diff options
Diffstat (limited to 'src/libstrongswan/plugins/gcrypt')
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/Makefile.am | 4 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/Makefile.in | 150 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c | 26 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h | 4 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_dh.c | 52 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_dh.h | 4 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c | 16 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h | 4 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c | 62 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_rng.c | 12 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_rng.h | 6 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c | 496 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h | 25 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c | 315 | ||||
-rw-r--r-- | src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h | 15 |
15 files changed, 459 insertions, 732 deletions
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am index 7394676e2..a468a5ed9 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.am +++ b/src/libstrongswan/plugins/gcrypt/Makefile.am @@ -1,7 +1,7 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS) +AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-gcrypt.la @@ -14,4 +14,4 @@ libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_hasher.h gcrypt_hasher.c libstrongswan_gcrypt_la_LDFLAGS = -module -avoid-version -libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS) +libstrongswan_gcrypt_la_LIBADD = -lgcrypt diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index e3d27f7f8..c3081e2dd 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,22 +37,43 @@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gcrypt DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -am__DEPENDENCIES_1 = -libstrongswan_gcrypt_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +libstrongswan_gcrypt_la_DEPENDENCIES = am_libstrongswan_gcrypt_la_OBJECTS = gcrypt_plugin.lo \ gcrypt_rsa_public_key.lo gcrypt_rsa_private_key.lo \ gcrypt_dh.lo gcrypt_rng.lo gcrypt_crypter.lo gcrypt_hasher.lo @@ -62,6 +85,7 @@ libstrongswan_gcrypt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -109,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -139,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -172,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -197,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -205,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -213,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -224,10 +251,11 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS) +AM_CFLAGS = -rdynamic plugin_LTLIBRARIES = libstrongswan-gcrypt.la libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \ @@ -238,7 +266,7 @@ libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \ gcrypt_hasher.h gcrypt_hasher.c libstrongswan_gcrypt_la_LDFLAGS = -module -avoid-version -libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS) +libstrongswan_gcrypt_la_LIBADD = -lgcrypt all: all-am .SUFFIXES: @@ -252,9 +280,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -272,23 +300,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -318,21 +351,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -355,7 +388,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -363,29 +396,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -406,13 +444,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -443,6 +485,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -464,6 +507,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -472,18 +517,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -522,6 +577,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c index f82d23185..1eee6226d 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,17 +25,17 @@ typedef struct private_gcrypt_crypter_t private_gcrypt_crypter_t; * Private data of gcrypt_crypter_t */ struct private_gcrypt_crypter_t { - + /** * Public part of this class. */ gcrypt_crypter_t public; - + /** * gcrypt cipher handle */ gcry_cipher_hd_t h; - + /** * gcrypt algorithm identifier */ @@ -49,7 +49,7 @@ static void decrypt(private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { gcry_cipher_setiv(this->h, iv.ptr, iv.len); - + if (dst) { *dst = chunk_alloc(data.len); @@ -68,7 +68,7 @@ static void encrypt(private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) { gcry_cipher_setiv(this->h, iv.ptr, iv.len); - + if (dst) { *dst = chunk_alloc(data.len); @@ -86,7 +86,7 @@ static void encrypt(private_gcrypt_crypter_t *this, chunk_t data, static size_t get_block_size(private_gcrypt_crypter_t *this) { size_t len = 0; - + gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len); return len; } @@ -97,7 +97,7 @@ static size_t get_block_size(private_gcrypt_crypter_t *this) static size_t get_key_size(private_gcrypt_crypter_t *this) { size_t len = 0; - + gcry_cipher_algo_info(this->alg, GCRYCTL_GET_KEYLEN, NULL, &len); return len; } @@ -129,7 +129,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, int gcrypt_alg; int mode = GCRY_CIPHER_MODE_CBC; gcry_error_t err; - + switch (algo) { case ENCR_DES: @@ -227,9 +227,9 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, default: return NULL; } - + this = malloc_thing(private_gcrypt_crypter_t); - + this->alg = gcrypt_alg; err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0); if (err) @@ -239,14 +239,14 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo, free(this); return NULL; } - + this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *))encrypt; this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *))decrypt; this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *))get_block_size; this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *))get_key_size; this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t))set_key; this->public.crypter_interface.destroy = (void (*) (crypter_t *))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h index c5a5e6723..ce0ead4a8 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h @@ -29,7 +29,7 @@ typedef struct gcrypt_crypter_t gcrypt_crypter_t; * Implementation of crypters using gcrypt. */ struct gcrypt_crypter_t { - + /** * The crypter_t interface. */ @@ -38,7 +38,7 @@ struct gcrypt_crypter_t { /** * Constructor to create gcrypt_crypter_t. - * + * * @param algo algorithm to implement * @param key_size key size in bytes * @return gcrypt_crypter_t, NULL if not supported diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index 89d9f2348..59c82f1e7 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -278,7 +278,7 @@ static u_int8_t group18_modulus[] = { typedef struct modulus_entry_t modulus_entry_t; -/** +/** * Entry of the modulus list. */ struct modulus_entry_t { @@ -312,7 +312,7 @@ static modulus_entry_t modulus_entries[] = { static modulus_entry_t *find_entry(diffie_hellman_group_t group) { int i; - + for (i = 0; i < countof(modulus_entries); i++) { if (modulus_entries[i].group == group) @@ -329,47 +329,47 @@ typedef struct private_gcrypt_dh_t private_gcrypt_dh_t; * Private data of an gcrypt_dh_t object. */ struct private_gcrypt_dh_t { - + /** * Public gcrypt_dh_t interface */ gcrypt_dh_t public; - + /** * Diffie Hellman group number */ u_int16_t group; - - /* + + /* * Generator value - */ + */ gcry_mpi_t g; - + /** * Own private value */ gcry_mpi_t xa; - + /** * Own public value */ gcry_mpi_t ya; - + /** * Other public value */ gcry_mpi_t yb; - + /** * Shared secret */ gcry_mpi_t zz; - + /** * Modulus */ gcry_mpi_t p; - + /** * Modulus length. */ @@ -383,7 +383,7 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value) { gcry_mpi_t p_min_1; gcry_error_t err; - + if (this->yb) { gcry_mpi_release(this->yb); @@ -395,11 +395,11 @@ static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value) DBG1("importing mpi yb failed: %s", gpg_strerror(err)); return; } - + p_min_1 = gcry_mpi_new(this->p_len * 8); gcry_mpi_sub_ui(p_min_1, this->p, 1); - - /* check public value: + + /* check public value: * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1 * 2. a public value larger or equal the modulus is invalid */ if (gcry_mpi_cmp_ui(this->yb, 1) > 0 && @@ -425,7 +425,7 @@ static chunk_t export_mpi(gcry_mpi_t value, size_t len) { chunk_t chunk; size_t written; - + chunk = chunk_alloc(len); gcry_mpi_print(GCRYMPI_FMT_USG, chunk.ptr, chunk.len, &written, value); if (written < len) @@ -490,21 +490,21 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) chunk_t random; rng_t *rng; size_t len; - + entry = find_entry(group); if (!entry) { return NULL; } - + this = malloc_thing(private_gcrypt_dh_t); - + this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; - + this->group = group; this->p_len = entry->modulus.len; err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG, @@ -524,7 +524,7 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) { len = entry->opt_len; } - + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (rng) { /* prefer external randomizer */ @@ -551,14 +551,14 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group) /* achieve bitsof(p)-1 by setting MSB to 0 */ gcry_mpi_clear_bit(this->xa, len * 8 - 1); } - + this->g = gcry_mpi_set_ui(NULL, entry->g); this->ya = gcry_mpi_new(this->p_len * 8); this->yb = NULL; this->zz = NULL; - + gcry_mpi_powm(this->ya, this->g, this->xa, this->p); - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h index dbef96ca7..95b68dcd0 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h @@ -29,7 +29,7 @@ typedef struct gcrypt_dh_t gcrypt_dh_t; * Implementation of the Diffie-Hellman algorithm using libgcrypt mpi. */ struct gcrypt_dh_t { - + /** * Implements diffie_hellman_t interface. */ @@ -38,7 +38,7 @@ struct gcrypt_dh_t { /** * Creates a new gcrypt_dh_t object. - * + * * @param group Diffie Hellman group number to use * @return gcrypt_dh_t object, NULL if not supported */ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index 41e17c897..d12fe11d5 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,12 +25,12 @@ typedef struct private_gcrypt_hasher_t private_gcrypt_hasher_t; * Private data of gcrypt_hasher_t */ struct private_gcrypt_hasher_t { - + /** * Public part of this class. */ gcrypt_hasher_t public; - + /** * gcrypt hasher context */ @@ -101,7 +101,7 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) private_gcrypt_hasher_t *this; int gcrypt_alg; gcry_error_t err; - + switch (algo) { case HASH_MD2: @@ -131,9 +131,9 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) default: return NULL; } - + this = malloc_thing(private_gcrypt_hasher_t); - + err = gcry_md_open(&this->hd, gcrypt_alg, 0); if (err) { @@ -142,13 +142,13 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo) free(this); return