Updated to new upstream release. interfaces Patch is not from upstream.

1 files changed, 151 insertions, 345 deletions

diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index e0e8015db..cd156961e 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -28,27 +28,17 @@ typedef struct private_gcrypt_rsa_private_key_t private_gcrypt_rsa_private_key_t
  * Private data of a gcrypt_rsa_private_key_t object.
  */
 struct private_gcrypt_rsa_private_key_t {
-	
+
 	/**
 	 * Public interface
 	 */
 	gcrypt_rsa_private_key_t public;
-	
+
 	/**
 	 * gcrypt S-expression representing an RSA key
 	 */
 	gcry_sexp_t key;
-	
-	/**
-	 * Keyid formed as a SHA-1 hash of a publicKey object
-	 */
-	identification_t* keyid;
-	
-	/**
-	 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
-	 */
-	identification_t* keyid_info;
-	
+
 	/**
 	 * reference count
 	 */
@@ -56,11 +46,6 @@ struct private_gcrypt_rsa_private_key_t {
 };
 
 /**
- * Implemented in gcrypt_rsa_public_key.c
- */
-public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key);
-
-/**
  * find a token in a S-expression. If a key is given, its length is used to
  * pad the output to a given length.
  */
@@ -69,7 +54,7 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key)
 	gcry_sexp_t token;
 	chunk_t data = chunk_empty, tmp;
 	size_t len = 0;
-	
+
 	token = gcry_sexp_find_token(sexp, name, 1);
 	if (token)
 	{
@@ -123,7 +108,7 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this,
 	gcry_error_t err;
 	chunk_t em;
 	size_t k;
-	
+
 	/* EM = 0x00 || 0x01 || PS || 0x00 || T
 	 * PS = 0xFF padding, with length to fill em
 	 * T  = data
@@ -139,7 +124,7 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this,
 	em.ptr[1] = 0x01;
 	em.ptr[em.len - data.len - 1] = 0x00;
 	memcpy(em.ptr + em.len - data.len, data.ptr, data.len);
-	
+
 	err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))",
 						  em.len, em.ptr);
 	chunk_free(&em);
@@ -172,7 +157,7 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
 	gcry_error_t err;
 	gcry_sexp_t in, out;
 	int hash_oid;
-	
+
 	hash_oid = hasher_algorithm_to_oid(hash_algorithm);
 	if (hash_oid == OID_UNKNOWN)
 	{
@@ -185,7 +170,7 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
 	}
 	hasher->allocate_hash(hasher, data, &hash);
 	hasher->destroy(hasher);
-	
+
 	err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
 						  hash_name, hash.len, hash.ptr);
 	chunk_free(&hash);
@@ -217,7 +202,7 @@ static key_type_t get_type(private_gcrypt_rsa_private_key_t *this)
 /**
  * Implementation of gcrypt_rsa_private_key.destroy.
  */
-static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, 
+static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme,
 				 chunk_t data, chunk_t *sig)
 {
 	switch (scheme)
@@ -253,7 +238,7 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this,
 	gcry_sexp_t in, out;
 	chunk_t padded;
 	u_char *pos = NULL;;
-	
+
 	err = gcry_sexp_build(&in, NULL, "(enc-val(flags)(rsa(a %b)))",
 						  encrypted.len, encrypted.ptr);
 	if (err)
@@ -299,97 +284,40 @@ static size_t get_keysize(private_gcrypt_rsa_private_key_t *this)
 }
 
 /**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static identification_t* get_id(private_gcrypt_rsa_private_key_t *this,
-								id_type_t type)
-{
-	switch (type)
-	{
-		case ID_PUBKEY_INFO_SHA1:
-			return this->keyid_info;
-		case ID_PUBKEY_SHA1:
-			return this->keyid;
-		default:
-			return NULL;
-	}
-}
-
-/**
  * Implementation of gcrypt_rsa_private_key.get_public_key.
  */
 static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this)
 {
-	return gcrypt_rsa_public_key_create_from_sexp(this->key);
-}
+	chunk_t n, e;
+	public_key_t *public;
 
-/**
- * Implementation of gcrypt_rsa_private_key.equals.
- */
-static bool equals(private_gcrypt_rsa_private_key_t *this, private_key_t *other)
-{
-	identification_t *keyid;
+	n = gcrypt_rsa_find_token(this->key, "n", NULL);
+	e = gcrypt_rsa_find_token(this->key, "e", NULL);
 
