ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

RSA with OpenSSL

This commit is contained in:
Tobias Brunner 2008-05-15 12:41:06 +00:00
parent 144274ab20
commit 84770ded1e
6 changed files with 966 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/libstrongswan/plugins/openssl/Makefile.am
View File

@ -8,7 +8,9 @@ plugin_LTLIBRARIES = libstrongswan-openssl.la
libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \
openssl_crypter.c openssl_crypter.h \
openssl_hasher.c openssl_hasher.h \
openssl_diffie_hellman.c openssl_diffie_hellman.h
openssl_diffie_hellman.c openssl_diffie_hellman.h \
openssl_rsa_private_key.c openssl_rsa_private_key.h \
openssl_rsa_public_key.c openssl_rsa_public_key.h
libstrongswan_openssl_la_LDFLAGS = -module
libstrongswan_openssl_la_LIBADD = -lssl

12
src/libstrongswan/plugins/openssl/openssl_plugin.c
View File

@ -23,6 +23,8 @@
#include "openssl_crypter.h"
#include "openssl_hasher.h"
#include "openssl_diffie_hellman.h"
#include "openssl_rsa_private_key.h"
#include "openssl_rsa_public_key.h"
typedef struct private_openssl_plugin_t private_openssl_plugin_t;
@ -48,6 +50,10 @@ static void destroy(private_openssl_plugin_t *this)
(hasher_constructor_t)openssl_hasher_create);
lib->crypto->remove_dh(lib->crypto,
(dh_constructor_t)openssl_diffie_hellman_create);
lib->creds->remove_builder(lib->creds,
(builder_constructor_t)openssl_rsa_private_key_builder);
lib->creds->remove_builder(lib->creds,
(builder_constructor_t)openssl_rsa_public_key_builder);
EVP_cleanup();
@ -115,5 +121,11 @@ plugin_t *plugin_create()
lib->crypto->add_dh(lib->crypto, MODP_8192_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
/* rsa */
lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
(builder_constructor_t)openssl_rsa_private_key_builder);
lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
(builder_constructor_t)openssl_rsa_public_key_builder);
return &this->public.plugin;
}