NULL; } - + this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h index 6f724fba8..708ccaafb 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h @@ -29,7 +29,7 @@ typedef struct gcrypt_hasher_t gcrypt_hasher_t; * Implementation of hashers using libgcrypt. */ struct gcrypt_hasher_t { - + /** * The hasher_t interface. */ @@ -38,7 +38,7 @@ struct gcrypt_hasher_t { /** * Constructor to create gcrypt_hasher_t. - * + * * @param algo algorithm * @return gcrypt_hasher_t, NULL if not supported */ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index 939e0886c..8c9ea893b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -24,7 +24,7 @@ #include <library.h> #include <debug.h> -#include <utils/mutex.h> +#include <threading/mutex.h> #include <errno.h> #include <gcrypt.h> @@ -57,7 +57,7 @@ static int mutex_init(void **lock) static int mutex_destroy(void **lock) { mutex_t *mutex = *lock; - + mutex->destroy(mutex); return 0; } @@ -68,7 +68,7 @@ static int mutex_destroy(void **lock) static int mutex_lock(void **lock) { mutex_t *mutex = *lock; - + mutex->lock(mutex); return 0; } @@ -79,7 +79,7 @@ static int mutex_lock(void **lock) static int mutex_unlock(void **lock) { mutex_t *mutex = *lock; - + mutex->unlock(mutex); return 0; } @@ -107,9 +107,11 @@ static void destroy(private_gcrypt_plugin_t *this) lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)gcrypt_dh_create); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gcrypt_rsa_private_key_builder); + (builder_function_t)gcrypt_rsa_private_key_gen); + lib->creds->remove_builder(lib->creds, + (builder_function_t)gcrypt_rsa_private_key_load); lib->creds->remove_builder(lib->creds, - (builder_constructor_t)gcrypt_rsa_public_key_builder); + (builder_function_t)gcrypt_rsa_public_key_load); free(this); } @@ -119,15 +121,15 @@ static void destroy(private_gcrypt_plugin_t *this) plugin_t *plugin_create() { private_gcrypt_plugin_t *this; - + gcry_control(GCRYCTL_SET_THREAD_CBS, &thread_functions); - + if (!gcry_check_version(GCRYPT_VERSION)) { DBG1("libgcrypt version mismatch"); return NULL; } - + /* we currently do not use secure memory */ gcry_control(GCRYCTL_DISABLE_SECMEM, 0); if (lib->settings->get_bool(lib->settings, @@ -136,11 +138,11 @@ plugin_t *plugin_create() gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); } gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); - + this = malloc_thing(private_gcrypt_plugin_t); - + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - + /* hashers */ lib->crypto->add_hasher(lib->crypto, HASH_SHA1, (hasher_constructor_t)gcrypt_hasher_create); @@ -156,7 +158,7 @@ plugin_t *plugin_create() (hasher_constructor_t)gcrypt_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, (hasher_constructor_t)gcrypt_hasher_create); - + /* crypters */ lib->crypto->add_crypter(lib->crypto, ENCR_3DES, (crypter_constructor_t)gcrypt_crypter_create); @@ -176,39 +178,41 @@ plugin_t *plugin_create() (crypter_constructor_t)gcrypt_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, (crypter_constructor_t)gcrypt_crypter_create); - + /* random numbers */ - lib->crypto->add_rng(lib->crypto, RNG_WEAK, + lib->crypto->add_rng(lib->crypto, RNG_WEAK, (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, + lib->crypto->add_rng(lib->crypto, RNG_STRONG, (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, + lib->crypto->add_rng(lib->crypto, RNG_TRUE, (rng_constructor_t)gcrypt_rng_create); - + /* diffie hellman groups, using modp */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gcrypt_dh_create); - + /* RSA */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, - (builder_constructor_t)gcrypt_rsa_private_key_builder); + (builder_function_t)gcrypt_rsa_private_key_gen); + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + (builder_function_t)gcrypt_rsa_private_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, - (builder_constructor_t)gcrypt_rsa_public_key_builder); - + (builder_function_t)gcrypt_rsa_public_key_load); + return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c index 64b4eb8d0..d0d252572 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c @@ -28,7 +28,7 @@ struct private_gcrypt_rng_t { * Public gcrypt_rng_t interface. */ gcrypt_rng_t public; - + /** * RNG quality of this instance */ @@ -79,7 +79,7 @@ static void destroy(private_gcrypt_rng_t *this) gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality) { private_gcrypt_rng_t *this; - + switch (quality) { case RNG_WEAK: @@ -89,15 +89,15 @@ gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality) default: return NULL; } - + this = malloc_thing(private_gcrypt_rng_t); - + this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; this->public.rng.destroy = (void (*) (rng_t *))destroy; - + this->quality = quality; - + return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h index 3cfde8447..a0cc12369 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + /** * @defgroup gcrypt_rng gcrypt_rng * @{ @ingroup gcrypt_p @@ -29,7 +29,7 @@ typedef struct gcrypt_rng_t gcrypt_rng_t; * rng_t implementation using libgcrypt. */ struct gcrypt_rng_t { - + /** * Implements rng_t. */ @@ -38,7 +38,7 @@ struct gcrypt_rng_t { /** * Creates an gcrypt_rng_t instance. - * + * * @param quality required quality of gcryptness * @return created gcrypt_rng_t */ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index e0e8015db..cd156961e 