ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

- starter work on asn1 with der de/encoder 

- RSA private and public key can load read key from ASN1 DER
- some other fixes here and there
This commit is contained in:
Martin Willi 2006-03-24 15:37:49 +00:00
parent dec598220b
commit 9c781c152a
35 changed files with 1858 additions and 249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Source/charon/Makefile
View File

@ -52,6 +52,7 @@ include $(MAIN_DIR)sa/Makefile.sa
include $(MAIN_DIR)threads/Makefile.threads
include $(MAIN_DIR)transforms/Makefile.transforms
include $(MAIN_DIR)utils/Makefile.utils
include $(MAIN_DIR)asn1/Makefile.asn1
build_dir:

24
Source/charon/asn1/Makefile.asn1 Normal file
View File

@ -0,0 +1,24 @@
# Copyright (C) 2005 Jan Hutter, Martin Willi
# Hochschule fuer Technik Rapperswil
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
ASN1_DIR= $(MAIN_DIR)asn1/
OBJS+= $(BUILD_DIR)asn1.o
$(BUILD_DIR)asn1.o : $(ASN1_DIR)asn1.c $(ASN1_DIR)asn1.h
$(CC) $(CFLAGS) -c -o $@ $<
OBJS+= $(BUILD_DIR)der_decoder.o
$(BUILD_DIR)der_decoder.o : $(ASN1_DIR)der_decoder.c $(ASN1_DIR)der_decoder.h
$(CC) $(CFLAGS) -c -o $@ $<

60
Source/charon/asn1/asn1.c Normal file
View File

@ -0,0 +1,60 @@
#include "asn1.h"
mapping_t asn1_type_m[] = {
{ASN1_END, "ASN1_END"},
{ASN1_BOOLEAN, "ASN1_BOOLEAN"},
{ASN1_INTEGER, "ASN1_INTEGER"},
{ASN1_BIT_STRING, "ASN1_BIT_STRING"},
{ASN1_OCTET_STRING, "ASN1_OCTET_STRING"},
{ASN1_NULL, "ASN1_NULL"},
{ASN1_OID, "ASN1_OID"},
{ASN1_ENUMERATED, "ASN1_ENUMERATED"},
{ASN1_UTF8STRING, "ASN1_UTF8STRING"},
{ASN1_NUMERICSTRING, "ASN1_NUMERICSTRING"},
{ASN1_PRINTABLESTRING, "ASN1_PRINTABLESTRING"},
{ASN1_T61STRING, "ASN1_T61STRING"},
{ASN1_VIDEOTEXSTRING, "ASN1_VIDEOTEXSTRING"},
{ASN1_IA5STRING, "ASN1_IA5STRING"},
{ASN1_UTCTIME, "ASN1_UTCTIME"},
{ASN1_GENERALIZEDTIME, "ASN1_GENERALIZEDTIME"},
{ASN1_GRAPHICSTRING, "ASN1_GRAPHICSTRING"},
{ASN1_VISIBLESTRING, "ASN1_VISIBLESTRING"},
{ASN1_GENERALSTRING, "ASN1_GENERALSTRING"},
{ASN1_UNIVERSALSTRING, "ASN1_UNIVERSALSTRING"},
{ASN1_BMPSTRING, "ASN1_BMPSTRING"},
{ASN1_CONSTRUCTED, "ASN1_CONSTRUCTED"},
{ASN1_SEQUENCE, "ASN1_SEQUENCE"},
{ASN1_SET, "ASN1_SET"},
{ASN1_TAG_E_0, "ASN1_TAG_E_0"},
{ASN1_TAG_E_1, "ASN1_TAG_E_1"},
{ASN1_TAG_E_2, "ASN1_TAG_E_2"},
{ASN1_TAG_E_3, "ASN1_TAG_E_3"},
{ASN1_TAG_E_4, "ASN1_TAG_E_4"},
{ASN1_TAG_E_5, "ASN1_TAG_E_5"},
{ASN1_TAG_E_6, "ASN1_TAG_E_6"},
{ASN1_TAG_E_7, "ASN1_TAG_E_7"},
{ASN1_TAG_I_1, "ASN1_TAG_I_1"},
{ASN1_TAG_I_2, "ASN1_TAG_I_2"},
{ASN1_TAG_I_3, "ASN1_TAG_I_3"},
{ASN1_TAG_I_4, "ASN1_TAG_I_4"},
{ASN1_TAG_I_5, "ASN1_TAG_I_5"},
{ASN1_TAG_I_6, "ASN1_TAG_I_6"},
{ASN1_TAG_I_7, "ASN1_TAG_I_7"},
};
mapping_t asn1_flag_m[] = {
{ASN1_OPTIONAL, "ASN1_OPTIONAL"},
{ASN1_DEFAULT, "ASN1_DEFAULT"},
{ASN1_MPZ, "ASN1_MPZ"},
{ASN1_OF, "ASN1_OF"},
};

116
Source/charon/asn1/asn1.h Normal file
View File

@ -0,0 +1,116 @@
/**
* @file asn1.h
*
* @brief Definition of asn1_type_t and asn1_rule_t.
*
*/
/*
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef ASN1_H_
#define ASN1_H_
#include <types.h>
typedef enum asn1_type_t asn1_type_t;
enum asn1_type_t {
ASN1_END = 0x00,
ASN1_BOOLEAN = 0x01,
ASN1_INTEGER = 0x02,
ASN1_BIT_STRING = 0x03,
ASN1_OCTET_STRING = 0x04,
ASN1_NULL = 0x05,
ASN1_OID = 0x06,
ASN1_ENUMERATED = 0x0A,
ASN1_UTF8STRING = 0x0C,
ASN1_NUMERICSTRING = 0x12,
ASN1_PRINTABLESTRING = 0x13,
ASN1_T61STRING = 0x14,
ASN1_VIDEOTEXSTRING = 0x15,
ASN1_IA5STRING = 0x16,
ASN1_UTCTIME = 0x17,
ASN1_GENERALIZEDTIME = 0x18,
ASN1_GRAPHICSTRING = 0x19,
ASN1_VISIBLESTRING = 0x1A,
ASN1_GENERALSTRING = 0x1B,
ASN1_UNIVERSALSTRING = 0x1C,
ASN1_BMPSTRING = 0x1E,
ASN1_CONSTRUCTED = 0x20,
ASN1_SEQUENCE = 0x30,
ASN1_SET = 0x31,
ASN1_TAG_E_0 = 0xA0,
ASN1_TAG_E_1 = 0xA1,
ASN1_TAG_E_2 = 0xA2,
ASN1_TAG_E_3 = 0xA3,
ASN1_TAG_E_4 = 0xA4,
ASN1_TAG_E_5 = 0xA5,
ASN1_TAG_E_6 = 0xA6,
ASN1_TAG_E_7 = 0xA7,
ASN1_TAG_I_1 = 0x81,
ASN1_TAG_I_2 = 0x82,
ASN1_TAG_I_3 = 0x83,
ASN1_TAG_I_4 = 0x84,
ASN1_TAG_I_5 = 0x85,
ASN1_TAG_I_6 = 0x86,
ASN1_TAG_I_7 = 0x87,
};
extern mapping_t asn1_type_m[];
typedef enum asn1_flag_t asn1_flag_t;
enum asn1_flag_t {
ASN1_OPTIONAL = 0x01,
ASN1_DEFAULT = 0x02,
ASN1_MPZ = 0x04,
ASN1_OF = 0x08,
};
extern mapping_t asn1_flag_m[];
typedef struct asn1_rule_t asn1_rule_t;
struct asn1_rule_t {
/**
* ASN1 type
*/
asn1_type_t type;
/**
* implicit or explicit tag, if any
*/
asn1_flag_t flags;
/**
* offset of data in structure
*/
u_int data_offset;
// union {
/**
* offset to a boolean, which says if optional
* data is available at data_offset. Used if
* flags & ASN1_OPTIONAL.
*/
// u_int available_offset;
/**
* default value, used if flags & ASN1_DEFAULT
*/
u_int default_value;
// };
};
#endif /* ASN1_H_ */

218
Source/charon/asn1/der_decoder.c Normal file
View File

@ -0,0 +1,218 @@
/**
* @file der_decoder.c
*
* @brief Implementation of der_decoder_t.
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <gmp.h>
#include "der_decoder.h"
#include <utils/allocator.h>
#include <daemon.h>
typedef struct private_der_decoder_t private_der_decoder_t;
/**
* Private data of a der_decoder_t object.
*/
struct private_der_decoder_t {
/**
* Public interface for this signer.
*/
der_decoder_t public;
asn1_rule_t *rule;
asn1_rule_t *first_rule;
void *output;
logger_t *logger;
};
status_t read_hdr(private_der_decoder_t *this, chunk_t *data);
status_t read_sequence(private_der_decoder_t *this, chunk_t data)
{
while (this->rule->type != ASN1_END)
{
read_hdr(this, &data);
}
return SUCCESS;
}
status_t read_int(private_der_decoder_t *this, chunk_t data)
{
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER", data);
u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset);
*integ = 0;
while (data.len-- > 0)
{
*integ = 256 * (*integ) + *data.ptr++;
}
return SUCCESS;
}
status_t read_mpz(private_der_decoder_t *this, chunk_t data)
{
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER as mpz", data);
mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset);
mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr);
return SUCCESS;
}
u_int32_t read_length(chunk_t *data)
{
u_int8_t n;
size_t len;
/* read first octet of length field */
n = *data->ptr++;
if ((n & 0x80) == 0)
{
/* single length octet */
return n;
}
/* composite length, determine number of length octets */
n &= 0x7f;
if (n > data->len)
{
/* length longer than available bytes */
return -1;
}
if (n > sizeof(len))
{
/* larger than size_t can hold */
return -1;
}
len = 0;
while (n-- > 0)
{
len = 256 * len + *data->ptr++;
}
return len;
}
status_t read_hdr(private_der_decoder_t *this, chunk_t *data)
{
chunk_t inner;
/* advance to the next rule */
this->rule++;
if (this->rule->type == ASN1_END)
{
return SUCCESS;
}
this->logger->log(this->logger, CONTROL|LEVEL2, "reading header of rule %s",
mapping_find(asn1_type_m, this->rule->type));
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "reading from:", *data);
/* read type, advance in data */
if (*(data->ptr) != this->rule->type)
{
this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found (%x)", *data->ptr);
return PARSE_ERROR;
}
data->ptr++;
data->len--;
/* read length, advance in data */
inner.len = read_length(data);
if (inner.len == -1)
{
this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length");
return PARSE_ERROR;
}
this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d",
inner.len);
inner.ptr = data->ptr;
/* advance in data */
data->ptr += inner.len;
data->len -= inner.len;
/* process inner */
switch (this->rule->type)
{
case ASN1_INTEGER:
if (this->rule->flags & ASN1_MPZ)
{
read_mpz(this, inner);
}
else
{
read_int(this, inner);
}
break;
case ASN1_SEQUENCE:
read_sequence(this, inner);
break;
default:
break;
}
return SUCCESS;
}
status_t decode(private_der_decoder_t *this, chunk_t input, void *output)
{
this->rule = this->first_rule - 1;
this->output = output;
return read_hdr(this, &input);
}
/**
* Implementation of der_decoder.destroy.
*/
static void destroy(private_der_decoder_t *this)
{
allocator_free(this);
}
/*
* Described in header.
*/
der_decoder_t *der_decoder_create(asn1_rule_t *rules)
{
private_der_decoder_t *this = allocator_alloc_thing(private_der_decoder_t);
/* public functions */
this->public.decode = (status_t (*) (der_decoder_t*,chunk_t,void*))decode;
this->public.destroy = (void (*) (der_decoder_t*))destroy;
this->first_rule = rules;
this->logger = charon->logger_manager->get_logger(charon->logger_manager, DER_DECODER);
return &(this->public);
}

