- starter work on asn1 with der de/encoder
- RSA private and public key can load read key from ASN1 DER - some other fixes here and there
This commit is contained in:
parent
dec598220b
commit
9c781c152a
|
@ -52,6 +52,7 @@ include $(MAIN_DIR)sa/Makefile.sa
|
|||
include $(MAIN_DIR)threads/Makefile.threads
|
||||
include $(MAIN_DIR)transforms/Makefile.transforms
|
||||
include $(MAIN_DIR)utils/Makefile.utils
|
||||
include $(MAIN_DIR)asn1/Makefile.asn1
|
||||
|
||||
|
||||
build_dir:
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
# Copyright (C) 2005 Jan Hutter, Martin Willi
|
||||
# Hochschule fuer Technik Rapperswil
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License as published by the
|
||||
# Free Software Foundation; either version 2 of the License, or (at your
|
||||
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but
|
||||
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
# for more details.
|
||||
#
|
||||
|
||||
ASN1_DIR= $(MAIN_DIR)asn1/
|
||||
|
||||
|
||||
OBJS+= $(BUILD_DIR)asn1.o
|
||||
$(BUILD_DIR)asn1.o : $(ASN1_DIR)asn1.c $(ASN1_DIR)asn1.h
|
||||
$(CC) $(CFLAGS) -c -o $@ $<
|
||||
|
||||
OBJS+= $(BUILD_DIR)der_decoder.o
|
||||
$(BUILD_DIR)der_decoder.o : $(ASN1_DIR)der_decoder.c $(ASN1_DIR)der_decoder.h
|
||||
$(CC) $(CFLAGS) -c -o $@ $<
|
|
@ -0,0 +1,60 @@
|
|||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#include "asn1.h"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
mapping_t asn1_type_m[] = {
|
||||
{ASN1_END, "ASN1_END"},
|
||||
{ASN1_BOOLEAN, "ASN1_BOOLEAN"},
|
||||
{ASN1_INTEGER, "ASN1_INTEGER"},
|
||||
{ASN1_BIT_STRING, "ASN1_BIT_STRING"},
|
||||
{ASN1_OCTET_STRING, "ASN1_OCTET_STRING"},
|
||||
{ASN1_NULL, "ASN1_NULL"},
|
||||
{ASN1_OID, "ASN1_OID"},
|
||||
{ASN1_ENUMERATED, "ASN1_ENUMERATED"},
|
||||
{ASN1_UTF8STRING, "ASN1_UTF8STRING"},
|
||||
{ASN1_NUMERICSTRING, "ASN1_NUMERICSTRING"},
|
||||
{ASN1_PRINTABLESTRING, "ASN1_PRINTABLESTRING"},
|
||||
{ASN1_T61STRING, "ASN1_T61STRING"},
|
||||
{ASN1_VIDEOTEXSTRING, "ASN1_VIDEOTEXSTRING"},
|
||||
{ASN1_IA5STRING, "ASN1_IA5STRING"},
|
||||
{ASN1_UTCTIME, "ASN1_UTCTIME"},
|
||||
{ASN1_GENERALIZEDTIME, "ASN1_GENERALIZEDTIME"},
|
||||
{ASN1_GRAPHICSTRING, "ASN1_GRAPHICSTRING"},
|
||||
{ASN1_VISIBLESTRING, "ASN1_VISIBLESTRING"},
|
||||
{ASN1_GENERALSTRING, "ASN1_GENERALSTRING"},
|
||||
{ASN1_UNIVERSALSTRING, "ASN1_UNIVERSALSTRING"},
|
||||
{ASN1_BMPSTRING, "ASN1_BMPSTRING"},
|
||||
{ASN1_CONSTRUCTED, "ASN1_CONSTRUCTED"},
|
||||
{ASN1_SEQUENCE, "ASN1_SEQUENCE"},
|
||||
{ASN1_SET, "ASN1_SET"},
|
||||
{ASN1_TAG_E_0, "ASN1_TAG_E_0"},
|
||||
{ASN1_TAG_E_1, "ASN1_TAG_E_1"},
|
||||
{ASN1_TAG_E_2, "ASN1_TAG_E_2"},
|
||||
{ASN1_TAG_E_3, "ASN1_TAG_E_3"},
|
||||
{ASN1_TAG_E_4, "ASN1_TAG_E_4"},
|
||||
{ASN1_TAG_E_5, "ASN1_TAG_E_5"},
|
||||
{ASN1_TAG_E_6, "ASN1_TAG_E_6"},
|
||||
{ASN1_TAG_E_7, "ASN1_TAG_E_7"},
|
||||
{ASN1_TAG_I_1, "ASN1_TAG_I_1"},
|
||||
{ASN1_TAG_I_2, "ASN1_TAG_I_2"},
|
||||
{ASN1_TAG_I_3, "ASN1_TAG_I_3"},
|
||||
{ASN1_TAG_I_4, "ASN1_TAG_I_4"},
|
||||
{ASN1_TAG_I_5, "ASN1_TAG_I_5"},
|
||||
{ASN1_TAG_I_6, "ASN1_TAG_I_6"},
|
||||
{ASN1_TAG_I_7, "ASN1_TAG_I_7"},
|
||||
};
|
||||
|
||||
mapping_t asn1_flag_m[] = {
|
||||
{ASN1_OPTIONAL, "ASN1_OPTIONAL"},
|
||||
{ASN1_DEFAULT, "ASN1_DEFAULT"},
|
||||
{ASN1_MPZ, "ASN1_MPZ"},
|
||||
{ASN1_OF, "ASN1_OF"},
|
||||
};
|
|
@ -0,0 +1,116 @@
|
|||
/**
|
||||
* @file asn1.h
|
||||
*
|
||||
* @brief Definition of asn1_type_t and asn1_rule_t.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2006 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#ifndef ASN1_H_
|
||||
#define ASN1_H_
|
||||
|
||||
#include <types.h>
|
||||
|
||||
typedef enum asn1_type_t asn1_type_t;
|
||||
|
||||
enum asn1_type_t {
|
||||
ASN1_END = 0x00,
|
||||
ASN1_BOOLEAN = 0x01,
|
||||
ASN1_INTEGER = 0x02,
|
||||
ASN1_BIT_STRING = 0x03,
|
||||
ASN1_OCTET_STRING = 0x04,
|
||||
ASN1_NULL = 0x05,
|
||||
ASN1_OID = 0x06,
|
||||
ASN1_ENUMERATED = 0x0A,
|
||||
ASN1_UTF8STRING = 0x0C,
|
||||
ASN1_NUMERICSTRING = 0x12,
|
||||
ASN1_PRINTABLESTRING = 0x13,
|
||||
ASN1_T61STRING = 0x14,
|
||||
ASN1_VIDEOTEXSTRING = 0x15,
|
||||
ASN1_IA5STRING = 0x16,
|
||||
ASN1_UTCTIME = 0x17,
|
||||
ASN1_GENERALIZEDTIME = 0x18,
|
||||
ASN1_GRAPHICSTRING = 0x19,
|
||||
ASN1_VISIBLESTRING = 0x1A,
|
||||
ASN1_GENERALSTRING = 0x1B,
|
||||
ASN1_UNIVERSALSTRING = 0x1C,
|
||||
ASN1_BMPSTRING = 0x1E,
|
||||
ASN1_CONSTRUCTED = 0x20,
|
||||
ASN1_SEQUENCE = 0x30,
|
||||
ASN1_SET = 0x31,
|
||||
ASN1_TAG_E_0 = 0xA0,
|
||||
ASN1_TAG_E_1 = 0xA1,
|
||||
ASN1_TAG_E_2 = 0xA2,
|
||||
ASN1_TAG_E_3 = 0xA3,
|
||||
ASN1_TAG_E_4 = 0xA4,
|
||||
ASN1_TAG_E_5 = 0xA5,
|
||||
ASN1_TAG_E_6 = 0xA6,
|
||||
ASN1_TAG_E_7 = 0xA7,
|
||||
ASN1_TAG_I_1 = 0x81,
|
||||
ASN1_TAG_I_2 = 0x82,
|
||||
ASN1_TAG_I_3 = 0x83,
|
||||
ASN1_TAG_I_4 = 0x84,
|
||||
ASN1_TAG_I_5 = 0x85,
|
||||
ASN1_TAG_I_6 = 0x86,
|
||||
ASN1_TAG_I_7 = 0x87,
|
||||
};
|
||||
|
||||
extern mapping_t asn1_type_m[];
|
||||
|
||||
typedef enum asn1_flag_t asn1_flag_t;
|
||||
|
||||
enum asn1_flag_t {
|
||||
ASN1_OPTIONAL = 0x01,
|
||||
ASN1_DEFAULT = 0x02,
|
||||
ASN1_MPZ = 0x04,
|
||||
ASN1_OF = 0x08,
|
||||
};
|
||||
|
||||
extern mapping_t asn1_flag_m[];
|
||||
|
||||
|
||||
typedef struct asn1_rule_t asn1_rule_t;
|
||||
|
||||
struct asn1_rule_t {
|
||||
/**
|
||||
* ASN1 type
|
||||
*/
|
||||
asn1_type_t type;
|
||||
/**
|
||||
* implicit or explicit tag, if any
|
||||
*/
|
||||
asn1_flag_t flags;
|
||||
/**
|
||||
* offset of data in structure
|
||||
*/
|
||||
u_int data_offset;
|
||||
// union {
|
||||
/**
|
||||
* offset to a boolean, which says if optional
|
||||
* data is available at data_offset. Used if
|
||||
* flags & ASN1_OPTIONAL.
|
||||
*/
|
||||
// u_int available_offset;
|
||||
/**
|
||||
* default value, used if flags & ASN1_DEFAULT
|
||||
*/
|
||||
u_int default_value;
|
||||
// };
|
||||
};
|
||||
|
||||
|
||||
#endif /* ASN1_H_ */
|
|
@ -0,0 +1,218 @@
|
|||
/**
|
||||
* @file der_decoder.c
|
||||
*
|
||||
* @brief Implementation of der_decoder_t.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2005 Jan Hutter, Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <gmp.h>
|
||||
|
||||
#include "der_decoder.h"
|
||||
|
||||
#include <utils/allocator.h>
|
||||
#include <daemon.h>
|
||||
|
||||
|
||||
|
||||
typedef struct private_der_decoder_t private_der_decoder_t;
|
||||
|
||||
/**
|
||||
* Private data of a der_decoder_t object.
|
||||
*/
|
||||
struct private_der_decoder_t {
|
||||
/**
|
||||
* Public interface for this signer.
|
||||
*/
|
||||
der_decoder_t public;
|
||||
|
||||
asn1_rule_t *rule;
|
||||
|
||||
asn1_rule_t *first_rule;
|
||||
|
||||
void *output;
|
||||
|
||||
logger_t *logger;
|
||||
};
|
||||
|
||||
status_t read_hdr(private_der_decoder_t *this, chunk_t *data);
|
||||
|
||||
status_t read_sequence(private_der_decoder_t *this, chunk_t data)
|
||||
{
|
||||
while (this->rule->type != ASN1_END)
|
||||
{
|
||||
read_hdr(this, &data);
|
||||
}
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
status_t read_int(private_der_decoder_t *this, chunk_t data)
|
||||
{
|
||||
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER", data);
|
||||
u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset);
|
||||
|
||||
*integ = 0;
|
||||
while (data.len-- > 0)
|
||||
{
|
||||
*integ = 256 * (*integ) + *data.ptr++;
|
||||
}
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
status_t read_mpz(private_der_decoder_t *this, chunk_t data)
|
||||
{
|
||||
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER as mpz", data);
|
||||
mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset);
|
||||
|
||||
mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr);
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
u_int32_t read_length(chunk_t *data)
|
||||
{
|
||||
u_int8_t n;
|
||||
size_t len;
|
||||
|
||||
/* read first octet of length field */
|
||||
n = *data->ptr++;
|
||||
|
||||
if ((n & 0x80) == 0)
|
||||
{
|
||||
/* single length octet */
|
||||
return n;
|
||||
}
|
||||
|
||||
/* composite length, determine number of length octets */
|
||||
n &= 0x7f;
|
||||
|
||||
if (n > data->len)
|
||||
{
|
||||
/* length longer than available bytes */
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (n > sizeof(len))
|
||||
{
|
||||
/* larger than size_t can hold */
|
||||
return -1;
|
||||
}
|
||||
|
||||
len = 0;
|
||||
while (n-- > 0)
|
||||
{
|
||||
len = 256 * len + *data->ptr++;
|
||||
}
|
||||
return len;
|
||||
}
|
||||
|
||||
status_t read_hdr(private_der_decoder_t *this, chunk_t *data)
|
||||
{
|
||||
chunk_t inner;
|
||||
|
||||
/* advance to the next rule */
|
||||
this->rule++;
|
||||
|
||||
if (this->rule->type == ASN1_END)
|
||||
{
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "reading header of rule %s",
|
||||
mapping_find(asn1_type_m, this->rule->type));
|
||||
|
||||
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "reading from:", *data);
|
||||
|
||||
/* read type, advance in data */
|
||||
if (*(data->ptr) != this->rule->type)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found (%x)", *data->ptr);
|
||||
return PARSE_ERROR;
|
||||
}
|
||||
data->ptr++;
|
||||
data->len--;
|
||||
|
||||
/* read length, advance in data */
|
||||
inner.len = read_length(data);
|
||||
if (inner.len == -1)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length");
|
||||
return PARSE_ERROR;
|
||||
}
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d",
|
||||
inner.len);
|
||||
inner.ptr = data->ptr;
|
||||
|
||||
/* advance in data */
|
||||
data->ptr += inner.len;
|
||||
data->len -= inner.len;
|
||||
|
||||
/* process inner */
|
||||
switch (this->rule->type)
|
||||
{
|
||||
case ASN1_INTEGER:
|
||||
if (this->rule->flags & ASN1_MPZ)
|
||||
{
|
||||
read_mpz(this, inner);
|
||||
}
|
||||
else
|
||||
{
|
||||
read_int(this, inner);
|
||||
}
|
||||
break;
|
||||
case ASN1_SEQUENCE:
|
||||
read_sequence(this, inner);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
||||
status_t decode(private_der_decoder_t *this, chunk_t input, void *output)
|
||||
{
|
||||
this->rule = this->first_rule - 1;
|
||||
this->output = output;
|
||||
return read_hdr(this, &input);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of der_decoder.destroy.