-	if (&this->public.interface == other)
-	{
-		return TRUE;
-	}
-	if (other->get_type(other) != KEY_RSA)
-	{
-		return FALSE;
-	}
-	keyid = other->get_id(other, ID_PUBKEY_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid))
-	{
-		return TRUE;
-	}
-	keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid_info))
-	{
-		return TRUE;
-	}
-	return FALSE;
-}
+	public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+						BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END);
+	chunk_free(&n);
+	chunk_free(&e);
 
-/**
- * Implementation of gcrypt_rsa_private_key.belongs_to.
- */
-static bool belongs_to(private_gcrypt_rsa_private_key_t *this,
-					   public_key_t *public)
-{
-	identification_t *keyid;
-	
-	if (public->get_type(public) != KEY_RSA)
-	{
-		return FALSE;
-	}
-	keyid = public->get_id(public, ID_PUBKEY_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid))
-	{
-		return TRUE;
-	}
-	keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
-	if (keyid && keyid->equals(keyid, this->keyid_info))
-	{
-		return TRUE;
-	}
-	return FALSE;
+	return public;
 }
 
 /**
- * Implementation of private_key_t.get_encoding.
+ * Implementation of private_key_t.get_encoding
  */
-static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
+static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
+						 key_encoding_type_t type, chunk_t *encoding)
 {
-	chunk_t cp, cq, cd, cexp1 = chunk_empty, cexp2 = chunk_empty;
+	chunk_t cn, ce, cp, cq, cd, cu, cexp1 = chunk_empty, cexp2 = chunk_empty;
 	gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2;
 	gcry_error_t err;
-	
+	bool success;
+
 	/* p and q are swapped, gcrypt expects p < q */
 	cp = gcrypt_rsa_find_token(this->key, "q", NULL);
 	cq = gcrypt_rsa_find_token(this->key, "p", NULL);
 	cd = gcrypt_rsa_find_token(this->key, "d", NULL);
-	
+
 	err = gcry_mpi_scan(&p, GCRYMPI_FMT_USG, cp.ptr, cp.len, NULL)
 		| gcry_mpi_scan(&q, GCRYMPI_FMT_USG, cq.ptr, cq.len, NULL)
 		| gcry_mpi_scan(&d, GCRYMPI_FMT_USG, cd.ptr, cd.len, NULL);
@@ -402,26 +330,26 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
 		chunk_clear(&cq);
 		chunk_clear(&cd);
 		DBG1("scanning mpi for export failed: %s", gpg_strerror(err));
-		return chunk_empty;
+		return FALSE;
 	}
-	
+
 	gcry_mpi_sub_ui(p, p, 1);
 	exp1 = gcry_mpi_new(gcry_pk_get_nbits(this->key));
 	gcry_mpi_mod(exp1, d, p);
 	gcry_mpi_release(p);
-	
+
 	gcry_mpi_sub_ui(q, q, 1);
 	exp2 = gcry_mpi_new(gcry_pk_get_nbits(this->key));
 	gcry_mpi_mod(exp1, d, q);
 	gcry_mpi_release(q);
-	
+
 	err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp1.ptr, &cexp1.len, exp1)
 		| gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp2.ptr, &cexp2.len, exp2);
-	
+
 	gcry_mpi_release(d);
 	gcry_mpi_release(exp1);
 	gcry_mpi_release(exp2);
-	
+
 	if (err)
 	{
 		DBG1("printing mpi for export failed: %s", gpg_strerror(err));
@@ -430,18 +358,53 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
 		chunk_clear(&cd);
 		chunk_clear(&cexp1);
 		chunk_clear(&cexp2);
-		return chunk_empty;
+		return FALSE;
+	}
+
+	cn = gcrypt_rsa_find_token(this->key, "n", NULL);
+	ce = gcrypt_rsa_find_token(this->key, "e", NULL);
+	cu = gcrypt_rsa_find_token(this->key, "u", NULL);
+
+	success = lib->encoding->encode(lib->encoding, type, NULL, encoding,
+							KEY_PART_RSA_MODULUS, cn,
+							KEY_PART_RSA_PUB_EXP, ce, KEY_PART_RSA_PRIV_EXP, cd,
+							KEY_PART_RSA_PRIME1, cp, KEY_PART_RSA_PRIME2, cq,
+							KEY_PART_RSA_EXP1, cexp1, KEY_PART_RSA_EXP2, cexp2,
+							KEY_PART_RSA_COEFF, cu, KEY_PART_END);
+	chunk_free(&cn);
+	chunk_free(&ce);
+	chunk_clear(&cd);
+	chunk_clear(&cp);
+	chunk_clear(&cq);
+	chunk_clear(&cexp1);
+	chunk_clear(&cexp2);
+	chunk_clear(&cu);
+
+	return success;
+}
+
+/**
+ * Implementation of private_key_t.get_fingerprint
+ */
+static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this,
+							key_encoding_type_t type, chunk_t *fp)
+{
+	chunk_t n, e;
+	bool success;
+
+	if (lib->encoding->get_cache(lib->encoding, type, this, fp))
+	{
+		return TRUE;
 	}
-	
-	return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", ASN1_INTEGER_0,
-			asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)),
-			asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL)),
-			asn1_integer("m", cd),
-			asn1_integer("m", cp),
-			asn1_integer("m", cq),
-			asn1_integer("m", cexp1),
-			asn1_integer("m", cexp2),
-			asn1_integer("m", gcrypt_rsa_find_token(this->key, "u", NULL)));
+	n = gcrypt_rsa_find_token(this->key, "n", NULL);
+	e = gcrypt_rsa_find_token(this->key, "e", NULL);
+
+	success = lib->encoding->encode(lib->encoding,
+								type, this, fp, KEY_PART_RSA_MODULUS, n,
+								KEY_PART_RSA_PUB_EXP, e, KEY_PART_END);
+	chunk_free(&n);
+	chunk_free(&e);
+	return success;
 }
 
