computation of SHA-1 hash over publicKeyInfo object

src/libstrongswan/crypto/rsa/rsa_private_key.c

@@ -25,15 +25,15 @@
 #include <unistd.h>
 #include <string.h>
 
+#include "rsa_public_key.h"
 #include "rsa_private_key.h"
 
 #include <asn1/asn1.h>
 #include <asn1/pem.h>
 #include <utils/randomizer.h>
 
-/* 
- * Oids for hash algorithms are defined in
- * rsa_public_key.c.
+/**
+ * OIDs for hash algorithms are defined in rsa_public_key.c.
  */
 extern u_int8_t md2_oid[18];
 extern u_int8_t md5_oid[18];
@@ -109,6 +109,12 @@ struct private_rsa_private_key_t {
 	 * Keysize in bytes.
 	 */
 	size_t k;
+
+	/**
+	 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
+	 */
+	chunk_t keyid;
+
 	
 	/**
 	 * @brief Implements the RSADP algorithm specified in PKCS#1.
@@ -251,8 +257,8 @@ static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash
 {
 	hasher_t *hasher;
 	chunk_t hash;
-	chunk_t oid;
 	chunk_t em;
+	chunk_t oid;
 	
 	/* get oid string prepended to hash */
 	switch (hash_algorithm)
@@ -406,11 +412,7 @@ rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
  */
 static bool belongs_to(private_rsa_private_key_t *this, rsa_public_key_t *public)
 {
-	if (mpz_cmp(this->n, *public->get_modulus(public)) == 0)
-	{
-		return TRUE;
-	}
-	return FALSE;
+	return chunk_equals(this->keyid, public->get_keyid(public));
 }
 
 /**
@@ -522,6 +524,7 @@ static rsa_private_key_t* _clone(private_rsa_private_key_t *this)
 	mpz_init_set(clone->exp1, this->exp1);
 	mpz_init_set(clone->exp2, this->exp2);
 	mpz_init_set(clone->coeff, this->coeff);
+	clone->keyid = chunk_clone(this->keyid);
 	clone->k = this->k;
 	
 	return &clone->public;
@@ -540,6 +543,7 @@ static void destroy(private_rsa_private_key_t *this)
 	mpz_clear(this->exp1);
 	mpz_clear(this->exp2);
 	mpz_clear(this->coeff);
+	free(this->keyid.ptr);
 	free(this);
 }
 
@@ -723,6 +727,16 @@ rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t blob)
 	}
 	
 	this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
+
+	/* form the keyid as a SHA-1 hash of a publicKeyInfo object */
+	{
+		chunk_t publicKeyInfo = rsa_public_key_info_to_asn1(this->n, this->e);
+		hasher_t *hasher = hasher_create(HASH_SHA1);
+
+		hasher->allocate_hash(hasher, publicKeyInfo, &this->keyid);
+		hasher->destroy(hasher);
+		free(publicKeyInfo.ptr);
+	}
 	
 	if (check(this) != SUCCESS)
 	{

src/libstrongswan/crypto/rsa/rsa_public_key.c

@@ -32,12 +32,9 @@
 #include <asn1/asn1.h>
 
 /* 
- * For simplicity,
- * we use these predefined values for
- * hash algorithm OIDs. These also contain
- * the length of the following hash.
- * These values are also used in rsa_private_key.c.
- * TODO: We may move them in asn1 sometime...
+ * For simplicity, we use these predefined values for hash algorithm OIDs 
+ * These also contain the length of the appended hash  
+ * These values are also  used in rsa_private_key.c.
  */
 
 const u_int8_t md2_oid[] = {
@@ -132,6 +129,11 @@ struct private_rsa_public_key_t {
 	 */
 	size_t k;
 	