|
||||
*/
|
||||
static void destroy(private_der_decoder_t *this)
|
||||
{
|
||||
allocator_free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
der_decoder_t *der_decoder_create(asn1_rule_t *rules)
|
||||
{
|
||||
private_der_decoder_t *this = allocator_alloc_thing(private_der_decoder_t);
|
||||
|
||||
/* public functions */
|
||||
this->public.decode = (status_t (*) (der_decoder_t*,chunk_t,void*))decode;
|
||||
this->public.destroy = (void (*) (der_decoder_t*))destroy;
|
||||
|
||||
this->first_rule = rules;
|
||||
this->logger = charon->logger_manager->get_logger(charon->logger_manager, DER_DECODER);
|
||||
|
||||
return &(this->public);
|
||||
}
|
|
@ -0,0 +1,61 @@
|
|||
/**
|
||||
* @file der_decoder.h
|
||||
*
|
||||
* @brief Interface of der_decoder_t.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2006 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#ifndef DER_DECODER_H_
|
||||
#define DER_DECODER_H_
|
||||
|
||||
#include <types.h>
|
||||
#include <asn1/asn1.h>
|
||||
|
||||
typedef struct der_decoder_t der_decoder_t;
|
||||
|
||||
/**
|
||||
* @brief Decode der_encoded bytes to usable structures.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - der_decoder_create()
|
||||
*
|
||||
* @ingroup asn1
|
||||
*/
|
||||
struct der_decoder_t {
|
||||
|
||||
status_t (*decode) (der_decoder_t *this, chunk_t input, void *output);
|
||||
|
||||
/**
|
||||
* @brief Destroys a der_decoder object.
|
||||
*
|
||||
* @param der_decoder calling object
|
||||
*/
|
||||
void (*destroy) (der_decoder_t *this);
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* @brief Create a der_decoder instance.
|
||||
*
|
||||
* @return der_decoder_t object
|
||||
*
|
||||
* @ingroup ans1
|
||||
*/
|
||||
der_decoder_t * der_decoder_create(asn1_rule_t* rules);
|
||||
|
||||
#endif /* DER_DECODER_H_ */
|
|
@ -0,0 +1,218 @@
|
|||
/**
|
||||
* @file der_encoder.c
|
||||
*
|
||||
* @brief Implementation of der_encoder_t.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2005 Jan Hutter, Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <gmp.h>
|
||||
|
||||
#include "der_encoder.h"
|
||||
|
||||
#include <utils/allocator.h>
|
||||
#include <daemon.h>
|
||||
|
||||
|
||||
|
||||
typedef struct private_der_encoder_t private_der_encoder_t;
|
||||
|
||||
/**
|
||||
* Private data of a der_encoder_t object.
|
||||
*/
|
||||
struct private_der_encoder_t {
|
||||
/**
|
||||
* Public interface for this signer.
|
||||
*/
|
||||
der_encoder_t public;
|
||||
|
||||
asn1_rule_t *rule;
|
||||
|
||||
asn1_rule_t *first_rule;
|
||||
|
||||
void *output;
|
||||
|
||||
logger_t *logger;
|
||||
};
|
||||
|
||||
status_t read_hdr(private_der_encoder_t *this, chunk_t *data);
|
||||
|
||||
status_t read_sequence(private_der_encoder_t *this, chunk_t data)
|
||||
{
|
||||
while (this->rule->type != ASN1_END)
|
||||
{
|
||||
read_hdr(this, &data);
|
||||
}
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
status_t read_int(private_der_encoder_t *this, chunk_t data)
|
||||
{
|
||||
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER", data);
|
||||
u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset);
|
||||
|
||||
*integ = 0;
|
||||
while (data.len-- > 0)
|
||||
{
|
||||
*integ = 256 * (*integ) + *data.ptr++;
|
||||
}
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
status_t read_mpz(private_der_encoder_t *this, chunk_t data)
|
||||
{
|
||||
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER as mpz", data);
|
||||
mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset);
|
||||
|
||||
mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr);
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
u_int32_t read_length(chunk_t *data)
|
||||
{
|
||||
u_int8_t n;
|
||||
size_t len;
|
||||
|
||||
/* read first octet of length field */
|
||||
n = *data->ptr++;
|
||||
|
||||
if ((n & 0x80) == 0)
|
||||
{
|
||||
/* single length octet */
|
||||
return n;
|
||||
}
|
||||
|
||||
/* composite length, determine number of length octets */
|
||||
n &= 0x7f;
|
||||
|
||||
if (n > data->len)
|
||||
{
|
||||
/* length longer than available bytes */
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (n > sizeof(len))
|
||||
{
|
||||
/* larger than size_t can hold */
|
||||
return -1;
|
||||
}
|
||||
|
||||
len = 0;
|
||||
while (n-- > 0)
|
||||
{
|
||||
len = 256 * len + *data->ptr++;
|
||||
}
|
||||
return len;
|
||||
}
|
||||
|
||||
status_t read_hdr(private_der_encoder_t *this, chunk_t *data)
|
||||
{
|
||||
chunk_t inner;
|
||||
|
||||
/* advance to the next rule */
|
||||
this->rule++;
|
||||
|
||||
if (this->rule->type == ASN1_END)
|
||||
{
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "reading header of rule %s",
|
||||
mapping_find(asn1_type_m, this->rule->type));
|
||||
|
||||
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "reading from:", *data);
|
||||
|
||||
/* read type, advance in data */
|
||||
if (*(data->ptr) != this->rule->type)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found (%x)", *data->ptr);
|
||||
return PARSE_ERROR;
|
||||
}
|
||||
data->ptr++;
|
||||
data->len--;
|
||||
|
||||
/* read length, advance in data */
|
||||
inner.len = read_length(data);
|
||||
if (inner.len == -1)
|
||||
{
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length");
|
||||
return PARSE_ERROR;
|
||||
}
|
||||
this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d",
|
||||
inner.len);
|
||||
inner.ptr = data->ptr;
|
||||
|
||||
/* advance in data */
|
||||
data->ptr += inner.len;
|
||||
data->len -= inner.len;
|
||||
|
||||
/* process inner */
|
||||
switch (this->rule->type)
|
||||
{
|
||||
case ASN1_INTEGER:
|
||||
if (this->rule->flags & ASN1_MPZ)
|
||||
{
|
||||
read_mpz(this, inner);
|
||||
}
|
||||
else
|
||||
{
|
||||
read_int(this, inner);
|
||||
}
|
||||
break;
|
||||
case ASN1_SEQUENCE:
|
||||
read_sequence(this, inner);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
||||
status_t decode(private_der_encoder_t *this, chunk_t input, void *output)
|
||||
{
|
||||
this->rule = this->first_rule - 1;
|
||||
this->output = output;
|
||||
return read_hdr(this, &input);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of der_encoder.destroy.
|
||||
*/
|
||||
static void destroy(private_der_encoder_t *this)
|
||||
{
|
||||
allocator_free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
der_encoder_t *der_encoder_create(asn1_rule_t *rules)
|
||||
{
|
||||
private_der_encoder_t *this = allocator_alloc_thing(private_der_encoder_t);
|
||||
|
||||
/* public functions */
|
||||
this->public.decode = (status_t (*) (der_encoder_t*,chunk_t,void*))decode;
|
||||
this->public.destroy = (void (*) (der_encoder_t*))destroy;
|
||||
|
||||
this->first_rule = rules;
|
||||
this->logger = charon->logger_manager->get_logger(charon->logger_manager, DER_DECODER);
|
||||
|
||||
return &(this->public);
|
||||
}
|
|
@ -0,0 +1,60 @@
|
|||
/**
|
||||
* @file der_encoder.h
|
||||
*
|
||||
* @brief Interface of der_encoder_t.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2006 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#ifndef DER_ENCODER_H_
|
||||
#define DER_ENCODER_H_
|
||||
|
||||
#include <types.h>
|
||||
|
||||
typedef struct der_encoder_t der_encoder_t;
|
||||
|
||||
/**
|
||||
* @brief Decode der_encoded bytes to usable structures.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - der_encoder_create()
|
||||
*
|
||||
* @ingroup asn1
|
||||
*/
|
||||
struct der_encoder_t {
|
||||
|
||||
status_t encode(der_encoder_t *this, void *input, chunk_t output);
|
||||
|
||||
/**
|
||||
* @brief Destroys a der_encoder object.
|
||||
*
|
||||
* @param der_encoder calling object
|
||||
*/
|
||||
void (*destroy) (der_encoder_t *this);
|
||||
};
|
||||
|
||||
|
||||
/**
|
||||
* @brief Create a der_encoder instance.
|
||||
*
|
||||
* @return der_encoder_t object
|
||||
*
|
||||
* @ingroup ans1
|
||||
*/
|
||||
der_encoder_t * der_encoder_create(asn1_rule_t *rules);
|
||||
|
||||
#endif /* DER_ENCODER_H_ */
|
|
@ -388,7 +388,7 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
|
|||
/* private data */
|
||||
this->ike_sa = ike_sa;
|
||||
this->prf = this->ike_sa->get_prf(this->ike_sa);
|
||||
this->logger = this->ike_sa->get_logger(this->ike_sa);
|
||||
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
|
||||
|
||||
return &(this->public);
|
||||
}
|
||||
|
|
|
@ -411,14 +411,6 @@ static void set_new_state (private_ike_sa_t *this, state_t *state)
|
|||
this->current_state = state;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of protected_ike_sa_t.get_logger.
|
||||
*/
|
||||
static logger_t *get_logger (private_ike_sa_t *this)
|
||||
{
|
||||
return this->logger;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of protected_ike_sa_t.get_connection.
|
||||
*/
|
||||
|
@ -1050,7 +1042,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
|
|||
this->protected.get_prf_auth_i = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_i;
|
||||
this->protected.get_prf_auth_r = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_r;
|
||||
this->protected.add_child_sa = (void (*) (protected_ike_sa_t*,child_sa_t*)) add_child_sa;
|
||||
this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger;
|
||||
this->protected.set_connection = (void (*) (protected_ike_sa_t *,connection_t *)) set_connection;
|
||||
this->protected.get_connection = (connection_t *(*) (protected_ike_sa_t *)) get_connection;
|
||||
this->protected.set_policy = (void (*) (protected_ike_sa_t *,policy_t *)) set_policy;
|
||||
|
|
|
@ -170,16 +170,6 @@ struct protected_ike_sa_t {
|
|||
*/
|
||||
void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
|
||||
|
||||
/**
|
||||
* @brief Get the internal stored logger_t object for given ike_sa_t object.
|
||||
*
|
||||
* @warning Returned logger_t object is original one and managed by this object.
|
||||
*
|
||||
* @param this calling object
|
||||
* @return pointer to the internal stored logger_t object
|
||||
*/
|
||||
logger_t *(*get_logger) (protected_ike_sa_t *this);
|
||||
|
||||
/**
|
||||
* @brief Get the internal stored connection_t object.