422
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c Normal file
View File

@ -0,0 +1,422 @@
/*
* Copyright (C) 2008 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* $Id$
*/
#include "openssl_rsa_private_key.h"
#include "openssl_rsa_public_key.h"
#include <debug.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
/**
* Public exponent to use for key generation.
*/
#define PUBLIC_EXPONENT 0x10001
typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t;
/**
* Private data of a openssl_rsa_private_key_t object.
*/
struct private_openssl_rsa_private_key_t {
/**
* Public interface for this signer.
*/
openssl_rsa_private_key_t public;
/**
* RSA object from OpenSSL
*/
RSA *rsa;
/**
* Keyid formed as a SHA-1 hash of a privateKey object
*/
identification_t* keyid;
/**
* Keyid formed as a SHA-1 hash of a privateKeyInfo object
*/
identification_t* keyid_info;
/**
* reference count
*/
refcount_t ref;
};
/**
* shared functions, implemented in openssl_rsa_public_key.c
*/
bool openssl_rsa_public_key_build_id(RSA *rsa, identification_t **keyid,
identification_t **keyid_info);
openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGNUM *e);
/**
* Build an EMPSA PKCS1 signature described in PKCS#1
*/
static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
int type, chunk_t data, chunk_t *signature)
{
bool success = FALSE;
const EVP_MD *hasher = EVP_get_digestbynid(type);
if (!hasher)
{
return FALSE;
}
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
EVP_PKEY *key = EVP_PKEY_new();
if (!ctx || !key)
{
goto error;
}
if (!EVP_PKEY_set1_RSA(key, this->rsa))
{
goto error;
}
if (!EVP_SignInit_ex(ctx, hasher, NULL))
{
goto error;
}
if (!EVP_SignUpdate(ctx, data.ptr, data.len))
{
goto error;
}
*signature = chunk_alloc(RSA_size(this->rsa));
if (!EVP_SignFinal(ctx, signature->ptr, &signature->len, key))
{
goto error;
}
success = TRUE;
error:
if (key)
{
EVP_PKEY_free(key);
}
if (ctx)
{
EVP_MD_CTX_destroy(ctx);
}
return success;
}
/**
* Implementation of openssl_rsa_private_key.destroy.
*/
static key_type_t get_type(private_openssl_rsa_private_key_t *this)
{
return KEY_RSA;
}
/**
* Implementation of openssl_rsa_private_key.destroy.
*/
static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
chunk_t data, chunk_t *signature)
{
switch (scheme)
{
case SIGN_DEFAULT:
/* default is EMSA-PKCS1 using SHA1 */
case SIGN_RSA_EMSA_PKCS1_SHA1:
return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA256:
return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA384:
return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA512:
return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return build_emsa_pkcs1_signature(this, NID_md5, data, signature);
default:
DBG1("signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
return FALSE;
}
}
/**
* Implementation of openssl_rsa_private_key.destroy.
*/
static bool decrypt(private_openssl_rsa_private_key_t *this,
chunk_t crypto, chunk_t *plain)
{
DBG1("RSA private key decryption not implemented");
return FALSE;
}
/**
* Implementation of openssl_rsa_private_key.destroy.
*/
static size_t get_keysize(private_openssl_rsa_private_key_t *this)
{
return RSA_size(this->rsa);
}
/**
* Implementation of openssl_rsa_private_key.destroy.
*/
static identification_t* get_id(private_openssl_rsa_private_key_t *this,
id_type_t type)
{
switch (type)
{
case ID_PUBKEY_INFO_SHA1:
return this->keyid_info;
case ID_PUBKEY_SHA1:
return this->keyid;
default:
return NULL;
}
}
/**
* Implementation of openssl_rsa_private_key.destroy.
*/
static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
{
return openssl_rsa_public_key_create_from_n_e(this->rsa->n, this->rsa->e);
}
/**
