4,0x6b,0x3f,0x74,0xa6,0x24,0xbc,0x7f,0x13,0xdf,0xe3,0x51,0x86, + 0x64,0x0f,0x1d,0x1f,0xf2,0x1e, +}; + +asn1_rule_t private_key_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_INTEGER, 0, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, 0, 0}, + {ASN1_END, 0, 0, 0}, +}; + +/** + * Described in header. + */ +void test_der_decoder(protected_tester_t *tester) +{ + chunk_t private_key = {private_key_buffer, sizeof(private_key_buffer)}; + + der_decoder_t *dd = der_decoder_create(private_key_rules); + + dd->decode(dd, private_key, NULL); + + dd->destroy(dd); + +} + + + diff --git a/Source/charon/testcases/der_decoder_test.h b/Source/charon/testcases/der_decoder_test.h new file mode 100644 index 000000000..e7a7b7b62 --- /dev/null +++ b/Source/charon/testcases/der_decoder_test.h @@ -0,0 +1,42 @@ +/** + * @file der_decoder_test.h + * + * @brief Tests for the der_decoder_t class. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + + +#ifndef DER_DECODER_TEST_H_ +#define DER_DECODER_TEST_H_ + +#include <utils/tester.h> + +/** + * @brief Test function used to test the der_decoder_t functionality. + * + * @param tester associated protected_tester_t object + * + * @ingroup testcases + */ +void test_der_decoder(protected_tester_t *tester); + +#endif /* DER_DECODER_TEST_H_ */ + + + + diff --git a/Source/charon/testcases/generator_test.c b/Source/charon/testcases/generator_test.c index df999ccc9..c611a3e6c 100644 --- a/Source/charon/testcases/generator_test.c +++ b/Source/charon/testcases/generator_test.c @@ -570,16 +570,16 @@ void test_generator_with_sa_payload(protected_tester_t *tester) proposal1 = proposal_create(1); - proposal1->add_algorithm(proposal1, IKE, ENCRYPTION_ALGORITHM, 1, 20); - proposal1->add_algorithm(proposal1, IKE, PSEUDO_RANDOM_FUNCTION, 2, 22); - proposal1->add_algorithm(proposal1, IKE, INTEGRITY_ALGORITHM, 3, 24); - proposal1->add_algorithm(proposal1, IKE, DIFFIE_HELLMAN_GROUP, 4, 0); + proposal1->add_algorithm(proposal1, PROTO_IKE, ENCRYPTION_ALGORITHM, 1, 20); + proposal1->add_algorithm(proposal1, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, 2, 22); + proposal1->add_algorithm(proposal1, PROTO_IKE, INTEGRITY_ALGORITHM, 3, 24); + proposal1->add_algorithm(proposal1, PROTO_IKE, DIFFIE_HELLMAN_GROUP, 4, 0); proposal2 = proposal_create(2); - proposal2->add_algorithm(proposal2, IKE, ENCRYPTION_ALGORITHM, 5, 26); - proposal2->add_algorithm(proposal2, IKE, PSEUDO_RANDOM_FUNCTION, 6, 28); - proposal2->add_algorithm(proposal2, IKE, INTEGRITY_ALGORITHM, 7, 30); - proposal2->add_algorithm(proposal2, IKE, DIFFIE_HELLMAN_GROUP, 8, 0); + proposal2->add_algorithm(proposal2, PROTO_IKE, ENCRYPTION_ALGORITHM, 5, 26); + proposal2->add_algorithm(proposal2, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, 6, 28); + proposal2->add_algorithm(proposal2, PROTO_IKE, INTEGRITY_ALGORITHM, 7, 30); + proposal2->add_algorithm(proposal2, PROTO_IKE, DIFFIE_HELLMAN_GROUP, 8, 0); list = linked_list_create(); list->insert_last(list, (void*)proposal1); @@ -643,25 +643,25 @@ void test_generator_with_sa_payload(protected_tester_t *tester) proposal1 = proposal_create(1); - proposal1->add_algorithm(proposal1, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); - proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); - proposal1->add_algorithm(proposal1, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0); - proposal1->set_spi(proposal1, AH, 0x01010101l); + proposal1->add_algorithm(proposal1, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + proposal1->add_algorithm(proposal1, PROTO_AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0); + proposal1->set_spi(proposal1, PROTO_AH, 0x01010101l); - proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20); - proposal1->add_algorithm(proposal1, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - proposal1->set_spi(proposal1, ESP, 0x02020202); + proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20); + proposal1->add_algorithm(proposal1, PROTO_ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal1->set_spi(proposal1, PROTO_ESP, 0x02020202); - proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); - proposal2->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); - proposal2->add_algorithm(proposal2, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0); - proposal2->set_spi(proposal2, AH, 0x01010101); + proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal2->add_algorithm(proposal2, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + proposal2->add_algorithm(proposal2, PROTO_AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0); + proposal2->set_spi(proposal2, PROTO_AH, 0x01010101); - proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32); - proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); - proposal2->add_algorithm(proposal2, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - proposal2->set_spi(proposal2, ESP, 0x02020202); + proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32); + proposal2->add_algorithm(proposal2, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal2->add_algorithm(proposal2, PROTO_ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal2->set_spi(proposal2, PROTO_ESP, 0x02020202); list->insert_last(list, (void*)proposal1); list->insert_last(list, (void*)proposal2); @@ -1216,7 +1216,7 @@ void test_generator_with_delete_payload(protected_tester_t *tester) spis.ptr = "123456789012"; spis.len = strlen(spis.ptr); - delete_payload->set_protocol_id(delete_payload,AH); + delete_payload->set_protocol_id(delete_payload, PROTO_AH); delete_payload->set_spi_count(delete_payload,3); delete_payload->set_spi_size(delete_payload,4); delete_payload->set_spis(delete_payload,spis); @@ -1408,6 +1408,4 @@ void test_generator_with_eap_payload(protected_tester_t *tester) eap_payload->destroy(eap_payload); generator->destroy(generator); - - charon->logger_manager->destroy_logger(charon->logger_manager,logger); } diff --git a/Source/charon/testcases/hmac_signer_test.c b/Source/charon/testcases/hmac_signer_test.c index 6fd74c123..0cfbfdbd0 100644 --- a/Source/charon/testcases/hmac_signer_test.c +++ b/Source/charon/testcases/hmac_signer_test.c @@ -201,6 +201,4 @@ void test_hmac_sha1_signer(protected_tester_t *tester) } signer->destroy(signer); - charon->logger_manager->destroy_logger(charon->logger_manager,logger); - } diff --git a/Source/charon/testcases/parser_test.c