|
||||
*
|
||||
|
|
|
@ -660,7 +660,7 @@ ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa,chunk
|
|||
this->received_nonce = received_nonce;
|
||||
this->sent_nonce = sent_nonce;
|
||||
this->ike_sa_init_reply_data = ike_sa_init_reply_data;
|
||||
this->logger = this->ike_sa->get_logger(this->ike_sa);
|
||||
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
|
||||
this->my_ts = NULL;
|
||||
this->other_ts = NULL;
|
||||
this->proposal = NULL;
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
|
||||
#include "ike_sa_established.h"
|
||||
|
||||
#include <daemon.h>
|
||||
#include <utils/allocator.h>
|
||||
#include <encoding/payloads/delete_payload.h>
|
||||
|
||||
|
@ -233,7 +234,7 @@ ike_sa_established_t *ike_sa_established_create(protected_ike_sa_t *ike_sa)
|
|||
|
||||
/* private data */
|
||||
this->ike_sa = ike_sa;
|
||||
this->logger = ike_sa->get_logger(ike_sa);
|
||||
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
|
||||
|
||||
return &(this->public);
|
||||
}
|
||||
|
|
|
@ -748,7 +748,7 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa
|
|||
/* private data */
|
||||
this->ike_sa = ike_sa;
|
||||
this->received_nonce = CHUNK_INITIALIZER;
|
||||
this->logger = this->ike_sa->get_logger(this->ike_sa);
|
||||
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
|
||||
this->diffie_hellman = diffie_hellman;
|
||||
this->proposal = NULL;
|
||||
this->sent_nonce = sent_nonce;
|
||||
|
|
|
@ -696,7 +696,7 @@ ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa
|
|||
this->my_ts = NULL;
|
||||
this->other_ts = NULL;
|
||||
this->child_sa = NULL;
|
||||
this->logger = this->ike_sa->get_logger(this->ike_sa);
|
||||
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
|
||||
|
||||
return &(this->public);
|
||||
}
|
||||
|
|
|
@ -342,7 +342,7 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa)
|
|||
|
||||
/* private data */
|
||||
this->ike_sa = ike_sa;
|
||||
this->logger = this->ike_sa->get_logger(this->ike_sa);
|
||||
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
|
||||
this->sent_nonce = CHUNK_INITIALIZER;
|
||||
this->diffie_hellman = NULL;
|
||||
|
||||
|
|
|
@ -553,7 +553,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
|
|||
|
||||
/* private data */
|
||||
this->ike_sa = ike_sa;
|
||||
this->logger = this->ike_sa->get_logger(this->ike_sa);
|
||||
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
|
||||
this->sent_nonce = CHUNK_INITIALIZER;
|
||||
this->received_nonce = CHUNK_INITIALIZER;
|
||||
this->dh_group_number = MODP_UNDEFINED;
|
||||
|
|
|
@ -131,4 +131,8 @@ $(BUILD_DIR)kernel_interface_test.o : $(TESTCASES_DIR)kernel_interface_test.c $(
|
|||
TEST_OBJS+= $(BUILD_DIR)child_sa_test.o
|
||||
$(BUILD_DIR)child_sa_test.o : $(TESTCASES_DIR)child_sa_test.c $(TESTCASES_DIR)child_sa_test.h
|
||||
$(CC) $(CFLAGS) -c -o $@ $<
|
||||
|
||||
TEST_OBJS+= $(BUILD_DIR)der_decoder_test.o
|
||||
$(BUILD_DIR)der_decoder_test.o : $(TESTCASES_DIR)der_decoder_test.c $(TESTCASES_DIR)der_decoder_test.h
|
||||
$(CC) $(CFLAGS) -c -o $@ $<
|
||||
|
|
@ -54,10 +54,10 @@ void test_child_sa(protected_tester_t *tester)
|
|||
remote_sa = child_sa_create(remote_me, remote_other);
|
||||
|
||||
proposal1 = proposal_create(1);
|
||||
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
|
||||
proposal2 = proposal_create(2);
|
||||
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
||||
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
||||
|
||||
list = linked_list_create();
|
||||
list->insert_last(list, proposal1);
|
||||
|
|
|
@ -41,28 +41,28 @@ void test_connection(protected_tester_t *tester)
|
|||
linked_list_t *list;
|
||||
|
||||
prop1 = proposal_create(1);
|
||||
prop1->add_algorithm(prop1, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
|
||||
prop1->add_algorithm(prop1, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
prop1->add_algorithm(prop1, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 20);
|
||||
prop1->add_algorithm(prop1, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
|
||||
prop1->add_algorithm(prop1, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
|
||||
prop1->add_algorithm(prop1, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
prop1->add_algorithm(prop1, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 20);
|
||||
prop1->add_algorithm(prop1, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
|
||||
|
||||
prop2 = proposal_create(2);
|
||||
prop2->add_algorithm(prop2, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
|
||||
prop2->add_algorithm(prop2, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
prop2->add_algorithm(prop2, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
|
||||
prop2->add_algorithm(prop2, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
prop2->add_algorithm(prop2, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
|
||||
prop2->add_algorithm(prop2, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
prop2->add_algorithm(prop2, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
|
||||
prop2->add_algorithm(prop2, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
|
||||
prop3 = proposal_create(3);
|
||||
prop3->add_algorithm(prop3, IKE, ENCRYPTION_ALGORITHM, ENCR_DES, 20);
|
||||
prop3->add_algorithm(prop3, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
prop3->add_algorithm(prop3, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
|
||||
prop3->add_algorithm(prop3, IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
|
||||
prop3->add_algorithm(prop3, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_DES, 20);
|
||||
prop3->add_algorithm(prop3, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
prop3->add_algorithm(prop3, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
|
||||
prop3->add_algorithm(prop3, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
|
||||
|
||||
prop4 = proposal_create(4);
|
||||
prop4->add_algorithm(prop4, IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 20);
|
||||
prop4->add_algorithm(prop4, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
prop4->add_algorithm(prop4, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_TIGER, 20);
|
||||
prop4->add_algorithm(prop4, IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
|
||||
prop4->add_algorithm(prop4, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 20);
|
||||
prop4->add_algorithm(prop4, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
prop4->add_algorithm(prop4, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_TIGER, 20);
|
||||
prop4->add_algorithm(prop4, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
|
||||
|
||||
connection->add_proposal(connection, prop1);
|
||||
connection->add_proposal(connection, prop2);
|
||||
|
|
|
@ -0,0 +1,140 @@
|
|||
/**
|
||||
* @file der_decoder_test.c
|
||||
*
|
||||
* @brief Tests for the der_decoder_t class.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2006 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include "der_decoder_test.h"
|
||||
|
||||
#include <daemon.h>
|
||||
#include <asn1/der_decoder.h>
|
||||
#include <utils/allocator.h>
|
||||
#include <utils/logger.h>
|
||||
|
||||
|
||||
|
||||
static char private_key_buffer[] = {
|
||||
0x30,0x82,0x04,0xa2,0x02,0x00,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,
|
||||
0x43,0x5b,0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,
|
||||
0xd7,0xbb,0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,
|
||||
0x5b,0x02,0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,
|
||||
0x39,0xc1,0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,
|
||||
0x9b,0x92,0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,
|
||||
0x2d,0x5b,0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,
|
||||
0x51,0xfb,0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,
|
||||
0x6b,0x91,0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,
|
||||
0x99,0xfb,0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,
|
||||
0x10,0x1b,0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,
|
||||
0xac,0xed,0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,
|
||||
0xb0,0x37,0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,
|
||||
0x31,0x96,0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,
|
||||
0xce,0x7d,0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,
|
||||
0x6e,0xc4,0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,
|
||||
0x40,0x25,0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01,
|
||||
0x02,0x82,0x01,0x00,0x12,0x42,0x38,0x58,0x21,0xfc,0x51,0x34,0xa0,0x8b,0x4f,0x58,
|
||||
0x28,0x2c,0x7a,0x14,0xd8,0x98,0xfb,0xee,0x5b,0x85,0x69,0x0e,0x63,0x83,0x16,0xd9,
|
||||
0xc9,0x5f,0xcc,0x12,0x5d,0xa5,0x15,0x41,0xd6,0xb8,0x0c,0x6b,0xda,0x67,0x3a,0x83,
|
||||
0x09,0xf3,0xb8,0x89,0xd4,0x1d,0xc7,0x99,0x8f,0x23,0x59,0xe3,0x78,0x2b,0x41,0x8b,
|
||||
0xab,0x78,0x2c,0x7e,0x3b,0xbb,0xe0,0xf4,0x96,0xa8,0xd3,0x1d,0xc6,0xea,0x67,0x91,
|
||||
0x2c,0x30,0x1c,0xe9,0x4f,0xb8,0xa2,0xc3,0x5d,0x2c,0xf9,0x99,0x1c,0x6c,0xee,0xd7,
|
||||
0x16,0x28,0x3c,0x5a,0x32,0x35,0xb8,0x3a,0xf3,0xa7,0xa6,0x35,0x02,0xba,0xbf,0x67,
|
||||
0xab,0x44,0xe1,0x09,0x9b,0x48,0x5d,0xa5,0x9e,0xf4,0xb7,0xf4,0xd1,0xfc,0x68,0x9e,
|
||||
0x98,0x26,0x69,0x28,0xcc,0x19,0x75,0xf2,0x61,0x0e,0x23,0xeb,0xf9,0x6d,0x2c,0x2b,
|
||||
0x01,0x3f,0x4d,0x18,0x41,0xc5,0x31,0x9d,0x1c,0x20,0x81,0x4e,0x38,0x92,0xd5,0xbb,
|
||||
0xd7,0xe7,0x49,0x0c,0x3a,0xf3,0x8f,0x9e,0xf0,0xb3,0x32,0x1e,0xa7,0x77,0xe8,0x9c,
|
||||
0xf3,0xce,0x88,0x66,0xcc,0xe8,0x16,0xbb,0xfd,0xbc,0x62,0xc7,0xc3,0xeb,0x0a,0xf5,
|
||||
0xd8,0x53,0x02,0x6c,0x45,0xcb,0x1d,0xa3,0x96,0xfb,0xa5,0x26,0x18,0x7f,0x04,0x9f,
|
||||
0x80,0x4a,0xdb,0x3b,0x74,0xcf,0x0d,0x45,0xf4,0xd5,0x49,0xe9,0x27,0x54,0x9c,0x57,
|
||||
0x92,0x48,0x78,0x52,0xb6,0x40,0x89,0x3f,0xf3,0x95,0x06,0x3d,0x90,0xab,0xa0,0x8a,
|
||||
0xc7,0x54,0xf1,0x63,0xcf,0xa6,0xd2,0x83,0x1e,0x69,0x54,0xe0,0x77,0x2c,0x9e,0x3a,
|
||||
0x4f,0xdd,0x14,0x6d,0x02,0x81,0x81,0x00,0xd9,0x40,0x76,0x90,0x7c,0xe7,0x3b,0xa3,
|
||||
0x59,0x23,0x14,0x6b,0xf3,0x5f,0x6e,0x6b,0x82,0x34,0xf6,0xbd,0x3e,0xfb,0x65,0xac,
|
||||
0x2f,0x46,0xd5,0x6e,0x9b,0xb8,0x62,0x80,0xc3,0x0c,0xa9,0xa6,0x00,0xd6,0xb8,0x1c,
|
||||
0x12,0x8d,0x4d,0xd0,0x64,0x29,0x4c,0xac,0x38,0xe8,0x6c,0xe4,0x82,0x02,0x4e,0x10,
|
||||
0xd5,0x39,0x19,0x29,0x0c,0x58,0x3f,0x68,0xa0,0x11,0x0e,0x11,0x74,0x22,0x2b,0x7e,
|
||||
0xc2,0xa7,0x88,0xe3,0x33,0xe8,0xb4,0x50,0x6e,0x0c,0x54,0xc5,0x3f,0xb7,0x16,0xcb,
|
||||
0x39,0xed,0x23,0xd0,0x66,0x26,0x57,0xf9,0xcb,0xc9,0xac,0xe2,0xa4,0xb8,0xba,0xd8,
|
||||
0xd2,0x1f,0x4a,0xed,0x73,0x89,0xda,0x42,0x27,0x5a,0x26,0x30,0x33,0xc8,0x42,0x2a,
|
||||
0x3d,0xc5,0xf3,0xc2,0x29,0x3d,0x58,0x67,0x02,0x81,0x81,0x00,0xb6,0xd4,0x61,0x05,
|
||||
0x49,0xcb,0xf4,0x29,0x8a,0x22,0xd3,0xa3,0x7c,0x9c,0xd2,0x07,0xa4,0x66,0xe4,0x36,
|
||||
0xfa,0x5e,0xf6,0x64,0xb7,0x59,0x74,0x2f,0x36,0x6d,0x12,0xd0,0xc9,0x4d,0xf8,0xd1,
|
||||
0xba,0xd1,0xee,0xd2,0x78,0xcd,0x51,0x69,0x33,0x6a,0x03,0xff,0xc2,0x35,0x1d,0x0d,
|
||||
0x9c,0x0a,0x87,0x5e,0x09,0xa3,0x23,0x4c,0xab,0xc3,0x4c,0x4a,0x1c,0xa4,0xc5,0xe2,
|
||||
0x70,0x42,0x1c,0xcf,0xea,0x79,0xfb,0xb9,0x87,0x67,0x4d,0xc3,0xfc,0xcc,0x86,0x9d,
|
||||
0xfa,0xea,0x99,0xa5,0x1b,0xc1,0x96,0xf4,0x79,0x4d,0x66,0x12,0x8f,0x90,0x98,0xb4,
|
||||
0xa1,0x3b,0xd6,0x2f,0x64,0xb4,0x5f,0x8f,0x47,0x7f,0x43,0xa5,0x6d,0xeb,0x06,0x58,
|
||||
0xfb,0x04,0x9e,0xef,0xaf,0x88,0x35,0x88,0xa1,0x15,0x30,0x97,0x02,0x81,0x80,0x59,
|
||||
0xbe,0xe0,0x7b,0xc5,0xad,0x3c,0x1c,0xb9,0x98,0xdd,0x39,0xce,0xfa,0xd0,0x41,0x87,
|
||||
0x33,0x5b,0xee,0x47,0x93,0x50,0xa7,0xf5,0x8b,0xbc,0x65,0x89,0xdc,0x7c,0x8c,0x96,
|
||||
0x86,0xa7,0x9a,0x54,0xe4,0x5e,0x7f,0xf2,0x45,0xff,0x2c,0x24,0x04,0x4f,0x91,0x21,
|
||||
0x9d,0x1a,0x46,0xb7,0x52,0x3e,0x6f,0x83,0xb5,0xa7,0xa8,0x26,0x5a,0x5a,0x2f,0x5d,
|
||||
0x58,0x4e,0x48,0x75,0x82,0x1c,0x17,0xac,0x4f,0xcb,0x23,0x98,0x70,0xfb,0xf3,0xf1,
|
||||
0xd2,0x14,0x3e,0xbb,0x98,0x65,0xc9,0x24,0x2f,0xcb,0x48,0xae,0xba,0x0e,0x43,0xb9,
|
||||
0xa4,0xa1,0x4f,0xab,0x1e,0x48,0xc9,0x82,0xdb,0xbc,0x77,0x24,0xf0,0x80,0x82,0x2d,
|
||||
0x81,0x77,0x1f,0x18,0x75,0x14,0xa8,0x20,0x86,0xa2,0xb0,0xc5,0x9a,0x7a,0xe7,0x02,
|
||||
0x81,0x80,0x1b,0x6d,0xb1,0x40,0x81,0xd9,0xbf,0x3f,0x9c,0x21,0xad,0x6e,0x91,0x7b,
|
||||
0x55,0x67,0x20,0x1a,0xef,0x91,0xef,0xed,0xdf,0x39,0x2c,0xe8,0x96,0xad,0x9e,0x94,
|
||||
0xae,0x85,0xf4,0x2d,0x66,0x6e,0xd0,0x80,0x3e,0x3c,0x05,0x33,0x88,0x4b,0x28,0x13,
|
||||
0x77,0x96,0x1f,0x24,0xa8,0xbf,0x29,0xf1,0xca,0x6d,0x29,0x34,0xf8,0x4e,0xc0,0x56,
|
||||
0x04,0x53,0xfa,0x08,0x1e,0x47,0xe2,0x5f,0x88,0xc3,0x08,0x82,0x54,0x69,0x79,0x0e,
|
||||
0xde,0x73,0xd0,0xb1,0x3e,0x60,0xe5,0x0b,0xdd,0x11,0x10,0x20,0xf2,0xec,0xaa,0x66,
|
||||
0x1a,0x32,0x1e,0xa7,0xaa,0xc1,0x2e,0x8f,0x33,0x8a,0xd8,0xa8,0xd6,0xcd,0x40,0x04,
|
||||
0xaf,0xb9,0x59,0xcc,0x30,0x9f,0x98,0xc9,0x10,0xaf,0x14,0xbe,0x72,0x89,0x94,0xe1,
|
||||
0x00,0xf1,0x02,0x81,0x81,0x00,0xd6,0xac,0x26,0xd2,0x42,0x5b,0x16,0xa9,0x39,0x02,
|
||||
0x63,0x76,0xa4,0xf5,0x40,0x3a,0xde,0xfa,0xea,0xd8,0xd3,0x12,0xee,0x44,0x00,0xfe,
|
||||
0xcb,0xa1,0x78,0x18,0xaa,0xa7,0x08,0xea,0x5e,0x36,0x52,0x28,0x0d,0x02,0x5a,0x9e,
|
||||
0x2d,0xc1,0x22,0x29,0x08,0x4f,0xed,0xff,0xa9,0xa6,0x08,0x8d,0x77,0xa4,0x5c,0xae,
|
||||
0xa7,0x8a,0x19,0x90,0xc2,0x12,0xc8,0x0f,0xb8,0x24,0xb5,0xba,0x45,0x2f,0xa6,0xc2,
|
||||
0x10,0x4c,0x0d,0x7e,0xf2,0xfd,0x11,0x26,0x16,0x34,0xbe,0x08,0x25,0x41,0x8b,0xcc,
|
||||
0x60,0xe7,0x02,0x3e,0x6a,0x54,0x05,0x80,0x66,0x2d,0x55,0x06,0xe6,0xbe,0x9b,0x15,
|
||||
0x9d,0xd3,0x5d,0xc4,0x6b,0x3f,0x74,0xa6,0x24,0xbc,0x7f,0x13,0xdf,0xe3,0x51,0x86,
|
||||
0x64,0x0f,0x1d,0x1f,0xf2,0x1e,
|
||||
};
|
||||
|
||||
asn1_rule_t private_key_rules[] = {
|
||||
{ASN1_SEQUENCE, 0, 0, 0},
|
||||
{ ASN1_INTEGER, 0, 0, 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
|
||||
{ASN1_END, 0, 0, 0},
|
||||
};
|
||||
|
||||
/**
|
||||
* Described in header.