61
Source/charon/asn1/der_decoder.h Normal file
View File

@ -0,0 +1,61 @@
/**
* @file der_decoder.h
*
* @brief Interface of der_decoder_t.
*
*/
/*
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef DER_DECODER_H_
#define DER_DECODER_H_
#include <types.h>
#include <asn1/asn1.h>
typedef struct der_decoder_t der_decoder_t;
/**
* @brief Decode der_encoded bytes to usable structures.
*
* @b Constructors:
* - der_decoder_create()
*
* @ingroup asn1
*/
struct der_decoder_t {
status_t (*decode) (der_decoder_t *this, chunk_t input, void *output);
/**
* @brief Destroys a der_decoder object.
*
* @param der_decoder calling object
*/
void (*destroy) (der_decoder_t *this);
};
/**
* @brief Create a der_decoder instance.
*
* @return der_decoder_t object
*
* @ingroup ans1
*/
der_decoder_t * der_decoder_create(asn1_rule_t* rules);
#endif /* DER_DECODER_H_ */

218
Source/charon/asn1/der_encoder.c Normal file
View File

@ -0,0 +1,218 @@
/**
* @file der_encoder.c
*
* @brief Implementation of der_encoder_t.
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <gmp.h>
#include "der_encoder.h"
#include <utils/allocator.h>
#include <daemon.h>
typedef struct private_der_encoder_t private_der_encoder_t;
/**
* Private data of a der_encoder_t object.
*/
struct private_der_encoder_t {
/**
* Public interface for this signer.
*/
der_encoder_t public;
asn1_rule_t *rule;
asn1_rule_t *first_rule;
void *output;
logger_t *logger;
};
status_t read_hdr(private_der_encoder_t *this, chunk_t *data);
status_t read_sequence(private_der_encoder_t *this, chunk_t data)
{
while (this->rule->type != ASN1_END)
{
read_hdr(this, &data);
}
return SUCCESS;
}
status_t read_int(private_der_encoder_t *this, chunk_t data)
{
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER", data);
u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset);
*integ = 0;
while (data.len-- > 0)
{
*integ = 256 * (*integ) + *data.ptr++;
}
return SUCCESS;
}
status_t read_mpz(private_der_encoder_t *this, chunk_t data)
{
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER as mpz", data);
mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset);
mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr);
return SUCCESS;
}
u_int32_t read_length(chunk_t *data)
{
u_int8_t n;
size_t len;
/* read first octet of length field */
n = *data->ptr++;
if ((n & 0x80) == 0)
{
/* single length octet */
return n;
}
/* composite length, determine number of length octets */
n &= 0x7f;
if (n > data->len)
{
/* length longer than available bytes */
return -1;
}
if (n > sizeof(len))
{
/* larger than size_t can hold */
return -1;
}
len = 0;
while (n-- > 0)
{
len = 256 * len + *data->ptr++;
}
return len;
}
status_t read_hdr(private_der_encoder_t *this, chunk_t *data)
{
chunk_t inner;
/* advance to the next rule */
this->rule++;
if (this->rule->type == ASN1_END)
{
return SUCCESS;
}
this->logger->log(this->logger, CONTROL|LEVEL2, "reading header of rule %s",
mapping_find(asn1_type_m, this->rule->type));
this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "reading from:", *data);
/* read type, advance in data */
if (*(data->ptr) != this->rule->type)
{
this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found (%x)", *data->ptr);
return PARSE_ERROR;
}
data->ptr++;
data->len--;
/* read length, advance in data */
inner.len = read_length(data);
if (inner.len == -1)
{
this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length");
return PARSE_ERROR;
}
this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d",
inner.len);
inner.ptr = data->ptr;
/* advance in data */
data->ptr += inner.len;
data->len -= inner.len;
/* process inner */
switch (this->rule->type)
{
case ASN1_INTEGER:
if (this->rule->flags & ASN1_MPZ)
{
read_mpz(this, inner);
}
else
{
read_int(this, inner);
}
break;
case ASN1_SEQUENCE:
read_sequence(this, inner);
break;
default:
break;
}
return SUCCESS;
}
status_t decode(private_der_encoder_t *this, chunk_t input, void *output)
{
this->rule = this->first_rule - 1;
this->output = output;
return read_hdr(this, &input);
}
/**
* Implementation of der_encoder.destroy.
*/
static void destroy(private_der_encoder_t *this)
{
allocator_free(this);
}
/*
* Described in header.
*/
der_encoder_t *der_encoder_create(asn1_rule_t *rules)
{
private_der_encoder_t *this = allocator_alloc_thing(private_der_encoder_t);
/* public functions */
this->public.decode = (status_t (*) (der_encoder_t*,chunk_t,void*))decode;
this->public.destroy = (void (*) (der_encoder_t*))destroy;
this->first_rule = rules;
this->logger = charon->logger_manager->get_logger(charon->logger_manager, DER_DECODER);
return &(this->public);
}

60
Source/charon/asn1/der_encoder.h Normal file
View File

@ -0,0 +1,60 @@
/**
* @file der_encoder.h
*
* @brief Interface of der_encoder_t.
*
*/
/*
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef DER_ENCODER_H_
#define DER_ENCODER_H_
#include <types.h>
typedef struct der_encoder_t der_encoder_t;
/**
* @brief Decode der_encoded bytes to usable structures.
*
* @b Constructors:
* - der_encoder_create()
*
* @ingroup asn1
*/
struct der_encoder_t {
status_t encode(der_encoder_t *this, void *input, chunk_t output);
/**
* @brief Destroys a der_encoder object.
*
* @param der_encoder calling object
*/
void (*destroy) (der_encoder_t *this);
};
/**
* @brief Create a der_encoder instance.
*
* @return der_encoder_t object
*
* @ingroup ans1
*/
der_encoder_t * der_encoder_create(asn1_rule_t *rules);
#endif /* DER_ENCODER_H_ */

2
Source/charon/sa/authenticator.c
View File

@ -388,7 +388,7 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
/* private data */
this->ike_sa = ike_sa;
this->prf = this->ike_sa->get_prf(this->ike_sa);
this->logger = this->ike_sa->get_logger(this->ike_sa);
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
return &(this->public);
}

9
Source/charon/sa/ike_sa.c
View File

@ -411,14 +411,6 @@ static void set_new_state (private_ike_sa_t *this, state_t *state)
this->current_state = state;
}
/**
* Implementation of protected_ike_sa_t.get_logger.
*/
static logger_t *get_logger (private_ike_sa_t *this)
{
return this->logger;
}
/**
* Implementation of protected_ike_sa_t.get_connection.
*/
@ -1050,7 +1042,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
this->protected.get_prf_auth_i = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_i;
this->protected.get_prf_auth_r = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_r;
this->protected.add_child_sa = (void (*) (protected_ike_sa_t*,child_sa_t*)) add_child_sa;
this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger;
this->protected.set_connection = (void (*) (protected_ike_sa_t *,connection_t *)) set_connection;
this->protected.get_connection = (connection_t *(*) (protected_ike_sa_t *)) get_connection;
this->protected.set_policy = (void (*) (protected_ike_sa_t *,policy_t *)) set_policy;

10
Source/charon/sa/ike_sa.h
View File

@ -170,16 +170,6 @@ struct protected_ike_sa_t {
*/
void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
/**
* @brief Get the internal stored logger_t object for given ike_sa_t object.
*
* @warning Returned logger_t object is original one and managed by this object.
*
* @param this calling object
* @return pointer to the internal stored logger_t object
*/
logger_t *(*get_logger) (protected_ike_sa_t *this);
/**
* @brief Get the internal stored connection_t object.
*

2
Source/charon/sa/states/ike_auth_requested.c
View File

@ -660,7 +660,7 @@ ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa,chunk
this->received_nonce = received_nonce;
this->sent_nonce = sent_nonce;
this->ike_sa_init_reply_data = ike_sa_init_reply_data;
this->logger = this->ike_sa->get_logger(this->ike_sa);
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
this->my_ts = NULL;
this->other_ts = NULL;
this->proposal = NULL;

3
Source/charon/sa/states/ike_sa_established.c
View File

@ -22,6 +22,7 @@
#include "ike_sa_established.h"
#include <daemon.h>
#include <utils/allocator.h>
#include <encoding/payloads/delete_payload.h>
@ -233,7 +234,7 @@ ike_sa_established_t *ike_sa_established_create(protected_ike_sa_t *ike_sa)
/* private data */
this->ike_sa = ike_sa;
this->logger = ike_sa->get_logger(ike_sa);
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
return &(this->public);
}

2
Source/charon/sa/states/ike_sa_init_requested.c
View File

@ -748,7 +748,7 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa
/* private data */
this->ike_sa = ike_sa;
this->received_nonce = CHUNK_INITIALIZER;
this->logger = this->ike_sa->get_logger(this->ike_sa);
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
this->diffie_hellman = diffie_hellman;
this->proposal = NULL;
this->sent_nonce = sent_nonce;

2
Source/charon/sa/states/ike_sa_init_responded.c
View File

@ -696,7 +696,7 @@ ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa
this->my_ts = NULL;
this->other_ts = NULL;
this->child_sa = NULL;
this->logger = this->ike_sa->get_logger(this->ike_sa);
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
return &(this->public);
}

2
Source/charon/sa/states/initiator_init.c
View File

@ -342,7 +342,7 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa)
/* private data */
this->ike_sa = ike_sa;
this->logger = this->ike_sa->get_logger(this->ike_sa);
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
this->sent_nonce = CHUNK_INITIALIZER;
this->diffie_hellman = NULL;

2
Source/charon/sa/states/responder_init.c
View File

@ -553,7 +553,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
/* private data */
this->ike_sa = ike_sa;
this->logger = this->ike_sa->get_logger(this->ike_sa);
this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
this->sent_nonce = CHUNK_INITIALIZER;
this->received_nonce = CHUNK_INITIALIZER;
this->dh_group_number = MODP_UNDEFINED;

4
Source/charon/testcases/Makefile.testcases
View File

@ -131,4 +131,8 @@ $(BUILD_DIR)kernel_interface_test.o : $(TESTCASES_DIR)kernel_interface_test.c $(
TEST_OBJS+= $(BUILD_DIR)child_sa_test.o
$(BUILD_DIR)child_sa_test.o : $(TESTCASES_DIR)child_sa_test.c $(TESTCASES_DIR)child_sa_test.h
$(CC) $(CFLAGS) -c -o $@ $<
TEST_OBJS+= $(BUILD_DIR)der_decoder_test.o
$(BUILD_DIR)der_decoder_test.o : $(TESTCASES_DIR)der_decoder_test.c $(TESTCASES_DIR)der_decoder_test.h
$(CC) $(CFLAGS) -c -o $@ $<