* Implementation of openssl_rsa_private_key.destroy.
*/
static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *public)
{
identification_t *keyid;
if (public->get_type(public) != KEY_RSA)
{
return FALSE;
}
keyid = public->get_id(public, ID_PUBKEY_SHA1);
if (keyid && keyid->equals(keyid, this->keyid))
{
return TRUE;
}
keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
if (keyid && keyid->equals(keyid, this->keyid_info))
{
return TRUE;
}
return FALSE;
}
/**
* Implementation of private_key_t.get_encoding.
*/
static chunk_t get_encoding(private_openssl_rsa_private_key_t *this)
{
chunk_t enc = chunk_alloc(i2d_RSAPrivateKey(this->rsa, NULL));
u_char *p = enc.ptr;
i2d_RSAPrivateKey(this->rsa, &p);
return enc;
}
/**
* Implementation of openssl_rsa_private_key.destroy.
*/
static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this)
{
ref_get(&this->ref);
return this;
}
/**
* Implementation of openssl_rsa_private_key.destroy.
*/
static void destroy(private_openssl_rsa_private_key_t *this)
{
if (ref_put(&this->ref))
{
if (this->rsa)
{
RSA_free(this->rsa);
}
DESTROY_IF(this->keyid);
DESTROY_IF(this->keyid_info);
free(this);
}
}
/**
* Internal generic constructor
*/
static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(void)
{
private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t);
this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
this->keyid = NULL;
this->keyid_info = NULL;
this->ref = 1;
return this;
}
/**
* Generate an RSA key of specified key size
*/
static openssl_rsa_private_key_t *generate(size_t key_size)
{
private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty();
this->rsa = RSA_generate_key(key_size, PUBLIC_EXPONENT, NULL, NULL);
if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
{
destroy(this);
return NULL;
}
return &this->public;
}
/**
* load private key from an ASN1 encoded blob
*/
static openssl_rsa_private_key_t *load(chunk_t blob)
{
u_char *p = blob.ptr;
private_openssl_rsa_private_key_t *this = openssl_rsa_private_key_create_empty();
this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&p, blob.len);
chunk_clear(&blob);
if (!this->rsa)
{
destroy(this);
return NULL;
}
if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
{
destroy(this);
return NULL;
}
if (!RSA_check_key(this->rsa))
{
destroy(this);
return NULL;
}
return &this->public;
}
typedef struct private_builder_t private_builder_t;
/**
* Builder implementation for key loading/generation
*/
struct private_builder_t {
/** implements the builder interface */
builder_t public;
/** loaded/generated private key */
openssl_rsa_private_key_t *key;
};
/**
* Implementation of builder_t.build
*/
static openssl_rsa_private_key_t *build(private_builder_t *this)
{
openssl_rsa_private_key_t *key = this->key;
free(this);
return key;
}
/**
* Implementation of builder_t.add
*/
static void add(private_builder_t *this, builder_part_t part, ...)
{
va_list args;
if (this->key)
{
DBG1("ignoring surplus build part %N", builder_part_names, part);
return;
}
switch (part)
{
case BUILD_BLOB_ASN1_DER:
{
va_start(args, part);
this->key = load(va_arg(args, chunk_t));
va_end(args);
break;
}
case BUILD_KEY_SIZE:
{
va_start(args, part);
this->key = generate(va_arg(args, u_int));
va_end(args);
break;
}
default:
DBG1("ignoring unsupported build part %N", builder_part_names, part);
break;
}
}
/**
* Builder construction function
*/
builder_t *openssl_rsa_private_key_builder(key_type_t type)
{
private_builder_t *this;
if (type != KEY_RSA)
{
return NULL;
}
this = malloc_thing(private_builder_t);
this->key = NULL;
this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
this->public.build = (void*(*)(builder_t *this))build;
return &this->public;
}