|
||||
*/
|
||||
void test_der_decoder(protected_tester_t *tester)
|
||||
{
|
||||
chunk_t private_key = {private_key_buffer, sizeof(private_key_buffer)};
|
||||
|
||||
der_decoder_t *dd = der_decoder_create(private_key_rules);
|
||||
|
||||
dd->decode(dd, private_key, NULL);
|
||||
|
||||
dd->destroy(dd);
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
/**
|
||||
* @file der_decoder_test.h
|
||||
*
|
||||
* @brief Tests for the der_decoder_t class.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2006 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
|
||||
#ifndef DER_DECODER_TEST_H_
|
||||
#define DER_DECODER_TEST_H_
|
||||
|
||||
#include <utils/tester.h>
|
||||
|
||||
/**
|
||||
* @brief Test function used to test the der_decoder_t functionality.
|
||||
*
|
||||
* @param tester associated protected_tester_t object
|
||||
*
|
||||
* @ingroup testcases
|
||||
*/
|
||||
void test_der_decoder(protected_tester_t *tester);
|
||||
|
||||
#endif /* DER_DECODER_TEST_H_ */
|
||||
|
||||
|
||||
|
||||
|
|
@ -570,16 +570,16 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
|
|||
|
||||
|
||||
proposal1 = proposal_create(1);
|
||||
proposal1->add_algorithm(proposal1, IKE, ENCRYPTION_ALGORITHM, 1, 20);
|
||||
proposal1->add_algorithm(proposal1, IKE, PSEUDO_RANDOM_FUNCTION, 2, 22);
|
||||
proposal1->add_algorithm(proposal1, IKE, INTEGRITY_ALGORITHM, 3, 24);
|
||||
proposal1->add_algorithm(proposal1, IKE, DIFFIE_HELLMAN_GROUP, 4, 0);
|
||||
proposal1->add_algorithm(proposal1, PROTO_IKE, ENCRYPTION_ALGORITHM, 1, 20);
|
||||
proposal1->add_algorithm(proposal1, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, 2, 22);
|
||||
proposal1->add_algorithm(proposal1, PROTO_IKE, INTEGRITY_ALGORITHM, 3, 24);
|
||||
proposal1->add_algorithm(proposal1, PROTO_IKE, DIFFIE_HELLMAN_GROUP, 4, 0);
|
||||
|
||||
proposal2 = proposal_create(2);
|
||||
proposal2->add_algorithm(proposal2, IKE, ENCRYPTION_ALGORITHM, 5, 26);
|
||||
proposal2->add_algorithm(proposal2, IKE, PSEUDO_RANDOM_FUNCTION, 6, 28);
|
||||
proposal2->add_algorithm(proposal2, IKE, INTEGRITY_ALGORITHM, 7, 30);
|
||||
proposal2->add_algorithm(proposal2, IKE, DIFFIE_HELLMAN_GROUP, 8, 0);
|
||||
proposal2->add_algorithm(proposal2, PROTO_IKE, ENCRYPTION_ALGORITHM, 5, 26);
|
||||
proposal2->add_algorithm(proposal2, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, 6, 28);
|
||||
proposal2->add_algorithm(proposal2, PROTO_IKE, INTEGRITY_ALGORITHM, 7, 30);
|
||||
proposal2->add_algorithm(proposal2, PROTO_IKE, DIFFIE_HELLMAN_GROUP, 8, 0);
|
||||
|
||||
list = linked_list_create();
|
||||
list->insert_last(list, (void*)proposal1);
|
||||
|
@ -643,25 +643,25 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
|
|||
|
||||
proposal1 = proposal_create(1);
|
||||
|
||||
proposal1->add_algorithm(proposal1, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
|
||||
proposal1->add_algorithm(proposal1, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
|
||||
proposal1->set_spi(proposal1, AH, 0x01010101l);
|
||||
proposal1->add_algorithm(proposal1, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
|
||||
proposal1->add_algorithm(proposal1, PROTO_AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
|
||||
proposal1->set_spi(proposal1, PROTO_AH, 0x01010101l);
|
||||
|
||||
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
|
||||
proposal1->add_algorithm(proposal1, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
proposal1->set_spi(proposal1, ESP, 0x02020202);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
proposal1->set_spi(proposal1, PROTO_ESP, 0x02020202);
|
||||
|
||||
|
||||
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal2->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
|
||||
proposal2->add_algorithm(proposal2, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
|
||||
proposal2->set_spi(proposal2, AH, 0x01010101);
|
||||
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal2->add_algorithm(proposal2, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
|
||||
proposal2->add_algorithm(proposal2, PROTO_AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
|
||||
proposal2->set_spi(proposal2, PROTO_AH, 0x01010101);
|
||||
|
||||
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
|
||||
proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal2->add_algorithm(proposal2, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
proposal2->set_spi(proposal2, ESP, 0x02020202);
|
||||
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
|
||||
proposal2->add_algorithm(proposal2, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal2->add_algorithm(proposal2, PROTO_ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
proposal2->set_spi(proposal2, PROTO_ESP, 0x02020202);
|
||||
|
||||
list->insert_last(list, (void*)proposal1);
|
||||
list->insert_last(list, (void*)proposal2);
|
||||
|
@ -1216,7 +1216,7 @@ void test_generator_with_delete_payload(protected_tester_t *tester)
|
|||
spis.ptr = "123456789012";
|
||||
spis.len = strlen(spis.ptr);
|
||||
|
||||
delete_payload->set_protocol_id(delete_payload,AH);
|
||||
delete_payload->set_protocol_id(delete_payload, PROTO_AH);
|
||||
delete_payload->set_spi_count(delete_payload,3);
|
||||
delete_payload->set_spi_size(delete_payload,4);
|
||||
delete_payload->set_spis(delete_payload,spis);
|
||||
|
@ -1408,6 +1408,4 @@ void test_generator_with_eap_payload(protected_tester_t *tester)
|
|||
|
||||
eap_payload->destroy(eap_payload);
|
||||
generator->destroy(generator);
|
||||
|
||||
charon->logger_manager->destroy_logger(charon->logger_manager,logger);
|
||||
}
|
||||
|
|
|
@ -201,6 +201,4 @@ void test_hmac_sha1_signer(protected_tester_t *tester)
|
|||
}
|
||||
|
||||
signer->destroy(signer);
|
||||
charon->logger_manager->destroy_logger(charon->logger_manager,logger);
|
||||
|
||||
}
|
||||
|
|
|
@ -805,7 +805,7 @@ void test_parser_with_delete_payload(protected_tester_t *tester)
|
|||
return;
|
||||
}
|
||||
result = delete_payload->get_spis(delete_payload);
|
||||
tester->assert_true(tester,(delete_payload->get_protocol_id(delete_payload) == ESP), "is ESP protocol");
|
||||
tester->assert_true(tester,(delete_payload->get_protocol_id(delete_payload) == PROTO_ESP), "is ESP protocol");
|
||||
tester->assert_true(tester,(delete_payload->get_spi_size(delete_payload) == 3), "SPI size check");
|
||||
tester->assert_true(tester,(delete_payload->get_spi_count(delete_payload) == 4), "SPI count check");
|
||||
tester->assert_true(tester,(result.len == 12), "parsed data lenght");
|
||||
|
|
|
@ -61,16 +61,16 @@ void test_policy(protected_tester_t *tester)
|
|||
|
||||
/* esp only prop */
|
||||
proposal1 = proposal_create(1);
|
||||
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
|
||||
/* ah only prop */
|
||||
proposal2 = proposal_create(2);
|
||||
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
|
||||
/* ah and esp prop */
|
||||
proposal3 = proposal_create(3);
|
||||
proposal3->add_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
|
||||
proposal3->add_algorithm(proposal3, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal3->add_algorithm(proposal3, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
|
||||
proposal3->add_algorithm(proposal3, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
|
||||
|
||||
policy->add_proposal(policy, proposal1);
|
||||
|
@ -84,13 +84,13 @@ void test_policy(protected_tester_t *tester)
|
|||
|
||||
proposals_list = linked_list_create();
|
||||
proposal1 = proposal_create(1);
|
||||
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
|
||||
proposal2 = proposal_create(2);
|
||||
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
|
||||
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
|
||||
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
|
||||
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
|
||||
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
|
||||
proposals_list->insert_last(proposals_list, proposal1);
|
||||
proposals_list->insert_last(proposals_list, proposal2);
|
||||
|
@ -98,7 +98,7 @@ void test_policy(protected_tester_t *tester)
|
|||
proposal_sel = policy->select_proposal(policy, proposals_list);
|
||||
tester->assert_false(tester, proposal_sel == NULL, "proposal select");
|
||||
/* check ESP encryption algo */
|
||||
iterator = proposal_sel->create_algorithm_iterator(proposal_sel, ESP, ENCRYPTION_ALGORITHM);
|
||||
iterator = proposal_sel->create_algorithm_iterator(proposal_sel, PROTO_ESP, ENCRYPTION_ALGORITHM);
|
||||
tester->assert_false(tester, iterator == NULL, "algorithm select ESP");
|
||||
while (iterator->has_next(iterator))
|
||||
{
|
||||
|
@ -108,7 +108,7 @@ void test_policy(protected_tester_t *tester)
|
|||
tester->assert_true(tester, algo->key_size == 16, "ESP encryption keysize");
|
||||
}
|
||||
iterator->destroy(iterator);
|
||||
iterator = proposal_sel->create_algorithm_iterator(proposal_sel, AH, INTEGRITY_ALGORITHM);
|
||||
iterator = proposal_sel->create_algorithm_iterator(proposal_sel, PROTO_AH, INTEGRITY_ALGORITHM);
|
||||
/* check AH integrity algo */
|
||||
tester->assert_false(tester, iterator == NULL, "algorithm select AH");
|
||||
while (iterator->has_next(iterator))
|
||||
|
|
|
@ -39,38 +39,38 @@ void test_proposal(protected_tester_t *tester)
|
|||
bool result;
|
||||
|
||||
proposal1 = proposal_create(1);
|
||||
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
|
||||
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
|
||||
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
|
||||
proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
|
||||
proposal1->add_algorithm(proposal1, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
|
||||
|
||||
proposal2 = proposal_create(2);
|
||||
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0);
|
||||
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal1->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0);
|
||||
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
|
||||
proposal2->add_algorithm(proposal2, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
|
||||
proposal1->add_algorithm(proposal2, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
|
||||
|
||||
/* ah and esp prop */
|
||||
proposal3 = proposal1->select(proposal1, proposal2);
|
||||
tester->assert_false(tester, proposal3 == NULL, "proposal select");
|
||||
if (proposal3)
|
||||
{
|
||||
