From 3240cab9782f78a5c18395763012808d0c532f44 Mon Sep 17 00:00:00 2001 From: Martin Willi Date: Mon, 8 Jun 2009 11:45:32 +0200 Subject: [PATCH] gcrypt RSA public key implementation --- src/libstrongswan/plugins/gcrypt/Makefile.am | 1 + .../plugins/gcrypt/gcrypt_plugin.c | 5 + .../plugins/gcrypt/gcrypt_rsa_private_key.c | 13 +- .../plugins/gcrypt/gcrypt_rsa_public_key.c | 436 ++++++++++++++++++ .../plugins/gcrypt/gcrypt_rsa_public_key.h | 47 ++ 5 files changed, 498 insertions(+), 4 deletions(-) create mode 100644 src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c create mode 100644 src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am index cf251b83b..72cc409fc 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.am +++ b/src/libstrongswan/plugins/gcrypt/Makefile.am @@ -6,6 +6,7 @@ AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS) plugin_LTLIBRARIES = libstrongswan-gcrypt.la libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ + gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \ gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \ gcrypt_dh.h gcrypt_dh.c \ gcrypt_rng.h gcrypt_rng.c \ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index f1ccf0f65..18e26e769 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -20,6 +20,7 @@ #include "gcrypt_rng.h" #include "gcrypt_dh.h" #include "gcrypt_rsa_private_key.h" +#include "gcrypt_rsa_public_key.h" #include #include @@ -107,6 +108,8 @@ static void destroy(private_gcrypt_plugin_t *this) (dh_constructor_t)gcrypt_dh_create); lib->creds->remove_builder(lib->creds, (builder_constructor_t)gcrypt_rsa_private_key_builder); + lib->creds->remove_builder(lib->creds, + (builder_constructor_t)gcrypt_rsa_public_key_builder); free(this); } @@ -200,6 +203,8 @@ plugin_t *plugin_create() /* RSA */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, (builder_constructor_t)gcrypt_rsa_private_key_builder); + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + (builder_constructor_t)gcrypt_rsa_public_key_builder); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index 8a65eec99..4bca5a56a 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -55,10 +55,15 @@ struct private_gcrypt_rsa_private_key_t { refcount_t ref; }; +/** + * Implemented in gcrypt_rsa_public_key.c + */ +public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key); + /** * find a token in a S-expression */ -static chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name) +chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name) { gcry_sexp_t token; chunk_t data = chunk_empty; @@ -198,7 +203,7 @@ static identification_t* get_id(private_gcrypt_rsa_private_key_t *this, */ static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this) { - return NULL; + return gcrypt_rsa_public_key_create_from_sexp(this->key); } /** @@ -375,8 +380,8 @@ static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty() /** * build the keyids of a private/public key */ -static bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid, - identification_t **keyid_info) +bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid, + identification_t **keyid_info) { chunk_t publicKeyInfo, publicKey, hash; hasher_t *hasher; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c new file mode 100644 index 000000000..4c84ad632 --- /dev/null +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -0,0 +1,436 @@ +/* + * Copyright (C) 2005-2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include + +#include "gcrypt_rsa_public_key.h" + +#include +#include +#include +#include +#include +#include + +typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t; + +/** + * Private data structure with signing context. + */ +struct private_gcrypt_rsa_public_key_t { + + /** + * Public interface for this signer. + */ + gcrypt_rsa_public_key_t public; + + /** + * gcrypt S-expression representing an public RSA key + */ + gcry_sexp_t key; + + /** + * Keyid formed as a SHA-1 hash of a publicKey object + */ + identification_t* keyid; + + /** + * Keyid formed as a SHA-1 hash of a publicKeyInfo object + */ + identification_t* keyid_info; + + /** + * reference counter + */ + refcount_t ref; +}; + +/** + * Implemented in gcrypt_rsa_private_key.c + */ +chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name); +bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid, + identification_t **keyid_info); + +/** + * Verification of an EMPSA PKCS1 signature described in PKCS#1 + */ +static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, + hash_algorithm_t algorithm, char *hash_name, + chunk_t