b/Source/charon/testcases/parser_test.c index 5dcfc7ca3..81a6556f3 100644 --- a/Source/charon/testcases/parser_test.c +++ b/Source/charon/testcases/parser_test.c @@ -805,7 +805,7 @@ void test_parser_with_delete_payload(protected_tester_t *tester) return; } result = delete_payload->get_spis(delete_payload); - tester->assert_true(tester,(delete_payload->get_protocol_id(delete_payload) == ESP), "is ESP protocol"); + tester->assert_true(tester,(delete_payload->get_protocol_id(delete_payload) == PROTO_ESP), "is ESP protocol"); tester->assert_true(tester,(delete_payload->get_spi_size(delete_payload) == 3), "SPI size check"); tester->assert_true(tester,(delete_payload->get_spi_count(delete_payload) == 4), "SPI count check"); tester->assert_true(tester,(result.len == 12), "parsed data lenght"); diff --git a/Source/charon/testcases/policy_test.c b/Source/charon/testcases/policy_test.c index da906ee9c..d511f4ae4 100644 --- a/Source/charon/testcases/policy_test.c +++ b/Source/charon/testcases/policy_test.c @@ -61,16 +61,16 @@ void test_policy(protected_tester_t *tester) /* esp only prop */ proposal1 = proposal_create(1); - proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); /* ah only prop */ proposal2 = proposal_create(2); - proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); /* ah and esp prop */ proposal3 = proposal_create(3); - proposal3->add_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16); - proposal3->add_algorithm(proposal3, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal3->add_algorithm(proposal3, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16); + proposal3->add_algorithm(proposal3, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); policy->add_proposal(policy, proposal1); @@ -84,13 +84,13 @@ void test_policy(protected_tester_t *tester) proposals_list = linked_list_create(); proposal1 = proposal_create(1); - proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32); + proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32); proposal2 = proposal_create(2); - proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16); - proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0); - proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); - proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16); + proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0); + proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); proposals_list->insert_last(proposals_list, proposal1); proposals_list->insert_last(proposals_list, proposal2); @@ -98,7 +98,7 @@ void test_policy(protected_tester_t *tester) proposal_sel = policy->select_proposal(policy, proposals_list); tester->assert_false(tester, proposal_sel == NULL, "proposal select"); /* check ESP encryption algo */ - iterator = proposal_sel->create_algorithm_iterator(proposal_sel, ESP, ENCRYPTION_ALGORITHM); + iterator = proposal_sel->create_algorithm_iterator(proposal_sel, PROTO_ESP, ENCRYPTION_ALGORITHM); tester->assert_false(tester, iterator == NULL, "algorithm select ESP"); while (iterator->has_next(iterator)) { @@ -108,7 +108,7 @@ void test_policy(protected_tester_t *tester) tester->assert_true(tester, algo->key_size == 16, "ESP encryption keysize"); } iterator->destroy(iterator); - iterator = proposal_sel->create_algorithm_iterator(proposal_sel, AH, INTEGRITY_ALGORITHM); + iterator = proposal_sel->create_algorithm_iterator(proposal_sel, PROTO_AH, INTEGRITY_ALGORITHM); /* check AH integrity algo */ tester->assert_false(tester, iterator == NULL, "algorithm select AH"); while (iterator->has_next(iterator)) diff --git a/Source/charon/testcases/proposal_test.c b/Source/charon/testcases/proposal_test.c index 7e7f2a4c5..8df2bf403 100644 --- a/Source/charon/testcases/proposal_test.c +++ b/Source/charon/testcases/proposal_test.c @@ -39,38 +39,38 @@ void test_proposal(protected_tester_t *tester) bool result; proposal1 = proposal_create(1); - proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); - proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32); - proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0); - proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); - proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); - proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); - proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); + proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0); + proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32); + proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0); + proposal1->add_algorithm(proposal1, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20); + proposal1->add_algorithm(proposal1, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0); proposal2 = proposal_create(2); - proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0); - proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); - proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); - proposal1->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); + proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0); + proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16); + proposal2->add_algorithm(proposal2, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20); + proposal1->add_algorithm(proposal2, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0); /* ah and esp prop */ proposal3 = proposal1->select(proposal1, proposal2); tester->assert_false(tester, proposal3 == NULL, "proposal select"); if (proposal3) { - result = proposal3->get_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, &algo); + result = proposal3->get_algorithm(proposal3, PROTO_ESP, ENCRYPTION_ALGORITHM, &algo); tester->assert_true(tester, result, "encryption algo select"); tester->assert_true(tester, algo->algorithm == ENCR_AES_CBC, "encryption algo"); tester->assert_true(tester, algo->key_size == 16, "encryption keylen"); - result = proposal3->get_algorithm(proposal3, ESP, INTEGRITY_ALGORITHM, &algo); + result = proposal3->get_algorithm(proposal3, PROTO_ESP, INTEGRITY_ALGORITHM, &algo); tester->assert_true(tester, result, "integrity algo select"); tester->assert_true(tester, algo->algorithm == AUTH_HMAC_MD5_96, "integrity algo"); tester->assert_true(tester, algo->key_size == 20, "integrity keylen"); - iterator = proposal3->create_algorithm_iterator(proposal3, ESP, INTEGRITY_ALGORITHM); + iterator = proposal3->create_algorithm_iterator(proposal3, PROTO_ESP, INTEGRITY_ALGORITHM); tester->assert_false(tester, iterator == NULL, "integrity algo select"); while(iterator->has_next(iterator)) { @@ -80,7 +80,7 @@ void test_proposal(protected_tester_t *tester) } iterator->destroy(iterator); - iterator = proposal3->create_algorithm_iterator(proposal3, AH, DIFFIE_HELLMAN_GROUP ); + iterator = proposal3->create_algorithm_iterator(proposal3, PROTO_AH, DIFFIE_HELLMAN_GROUP ); tester->assert_false(tester, iterator == NULL, "dh group algo select"); while(iterator->has_next(iterator)) { diff --git a/Source/charon/testcases/rsa_test.c b/Source/charon/testcases/rsa_test.c index 31b6a249e..847096ec1 100644 --- a/Source/charon/testcases/rsa_test.c +++ b/Source/charon/testcases/rsa_test.c @@ -28,6 +28,103 @@ #include <utils/allocator.h> #include <utils/logger.h> +char private_key_buffer[] = { + 0x30,0x82,0x04,0xa2,0x02,0x00,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2, + 0x43,0x5b,0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4, + 0xd7,0xbb,0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88, + 0x5b,0x02,0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7, + 0x39,0xc1,0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1, + 0x9b,0x92,0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1, + 0x2d,0x5b,0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c, + 0x51,0xfb,0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb, + 0x6b,0x91,0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b, + 0x99,0xfb,0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8, + 0x10,0x1b,0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61, + 0xac,0xed,0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71, + 0xb0,0x37,0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe, + 0x31,0x96,0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05, + 0xce,0x7d,0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf, + 0x6e,0xc4,0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7, + 0x40,0x25,0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01, + 0x02,0x82,0x01,0x00,0x12,0x42,0x38,0x58,0x21,0xfc,0x51,0x34,0xa0,0x8b,0x4f,0x58, + 0x28,0x2c,0x7a,0x14,0xd8,0x98,0xfb,0xee,0x5b,0x85,0x69,0x0e,0x63,0x83,0x16,0xd9, + 0xc9,0x5f,0xcc,0x12,0x5d,0xa5,0x15,0x41,0xd6,0xb8,0x0c,0x6b,0xda,0x67,0x3a,0x83, + 0x09,0xf3,0xb8,0x89,0xd4,0x1d,0xc7,0x99,0x8f,0x23,0x59,0xe3,0x78,0x2b,0x41,0x8b, + 0xab,0x78,0x2c,0x7e,0x3b,0xbb,0xe0,0xf4,0x96,0xa8,0xd3,0x1d,0xc6,0xea,0x67,0x91, + 0x2c,0x30,0x1c,0xe9,0x4f,0xb8,0xa2,0xc3,0x5d,0x2c,0xf9,0x99,0x1c,0x6c,0xee,0xd7, + 0x16,0x28,0x3c,0x5a,0x32,0x35,0xb8,0x3a,0xf3,0xa7,0xa6,0x35,0x02,0xba,0xbf,0x67, + 0xab,0x44,0xe1,0x09,0x9b,0x48,0x5d,0xa5,0x9e,0xf4,0xb7,0xf4,0xd1,0xfc,0x68,0x9e, + 0x98,0x26,0x69,0x28,0xcc,0x19,0x75,0xf2,0x61,0x0e,0x23,0xeb,0xf9,0x6d,0x2c,0x2b, + 0x01,0x3f,0x4d,0x18,0x41,0xc5,0x31,0x9d,0x1c,0x20,0x81,0x4e,0x38,0x92,0xd5,0xbb, + 0xd7,0xe7,0x49,0x0c,0x3a,0xf3,0x8f,0x9e,0xf0,0xb3,0x32,0x1e,0xa7,0x77,0xe8,0x9c, + 0xf3,0xce,0x88,0x66,0xcc,0xe8,0x16,0xbb,0xfd,0xbc,0x62,0xc7,0xc3,0xeb,0x0a,0xf5, + 0xd8,0x53,0x02,0x6c,0x45,0xcb,0x1d,0xa3,0x96,0xfb,0xa5,0x26,0x18,0x7f,0x04,0x9f, + 0x80,0x4a,0xdb,0x3b,0x74,0xcf,0x0d,0x45,0xf4,0xd5,0x49,0xe9,0x27,0x54,0x9c,0x57, + 0x92,0x48,0x78,0x52,0xb6,0x40,0x89,0x3f,0xf3,0x95,0x06,0x3d,0x90,0xab,0xa0,0x8a, + 0xc7,0x54,0xf1,0x63,0xcf,0xa6,0xd2,0x83,0x1e,0x69,0x54,0xe0,0x77,0x2c,0x9e,0x3a, + 0x4f,0xdd,0x14,0x6d,0x02,0x81,0x81,0x00,0xd9,0x40,0x76,0x90,0x7c,0xe7,0x3b,0xa3, + 0x59,0x23,0x14,0x6b,0xf3,0x5f,0x6e,0x6b,0x82,0x34,0xf6,0xbd,0x3e,0xfb,0x65,0xac, + 0x2f,0x46,0xd5,0x6e,0x9b,0xb8,0x62,0x80,0xc3,0x0c,0xa9,0xa6,0x00,0xd6,0xb8,0x1c, + 0x12,0x8d,0x4d,0xd0,0x64,0x29,0x4c,0xac,0x38,0xe8,0x6c,0xe4,0x82,0x02,0x4e,0x10, + 0xd5,0x39,0x19,0x29,0x0c,0x58,0x3f,0x68,0xa0,0x11,0x0e,0x11,0x74,0x22,0x2b,0x7e, + 0xc2,0xa7,0x88,0xe3,0x33,0xe8,0xb4,0x50,0x6e,0x0c,0x54,0xc5,0x3f,0xb7,0x16,0xcb, + 0x39,0xed,0x23,0xd0,0x66,0x26,0x57,0xf9,0xcb,0xc9,0xac,0xe2,0xa4,0xb8,0xba,0xd8, + 0xd2,0x1f,0x4a,0xed,0x73,0x89,0xda,0x42,0x27,0x5a,0x26,0x30,0x33,0xc8,0x42,0x2a, + 0x3d,0xc5,0xf3,0xc2,0x29,0x3d,0x58,0x67,0x02,0x81,0x81,0x00,0xb6,0xd4,0x61,0x05, + 0x49,0xcb,0xf4,0x29,0x8a,0x22,0xd3,0xa3,0x7c,0x9c,0xd2,0x07,0xa4,0x66,0xe4,0x36, + 0xfa,0x5e,0xf6,0x64,0xb7,0x59,0x74,0x2f,0x36,0x6d,0x12,0xd0,0xc9,0x4d,0xf8,0xd1, + 0xba,0xd1,0xee,0xd2,0x78,0xcd,0x51,0x69,0x33,0x6a,0x03,0xff,0xc2,0x35,0x1d,0x0d, + 0x9c,0x0a,0x87,0x5e,0x09,0xa3,0x23,0x4c,0xab,0xc3,0x4c,0x4a,0x1c,0xa4,0xc5,0xe2, + 0x70,0x42,0x1c,0xcf,0xea,0x79,0xfb,0xb9,0x87,0x67,0x4d,0xc3,0xfc,0xcc,0x86,0x9d, + 0xfa,0xea,0x99,0xa5,0x1b,0xc1,0x96,0xf4,0x79,0x4d,0x66,0x12,0x8f,0x90,0x98,0xb4, + 0xa1,0x3b,0xd6,0x2f,0x64,0xb4,0x5f,0x8f,0x47,0x7f,0x43,0xa5,0x6d,0xeb,0x06,0x58, + 0xfb,0x04,0x9e,0xef,0xaf,0x88,0x35,0x88,0xa1,0x15,0x30,0x97,0x02,0x81,0x80,0x59, + 0xbe,0xe0,0x7b,0xc5,0xad,0x3c,0x1c,0xb9,0x98,0xdd,0x39,0xce,0xfa,0xd0,0x41,0x87, + 0x33,0x5b,0xee,0x47,0x93,0x50,0xa7,0xf5,0x8b,0xbc,0x65,0x89,0xdc,0x7c,0x8c,0x96, + 0x86,0xa7,0x9a,0x54,0xe4,0x5e,0x7f,0xf2,0x45,0xff,0x2c,0x24,0x04,0x4f,0x91,0x21, + 0x9d,0x1a,0x46,0xb7,0x52,0x3e,0x6f,0x83,0xb5,0xa7,0xa8,0x26,0x5a,0x5a,0x2f,0x5d, + 0x58,0x4e,0x48,0x75,0x82,0x1c,0x17,0xac,0x4f,0xcb,0x23,0x98,0x70,0xfb,0xf3,0xf1, + 0xd2,0x14,0x3e,0xbb,0x98,0x65,0xc9,0x24,0x2f,0xcb,0x48,0xae,0xba,0x0e,0x43,0xb9, + 0xa4,0xa1,0x4f,0xab,0x1e,0x48,0xc9,0x82,0xdb,0xbc,0x77,0x24,0xf0,0x80,0x82,0x2d, + 0x81,0x77,0x1f,0x18,0x75,0x14,0xa8,0x20,0x86,0xa2,0xb0,0xc5,0x9a,0x7a,0xe7,0x02, + 0x81,0x80,0x1b,0x6d,0xb1,0x40,0x81,0xd9,0xbf,0x3f,0x9c,0x21,0xad,0x6e,0x91,0x7b, + 0x55,0x67,0x20,0x1a,0xef,0x91,0xef,0xed,0xdf,0x39,0x2c,0xe8,0x96,0xad,0x9e,0x94, + 0xae,0x85,0xf4,0x2d,0x66,0x6e,0xd0,0x80,0x3e,0x3c,0x05,0x33,0x88,0x4b,0x28,0x13, + 0x77,0x96,0x1f,0x24,0xa8,0xbf,0x29,0xf1,0xca,0x6d,0x29,0x34,0xf8,0x4e,0xc0,0x56, + 0x04,0x53,0xfa,0x08,0x1e,0x47,0xe2,0x5f,0x88,0xc3,0x08,0x82,0x54,0x69,0x79,0x0e, + 0xde,0x73,0xd0,0xb1,0x3e,0x60,0xe5,0x0b,0xdd,0x11,0x10,0x20,0xf2,0xec,0xaa,0x66, + 0x1a,0x32,0x1e,0xa7,0xaa,0xc1,0x2e,0x8f,0x33,0x8a,0xd8,0xa8,0xd6,0xcd,0x40,0x04, + 0xaf,0xb9,0x59,0xcc,0x30,0x9f,0x98,0xc9,0x10,0xaf,0x14,0xbe,0x72,0x89,0x94,0xe1, + 0x00,0xf1,0x02,0x81,0x81,0x00,0xd6,0xac,0x26,0xd2,0x42,0x5b,0x16,0xa9,0x39,0x02, + 0x63,0x76,0xa4,0xf5,0x40,0x3a,0xde,0xfa,0xea,0xd8,0xd3,0x12,0xee,0x44,0x00,0xfe, + 0xcb,0xa1,0x78,0x18,0xaa,0xa7,0x08,0xea,0x5e,0x36,0x52,0x28,0x0d,0x02,0x5a,0x9e, + 