ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

Use bits instead of bytes for a private/public key

This commit is contained in:
Martin Willi 2010-08-10 15:56:10 +02:00
parent 33ddaaabec
commit a944d2092b
24 changed files with 71 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/key2keyid.c
View File

@ -35,7 +35,7 @@ int main(int argc, char *argv[])
if (private)
{
printf("parsed %d bits %N private key.\n",
private->get_keysize(private)*8,
private->get_keysize(private),
key_type_names, private->get_type(private));
if (private->get_fingerprint(private, KEYID_PUBKEY_INFO_SHA1, &chunk))
{
@ -65,7 +65,7 @@ int main(int argc, char *argv[])
if (public)
{
printf("parsed %d bits %N public key.\n",
public->get_keysize(public)*8,
public->get_keysize(public),
key_type_names, public->get_type(public));
if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &chunk))
{

10
scripts/pubkey_speed.c
View File

@ -79,23 +79,23 @@ int main(int argc, char *argv[])
{
switch (private->get_keysize(private))
{
case 32:
case 256:
scheme = SIGN_ECDSA_256;
break;
case 48:
case 384:
scheme = SIGN_ECDSA_384;
break;
case 66:
case 521:
scheme = SIGN_ECDSA_521;
break;
default:
printf("%d bit ECDSA private key size not supported",
private->get_keysize(private) * 8);
private->get_keysize(private));
exit(1);
}
}
printf("%4d bit %N: ", private->get_keysize(private)*8,
printf("%4d bit %N: ", private->get_keysize(private),
key_type_names, type);
sigs = malloc(sizeof(chunk_t) * rounds);

2
src/libcharon/plugins/stroke/stroke_list.c
View File

@ -638,7 +638,7 @@ static void list_public_key(public_key_t *public, FILE *out)
fprintf(out, " pubkey: %N %d bits%s\n",
key_type_names, public->get_type(public),
public->get_keysize(public) * 8,
public->get_keysize(public),
private ? ", has private key" : "");
if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid))
{

2
src/libcharon/plugins/unit_tester/tests/test_rsa_gen.c
View File

@ -110,7 +110,7 @@ bool test_rsa_load_any()
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
BUILD_BLOB_ASN1_DER, chunk,
BUILD_END);
if (!public || public->get_keysize(public) != 256)
if (!public || public->get_keysize(public) != 2048)
{
return FALSE;
}

6
src/libcharon/sa/authenticators/pubkey_authenticator.c
View File

@ -84,15 +84,15 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message)
/* we try to deduct the signature scheme from the keysize */
switch (private->get_keysize(private))
{
case 32:
case 256:
scheme = SIGN_ECDSA_256;
auth_method = AUTH_ECDSA_256;
break;
case 48:
case 384:
scheme = SIGN_ECDSA_384;
auth_method = AUTH_ECDSA_384;
break;
case 66:
case 521:
scheme = SIGN_ECDSA_521;
auth_method = AUTH_ECDSA_521;
break;

6
src/libstrongswan/credentials/keys/private_key.h
View File

@ -60,11 +60,11 @@ struct private_key_t {
chunk_t crypto, chunk_t *plain);
/**
* Get the strength of the key in bytes.
* Get the strength of the key in bits.
*
* @return strength of the key in bytes
* @return strength of the key in bits
*/
size_t (*get_keysize) (private_key_t *this);
int (*get_keysize) (private_key_t *this);
/**
* Get the public part from the private key.

6
src/libstrongswan/credentials/keys/public_key.h
View File

@ -165,11 +165,11 @@ struct public_key_t {
bool (*equals)(public_key_t *this, public_key_t *other);
/**
* Get the strength of the key in bytes.
* Get the strength of the key in bits.
*
* @return strength of the key in bytes
* @return strength of the key in bits
*/
size_t (*get_keysize) (public_key_t *this);
int (*get_keysize) (public_key_t *this);
/**
* Get the fingerprint of the key.

4
src/libstrongswan/plugins/agent/agent_private_key.c
View File

@ -306,10 +306,10 @@ METHOD(private_key_t, decrypt, bool,
return FALSE;
}
METHOD(private_key_t, get_keysize, size_t,
METHOD(private_key_t, get_keysize, int,
private_agent_private_key_t *this)
{
return this->key_size;
return this->key_size * 8;
}
METHOD(private_key_t, get_public_key, public_key_t*,

4
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
View File

@ -277,10 +277,10 @@ METHOD(private_key_t, decrypt, bool,
return TRUE;
}
METHOD(private_key_t, get_keysize, size_t,
METHOD(private_key_t, get_keysize, int,
private_gcrypt_rsa_private_key_t *this)
{
return gcry_pk_get_nbits(this->key) / 8;
return gcry_pk_get_nbits(this->key);
}
METHOD(private_key_t, get_public_key, public_key_t*,

4
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
View File

@ -228,10 +228,10 @@ METHOD(public_key_t, encrypt_, bool,
return !!encrypted->len;
}
METHOD(public_key_t, get_keysize, size_t,
METHOD(public_key_t, get_keysize, int,
private_gcrypt_rsa_public_key_t *this)
{
return gcry_pk_get_nbits(this->key) / 8;
return gcry_pk_get_nbits(this->key);
}
METHOD(public_key_t, get_encoding, bool,

6
src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
View File

@ -250,7 +250,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
{
free(digestInfo.ptr);
DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
this->k * 8);
mpz_sizeinbase(this->n, 2));
return FALSE;
}
@ -356,10 +356,10 @@ end:
return success;
}
METHOD(private_key_t, get_keysize, size_t,
METHOD(private_key_t, get_keysize, int,
private_gmp_rsa_private_key_t *this)
{
return this->k;
return mpz_sizeinbase(this->n, 2);
}
METHOD(private_key_t, get_public_key, public_key_t*,

4
src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
View File

@ -375,10 +375,10 @@ METHOD(public_key_t, encrypt_, bool,
return TRUE;
}
METHOD(public_key_t, get_keysize, size_t,
METHOD(public_key_t, get_keysize, int,
private_gmp_rsa_public_key_t *this)
{
return this->k;
return mpz_sizeinbase(this->n, 2);
}
METHOD(public_key_t, get_encoding, bool,

14
src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
View File

@ -178,10 +178,20 @@ METHOD(private_key_t, decrypt, bool,
return FALSE;
}
METHOD(private_key_t, get_keysize, size_t,
METHOD(private_key_t, get_keysize, int,
private_openssl_ec_private_key_t *this)
{
return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
{
case NID_X9_62_prime256v1:
return 256;
case NID_secp384r1:
return 384;
case NID_secp521r1:
return 521;
default:
return 0;
}
}
METHOD(private_key_t, get_type, key_type_t,

14
src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
View File

@ -176,10 +176,20 @@ METHOD(public_key_t, encrypt, bool,
return FALSE;
}
METHOD(public_key_t, get_keysize, size_t,
METHOD(public_key_t, get_keysize, int,
private_openssl_ec_public_key_t *this)
{
return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
{
case NID_X9_62_prime256v1:
return 256;
case NID_secp384r1:
return 384;
case NID_secp521r1:
return 521;
default:
return 0;
}
}
/**

4
src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
View File

@ -173,10 +173,10 @@ METHOD(private_key_t, decrypt, bool,
return FALSE;
}
METHOD(private_key_t, get_keysize, size_t,
METHOD(private_key_t, get_keysize, int,
private_openssl_rsa_private_key_t *this)
{
return RSA_size(this->rsa);
return RSA_size(this->rsa) * 8;
}
METHOD(private_key_t, get_public_key, public_key_t*,

4
src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
View File

@ -155,10 +155,10 @@ METHOD(public_key_t, encrypt, bool,
return FALSE;
}
METHOD(public_key_t, get_keysize, size_t,
METHOD(public_key_t, get_keysize, int,
private_openssl_rsa_public_key_t *this)
{
return RSA_size(this->rsa);
return RSA_size(this->rsa) * 8;
}
/**

4
src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
View File

@ -80,7 +80,7 @@ METHOD(private_key_t, get_type, key_type_t,
return this->pubkey->get_type(this->pubkey);
}
METHOD(private_key_t, get_keysize, size_t,
METHOD(private_key_t, get_keysize, int,
private_pkcs11_private_key_t *this)
{
return this->pubkey->get_keysize(this->pubkey);
@ -178,7 +178,7 @@ METHOD(private_key_t, sign, bool,
DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
len = get_keysize(this);
len = (get_keysize(this) + 7) / 8;
buf = malloc(len);
rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len);
this->mutex->unlock(this->mutex);

4
src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
View File

@ -125,10 +125,10 @@ METHOD(public_key_t, encrypt, bool,
return FALSE;
}
METHOD(public_key_t, get_keysize, size_t,
METHOD(public_key_t, get_keysize, int,
private_pkcs11_public_key_t *this)
{
return this->k;
return this->k * 8;
}
/**

2
src/pki/commands/print.c
View File

@ -29,7 +29,7 @@ static void print_pubkey(public_key_t *key)
chunk_t chunk;
printf("pubkey: %N %d bits\n", key_type_names, key->get_type(key),
key->get_keysize(key) * 8);
key->get_keysize(key));
if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &chunk))
{
printf("keyid: %#B\n", &chunk);

2
src/pluto/certs.c
View File

@ -232,7 +232,7 @@ void list_pgp_end_certs(bool utc)
whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
key_type_names, key->get_type(key),
key->get_keysize(key) * BITS_PER_BYTE,
key->get_keysize(key),
has_private_key(cert)? ", has private key" : "");
if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &keyid))
{

12
src/pluto/ike_alg.c
View File

@ -194,18 +194,16 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy)
if (policy & POLICY_PUBKEY)
{
int auth_method = 0;
size_t key_size = 0;
int auth_method = 0, key_size = 0;
key_type_t key_type = KEY_ANY;
if (c->spd.this.cert)
{
certificate_t *certificate = c->spd.this.cert->cert;
public_key_t *key = certificate->get_public_key(certificate);
if (key == NULL)
{
{
plog("ike alg: unable to retrieve my public key");
continue;
}
@ -233,13 +231,13 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy)
case KEY_ECDSA:
switch (key_size)
{
case 32:
case 256:
auth_method = OAKLEY_ECDSA_256;
break;
case 48:
case 384:
auth_method = OAKLEY_ECDSA_384;
break;
case 66:
case 521:
auth_method = OAKLEY_ECDSA_521;
break;
default:

2
src/pluto/keys.c
View File

@ -1449,7 +1449,7 @@ void list_public_keys(bool utc)
whack_log(RC_COMMENT, " identity: '%Y'", key->id);
whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s",
key_type_names, public->get_type(public),
public->get_keysize(public) * BITS_PER_BYTE,
public->get_keysize(public),
&key->until_time, utc,
check_expiry(key->until_time, PUBKEY_WARNING_INTERVAL, TRUE));
if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid))

2
src/pluto/x509.c
View File

@ -427,7 +427,7 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
{
whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
key_type_names, key->get_type(key),
key->get_keysize(key) * BITS_PER_BYTE,
key->get_keysize(key),
cert->smartcard ? ", on smartcard" :
(has_private_key(cert)? ", has private key" : ""));

2
src/scepclient/scepclient.c
View File

@ -807,7 +807,7 @@ int main(int argc, char **argv)
public_key = private_key->get_public_key(private_key);
/* check for minimum key length */
if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS)
if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE)
{
exit_scepclient("length of RSA key has to be at least %d bits"
,RSA_MIN_OCTETS * BITS_PER_BYTE);