4
Source/charon/testcases/child_sa_test.c
View File

@ -54,10 +54,10 @@ void test_child_sa(protected_tester_t *tester)
remote_sa = child_sa_create(remote_me, remote_other);
proposal1 = proposal_create(1);
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal2 = proposal_create(2);
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
list = linked_list_create();
list->insert_last(list, proposal1);

32
Source/charon/testcases/connection_test.c
View File

@ -41,28 +41,28 @@ void test_connection(protected_tester_t *tester)
linked_list_t *list;
prop1 = proposal_create(1);
prop1->add_algorithm(prop1, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
prop1->add_algorithm(prop1, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
prop1->add_algorithm(prop1, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 20);
prop1->add_algorithm(prop1, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
prop1->add_algorithm(prop1, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
prop1->add_algorithm(prop1, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
prop1->add_algorithm(prop1, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 20);
prop1->add_algorithm(prop1, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
prop2 = proposal_create(2);
prop2->add_algorithm(prop2, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
prop2->add_algorithm(prop2, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
prop2->add_algorithm(prop2, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
prop2->add_algorithm(prop2, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
prop2->add_algorithm(prop2, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
prop2->add_algorithm(prop2, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
prop2->add_algorithm(prop2, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
prop2->add_algorithm(prop2, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
prop3 = proposal_create(3);
prop3->add_algorithm(prop3, IKE, ENCRYPTION_ALGORITHM, ENCR_DES, 20);
prop3->add_algorithm(prop3, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
prop3->add_algorithm(prop3, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
prop3->add_algorithm(prop3, IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
prop3->add_algorithm(prop3, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_DES, 20);
prop3->add_algorithm(prop3, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
prop3->add_algorithm(prop3, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
prop3->add_algorithm(prop3, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
prop4 = proposal_create(4);
prop4->add_algorithm(prop4, IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 20);
prop4->add_algorithm(prop4, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
prop4->add_algorithm(prop4, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_TIGER, 20);
prop4->add_algorithm(prop4, IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
prop4->add_algorithm(prop4, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 20);
prop4->add_algorithm(prop4, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
prop4->add_algorithm(prop4, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_TIGER, 20);
prop4->add_algorithm(prop4, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
connection->add_proposal(connection, prop1);
connection->add_proposal(connection, prop2);

140
Source/charon/testcases/der_decoder_test.c Normal file
View File

@ -0,0 +1,140 @@
/**
* @file der_decoder_test.c
*
* @brief Tests for the der_decoder_t class.
*
*/
/*
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include "der_decoder_test.h"
#include <daemon.h>
#include <asn1/der_decoder.h>
#include <utils/allocator.h>
#include <utils/logger.h>
static char private_key_buffer[] = {
0x30,0x82,0x04,0xa2,0x02,0x00,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,
0x43,0x5b,0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,
0xd7,0xbb,0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,
0x5b,0x02,0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,
0x39,0xc1,0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,
0x9b,0x92,0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,
0x2d,0x5b,0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,
0x51,0xfb,0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,
0x6b,0x91,0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,
0x99,0xfb,0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,
0x10,0x1b,0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,
0xac,0xed,0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,
0xb0,0x37,0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,
0x31,0x96,0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,
0xce,0x7d,0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,
0x6e,0xc4,0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,
0x40,0x25,0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01,
0x02,0x82,0x01,0x00,0x12,0x42,0x38,0x58,0x21,0xfc,0x51,0x34,0xa0,0x8b,0x4f,0x58,
0x28,0x2c,0x7a,0x14,0xd8,0x98,0xfb,0xee,0x5b,0x85,0x69,0x0e,0x63,0x83,0x16,0xd9,
0xc9,0x5f,0xcc,0x12,0x5d,0xa5,0x15,0x41,0xd6,0xb8,0x0c,0x6b,0xda,0x67,0x3a,0x83,
0x09,0xf3,0xb8,0x89,0xd4,0x1d,0xc7,0x99,0x8f,0x23,0x59,0xe3,0x78,0x2b,0x41,0x8b,
0xab,0x78,0x2c,0x7e,0x3b,0xbb,0xe0,0xf4,0x96,0xa8,0xd3,0x1d,0xc6,0xea,0x67,0x91,
0x2c,0x30,0x1c,0xe9,0x4f,0xb8,0xa2,0xc3,0x5d,0x2c,0xf9,0x99,0x1c,0x6c,0xee,0xd7,
0x16,0x28,0x3c,0x5a,0x32,0x35,0xb8,0x3a,0xf3,0xa7,0xa6,0x35,0x02,0xba,0xbf,0x67,
0xab,0x44,0xe1,0x09,0x9b,0x48,0x5d,0xa5,0x9e,0xf4,0xb7,0xf4,0xd1,0xfc,0x68,0x9e,
0x98,0x26,0x69,0x28,0xcc,0x19,0x75,0xf2,0x61,0x0e,0x23,0xeb,0xf9,0x6d,0x2c,0x2b,
0x01,0x3f,0x4d,0x18,0x41,0xc5,0x31,0x9d,0x1c,0x20,0x81,0x4e,0x38,0x92,0xd5,0xbb,
0xd7,0xe7,0x49,0x0c,0x3a,0xf3,0x8f,0x9e,0xf0,0xb3,0x32,0x1e,0xa7,0x77,0xe8,0x9c,
0xf3,0xce,0x88,0x66,0xcc,0xe8,0x16,0xbb,0xfd,0xbc,0x62,0xc7,0xc3,0xeb,0x0a,0xf5,
0xd8,0x53,0x02,0x6c,0x45,0xcb,0x1d,0xa3,0x96,0xfb,0xa5,0x26,0x18,0x7f,0x04,0x9f,
0x80,0x4a,0xdb,0x3b,0x74,0xcf,0x0d,0x45,0xf4,0xd5,0x49,0xe9,0x27,0x54,0x9c,0x57,
0x92,0x48,0x78,0x52,0xb6,0x40,0x89,0x3f,0xf3,0x95,0x06,0x3d,0x90,0xab,0xa0,0x8a,
0xc7,0x54,0xf1,0x63,0xcf,0xa6,0xd2,0x83,0x1e,0x69,0x54,0xe0,0x77,0x2c,0x9e,0x3a,
0x4f,0xdd,0x14,0x6d,0x02,0x81,0x81,0x00,0xd9,0x40,0x76,0x90,0x7c,0xe7,0x3b,0xa3,
0x59,0x23,0x14,0x6b,0xf3,0x5f,0x6e,0x6b,0x82,0x34,0xf6,0xbd,0x3e,0xfb,0x65,0xac,
0x2f,0x46,0xd5,0x6e,0x9b,0xb8,0x62,0x80,0xc3,0x0c,0xa9,0xa6,0x00,0xd6,0xb8,0x1c,
0x12,0x8d,0x4d,0xd0,0x64,0x29,0x4c,0xac,0x38,0xe8,0x6c,0xe4,0x82,0x02,0x4e,0x10,
0xd5,0x39,0x19,0x29,0x0c,0x58,0x3f,0x68,0xa0,0x11,0x0e,0x11,0x74,0x22,0x2b,0x7e,
0xc2,0xa7,0x88,0xe3,0x33,0xe8,0xb4,0x50,0x6e,0x0c,0x54,0xc5,0x3f,0xb7,0x16,0xcb,
0x39,0xed,0x23,0xd0,0x66,0x26,0x57,0xf9,0xcb,0xc9,0xac,0xe2,0xa4,0xb8,0xba,0xd8,
0xd2,0x1f,0x4a,0xed,0x73,0x89,0xda,0x42,0x27,0x5a,0x26,0x30,0x33,0xc8,0x42,0x2a,
0x3d,0xc5,0xf3,0xc2,0x29,0x3d,0x58,0x67,0x02,0x81,0x81,0x00,0xb6,0xd4,0x61,0x05,
0x49,0xcb,0xf4,0x29,0x8a,0x22,0xd3,0xa3,0x7c,0x9c,0xd2,0x07,0xa4,0x66,0xe4,0x36,
0xfa,0x5e,0xf6,0x64,0xb7,0x59,0x74,0x2f,0x36,0x6d,0x12,0xd0,0xc9,0x4d,0xf8,0xd1,
0xba,0xd1,0xee,0xd2,0x78,0xcd,0x51,0x69,0x33,0x6a,0x03,0xff,0xc2,0x35,0x1d,0x0d,
0x9c,0x0a,0x87,0x5e,0x09,0xa3,0x23,0x4c,0xab,0xc3,0x4c,0x4a,0x1c,0xa4,0xc5,0xe2,
0x70,0x42,0x1c,0xcf,0xea,0x79,0xfb,0xb9,0x87,0x67,0x4d,0xc3,0xfc,0xcc,0x86,0x9d,
0xfa,0xea,0x99,0xa5,0x1b,0xc1,0x96,0xf4,0x79,0x4d,0x66,0x12,0x8f,0x90,0x98,0xb4,
0xa1,0x3b,0xd6,0x2f,0x64,0xb4,0x5f,0x8f,0x47,0x7f,0x43,0xa5,0x6d,0xeb,0x06,0x58,
0xfb,0x04,0x9e,0xef,0xaf,0x88,0x35,0x88,0xa1,0x15,0x30,0x97,0x02,0x81,0x80,0x59,
0xbe,0xe0,0x7b,0xc5,0xad,0x3c,0x1c,0xb9,0x98,0xdd,0x39,0xce,0xfa,0xd0,0x41,0x87,
0x33,0x5b,0xee,0x47,0x93,0x50,0xa7,0xf5,0x8b,0xbc,0x65,0x89,0xdc,0x7c,0x8c,0x96,
0x86,0xa7,0x9a,0x54,0xe4,0x5e,0x7f,0xf2,0x45,0xff,0x2c,0x24,0x04,0x4f,0x91,0x21,
0x9d,0x1a,0x46,0xb7,0x52,0x3e,0x6f,0x83,0xb5,0xa7,0xa8,0x26,0x5a,0x5a,0x2f,0x5d,
0x58,0x4e,0x48,0x75,0x82,0x1c,0x17,0xac,0x4f,0xcb,0x23,0x98,0x70,0xfb,0xf3,0xf1,
0xd2,0x14,0x3e,0xbb,0x98,0x65,0xc9,0x24,0x2f,0xcb,0x48,0xae,0xba,0x0e,0x43,0xb9,
0xa4,0xa1,0x4f,0xab,0x1e,0x48,0xc9,0x82,0xdb,0xbc,0x77,0x24,0xf0,0x80,0x82,0x2d,
0x81,0x77,0x1f,0x18,0x75,0x14,0xa8,0x20,0x86,0xa2,0xb0,0xc5,0x9a,0x7a,0xe7,0x02,
0x81,0x80,0x1b,0x6d,0xb1,0x40,0x81,0xd9,0xbf,0x3f,0x9c,0x21,0xad,0x6e,0x91,0x7b,
0x55,0x67,0x20,0x1a,0xef,0x91,0xef,0xed,0xdf,0x39,0x2c,0xe8,0x96,0xad,0x9e,0x94,
0xae,0x85,0xf4,0x2d,0x66,0x6e,0xd0,0x80,0x3e,0x3c,0x05,0x33,0x88,0x4b,0x28,0x13,
0x77,0x96,0x1f,0x24,0xa8,0xbf,0x29,0xf1,0xca,0x6d,0x29,0x34,0xf8,0x4e,0xc0,0x56,
0x04,0x53,0xfa,0x08,0x1e,0x47,0xe2,0x5f,0x88,0xc3,0x08,0x82,0x54,0x69,0x79,0x0e,
0xde,0x73,0xd0,0xb1,0x3e,0x60,0xe5,0x0b,0xdd,0x11,0x10,0x20,0xf2,0xec,0xaa,0x66,
0x1a,0x32,0x1e,0xa7,0xaa,0xc1,0x2e,0x8f,0x33,0x8a,0xd8,0xa8,0xd6,0xcd,0x40,0x04,
0xaf,0xb9,0x59,0xcc,0x30,0x9f,0x98,0xc9,0x10,0xaf,0x14,0xbe,0x72,0x89,0x94,0xe1,
0x00,0xf1,0x02,0x81,0x81,0x00,0xd6,0xac,0x26,0xd2,0x42,0x5b,0x16,0xa9,0x39,0x02,
0x63,0x76,0xa4,0xf5,0x40,0x3a,0xde,0xfa,0xea,0xd8,0xd3,0x12,0xee,0x44,0x00,0xfe,
0xcb,0xa1,0x78,0x18,0xaa,0xa7,0x08,0xea,0x5e,0x36,0x52,0x28,0x0d,0x02,0x5a,0x9e,
0x2d,0xc1,0x22,0x29,0x08,0x4f,0xed,0xff,0xa9,0xa6,0x08,0x8d,0x77,0xa4,0x5c,0xae,
0xa7,0x8a,0x19,0x90,0xc2,0x12,0xc8,0x0f,0xb8,0x24,0xb5,0xba,0x45,0x2f,0xa6,0xc2,
0x10,0x4c,0x0d,0x7e,0xf2,0xfd,0x11,0x26,0x16,0x34,0xbe,0x08,0x25,0x41,0x8b,0xcc,
0x60,0xe7,0x02,0x3e,0x6a,0x54,0x05,0x80,0x66,0x2d,0x55,0x06,0xe6,0xbe,0x9b,0x15,
0x9d,0xd3,0x5d,0xc4,0x6b,0x3f,0x74,0xa6,0x24,0xbc,0x7f,0x13,0xdf,0xe3,0x51,0x86,
0x64,0x0f,0x1d,0x1f,0xf2,0x1e,
};
asn1_rule_t private_key_rules[] = {
{ASN1_SEQUENCE, 0, 0, 0},
{ ASN1_INTEGER, 0, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, 0, 0},
{ASN1_END, 0, 0, 0},
};
/**
* Described in header.
*/
void test_der_decoder(protected_tester_t *tester)
{
chunk_t private_key = {private_key_buffer, sizeof(private_key_buffer)};
der_decoder_t *dd = der_decoder_create(private_key_rules);
dd->decode(dd, private_key, NULL);
dd->destroy(dd);
}