result = proposal3->get_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, &algo);
|
||||
result = proposal3->get_algorithm(proposal3, PROTO_ESP, ENCRYPTION_ALGORITHM, &algo);
|
||||
tester->assert_true(tester, result, "encryption algo select");
|
||||
tester->assert_true(tester, algo->algorithm == ENCR_AES_CBC, "encryption algo");
|
||||
tester->assert_true(tester, algo->key_size == 16, "encryption keylen");
|
||||
|
||||
|
||||
result = proposal3->get_algorithm(proposal3, ESP, INTEGRITY_ALGORITHM, &algo);
|
||||
result = proposal3->get_algorithm(proposal3, PROTO_ESP, INTEGRITY_ALGORITHM, &algo);
|
||||
tester->assert_true(tester, result, "integrity algo select");
|
||||
tester->assert_true(tester, algo->algorithm == AUTH_HMAC_MD5_96, "integrity algo");
|
||||
tester->assert_true(tester, algo->key_size == 20, "integrity keylen");
|
||||
|
||||
iterator = proposal3->create_algorithm_iterator(proposal3, ESP, INTEGRITY_ALGORITHM);
|
||||
iterator = proposal3->create_algorithm_iterator(proposal3, PROTO_ESP, INTEGRITY_ALGORITHM);
|
||||
tester->assert_false(tester, iterator == NULL, "integrity algo select");
|
||||
while(iterator->has_next(iterator))
|
||||
{
|
||||
|
@ -80,7 +80,7 @@ void test_proposal(protected_tester_t *tester)
|
|||
}
|
||||
iterator->destroy(iterator);
|
||||
|
||||
iterator = proposal3->create_algorithm_iterator(proposal3, AH, DIFFIE_HELLMAN_GROUP );
|
||||
iterator = proposal3->create_algorithm_iterator(proposal3, PROTO_AH, DIFFIE_HELLMAN_GROUP );
|
||||
tester->assert_false(tester, iterator == NULL, "dh group algo select");
|
||||
while(iterator->has_next(iterator))
|
||||
{
|
||||
|
|
|
@ -28,6 +28,103 @@
|
|||
#include <utils/allocator.h>
|
||||
#include <utils/logger.h>
|
||||
|
||||
char private_key_buffer[] = {
|
||||
0x30,0x82,0x04,0xa2,0x02,0x00,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,
|
||||
0x43,0x5b,0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,
|
||||
0xd7,0xbb,0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,
|
||||
0x5b,0x02,0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,
|
||||
0x39,0xc1,0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,
|
||||
0x9b,0x92,0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,
|
||||
0x2d,0x5b,0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,
|
||||
0x51,0xfb,0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,
|
||||
0x6b,0x91,0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,
|
||||
0x99,0xfb,0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,
|
||||
0x10,0x1b,0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,
|
||||
0xac,0xed,0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,
|
||||
0xb0,0x37,0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,
|
||||
0x31,0x96,0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,
|
||||
0xce,0x7d,0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,
|
||||
0x6e,0xc4,0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,
|
||||
0x40,0x25,0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01,
|
||||
0x02,0x82,0x01,0x00,0x12,0x42,0x38,0x58,0x21,0xfc,0x51,0x34,0xa0,0x8b,0x4f,0x58,
|
||||
0x28,0x2c,0x7a,0x14,0xd8,0x98,0xfb,0xee,0x5b,0x85,0x69,0x0e,0x63,0x83,0x16,0xd9,
|
||||
0xc9,0x5f,0xcc,0x12,0x5d,0xa5,0x15,0x41,0xd6,0xb8,0x0c,0x6b,0xda,0x67,0x3a,0x83,
|
||||
0x09,0xf3,0xb8,0x89,0xd4,0x1d,0xc7,0x99,0x8f,0x23,0x59,0xe3,0x78,0x2b,0x41,0x8b,
|
||||
0xab,0x78,0x2c,0x7e,0x3b,0xbb,0xe0,0xf4,0x96,0xa8,0xd3,0x1d,0xc6,0xea,0x67,0x91,
|
||||
0x2c,0x30,0x1c,0xe9,0x4f,0xb8,0xa2,0xc3,0x5d,0x2c,0xf9,0x99,0x1c,0x6c,0xee,0xd7,
|
||||
0x16,0x28,0x3c,0x5a,0x32,0x35,0xb8,0x3a,0xf3,0xa7,0xa6,0x35,0x02,0xba,0xbf,0x67,
|
||||
0xab,0x44,0xe1,0x09,0x9b,0x48,0x5d,0xa5,0x9e,0xf4,0xb7,0xf4,0xd1,0xfc,0x68,0x9e,
|
||||
0x98,0x26,0x69,0x28,0xcc,0x19,0x75,0xf2,0x61,0x0e,0x23,0xeb,0xf9,0x6d,0x2c,0x2b,
|
||||
0x01,0x3f,0x4d,0x18,0x41,0xc5,0x31,0x9d,0x1c,0x20,0x81,0x4e,0x38,0x92,0xd5,0xbb,
|
||||
0xd7,0xe7,0x49,0x0c,0x3a,0xf3,0x8f,0x9e,0xf0,0xb3,0x32,0x1e,0xa7,0x77,0xe8,0x9c,
|
||||
0xf3,0xce,0x88,0x66,0xcc,0xe8,0x16,0xbb,0xfd,0xbc,0x62,0xc7,0xc3,0xeb,0x0a,0xf5,
|
||||
0xd8,0x53,0x02,0x6c,0x45,0xcb,0x1d,0xa3,0x96,0xfb,0xa5,0x26,0x18,0x7f,0x04,0x9f,
|
||||
0x80,0x4a,0xdb,0x3b,0x74,0xcf,0x0d,0x45,0xf4,0xd5,0x49,0xe9,0x27,0x54,0x9c,0x57,
|
||||
0x92,0x48,0x78,0x52,0xb6,0x40,0x89,0x3f,0xf3,0x95,0x06,0x3d,0x90,0xab,0xa0,0x8a,
|
||||
0xc7,0x54,0xf1,0x63,0xcf,0xa6,0xd2,0x83,0x1e,0x69,0x54,0xe0,0x77,0x2c,0x9e,0x3a,
|
||||
0x4f,0xdd,0x14,0x6d,0x02,0x81,0x81,0x00,0xd9,0x40,0x76,0x90,0x7c,0xe7,0x3b,0xa3,
|
||||
0x59,0x23,0x14,0x6b,0xf3,0x5f,0x6e,0x6b,0x82,0x34,0xf6,0xbd,0x3e,0xfb,0x65,0xac,
|
||||
0x2f,0x46,0xd5,0x6e,0x9b,0xb8,0x62,0x80,0xc3,0x0c,0xa9,0xa6,0x00,0xd6,0xb8,0x1c,
|
||||
0x12,0x8d,0x4d,0xd0,0x64,0x29,0x4c,0xac,0x38,0xe8,0x6c,0xe4,0x82,0x02,0x4e,0x10,
|
||||
0xd5,0x39,0x19,0x29,0x0c,0x58,0x3f,0x68,0xa0,0x11,0x0e,0x11,0x74,0x22,0x2b,0x7e,
|
||||
0xc2,0xa7,0x88,0xe3,0x33,0xe8,0xb4,0x50,0x6e,0x0c,0x54,0xc5,0x3f,0xb7,0x16,0xcb,
|
||||
0x39,0xed,0x23,0xd0,0x66,0x26,0x57,0xf9,0xcb,0xc9,0xac,0xe2,0xa4,0xb8,0xba,0xd8,
|
||||
0xd2,0x1f,0x4a,0xed,0x73,0x89,0xda,0x42,0x27,0x5a,0x26,0x30,0x33,0xc8,0x42,0x2a,
|
||||
0x3d,0xc5,0xf3,0xc2,0x29,0x3d,0x58,0x67,0x02,0x81,0x81,0x00,0xb6,0xd4,0x61,0x05,
|
||||
0x49,0xcb,0xf4,0x29,0x8a,0x22,0xd3,0xa3,0x7c,0x9c,0xd2,0x07,0xa4,0x66,0xe4,0x36,
|
||||
0xfa,0x5e,0xf6,0x64,0xb7,0x59,0x74,0x2f,0x36,0x6d,0x12,0xd0,0xc9,0x4d,0xf8,0xd1,
|
||||
0xba,0xd1,0xee,0xd2,0x78,0xcd,0x51,0x69,0x33,0x6a,0x03,0xff,0xc2,0x35,0x1d,0x0d,
|
||||
0x9c,0x0a,0x87,0x5e,0x09,0xa3,0x23,0x4c,0xab,0xc3,0x4c,0x4a,0x1c,0xa4,0xc5,0xe2,
|
||||
0x70,0x42,0x1c,0xcf,0xea,0x79,0xfb,0xb9,0x87,0x67,0x4d,0xc3,0xfc,0xcc,0x86,0x9d,
|
||||
0xfa,0xea,0x99,0xa5,0x1b,0xc1,0x96,0xf4,0x79,0x4d,0x66,0x12,0x8f,0x90,0x98,0xb4,
|
||||
0xa1,0x3b,0xd6,0x2f,0x64,0xb4,0x5f,0x8f,0x47,0x7f,0x43,0xa5,0x6d,0xeb,0x06,0x58,
|
||||
0xfb,0x04,0x9e,0xef,0xaf,0x88,0x35,0x88,0xa1,0x15,0x30,0x97,0x02,0x81,0x80,0x59,
|
||||
0xbe,0xe0,0x7b,0xc5,0xad,0x3c,0x1c,0xb9,0x98,0xdd,0x39,0xce,0xfa,0xd0,0x41,0x87,
|
||||
0x33,0x5b,0xee,0x47,0x93,0x50,0xa7,0xf5,0x8b,0xbc,0x65,0x89,0xdc,0x7c,0x8c,0x96,
|
||||
0x86,0xa7,0x9a,0x54,0xe4,0x5e,0x7f,0xf2,0x45,0xff,0x2c,0x24,0x04,0x4f,0x91,0x21,
|
||||
0x9d,0x1a,0x46,0xb7,0x52,0x3e,0x6f,0x83,0xb5,0xa7,0xa8,0x26,0x5a,0x5a,0x2f,0x5d,
|
||||
0x58,0x4e,0x48,0x75,0x82,0x1c,0x17,0xac,0x4f,0xcb,0x23,0x98,0x70,0xfb,0xf3,0xf1,
|
||||
0xd2,0x14,0x3e,0xbb,0x98,0x65,0xc9,0x24,0x2f,0xcb,0x48,0xae,0xba,0x0e,0x43,0xb9,
|
||||
0xa4,0xa1,0x4f,0xab,0x1e,0x48,0xc9,0x82,0xdb,0xbc,0x77,0x24,0xf0,0x80,0x82,0x2d,
|
||||
0x81,0x77,0x1f,0x18,0x75,0x14,0xa8,0x20,0x86,0xa2,0xb0,0xc5,0x9a,0x7a,0xe7,0x02,
|
||||
0x81,0x80,0x1b,0x6d,0xb1,0x40,0x81,0xd9,0xbf,0x3f,0x9c,0x21,0xad,0x6e,0x91,0x7b,
|
||||
0x55,0x67,0x20,0x1a,0xef,0x91,0xef,0xed,0xdf,0x39,0x2c,0xe8,0x96,0xad,0x9e,0x94,
|
||||
0xae,0x85,0xf4,0x2d,0x66,0x6e,0xd0,0x80,0x3e,0x3c,0x05,0x33,0x88,0x4b,0x28,0x13,
|
||||
0x77,0x96,0x1f,0x24,0xa8,0xbf,0x29,0xf1,0xca,0x6d,0x29,0x34,0xf8,0x4e,0xc0,0x56,
|
||||
0x04,0x53,0xfa,0x08,0x1e,0x47,0xe2,0x5f,0x88,0xc3,0x08,0x82,0x54,0x69,0x79,0x0e,
|
||||
0xde,0x73,0xd0,0xb1,0x3e,0x60,0xe5,0x0b,0xdd,0x11,0x10,0x20,0xf2,0xec,0xaa,0x66,
|
||||
0x1a,0x32,0x1e,0xa7,0xaa,0xc1,0x2e,0x8f,0x33,0x8a,0xd8,0xa8,0xd6,0xcd,0x40,0x04,
|
||||
0xaf,0xb9,0x59,0xcc,0x30,0x9f,0x98,0xc9,0x10,0xaf,0x14,0xbe,0x72,0x89,0x94,0xe1,
|
||||
0x00,0xf1,0x02,0x81,0x81,0x00,0xd6,0xac,0x26,0xd2,0x42,0x5b,0x16,0xa9,0x39,0x02,
|
||||
0x63,0x76,0xa4,0xf5,0x40,0x3a,0xde,0xfa,0xea,0xd8,0xd3,0x12,0xee,0x44,0x00,0xfe,
|
||||
0xcb,0xa1,0x78,0x18,0xaa,0xa7,0x08,0xea,0x5e,0x36,0x52,0x28,0x0d,0x02,0x5a,0x9e,
|
||||
0x2d,0xc1,0x22,0x29,0x08,0x4f,0xed,0xff,0xa9,0xa6,0x08,0x8d,0x77,0xa4,0x5c,0xae,
|
||||
0xa7,0x8a,0x19,0x90,0xc2,0x12,0xc8,0x0f,0xb8,0x24,0xb5,0xba,0x45,0x2f,0xa6,0xc2,
|
||||
0x10,0x4c,0x0d,0x7e,0xf2,0xfd,0x11,0x26,0x16,0x34,0xbe,0x08,0x25,0x41,0x8b,0xcc,
|
||||
0x60,0xe7,0x02,0x3e,0x6a,0x54,0x05,0x80,0x66,0x2d,0x55,0x06,0xe6,0xbe,0x9b,0x15,
|
||||
0x9d,0xd3,0x5d,0xc4,0x6b,0x3f,0x74,0xa6,0x24,0xbc,0x7f,0x13,0xdf,0xe3,0x51,0x86,
|
||||
0x64,0x0f,0x1d,0x1f,0xf2,0x1e,
|
||||
};
|
||||
|
||||
char public_key_buffer[] = {
|
||||
0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,0x43,0x5b,
|
||||
0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,0xd7,0xbb,
|
||||
0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,0x5b,0x02,
|
||||
0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,0x39,0xc1,
|
||||
0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,0x9b,0x92,
|
||||
0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,0x2d,0x5b,
|
||||
0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,0x51,0xfb,
|
||||
0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,0x6b,0x91,
|
||||
0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,0x99,0xfb,
|
||||
0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,0x10,0x1b,
|
||||
0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,0xac,0xed,
|
||||
0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,0xb0,0x37,
|
||||
0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,0x31,0x96,
|
||||
0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,0xce,0x7d,
|
||||
0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,0x6e,0xc4,
|
||||
0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,0x40,0x25,
|
||||
0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01,
|
||||
};
|
||||
|
||||
/*
|
||||
* described in Header-File
|
||||
|
@ -36,9 +133,13 @@ void test_rsa(protected_tester_t *tester)
|
|||
{
|
||||
rsa_private_key_t *private_key;
|
||||
rsa_public_key_t *public_key;
|
||||
chunk_t data, signature, private_key_chunk, public_key_chunk;
|
||||
chunk_t data, signature;
|
||||
chunk_t der_private_key = {private_key_buffer, sizeof(private_key_buffer)};
|
||||
chunk_t der_public_key = {public_key_buffer, sizeof(public_key_buffer)};
|
||||
logger_t *logger;
|
||||
status_t status;
|
||||
|
||||
/* key generation and signing */
|
||||
u_int8_t test_data[] = {
|
||||
0x01,0x02,0x03,0x04,
|
||||
0x01,0x02,0x03,0x04,
|
||||
|
@ -61,25 +162,32 @@ void test_rsa(protected_tester_t *tester)
|
|||
private_key->generate_key(private_key, 512);
|
||||
|
||||
status = private_key->build_emsa_pkcs1_signature(private_key, HASH_MD5, data, &signature);
|
||||
tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature");
|
||||
tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature (genkey)");