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -28,27 +28,17 @@ typedef struct private_gcrypt_rsa_private_key_t private_gcrypt_rsa_private_key_t * Private data of a gcrypt_rsa_private_key_t object. */ struct private_gcrypt_rsa_private_key_t { - + /** * Public interface */ gcrypt_rsa_private_key_t public; - + /** * gcrypt S-expression representing an RSA key */ gcry_sexp_t key; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - + /** * reference count */ @@ -56,11 +46,6 @@ struct private_gcrypt_rsa_private_key_t { }; /** - * Implemented in gcrypt_rsa_public_key.c - */ -public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key); - -/** * find a token in a S-expression. If a key is given, its length is used to * pad the output to a given length. */ @@ -69,7 +54,7 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key) gcry_sexp_t token; chunk_t data = chunk_empty, tmp; size_t len = 0; - + token = gcry_sexp_find_token(sexp, name, 1); if (token) { @@ -123,7 +108,7 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this, gcry_error_t err; chunk_t em; size_t k; - + /* EM = 0x00 || 0x01 || PS || 0x00 || T * PS = 0xFF padding, with length to fill em * T = data @@ -139,7 +124,7 @@ static bool sign_raw(private_gcrypt_rsa_private_key_t *this, em.ptr[1] = 0x01; em.ptr[em.len - data.len - 1] = 0x00; memcpy(em.ptr + em.len - data.len, data.ptr, data.len); - + err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))", em.len, em.ptr); chunk_free(&em); @@ -172,7 +157,7 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, gcry_error_t err; gcry_sexp_t in, out; int hash_oid; - + hash_oid = hasher_algorithm_to_oid(hash_algorithm); if (hash_oid == OID_UNKNOWN) { @@ -185,7 +170,7 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this, } hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); - + err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", hash_name, hash.len, hash.ptr); chunk_free(&hash); @@ -217,7 +202,7 @@ static key_type_t get_type(private_gcrypt_rsa_private_key_t *this) /** * Implementation of gcrypt_rsa_private_key.destroy. */ -static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, +static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *sig) { switch (scheme) @@ -253,7 +238,7 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this, gcry_sexp_t in, out; chunk_t padded; u_char *pos = NULL;; - + err = gcry_sexp_build(&in, NULL, "(enc-val(flags)(rsa(a %b)))", encrypted.len, encrypted.ptr); if (err) @@ -299,97 +284,40 @@ static size_t get_keysize(private_gcrypt_rsa_private_key_t *this) } /** - * Implementation of gcrypt_rsa_private_key.destroy. - */ -static identification_t* get_id(private_gcrypt_rsa_private_key_t *this, - id_type_t type) -{ - switch (type) - { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; - } -} - -/** * Implementation of gcrypt_rsa_private_key.get_public_key. */ static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this) { - return gcrypt_rsa_public_key_create_from_sexp(this->key); -} + chunk_t n, e; + public_key_t *public; -/** - * Implementation of gcrypt_rsa_private_key.equals. - */ -static bool equals(private_gcrypt_rsa_private_key_t *this, private_key_t *other) -{ - identification_t *keyid; + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; -} + public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END); + chunk_free(&n); + chunk_free(&e); -/** - * Implementation of gcrypt_rsa_private_key.belongs_to. - */ -static bool belongs_to(private_gcrypt_rsa_private_key_t *this, - public_key_t *public) -{ - identification_t *keyid; - - if (public->get_type(public) != KEY_RSA) - { - return FALSE; - } - keyid = public->get_id(public, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return public; } /** - * Implementation of private_key_t.get_encoding. + * Implementation of private_key_t.get_encoding */ -static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this) +static bool get_encoding(private_gcrypt_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - chunk_t cp, cq, cd, cexp1 = chunk_empty, cexp2 = chunk_empty; + chunk_t cn, ce, cp, cq, cd, cu, cexp1 = chunk_empty, cexp2 = chunk_empty; gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2; gcry_error_t err; - + bool success; + /* p and q are swapped, gcrypt expects p < q */ cp = gcrypt_rsa_find_token(this->key, "q", NULL); cq = gcrypt_rsa_find_token(this->key, "p", NULL); cd = gcrypt_rsa_find_token(this->key, "d", NULL); - + err = gcry_mpi_scan(&p, GCRYMPI_FMT_USG, cp.ptr, cp.len, NULL) | gcry_mpi_scan(&q, GCRYMPI_FMT_USG, cq.ptr, cq.len, NULL) | gcry_mpi_scan(&d, GCRYMPI_FMT_USG, cd.ptr, cd.len, NULL); @@ -402,26 +330,26 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this) chunk_clear(&cq); chunk_clear(&cd); DBG1("scanning mpi for export failed: %s", gpg_strerror(err)); - return chunk_empty; + return FALSE; } - + gcry_mpi_sub_ui(p, p, 1); exp1 = gcry_mpi_new(gcry_pk_get_nbits(this->key)); gcry_mpi_mod(exp1, d, p); gcry_mpi_release(p); - + gcry_mpi_sub_ui(q, q, 1); exp2 = gcry_mpi_new(gcry_pk_get_nbits(this->key)); gcry_mpi_mod(exp1, d, q); gcry_mpi_release(q); - + err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp1.ptr, &cexp1.len, exp1) | gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp2.ptr, &cexp2.len, exp2); - + gcry_mpi_release(d); gcry_mpi_release(exp1); gcry_mpi_release(exp2); - + if (err) { DBG1("printing mpi for export failed: %s", gpg_strerror(err)); @@ -430,18 +358,53 @@ static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this) chunk_clear(&cd); chunk_clear(&cexp1); chunk_clear(&cexp2); - return chunk_empty; + return FALSE; + } + + cn = gcrypt_rsa_find_token(this->key, "n", NULL); + ce = gcrypt_rsa_find_token(this->key, "e", NULL); + cu = gcrypt_rsa_find_token(this->key, "u", NULL); + + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + KEY_PART_RSA_MODULUS, cn, + KEY_PART_RSA_PUB_EXP, ce, KEY_PART_RSA_PRIV_EXP, cd, + KEY_PART_RSA_PRIME1, cp, KEY_PART_RSA_PRIME2, cq, + KEY_PART_RSA_EXP1, cexp1, KEY_PART_RSA_EXP2, cexp2, + KEY_PART_RSA_COEFF, cu, KEY_PART_END); + chunk_free(&cn); + chunk_free(&ce); + chunk_clear(&cd); + chunk_clear(&cp); + chunk_clear(&cq); + chunk_clear(&cexp1); + chunk_clear(&cexp2); + chunk_clear(&cu); + + return success; +} + +/** + * Implementation of private_key_t.get_fingerprint + */ +static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this, + key_encoding_type_t type, chunk_t *fp) +{ + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) + { + return TRUE; } - - return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", ASN1_INTEGER_0, - asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)), - asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL)), - asn1_integer("m", cd), - asn1_integer("m", cp), - asn1_integer("m", cq), - asn1_integer("m", cexp1), - asn1_integer("m", cexp2), - asn1_integer("m", gcrypt_rsa_find_token(this->key, "u", NULL))); + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); + + success = lib->encoding->encode(lib->encoding, + type, this, fp, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + return success; } /** @@ -460,9 +423,8 @@ static void destroy(private_gcrypt_rsa_private_key_t *this) { if (ref_put(&this->ref)) { - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); gcry_sexp_release(this->key); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } @@ -473,192 +435,121 @@ static void destroy(private_gcrypt_rsa_private_key_t *this) static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty() { private_gcrypt_rsa_private_key_t *this = malloc_thing(private_gcrypt_rsa_private_key_t); - + this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id; this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; - this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to; - this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding; + this->public.interface.equals = private_key_equals; + this->public.interface.belongs_to = private_key_belongs_to; + this->public.interface.get_fingerprint = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(private_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; this->public.interface.destroy = (void (*)(private_key_t *this))destroy; - + this->key = NULL; - this->keyid = NULL; - this->keyid_info = NULL; this->ref = 1; - + return this; } /** - * build the keyids of a private/public key + * See header. */ -bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid, - identification_t **keyid_info) +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, + va_list args) { - chunk_t publicKeyInfo, publicKey, hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher) + private_gcrypt_rsa_private_key_t *this; + gcry_sexp_t param; + gcry_error_t err; + u_int key_size = 0; + + while (TRUE) { - DBG1("SHA1 hash algorithm not supported, unable to use RSA"); - return FALSE; + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + if (!key_size) + { + return NULL; } - publicKey = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("m", gcrypt_rsa_find_token(key, "n", NULL)), - asn1_integer("m", gcrypt_rsa_find_token(key, "e", NULL))); - hasher->allocate_hash(hasher, publicKey, &hash); - *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash); - chunk_free(&hash); - - publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), - asn1_bitstring("m", publicKey)); - hasher->allocate_hash(hasher, publicKeyInfo, &hash); - *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash); - chunk_free(&hash); - - hasher->destroy(hasher); - chunk_free(&publicKeyInfo); - - return TRUE; -} -/** - * Generate an RSA key of specified key size - */ -static gcrypt_rsa_private_key_t *generate(size_t key_size) -{ - private_gcrypt_rsa_private_key_t *this; - gcry_sexp_t param, key; - gcry_error_t err; - err = gcry_sexp_build(¶m, NULL, "(genkey(rsa(nbits %d)))", key_size); if (err) { DBG1("building S-expression failed: %s", gpg_strerror(err)); return NULL; } - - err = gcry_pk_genkey(&key, param); + this = gcrypt_rsa_private_key_create_empty(); + err = gcry_pk_genkey(&this->key, param); gcry_sexp_release(param); if (err) { + free(this); DBG1("generating RSA key failed: %s", gpg_strerror(err)); return NULL; } - this = gcrypt_rsa_private_key_create_empty(); - this->key = key; - - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; } /** - * ASN.1 definition of a PKCS#1 RSA private key - */ -static const asn1Object_t privkeyObjects[] = { - { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */ - { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */ - { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */ - { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */ - { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */ - { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */ - { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */ - { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT | - ASN1_LOOP }, /* 10 */ - { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */ - { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */ - { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */ - { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */ - { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PRIV_KEY_VERSION 1 -#define PRIV_KEY_MODULUS 2 -#define PRIV_KEY_PUB_EXP 3 -#define PRIV_KEY_PRIV_EXP 4 -#define PRIV_KEY_PRIME1 5 -#define PRIV_KEY_PRIME2 6 -#define PRIV_KEY_EXP1 7 -#define PRIV_KEY_EXP2 8 -#define PRIV_KEY_COEFF 9 - -/** - * load private key from a ASN1 encoded blob + * See header. */ -static gcrypt_rsa_private_key_t *load(chunk_t blob) +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, + va_list args) { private_gcrypt_rsa_private_key_t *this; - asn1_parser_t *parser; - chunk_t object; - int objectID ; - bool success = FALSE; - chunk_t n, e, d, u, p, q; + chunk_t n, e, d, p, q, exp, u; gcry_error_t err; - - n = e = d = u = p = q = chunk_empty; - - parser = asn1_parser_create(privkeyObjects, blob); - parser->set_flags(parser, FALSE, TRUE); - - while (parser->iterate(parser, &objectID, &object)) + + n = e = d = p = q = u = chunk_empty; + while (TRUE) { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PRIV_KEY_VERSION: - if (object.len > 0 && *object.ptr != 0) - { - goto end; - } - break; - case PRIV_KEY_MODULUS: - n = object; - break; - case PRIV_KEY_PUB_EXP: - e = object; - break; - case PRIV_KEY_PRIV_EXP: - d = object; - break; - case PRIV_KEY_PRIME1: - /* p and q are swapped, as gcrypt expects p < q */ - q = object; - break; - case PRIV_KEY_PRIME2: - p = object; - break; - case PRIV_KEY_EXP1: - case PRIV_KEY_EXP2: - break; - case PRIV_KEY_COEFF: - u = object; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIV_EXP: + d = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME1: + /* swap p and q, gcrypt expects p < q */ + q = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME2: + p = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP1: + case BUILD_RSA_EXP2: + /* not required for gcrypt */ + exp = va_arg(args, chunk_t); + continue; + case BUILD_RSA_COEFF: + u = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); - -end: - parser->destroy(parser); - - if (!success) - { - return NULL; - } - + this = gcrypt_rsa_private_key_create_empty(); err = gcry_sexp_build(&this->key, NULL, "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))", @@ -677,91 +568,6 @@ end: destroy(this); return NULL; } - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -typedef struct private_builder_t private_builder_t; - -/** - * Builder implementation for key loading/generation - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded/generated private key */ - gcrypt_rsa_private_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gcrypt_rsa_private_key_t *build(private_builder_t *this) -{ - gcrypt_rsa_private_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - this->key = load(va_arg(args, chunk_t)); - va_end(args); - return; - } - case BUILD_KEY_SIZE: - { - va_start(args, part); - this->key = generate(va_arg(args, u_int)); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_gcrypt_rsa_private_key_t*)this->key); - } - builder_cancel(&this->public); -} - -/** - * Builder construction function - */ -builder_t *gcrypt_rsa_private_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h index 2edd7ce5d..4c3605f4b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h @@ -21,6 +21,7 @@ #ifndef GCRYPT_RSA_PRIVATE_KEY_H_ #define GCRYPT_RSA_PRIVATE_KEY_H_ +#include <credentials/builder.h> #include <credentials/keys/private_key.h> typedef struct gcrypt_rsa_private_key_t gcrypt_rsa_private_key_t; @@ -29,7 +30,7 @@ typedef struct gcrypt_rsa_private_key_t gcrypt_rsa_private_key_t; * Private_key_t implementation of RSA algorithm using libgcrypt. */ struct gcrypt_rsa_private_key_t { - + /** * Implements private_key_t interface */ @@ -37,11 +38,27 @@ struct gcrypt_rsa_private_key_t { }; /** - * Create the builder for a private key. + * Generate a private key using gcrypt. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type, + va_list args); + +/** + * Load a gcrypt RSA private keys. + * + * Accepts BUILD_RSA_* components. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *gcrypt_rsa_private_key_builder(key_type_t type); +gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, + va_list args); #endif /** GCRYPT_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c index 4d9c88c6d..e083fac94 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c @@ -12,7 +12,7 @@ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ - + #include <gcrypt.h> #include "gcrypt_rsa_public_key.h" @@ -21,7 +21,6 @@ #include <asn1/oid.h> #include <asn1/asn1.h> #include <asn1/asn1_parser.h> -#include <asn1/pem.h> #include <crypto/hashers/hasher.h> typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t; @@ -30,27 +29,17 @@ typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t; * Private data structure with signing context. */ struct private_gcrypt_rsa_public_key_t { - + /** * Public interface for this signer. */ gcrypt_rsa_public_key_t public; - + /** * gcrypt S-expression representing an public RSA key */ gcry_sexp_t key; - - /** - * Keyid formed as a SHA-1 hash of a publicKey object - */ - identification_t* keyid; - - /** - * Keyid formed as a SHA-1 