42
Source/charon/testcases/der_decoder_test.h Normal file
View File

@ -0,0 +1,42 @@
/**
* @file der_decoder_test.h
*
* @brief Tests for the der_decoder_t class.
*
*/
/*
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef DER_DECODER_TEST_H_
#define DER_DECODER_TEST_H_
#include <utils/tester.h>
/**
* @brief Test function used to test the der_decoder_t functionality.
*
* @param tester associated protected_tester_t object
*
* @ingroup testcases
*/
void test_der_decoder(protected_tester_t *tester);
#endif /* DER_DECODER_TEST_H_ */

50
Source/charon/testcases/generator_test.c
View File

@ -570,16 +570,16 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
proposal1 = proposal_create(1);
proposal1->add_algorithm(proposal1, IKE, ENCRYPTION_ALGORITHM, 1, 20);
proposal1->add_algorithm(proposal1, IKE, PSEUDO_RANDOM_FUNCTION, 2, 22);
proposal1->add_algorithm(proposal1, IKE, INTEGRITY_ALGORITHM, 3, 24);
proposal1->add_algorithm(proposal1, IKE, DIFFIE_HELLMAN_GROUP, 4, 0);
proposal1->add_algorithm(proposal1, PROTO_IKE, ENCRYPTION_ALGORITHM, 1, 20);
proposal1->add_algorithm(proposal1, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, 2, 22);
proposal1->add_algorithm(proposal1, PROTO_IKE, INTEGRITY_ALGORITHM, 3, 24);
proposal1->add_algorithm(proposal1, PROTO_IKE, DIFFIE_HELLMAN_GROUP, 4, 0);
proposal2 = proposal_create(2);
proposal2->add_algorithm(proposal2, IKE, ENCRYPTION_ALGORITHM, 5, 26);
proposal2->add_algorithm(proposal2, IKE, PSEUDO_RANDOM_FUNCTION, 6, 28);
proposal2->add_algorithm(proposal2, IKE, INTEGRITY_ALGORITHM, 7, 30);
proposal2->add_algorithm(proposal2, IKE, DIFFIE_HELLMAN_GROUP, 8, 0);
proposal2->add_algorithm(proposal2, PROTO_IKE, ENCRYPTION_ALGORITHM, 5, 26);
proposal2->add_algorithm(proposal2, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, 6, 28);
proposal2->add_algorithm(proposal2, PROTO_IKE, INTEGRITY_ALGORITHM, 7, 30);
proposal2->add_algorithm(proposal2, PROTO_IKE, DIFFIE_HELLMAN_GROUP, 8, 0);
list = linked_list_create();
list->insert_last(list, (void*)proposal1);
@ -643,25 +643,25 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
proposal1 = proposal_create(1);
proposal1->add_algorithm(proposal1, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
proposal1->add_algorithm(proposal1, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
proposal1->set_spi(proposal1, AH, 0x01010101l);
proposal1->add_algorithm(proposal1, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
proposal1->add_algorithm(proposal1, PROTO_AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
proposal1->set_spi(proposal1, PROTO_AH, 0x01010101l);
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
proposal1->add_algorithm(proposal1, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal1->set_spi(proposal1, ESP, 0x02020202);
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
proposal1->add_algorithm(proposal1, PROTO_ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal1->set_spi(proposal1, PROTO_ESP, 0x02020202);
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal2->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
proposal2->add_algorithm(proposal2, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
proposal2->set_spi(proposal2, AH, 0x01010101);
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal2->add_algorithm(proposal2, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
proposal2->add_algorithm(proposal2, PROTO_AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
proposal2->set_spi(proposal2, PROTO_AH, 0x01010101);
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal2->add_algorithm(proposal2, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal2->set_spi(proposal2, ESP, 0x02020202);
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
proposal2->add_algorithm(proposal2, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal2->add_algorithm(proposal2, PROTO_ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal2->set_spi(proposal2, PROTO_ESP, 0x02020202);
list->insert_last(list, (void*)proposal1);
list->insert_last(list, (void*)proposal2);
@ -1216,7 +1216,7 @@ void test_generator_with_delete_payload(protected_tester_t *tester)
spis.ptr = "123456789012";
spis.len = strlen(spis.ptr);
delete_payload->set_protocol_id(delete_payload,AH);
delete_payload->set_protocol_id(delete_payload, PROTO_AH);
delete_payload->set_spi_count(delete_payload,3);
delete_payload->set_spi_size(delete_payload,4);
delete_payload->set_spis(delete_payload,spis);
@ -1408,6 +1408,4 @@ void test_generator_with_eap_payload(protected_tester_t *tester)
eap_payload->destroy(eap_payload);
generator->destroy(generator);
charon->logger_manager->destroy_logger(charon->logger_manager,logger);
}

2
Source/charon/testcases/hmac_signer_test.c
View File

@ -201,6 +201,4 @@ void test_hmac_sha1_signer(protected_tester_t *tester)
}
signer->destroy(signer);
charon->logger_manager->destroy_logger(charon->logger_manager,logger);
}

2
Source/charon/testcases/parser_test.c
View File

@ -805,7 +805,7 @@ void test_parser_with_delete_payload(protected_tester_t *tester)
return;
}
result = delete_payload->get_spis(delete_payload);
tester->assert_true(tester,(delete_payload->get_protocol_id(delete_payload) == ESP), "is ESP protocol");
tester->assert_true(tester,(delete_payload->get_protocol_id(delete_payload) == PROTO_ESP), "is ESP protocol");
tester->assert_true(tester,(delete_payload->get_spi_size(delete_payload) == 3), "SPI size check");
tester->assert_true(tester,(delete_payload->get_spi_count(delete_payload) == 4), "SPI count check");
tester->assert_true(tester,(result.len == 12), "parsed data lenght");

24
Source/charon/testcases/policy_test.c
View File

@ -61,16 +61,16 @@ void test_policy(protected_tester_t *tester)
/* esp only prop */
proposal1 = proposal_create(1);
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
/* ah only prop */
proposal2 = proposal_create(2);
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
/* ah and esp prop */
proposal3 = proposal_create(3);
proposal3->add_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
proposal3->add_algorithm(proposal3, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal3->add_algorithm(proposal3, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
proposal3->add_algorithm(proposal3, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
policy->add_proposal(policy, proposal1);
@ -84,13 +84,13 @@ void test_policy(protected_tester_t *tester)
proposals_list = linked_list_create();
proposal1 = proposal_create(1);
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
proposal2 = proposal_create(2);
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposals_list->insert_last(proposals_list, proposal1);
proposals_list->insert_last(proposals_list, proposal2);
@ -98,7 +98,7 @@ void test_policy(protected_tester_t *tester)
proposal_sel = policy->select_proposal(policy, proposals_list);
tester->assert_false(tester, proposal_sel == NULL, "proposal select");
/* check ESP encryption algo */
iterator = proposal_sel->create_algorithm_iterator(proposal_sel, ESP, ENCRYPTION_ALGORITHM);
iterator = proposal_sel->create_algorithm_iterator(proposal_sel, PROTO_ESP, ENCRYPTION_ALGORITHM);
tester->assert_false(tester, iterator == NULL, "algorithm select ESP");
while (iterator->has_next(iterator))
{
@ -108,7 +108,7 @@ void test_policy(protected_tester_t *tester)
tester->assert_true(tester, algo->key_size == 16, "ESP encryption keysize");
}
iterator->destroy(iterator);
iterator = proposal_sel->create_algorithm_iterator(proposal_sel, AH, INTEGRITY_ALGORITHM);
iterator = proposal_sel->create_algorithm_iterator(proposal_sel, PROTO_AH, INTEGRITY_ALGORITHM);
/* check AH integrity algo */
tester->assert_false(tester, iterator == NULL, "algorithm select AH");
while (iterator->has_next(iterator))