 /**
@@ -460,9 +423,8 @@ static void destroy(private_gcrypt_rsa_private_key_t *this)
 {
 	if (ref_put(&this->ref))
 	{
-		DESTROY_IF(this->keyid);
-		DESTROY_IF(this->keyid_info);
 		gcry_sexp_release(this->key);
+		lib->encoding->clear_cache(lib->encoding, this);
 		free(this);
 	}
 }
@@ -473,192 +435,121 @@ static void destroy(private_gcrypt_rsa_private_key_t *this)
 static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty()
 {
 	private_gcrypt_rsa_private_key_t *this = malloc_thing(private_gcrypt_rsa_private_key_t);
-	
+
 	this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
 	this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
 	this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
 	this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
-	this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
 	this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
-	this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
-	this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
-	this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
+	this->public.interface.equals = private_key_equals;
+	this->public.interface.belongs_to = private_key_belongs_to;
+	this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint;
+	this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
+	this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding;
 	this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
 	this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
-	
+
 	this->key = NULL;
-	this->keyid = NULL;
-	this->keyid_info = NULL;
 	this->ref = 1;
-	
+
 	return this;
 }
 
 /**
- * build the keyids of a private/public key
+ * See header.
  */
-bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid,
-							 identification_t **keyid_info)
+gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type,
+													 va_list args)
 {
-	chunk_t publicKeyInfo, publicKey, hash;
-	hasher_t *hasher;
-	
-	hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
-	if (!hasher)
+	private_gcrypt_rsa_private_key_t *this;
+	gcry_sexp_t param;
+	gcry_error_t err;
+	u_int key_size = 0;
+
+	while (TRUE)
 	{
-		DBG1("SHA1 hash algorithm not supported, unable to use RSA");
-		return FALSE;
+		switch (va_arg(args, builder_part_t))
+		{
+			case BUILD_KEY_SIZE:
+				key_size = va_arg(args, u_int);
+				continue;
+			case BUILD_END:
+				break;
+			default:
+				return NULL;
+		}
+		break;
+	}
+	if (!key_size)
+	{
+		return NULL;
 	}
-	publicKey = asn1_wrap(ASN1_SEQUENCE, "mm",
-				 asn1_integer("m", gcrypt_rsa_find_token(key, "n", NULL)),
-				 asn1_integer("m", gcrypt_rsa_find_token(key, "e", NULL)));
-	hasher->allocate_hash(hasher, publicKey, &hash);
-	*keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
-	chunk_free(&hash);
-	
-	publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
-						asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
-						asn1_bitstring("m", publicKey));
-	hasher->allocate_hash(hasher, publicKeyInfo, &hash);
-	*keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash);
-	chunk_free(&hash);
-	
-	hasher->destroy(hasher);
-	chunk_free(&publicKeyInfo);
-	
-	return TRUE;
-}
 