0x2d,0xc1,0x22,0x29,0x08,0x4f,0xed,0xff,0xa9,0xa6,0x08,0x8d,0x77,0xa4,0x5c,0xae, + 0xa7,0x8a,0x19,0x90,0xc2,0x12,0xc8,0x0f,0xb8,0x24,0xb5,0xba,0x45,0x2f,0xa6,0xc2, + 0x10,0x4c,0x0d,0x7e,0xf2,0xfd,0x11,0x26,0x16,0x34,0xbe,0x08,0x25,0x41,0x8b,0xcc, + 0x60,0xe7,0x02,0x3e,0x6a,0x54,0x05,0x80,0x66,0x2d,0x55,0x06,0xe6,0xbe,0x9b,0x15, + 0x9d,0xd3,0x5d,0xc4,0x6b,0x3f,0x74,0xa6,0x24,0xbc,0x7f,0x13,0xdf,0xe3,0x51,0x86, + 0x64,0x0f,0x1d,0x1f,0xf2,0x1e, +}; + +char public_key_buffer[] = { + 0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,0x43,0x5b, + 0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,0xd7,0xbb, + 0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,0x5b,0x02, + 0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,0x39,0xc1, + 0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,0x9b,0x92, + 0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,0x2d,0x5b, + 0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,0x51,0xfb, + 0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,0x6b,0x91, + 0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,0x99,0xfb, + 0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,0x10,0x1b, + 0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,0xac,0xed, + 0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,0xb0,0x37, + 0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,0x31,0x96, + 0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,0xce,0x7d, + 0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,0x6e,0xc4, + 0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,0x40,0x25, + 0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01, +}; /* * described in Header-File @@ -36,9 +133,13 @@ void test_rsa(protected_tester_t *tester) { rsa_private_key_t *private_key; rsa_public_key_t *public_key; - chunk_t data, signature, private_key_chunk, public_key_chunk; + chunk_t data, signature; + chunk_t der_private_key = {private_key_buffer, sizeof(private_key_buffer)}; + chunk_t der_public_key = {public_key_buffer, sizeof(public_key_buffer)}; logger_t *logger; status_t status; + + /* key generation and signing */ u_int8_t test_data[] = { 0x01,0x02,0x03,0x04, 0x01,0x02,0x03,0x04, @@ -61,25 +162,32 @@ void test_rsa(protected_tester_t *tester) private_key->generate_key(private_key, 512); status = private_key->build_emsa_pkcs1_signature(private_key, HASH_MD5, data, &signature); - tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature"); + tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature (genkey)"); public_key = private_key->get_public_key(private_key); status = public_key->verify_emsa_pkcs1_signature(public_key, data, signature); - tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature"); + tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature (genkey)"); - public_key->get_key(public_key, &public_key_chunk); - private_key->get_key(private_key, &private_key_chunk); + allocator_free(signature.ptr); - logger->log_chunk(logger, RAW, "Public Key", public_key_chunk); - logger->log_chunk(logger, RAW, "Private Key", private_key_chunk); + private_key->destroy(private_key); + public_key->destroy(public_key); + + /* key loading */ + private_key = rsa_private_key_create(); + private_key->set_key(private_key, der_private_key); + public_key = rsa_public_key_create(); + public_key->set_key(public_key, der_public_key); + + status = private_key->build_emsa_pkcs1_signature(private_key, HASH_MD5, data, &signature); + tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature (setkey)"); + status = public_key->verify_emsa_pkcs1_signature(public_key, data, signature); + tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature (setkey)"); - allocator_free(public_key_chunk.ptr); - allocator_free(private_key_chunk.ptr); allocator_free(signature.ptr); - private_key->destroy(private_key); public_key->destroy(public_key); - + private_key->destroy(private_key); } diff --git a/Source/charon/testcases/testcases.c b/Source/charon/testcases/testcases.c index 1d44cf5d8..34a3ff5ae 100644 --- a/Source/charon/testcases/testcases.c +++ b/Source/charon/testcases/testcases.c @@ -62,6 +62,7 @@ #include <testcases/rsa_test.h> #include <testcases/kernel_interface_test.h> #include <testcases/child_sa_test.h> +#include <testcases/der_decoder_test.h> /* output for test messages */ extern FILE * stderr; @@ -128,6 +129,7 @@ test_t proposal_test = {test_proposal, "proposal_t test"}; test_t rsa_test = {test_rsa, "RSA private/public key test"}; test_t kernel_interface_test = {test_kernel_interface, "Kernel Interface"}; test_t child_sa_test = {test_child_sa, "Child SA"}; +test_t der_decoder_test = {test_der_decoder, "DER decoder"}; daemon_t* charon; @@ -135,7 +137,7 @@ daemon_t* charon; static void daemon_kill(daemon_t *this, char* none) { this->logger_manager->destroy(this->logger_manager); - this->socket->destroy(this->socket); + //this->socket->destroy(this->socket); this->ike_sa_manager->destroy(this->ike_sa_manager); this->job_queue->destroy(this->job_queue); this->event_queue->destroy(this->event_queue); @@ -158,7 +160,7 @@ daemon_t *daemon_create() charon->kill = daemon_kill; charon->logger_manager = logger_manager_create(0); - charon->socket = socket_create(4510); + //charon->socket = socket_create(4510); charon->ike_sa_manager = ike_sa_manager_create(); charon->job_queue = job_queue_create(); charon->event_queue = event_queue_create(); @@ -250,14 +252,13 @@ int main() daemon_create(); charon->logger_manager->disable_log_level(charon->logger_manager,TESTER,FULL); - charon->logger_manager->enable_log_level(charon->logger_manager,CHILD_SA,FULL); - /* charon->logger_manager->enable_log_level(charon->logger_manager,TESTER,RAW); */ + charon->logger_manager->enable_log_level(charon->logger_manager,DER_DECODER,FULL); tester_t *tester = tester_create(test_output, FALSE); //tester->perform_tests(tester,all_tests); - tester->perform_test(tester,&kernel_interface_test); + tester->perform_test(tester,&rsa_test); tester->destroy(tester); diff --git a/Source/charon/transforms/certificate.c b/Source/charon/transforms/certificate.c new file mode 100755 index 000000000..6d10d9f54 --- /dev/null +++ b/Source/charon/transforms/certificate.c @@ -0,0 +1,518 @@ +/** + * @file certificate.c + * + * @brief Implementation of certificate_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <gmp.h> + +#include "certificate.h" + +#include <daemon.h> +#include <utils/allocator.h> +#include <asn1/der_decoder.h> + + +typedef struct private_certificate_t private_certificate_t; + +/** + * Private data of a certificate_t object. + */ +struct private_certificate_t { + /** + * Public interface for this signer. + */ + certificate_t public; +}; + +#define OSET(x) offsetof(private_certiciate_t, x) + +/** + * Rules for de-/encoding of a certificate from/in ASN1 + */ +static asn1_rule_t certificate_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0 }, /* certificate */ + { ASN1_SEQUENCE, 0, 0, 0 }, /* tbsCertificate */ + { ASN1_TAG_E_0, ASN1_DEFAULT, OSET(version), 0 }, /* EXPLICIT version DEFAULT v1(0) */ + { ASN1_INTEGER, 0, OSET(version), 0 }, + { ASN1_INTEGER, 0, OSET(serial), 0 }, /* serialNumber */ + { ASN1_SEQUENCE, 0, 0, 0 }, /* signature */ + { ASN1_OID, 0, OSET(sign_alg), 0 }, /* algorithm */ + { ASN1_END, 0, 0, 0 }, /* signature */ + { ASN1_CHOICE, 0, 0, 0 }, /* issuer */ + { ASN1_SEQUENCE, ASN1_OF, 0, 0 }, + /* name */ + { ASN1_END, 0, 0, 0 }, + { ASN1_END, 0, 0, 0 }, /* issuer */ + { ASN1_SEQUENCE, 0, 0, 0 }, /* validity */ + { ASN1_CHOICE, 0, 0, 0 }, /* notBefore */ + { ASN1_UTCTIME, 0, OSET(not_before), 0 }, /* utcTime */ + { ASN1_GENERALIZEDTIME, 0, OSET(not_before), 0 }, /* generalTime */ + { ASN1_END, 0, 0, 0 }, /* notBefore */ + { ASN1_CHOICE, 0, 0, 0 }, /* notAfter */ + { ASN1_UTCTIME, 0, OSET(not_after), 0 }, /* utcTime */ + { ASN1_GENERALIZEDTIME, 0, OSET(not_after), 0 }, /* generalTime */ + { ASN1_END, 0, 0, 0 }, /* notAfter */ + { ASN1_END, 0, 0, 0 }, /* validity */ + { ASN1_CHOICE, 0, 0, 0 }, /* subject */ + { ASN1_SEQUENCE, ASN1_OF, 0, 0 }, + /* name */ + { ASN1_END, 0, 0, 0 }, + { ASN1_END, 0, 0, 0 }, /* subject */ + { ASN1_SEQUENCE, 0, 0, 0 }, /* subjectPublicKeyInfo */ + { ASN1_OID, 0, OSET(pubkey_alg), 0 }, /* algorithm */ + { ASN1_BITSTRING, 0, OSET(pubkey), 0 }, /* subjectPublicKey */ + { ASN1_END, 0, 0, 0 }, /* subjectPublicKeyInfo */ + { ASN1_TAG_I_1, ASN1_OPTIONAL, 0, OSET(has_issuer_uid)}, /* IMPLICIT issuerUniqueID OPTIONAL */ + { ASN1_BITSTRING, 0, OSET(issuer_uid), 0 }, + { ASN1_TAG_I_2, ASN1_OPTIONAL, 0, OSET(has_subject_uid)},/* IMPLICIT subjectUniqueID OPTIONAL */ + { ASN1_BITSTRING, 0, OSET(subject_uid), 0 }, + { ASN1_TAG_E_3, ASN1_OPTIONAL, 0, 0 }, /* EXPLICIT extensions OPTIONAL*/ + { ASN1_SEQUENCE, ASN1_OF, 0, 0 }, + /* extension */ + { ASN1_END 0, 0, 0, }, /* extensions */ + { ASN1_END, 0, 0, 0 }, /* certificate */ +}; + +/** + * Implementation of private_certificate_t.compute_prime. + */ +static void compute_prime(private_certificate_t *this, size_t prime_size, mpz_t *prime) +{ + randomizer_t *randomizer; + chunk_t random_bytes; + + randomizer = randomizer_create(); + mpz_init(*prime); + + do + { + randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes); + + /* make sure most significant bit is set */ + random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80; + + /* convert chunk to mpz value */ + mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); + + /* get next prime */ + mpz_nextprime (*prime, *prime); + + allocator_free(random_bytes.ptr); + } + /* check if it isnt too large */ + while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size); + + randomizer->destroy(randomizer); +} + +/** + * Implementation of private_certificate_t.rsadp and private_certificate_t.rsasp1. + */ +static chunk_t rsadp(private_certificate_t *this, chunk_t data) +{ + mpz_t t1, t2; + chunk_t decrypted; + + mpz_init(t1); + mpz_init(t2); + + mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); + + mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ + mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ + mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ + mpz_mod(t2, t2, this->p); + mpz_mul(t2, t2, this->coeff); + mpz_mod(t2, t2, this->p); + + mpz_mul(t2, t2, this->q); /* m = m2 + h q */ + mpz_add(t1, t1, t2); + + decrypted.len = this->k; + decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); + + mpz_clear(t1); + mpz_clear(t2); + + return decrypted; +} + +/** + * Implementation of certificate.build_emsa_signature. + */ +static status_t build_emsa_pkcs1_signature(private_certificate_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature) +{ + hasher_t *hasher; + chunk_t hash; + chunk_t oid; + chunk_t em; + + /* get oid string prepended to hash */ + switch (hash_algorithm) + { + case HASH_MD2: + { + oid.ptr = md2_oid; + oid.len = sizeof(md2_oid); + break; + } + case HASH_MD5: + { + oid.ptr = md5_oid; + oid.len = sizeof(md5_oid); + break; + } + case HASH_SHA1: + { + oid.ptr = sha1_oid; + oid.len = sizeof(sha1_oid); + break; + } + case HASH_SHA256: + { + oid.ptr = sha256_oid; + oid.len = sizeof(sha256_oid); + break; + } + case HASH_SHA384: + { + oid.ptr = sha384_oid; + oid.len = sizeof(sha384_oid); + break; + } + case HASH_SHA512: + { + oid.ptr = sha512_oid; + oid.len = sizeof(sha512_oid); + break; + } + default: + { + return NOT_SUPPORTED; + } + } + + /* get hasher */ + hasher = hasher_create(hash_algorithm); + if (hasher == NULL) + { + return NOT_SUPPORTED; + } + + /* build hash */ + hasher->allocate_hash(hasher, data, &hash); + hasher->destroy(hasher); + + /* build chunk to rsa-decrypt: + * EM = 0x00 || 0x01 || PS || 0x00 || T. + * PS = 0xFF padding, with length to fill em + * T = oid || hash + */ + em.len = this->k; + em.ptr = allocator_alloc(em.len); + + /* fill em with padding */ + memset(em.ptr, 0xFF, em.len); + /* set magic bytes */ + *(em.ptr) = 0x00; + *(em.ptr+1) = 0x01; + *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00; + /* set hash */ + memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len); + /* set oid */ + memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len); + + + /* build signature */ + *signature = this->rsasp1(this, em); + + allocator_free(hash.ptr); + allocator_free(em.ptr); + + return SUCCESS; +} + + +/** + * Implementation of certificate.set_key. + */ +static status_t set_key(private_certificate_t *this, chunk_t key) +{ + der_decoder_t *dd; + status_t status; + + dd = der_decoder_create(certificate_rules); + + status = dd->decode(dd, key, this); + if (status == SUCCESS) + { + this->is_key_set = TRUE; + this->k = mpz_sizeinbase(this->n, 2) / 8; + } + dd->destroy(dd); + return status; +} + +/** + * Implementation of certificate.get_key. + */ +static status_t get_key(private_certificate_t *this, chunk_t *key) +{ + if (!this->is_key_set) + { + return INVALID_STATE; + } + + chunk_t n, e, p, q, d, exp1, exp2, coeff; + + n.len = this->k; + n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); + e.len = this->k; + e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); + p.len = this->k; + p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p); + q.len = this->k; + q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q); + d.len = this->k; + d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d); + exp1.len = this->k; + exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1); + exp2.len = this->k; + exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2); + coeff.len = this->k; + coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff); + + key->len = this->k * 8; + key->ptr = allocator_alloc(key->len); + memcpy(key->ptr + this->k * 0, n.ptr , n.len); + memcpy(key->ptr + this->k * 1, e.ptr, e.len); + memcpy(key->ptr + this->k * 2, p.ptr, p.len); + memcpy(key->ptr + this->k * 3, q.ptr, q.len); + memcpy(key->ptr + this->k * 4, d.ptr, d.len); + memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len); + memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len); + memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len); + + allocator_free(n.ptr); + allocator_free(e.ptr); + allocator_free(p.ptr); + allocator_free(q.ptr); + allocator_free(d.ptr); + allocator_free(exp1.ptr); + allocator_free(exp2.ptr); + allocator_free(coeff.ptr); + + return SUCCESS; +} + +/** + * Implementation of certificate.load_key. + */ +static status_t load_key(private_certificate_t *this, char *file) +{ + return NOT_SUPPORTED; +} + +/** + * Implementation of certificate.save_key. + */ +static status_t save_key(private_certificate_t *this, char *file) +{ + return NOT_SUPPORTED; +} + +/** + * Implementation of certificate.generate_key. + */ +static status_t generate_key(private_certificate_t *this, size_t key_size) +{ + mpz_t p, q, n, e, d, exp1, exp2, coeff; + mpz_t m, q1, t; + + if (key_size < 0) + { + return INVALID_ARG; + } + + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->p); + mpz_clear(this->q); + mpz_clear(this->d); + mpz_clear(this->exp1); + mpz_clear(this->exp2); + mpz_clear(this->coeff); + + key_size = key_size / 8; + + mpz_init(t); + mpz_init(n); + mpz_init(d); + mpz_init(exp1); + mpz_init(exp2); + mpz_init(coeff); + + /* Get values of primes p and q */ + this->compute_prime(this, key_size/2, &p); + this->compute_prime(this, key_size/2, &q); + + /* Swapping Primes so p is larger then q */ + if (mpz_cmp(p, q) < 0) + { + mpz_set(t, p); + mpz_set(p, q); + mpz_set(q, t); + } + + mpz_mul(n, p, q); /* n = p*q */ + mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */ + mpz_init_set(m, p); /* m = p */ + mpz_sub_ui(m, m, 1); /* m = m -1 */ + mpz_init_set(q1, q); /* q1 = q */ + mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */ + mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */ + mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */ + mpz_divexact(m, m, t); /* m = m / t */ + mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */ + + mpz_invert(d, e, m); /* e has an inverse mod m */ + if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */ + { + mpz_add(d, d, m); + } + mpz_sub_ui(t, p, 1); /* t = p-1 */ + mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */ + mpz_sub_ui(t, q, 1); /* t = q-1 */ + mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */ + + mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */ + if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */ + { + mpz_add(coeff, coeff, p); + } + + mpz_clear(q1); + mpz_clear(m); + mpz_clear(t); + + /* apply values */ + *(this->p) = *p; + *(this->q) = *q; + *(this->n) = *n; + *(this->e) = *e; + *(this->d) = *d; + *(this->exp1) = *exp1; + *(this->exp2) = *exp2; + *(this->coeff) = *coeff; + + /* set key size in bytes */ + + this->is_key_set = TRUE; + this->k = key_size; + + return SUCCESS; +} + +/** + * Implementation of certificate.get_public_key. + */ +rsa_public_key_t *get_public_key(private_certificate_t *this) +{ + rsa_public_key_t *public_key; + //chunk_t key; + + public_key = rsa_public_key_create(); + + if (this->is_key_set) + { + + chunk_t n, e, key; + + n.len = this->k; + n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n); + e.len = this->k; + e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e); + + key.len = this->k * 2; + key.ptr = allocator_alloc(key.len); + memcpy(key.ptr, n.ptr, n.len); + memcpy(key.ptr + n.len, e.ptr, e.len); + allocator_free(n.ptr); + allocator_free(e.ptr); + + public_key->set_key(public_key, key); + allocator_free(key.ptr); + + } + + return public_key; +} + + +/** + * Implementation of certificate.destroy. + */ +static void destroy(private_certificate_t *this) +{ + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->p); + mpz_clear(this->q); + mpz_clear(this->d); + mpz_clear(this->exp1); + mpz_clear(this->exp2); + mpz_clear(this->coeff); + allocator_free(this); +} + +/* + * Described in header. + */ +certificate_t *certificate_create(hash_algorithm_t hash_algoritm) +{ + private_certificate_t *this = allocator_alloc_thing(private_certificate_t); + + /* public functions */ + this->public.build_emsa_pkcs1_signature = (status_t (*) (certificate_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature; + this->public.set_key = (status_t (*) (certificate_t*,chunk_t))set_key; + this->public.get_key = (status_t (*) (certificate_t*,chunk_t*))get_key; + this->public.load_key = (status_t (*) (certificate_t*,char*))load_key; + this->public.save_key = (status_t (*) (certificate_t*,char*))save_key; + this->public.generate_key = (status_t (*) (certificate_t*,size_t))generate_key; + this->public.get_public_key = (rsa_public_key_t *(*) (certificate_t*))get_public_key; + this->public.destroy = (void (*) (certificate_t*))destroy; + + /* private functions */ + this->rsadp = rsadp; + this->rsasp1 = rsadp; /* same algorithm */ + this->compute_prime = compute_prime; + + mpz_init(this->n); + mpz_init(this->e); + mpz_init(this->p); + mpz_init(this->q); + mpz_init(this->d); + mpz_init(this->exp1); + mpz_init(this->exp2); + mpz_init(this->coeff); + this->is_key_set = FALSE; + + return &(this->public); +} diff --git a/Source/charon/transforms/certificate.h b/Source/charon/transforms/certificate.h new file mode 100755 index 000000000..3cbe7f9ba --- /dev/null +++ b/Source/charon/transforms/certificate.h @@ -0,0 +1,72 @@ +/** + * @file certificate.h + * + * @brief Interface of certificate_t. + * + */ + +/* + * Copyright (C) 2006 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#ifndef CERTIFICATE_H_ +#define CERTIFICATE_H_ + +#include <types.h> +#include <definitions.h> +#include <transforms/rsa/rsa_public_key.h> +#include <transforms/hashers/hasher.h> + + +typedef struct certificate_t certificate_t; + +/** + * @brief X509 certificate. + * + * Currently only supports signing using EMSA encoding. + * + * @b Constructors: + * - certificate_create() + * + * @ingroup rsa + */ +struct certificate_t { + + /** + * @brief Get the RSA public key from the certificate. + * + * @param this calling object + * @return public_key + */ + rsa_public_key_t *(*get_public_key) (certificate_t *this); + + /** + * @brief Destroys the private key. + * + * @param this private key to destroy + */ + void (*destroy) (certificate_t *this); +}; + +/** + * @brief Create a new certificate without + * any key inside. + * + * @return created certificate_t. + * + * @ingroup rsa + */ +certificate_t *certificate_create(); + +#endif /* CERTIFICATE_H_ */ diff --git a/Source/charon/transforms/rsa/rsa_private_key.c b/Source/charon/transforms/rsa/rsa_private_key.c index 34a217c6a..22315e90e 100644 --- a/Source/charon/transforms/rsa/rsa_private_key.c +++ b/Source/charon/transforms/rsa/rsa_private_key.c @@ -26,6 +26,7 @@ #include <daemon.h> #include <utils/allocator.h> +#include <asn1/der_decoder.h> /* @@ -39,20 +40,6 @@ extern u_int8_t sha256_oid[19]; extern u_int8_t sha384_oid[19]; extern u_int8_t sha512_oid[19]; -/* -asn1_module_t rsa_private_key_module = { - {ASN1_SEQUENCE, 0, 0, 0}, - { ASN1_INTEGER, 0, offsetof(private_rsa_private_key, version), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, n), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, e), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, d), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, p), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, q), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp1), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp2), 0}, - { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, coeff), 0}, - {ASN1_END, 0, 0, 0}, -};*/ /** * Public exponent to use for key generation. @@ -155,6 +142,23 @@ struct private_rsa_private_key_t { }; /** + * Rules for de-/encoding of a private key from/in ASN1 + */ +static asn1_rule_t rsa_private_key_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_INTEGER, 0, offsetof(private_rsa_private_key_t, version), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, n), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, e), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, d), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, p), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, q), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp1), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp2), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, coeff), 0}, + {ASN1_END, 0, 0, 0}, +}; + +/** * Implementation of private_rsa_private_key_t.compute_prime. */ static void compute_prime(private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime) @@ -174,10 +178,10 @@ static void compute_prime(private_rsa_private_key_t *this, size_t prime_size, mp /* convert chunk to mpz value */ mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); - + /* get next prime */ mpz_nextprime (*prime, *prime); - + allocator_free(random_bytes.ptr); } /* check if it isnt too large */ @@ -194,28 +198,28 @@ static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data) mpz_t t1, t2; chunk_t decrypted; - mpz_init(t1); - mpz_init(t2); - - mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); - - mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ - mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ - mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ - mpz_mod(t2, t2, this->p); - mpz_mul(t2, t2, this->coeff); - mpz_mod(t2, t2, this->p); - - mpz_mul(t2, t2, this->q); /* m = m2 + h q */ - mpz_add(t1, t1, t2); - - decrypted.len = this->k; - decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); - - mpz_clear(t1); - mpz_clear(t2); - - return decrypted; + mpz_init(t1); + mpz_init(t2); + + mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr); + + mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */ + mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */ + mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */ + mpz_mod(t2, t2, this->p); + mpz_mul(t2, t2, this->coeff); + mpz_mod(t2, t2, this->p); + + mpz_mul(t2, t2, this->q); /* m = m2 + h q */ + mpz_add(t1, t1, t2); + + decrypted.len = this->k; + decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1); + + mpz_clear(t1); + mpz_clear(t2); + + return decrypted; } /** @@ -319,51 +323,21 @@ static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash */ static status_t set_key(private_rsa_private_key_t *this, chunk_t key) { - chunk_t n, e, p, q, d, exp1, exp2, coeff; - this->k = key.len / 8; - - n.len = this->k; - e.len = this->k; - p.len = this->k; - q.len = this->k; - d.len = this->k; - exp1.len = this->k; - exp2.len = this->k; - coeff.len = this->k; + der_decoder_t *dd; + status_t status; - n.ptr = key.ptr + this->k * 0; - e.ptr = key.ptr + this->k * 1; - p.ptr = key.ptr + this->k * 2; - q.ptr = key.ptr + this->k * 3; - d.ptr = key.ptr + this->k * 4; - exp1.ptr = key.ptr + this->k * 5; - exp2.ptr = key.ptr + this->k * 6; - coeff.ptr = key.ptr + this->k * 7; + dd = der_decoder_create(rsa_private_key_rules); - mpz_init(this->n); - mpz_init(this->e); - mpz_init(this->p); - mpz_init(this->q); - mpz_init(this->d); - mpz_init(this->exp1); - mpz_init(this->exp2); - mpz_init(this->coeff); - - mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr); - mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr); - mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr); - mpz_import(this->q, this->k, 1, 1, 1, 0, q.ptr); - mpz_import(this->d, this->k, 1, 1, 1, 0, d.ptr); - mpz_import(this->exp1, this->k, 1, 1, 1, 0, exp1.ptr); - mpz_import(this->exp2, this->k, 1, 1, 1, 0, exp2.ptr); - mpz_import(this->coeff, this->k, 1, 1, 1, 0, coeff.ptr); - - this->is_key_set = TRUE; - - return SUCCESS; - + status = dd->decode(dd, key, this); + if (status == SUCCESS) + { + this->is_key_set = TRUE; + this->k = mpz_sizeinbase(this->n, 2) / 8; + } + dd->destroy(dd); + return status; } - + /** * Implementation of rsa_private_key.get_key. */ @@ -445,17 +419,14 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) return INVALID_ARG; } - if (this->is_key_set) - { - mpz_clear(this->n); - mpz_clear(this->e); - mpz_clear(this->p); - mpz_clear(this->q); - mpz_clear(this->d); - mpz_clear(this->exp1); - mpz_clear(this->exp2); - mpz_clear(this->coeff); - } + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->p); + mpz_clear(this->q); + mpz_clear(this->d); + mpz_clear(this->exp1); + mpz_clear(this->exp2); + mpz_clear(this->coeff); key_size = key_size / 8; @@ -471,7 +442,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) this->compute_prime(this, key_size/2, &q); /* Swapping Primes so p is larger then q */ - if (mpz_cmp(p, q) < 0) + if (mpz_cmp(p, q) < 0) { mpz_set(t, p); mpz_set(p, q); @@ -510,7 +481,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size) mpz_clear(t); /* apply values */ - *(this->p) = *p; + *(this->p) = *p; *(this->q) = *q; *(this->n) = *n; *(this->e) = *e; @@ -568,17 +539,14 @@ rsa_public_key_t *get_public_key(private_rsa_private_key_t *this) */ static void destroy(private_rsa_private_key_t *this) { - if (this->is_key_set) - { - mpz_clear(this->n); - mpz_clear(this->e); - mpz_clear(this->p); - mpz_clear(this->q); - mpz_clear(this->d); - mpz_clear(this->exp1); - mpz_clear(this->exp2); - mpz_clear(this->coeff); - } + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->p); + mpz_clear(this->q); + mpz_clear(this->d); + mpz_clear(this->exp1); + mpz_clear(this->exp2); + mpz_clear(this->coeff); allocator_free(this); } @@ -604,6 +572,14 @@ rsa_private_key_t *rsa_private_key_create(hash_algorithm_t hash_algoritm) this->rsasp1 = rsadp; /* same algorithm */ this->compute_prime = compute_prime; + mpz_init(this->n); + mpz_init(this->e); + mpz_init(this->p); + mpz_init(this->q); + mpz_init(this->d); + mpz_init(this->exp1); + mpz_init(this->exp2); + mpz_init(this->coeff); this->is_key_set = FALSE; return &(this->public); diff --git a/Source/charon/transforms/rsa/rsa_public_key.c b/Source/charon/transforms/rsa/rsa_public_key.c index 6271e4a05..fb3fe3c67 100644 --- a/Source/charon/transforms/rsa/rsa_public_key.c +++ b/Source/charon/transforms/rsa/rsa_public_key.c @@ -27,16 +27,17 @@ #include <daemon.h> #include <utils/allocator.h> #include <transforms/hashers/hasher.h> +#include <asn1/der_decoder.h> /* - * Since we don't have an ASN1 parser/generator, + * For simplicity, * we use these predefined values for - * hash algorithm oids. These also contain + * hash algorithm OIDs. These also contain * the length of the following hash. * These values are also used in rsa_private_key.c. */ -u_int8_t md2_oid[18] = { +u_int8_t md2_oid[] = { 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86, 0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00, 0x04,0x10 @@ -92,6 +93,7 @@ struct private_rsa_public_key_t { * Public modulus. */ mpz_t n; + /** * Public exponent. */ @@ -122,7 +124,17 @@ struct private_rsa_public_key_t { }; /** - * Implementation of private_rsa_public_key_t.rsadp and private_rsa_public_key_t.rsavp1 + * Rules for de-/encoding of a public key from/in ASN1 + */ +static asn1_rule_t rsa_public_key_rules[] = { + {ASN1_SEQUENCE, 0, 0, 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, n), 0}, + { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, e), 0}, + {ASN1_END, 0, 0, 0}, +}; + +/** + * Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1 */ static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data) { @@ -146,7 +158,7 @@ static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data) } /** - * Implementation of rsa_public_key.verify_emsa_signature. + * Implementation of rsa_public_key.verify_emsa_pkcs1_signature. */ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature) { @@ -278,25 +290,20 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun */ static status_t set_key(private_rsa_public_key_t *this, chunk_t key) { - chunk_t n, e; - - n.len = key.len/2; - n.ptr = key.ptr; - e.len = n.len; - e.ptr = key.ptr + n.len; - - mpz_init(this->n); - mpz_init(this->e); + der_decoder_t *dd; + status_t status; - mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr); - mpz_import(this->e, n.len, 1, 1, 1, 0, e.ptr); + dd = der_decoder_create(rsa_public_key_rules); - this->k = n.len; - - this->is_key_set = TRUE; - - return SUCCESS; -} + status = dd->decode(dd, key, this); + if (status == SUCCESS) + { + this->is_key_set = TRUE; + this->k = mpz_sizeinbase(this->n, 2) / 8; + } + dd->destroy(dd); + return status; +} /** @@ -347,11 +354,8 @@ static status_t save_key(private_rsa_public_key_t *this, char *file) */ static void destroy(private_rsa_public_key_t *this) { - if (this->is_key_set) - { - mpz_clear(this->n); - mpz_clear(this->e); - } + mpz_clear(this->n); + mpz_clear(this->e); allocator_free(this); } @@ -374,6 +378,8 @@ rsa_public_key_t *rsa_public_key_create() this->rsaep = rsaep; this->rsavp1 = rsaep; /* same algorithm */ + mpz_init(this->n); + mpz_init(this->e); this->is_key_set = FALSE; return &(this->public); diff --git a/Source/charon/utils/logger_manager.c b/Source/charon/utils/logger_manager.c index ad7a03164..05824e6bf 100644 --- a/Source/charon/utils/logger_manager.c +++ b/Source/charon/utils/logger_manager.c @@ -49,6 +49,8 @@ mapping_t logger_context_t_mappings[] = { {CONFIG, "CONFIG"}, {ENCRYPTION_PAYLOAD, "ENCRYPTION_PAYLOAD"}, {PAYLOAD, "PAYLOAD"}, + {DER_DECODER, "DER_DECODER"}, + {DER_ENCODER, "DER_ENCODER"}, {MAPPING_END, NULL}, }; @@ -75,6 +77,8 @@ struct { { "CONFG", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* CONFIG */ { "ENCPL", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* ENCRYPTION_PAYLOAD */ { "PAYLD", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* PAYLOAD */ + { "DERDC", ERROR|CONTROL|AUDIT|RAW|PRIVATE|LEVEL3, TRUE, NULL}, /* DER_DECODER */ + { "DEREC", ERROR|CONTROL|AUDIT|RAW|PRIVATE|LEVEL3, TRUE, NULL}, /* DER_ENCODER */ }; diff --git a/Source/charon/utils/logger_manager.h b/Source/charon/utils/logger_manager.h index 475fdc919..3614204ce 100644 --- a/Source/charon/utils/logger_manager.h +++ b/Source/charon/utils/logger_manager.h @@ -53,6 +53,8 @@ enum logger_context_t { CONFIG, ENCRYPTION_PAYLOAD, PAYLOAD, + DER_DECODER, + DER_ENCODER, LOGGER_CONTEXT_ROOF, }; |