32
Source/charon/testcases/proposal_test.c
View File

@ -39,38 +39,38 @@ void test_proposal(protected_tester_t *tester)
bool result;
proposal1 = proposal_create(1);
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
proposal1->add_algorithm(proposal1, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
proposal1->add_algorithm(proposal1, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
proposal2 = proposal_create(2);
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0);
proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal1->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0);
proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
proposal2->add_algorithm(proposal2, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
proposal1->add_algorithm(proposal2, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
/* ah and esp prop */
proposal3 = proposal1->select(proposal1, proposal2);
tester->assert_false(tester, proposal3 == NULL, "proposal select");
if (proposal3)
{
result = proposal3->get_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, &algo);
result = proposal3->get_algorithm(proposal3, PROTO_ESP, ENCRYPTION_ALGORITHM, &algo);
tester->assert_true(tester, result, "encryption algo select");
tester->assert_true(tester, algo->algorithm == ENCR_AES_CBC, "encryption algo");
tester->assert_true(tester, algo->key_size == 16, "encryption keylen");
result = proposal3->get_algorithm(proposal3, ESP, INTEGRITY_ALGORITHM, &algo);
result = proposal3->get_algorithm(proposal3, PROTO_ESP, INTEGRITY_ALGORITHM, &algo);
tester->assert_true(tester, result, "integrity algo select");
tester->assert_true(tester, algo->algorithm == AUTH_HMAC_MD5_96, "integrity algo");
tester->assert_true(tester, algo->key_size == 20, "integrity keylen");
iterator = proposal3->create_algorithm_iterator(proposal3, ESP, INTEGRITY_ALGORITHM);
iterator = proposal3->create_algorithm_iterator(proposal3, PROTO_ESP, INTEGRITY_ALGORITHM);
tester->assert_false(tester, iterator == NULL, "integrity algo select");
while(iterator->has_next(iterator))
{
@ -80,7 +80,7 @@ void test_proposal(protected_tester_t *tester)
}
iterator->destroy(iterator);
iterator = proposal3->create_algorithm_iterator(proposal3, AH, DIFFIE_HELLMAN_GROUP );
iterator = proposal3->create_algorithm_iterator(proposal3, PROTO_AH, DIFFIE_HELLMAN_GROUP );
tester->assert_false(tester, iterator == NULL, "dh group algo select");
while(iterator->has_next(iterator))
{

132
Source/charon/testcases/rsa_test.c
View File

@ -28,6 +28,103 @@
#include <utils/allocator.h>
#include <utils/logger.h>
char private_key_buffer[] = {
0x30,0x82,0x04,0xa2,0x02,0x00,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,
0x43,0x5b,0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,
0xd7,0xbb,0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,
0x5b,0x02,0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,
0x39,0xc1,0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,
0x9b,0x92,0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,
0x2d,0x5b,0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,
0x51,0xfb,0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,
0x6b,0x91,0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,
0x99,0xfb,0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,
0x10,0x1b,0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,
0xac,0xed,0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,
0xb0,0x37,0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,
0x31,0x96,0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,
0xce,0x7d,0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,
0x6e,0xc4,0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,
0x40,0x25,0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01,
0x02,0x82,0x01,0x00,0x12,0x42,0x38,0x58,0x21,0xfc,0x51,0x34,0xa0,0x8b,0x4f,0x58,
0x28,0x2c,0x7a,0x14,0xd8,0x98,0xfb,0xee,0x5b,0x85,0x69,0x0e,0x63,0x83,0x16,0xd9,
0xc9,0x5f,0xcc,0x12,0x5d,0xa5,0x15,0x41,0xd6,0xb8,0x0c,0x6b,0xda,0x67,0x3a,0x83,
0x09,0xf3,0xb8,0x89,0xd4,0x1d,0xc7,0x99,0x8f,0x23,0x59,0xe3,0x78,0x2b,0x41,0x8b,
0xab,0x78,0x2c,0x7e,0x3b,0xbb,0xe0,0xf4,0x96,0xa8,0xd3,0x1d,0xc6,0xea,0x67,0x91,
0x2c,0x30,0x1c,0xe9,0x4f,0xb8,0xa2,0xc3,0x5d,0x2c,0xf9,0x99,0x1c,0x6c,0xee,0xd7,
0x16,0x28,0x3c,0x5a,0x32,0x35,0xb8,0x3a,0xf3,0xa7,0xa6,0x35,0x02,0xba,0xbf,0x67,
0xab,0x44,0xe1,0x09,0x9b,0x48,0x5d,0xa5,0x9e,0xf4,0xb7,0xf4,0xd1,0xfc,0x68,0x9e,
0x98,0x26,0x69,0x28,0xcc,0x19,0x75,0xf2,0x61,0x0e,0x23,0xeb,0xf9,0x6d,0x2c,0x2b,
0x01,0x3f,0x4d,0x18,0x41,0xc5,0x31,0x9d,0x1c,0x20,0x81,0x4e,0x38,0x92,0xd5,0xbb,
0xd7,0xe7,0x49,0x0c,0x3a,0xf3,0x8f,0x9e,0xf0,0xb3,0x32,0x1e,0xa7,0x77,0xe8,0x9c,
0xf3,0xce,0x88,0x66,0xcc,0xe8,0x16,0xbb,0xfd,0xbc,0x62,0xc7,0xc3,0xeb,0x0a,0xf5,
0xd8,0x53,0x02,0x6c,0x45,0xcb,0x1d,0xa3,0x96,0xfb,0xa5,0x26,0x18,0x7f,0x04,0x9f,
0x80,0x4a,0xdb,0x3b,0x74,0xcf,0x0d,0x45,0xf4,0xd5,0x49,0xe9,0x27,0x54,0x9c,0x57,
0x92,0x48,0x78,0x52,0xb6,0x40,0x89,0x3f,0xf3,0x95,0x06,0x3d,0x90,0xab,0xa0,0x8a,
0xc7,0x54,0xf1,0x63,0xcf,0xa6,0xd2,0x83,0x1e,0x69,0x54,0xe0,0x77,0x2c,0x9e,0x3a,
0x4f,0xdd,0x14,0x6d,0x02,0x81,0x81,0x00,0xd9,0x40,0x76,0x90,0x7c,0xe7,0x3b,0xa3,
0x59,0x23,0x14,0x6b,0xf3,0x5f,0x6e,0x6b,0x82,0x34,0xf6,0xbd,0x3e,0xfb,0x65,0xac,
0x2f,0x46,0xd5,0x6e,0x9b,0xb8,0x62,0x80,0xc3,0x0c,0xa9,0xa6,0x00,0xd6,0xb8,0x1c,
0x12,0x8d,0x4d,0xd0,0x64,0x29,0x4c,0xac,0x38,0xe8,0x6c,0xe4,0x82,0x02,0x4e,0x10,
0xd5,0x39,0x19,0x29,0x0c,0x58,0x3f,0x68,0xa0,0x11,0x0e,0x11,0x74,0x22,0x2b,0x7e,
0xc2,0xa7,0x88,0xe3,0x33,0xe8,0xb4,0x50,0x6e,0x0c,0x54,0xc5,0x3f,0xb7,0x16,0xcb,
0x39,0xed,0x23,0xd0,0x66,0x26,0x57,0xf9,0xcb,0xc9,0xac,0xe2,0xa4,0xb8,0xba,0xd8,
0xd2,0x1f,0x4a,0xed,0x73,0x89,0xda,0x42,0x27,0x5a,0x26,0x30,0x33,0xc8,0x42,0x2a,
0x3d,0xc5,0xf3,0xc2,0x29,0x3d,0x58,0x67,0x02,0x81,0x81,0x00,0xb6,0xd4,0x61,0x05,
0x49,0xcb,0xf4,0x29,0x8a,0x22,0xd3,0xa3,0x7c,0x9c,0xd2,0x07,0xa4,0x66,0xe4,0x36,
0xfa,0x5e,0xf6,0x64,0xb7,0x59,0x74,0x2f,0x36,0x6d,0x12,0xd0,0xc9,0x4d,0xf8,0xd1,
0xba,0xd1,0xee,0xd2,0x78,0xcd,0x51,0x69,0x33,0x6a,0x03,0xff,0xc2,0x35,0x1d,0x0d,
0x9c,0x0a,0x87,0x5e,0x09,0xa3,0x23,0x4c,0xab,0xc3,0x4c,0x4a,0x1c,0xa4,0xc5,0xe2,
0x70,0x42,0x1c,0xcf,0xea,0x79,0xfb,0xb9,0x87,0x67,0x4d,0xc3,0xfc,0xcc,0x86,0x9d,
0xfa,0xea,0x99,0xa5,0x1b,0xc1,0x96,0xf4,0x79,0x4d,0x66,0x12,0x8f,0x90,0x98,0xb4,
0xa1,0x3b,0xd6,0x2f,0x64,0xb4,0x5f,0x8f,0x47,0x7f,0x43,0xa5,0x6d,0xeb,0x06,0x58,
0xfb,0x04,0x9e,0xef,0xaf,0x88,0x35,0x88,0xa1,0x15,0x30,0x97,0x02,0x81,0x80,0x59,
0xbe,0xe0,0x7b,0xc5,0xad,0x3c,0x1c,0xb9,0x98,0xdd,0x39,0xce,0xfa,0xd0,0x41,0x87,
0x33,0x5b,0xee,0x47,0x93,0x50,0xa7,0xf5,0x8b,0xbc,0x65,0x89,0xdc,0x7c,0x8c,0x96,
0x86,0xa7,0x9a,0x54,0xe4,0x5e,0x7f,0xf2,0x45,0xff,0x2c,0x24,0x04,0x4f,0x91,0x21,
0x9d,0x1a,0x46,0xb7,0x52,0x3e,0x6f,0x83,0xb5,0xa7,0xa8,0x26,0x5a,0x5a,0x2f,0x5d,
0x58,0x4e,0x48,0x75,0x82,0x1c,0x17,0xac,0x4f,0xcb,0x23,0x98,0x70,0xfb,0xf3,0xf1,
0xd2,0x14,0x3e,0xbb,0x98,0x65,0xc9,0x24,0x2f,0xcb,0x48,0xae,0xba,0x0e,0x43,0xb9,
0xa4,0xa1,0x4f,0xab,0x1e,0x48,0xc9,0x82,0xdb,0xbc,0x77,0x24,0xf0,0x80,0x82,0x2d,
0x81,0x77,0x1f,0x18,0x75,0x14,0xa8,0x20,0x86,0xa2,0xb0,0xc5,0x9a,0x7a,0xe7,0x02,
0x81,0x80,0x1b,0x6d,0xb1,0x40,0x81,0xd9,0xbf,0x3f,0x9c,0x21,0xad,0x6e,0x91,0x7b,
0x55,0x67,0x20,0x1a,0xef,0x91,0xef,0xed,0xdf,0x39,0x2c,0xe8,0x96,0xad,0x9e,0x94,
0xae,0x85,0xf4,0x2d,0x66,0x6e,0xd0,0x80,0x3e,0x3c,0x05,0x33,0x88,0x4b,0x28,0x13,
0x77,0x96,0x1f,0x24,0xa8,0xbf,0x29,0xf1,0xca,0x6d,0x29,0x34,0xf8,0x4e,0xc0,0x56,
0x04,0x53,0xfa,0x08,0x1e,0x47,0xe2,0x5f,0x88,0xc3,0x08,0x82,0x54,0x69,0x79,0x0e,
0xde,0x73,0xd0,0xb1,0x3e,0x60,0xe5,0x0b,0xdd,0x11,0x10,0x20,0xf2,0xec,0xaa,0x66,
0x1a,0x32,0x1e,0xa7,0xaa,0xc1,0x2e,0x8f,0x33,0x8a,0xd8,0xa8,0xd6,0xcd,0x40,0x04,
0xaf,0xb9,0x59,0xcc,0x30,0x9f,0x98,0xc9,0x10,0xaf,0x14,0xbe,0x72,0x89,0x94,0xe1,
0x00,0xf1,0x02,0x81,0x81,0x00,0xd6,0xac,0x26,0xd2,0x42,0x5b,0x16,0xa9,0x39,0x02,
0x63,0x76,0xa4,0xf5,0x40,0x3a,0xde,0xfa,0xea,0xd8,0xd3,0x12,0xee,0x44,0x00,0xfe,
0xcb,0xa1,0x78,0x18,0xaa,0xa7,0x08,0xea,0x5e,0x36,0x52,0x28,0x0d,0x02,0x5a,0x9e,
0x2d,0xc1,0x22,0x29,0x08,0x4f,0xed,0xff,0xa9,0xa6,0x08,0x8d,0x77,0xa4,0x5c,0xae,
0xa7,0x8a,0x19,0x90,0xc2,0x12,0xc8,0x0f,0xb8,0x24,0xb5,0xba,0x45,0x2f,0xa6,0xc2,
0x10,0x4c,0x0d,0x7e,0xf2,0xfd,0x11,0x26,0x16,0x34,0xbe,0x08,0x25,0x41,0x8b,0xcc,
0x60,0xe7,0x02,0x3e,0x6a,0x54,0x05,0x80,0x66,0x2d,0x55,0x06,0xe6,0xbe,0x9b,0x15,
0x9d,0xd3,0x5d,0xc4,0x6b,0x3f,0x74,0xa6,0x24,0xbc,0x7f,0x13,0xdf,0xe3,0x51,0x86,
0x64,0x0f,0x1d,0x1f,0xf2,0x1e,
};
char public_key_buffer[] = {
0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,0x43,0x5b,
0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,0xd7,0xbb,
0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,0x5b,0x02,
0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,0x39,0xc1,
0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,0x9b,0x92,
0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,0x2d,0x5b,
0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,0x51,0xfb,
0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,0x6b,0x91,
0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,0x99,0xfb,
0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,0x10,0x1b,
0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,0xac,0xed,
0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,0xb0,0x37,
0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,0x31,0x96,
0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,0xce,0x7d,
0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,0x6e,0xc4,
0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,0x40,0x25,
0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01,
};
/*
* described in Header-File
@ -36,9 +133,13 @@ void test_rsa(protected_tester_t *tester)
{
rsa_private_key_t *private_key;
rsa_public_key_t *public_key;
chunk_t data, signature, private_key_chunk, public_key_chunk;
chunk_t data, signature;
chunk_t der_private_key = {private_key_buffer, sizeof(private_key_buffer)};
chunk_t der_public_key = {public_key_buffer, sizeof(public_key_buffer)};
logger_t *logger;
status_t status;
/* key generation and signing */
u_int8_t test_data[] = {
0x01,0x02,0x03,0x04,
0x01,0x02,0x03,0x04,
@ -61,25 +162,32 @@ void test_rsa(protected_tester_t *tester)
private_key->generate_key(private_key, 512);
status = private_key->build_emsa_pkcs1_signature(private_key, HASH_MD5, data, &signature);
tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature");
tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature (genkey)");
public_key = private_key->get_public_key(private_key);
status = public_key->verify_emsa_pkcs1_signature(public_key, data, signature);
tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature");
tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature (genkey)");
public_key->get_key(public_key, &public_key_chunk);
private_key->get_key(private_key, &private_key_chunk);
logger->log_chunk(logger, RAW, "Public Key", public_key_chunk);
logger->log_chunk(logger, RAW, "Private Key", private_key_chunk);
allocator_free(public_key_chunk.ptr);
allocator_free(private_key_chunk.ptr);
allocator_free(signature.ptr);
private_key->destroy(private_key);
public_key->destroy(public_key);
/* key loading */
private_key = rsa_private_key_create();
private_key->set_key(private_key, der_private_key);
public_key = rsa_public_key_create();
public_key->set_key(public_key, der_public_key);
status = private_key->build_emsa_pkcs1_signature(private_key, HASH_MD5, data, &signature);
tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature (setkey)");
status = public_key->verify_emsa_pkcs1_signature(public_key, data, signature);
tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature (setkey)");
allocator_free(signature.ptr);
public_key->destroy(public_key);
private_key->destroy(private_key);
}