|
||||
|
||||
public_key = private_key->get_public_key(private_key);
|
||||
|
||||
status = public_key->verify_emsa_pkcs1_signature(public_key, data, signature);
|
||||
tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature");
|
||||
tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature (genkey)");
|
||||
|
||||
public_key->get_key(public_key, &public_key_chunk);
|
||||
private_key->get_key(private_key, &private_key_chunk);
|
||||
|
||||
logger->log_chunk(logger, RAW, "Public Key", public_key_chunk);
|
||||
logger->log_chunk(logger, RAW, "Private Key", private_key_chunk);
|
||||
|
||||
|
||||
allocator_free(public_key_chunk.ptr);
|
||||
allocator_free(private_key_chunk.ptr);
|
||||
allocator_free(signature.ptr);
|
||||
|
||||
private_key->destroy(private_key);
|
||||
public_key->destroy(public_key);
|
||||
|
||||
/* key loading */
|
||||
private_key = rsa_private_key_create();
|
||||
private_key->set_key(private_key, der_private_key);
|
||||
|
||||
public_key = rsa_public_key_create();
|
||||
public_key->set_key(public_key, der_public_key);
|
||||
|
||||
status = private_key->build_emsa_pkcs1_signature(private_key, HASH_MD5, data, &signature);
|
||||
tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature (setkey)");
|
||||
status = public_key->verify_emsa_pkcs1_signature(public_key, data, signature);
|
||||
tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature (setkey)");
|
||||
|
||||
allocator_free(signature.ptr);
|
||||
|
||||
public_key->destroy(public_key);
|
||||
private_key->destroy(private_key);
|
||||
}
|
||||
|
|
|
@ -62,6 +62,7 @@
|
|||
#include <testcases/rsa_test.h>
|
||||
#include <testcases/kernel_interface_test.h>
|
||||
#include <testcases/child_sa_test.h>
|
||||
#include <testcases/der_decoder_test.h>
|
||||
|
||||
/* output for test messages */
|
||||
extern FILE * stderr;
|
||||
|
@ -128,6 +129,7 @@ test_t proposal_test = {test_proposal, "proposal_t test"};
|
|||
test_t rsa_test = {test_rsa, "RSA private/public key test"};
|
||||
test_t kernel_interface_test = {test_kernel_interface, "Kernel Interface"};
|
||||
test_t child_sa_test = {test_child_sa, "Child SA"};
|
||||
test_t der_decoder_test = {test_der_decoder, "DER decoder"};
|
||||
|
||||
|
||||
daemon_t* charon;
|
||||
|
@ -135,7 +137,7 @@ daemon_t* charon;
|
|||
static void daemon_kill(daemon_t *this, char* none)
|
||||
{
|
||||
this->logger_manager->destroy(this->logger_manager);
|
||||
this->socket->destroy(this->socket);
|
||||
//this->socket->destroy(this->socket);
|
||||
this->ike_sa_manager->destroy(this->ike_sa_manager);
|
||||
this->job_queue->destroy(this->job_queue);
|
||||
this->event_queue->destroy(this->event_queue);
|
||||
|
@ -158,7 +160,7 @@ daemon_t *daemon_create()
|
|||
charon->kill = daemon_kill;
|
||||
|
||||
charon->logger_manager = logger_manager_create(0);
|
||||
charon->socket = socket_create(4510);
|
||||
//charon->socket = socket_create(4510);
|
||||
charon->ike_sa_manager = ike_sa_manager_create();
|
||||
charon->job_queue = job_queue_create();
|
||||
charon->event_queue = event_queue_create();
|
||||
|
@ -250,14 +252,13 @@ int main()
|
|||
daemon_create();
|
||||
|
||||
charon->logger_manager->disable_log_level(charon->logger_manager,TESTER,FULL);
|
||||
charon->logger_manager->enable_log_level(charon->logger_manager,CHILD_SA,FULL);
|
||||
/* charon->logger_manager->enable_log_level(charon->logger_manager,TESTER,RAW); */
|
||||
charon->logger_manager->enable_log_level(charon->logger_manager,DER_DECODER,FULL);
|
||||
|
||||
tester_t *tester = tester_create(test_output, FALSE);
|
||||
|
||||
|
||||
//tester->perform_tests(tester,all_tests);
|
||||
tester->perform_test(tester,&kernel_interface_test);
|
||||
tester->perform_test(tester,&rsa_test);
|
||||
|
||||
|
||||
tester->destroy(tester);
|
||||
|
|
|
@ -0,0 +1,518 @@
|
|||
/**
|
||||
* @file certificate.c
|
||||
*
|
||||
* @brief Implementation of certificate_t.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2006 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#include <gmp.h>
|
||||
|
||||
#include "certificate.h"
|
||||
|
||||
#include <daemon.h>
|
||||
#include <utils/allocator.h>
|
||||
#include <asn1/der_decoder.h>
|
||||
|
||||
|
||||
typedef struct private_certificate_t private_certificate_t;
|
||||
|
||||
/**
|
||||
* Private data of a certificate_t object.
|
||||
*/
|
||||
struct private_certificate_t {
|
||||
/**
|
||||
* Public interface for this signer.
|
||||
*/
|
||||
certificate_t public;
|
||||
};
|
||||
|
||||
#define OSET(x) offsetof(private_certiciate_t, x)
|
||||
|
||||
/**
|
||||
* Rules for de-/encoding of a certificate from/in ASN1
|
||||
*/
|
||||
static asn1_rule_t certificate_rules[] = {
|
||||
{ASN1_SEQUENCE, 0, 0, 0 }, /* certificate */
|
||||
{ ASN1_SEQUENCE, 0, 0, 0 }, /* tbsCertificate */
|
||||
{ ASN1_TAG_E_0, ASN1_DEFAULT, OSET(version), 0 }, /* EXPLICIT version DEFAULT v1(0) */
|
||||
{ ASN1_INTEGER, 0, OSET(version), 0 },
|
||||
{ ASN1_INTEGER, 0, OSET(serial), 0 }, /* serialNumber */
|
||||
{ ASN1_SEQUENCE, 0, 0, 0 }, /* signature */
|
||||
{ ASN1_OID, 0, OSET(sign_alg), 0 }, /* algorithm */
|
||||
{ ASN1_END, 0, 0, 0 }, /* signature */
|
||||
{ ASN1_CHOICE, 0, 0, 0 }, /* issuer */
|
||||
{ ASN1_SEQUENCE, ASN1_OF, 0, 0 },
|
||||
/* name */
|
||||
{ ASN1_END, 0, 0, 0 },
|
||||
{ ASN1_END, 0, 0, 0 }, /* issuer */
|
||||
{ ASN1_SEQUENCE, 0, 0, 0 }, /* validity */
|
||||
{ ASN1_CHOICE, 0, 0, 0 }, /* notBefore */
|
||||
{ ASN1_UTCTIME, 0, OSET(not_before), 0 }, /* utcTime */
|
||||
{ ASN1_GENERALIZEDTIME, 0, OSET(not_before), 0 }, /* generalTime */
|
||||
{ ASN1_END, 0, 0, 0 }, /* notBefore */
|
||||
{ ASN1_CHOICE, 0, 0, 0 }, /* notAfter */
|
||||
{ ASN1_UTCTIME, 0, OSET(not_after), 0 }, /* utcTime */
|
||||
{ ASN1_GENERALIZEDTIME, 0, OSET(not_after), 0 }, /* generalTime */
|
||||
{ ASN1_END, 0, 0, 0 }, /* notAfter */
|
||||
{ ASN1_END, 0, 0, 0 }, /* validity */
|
||||
{ ASN1_CHOICE, 0, 0, 0 }, /* subject */
|
||||
{ ASN1_SEQUENCE, ASN1_OF, 0, 0 },
|
||||
/* name */
|
||||
{ ASN1_END, 0, 0, 0 },
|
||||
{ ASN1_END, 0, 0, 0 }, /* subject */
|
||||
{ ASN1_SEQUENCE, 0, 0, 0 }, /* subjectPublicKeyInfo */
|
||||
{ ASN1_OID, 0, OSET(pubkey_alg), 0 }, /* algorithm */
|
||||
{ ASN1_BITSTRING, 0, OSET(pubkey), 0 }, /* subjectPublicKey */
|
||||
{ ASN1_END, 0, 0, 0 }, /* subjectPublicKeyInfo */
|
||||
{ ASN1_TAG_I_1, ASN1_OPTIONAL, 0, OSET(has_issuer_uid)}, /* IMPLICIT issuerUniqueID OPTIONAL */
|
||||
{ ASN1_BITSTRING, 0, OSET(issuer_uid), 0 },
|
||||
{ ASN1_TAG_I_2, ASN1_OPTIONAL, 0, OSET(has_subject_uid)},/* IMPLICIT subjectUniqueID OPTIONAL */
|
||||
{ ASN1_BITSTRING, 0, OSET(subject_uid), 0 },
|
||||
{ ASN1_TAG_E_3, ASN1_OPTIONAL, 0, 0 }, /* EXPLICIT extensions OPTIONAL*/
|
||||
{ ASN1_SEQUENCE, ASN1_OF, 0, 0 },
|
||||
/* extension */
|
||||
{ ASN1_END 0, 0, 0, }, /* extensions */
|
||||
{ ASN1_END, 0, 0, 0 }, /* certificate */
|
||||
};
|
||||
|
||||
/**
|
||||
* Implementation of private_certificate_t.compute_prime.
|
||||
*/
|
||||
static void compute_prime(private_certificate_t *this, size_t prime_size, mpz_t *prime)
|
||||
{
|
||||
randomizer_t *randomizer;
|
||||
chunk_t random_bytes;
|
||||
|
||||
randomizer = randomizer_create();
|
||||
mpz_init(*prime);
|
||||
|
||||
do
|
||||
{
|
||||
randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes);
|
||||
|
||||
/* make sure most significant bit is set */
|
||||
random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
|
||||
|
||||
/* convert chunk to mpz value */
|
||||
mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
|
||||
|
||||
/* get next prime */
|
||||
mpz_nextprime (*prime, *prime);
|
||||
|
||||
allocator_free(random_bytes.ptr);
|
||||
}
|
||||
/* check if it isnt too large */
|
||||
while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
|
||||
|
||||
randomizer->destroy(randomizer);
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of private_certificate_t.rsadp and private_certificate_t.rsasp1.
|
||||
*/
|
||||
static chunk_t rsadp(private_certificate_t *this, chunk_t data)
|
||||
{
|
||||
mpz_t t1, t2;
|
||||
chunk_t decrypted;
|
||||
|
||||
mpz_init(t1);
|
||||
mpz_init(t2);
|
||||
|
||||
mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
|
||||
|
||||
mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
|
||||
mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
|
||||
mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
|
||||
mpz_mod(t2, t2, this->p);
|
||||
mpz_mul(t2, t2, this->coeff);
|
||||
mpz_mod(t2, t2, this->p);
|
||||
|
||||
mpz_mul(t2, t2, this->q); /* m = m2 + h q */
|
||||
mpz_add(t1, t1, t2);
|
||||
|
||||
decrypted.len = this->k;
|
||||
decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
|
||||
|
||||
mpz_clear(t1);
|
||||
mpz_clear(t2);
|
||||
|
||||
return decrypted;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of certificate.build_emsa_signature.
|
||||
*/
|
||||
static status_t build_emsa_pkcs1_signature(private_certificate_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature)
|
||||
{
|
||||
hasher_t *hasher;
|
||||
chunk_t hash;
|
||||
chunk_t oid;
|
||||
chunk_t em;
|
||||
|
||||
/* get oid string prepended to hash */
|
||||
switch (hash_algorithm)
|
||||
{
|
||||
case HASH_MD2:
|
||||
{
|
||||
oid.ptr = md2_oid;
|
||||
oid.len = sizeof(md2_oid);
|
||||
break;
|
||||
}
|
||||
case HASH_MD5:
|
||||
{
|
||||
oid.ptr = md5_oid;
|
||||
oid.len = sizeof(md5_oid);
|
||||
break;
|
||||
}
|
||||
case HASH_SHA1:
|
||||
{
|
||||
oid.ptr = sha1_oid;
|
||||
oid.len = sizeof(sha1_oid);
|
||||
break;
|
||||
}
|
||||
case HASH_SHA256:
|
||||
{
|
||||
oid.ptr = sha256_oid;
|
||||
oid.len = sizeof(sha256_oid);
|
||||
break;
|
||||
}
|
||||
case HASH_SHA384:
|
||||
{
|
||||
oid.ptr = sha384_oid;
|
||||
oid.len = sizeof(sha384_oid);
|
||||
break;
|
||||
}
|
||||
case HASH_SHA512:
|
||||
{
|
||||
oid.ptr = sha512_oid;
|
||||
oid.len = sizeof(sha512_oid);
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
return NOT_SUPPORTED;
|
||||
}
|
||||
}
|
||||
|
||||
/* get hasher */
|
||||
hasher = hasher_create(hash_algorithm);
|
||||
if (hasher == NULL)
|
||||
{
|
||||
return NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/* build hash */
|
||||
hasher->allocate_hash(hasher, data, &hash);
|
||||
hasher->destroy(hasher);
|
||||
|
||||
/* build chunk to rsa-decrypt:
|
||||
* EM = 0x00 || 0x01 || PS || 0x00 || T.
