ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
strongswan/Source/lib/crypto/rsa/rsa_public_key.c

469 lines
10 KiB
C
Raw Blame History

/**
* @file rsa_public_key.c
*
* @brief Implementation of rsa_public_key_t.
*
*/
/*
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <gmp.h>
#include <sys/stat.h>
#include <unistd.h>
#include "rsa_public_key.h"
#include <daemon.h>
#include <utils/allocator.h>
#include <crypto/hashers/hasher.h>
#include <asn1/der_decoder.h>
/*
* For simplicity,
* we use these predefined values for
* hash algorithm OIDs. These also contain
* the length of the following hash.
* These values are also used in rsa_private_key.c.
*/
u_int8_t md2_oid[] = {
0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,
0x04,0x10
};
u_int8_t md5_oid[] = {
0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,
0x04,0x10
};
u_int8_t sha1_oid[] = {
0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,
0x03,0x02,0x1a,0x05,0x00,0x04,0x14
};
u_int8_t sha256_oid[] = {
0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,
0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,
0x00,0x04,0x20
};
u_int8_t sha384_oid[] = {
0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,
0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,
0x00,0x04,0x30
};
u_int8_t sha512_oid[] = {
0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,
0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,
0x00,0x04,0x40
};
typedef struct private_rsa_public_key_t private_rsa_public_key_t;
/**
* Private data structure with signing context.
*/
struct private_rsa_public_key_t {
/**
* Public interface for this signer.
*/
rsa_public_key_t public;
/**
* Public modulus.
*/
mpz_t n;
/**
* Public exponent.
*/
mpz_t e;
/**
* Keysize in bytes.
*/
size_t k;
/**
* @brief Implements the RSAEP algorithm specified in PKCS#1.
*
* @param this calling object
* @param data data to process
* @return processed data
*/
chunk_t (*rsaep) (private_rsa_public_key_t *this, chunk_t data);
/**
* @brief Implements the RSASVP1 algorithm specified in PKCS#1.
*
* @param this calling object
* @param data data to process
* @return processed data
*/
chunk_t (*rsavp1) (private_rsa_public_key_t *this, chunk_t data);
};
typedef struct rsa_public_key_info_t rsa_public_key_info_t;
/**
* KeyInfo, as it appears in a public key file
*/
struct rsa_public_key_info_t {
/**
* Algorithm for this key
*/
chunk_t algorithm_oid;
/**
* Public key, parseable with rsa_public_key_rules
*/
chunk_t public_key;
};
/**
* Rules for de-/encoding of a public key from/in ASN1
*/
static asn1_rule_t rsa_public_key_rules[] = {
{ASN1_SEQUENCE, 0, 0, 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, n), 0},
{ ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, e), 0},
{ASN1_END, 0, 0, 0},
};
/**
* Rules for de-/encoding of a PublicKeyInfo from/in ASN1
*/
static asn1_rule_t rsa_public_key_info_rules[] = {
{ASN1_SEQUENCE, 0, 0, 0},
{ ASN1_SEQUENCE, 0, 0, 0},
{ ASN1_OID, 0, offsetof(rsa_public_key_info_t, algorithm_oid), 0},
{ ASN1_NULL, 0, 0, 0},
{ ASN1_END, 0, 0, 0},
{ ASN1_BITSTRING, 0, offsetof(rsa_public_key_info_t, public_key), 0},
{ASN1_END, 0, 0, 0},
};
private_rsa_public_key_t *rsa_public_key_create_empty();
/**
* Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1
*/
static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
{
mpz_t m, c;
chunk_t encrypted;
mpz_init(c);
mpz_init(m);
mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
mpz_powm(c, m, this->e, this->n);
encrypted.len = this->k;
encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
mpz_clear(c);
mpz_clear(m);
return encrypted;
}
/**
* Implementation of rsa_public_key.verify_emsa_pkcs1_signature.
*/
static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature)
{
hasher_t *hasher = NULL;
chunk_t hash;
chunk_t em;
u_int8_t *pos;
if (signature.len > this->k)
{
return INVALID_ARG;
}
/* unpack signature */
em = this->rsavp1(this, signature);
/* result should look like this:
* EM = 0x00 || 0x01 || PS || 0x00 || T.