hash of a publicKeyInfo object - */ - identification_t* keyid_info; - + /** * reference counter */ @@ -61,8 +50,6 @@ struct private_gcrypt_rsa_public_key_t { * Implemented in gcrypt_rsa_private_key.c */ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key); -bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid, - identification_t **keyid_info); /** * verification of a padded PKCS1 signature without an OID @@ -74,7 +61,7 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this, gcry_error_t err; chunk_t em; size_t k; - + /* EM = 0x00 || 0x01 || PS || 0x00 || T * PS = 0xFF padding, with length to fill em * T = data @@ -90,7 +77,7 @@ static bool verify_raw(private_gcrypt_rsa_public_key_t *this, em.ptr[1] = 0x01; em.ptr[em.len - data.len - 1] = 0x00; memcpy(em.ptr + em.len - data.len, data.ptr, data.len); - + err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))", em.len, em.ptr); chunk_free(&em); @@ -129,7 +116,7 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, chunk_t hash; gcry_error_t err; gcry_sexp_t in, sig; - + hasher = lib->crypto->create_hasher(lib->crypto, algorithm); if (!hasher) { @@ -137,7 +124,7 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, } hasher->allocate_hash(hasher, data, &hash); hasher->destroy(hasher); - + err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))", hash_name, hash.len, hash.ptr); chunk_free(&hash); @@ -146,7 +133,7 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this, DBG1("building data S-expression failed: %s", gpg_strerror(err)); return FALSE; } - + err = gcry_sexp_build(&sig, NULL, "(sig-val(rsa(s %b)))", signature.len, signature.ptr); if (err) @@ -211,7 +198,7 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain, { gcry_sexp_t in, out; gcry_error_t err; - + /* "pkcs1" uses PKCS 1.5 (section 8.1) block type 2 encryption: * 00 | 02 | RANDOM | 00 | DATA */ err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(value %b))", @@ -234,66 +221,55 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain, } /** - * Implementation of gcrypt_rsa_public_key.equals. + * Implementation of public_key_t.get_keysize. */ -static bool equals(private_gcrypt_rsa_public_key_t *this, public_key_t *other) +static size_t get_keysize(private_gcrypt_rsa_public_key_t *this) { - identification_t *keyid; - - if (&this->public.interface == other) - { - return TRUE; - } - if (other->get_type(other) != KEY_RSA) - { - return FALSE; - } - keyid = other->get_id(other, ID_PUBKEY_SHA1); - if (keyid && keyid->equals(keyid, this->keyid)) - { - return TRUE; - } - keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); - if (keyid && keyid->equals(keyid, this->keyid_info)) - { - return TRUE; - } - return FALSE; + return gcry_pk_get_nbits(this->key) / 8; } /** - * Implementation of public_key_t.get_keysize. + * Implementation of private_key_t.get_encoding */ -static size_t get_keysize(private_gcrypt_rsa_public_key_t *this) +static bool get_encoding(private_gcrypt_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *encoding) { - return gcry_pk_get_nbits(this->key) / 8; + chunk_t n, e; + bool success; + + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + KEY_PART_RSA_MODULUS, n, KEY_PART_RSA_PUB_EXP, e, + KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + + return success; } /** - * Implementation of public_key_t.get_id. + * Implementation of private_key_t.get_fingerprint */ -static identification_t *get_id(private_gcrypt_rsa_public_key_t *this, - id_type_t type) +static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this, + key_encoding_type_t type, chunk_t *fp) { - switch (type) + chunk_t n, e; + bool success; + + if (lib->encoding->get_cache(lib->encoding, type, this, fp)) { - case ID_PUBKEY_INFO_SHA1: - return this->keyid_info; - case ID_PUBKEY_SHA1: - return this->keyid; - default: - return NULL; + return TRUE; } -} + n = gcrypt_rsa_find_token(this->key, "n", NULL); + e = gcrypt_rsa_find_token(this->key, "e", NULL); -/* - * Implementation of public_key_t.get_encoding. - */ -static chunk_t get_encoding(private_gcrypt_rsa_public_key_t *this) -{ - return asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("m", gcrypt_rsa_find_token(this->key, "n", NULL)), - asn1_integer("m", gcrypt_rsa_find_token(this->key, "e", NULL))); + success = lib->encoding->encode(lib->encoding, + type, this, fp, KEY_PART_RSA_MODULUS, n, + KEY_PART_RSA_PUB_EXP, e, KEY_PART_END); + chunk_free(&n); + chunk_free(&e); + return success; } /** @@ -312,118 +288,57 @@ static void destroy(private_gcrypt_rsa_public_key_t *this) { if (ref_put(&this->ref)) { - DESTROY_IF(this->keyid); - DESTROY_IF(this->keyid_info); gcry_sexp_release(this->key); + lib->encoding->clear_cache(lib->encoding, this); free(this); } } /** - * Generic private constructor - */ -static private_gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_create_empty() -{ - private_gcrypt_rsa_public_key_t *this = malloc_thing(private_gcrypt_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; - this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; - this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; - this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id; - this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding; - this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(public_key_t *this))destroy; - - this->key = NULL; - this->keyid = NULL; - this->keyid_info = NULL; - this->ref = 