|
||||
* PS = 0xFF padding, with length to fill em
|
||||
* T = oid || hash
|
||||
*/
|
||||
em.len = this->k;
|
||||
em.ptr = allocator_alloc(em.len);
|
||||
|
||||
/* fill em with padding */
|
||||
memset(em.ptr, 0xFF, em.len);
|
||||
/* set magic bytes */
|
||||
*(em.ptr) = 0x00;
|
||||
*(em.ptr+1) = 0x01;
|
||||
*(em.ptr + em.len - hash.len - oid.len - 1) = 0x00;
|
||||
/* set hash */
|
||||
memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len);
|
||||
/* set oid */
|
||||
memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len);
|
||||
|
||||
|
||||
/* build signature */
|
||||
*signature = this->rsasp1(this, em);
|
||||
|
||||
allocator_free(hash.ptr);
|
||||
allocator_free(em.ptr);
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of certificate.set_key.
|
||||
*/
|
||||
static status_t set_key(private_certificate_t *this, chunk_t key)
|
||||
{
|
||||
der_decoder_t *dd;
|
||||
status_t status;
|
||||
|
||||
dd = der_decoder_create(certificate_rules);
|
||||
|
||||
status = dd->decode(dd, key, this);
|
||||
if (status == SUCCESS)
|
||||
{
|
||||
this->is_key_set = TRUE;
|
||||
this->k = mpz_sizeinbase(this->n, 2) / 8;
|
||||
}
|
||||
dd->destroy(dd);
|
||||
return status;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of certificate.get_key.
|
||||
*/
|
||||
static status_t get_key(private_certificate_t *this, chunk_t *key)
|
||||
{
|
||||
if (!this->is_key_set)
|
||||
{
|
||||
return INVALID_STATE;
|
||||
}
|
||||
|
||||
chunk_t n, e, p, q, d, exp1, exp2, coeff;
|
||||
|
||||
n.len = this->k;
|
||||
n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
|
||||
e.len = this->k;
|
||||
e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
|
||||
p.len = this->k;
|
||||
p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p);
|
||||
q.len = this->k;
|
||||
q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q);
|
||||
d.len = this->k;
|
||||
d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d);
|
||||
exp1.len = this->k;
|
||||
exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1);
|
||||
exp2.len = this->k;
|
||||
exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2);
|
||||
coeff.len = this->k;
|
||||
coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff);
|
||||
|
||||
key->len = this->k * 8;
|
||||
key->ptr = allocator_alloc(key->len);
|
||||
memcpy(key->ptr + this->k * 0, n.ptr , n.len);
|
||||
memcpy(key->ptr + this->k * 1, e.ptr, e.len);
|
||||
memcpy(key->ptr + this->k * 2, p.ptr, p.len);
|
||||
memcpy(key->ptr + this->k * 3, q.ptr, q.len);
|
||||
memcpy(key->ptr + this->k * 4, d.ptr, d.len);
|
||||
memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len);
|
||||
memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len);
|
||||
memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len);
|
||||
|
||||
allocator_free(n.ptr);
|
||||
allocator_free(e.ptr);
|
||||
allocator_free(p.ptr);
|
||||
allocator_free(q.ptr);
|
||||
allocator_free(d.ptr);
|
||||
allocator_free(exp1.ptr);
|
||||
allocator_free(exp2.ptr);
|
||||
allocator_free(coeff.ptr);
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of certificate.load_key.
|
||||
*/
|
||||
static status_t load_key(private_certificate_t *this, char *file)
|
||||
{
|
||||
return NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of certificate.save_key.
|
||||
*/
|
||||
static status_t save_key(private_certificate_t *this, char *file)
|
||||
{
|
||||
return NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of certificate.generate_key.
|
||||
*/
|
||||
static status_t generate_key(private_certificate_t *this, size_t key_size)
|
||||
{
|
||||
mpz_t p, q, n, e, d, exp1, exp2, coeff;
|
||||
mpz_t m, q1, t;
|
||||
|
||||
if (key_size < 0)
|
||||
{
|
||||
return INVALID_ARG;
|
||||
}
|
||||
|
||||
mpz_clear(this->n);
|
||||
mpz_clear(this->e);
|
||||
mpz_clear(this->p);
|
||||
mpz_clear(this->q);
|
||||
mpz_clear(this->d);
|
||||
mpz_clear(this->exp1);
|
||||
mpz_clear(this->exp2);
|
||||
mpz_clear(this->coeff);
|
||||
|
||||
key_size = key_size / 8;
|
||||
|
||||
mpz_init(t);
|
||||
mpz_init(n);
|
||||
mpz_init(d);
|
||||
mpz_init(exp1);
|
||||
mpz_init(exp2);
|
||||
mpz_init(coeff);
|
||||
|
||||
/* Get values of primes p and q */
|
||||
this->compute_prime(this, key_size/2, &p);
|
||||
this->compute_prime(this, key_size/2, &q);
|
||||
|
||||
/* Swapping Primes so p is larger then q */
|
||||
if (mpz_cmp(p, q) < 0)
|
||||
{
|
||||
mpz_set(t, p);
|
||||
mpz_set(p, q);
|
||||
mpz_set(q, t);
|
||||
}
|
||||
|
||||
mpz_mul(n, p, q); /* n = p*q */
|
||||
mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */
|
||||
mpz_init_set(m, p); /* m = p */
|
||||
mpz_sub_ui(m, m, 1); /* m = m -1 */
|
||||
mpz_init_set(q1, q); /* q1 = q */
|
||||
mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */
|
||||
mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */
|
||||
mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */
|
||||
mpz_divexact(m, m, t); /* m = m / t */
|
||||
mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */
|
||||
|
||||
mpz_invert(d, e, m); /* e has an inverse mod m */
|
||||
if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */
|
||||
{
|
||||
mpz_add(d, d, m);
|
||||
}
|
||||
mpz_sub_ui(t, p, 1); /* t = p-1 */
|
||||
mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */
|
||||
mpz_sub_ui(t, q, 1); /* t = q-1 */
|
||||
mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */
|
||||
|
||||
mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */
|
||||
if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */
|
||||
{
|
||||
mpz_add(coeff, coeff, p);
|
||||
}
|
||||
|
||||
mpz_clear(q1);
|
||||
mpz_clear(m);
|
||||
mpz_clear(t);
|
||||
|
||||
/* apply values */
|
||||
*(this->p) = *p;
|
||||
*(this->q) = *q;
|
||||
*(this->n) = *n;
|
||||
*(this->e) = *e;
|
||||
*(this->d) = *d;
|
||||
*(this->exp1) = *exp1;
|
||||
*(this->exp2) = *exp2;
|
||||
*(this->coeff) = *coeff;
|
||||
|
||||
/* set key size in bytes */
|
||||
|
||||
this->is_key_set = TRUE;
|
||||
this->k = key_size;
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
|
||||
/**
|
||||
* Implementation of certificate.get_public_key.
|
||||
*/
|
||||
rsa_public_key_t *get_public_key(private_certificate_t *this)
|
||||
{
|
||||
rsa_public_key_t *public_key;
|
||||
//chunk_t key;
|
||||
|
||||
public_key = rsa_public_key_create();
|
||||
|
||||
if (this->is_key_set)
|
||||
{
|
||||
|
||||
chunk_t n, e, key;
|
||||
|
||||
n.len = this->k;
|
||||
n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
|
||||
e.len = this->k;
|
||||
e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
|
||||
|
||||
key.len = this->k * 2;
|
||||
key.ptr = allocator_alloc(key.len);
|
||||
memcpy(key.ptr, n.ptr, n.len);
|
||||
memcpy(key.ptr + n.len, e.ptr, e.len);
|
||||
allocator_free(n.ptr);
|
||||
allocator_free(e.ptr);
|
||||
|
||||
public_key->set_key(public_key, key);
|
||||
allocator_free(key.ptr);
|
||||
|
||||
}
|
||||
|
||||
return public_key;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of certificate.destroy.
|
||||
*/
|
||||
static void destroy(private_certificate_t *this)
|
||||
{
|
||||
mpz_clear(this->n);
|
||||
mpz_clear(this->e);
|
||||
mpz_clear(this->p);
|
||||
mpz_clear(this->q);
|
||||
mpz_clear(this->d);
|
||||
mpz_clear(this->exp1);
|
||||
mpz_clear(this->exp2);
|
||||
mpz_clear(this->coeff);
|
||||
allocator_free(this);
|
||||
}
|
||||
|
||||
/*
|
||||
* Described in header.
|
||||
*/
|
||||
certificate_t *certificate_create(hash_algorithm_t hash_algoritm)
|
||||
{
|
||||
private_certificate_t *this = allocator_alloc_thing(private_certificate_t);
|
||||
|
||||
/* public functions */
|
||||
this->public.build_emsa_pkcs1_signature = (status_t (*) (certificate_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature;
|
||||
this->public.set_key = (status_t (*) (certificate_t*,chunk_t))set_key;
|
||||
this->public.get_key = (status_t (*) (certificate_t*,chunk_t*))get_key;
|
||||
this->public.load_key = (status_t (*) (certificate_t*,char*))load_key;
|
||||
this->public.save_key = (status_t (*) (certificate_t*,char*))save_key;
|
||||
this->public.generate_key = (status_t (*) (certificate_t*,size_t))generate_key;
|
||||
this->public.get_public_key = (rsa_public_key_t *(*) (certificate_t*))get_public_key;
|
||||
this->public.destroy = (void (*) (certificate_t*))destroy;
|
||||
|
||||
/* private functions */
|
||||
this->rsadp = rsadp;
|
||||
this->rsasp1 = rsadp; /* same algorithm */
|
||||
this->compute_prime = compute_prime;
|
||||
|
||||
mpz_init(this->n);
|
||||
mpz_init(this->e);
|
||||
mpz_init(this->p);
|
||||
mpz_init(this->q);
|
||||
mpz_init(this->d);
|
||||
mpz_init(this->exp1);
|
||||
mpz_init(this->exp2);
|
||||
mpz_init(this->coeff);
|
||||
this->is_key_set = FALSE;
|
||||
|
||||
return &(this->public);
|
||||
}
|
|
@ -0,0 +1,72 @@
|
|||
/**
|
||||
* @file certificate.h
|
||||
*
|
||||
* @brief Interface of certificate_t.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Copyright (C) 2006 Martin Willi
|
||||
* Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
* Free Software Foundation; either version 2 of the License, or (at your
|
||||
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* for more details.
|
||||
*/
|
||||
|
||||
#ifndef CERTIFICATE_H_
|
||||
#define CERTIFICATE_H_
|
||||
|
||||
#include <types.h>
|
||||
#include <definitions.h>
|
||||
#include <transforms/rsa/rsa_public_key.h>
|
||||
#include <transforms/hashers/hasher.h>
|
||||
|
||||
|
||||
typedef struct certificate_t certificate_t;
|
||||
|
||||
/**
|
||||
* @brief X509 certificate.
|
||||
*
|
||||
* Currently only supports signing using EMSA encoding.
|
||||
*
|
||||
* @b Constructors:
|
||||
* - certificate_create()
|
||||
*
|
||||
* @ingroup rsa
|
||||
*/
|
||||
struct certificate_t {
|
||||
|
||||
/**
|
||||
* @brief Get the RSA public key from the certificate.
|
||||
*
|
||||
* @param this calling object
|
||||
* @return public_key
|
||||
*/
|
||||
rsa_public_key_t *(*get_public_key) (certificate_t *this);
|
||||
|
||||
/**
|
||||
* @brief Destroys the private key.
|
||||
*
|
||||
* @param this private key to destroy
|
||||
*/
|
||||
void (*destroy) (certificate_t *this);
|
||||
};
|
||||
|
||||
/**
|
||||
* @brief Create a new certificate without
|
||||
* any key inside.
|
||||
*
|
||||
* @return created certificate_t.
|
||||
*
|
||||
* @ingroup rsa
|
||||
*/
|
||||
certificate_t *certificate_create();
|
||||
|
||||
#endif /* CERTIFICATE_H_ */
|
|
@ -26,6 +26,7 @@
|
|||
|
||||
#include <daemon.h>
|
||||
#include <utils/allocator.h>
|
||||
#include <asn1/der_decoder.h>
|
||||
|
||||
|
||||
/*
|
||||
|
@ -39,20 +40,6 @@ extern u_int8_t sha256_oid[19];
|
|||
extern u_int8_t sha384_oid[19];
|
||||
extern u_int8_t sha512_oid[19];
|
||||
|
||||
/*
|
||||
asn1_module_t rsa_private_key_module = {
|
||||
{ASN1_SEQUENCE, 0, 0, 0},
|
||||
{ ASN1_INTEGER, 0, offsetof(private_rsa_private_key, version), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, n), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, e), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, d), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, p), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, q), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp1), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp2), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, coeff), 0},
|
||||
{ASN1_END, 0, 0, 0},
|
||||
};*/
|
||||
|
||||
/**
|
||||
* Public exponent to use for key generation.
|
||||
|
@ -154,6 +141,23 @@ struct private_rsa_private_key_t {
|
|||
|
||||
};
|
||||
|
||||
/**
|
||||
* Rules for de-/encoding of a private key from/in ASN1
|
||||
*/
|
||||
static asn1_rule_t rsa_private_key_rules[] = {
|
||||
{ASN1_SEQUENCE, 0, 0, 0},
|
||||
{ ASN1_INTEGER, 0, offsetof(private_rsa_private_key_t, version), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, n), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, e), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, d), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, p), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, q), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp1), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp2), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, coeff), 0},
|
||||
{ASN1_END, 0, 0, 0},
|
||||
};
|
||||
|
||||
/**
|
||||
* Implementation of private_rsa_private_key_t.compute_prime.