* PS = 0xFF padding, with length to fill em
* T = oid || hash
*/
/* check magic bytes */
if ((*(em.ptr) != 0x00) ||
(*(em.ptr+1) != 0x01))
{
allocator_free(em.ptr);
return FAILED;
}
/* find magic 0x00 */
pos = em.ptr + 2;
while (pos <= em.ptr + em.len)
{
if (*pos == 0x00)
{
/* found magic byte, stop */
pos++;
break;
}
else if (*pos != 0xFF)
{
/* bad padding, decryption failed ?!*/
allocator_free(em.ptr);
return FAILED;
}
pos++;
}
if (pos + 20 > em.ptr + em.len)
{
/* not enought room for oid compare */
allocator_free(em.ptr);
return FAILED;
}
if (memcmp(md2_oid, pos, sizeof(md2_oid)) == 0)
{
hasher = hasher_create(HASH_MD2);
pos += sizeof(md2_oid);
}
else if (memcmp(md5_oid, pos, sizeof(md5_oid)) == 0)
{
hasher = hasher_create(HASH_MD5);
pos += sizeof(md5_oid);
}
else if (memcmp(sha1_oid, pos, sizeof(sha1_oid)) == 0)
{
hasher = hasher_create(HASH_SHA1);
pos += sizeof(sha1_oid);
}
else if (memcmp(sha256_oid, pos, sizeof(sha256_oid)) == 0)
{
hasher = hasher_create(HASH_SHA256);
pos += sizeof(sha256_oid);
}
else if (memcmp(sha384_oid, pos, sizeof(sha384_oid)) == 0)
{
hasher = hasher_create(HASH_SHA384);
pos += sizeof(sha384_oid);
}
else if (memcmp(sha512_oid, pos, sizeof(sha512_oid)) == 0)
{
hasher = hasher_create(HASH_SHA512);
pos += sizeof(sha512_oid);
}
if (hasher == NULL)
{
/* not supported hash algorithm */
allocator_free(em.ptr);
return NOT_SUPPORTED;
}
if (pos + hasher->get_block_size(hasher) != em.ptr + em.len)
{
/* bad length */
allocator_free(em.ptr);
hasher->destroy(hasher);
return FAILED;
}
/* build own hash for a compare */
hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
if (memcmp(hash.ptr, pos, hash.len) != 0)
{
/* hash does not equal */
allocator_free(hash.ptr);
allocator_free(em.ptr);
return FAILED;
}
/* seems good */
allocator_free(hash.ptr);
allocator_free(em.ptr);
return SUCCESS;
}
/**
* Implementation of rsa_public_key.get_key.
*/
static status_t get_key(private_rsa_public_key_t *this, chunk_t *key)
{
chunk_t n, e;
n.len = this->k;
n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
e.len = this->k;
e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
key->len = this->k * 2;
key->ptr = allocator_alloc(key->len);
memcpy(key->ptr, n.ptr, n.len);
memcpy(key->ptr + n.len, e.ptr, e.len);
allocator_free(n.ptr);
allocator_free(e.ptr);
return SUCCESS;
}
/**
* Implementation of rsa_public_key.save_key.
*/
static status_t save_key(private_rsa_public_key_t *this, char *file)
{
return NOT_SUPPORTED;
}
/**
* Implementation of rsa_public_key.get_modulus.
*/
static mpz_t *get_modulus(private_rsa_public_key_t *this)
{
return &this->n;
}
/**
* Implementation of rsa_public_key.clone.
*/
static rsa_public_key_t* _clone(private_rsa_public_key_t *this)
{
private_rsa_public_key_t *clone = rsa_public_key_create_empty();
mpz_init_set(clone->n, this->n);
mpz_init_set(clone->e, this->e);
clone->k = this->k;
return &clone->public;
}
/**
* Implementation of rsa_public_key.destroy.
*/
static void destroy(private_rsa_public_key_t *this)
{
mpz_clear(this->n);
mpz_clear(this->e);
allocator_free(this);
}
/**
* Generic private constructor
*/
private_rsa_public_key_t *rsa_public_key_create_empty()
{
private_rsa_public_key_t *this = allocator_alloc_thing(private_rsa_public_key_t);
/* public functions */
this->public.verify_emsa_pkcs1_signature = (status_t (*) (rsa_public_key_t*,chunk_t,chunk_t))verify_emsa_pkcs1_signature;
this->public.get_key = (status_t (*) (rsa_public_key_t*,chunk_t*))get_key;
this->public.save_key = (status_t (*) (rsa_public_key_t*,char*))save_key;
this->public.get_modulus = (mpz_t *(*) (rsa_public_key_t*))get_modulus;
this->public.clone = (rsa_public_key_t* (*) (rsa_public_key_t*))_clone;
this->public.destroy = (void (*) (rsa_public_key_t*))destroy;
/* private functions */
this->rsaep = rsaep;
this->rsavp1 = rsaep; /* same algorithm */
return this;
}
/*
* See header
*/
rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t chunk)
{
der_decoder_t *dd;
status_t status;
private_rsa_public_key_t *this;
this = rsa_public_key_create_empty();
mpz_init(this->n);
mpz_init(this->e);
dd = der_decoder_create(rsa_public_key_rules);
status = dd->decode(dd, chunk, this);
dd->destroy(dd);
if (status != SUCCESS)
{
destroy(this);
return NULL;
}
this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
return &this->public;
}
/*
* See header
*/
rsa_public_key_t *rsa_public_key_create_from_file(char *filename)
{
struct stat stb;
FILE *file;
char *buffer;
chunk_t chunk;
rsa_public_key_info_t key_info = {CHUNK_INITIALIZER, CHUNK_INITIALIZER};
der_decoder_t *dd;
status_t status;
rsa_public_key_t *public_key = NULL;
if (stat(filename, &stb) == -1)
{
return NULL;
}
buffer = alloca(stb.st_size);
file = fopen(filename, "r");
if (file == NULL)
{
return NULL;
}
if (fread(buffer, stb.st_size, 1, file) != 1)
{
return NULL;
}
chunk.ptr = buffer;
chunk.len = stb.st_size;
/* parse public key info first */
dd = der_decoder_create(rsa_public_key_info_rules);
status = dd->decode(dd, chunk, &key_info);
dd->destroy(dd);
allocator_free_chunk(&key_info.algorithm_oid);
if (status == SUCCESS)
{
public_key = rsa_public_key_create_from_chunk(chunk);
}
allocator_free_chunk(&key_info.public_key);
return public_key;
}
View Git Blame Copy Permalink