+	/**
+	 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
+	 */
+	chunk_t keyid;
+
 	/**
 	 * @brief Implements the RSAEP algorithm specified in PKCS#1.
 	 * 
@@ -151,24 +153,6 @@ struct private_rsa_public_key_t {
 	chunk_t (*rsavp1) (private_rsa_public_key_t *this, chunk_t data);
 };
 
-
-typedef struct rsa_public_key_info_t rsa_public_key_info_t;
-
-/**
- * KeyInfo, as it appears in a public key file
- */
-struct rsa_public_key_info_t {
-	/**
-	 * Algorithm for this key
-	 */
-	chunk_t algorithm_oid;
-	
-	/**
-	 * Public key, parseable with rsa_public_key_rules
-	 */
-	chunk_t public_key;
-};
-
 private_rsa_public_key_t *rsa_public_key_create_empty(void);
 
 /**
@@ -204,11 +188,10 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun
 	chunk_t hash;
 	chunk_t em;
 	u_int8_t *pos;
+	status_t res = FAILED;
 	
 	if (signature.len > this->k)
-	{
 		return INVALID_ARG;	
-	}
 	
 	/* unpack signature */
 	em = this->rsavp1(this, signature);
@@ -220,12 +203,8 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun
 	 */	
 	
 	/* check magic bytes */
-	if ((*(em.ptr) != 0x00) ||
-		(*(em.ptr+1) != 0x01))
-	{
-		free(em.ptr);
-		return FAILED;
-	}
+	if ((*(em.ptr) != 0x00) || (*(em.ptr+1) != 0x01))
+		goto end;
 	
 	/* find magic 0x00 */
 	pos = em.ptr + 2;
@@ -240,8 +219,7 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun
 		else if (*pos != 0xFF)
 		{
 			/* bad padding, decryption failed ?!*/
-			free(em.ptr);
-			return FAILED;	
+			goto end;
 		}
 		pos++;
 	}
@@ -249,36 +227,35 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun
 	if (pos + 20 > em.ptr + em.len)
 	{
 		/* not enought room for oid compare */
-		free(em.ptr);
-		return FAILED;	
+		goto end;
 	}
 	
-	if (memcmp(md2_oid, pos, sizeof(md2_oid)) == 0)
+	if (memeq(md2_oid, pos, sizeof(md2_oid)))
 	{
 		hasher = hasher_create(HASH_MD2);
 		pos += sizeof(md2_oid);
 	}
-	else if (memcmp(md5_oid, pos, sizeof(md5_oid)) == 0)
+	else if (memeq(md5_oid, pos, sizeof(md5_oid)))
 	{
 		hasher = hasher_create(HASH_MD5);
 		pos += sizeof(md5_oid);
 	}
-	else if (memcmp(sha1_oid, pos, sizeof(sha1_oid)) == 0)
+	else if (memeq(sha1_oid, pos, sizeof(sha1_oid)))
 	{
 		hasher = hasher_create(HASH_SHA1);
 		pos += sizeof(sha1_oid);
 	}
-	else if (memcmp(sha256_oid, pos, sizeof(sha256_oid)) == 0)
+	else if (memeq(sha256_oid, pos, sizeof(sha256_oid)))
 	{
 		hasher = hasher_create(HASH_SHA256);
 		pos += sizeof(sha256_oid);
 	}
-	else if (memcmp(sha384_oid, pos, sizeof(sha384_oid)) == 0)
+	else if (memeq(sha384_oid, pos, sizeof(sha384_oid)))
 	{
 		hasher = hasher_create(HASH_SHA384);
 		pos += sizeof(sha384_oid);
 	}
-	else if (memcmp(sha512_oid, pos, sizeof(sha512_oid)) == 0)
+	else if (memeq(sha512_oid, pos, sizeof(sha512_oid)))
 	{
 		hasher = hasher_create(HASH_SHA512);
 		pos += sizeof(sha512_oid);
@@ -286,36 +263,29 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun
 	
 	if (hasher == NULL)
 	{
-		/* not supported hash algorithm */
-		free(em.ptr);
-		return NOT_SUPPORTED;	
+		/* unsupported hash algorithm */
+		res = NOT_SUPPORTED;;
+		goto end;
 	}
 	
 	if (pos + hasher->get_hash_size(hasher) != em.ptr + em.len)
 	{
 		/* bad length */
-		free(em.ptr);
 		hasher->destroy(hasher);
-		return FAILED;	
+		goto end;
 	}
 	