|
||||
*/
|
||||
|
@ -174,10 +178,10 @@ static void compute_prime(private_rsa_private_key_t *this, size_t prime_size, mp
|
|||
|
||||
/* convert chunk to mpz value */
|
||||
mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
|
||||
|
||||
|
||||
/* get next prime */
|
||||
mpz_nextprime (*prime, *prime);
|
||||
|
||||
|
||||
allocator_free(random_bytes.ptr);
|
||||
}
|
||||
/* check if it isnt too large */
|
||||
|
@ -194,28 +198,28 @@ static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data)
|
|||
mpz_t t1, t2;
|
||||
chunk_t decrypted;
|
||||
|
||||
mpz_init(t1);
|
||||
mpz_init(t2);
|
||||
|
||||
mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
|
||||
|
||||
mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
|
||||
mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
|
||||
mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
|
||||
mpz_mod(t2, t2, this->p);
|
||||
mpz_mul(t2, t2, this->coeff);
|
||||
mpz_mod(t2, t2, this->p);
|
||||
|
||||
mpz_mul(t2, t2, this->q); /* m = m2 + h q */
|
||||
mpz_add(t1, t1, t2);
|
||||
|
||||
decrypted.len = this->k;
|
||||
decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
|
||||
|
||||
mpz_clear(t1);
|
||||
mpz_clear(t2);
|
||||
|
||||
return decrypted;
|
||||
mpz_init(t1);
|
||||
mpz_init(t2);
|
||||
|
||||
mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
|
||||
|
||||
mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
|
||||
mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
|
||||
mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
|
||||
mpz_mod(t2, t2, this->p);
|
||||
mpz_mul(t2, t2, this->coeff);
|
||||
mpz_mod(t2, t2, this->p);
|
||||
|
||||
mpz_mul(t2, t2, this->q); /* m = m2 + h q */
|
||||
mpz_add(t1, t1, t2);
|
||||
|
||||
decrypted.len = this->k;
|
||||
decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
|
||||
|
||||
mpz_clear(t1);
|
||||
mpz_clear(t2);
|
||||
|
||||
return decrypted;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -319,51 +323,21 @@ static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash
|
|||
*/
|
||||
static status_t set_key(private_rsa_private_key_t *this, chunk_t key)
|
||||
{
|
||||
chunk_t n, e, p, q, d, exp1, exp2, coeff;
|
||||
this->k = key.len / 8;
|
||||
der_decoder_t *dd;
|
||||
status_t status;
|
||||
|
||||
n.len = this->k;
|
||||
e.len = this->k;
|
||||
p.len = this->k;
|
||||
q.len = this->k;
|
||||
d.len = this->k;
|
||||
exp1.len = this->k;
|
||||
exp2.len = this->k;
|
||||
coeff.len = this->k;
|
||||
dd = der_decoder_create(rsa_private_key_rules);
|
||||
|
||||
n.ptr = key.ptr + this->k * 0;
|
||||
e.ptr = key.ptr + this->k * 1;
|
||||
p.ptr = key.ptr + this->k * 2;
|
||||
q.ptr = key.ptr + this->k * 3;
|
||||
d.ptr = key.ptr + this->k * 4;
|
||||
exp1.ptr = key.ptr + this->k * 5;
|
||||
exp2.ptr = key.ptr + this->k * 6;
|
||||
coeff.ptr = key.ptr + this->k * 7;
|
||||
|
||||
mpz_init(this->n);
|
||||
mpz_init(this->e);
|
||||
mpz_init(this->p);
|
||||
mpz_init(this->q);
|
||||
mpz_init(this->d);
|
||||
mpz_init(this->exp1);
|
||||
mpz_init(this->exp2);
|
||||
mpz_init(this->coeff);
|
||||
|
||||
mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr);
|
||||
mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr);
|
||||
mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr);
|
||||
mpz_import(this->q, this->k, 1, 1, 1, 0, q.ptr);
|
||||
mpz_import(this->d, this->k, 1, 1, 1, 0, d.ptr);
|
||||
mpz_import(this->exp1, this->k, 1, 1, 1, 0, exp1.ptr);
|
||||
mpz_import(this->exp2, this->k, 1, 1, 1, 0, exp2.ptr);
|
||||
mpz_import(this->coeff, this->k, 1, 1, 1, 0, coeff.ptr);
|
||||
|
||||
this->is_key_set = TRUE;
|
||||
|
||||
return SUCCESS;
|
||||
|
||||
status = dd->decode(dd, key, this);
|
||||
if (status == SUCCESS)
|
||||
{
|
||||
this->is_key_set = TRUE;
|
||||
this->k = mpz_sizeinbase(this->n, 2) / 8;
|
||||
}
|
||||
dd->destroy(dd);
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Implementation of rsa_private_key.get_key.
|
||||
*/
|
||||
|
@ -445,17 +419,14 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
|
|||
return INVALID_ARG;
|
||||
}
|
||||
|
||||
if (this->is_key_set)
|
||||
{
|
||||
mpz_clear(this->n);
|
||||
mpz_clear(this->e);
|
||||
mpz_clear(this->p);
|
||||
mpz_clear(this->q);
|
||||
mpz_clear(this->d);
|
||||
mpz_clear(this->exp1);
|
||||
mpz_clear(this->exp2);
|
||||
mpz_clear(this->coeff);
|
||||
}
|
||||
mpz_clear(this->n);
|
||||
mpz_clear(this->e);
|
||||
mpz_clear(this->p);
|
||||
mpz_clear(this->q);
|
||||
mpz_clear(this->d);
|
||||
mpz_clear(this->exp1);
|
||||
mpz_clear(this->exp2);
|
||||
mpz_clear(this->coeff);
|
||||
|
||||
key_size = key_size / 8;
|
||||
|
||||
|
@ -471,7 +442,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
|
|||
this->compute_prime(this, key_size/2, &q);
|
||||
|
||||
/* Swapping Primes so p is larger then q */
|
||||
if (mpz_cmp(p, q) < 0)
|
||||
if (mpz_cmp(p, q) < 0)
|
||||
{
|
||||
mpz_set(t, p);
|
||||
mpz_set(p, q);
|
||||
|
@ -510,7 +481,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
|
|||
mpz_clear(t);
|
||||
|
||||
/* apply values */
|
||||
*(this->p) = *p;
|
||||
*(this->p) = *p;
|
||||
*(this->q) = *q;
|
||||
*(this->n) = *n;
|
||||
*(this->e) = *e;
|
||||
|
@ -568,17 +539,14 @@ rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
|
|||
*/
|
||||
static void destroy(private_rsa_private_key_t *this)
|
||||
{
|
||||
if (this->is_key_set)
|
||||
{
|
||||
mpz_clear(this->n);
|
||||
mpz_clear(this->e);
|
||||
mpz_clear(this->p);
|
||||
mpz_clear(this->q);
|
||||
mpz_clear(this->d);
|
||||
mpz_clear(this->exp1);
|
||||
mpz_clear(this->exp2);
|
||||
mpz_clear(this->coeff);
|
||||
}
|
||||
mpz_clear(this->n);
|
||||
mpz_clear(this->e);
|
||||
mpz_clear(this->p);
|
||||
mpz_clear(this->q);
|
||||
mpz_clear(this->d);
|
||||
mpz_clear(this->exp1);
|
||||
mpz_clear(this->exp2);
|
||||
mpz_clear(this->coeff);
|
||||
allocator_free(this);
|
||||
}
|
||||
|
||||
|
@ -604,6 +572,14 @@ rsa_private_key_t *rsa_private_key_create(hash_algorithm_t hash_algoritm)
|
|||
this->rsasp1 = rsadp; /* same algorithm */
|
||||
this->compute_prime = compute_prime;
|
||||
|
||||
mpz_init(this->n);
|
||||
mpz_init(this->e);
|
||||
mpz_init(this->p);
|
||||
mpz_init(this->q);
|
||||
mpz_init(this->d);
|
||||
mpz_init(this->exp1);
|
||||
mpz_init(this->exp2);
|
||||
mpz_init(this->coeff);
|
||||
this->is_key_set = FALSE;
|
||||
|
||||
return &(this->public);
|
||||
|
|
|
@ -27,16 +27,17 @@
|
|||
#include <daemon.h>
|
||||
#include <utils/allocator.h>
|
||||
#include <transforms/hashers/hasher.h>
|
||||
#include <asn1/der_decoder.h>
|
||||
|
||||
/*
|
||||
* Since we don't have an ASN1 parser/generator,
|
||||
* For simplicity,
|
||||
* we use these predefined values for
|
||||
* hash algorithm oids. These also contain
|
||||
* hash algorithm OIDs. These also contain
|
||||
* the length of the following hash.
|
||||
* These values are also used in rsa_private_key.c.
|
||||
*/
|
||||
|
||||
u_int8_t md2_oid[18] = {
|
||||
u_int8_t md2_oid[] = {
|
||||
0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
|
||||
0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,
|
||||
0x04,0x10
|
||||
|
@ -92,6 +93,7 @@ struct private_rsa_public_key_t {
|
|||
* Public modulus.
|
||||
*/
|
||||
mpz_t n;
|
||||
|
||||
/**
|
||||
* Public exponent.
|
||||
*/
|
||||
|
@ -122,7 +124,17 @@ struct private_rsa_public_key_t {
|
|||
};
|
||||
|
||||
/**
|
||||
* Implementation of private_rsa_public_key_t.rsadp and private_rsa_public_key_t.rsavp1
|
||||
* Rules for de-/encoding of a public key from/in ASN1
|
||||
*/
|
||||
static asn1_rule_t rsa_public_key_rules[] = {
|
||||
{ASN1_SEQUENCE, 0, 0, 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, n), 0},
|
||||
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, e), 0},
|
||||
{ASN1_END, 0, 0, 0},
|
||||
};
|
||||
|
||||
/**
|
||||
* Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1
|
||||
*/
|
||||
static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
|
||||
{
|
||||
|
@ -146,7 +158,7 @@ static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
|
|||
}
|
||||
|
||||
/**
|
||||
* Implementation of rsa_public_key.verify_emsa_signature.
|
||||
* Implementation of rsa_public_key.verify_emsa_pkcs1_signature.
|
||||
*/
|
||||
static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature)
|
||||
{
|
||||
|
@ -278,25 +290,20 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun
|
|||
*/
|
||||
static status_t set_key(private_rsa_public_key_t *this, chunk_t key)
|
||||
{
|
||||
chunk_t n, e;
|
||||
der_decoder_t *dd;
|
||||
status_t status;
|
||||
|
||||
n.len = key.len/2;
|
||||
n.ptr = key.ptr;
|
||||
e.len = n.len;
|
||||
e.ptr = key.ptr + n.len;
|
||||
dd = der_decoder_create(rsa_public_key_rules);
|
||||
|
||||
mpz_init(this->n);
|
||||
mpz_init(this->e);
|
||||
|
||||
mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr);
|
||||
mpz_import(this->e, n.len, 1, 1, 1, 0, e.ptr);
|
||||
|
||||
this->k = n.len;
|
||||
|
||||
this->is_key_set = TRUE;
|
||||
|
||||
return SUCCESS;
|
||||
}
|
||||
status = dd->decode(dd, key, this);
|
||||
if (status == SUCCESS)
|
||||
{
|
||||
this->is_key_set = TRUE;
|
||||
this->k = mpz_sizeinbase(this->n, 2) / 8;
|
||||
}
|
||||
dd->destroy(dd);
|
||||
return status;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
|
@ -347,11 +354,8 @@ static status_t save_key(private_rsa_public_key_t *this, char *file)
|
|||
*/
|
||||
static void destroy(private_rsa_public_key_t *this)
|
||||
{
|
||||
if (this->is_key_set)
|
||||
{
|
||||
mpz_clear(this->n);
|
||||
mpz_clear(this->e);
|
||||
}
|
||||
mpz_clear(this->n);
|
||||
mpz_clear(this->e);
|
||||
allocator_free(this);
|
||||
}
|
||||
|
||||
|
@ -374,6 +378,8 @@ rsa_public_key_t *rsa_public_key_create()
|
|||
this->rsaep = rsaep;
|
||||
this->rsavp1 = rsaep; /* same algorithm */
|
||||
|
||||
mpz_init(this->n);
|
||||
mpz_init(this->e);
|
||||
this->is_key_set = FALSE;
|
||||
|
||||
return &(this->public);
|
||||
|
|
|
@ -49,6 +49,8 @@ mapping_t logger_context_t_mappings[] = {
|
|||
{CONFIG, "CONFIG"},
|
||||
{ENCRYPTION_PAYLOAD, "ENCRYPTION_PAYLOAD"},
|
||||
{PAYLOAD, "PAYLOAD"},
|
||||
{DER_DECODER, "DER_DECODER"},
|
||||
{DER_ENCODER, "DER_ENCODER"},
|
||||
{MAPPING_END, NULL},
|
||||
};
|
||||
|
||||
|
@ -75,6 +77,8 @@ struct {
|
|||
{ "CONFG", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* CONFIG */
|
||||
{ "ENCPL", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* ENCRYPTION_PAYLOAD */
|
||||
{ "PAYLD", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* PAYLOAD */
|
||||
{ "DERDC", ERROR|CONTROL|AUDIT|RAW|PRIVATE|LEVEL3, TRUE, NULL}, /* DER_DECODER */
|
||||
{ "DEREC", ERROR|CONTROL|AUDIT|RAW|PRIVATE|LEVEL3, TRUE, NULL}, /* DER_ENCODER */
|
||||
};
|
||||
|
||||
|
||||
|
|
|
@ -53,6 +53,8 @@ enum logger_context_t {
|
|||
CONFIG,
|
||||
ENCRYPTION_PAYLOAD,
|
||||
PAYLOAD,
|
||||
DER_DECODER,
|
||||
DER_ENCODER,
|
||||
LOGGER_CONTEXT_ROOF,
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue