Use bits instead of bytes for a private/public key
This commit is contained in:
parent
33ddaaabec
commit
a944d2092b
|
@ -35,7 +35,7 @@ int main(int argc, char *argv[])
|
|||
if (private)
|
||||
{
|
||||
printf("parsed %d bits %N private key.\n",
|
||||
private->get_keysize(private)*8,
|
||||
private->get_keysize(private),
|
||||
key_type_names, private->get_type(private));
|
||||
if (private->get_fingerprint(private, KEYID_PUBKEY_INFO_SHA1, &chunk))
|
||||
{
|
||||
|
@ -65,7 +65,7 @@ int main(int argc, char *argv[])
|
|||
if (public)
|
||||
{
|
||||
printf("parsed %d bits %N public key.\n",
|
||||
public->get_keysize(public)*8,
|
||||
public->get_keysize(public),
|
||||
key_type_names, public->get_type(public));
|
||||
if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &chunk))
|
||||
{
|
||||
|
|
|
@ -79,23 +79,23 @@ int main(int argc, char *argv[])
|
|||
{
|
||||
switch (private->get_keysize(private))
|
||||
{
|
||||
case 32:
|
||||
case 256:
|
||||
scheme = SIGN_ECDSA_256;
|
||||
break;
|
||||
case 48:
|
||||
case 384:
|
||||
scheme = SIGN_ECDSA_384;
|
||||
break;
|
||||
case 66:
|
||||
case 521:
|
||||
scheme = SIGN_ECDSA_521;
|
||||
break;
|
||||
default:
|
||||
printf("%d bit ECDSA private key size not supported",
|
||||
private->get_keysize(private) * 8);
|
||||
private->get_keysize(private));
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
printf("%4d bit %N: ", private->get_keysize(private)*8,
|
||||
printf("%4d bit %N: ", private->get_keysize(private),
|
||||
key_type_names, type);
|
||||
|
||||
sigs = malloc(sizeof(chunk_t) * rounds);
|
||||
|
|
|
@ -638,7 +638,7 @@ static void list_public_key(public_key_t *public, FILE *out)
|
|||
|
||||
fprintf(out, " pubkey: %N %d bits%s\n",
|
||||
key_type_names, public->get_type(public),
|
||||
public->get_keysize(public) * 8,
|
||||
public->get_keysize(public),
|
||||
private ? ", has private key" : "");
|
||||
if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid))
|
||||
{
|
||||
|
|
|
@ -110,7 +110,7 @@ bool test_rsa_load_any()
|
|||
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
|
||||
BUILD_BLOB_ASN1_DER, chunk,
|
||||
BUILD_END);
|
||||
if (!public || public->get_keysize(public) != 256)
|
||||
if (!public || public->get_keysize(public) != 2048)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
|
|
@ -84,15 +84,15 @@ static status_t build(private_pubkey_authenticator_t *this, message_t *message)
|
|||
/* we try to deduct the signature scheme from the keysize */
|
||||
switch (private->get_keysize(private))
|
||||
{
|
||||
case 32:
|
||||
case 256:
|
||||
scheme = SIGN_ECDSA_256;
|
||||
auth_method = AUTH_ECDSA_256;
|
||||
break;
|
||||
case 48:
|
||||
case 384:
|
||||
scheme = SIGN_ECDSA_384;
|
||||
auth_method = AUTH_ECDSA_384;
|
||||
break;
|
||||
case 66:
|
||||
case 521:
|
||||
scheme = SIGN_ECDSA_521;
|
||||
auth_method = AUTH_ECDSA_521;
|
||||
break;
|
||||
|
|
|
@ -60,11 +60,11 @@ struct private_key_t {
|
|||
chunk_t crypto, chunk_t *plain);
|
||||
|
||||
/**
|
||||
* Get the strength of the key in bytes.
|
||||
* Get the strength of the key in bits.
|
||||
*
|
||||
* @return strength of the key in bytes
|
||||
* @return strength of the key in bits
|
||||
*/
|
||||
size_t (*get_keysize) (private_key_t *this);
|
||||
int (*get_keysize) (private_key_t *this);
|
||||
|
||||
/**
|
||||
* Get the public part from the private key.
|
||||
|
|
|
@ -165,11 +165,11 @@ struct public_key_t {
|
|||
bool (*equals)(public_key_t *this, public_key_t *other);
|
||||
|
||||
/**
|
||||
* Get the strength of the key in bytes.
|
||||
* Get the strength of the key in bits.
|
||||
*
|
||||
* @return strength of the key in bytes
|
||||
* @return strength of the key in bits
|
||||
*/
|
||||
size_t (*get_keysize) (public_key_t *this);
|
||||
int (*get_keysize) (public_key_t *this);
|
||||
|
||||
/**
|
||||
* Get the fingerprint of the key.
|
||||
|
|
|
@ -306,10 +306,10 @@ METHOD(private_key_t, decrypt, bool,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_keysize, size_t,
|
||||
METHOD(private_key_t, get_keysize, int,
|
||||
private_agent_private_key_t *this)
|
||||
{
|
||||
return this->key_size;
|
||||
return this->key_size * 8;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_public_key, public_key_t*,
|
||||
|
|
|
@ -277,10 +277,10 @@ METHOD(private_key_t, decrypt, bool,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_keysize, size_t,
|
||||
METHOD(private_key_t, get_keysize, int,
|
||||
private_gcrypt_rsa_private_key_t *this)
|
||||
{
|
||||
return gcry_pk_get_nbits(this->key) / 8;
|
||||
return gcry_pk_get_nbits(this->key);
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_public_key, public_key_t*,
|
||||
|
|
|
@ -228,10 +228,10 @@ METHOD(public_key_t, encrypt_, bool,
|
|||
return !!encrypted->len;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_keysize, size_t,
|
||||
METHOD(public_key_t, get_keysize, int,
|
||||
private_gcrypt_rsa_public_key_t *this)
|
||||
{
|
||||
return gcry_pk_get_nbits(this->key) / 8;
|
||||
return gcry_pk_get_nbits(this->key);
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_encoding, bool,
|
||||
|
|
|
@ -250,7 +250,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
|
|||
{
|
||||
free(digestInfo.ptr);
|
||||
DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
|
||||
this->k * 8);
|
||||
mpz_sizeinbase(this->n, 2));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
@ -356,10 +356,10 @@ end:
|
|||
return success;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_keysize, size_t,
|
||||
METHOD(private_key_t, get_keysize, int,
|
||||
private_gmp_rsa_private_key_t *this)
|
||||
{
|
||||
return this->k;
|
||||
return mpz_sizeinbase(this->n, 2);
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_public_key, public_key_t*,
|
||||
|
|
|
@ -375,10 +375,10 @@ METHOD(public_key_t, encrypt_, bool,
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_keysize, size_t,
|
||||
METHOD(public_key_t, get_keysize, int,
|
||||
private_gmp_rsa_public_key_t *this)
|
||||
{
|
||||
return this->k;
|
||||
return mpz_sizeinbase(this->n, 2);
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_encoding, bool,
|
||||
|
|
|
@ -178,10 +178,20 @@ METHOD(private_key_t, decrypt, bool,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_keysize, size_t,
|
||||
METHOD(private_key_t, get_keysize, int,
|
||||
private_openssl_ec_private_key_t *this)
|
||||
{
|
||||
return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
|
||||
switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
|
||||
{
|
||||
case NID_X9_62_prime256v1:
|
||||
return 256;
|
||||
case NID_secp384r1:
|
||||
return 384;
|
||||
case NID_secp521r1:
|
||||
return 521;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_type, key_type_t,
|
||||
|
|
|
@ -176,10 +176,20 @@ METHOD(public_key_t, encrypt, bool,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_keysize, size_t,
|
||||
METHOD(public_key_t, get_keysize, int,
|
||||
private_openssl_ec_public_key_t *this)
|
||||
{
|
||||
return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
|
||||
switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
|
||||
{
|
||||
case NID_X9_62_prime256v1:
|
||||
return 256;
|
||||
case NID_secp384r1:
|
||||
return 384;
|
||||
case NID_secp521r1:
|
||||
return 521;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -173,10 +173,10 @@ METHOD(private_key_t, decrypt, bool,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_keysize, size_t,
|
||||
METHOD(private_key_t, get_keysize, int,
|
||||
private_openssl_rsa_private_key_t *this)
|
||||
{
|
||||
return RSA_size(this->rsa);
|
||||
return RSA_size(this->rsa) * 8;
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_public_key, public_key_t*,
|
||||
|
|
|
@ -155,10 +155,10 @@ METHOD(public_key_t, encrypt, bool,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_keysize, size_t,
|
||||
METHOD(public_key_t, get_keysize, int,
|
||||
private_openssl_rsa_public_key_t *this)
|
||||
{
|
||||
return RSA_size(this->rsa);
|
||||
return RSA_size(this->rsa) * 8;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -80,7 +80,7 @@ METHOD(private_key_t, get_type, key_type_t,
|
|||
return this->pubkey->get_type(this->pubkey);
|
||||
}
|
||||
|
||||
METHOD(private_key_t, get_keysize, size_t,
|
||||
METHOD(private_key_t, get_keysize, int,
|
||||
private_pkcs11_private_key_t *this)
|
||||
{
|
||||
return this->pubkey->get_keysize(this->pubkey);
|
||||
|
@ -178,7 +178,7 @@ METHOD(private_key_t, sign, bool,
|
|||
DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv);
|
||||
return FALSE;
|
||||
}
|
||||
len = get_keysize(this);
|
||||
len = (get_keysize(this) + 7) / 8;
|
||||
buf = malloc(len);
|
||||
rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len);
|
||||
this->mutex->unlock(this->mutex);
|
||||
|
|
|
@ -125,10 +125,10 @@ METHOD(public_key_t, encrypt, bool,
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
METHOD(public_key_t, get_keysize, size_t,
|
||||
METHOD(public_key_t, get_keysize, int,
|
||||
private_pkcs11_public_key_t *this)
|
||||
{
|
||||
return this->k;
|
||||
return this->k * 8;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -29,7 +29,7 @@ static void print_pubkey(public_key_t *key)
|
|||
chunk_t chunk;
|
||||
|
||||
printf("pubkey: %N %d bits\n", key_type_names, key->get_type(key),
|
||||
key->get_keysize(key) * 8);
|
||||
key->get_keysize(key));
|
||||
if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &chunk))
|
||||
{
|
||||
printf("keyid: %#B\n", &chunk);
|
||||
|
|
|
@ -232,7 +232,7 @@ void list_pgp_end_certs(bool utc)
|
|||
|
||||
whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
|
||||
key_type_names, key->get_type(key),
|
||||
key->get_keysize(key) * BITS_PER_BYTE,
|
||||
key->get_keysize(key),
|
||||
has_private_key(cert)? ", has private key" : "");
|
||||
if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &keyid))
|
||||
{
|
||||
|
|
|
@ -194,18 +194,16 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy)
|
|||
|
||||
if (policy & POLICY_PUBKEY)
|
||||
{
|
||||
int auth_method = 0;
|
||||
size_t key_size = 0;
|
||||
int auth_method = 0, key_size = 0;
|
||||
key_type_t key_type = KEY_ANY;
|
||||
|
||||
|
||||
if (c->spd.this.cert)
|
||||
{
|
||||
certificate_t *certificate = c->spd.this.cert->cert;
|
||||
public_key_t *key = certificate->get_public_key(certificate);
|
||||
|
||||
if (key == NULL)
|
||||
{
|
||||
{
|
||||
plog("ike alg: unable to retrieve my public key");
|
||||
continue;
|
||||
}
|
||||
|
@ -233,13 +231,13 @@ struct db_context *ike_alg_db_new(connection_t *c, lset_t policy)
|
|||
case KEY_ECDSA:
|
||||
switch (key_size)
|
||||
{
|
||||
case 32:
|
||||
case 256:
|
||||
auth_method = OAKLEY_ECDSA_256;
|
||||
break;
|
||||
case 48:
|
||||
case 384:
|
||||
auth_method = OAKLEY_ECDSA_384;
|
||||
break;
|
||||
case 66:
|
||||
case 521:
|
||||
auth_method = OAKLEY_ECDSA_521;
|
||||
break;
|
||||
default:
|
||||
|
|
|
@ -1449,7 +1449,7 @@ void list_public_keys(bool utc)
|
|||
whack_log(RC_COMMENT, " identity: '%Y'", key->id);
|
||||
whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s",
|
||||
key_type_names, public->get_type(public),
|
||||
public->get_keysize(public) * BITS_PER_BYTE,
|
||||
public->get_keysize(public),
|
||||
&key->until_time, utc,
|
||||
check_expiry(key->until_time, PUBKEY_WARNING_INTERVAL, TRUE));
|
||||
if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid))
|
||||
|
|
|
@ -427,7 +427,7 @@ void list_x509cert_chain(const char *caption, cert_t* cert,
|
|||
{
|
||||
whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
|
||||
key_type_names, key->get_type(key),
|
||||
key->get_keysize(key) * BITS_PER_BYTE,
|
||||
key->get_keysize(key),
|
||||
cert->smartcard ? ", on smartcard" :
|
||||
(has_private_key(cert)? ", has private key" : ""));
|
||||
|
||||
|
|
|
@ -807,7 +807,7 @@ int main(int argc, char **argv)
|
|||
public_key = private_key->get_public_key(private_key);
|
||||
|
||||
/* check for minimum key length */
|
||||
if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS)
|
||||
if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE)
|
||||
{
|
||||
exit_scepclient("length of RSA key has to be at least %d bits"
|
||||
,RSA_MIN_OCTETS * BITS_PER_BYTE);
|
||||
|
|
Loading…
Reference in New Issue