diff options
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c | 167 |
1 files changed, 102 insertions, 65 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 9730e0ab2..c5d4142da 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -11,8 +11,6 @@ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. - * - * $Id: openssl_rsa_private_key.c 4745 2008-12-03 10:12:20Z tobias $ */ #include "openssl_rsa_private_key.h" @@ -80,65 +78,75 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGN * Build an EMPSA PKCS1 signature described in PKCS#1 */ static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this, - int type, chunk_t data, chunk_t *out) + int type, chunk_t data, chunk_t *sig) { bool success = FALSE; - u_char *sig = NULL; - u_int len; - const EVP_MD *hasher = EVP_get_digestbynid(type); - if (!hasher) - { - return FALSE; - } - - EVP_MD_CTX *ctx = EVP_MD_CTX_create(); - EVP_PKEY *key = EVP_PKEY_new(); - if (!ctx || !key) - { - goto error; - } - - if (!EVP_PKEY_set1_RSA(key, this->rsa)) - { - goto error; - } - - if (!EVP_SignInit_ex(ctx, hasher, NULL)) - { - goto error; - } - - if (!EVP_SignUpdate(ctx, data.ptr, data.len)) - { - goto error; - } - - sig = malloc(EVP_PKEY_size(key)); - if (EVP_SignFinal(ctx, sig, &len, key)) + + *sig = chunk_alloc(RSA_size(this->rsa)); + + if (type == NID_undef) { - out->ptr = sig; - out->len = len; - success = TRUE; + if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa, + RSA_PKCS1_PADDING) == sig->len) + { + success = TRUE; + } } else { - free(sig); - } + EVP_MD_CTX *ctx; + EVP_PKEY *key; + const EVP_MD *hasher; + u_int len; + + hasher = EVP_get_digestbynid(type); + if (!hasher) + { + return FALSE; + } + + ctx = EVP_MD_CTX_create(); + key = EVP_PKEY_new(); + if (!ctx || !key) + { + goto error; + } + if (!EVP_PKEY_set1_RSA(key, this->rsa)) + { + goto error; + } + if (!EVP_SignInit_ex(ctx, hasher, NULL)) + { + goto error; + } + if (!EVP_SignUpdate(ctx, data.ptr, data.len)) + { + goto error; + } + if (EVP_SignFinal(ctx, sig->ptr, &len, key)) + { + success = TRUE; + } error: - if (key) - { - EVP_PKEY_free(key); + if (key) + { + EVP_PKEY_free(key); + } + if (ctx) + { + EVP_MD_CTX_destroy(ctx); + } } - if (ctx) + if (!success) { - EVP_MD_CTX_destroy(ctx); + free(sig->ptr); } return success; } /** - * Implementation of openssl_rsa_private_key.destroy. + * Implementation of openssl_rsa_private_key.get_type. */ static key_type_t get_type(private_openssl_rsa_private_key_t *this) { @@ -146,15 +154,15 @@ static key_type_t get_type(private_openssl_rsa_private_key_t *this) } /** - * Implementation of openssl_rsa_private_key.destroy. + * Implementation of openssl_rsa_private_key.sign. */ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { switch (scheme) { - case SIGN_DEFAULT: - /* default is EMSA-PKCS1 using SHA1 */ + case SIGN_RSA_EMSA_PKCS1_NULL: + return build_emsa_pkcs1_signature(this, NID_undef, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA1: return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_SHA256: @@ -173,7 +181,7 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch } /** - * Implementation of openssl_rsa_private_key.destroy. + * Implementation of openssl_rsa_private_key.decrypt. */ static bool decrypt(private_openssl_rsa_private_key_t *this, chunk_t crypto, chunk_t *plain) @@ -183,7 +191,7 @@ static bool decrypt(private_openssl_rsa_private_key_t *this, } /** - * Implementation of openssl_rsa_private_key.destroy. + * Implementation of openssl_rsa_private_key.get_keysize. */ static size_t get_keysize(private_openssl_rsa_private_key_t *this) { @@ -191,7 +199,7 @@ static size_t get_keysize(private_openssl_rsa_private_key_t *this) } /** - * Implementation of openssl_rsa_private_key.destroy. + * Implementation of openssl_rsa_private_key.get_id. */ static identification_t* get_id(private_openssl_rsa_private_key_t *this, id_type_t type) @@ -208,7 +216,7 @@ static identification_t* get_id(private_openssl_rsa_private_key_t *this, } /** - * Implementation of openssl_rsa_private_key.destroy. + * Implementation of openssl_rsa_private_key.get_public_key. */ static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_t *this) { @@ -216,7 +224,35 @@ static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_ } /** - * Implementation of openssl_rsa_private_key.destroy. + * Implementation of openssl_rsa_private_key.equals. + */ +static bool equals(private_openssl_rsa_private_key_t *this, private_key_t *other) +{ + identification_t *keyid; + + if (&this->public.interface == other) + { + return TRUE; + } + if (other->get_type(other) != KEY_RSA) + { + return FALSE; + } + keyid = other->get_id(other, ID_PUBKEY_SHA1); + if (keyid && keyid->equals(keyid, this->keyid)) + { + return TRUE; + } + keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1); + if (keyid && keyid->equals(keyid, this->keyid_info)) + { + return TRUE; + } + return FALSE; +} + +/** + * Implementation of openssl_rsa_private_key.belongs_to. */ static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *public) { @@ -255,7 +291,7 @@ static chunk_t get_encoding(private_openssl_rsa_private_key_t *this) } /** - * Implementation of openssl_rsa_private_key.destroy. + * Implementation of openssl_rsa_private_key.get_ref. */ static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this) { @@ -288,16 +324,17 @@ static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(v { private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t); - this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type; - this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign; - this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt; - this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize; - this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id; - this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key; - this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to; - this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding; - this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref; - this->public.interface.destroy = (void (*)(private_key_t *this))destroy; + this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type; + this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign; + this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt; + this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize; + this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id; + this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key; + this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; + this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to; + this->public.interface.get_encoding = (chunk_t(*) (private_key_t*))get_encoding; + this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref; + this->public.interface.destroy = (void (*) (private_key_t*))destroy; this->engine = FALSE; this->keyid = NULL; |