-	/* build own hash for a compare */
+	/* build our own hash */
 	hasher->allocate_hash(hasher, data, &hash);
 	hasher->destroy(hasher);
 	
-	if (memcmp(hash.ptr, pos, hash.len) != 0)
-	{
-		/* hash does not equal */
-		free(hash.ptr);
-		free(em.ptr);
-		return FAILED;	
-			
-	}
-	
-	/* seems good */
+	/* compare the hashes */
+	res = memeq(hash.ptr, pos, hash.len)? SUCCESS : FAILED;
 	free(hash.ptr);
+
+end:
 	free(em.ptr);
-	return SUCCESS;	
+	return res;
 }
 	
 /**
@@ -364,6 +334,14 @@ static size_t get_keysize(private_rsa_public_key_t *this)
 	return this->k;
 }
 
+/**
+ * Implementation of rsa_public_key.get_keyid.
+ */
+static chunk_t get_keyid(private_rsa_public_key_t *this)
+{
+	return this->keyid;
+}
+
 /**
  * Implementation of rsa_public_key.clone.
  */
@@ -373,6 +351,7 @@ static rsa_public_key_t* _clone(private_rsa_public_key_t *this)
 	
 	mpz_init_set(clone->n, this->n);
 	mpz_init_set(clone->e, this->e);
+	clone->keyid = chunk_clone(this->keyid);
 	clone->k = this->k;
 	
 	return &clone->public;
@@ -385,6 +364,7 @@ static void destroy(private_rsa_public_key_t *this)
 {
 	mpz_clear(this->n);
 	mpz_clear(this->e);
+	free(this->keyid.ptr);
 	free(this);
 }
 
@@ -401,6 +381,7 @@ private_rsa_public_key_t *rsa_public_key_create_empty(void)
 	this->public.save_key = (status_t (*) (rsa_public_key_t*,char*))save_key;
 	this->public.get_modulus = (mpz_t *(*) (rsa_public_key_t*))get_modulus;
 	this->public.get_keysize = (size_t (*) (rsa_public_key_t*))get_keysize;
+	this->public.get_keyid = (chunk_t (*) (rsa_public_key_t*))get_keyid;
 	this->public.clone = (rsa_public_key_t* (*) (rsa_public_key_t*))_clone;
 	this->public.destroy = (void (*) (rsa_public_key_t*))destroy;
 	
@@ -410,7 +391,27 @@ private_rsa_public_key_t *rsa_public_key_create_empty(void)
 	
 	return this;
 }
-	
+
+/**
+ * Build a DER-encoded publicKeyInfo object from an RSA public key
+ */
+chunk_t rsa_public_key_info_to_asn1(const mpz_t n, const mpz_t e)
+{
+	chunk_t rawKey = asn1_wrap(ASN1_SEQUENCE, "mm",
+								 asn1_integer_from_mpz(n),
+								 asn1_integer_from_mpz(e));
+	chunk_t publicKey;
+
+	u_char *pos = build_asn1_object(&publicKey, ASN1_BIT_STRING, 1 + rawKey.len);
+
+	*pos++ = 0x00;
+	memcpy(pos, rawKey.ptr, rawKey.len);
+	free(rawKey.ptr);
+
+	return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_rsaEncryption_id,
+										  publicKey);
+}
+
 /*
  * See header
  */
@@ -420,9 +421,9 @@ rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t blob)
 	chunk_t object;
 	u_int level;
 	int objectID = 0;
-	private_rsa_public_key_t *this;
-	
-	this = rsa_public_key_create_empty();
+
+	private_rsa_public_key_t *this = rsa_public_key_create_empty();
+
 	mpz_init(this->n);
 	mpz_init(this->e);
 	