47
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright (C) 2008 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
/**
* @defgroup openssl_rsa_private_key openssl_rsa_private_key
* @{ @ingroup openssl_p
*/
#ifndef OPENSSL_RSA_PRIVATE_KEY_H_
#define OPENSSL_RSA_PRIVATE_KEY_H_
#include <credentials/keys/private_key.h>
typedef struct openssl_rsa_private_key_t openssl_rsa_private_key_t;
/**
* private_key_t implementation of RSA algorithm using OpenSSL.
*/
struct openssl_rsa_private_key_t {
/**
* Implements private_key_t interface
*/
private_key_t interface;
};
/**
* Create the builder for a private key.
*
* @param type type of the key, must be KEY_RSA
* @return builder instance
*/
builder_t *openssl_rsa_private_key_builder(key_type_t type);
#endif /*OPENSSL_RSA_PRIVATE_KEY_H_ @}*/

433
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c Normal file
View File

@ -0,0 +1,433 @@
/*
* Copyright (C) 2008 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* $Id$
*/
#include "openssl_rsa_public_key.h"
#include <debug.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
typedef struct private_openssl_rsa_public_key_t private_openssl_rsa_public_key_t;
/**
* Private data structure with signing context.
*/
struct private_openssl_rsa_public_key_t {
/**
* Public interface for this signer.
*/
openssl_rsa_public_key_t public;
/**
* RSA object from OpenSSL
*/
RSA *rsa;
/**
* Keyid formed as a SHA-1 hash of a publicKeyInfo object
*/
identification_t *keyid_info;
/**
* Keyid formed as a SHA-1 hash of a publicKey object
*/
identification_t *keyid;
/**
* reference counter
*/
refcount_t ref;
};
/**
* Verification of an EMPSA PKCS1 signature described in PKCS#1
*/
static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
int type, chunk_t data, chunk_t signature)
{
bool valid = FALSE;
const EVP_MD *hasher = EVP_get_digestbynid(type);
if (!hasher)
{
return FALSE;
}
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
EVP_PKEY *key = EVP_PKEY_new();
if (!ctx || !key)
{
goto error;
}
if (!EVP_PKEY_set1_RSA(key, this->rsa))
{
goto error;
}
if (!EVP_VerifyInit_ex(ctx, hasher, NULL))
{
goto error;
}
if (!EVP_VerifyUpdate(ctx, data.ptr, data.len))
{
goto error;
}
/* remove any preceding 0-bytes from signature */
while (signature.len && *(signature.ptr) == 0x00)
{
signature.len -= 1;
signature.ptr++;
}
valid = (EVP_VerifyFinal(ctx, signature.ptr, signature.len, key) == 1);
error:
if (key)
{
EVP_PKEY_free(key);
}
if (ctx)
{
EVP_MD_CTX_destroy(ctx);
}
return valid;
}
/**
* Implementation of public_key_t.get_type.
*/
static key_type_t get_type(private_openssl_rsa_public_key_t *this)
{
return KEY_RSA;
}
/**
* Implementation of public_key_t.verify.
*/
static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t scheme,
chunk_t data, chunk_t signature)
{
switch (scheme)
{
case SIGN_DEFAULT:
/* default is EMSA-PKCS1 using SHA1 */
case SIGN_RSA_EMSA_PKCS1_SHA1:
return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA256:
return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA384:
return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA512:
return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return verify_emsa_pkcs1_signature(this, NID_md5, data, signature);
default:
DBG1("signature scheme %N not supported in RSA",
signature_scheme_names, scheme);
return FALSE;
}
}
/**
* Implementation of public_key_t.get_keysize.
*/
static bool encrypt(private_openssl_rsa_public_key_t *this, chunk_t crypto, chunk_t *plain)
{
DBG1("RSA public key encryption not implemented");
return FALSE;
}
/**
* Implementation of public_key_t.get_keysize.
*/
static size_t get_keysize(private_openssl_rsa_public_key_t *this)
{
return RSA_size(this->rsa);
}
/**
* Implementation of public_key_t.get_id.
*/
static identification_t *get_id(private_openssl_rsa_public_key_t *this,
id_type_t type)
{
switch (type)
{
case ID_PUBKEY_INFO_SHA1:
return this->keyid_info;
case ID_PUBKEY_SHA1:
return this->keyid;
default:
return NULL;
}
}
/**
* Encodes the public key
*/
static chunk_t get_encoding_raw(RSA *rsa)
{
chunk_t enc = chunk_alloc(i2d_RSAPublicKey(rsa, NULL));
u_char *p = enc.ptr;
i2d_RSAPublicKey(rsa, &p);
return enc;
}
/**
* Encodes the public key with the algorithm used
*/
static chunk_t get_encoding_with_algo(RSA *rsa)
{
u_char *p;
chunk_t enc;
X509_PUBKEY *pubkey = X509_PUBKEY_new();
ASN1_OBJECT_free(pubkey->algor->algorithm);
pubkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
if (pubkey->algor->parameter == NULL ||
pubkey->algor->parameter->type != V_ASN1_NULL)
{
ASN1_TYPE_free(pubkey->algor->parameter);
pubkey->algor->parameter = ASN1_TYPE_new();
pubkey->algor->parameter->type = V_ASN1_NULL;
}
enc = get_encoding_raw(rsa);
M_ASN1_BIT_STRING_set(pubkey->public_key, enc.ptr, enc.len);
chunk_free(&enc);
enc = chunk_alloc(i2d_X509_PUBKEY(pubkey, NULL));
p = enc.ptr;
i2d_X509_PUBKEY(pubkey, &p);