11
Source/charon/testcases/testcases.c
View File

@ -62,6 +62,7 @@
#include <testcases/rsa_test.h>
#include <testcases/kernel_interface_test.h>
#include <testcases/child_sa_test.h>
#include <testcases/der_decoder_test.h>
/* output for test messages */
extern FILE * stderr;
@ -128,6 +129,7 @@ test_t proposal_test = {test_proposal, "proposal_t test"};
test_t rsa_test = {test_rsa, "RSA private/public key test"};
test_t kernel_interface_test = {test_kernel_interface, "Kernel Interface"};
test_t child_sa_test = {test_child_sa, "Child SA"};
test_t der_decoder_test = {test_der_decoder, "DER decoder"};
daemon_t* charon;
@ -135,7 +137,7 @@ daemon_t* charon;
static void daemon_kill(daemon_t *this, char* none)
{
this->logger_manager->destroy(this->logger_manager);
this->socket->destroy(this->socket);
//this->socket->destroy(this->socket);
this->ike_sa_manager->destroy(this->ike_sa_manager);
this->job_queue->destroy(this->job_queue);
this->event_queue->destroy(this->event_queue);
@ -158,7 +160,7 @@ daemon_t *daemon_create()
charon->kill = daemon_kill;
charon->logger_manager = logger_manager_create(0);
charon->socket = socket_create(4510);
//charon->socket = socket_create(4510);
charon->ike_sa_manager = ike_sa_manager_create();
charon->job_queue = job_queue_create();
charon->event_queue = event_queue_create();
@ -250,14 +252,13 @@ int main()
daemon_create();
charon->logger_manager->disable_log_level(charon->logger_manager,TESTER,FULL);
charon->logger_manager->enable_log_level(charon->logger_manager,CHILD_SA,FULL);
/* charon->logger_manager->enable_log_level(charon->logger_manager,TESTER,RAW); */
charon->logger_manager->enable_log_level(charon->logger_manager,DER_DECODER,FULL);
tester_t *tester = tester_create(test_output, FALSE);
//tester->perform_tests(tester,all_tests);
tester->perform_test(tester,&kernel_interface_test);
tester->perform_test(tester,&rsa_test);
tester->destroy(tester);