data, chunk_t signature) +{ + hasher_t *hasher; + chunk_t hash; + gcry_error_t err; + gcry_sexp_t in, sig; + + hasher = lib->crypto->create_hasher(lib->crypto, algorithm); + if (!hasher) + { + return FALSE; + } + hasher->allocate_hash(hasher, data, &hash); + hasher->destroy(hasher); + + err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", + hash_name, hash.len, hash.ptr); + chunk_free(&hash); + if (err) + { + DBG1("building data S-expression failed: %s", gpg_strerror(err)); + return FALSE; + } + + err = gcry_sexp_build(&sig, NULL, "(sig-val(rsa(s %b)))", + signature.len, signature.ptr); + if (err) + { + DBG1("building signature S-expression failed: %s", gpg_strerror(err)); + gcry_sexp_release(in); + return FALSE; + } + err = gcry_pk_verify(sig, in, this->key); + gcry_sexp_release(in); + gcry_sexp_release(sig); + if (err) + { + DBG1("RSA signature verification failed: %s", gpg_strerror(err)); + return FALSE; + } + return TRUE; +} + +/** + * Implementation of public_key_t.get_type. + */ +static key_type_t get_type(private_gcrypt_rsa_public_key_t *this) +{ + return KEY_RSA; +} + +/** + * Implementation of public_key_t.verify. + */ +static bool verify(private_gcrypt_rsa_public_key_t *this, + signature_scheme_t scheme, chunk_t data, chunk_t signature) +{ + switch (scheme) + { + case SIGN_RSA_EMSA_PKCS1_MD5: + return verify_pkcs1(this, HASH_MD5, "md5", data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA256: + return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA384: + return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA512: + return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature); + case SIGN_DEFAULT: + /* parsing hash OID currently not supported by gcrypt, fall */ + default: + DBG1("signature scheme %N not supported in RSA", + signature_scheme_names, scheme); + return FALSE; + } +} + +/** + * Implementation of public_key_t.get_keysize. + */ +static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t crypto, + chunk_t *plain) +{ + DBG1("RSA public key encryption not implemented"); + return FALSE; +} + +/** + * Implementation of gcrypt_rsa_public_key.equals. + */ +static bool equals(private_gcrypt_rsa_public_key_t *this, public_key_t *other) +{ + identification_t *keyid; + + if (&this->public.interface == other) + { + return TRUE; + } + if (other->get_type(other) != KEY_RSA) + { + return FALSE; + } + keyid = other->get_id(other, ID_PUBKEY_SHA1); + if (keyid && keyid->equals(keyid, this->keyid)) + { + return TRUE; + } + keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); + if (keyid && keyid->equals(keyid, this->keyid_info)) + { + return TRUE; + } + return FALSE; +} + +/** + * Implementation of public_key_t.get_keysize. + */ +static size_t get_keysize(private_gcrypt_rsa_public_key_t *this) +{ + return gcry_pk_get_nbits(this->key) / 8; +} + +/** + * Implementation of public_key_t.get_id. + */ +static identification_t *get_id(private_gcrypt_rsa_public_key_t *this, + id_type_t type) +{ + switch (type) + { + case ID_PUBKEY_INFO_SHA1: + return this->keyid_info; + case ID_PUBKEY_SHA1: + return this->keyid; + default: + return NULL; + } +} + +/* + * Implementation of public_key_t.get_encoding. + */ +static chunk_t get_encoding(private_gcrypt_rsa_public_key_t *this) +{ + return asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_INTEGER, "m", gcrypt_rsa_find_token(this->key, "n")), + asn1_wrap(ASN1_INTEGER, "m", gcrypt_rsa_find_token(this->key, "e"))); +} + +/** + * Implementation of public_key_t.get_ref. + */ +static public_key_t* get_ref(private_gcrypt_rsa_public_key_t *this) +{ + ref_get(&this->ref); + return &this->public.interface; +} + +/** + * Implementation of gcrypt_rsa_public_key.destroy. + */ +static void destroy(private_gcrypt_rsa_public_key_t *this) +{ + if (ref_put(&this->ref)) + { + DESTROY_IF(this->keyid); + DESTROY_IF(this->keyid_info); + gcry_sexp_release(this->key); + free(this); + } +} + +/** + * Generic private constructor + */ +static private_gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_create_empty() +{ + private_gcrypt_rsa_public_key_t *this = malloc_thing(private_gcrypt_rsa_public_key_t); + + this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; + this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; + this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; + this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; + this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; + this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id; + this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding; + this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; + this->public.interface.destroy = (void (*)(public_key_t *this))destroy; + + this->key = NULL; + this->keyid = NULL; + this->keyid_info = NULL; + this->ref = 1; + + return this; +} + +/** + * Create a public key from a S-expression, used in gcrypt_rsa_private_key + */ +public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key) +{ + private_gcrypt_rsa_public_key_t *this; + gcry_error_t err; + chunk_t n, e; + + this = gcrypt_rsa_public_key_create_empty(); + n = gcrypt_rsa_find_token(key, "n"); + e = gcrypt_rsa_find_token(key, "e"); + + err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))", + n.len, n.ptr, e.len, e.ptr); + chunk_free(&n); + chunk_free(&e); + if (err) + { + DBG1("loading public key failed: %s", gpg_strerror(err)); + free(this); + return NULL; + } + if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) + { + destroy(this); + return NULL; + } + return &this->public.interface; +} + +/** + * ASN.1 definition of RSApublicKey + */ +static const asn1Object_t pubkeyObjects[] = { + { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ + { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ + { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PUB_KEY_RSA_PUBLIC_KEY 0 +#define PUB_KEY_MODULUS 1 +#define PUB_KEY_EXPONENT 2 + +/** + * Load a public key from an ASN1 encoded blob + */ +static gcrypt_rsa_public_key_t *load(chunk_t blob) +{ + private_gcrypt_rsa_public_key_t *this; + asn1_parser_t *parser; + chunk_t object, n, e; + int objectID; + bool success = FALSE; + gcry_error_t err; + + parser = asn1_parser_create(pubkeyObjects, blob); + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PUB_KEY_MODULUS: + n = object; + break; + case PUB_KEY_EXPONENT: + e = object; + break; + } + } + success = parser->success(parser); + parser->destroy(parser); + + if (!success) + { + return NULL; + } + + this = gcrypt_rsa_public_key_create_empty(); + err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))", + n.len, n.ptr, e.len, e.ptr); + if (err) + { + DBG1("loading public key failed: %s", gpg_strerror(err)); + free(this); + return NULL; + } + if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) + { + destroy(this); + return NULL; + } + return &this->public; +} + +typedef struct private_builder_t private_builder_t; +/** + * Builder implementation for key loading + */ +struct private_builder_t { + /** implements the builder interface */ + builder_t public; + /** loaded public key */ + gcrypt_rsa_public_key_t *key; +}; + +/** + * Implementation of builder_t.build + */ +static gcrypt_rsa_public_key_t *build(private_builder_t *this) +{ + gcrypt_rsa_public_key_t *key = this->key; + + free(this); + return key; +} + +/** + * Implementation of builder_t.add + */ +static void add(private_builder_t *this, builder_part_t part, ...) +{ + if (!this->key) + { + va_list args; + + switch (part) + { + case BUILD_BLOB_ASN1_DER: + { + va_start(args, part); + this->key = load(va_arg(args, chunk_t)); + va_end(args); + return; + } + default: + break; + } + } + if (this->key) + { + destroy((private_gcrypt_rsa_public_key_t*)this->key); + } + builder_cancel(&this->public); +} + +/** + * Builder construction function + */ +builder_t *gcrypt_rsa_public_key_builder(key_type_t type) +{ + private_builder_t *this; + + if (type != KEY_RSA) + { + return NULL; + } + + this = malloc_thing(private_builder_t); + + this->key = NULL; + this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; + this->public.build = (void*(*)(builder_t *this))build; + + return &this->public; +} + diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h new file mode 100644 index 000000000..102547276 --- /dev/null +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2009 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See . + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup gcrypt_rsa_public_key gcrypt_rsa_public_key + * @{ @ingroup gcrypt_p + */ + +#ifndef GCRYPT_RSA_PUBLIC_KEY_H_ +#define GCRYPT_RSA_PUBLIC_KEY_H_ + +typedef struct gcrypt_rsa_public_key_t gcrypt_rsa_public_key_t; + +#include + +/** + * public_key_t implementation of RSA algorithm using libgcrypt. + */ +struct gcrypt_rsa_public_key_t { + + /** + * Implements the public_key_t interface + */ + public_key_t interface; +}; + +/** + * Create the builder for a public key. + * + * @param type type of the key, must be KEY_RSA + * @return builder instance + */ +builder_t *gcrypt_rsa_public_key_builder(key_type_t type); + +#endif /** GCRYPT_RSA_PUBLIC_KEY_H_ @}*/