X509_PUBKEY_free(pubkey);
return enc;
}
/*
* Implementation of public_key_t.get_encoding.
*/
static chunk_t get_encoding(private_openssl_rsa_public_key_t *this)
{
return get_encoding_raw(this->rsa);
}
/**
* Implementation of public_key_t.get_ref.
*/
static private_openssl_rsa_public_key_t* get_ref(private_openssl_rsa_public_key_t *this)
{
ref_get(&this->ref);
return this;
}
/**
* Implementation of openssl_rsa_public_key.destroy.
*/
static void destroy(private_openssl_rsa_public_key_t *this)
{
if (ref_put(&this->ref))
{
if (this->rsa)
{
RSA_free(this->rsa);
}
DESTROY_IF(this->keyid);
DESTROY_IF(this->keyid_info);
free(this);
}
}
/**
* Generic private constructor
*/
static private_openssl_rsa_public_key_t *openssl_rsa_public_key_create_empty()
{
private_openssl_rsa_public_key_t *this = malloc_thing(private_openssl_rsa_public_key_t);
this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt;
this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
this->keyid = NULL;
this->keyid_info = NULL;
this->ref = 1;
return this;
}
/**
* Build the RSA key identifier from n and e using SHA1 hashed publicKey(Info).
* Also used in openssl_rsa_private_key.c.
*/
bool openssl_rsa_public_key_build_id(RSA *rsa, identification_t **keyid,
identification_t **keyid_info)
{
chunk_t publicKeyInfo, publicKey, hash;
hasher_t *hasher;
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (hasher == NULL)
{
DBG1("SHA1 hash algorithm not supported, unable to use RSA");
return FALSE;
}
publicKey = get_encoding_raw(rsa);
hasher->allocate_hash(hasher, publicKey, &hash);
*keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
chunk_free(&hash);
publicKeyInfo = get_encoding_with_algo(rsa);
hasher->allocate_hash(hasher, publicKeyInfo, &hash);
*keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash);
chunk_free(&hash);
hasher->destroy(hasher);
chunk_free(&publicKeyInfo);
chunk_free(&publicKey);
return TRUE;
}
/**
* Create a public key from BIGNUM values, used in openssl_rsa_private_key.c
*/
openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGNUM *e)
{
private_openssl_rsa_public_key_t *this = openssl_rsa_public_key_create_empty();
this->rsa = RSA_new();
this->rsa->n = BN_dup(n);
this->rsa->e = BN_dup(e);
if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
{
destroy(this);
return NULL;
}
return &this->public;
}
/**
* Load a public key from an ASN1 encoded blob
*/
static openssl_rsa_public_key_t *load(chunk_t blob)
{
u_char *p = blob.ptr;
private_openssl_rsa_public_key_t *this = openssl_rsa_public_key_create_empty();
this->rsa = d2i_RSAPublicKey(NULL, (const u_char**)&p, blob.len);
chunk_clear(&blob);
if (!this->rsa)
{
destroy(this);
return NULL;
}
if (!openssl_rsa_public_key_build_id(this->rsa, &this->keyid, &this->keyid_info))
{
destroy(this);
return NULL;
}
return &this->public;
}
typedef struct private_builder_t private_builder_t;
/**
* Builder implementation for key loading
*/
struct private_builder_t {
/** implements the builder interface */
builder_t public;
/** loaded public key */
openssl_rsa_public_key_t *key;
};
/**
* Implementation of builder_t.build
*/
static openssl_rsa_public_key_t *build(private_builder_t *this)
{
openssl_rsa_public_key_t *key = this->key;
free(this);
return key;
}
/**
* Implementation of builder_t.add
*/
static void add(private_builder_t *this, builder_part_t part, ...)
{
va_list args;
if (this->key)
{
DBG1("ignoring surplus build part %N", builder_part_names, part);
return;
}
switch (part)
{
case BUILD_BLOB_ASN1_DER:
{
va_start(args, part);
this->key = load(va_arg(args, chunk_t));
va_end(args);
break;
}
default:
DBG1("ignoring unsupported build part %N", builder_part_names, part);
break;
}
}
/**
* Builder construction function
*/
builder_t *openssl_rsa_public_key_builder(key_type_t type)
{
private_builder_t *this;
if (type != KEY_RSA)
{
return NULL;
}
this = malloc_thing(private_builder_t);
this->key = NULL;
this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
this->public.build = (void*(*)(builder_t *this))build;
return &this->public;
}

49
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h Normal file
View File

@ -0,0 +1,49 @@
/*
* Copyright (C) 2008 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*
* $Id$
*/
/**
* @defgroup openssl_rsa_public_key openssl_rsa_public_key
* @{ @ingroup openssl_p
*/
#ifndef OPENSSL_RSA_PUBLIC_KEY_H_
#define OPENSSL_RSA_PUBLIC_KEY_H_
typedef struct openssl_rsa_public_key_t openssl_rsa_public_key_t;
#include <credentials/keys/public_key.h>
/**
* public_key_t implementation of RSA algorithm using libgmp.
*/
struct openssl_rsa_public_key_t {
/**
* Implements the public_key_t interface
*/
public_key_t interface;
};
/**
* Create the builder for a public key.
*
* @param type type of the key, must be KEY_RSA
* @return builder instance
*/
builder_t *openssl_rsa_public_key_builder(key_type_t type);
#endif /*OPENSSL_RSA_PUBLIC_KEY_H_ @}*/