@@ -448,6 +449,17 @@ rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t blob)
 	}
 	
 	this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
+	
+	/* form the keyid as a SHA-1 hash of a publicKeyInfo object */
+	{
+		chunk_t publicKeyInfo = rsa_public_key_info_to_asn1(this->n, this->e);
+		hasher_t *hasher = hasher_create(HASH_SHA1);
+
+		hasher->allocate_hash(hasher, publicKeyInfo, &this->keyid);
+		hasher->destroy(hasher);
+		free(publicKeyInfo.ptr);
+	}
+
 	return &this->public;
 }
 
@@ -456,31 +468,14 @@ rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t blob)
  */
 rsa_public_key_t *rsa_public_key_create_from_file(char *filename)
 {
-	struct stat stb;
-	FILE *file;
-	char *buffer;
-	chunk_t chunk;
-	
-	if (stat(filename, &stb) == -1)
-	{
+	bool pgp = FALSE;
+	chunk_t chunk = CHUNK_INITIALIZER;
+	rsa_public_key_t *pubkey = NULL;
+
+	if (!pem_asn1_load_file(filename, "", "public key", &chunk, &pgp))
 		return NULL;
-	}
-	
-	buffer = alloca(stb.st_size);
-	
-	file = fopen(filename, "r");
-	if (file == NULL)
-	{
-		return NULL;
-	}
-	
-	if (fread(buffer, stb.st_size, 1, file) != 1)
-	{
-		return NULL;
-	}
-	
-	chunk.ptr = buffer;
-	chunk.len = stb.st_size;
-	
-	return rsa_public_key_create_from_chunk(chunk);
+
+	pubkey = rsa_public_key_create_from_chunk(chunk);
+	free(chunk.ptr);
+	return pubkey;
 }

src/libstrongswan/crypto/rsa/rsa_public_key.h

@@ -112,6 +112,14 @@ struct rsa_public_key_t {
 	 */
 	size_t (*get_keysize) (rsa_public_key_t *this);
 
+	/**
+	 * @brief Get the keyid formed as the SHA-1 hash of a publicKeyInfo object.
+	 * 
+	 * @param this				calling object
+	 * @return					keyid in the form of a SHA-1 hash
+	 */
+	chunk_t (*get_keyid) (rsa_public_key_t *this);
+
 	/**
 	 * @brief Clone the public key.
 	 * 
@@ -132,13 +140,11 @@ struct rsa_public_key_t {
  * @brief Load an RSA public key from a chunk.
  * 
  * Load a key from a chunk, encoded in the more frequently
- * used PublicKeyInfo struct (ASN1 DER encoded).
+ * used publicKeyInfo object (ASN1 DER encoded).
  * 
  * @param chunk				chunk containing the DER encoded key
  * @return 					loaded rsa_public_key_t, or NULL
- * 
- * @todo Check OID in PublicKeyInfo
- * 
+  * 
  * @ingroup rsa
  */
 rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk);
@@ -152,10 +158,19 @@ rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk);
  * @param filename			filename which holds the key
  * @return 					loaded rsa_public_key_t, or NULL
  * 
- * @todo Implement PEM file loading
- * 
  * @ingroup rsa
  */
 rsa_public_key_t *rsa_public_key_create_from_file(char *filename);
 
+/**
+ * @brief Build a DER-encoded publicKeyInfo object from an RSA public key
+ * 
+ * @param n					modulus n
+ * @param e					public exponent
+ * @return 					DER-encoded publicKeyInfo object
+ * 
+ * @ingroup rsa
+ */
+chunk_t rsa_public_key_info_to_asn1(const mpz_t n, const mpz_t e);
+
 #endif /*RSA_PUBLIC_KEY_H_*/