518
Source/charon/transforms/certificate.c Executable file
View File

@ -0,0 +1,518 @@
/**
* @file certificate.c
*
* @brief Implementation of certificate_t.
*
*/
/*
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <gmp.h>
#include "certificate.h"
#include <daemon.h>
#include <utils/allocator.h>
#include <asn1/der_decoder.h>
typedef struct private_certificate_t private_certificate_t;
/**
* Private data of a certificate_t object.
*/
struct private_certificate_t {
/**
* Public interface for this signer.
*/
certificate_t public;
};
#define OSET(x) offsetof(private_certiciate_t, x)
/**
* Rules for de-/encoding of a certificate from/in ASN1
*/
static asn1_rule_t certificate_rules[] = {
{ASN1_SEQUENCE, 0, 0, 0 }, /* certificate */
{ ASN1_SEQUENCE, 0, 0, 0 }, /* tbsCertificate */
{ ASN1_TAG_E_0, ASN1_DEFAULT, OSET(version), 0 }, /* EXPLICIT version DEFAULT v1(0) */
{ ASN1_INTEGER, 0, OSET(version), 0 },
{ ASN1_INTEGER, 0, OSET(serial), 0 }, /* serialNumber */
{ ASN1_SEQUENCE, 0, 0, 0 }, /* signature */
{ ASN1_OID, 0, OSET(sign_alg), 0 }, /* algorithm */
{ ASN1_END, 0, 0, 0 }, /* signature */
{ ASN1_CHOICE, 0, 0, 0 }, /* issuer */
{ ASN1_SEQUENCE, ASN1_OF, 0, 0 },
/* name */
{ ASN1_END, 0, 0, 0 },
{ ASN1_END, 0, 0, 0 }, /* issuer */
{ ASN1_SEQUENCE, 0, 0, 0 }, /* validity */
{ ASN1_CHOICE, 0, 0, 0 }, /* notBefore */
{ ASN1_UTCTIME, 0, OSET(not_before), 0 }, /* utcTime */
{ ASN1_GENERALIZEDTIME, 0, OSET(not_before), 0 }, /* generalTime */
{ ASN1_END, 0, 0, 0 }, /* notBefore */
{ ASN1_CHOICE, 0, 0, 0 }, /* notAfter */
{ ASN1_UTCTIME, 0, OSET(not_after), 0 }, /* utcTime */
{ ASN1_GENERALIZEDTIME, 0, OSET(not_after), 0 }, /* generalTime */
{ ASN1_END, 0, 0, 0 }, /* notAfter */
{ ASN1_END, 0, 0, 0 }, /* validity */
{ ASN1_CHOICE, 0, 0, 0 }, /* subject */
{ ASN1_SEQUENCE, ASN1_OF, 0, 0 },
/* name */
{ ASN1_END, 0, 0, 0 },
{ ASN1_END, 0, 0, 0 }, /* subject */
{ ASN1_SEQUENCE, 0, 0, 0 }, /* subjectPublicKeyInfo */
{ ASN1_OID, 0, OSET(pubkey_alg), 0 }, /* algorithm */
{ ASN1_BITSTRING, 0, OSET(pubkey), 0 }, /* subjectPublicKey */
{ ASN1_END, 0, 0, 0 }, /* subjectPublicKeyInfo */
{ ASN1_TAG_I_1, ASN1_OPTIONAL, 0, OSET(has_issuer_uid)}, /* IMPLICIT issuerUniqueID OPTIONAL */
{ ASN1_BITSTRING, 0, OSET(issuer_uid), 0 },
{ ASN1_TAG_I_2, ASN1_OPTIONAL, 0, OSET(has_subject_uid)},/* IMPLICIT subjectUniqueID OPTIONAL */
{ ASN1_BITSTRING, 0, OSET(subject_uid), 0 },
{ ASN1_TAG_E_3, ASN1_OPTIONAL, 0, 0 }, /* EXPLICIT extensions OPTIONAL*/
{ ASN1_SEQUENCE, ASN1_OF, 0, 0 },
/* extension */
{ ASN1_END 0, 0, 0, }, /* extensions */
{ ASN1_END, 0, 0, 0 }, /* certificate */
};
/**
* Implementation of private_certificate_t.compute_prime.
*/
static void compute_prime(private_certificate_t *this, size_t prime_size, mpz_t *prime)
{
randomizer_t *randomizer;
chunk_t random_bytes;
randomizer = randomizer_create();
mpz_init(*prime);
do
{
randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes);
/* make sure most significant bit is set */
random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
/* convert chunk to mpz value */
mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
/* get next prime */
mpz_nextprime (*prime, *prime);
allocator_free(random_bytes.ptr);
}
/* check if it isnt too large */
while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
randomizer->destroy(randomizer);
}
/**
* Implementation of private_certificate_t.rsadp and private_certificate_t.rsasp1.
*/
static chunk_t rsadp(private_certificate_t *this, chunk_t data)
{
mpz_t t1, t2;
chunk_t decrypted;
mpz_init(t1);
mpz_init(t2);
mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
mpz_mod(t2, t2, this->p);
mpz_mul(t2, t2, this->coeff);
mpz_mod(t2, t2, this->p);
mpz_mul(t2, t2, this->q); /* m = m2 + h q */
mpz_add(t1, t1, t2);
decrypted.len = this->k;
decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
mpz_clear(t1);
mpz_clear(t2);
return decrypted;
}
/**
* Implementation of certificate.build_emsa_signature.
*/
static status_t build_emsa_pkcs1_signature(private_certificate_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature)
{
hasher_t *hasher;
chunk_t hash;
chunk_t oid;
chunk_t em;
/* get oid string prepended to hash */
switch (hash_algorithm)
{
case HASH_MD2:
{
oid.ptr = md2_oid;
oid.len = sizeof(md2_oid);
break;
}
case HASH_MD5:
{
oid.ptr = md5_oid;
oid.len = sizeof(md5_oid);
break;
}
case HASH_SHA1:
{
oid.ptr = sha1_oid;
oid.len = sizeof(sha1_oid);
break;
}
case HASH_SHA256:
{
oid.ptr = sha256_oid;
oid.len = sizeof(sha256_oid);
break;
}
case HASH_SHA384:
{
oid.ptr = sha384_oid;
oid.len = sizeof(sha384_oid);
break;
}
case HASH_SHA512:
{
oid.ptr = sha512_oid;
oid.len = sizeof(sha512_oid);
break;
}
default:
{
return NOT_SUPPORTED;
}
}
/* get hasher */
hasher = hasher_create(hash_algorithm);
if (hasher == NULL)
{
return NOT_SUPPORTED;
}
/* build hash */
hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
/* build chunk to rsa-decrypt:
* EM = 0x00 || 0x01 || PS || 0x00 || T.
* PS = 0xFF padding, with length to fill em
* T = oid || hash
*/
em.len = this->k;
em.ptr = allocator_alloc(em.len);
/* fill em with padding */
memset(em.ptr, 0xFF, em.len);
/* set magic bytes */
*(em.ptr) = 0x00;
*(em.ptr+1) = 0x01;
*(em.ptr + em.len - hash.len - oid.len - 1) = 0x00;
/* set hash */
memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len);
/* set oid */
memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len);
/* build signature */
*signature = this->rsasp1(this, em);
allocator_free(hash.ptr);
allocator_free(em.ptr);
return SUCCESS;
}
/**
* Implementation of certificate.set_key.
*/
static status_t set_key(private_certificate_t *this, chunk_t key)
{
der_decoder_t *dd;
status_t status;
dd = der_decoder_create(certificate_rules);
status = dd->decode(dd, key, this);
if (status == SUCCESS)
{
this->is_key_set = TRUE;
this->k = mpz_sizeinbase(this->n, 2) / 8;
}
dd->destroy(dd);
return status;
}
/**
* Implementation of certificate.get_key.
*/
static status_t get_key(private_certificate_t *this, chunk_t *key)
{
if (!this->is_key_set)
{
return INVALID_STATE;
}
chunk_t n, e, p, q, d, exp1, exp2, coeff;
n.len = this->k;
n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
e.len = this->k;
e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
p.len = this->k;
p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p);
q.len = this->k;
q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q);
d.len = this->k;
d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d);
exp1.len = this->k;
exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1);
exp2.len = this->k;
exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2);
coeff.len = this->k;
coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff);
key->len = this->k * 8;
key->ptr = allocator_alloc(key->len);
memcpy(key->ptr + this->k * 0, n.ptr , n.len);
memcpy(key->ptr + this->k * 1, e.ptr, e.len);
memcpy(key->ptr + this->k * 2, p.ptr, p.len);
memcpy(key->ptr + this->k * 3, q.ptr, q.len);
memcpy(key->ptr + this->k * 4, d.ptr, d.len);
memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len);
memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len);
memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len);
allocator_free(n.ptr);
allocator_free(e.ptr);
allocator_free(p.ptr);
allocator_free(q.ptr);
allocator_free(d.ptr);
allocator_free(exp1.ptr);
allocator_free(exp2.ptr);
allocator_free(coeff.ptr);
return SUCCESS;
}
/**
* Implementation of certificate.load_key.
*/
static status_t load_key(private_certificate_t *this, char *file)
{
return NOT_SUPPORTED;
}
/**
* Implementation of certificate.save_key.
*/
static status_t save_key(private_certificate_t *this, char *file)
{
return NOT_SUPPORTED;
}
/**
* Implementation of certificate.generate_key.
*/
static status_t generate_key(private_certificate_t *this, size_t key_size)
{
mpz_t p, q, n, e, d, exp1, exp2, coeff;
mpz_t m, q1, t;
if (key_size < 0)
{
return INVALID_ARG;
}
mpz_clear(this->n);
mpz_clear(this->e);
mpz_clear(this->p);
mpz_clear(this->q);
mpz_clear(this->d);
mpz_clear(this->exp1);
mpz_clear(this->exp2);
mpz_clear(this->coeff);
key_size = key_size / 8;
mpz_init(t);
mpz_init(n);
mpz_init(d);
mpz_init(exp1);
mpz_init(exp2);
mpz_init(coeff);
/* Get values of primes p and q */
this->compute_prime(this, key_size/2, &p);
this->compute_prime(this, key_size/2, &q);
/* Swapping Primes so p is larger then q */
if (mpz_cmp(p, q) < 0)
{
mpz_set(t, p);
mpz_set(p, q);
mpz_set(q, t);
}
mpz_mul(n, p, q); /* n = p*q */
mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */
mpz_init_set(m, p); /* m = p */
mpz_sub_ui(m, m, 1); /* m = m -1 */
mpz_init_set(q1, q); /* q1 = q */
mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */
mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */
mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */
mpz_divexact(m, m, t); /* m = m / t */
mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */
mpz_invert(d, e, m); /* e has an inverse mod m */
if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */
{
mpz_add(d, d, m);
}
mpz_sub_ui(t, p, 1); /* t = p-1 */
mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */
mpz_sub_ui(t, q, 1); /* t = q-1 */
mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */
mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */
if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */
{
mpz_add(coeff, coeff, p);
}
mpz_clear(q1);
mpz_clear(m);
mpz_clear(t);
/* apply values */
*(this->p) = *p;
*(this->q) = *q;
*(this->n) = *n;
*(this->e) = *e;
*(this->d) = *d;
*(this->exp1) = *exp1;
*(this->exp2) = *exp2;
*(this->coeff) = *coeff;
/* set key size in bytes */
this->is_key_set = TRUE;
this->k = key_size;
return SUCCESS;
}
/**
* Implementation of certificate.get_public_key.
*/
rsa_public_key_t *get_public_key(private_certificate_t *this)
{
rsa_public_key_t *public_key;
//chunk_t key;
public_key = rsa_public_key_create();
if (this->is_key_set)
{
chunk_t n, e, key;
n.len = this->k;
n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
e.len = this->k;
e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
key.len = this->k * 2;
key.ptr = allocator_alloc(key.len);
memcpy(key.ptr, n.ptr, n.len);
memcpy(key.ptr + n.len, e.ptr, e.len);
allocator_free(n.ptr);
allocator_free(e.ptr);
public_key->set_key(public_key, key);
allocator_free(key.ptr);
}
return public_key;
}
/**
* Implementation of certificate.destroy.
*/
static void destroy(private_certificate_t *this)
{
mpz_clear(this->n);
mpz_clear(this->e);
mpz_clear(this->p);
mpz_clear(this->q);
mpz_clear(this->d);
mpz_clear(this->exp1);
mpz_clear(this->exp2);
mpz_clear(this->coeff);
allocator_free(this);
}
/*
* Described in header.
*/
certificate_t *certificate_create(hash_algorithm_t hash_algoritm)
{
private_certificate_t *this = allocator_alloc_thing(private_certificate_t);
/* public functions */
this->public.build_emsa_pkcs1_signature = (status_t (*) (certificate_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature;
this->public.set_key = (status_t (*) (certificate_t*,chunk_t))set_key;
this->public.get_key = (status_t (*) (certificate_t*,chunk_t*))get_key;
this->public.load_key = (status_t (*) (certificate_t*,char*))load_key;
this->public.save_key = (status_t (*) (certificate_t*,char*))save_key;
this->public.generate_key = (status_t (*) (certificate_t*,size_t))generate_key;
this->public.get_public_key = (rsa_public_key_t *(*) (certificate_t*))get_public_key;
this->public.destroy = (void (*) (certificate_t*))destroy;
/* private functions */
this->rsadp = rsadp;
this->rsasp1 = rsadp; /* same algorithm */
this->compute_prime = compute_prime;
mpz_init(this->n);
mpz_init(this->e);
mpz_init(this->p);
mpz_init(this->q);
mpz_init(this->d);
mpz_init(this->exp1);
mpz_init(this->exp2);
mpz_init(this->coeff);
this->is_key_set = FALSE;
return &(this->public);
}

72
Source/charon/transforms/certificate.h Executable file
View File

@ -0,0 +1,72 @@
/**
* @file certificate.h
*
* @brief Interface of certificate_t.
*
*/
/*
* Copyright (C) 2006 Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef CERTIFICATE_H_
#define CERTIFICATE_H_
#include <types.h>
#include <definitions.h>
#include <transforms/rsa/rsa_public_key.h>
#include <transforms/hashers/hasher.h>
typedef struct certificate_t certificate_t;
/**
* @brief X509 certificate.
*
* Currently only supports signing using EMSA encoding.
*
* @b Constructors:
* - certificate_create()
*
* @ingroup rsa
*/
struct certificate_t {
/**
* @brief Get the RSA public key from the certificate.
*
* @param this calling object
* @return public_key
*/
rsa_public_key_t *(*get_public_key) (certificate_t *this);
/**
* @brief Destroys the private key.
*
* @param this private key to destroy
*/
void (*destroy) (certificate_t *this);
};
/**
* @brief Create a new certificate without
* any key inside.
*
* @return created certificate_t.
*
* @ingroup rsa
*/
certificate_t *certificate_create();
#endif /* CERTIFICATE_H_ */