-/**
- * Generate an RSA key of specified key size
- */
-static gcrypt_rsa_private_key_t *generate(size_t key_size)
-{
-	private_gcrypt_rsa_private_key_t *this;
-	gcry_sexp_t param, key;
-	gcry_error_t err;
-	
 	err = gcry_sexp_build(&param, NULL, "(genkey(rsa(nbits %d)))", key_size);
 	if (err)
 	{
 		DBG1("building S-expression failed: %s", gpg_strerror(err));
 		return NULL;
 	}
-	
-	err = gcry_pk_genkey(&key, param);
+	this = gcrypt_rsa_private_key_create_empty();
+	err = gcry_pk_genkey(&this->key, param);
 	gcry_sexp_release(param);
 	if (err)
 	{
+		free(this);
 		DBG1("generating RSA key failed: %s", gpg_strerror(err));
 		return NULL;
 	}
-	this = gcrypt_rsa_private_key_create_empty();
-	this->key = key;
-	
-	if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
-	{
-		destroy(this);
-		return NULL;
-	}
-	
 	return &this->public;
 }
 
 /**
- * ASN.1 definition of a PKCS#1 RSA private key
- */
-static const asn1Object_t privkeyObjects[] = {
-	{ 0, "RSAPrivateKey",		ASN1_SEQUENCE,     ASN1_NONE }, /*  0 */
-	{ 1,   "version",			ASN1_INTEGER,      ASN1_BODY }, /*  1 */
-	{ 1,   "modulus",			ASN1_INTEGER,      ASN1_BODY }, /*  2 */
-	{ 1,   "publicExponent",	ASN1_INTEGER,      ASN1_BODY }, /*  3 */
-	{ 1,   "privateExponent",	ASN1_INTEGER,      ASN1_BODY }, /*  4 */
-	{ 1,   "prime1",			ASN1_INTEGER,      ASN1_BODY }, /*  5 */
-	{ 1,   "prime2",			ASN1_INTEGER,      ASN1_BODY }, /*  6 */
-	{ 1,   "exponent1",			ASN1_INTEGER,      ASN1_BODY }, /*  7 */
-	{ 1,   "exponent2",			ASN1_INTEGER,      ASN1_BODY }, /*  8 */
-	{ 1,   "coefficient",		ASN1_INTEGER,      ASN1_BODY }, /*  9 */
-	{ 1,   "otherPrimeInfos",	ASN1_SEQUENCE,     ASN1_OPT |
-												   ASN1_LOOP }, /* 10 */
-	{ 2,     "otherPrimeInfo",	ASN1_SEQUENCE,     ASN1_NONE }, /* 11 */
-	{ 3,       "prime",			ASN1_INTEGER,      ASN1_BODY }, /* 12 */
-	{ 3,       "exponent",		ASN1_INTEGER,      ASN1_BODY }, /* 13 */
-	{ 3,       "coefficient",	ASN1_INTEGER,      ASN1_BODY }, /* 14 */
-	{ 1,   "end opt or loop",	ASN1_EOC,          ASN1_END  }, /* 15 */
-	{ 0, "exit",				ASN1_EOC,          ASN1_EXIT }
-};
-#define PRIV_KEY_VERSION		 1
-#define PRIV_KEY_MODULUS		 2
-#define PRIV_KEY_PUB_EXP		 3
-#define PRIV_KEY_PRIV_EXP		 4
-#define PRIV_KEY_PRIME1			 5
-#define PRIV_KEY_PRIME2			 6
-#define PRIV_KEY_EXP1			 7
-#define PRIV_KEY_EXP2			 8
-#define PRIV_KEY_COEFF			 9
-
-/**
- * load private key from a ASN1 encoded blob
+ * See header.
  */
-static gcrypt_rsa_private_key_t *load(chunk_t blob)
+gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
+													  va_list args)
 {
 	private_gcrypt_rsa_private_key_t *this;
-	asn1_parser_t *parser;
-	chunk_t object;
-	int objectID ;
-	bool success = FALSE;
-	chunk_t n, e, d, u, p, q;
+	chunk_t n, e, d, p, q, exp, u;
 	gcry_error_t err;
-	
-	n = e = d = u = p = q = chunk_empty;
-	
-	parser = asn1_parser_create(privkeyObjects, blob);
-	parser->set_flags(parser, FALSE, TRUE);
-	
-	while (parser->iterate(parser, &objectID, &object))
+
+	n = e = d = p = q = u = chunk_empty;
+	while (TRUE)
 	{
-		switch (objectID)
+		switch (va_arg(args, builder_part_t))
 		{
-			case PRIV_KEY_VERSION:
-				if (object.len > 0 && *object.ptr != 0)