1; - - return this; -} - -/** - * Create a public key from a S-expression, used in gcrypt_rsa_private_key + * See header. */ -public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key) +gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type, + va_list args) { private_gcrypt_rsa_public_key_t *this; gcry_error_t err; chunk_t n, e; - - this = gcrypt_rsa_public_key_create_empty(); - n = gcrypt_rsa_find_token(key, "n", NULL); - e = gcrypt_rsa_find_token(key, "e", NULL); - - err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))", - n.len, n.ptr, e.len, e.ptr); - chunk_free(&n); - chunk_free(&e); - if (err) - { - DBG1("loading public key failed: %s", gpg_strerror(err)); - free(this); - return NULL; - } - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public.interface; -} -/** - * ASN.1 definition of RSApublicKey - */ -static const asn1Object_t pubkeyObjects[] = { - { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */ - { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define PUB_KEY_RSA_PUBLIC_KEY 0 -#define PUB_KEY_MODULUS 1 -#define PUB_KEY_EXPONENT 2 - -/** - * Load a public key from an ASN1 encoded blob - */ -static gcrypt_rsa_public_key_t *load(chunk_t blob) -{ - private_gcrypt_rsa_public_key_t *this; - asn1_parser_t *parser; - chunk_t object, n, e; - int objectID; - bool success = FALSE; - gcry_error_t err; - n = e = chunk_empty; - - parser = asn1_parser_create(pubkeyObjects, blob); - while (parser->iterate(parser, &objectID, &object)) + while (TRUE) { - switch (objectID) + switch (va_arg(args, builder_part_t)) { - case PUB_KEY_MODULUS: - n = object; - break; - case PUB_KEY_EXPONENT: - e = object; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: break; + default: + return NULL; } + break; } - success = parser->success(parser); - parser->destroy(parser); - - if (!success) - { - return NULL; - } - - this = gcrypt_rsa_public_key_create_empty(); + + this = malloc_thing(private_gcrypt_rsa_public_key_t); + + this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type; + this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify; + this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_; + this->public.interface.equals = public_key_equals; + this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize; + this->public.interface.get_fingerprint = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *fp))get_fingerprint; + this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; + this->public.interface.get_encoding = (bool(*)(public_key_t*, key_encoding_type_t type, chunk_t *encoding))get_encoding; + this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref; + this->public.interface.destroy = (void (*)(public_key_t *this))destroy; + + this->key = NULL; + this->ref = 1; + err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))", n.len, n.ptr, e.len, e.ptr); if (err) @@ -432,83 +347,7 @@ static gcrypt_rsa_public_key_t *load(chunk_t blob) free(this); return NULL; } - if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info)) - { - destroy(this); - return NULL; - } - return &this->public; -} - -typedef struct private_builder_t private_builder_t; -/** - * Builder implementation for key loading - */ -struct private_builder_t { - /** implements the builder interface */ - builder_t public; - /** loaded public key */ - gcrypt_rsa_public_key_t *key; -}; - -/** - * Implementation of builder_t.build - */ -static gcrypt_rsa_public_key_t *build(private_builder_t *this) -{ - gcrypt_rsa_public_key_t *key = this->key; - - free(this); - return key; -} - -/** - * Implementation of builder_t.add - */ -static void add(private_builder_t *this, builder_part_t part, ...) -{ - if (!this->key) - { - va_list args; - - switch (part) - { - case BUILD_BLOB_ASN1_DER: - { - va_start(args, part); - this->key = load(va_arg(args, chunk_t)); - va_end(args); - return; - } - default: - break; - } - } - if (this->key) - { - destroy((private_gcrypt_rsa_public_key_t*)this->key); - } - builder_cancel(&this->public); -} -/** - * Builder construction function - */ -builder_t *gcrypt_rsa_public_key_builder(key_type_t type) -{ - private_builder_t *this; - - if (type != KEY_RSA) - { - return NULL; - } - - this = malloc_thing(private_builder_t); - - this->key = NULL; - this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add; - this->public.build = (void*(*)(builder_t *this))build; - return &this->public; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h index 102547276..fa18c357b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h @@ -21,10 +21,11 @@ #ifndef GCRYPT_RSA_PUBLIC_KEY_H_ #define GCRYPT_RSA_PUBLIC_KEY_H_ -typedef struct gcrypt_rsa_public_key_t gcrypt_rsa_public_key_t; - +#include <credentials/builder.h> #include <credentials/keys/public_key.h> +typedef struct gcrypt_rsa_public_key_t gcrypt_rsa_public_key_t; + /** * public_key_t implementation of RSA algorithm using libgcrypt. */ @@ -37,11 +38,15 @@ struct gcrypt_rsa_public_key_t { }; /** - * Create the builder for a public key. + * Load a RSA public key using gcrypt. + * + * Accepts BUILD_RSA_* components. * * @param type type of the key, must be KEY_RSA - * @return builder instance + * @param args builder_part_t argument list + * @return loaded key, NULL on failure */ -builder_t *gcrypt_rsa_public_key_builder(key_type_t type); +gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type, + va_list args); #endif /** GCRYPT_RSA_PUBLIC_KEY_H_ @}*/ |