184
Source/charon/transforms/rsa/rsa_private_key.c
View File

@ -26,6 +26,7 @@
#include <daemon.h>
#include <utils/allocator.h>
#include <asn1/der_decoder.h>
/*
@ -39,20 +40,6 @@ extern u_int8_t sha256_oid[19];
extern u_int8_t sha384_oid[19];
extern u_int8_t sha512_oid[19];
/*
asn1_module_t rsa_private_key_module = {
{ASN1_SEQUENCE, 0, 0, 0},
{ ASN1_INTEGER, 0, offsetof(private_rsa_private_key, version), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, n), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, e), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, d), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, p), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, q), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp1), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp2), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, coeff), 0},
{ASN1_END, 0, 0, 0},
};*/
/**
* Public exponent to use for key generation.
@ -154,6 +141,23 @@ struct private_rsa_private_key_t {
};
/**
* Rules for de-/encoding of a private key from/in ASN1
*/
static asn1_rule_t rsa_private_key_rules[] = {
{ASN1_SEQUENCE, 0, 0, 0},
{ ASN1_INTEGER, 0, offsetof(private_rsa_private_key_t, version), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, n), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, e), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, d), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, p), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, q), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp1), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp2), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, coeff), 0},
{ASN1_END, 0, 0, 0},
};
/**
* Implementation of private_rsa_private_key_t.compute_prime.
*/
@ -174,10 +178,10 @@ static void compute_prime(private_rsa_private_key_t *this, size_t prime_size, mp
/* convert chunk to mpz value */
mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
/* get next prime */
mpz_nextprime (*prime, *prime);
allocator_free(random_bytes.ptr);
}
/* check if it isnt too large */
@ -194,28 +198,28 @@ static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data)
mpz_t t1, t2;
chunk_t decrypted;
mpz_init(t1);
mpz_init(t2);
mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
mpz_mod(t2, t2, this->p);
mpz_mul(t2, t2, this->coeff);
mpz_mod(t2, t2, this->p);
mpz_mul(t2, t2, this->q); /* m = m2 + h q */
mpz_add(t1, t1, t2);
decrypted.len = this->k;
decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
mpz_clear(t1);
mpz_clear(t2);
return decrypted;
mpz_init(t1);
mpz_init(t2);
mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
mpz_mod(t2, t2, this->p);
mpz_mul(t2, t2, this->coeff);
mpz_mod(t2, t2, this->p);
mpz_mul(t2, t2, this->q); /* m = m2 + h q */
mpz_add(t1, t1, t2);
decrypted.len = this->k;
decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
mpz_clear(t1);
mpz_clear(t2);
return decrypted;
}
/**
@ -319,51 +323,21 @@ static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash
*/
static status_t set_key(private_rsa_private_key_t *this, chunk_t key)
{
chunk_t n, e, p, q, d, exp1, exp2, coeff;
this->k = key.len / 8;
der_decoder_t *dd;
status_t status;
n.len = this->k;
e.len = this->k;
p.len = this->k;
q.len = this->k;
d.len = this->k;
exp1.len = this->k;
exp2.len = this->k;
coeff.len = this->k;
dd = der_decoder_create(rsa_private_key_rules);
n.ptr = key.ptr + this->k * 0;
e.ptr = key.ptr + this->k * 1;
p.ptr = key.ptr + this->k * 2;
q.ptr = key.ptr + this->k * 3;
d.ptr = key.ptr + this->k * 4;
exp1.ptr = key.ptr + this->k * 5;
exp2.ptr = key.ptr + this->k * 6;
coeff.ptr = key.ptr + this->k * 7;
mpz_init(this->n);
mpz_init(this->e);
mpz_init(this->p);
mpz_init(this->q);
mpz_init(this->d);
mpz_init(this->exp1);
mpz_init(this->exp2);
mpz_init(this->coeff);
mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr);
mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr);
mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr);
mpz_import(this->q, this->k, 1, 1, 1, 0, q.ptr);
mpz_import(this->d, this->k, 1, 1, 1, 0, d.ptr);
mpz_import(this->exp1, this->k, 1, 1, 1, 0, exp1.ptr);
mpz_import(this->exp2, this->k, 1, 1, 1, 0, exp2.ptr);
mpz_import(this->coeff, this->k, 1, 1, 1, 0, coeff.ptr);
this->is_key_set = TRUE;
return SUCCESS;
status = dd->decode(dd, key, this);
if (status == SUCCESS)
{
this->is_key_set = TRUE;
this->k = mpz_sizeinbase(this->n, 2) / 8;
}
dd->destroy(dd);
return status;
}
/**
* Implementation of rsa_private_key.get_key.
*/
@ -445,17 +419,14 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
return INVALID_ARG;
}
if (this->is_key_set)
{
mpz_clear(this->n);
mpz_clear(this->e);
mpz_clear(this->p);
mpz_clear(this->q);
mpz_clear(this->d);
mpz_clear(this->exp1);
mpz_clear(this->exp2);
mpz_clear(this->coeff);
}
mpz_clear(this->n);
mpz_clear(this->e);
mpz_clear(this->p);
mpz_clear(this->q);
mpz_clear(this->d);
mpz_clear(this->exp1);
mpz_clear(this->exp2);
mpz_clear(this->coeff);
key_size = key_size / 8;
@ -471,7 +442,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
this->compute_prime(this, key_size/2, &q);
/* Swapping Primes so p is larger then q */
if (mpz_cmp(p, q) < 0)
if (mpz_cmp(p, q) < 0)
{
mpz_set(t, p);
mpz_set(p, q);
@ -510,7 +481,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
mpz_clear(t);
/* apply values */
*(this->p) = *p;
*(this->p) = *p;
*(this->q) = *q;
*(this->n) = *n;
*(this->e) = *e;
@ -568,17 +539,14 @@ rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
*/
static void destroy(private_rsa_private_key_t *this)
{
if (this->is_key_set)
{
mpz_clear(this->n);
mpz_clear(this->e);
mpz_clear(this->p);
mpz_clear(this->q);
mpz_clear(this->d);
mpz_clear(this->exp1);
mpz_clear(this->exp2);
mpz_clear(this->coeff);
}
mpz_clear(this->n);
mpz_clear(this->e);
mpz_clear(this->p);
mpz_clear(this->q);
mpz_clear(this->d);
mpz_clear(this->exp1);
mpz_clear(this->exp2);
mpz_clear(this->coeff);
allocator_free(this);
}
@ -604,6 +572,14 @@ rsa_private_key_t *rsa_private_key_create(hash_algorithm_t hash_algoritm)
this->rsasp1 = rsadp; /* same algorithm */
this->compute_prime = compute_prime;
mpz_init(this->n);
mpz_init(this->e);
mpz_init(this->p);
mpz_init(this->q);
mpz_init(this->d);
mpz_init(this->exp1);
mpz_init(this->exp2);
mpz_init(this->coeff);
this->is_key_set = FALSE;
return &(this->public);

60
Source/charon/transforms/rsa/rsa_public_key.c
View File

@ -27,16 +27,17 @@
#include <daemon.h>
#include <utils/allocator.h>
#include <transforms/hashers/hasher.h>
#include <asn1/der_decoder.h>
/*
* Since we don't have an ASN1 parser/generator,
* For simplicity,
* we use these predefined values for
* hash algorithm oids. These also contain
* hash algorithm OIDs. These also contain
* the length of the following hash.
* These values are also used in rsa_private_key.c.
*/
u_int8_t md2_oid[18] = {
u_int8_t md2_oid[] = {
0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,
0x04,0x10
@ -92,6 +93,7 @@ struct private_rsa_public_key_t {
* Public modulus.
*/
mpz_t n;
/**
* Public exponent.
*/
@ -122,7 +124,17 @@ struct private_rsa_public_key_t {
};
/**
* Implementation of private_rsa_public_key_t.rsadp and private_rsa_public_key_t.rsavp1
* Rules for de-/encoding of a public key from/in ASN1
*/
static asn1_rule_t rsa_public_key_rules[] = {
{ASN1_SEQUENCE, 0, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, n), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, e), 0},
{ASN1_END, 0, 0, 0},
};
/**
* Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1
*/
static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
{
@ -146,7 +158,7 @@ static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
}
/**
* Implementation of rsa_public_key.verify_emsa_signature.
* Implementation of rsa_public_key.verify_emsa_pkcs1_signature.
*/
static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature)
{
@ -278,25 +290,20 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun
*/
static status_t set_key(private_rsa_public_key_t *this, chunk_t key)
{
chunk_t n, e;
der_decoder_t *dd;
status_t status;
n.len = key.len/2;
n.ptr = key.ptr;
e.len = n.len;
e.ptr = key.ptr + n.len;
dd = der_decoder_create(rsa_public_key_rules);
mpz_init(this->n);
mpz_init(this->e);
mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr);
mpz_import(this->e, n.len, 1, 1, 1, 0, e.ptr);
this->k = n.len;
this->is_key_set = TRUE;
return SUCCESS;
}
status = dd->decode(dd, key, this);
if (status == SUCCESS)
{
this->is_key_set = TRUE;
this->k = mpz_sizeinbase(this->n, 2) / 8;
}
dd->destroy(dd);
return status;
}
/**
@ -347,11 +354,8 @@ static status_t save_key(private_rsa_public_key_t *this, char *file)
*/
static void destroy(private_rsa_public_key_t *this)
{
if (this->is_key_set)
{
mpz_clear(this->n);
mpz_clear(this->e);
}
mpz_clear(this->n);
mpz_clear(this->e);
allocator_free(this);
}
@ -374,6 +378,8 @@ rsa_public_key_t *rsa_public_key_create()
this->rsaep = rsaep;
this->rsavp1 = rsaep; /* same algorithm */
mpz_init(this->n);
mpz_init(this->e);
this->is_key_set = FALSE;
return &(this->public);

4
Source/charon/utils/logger_manager.c
View File

@ -49,6 +49,8 @@ mapping_t logger_context_t_mappings[] = {
{CONFIG, "CONFIG"},
{ENCRYPTION_PAYLOAD, "ENCRYPTION_PAYLOAD"},
{PAYLOAD, "PAYLOAD"},
{DER_DECODER, "DER_DECODER"},
{DER_ENCODER, "DER_ENCODER"},
{MAPPING_END, NULL},
};
@ -75,6 +77,8 @@ struct {
{ "CONFG", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* CONFIG */
{ "ENCPL", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* ENCRYPTION_PAYLOAD */
{ "PAYLD", ERROR|CONTROL|AUDIT|LEVEL0, TRUE, NULL}, /* PAYLOAD */
{ "DERDC", ERROR|CONTROL|AUDIT|RAW|PRIVATE|LEVEL3, TRUE, NULL}, /* DER_DECODER */
{ "DEREC", ERROR|CONTROL|AUDIT|RAW|PRIVATE|LEVEL3, TRUE, NULL}, /* DER_ENCODER */
};

2
Source/charon/utils/logger_manager.h
View File

@ -53,6 +53,8 @@ enum logger_context_t {
CONFIG,
ENCRYPTION_PAYLOAD,
PAYLOAD,
DER_DECODER,
DER_ENCODER,
LOGGER_CONTEXT_ROOF,
};