-				{
-					goto end;
-				}
-				break;
-			case PRIV_KEY_MODULUS:
-				n = object;
-				break;
-			case PRIV_KEY_PUB_EXP:
-				e = object;
-				break;
-			case PRIV_KEY_PRIV_EXP:
-				d = object;
-				break;
-			case PRIV_KEY_PRIME1:
-				/* p and q are swapped, as gcrypt expects p < q */
-				q = object;
-				break;
-			case PRIV_KEY_PRIME2:
-				p = object;
-				break;
-			case PRIV_KEY_EXP1:
-			case PRIV_KEY_EXP2:
-				break;
-			case PRIV_KEY_COEFF:
-				u = object;
+			case BUILD_RSA_MODULUS:
+				n = va_arg(args, chunk_t);
+				continue;
+			case BUILD_RSA_PUB_EXP:
+				e = va_arg(args, chunk_t);
+				continue;
+			case BUILD_RSA_PRIV_EXP:
+				d = va_arg(args, chunk_t);
+				continue;
+			case BUILD_RSA_PRIME1:
+				/* swap p and q, gcrypt expects p < q */
+				q = va_arg(args, chunk_t);
+				continue;
+			case BUILD_RSA_PRIME2:
+				p = va_arg(args, chunk_t);
+				continue;
+			case BUILD_RSA_EXP1:
+			case BUILD_RSA_EXP2:
+				/* not required for gcrypt */
+				exp = va_arg(args, chunk_t);
+				continue;
+			case BUILD_RSA_COEFF:
+				u = va_arg(args, chunk_t);
+				continue;
+			case BUILD_END:
 				break;
+			default:
+				return NULL;
 		}
+		break;
 	}
-	success = parser->success(parser);
-	
-end:
-	parser->destroy(parser);
-	
-	if (!success)
-	{
-		return NULL;
-	}
-	
+
 	this = gcrypt_rsa_private_key_create_empty();
 	err = gcry_sexp_build(&this->key, NULL,
 					"(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
@@ -677,91 +568,6 @@ end:
 		destroy(this);
 		return NULL;
 	}
-	if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
-	{
-		destroy(this);
-		return NULL;
-	}
-	return &this->public;
-}
-
-typedef struct private_builder_t private_builder_t;
-
-/**
- * Builder implementation for key loading/generation
- */
-struct private_builder_t {
-	/** implements the builder interface */
-	builder_t public;
-	/** loaded/generated private key */
-	gcrypt_rsa_private_key_t *key;
-};
-
-/**
- * Implementation of builder_t.build
- */
-static gcrypt_rsa_private_key_t *build(private_builder_t *this)
-{
-	gcrypt_rsa_private_key_t *key = this->key;
-	
-	free(this);
-	return key;
-}
-
-/**
- * Implementation of builder_t.add
- */
-static void add(private_builder_t *this, builder_part_t part, ...)
-{
-	if (!this->key)
-	{
-		va_list args;
-		
-		switch (part)
-		{
-			case BUILD_BLOB_ASN1_DER:
-			{
-				va_start(args, part);
-				this->key = load(va_arg(args, chunk_t));
-				va_end(args);
-				return;
-			}
-			case BUILD_KEY_SIZE:
-			{
-				va_start(args, part);
-				this->key = generate(va_arg(args, u_int));
-				va_end(args);
-				return;
-			}
-			default:
-				break;
-		}
-	}
-	if (this->key)
-	{
-		destroy((private_gcrypt_rsa_private_key_t*)this->key);
-	}
-	builder_cancel(&this->public);
-}
-
-/**
- * Builder construction function
- */
-builder_t *gcrypt_rsa_private_key_builder(key_type_t type)
-{
-	private_builder_t *this;
-	
-	if (type != KEY_RSA)
-	{
-		return NULL;
-	}
-	
-	this = malloc_thing(private_builder_t);
-	
-	this->key = NULL;
-	this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
-	this->public.build = (void*(*)(builder_t *this))build;
-	
 	return &this->public;
 }