From 7585facf05d927eb6df3929ce09ed5e60d905437 Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Thu, 7 Feb 2013 13:27:27 +0100 Subject: Imported Upstream version 5.0.2 --- src/libstrongswan/plugins/gmp/Makefile.in | 32 ++- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 2 +- .../plugins/gmp/gmp_rsa_private_key.c | 309 ++++++++++++++------- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 4 +- 4 files changed, 234 insertions(+), 113 deletions(-) (limited to 'src/libstrongswan/plugins/gmp') diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index f1bb28c1f..aeb48ff8a 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -1,9 +1,9 @@ -# Makefile.in generated by automake 1.11.1 from Makefile.am. +# Makefile.in generated by automake 1.11.3 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -# Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software +# Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -73,6 +73,12 @@ am__nobase_list = $(am__nobase_strip_setup); \ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_gmp_la_DEPENDENCIES = @@ -121,6 +127,7 @@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ @@ -148,6 +155,7 @@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ MYSQLCFLAG = @MYSQLCFLAG@ MYSQLCONFIG = @MYSQLCONFIG@ @@ -175,6 +183,7 @@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ @@ -187,6 +196,7 @@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ @@ -240,7 +250,6 @@ libexecdir = @libexecdir@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -lt_ECHO = @lt_ECHO@ maemo_CFLAGS = @maemo_CFLAGS@ maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ @@ -373,7 +382,7 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-gmp.la: $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_DEPENDENCIES) +libstrongswan-gmp.la: $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_DEPENDENCIES) $(EXTRA_libstrongswan_gmp_la_DEPENDENCIES) $(libstrongswan_gmp_la_LINK) $(am_libstrongswan_gmp_la_rpath) $(libstrongswan_gmp_la_OBJECTS) $(libstrongswan_gmp_la_LIBADD) $(LIBS) mostlyclean-compile: @@ -513,10 +522,15 @@ install-am: all-am installcheck: installcheck-am install-strip: - $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ - install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ - `test -z '$(STRIP)' || \ - echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi mostlyclean-generic: clean-generic: diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index 7d232e4f1..b74d35169 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -21,7 +21,7 @@ #include "gmp_diffie_hellman.h" -#include +#include #ifdef HAVE_MPZ_POWM_SEC # undef mpz_powm diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 590ab6cb4..052b10741 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -1,7 +1,8 @@ /* - * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2005-2009 Martin Willi + * Copyright (C) 2012 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -22,7 +23,7 @@ #include "gmp_rsa_private_key.h" #include "gmp_rsa_public_key.h" -#include +#include #include #include #include @@ -69,9 +70,14 @@ struct private_gmp_rsa_private_key_t { mpz_t q; /** - * Private exponent. + * Carmichael function m = lambda(n) = lcm(p-1,q-1). + */ + mpz_t m; + + /** + * Private exponent and optional secret sharing polynomial coefficients. */ - mpz_t d; + mpz_t *d; /** * Private exponent 1. @@ -88,6 +94,21 @@ struct private_gmp_rsa_private_key_t { */ mpz_t coeff; + /** + * Total number of private key shares + */ + u_int shares; + + /** + * Secret sharing threshold + */ + u_int threshold; + + /** + * Optional verification key (threshold > 1). + */ + mpz_t v; + /** * Keysize in bytes. */ @@ -121,22 +142,22 @@ chunk_t gmp_mpz_to_chunk(const mpz_t value) static void mpz_clear_sensitive(mpz_t z) { size_t len = mpz_size(z) * GMP_LIMB_BITS / BITS_PER_BYTE; - u_int8_t *random = alloca(len); + u_int8_t *zeros = alloca(len); - memset(random, 0, len); + memset(zeros, 0, len); /* overwrite mpz_t with zero bytes before clearing it */ - mpz_import(z, len, 1, 1, 1, 0, random); + mpz_import(z, len, 1, 1, 1, 0, zeros); mpz_clear(z); } /** * Create a mpz prime of at least prime_size */ -static status_t compute_prime(private_gmp_rsa_private_key_t *this, - size_t prime_size, mpz_t *prime) +static status_t compute_prime(size_t prime_size, bool safe, mpz_t *p, mpz_t *q) { rng_t *rng; chunk_t random_bytes; + int count = 0; rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); if (!rng) @@ -146,26 +167,53 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this, return FAILED; } - mpz_init(*prime); + mpz_init(*p); + mpz_init(*q); + do { if (!rng->allocate_bytes(rng, prime_size, &random_bytes)) { DBG1(DBG_LIB, "failed to allocate random prime"); + mpz_clear(*p); + mpz_clear(*q); rng->destroy(rng); return FAILED; } - /* make sure the two most significant bits are set */ - random_bytes.ptr[0] = random_bytes.ptr[0] | 0xC0; - mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); - mpz_nextprime (*prime, *prime); + /* make sure the two most significant bits are set */ + if (safe) + { + random_bytes.ptr[0] &= 0x7F; + random_bytes.ptr[0] |= 0x60; + mpz_import(*q, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); + do + { + count++; + mpz_nextprime (*q, *q); + mpz_mul_ui(*p, *q, 2); + mpz_add_ui(*p, *p, 1); + } + while (mpz_probab_prime_p(*p, 10) == 0); + DBG2(DBG_LIB, "safe prime found after %d iterations", count); + } + else + { + random_bytes.ptr[0] |= 0xC0; + mpz_import(*p, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); + mpz_nextprime (*p, *p); + } chunk_clear(&random_bytes); } - /* check if it isn't too large */ - while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size); + + /* check if the prime isn't too large */ + while (((mpz_sizeinbase(*p, 2) + 7) / 8) > prime_size); rng->destroy(rng); + + /* additionally return p-1 */ + mpz_sub_ui(*q, *p, 1); + return SUCCESS; } @@ -393,7 +441,7 @@ METHOD(private_key_t, get_encoding, bool, n = gmp_mpz_to_chunk(this->n); e = gmp_mpz_to_chunk(this->e); - d = gmp_mpz_to_chunk(this->d); + d = gmp_mpz_to_chunk(*this->d); p = gmp_mpz_to_chunk(this->p); q = gmp_mpz_to_chunk(this->q); exp1 = gmp_mpz_to_chunk(this->exp1); @@ -451,14 +499,24 @@ METHOD(private_key_t, destroy, void, { if (ref_put(&this->ref)) { - mpz_clear_sensitive(this->n); - mpz_clear_sensitive(this->e); + int i; + + mpz_clear(this->n); + mpz_clear(this->e); + mpz_clear(this->v); mpz_clear_sensitive(this->p); mpz_clear_sensitive(this->q); - mpz_clear_sensitive(this->d); + mpz_clear_sensitive(this->m); mpz_clear_sensitive(this->exp1); mpz_clear_sensitive(this->exp2); mpz_clear_sensitive(this->coeff); + + for (i = 0; i < this->threshold; i++) + { + mpz_clear_sensitive(*this->d + i); + } + free(this->d); + lib->encoding->clear_cache(lib->encoding, this); free(this); } @@ -469,7 +527,7 @@ METHOD(private_key_t, destroy, void, */ static status_t check(private_gmp_rsa_private_key_t *this) { - mpz_t t, u, q1; + mpz_t u, p1, q1; status_t status = SUCCESS; /* PKCS#1 1.5 section 6 requires modulus to have at least 12 octets. @@ -488,10 +546,14 @@ static status_t check(private_gmp_rsa_private_key_t *this) return FAILED; } - mpz_init(t); mpz_init(u); + mpz_init(p1); mpz_init(q1); + /* precompute p1 = p-1 and q1 = q-1 */ + mpz_sub_ui(p1, this->p, 1); + mpz_sub_ui(q1, this->q, 1); + /* check that n == p * q */ mpz_mul(u, this->p, this->q); if (mpz_cmp(u, this->n) != 0) @@ -500,62 +562,54 @@ static status_t check(private_gmp_rsa_private_key_t *this) } /* check that e divides neither p-1 nor q-1 */ - mpz_sub_ui(t, this->p, 1); - mpz_mod(t, t, this->e); - if (mpz_cmp_ui(t, 0) == 0) + mpz_mod(u, p1, this->e); + if (mpz_cmp_ui(u, 0) == 0) { status = FAILED; } - mpz_sub_ui(t, this->q, 1); - mpz_mod(t, t, this->e); - if (mpz_cmp_ui(t, 0) == 0) + mpz_mod(u, q1, this->e); + if (mpz_cmp_ui(u, 0) == 0) { status = FAILED; } /* check that d is e^-1 (mod lcm(p-1, q-1)) */ /* see PKCS#1v2, aka RFC 2437, for the "lcm" */ - mpz_sub_ui(q1, this->q, 1); - mpz_sub_ui(u, this->p, 1); - mpz_gcd(t, u, q1); /* t := gcd(p-1, q-1) */ - mpz_mul(u, u, q1); /* u := (p-1) * (q-1) */ - mpz_divexact(u, u, t); /* u := lcm(p-1, q-1) */ - - mpz_mul(t, this->d, this->e); - mpz_mod(t, t, u); - if (mpz_cmp_ui(t, 1) != 0) + mpz_lcm(this->m, p1, q1); + mpz_mul(u, *this->d, this->e); + mpz_mod(u, u, this->m); + if (mpz_cmp_ui(u, 1) != 0) { status = FAILED; } /* check that exp1 is d mod (p-1) */ - mpz_sub_ui(u, this->p, 1); - mpz_mod(t, this->d, u); - if (mpz_cmp(t, this->exp1) != 0) + mpz_mod(u, *this->d, p1); + if (mpz_cmp(u, this->exp1) != 0) { status = FAILED; } /* check that exp2 is d mod (q-1) */ - mpz_sub_ui(u, this->q, 1); - mpz_mod(t, this->d, u); - if (mpz_cmp(t, this->exp2) != 0) + mpz_mod(u, *this->d, q1); + if (mpz_cmp(u, this->exp2) != 0) { status = FAILED; } /* check that coeff is (q^-1) mod p */ - mpz_mul(t, this->coeff, this->q); - mpz_mod(t, t, this->p); - if (mpz_cmp_ui(t, 1) != 0) + mpz_mul(u, this->coeff, this->q); + mpz_mod(u, u, this->p); + if (mpz_cmp_ui(u, 1) != 0) { status = FAILED; } - mpz_clear_sensitive(t); mpz_clear_sensitive(u); + mpz_clear_sensitive(p1); mpz_clear_sensitive(q1); + if (status != SUCCESS) { DBG1(DBG_LIB, "key integrity tests failed"); @@ -587,6 +641,7 @@ static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void) .destroy = _destroy, }, }, + .threshold = 1, .ref = 1, ); return this; @@ -597,9 +652,11 @@ static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void) */ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args) { - mpz_t p, q, n, e, d, exp1, exp2, coeff, m, q1, t; private_gmp_rsa_private_key_t *this; - u_int key_size = 0; + u_int key_size = 0, shares = 0, threshold = 1; + bool safe_prime = FALSE, rng_failed = FALSE, invert_failed = FALSE; + mpz_t p, q, p1, q1, d; +; while (TRUE) { @@ -608,6 +665,15 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args) case BUILD_KEY_SIZE: key_size = va_arg(args, u_int); continue; + case BUILD_SAFE_PRIMES: + safe_prime = TRUE; + continue; + case BUILD_SHARES: + shares = va_arg(args, u_int); + continue; + case BUILD_THRESHOLD: + threshold = va_arg(args, u_int); + continue; case BUILD_END: break; default: @@ -619,76 +685,112 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args) { return NULL; } - - this = gmp_rsa_private_key_create_empty(); key_size = key_size / BITS_PER_BYTE; /* Get values of primes p and q */ - if (compute_prime(this, key_size/2, &p) != SUCCESS) + if (compute_prime(key_size/2, safe_prime, &p, &p1) != SUCCESS) { - free(this); return NULL; } - if (compute_prime(this, key_size/2, &q) != SUCCESS) + if (compute_prime(key_size/2, safe_prime, &q, &q1) != SUCCESS) { mpz_clear(p); - free(this); + mpz_clear(p1); return NULL; } - mpz_init(t); - mpz_init(n); - mpz_init(d); - mpz_init(exp1); - mpz_init(exp2); - mpz_init(coeff); - /* Swapping Primes so p is larger then q */ if (mpz_cmp(p, q) < 0) { mpz_swap(p, q); + mpz_swap(p1, q1); } - mpz_mul(n, p, q); /* n = p*q */ - mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */ - mpz_init_set(m, p); /* m = p */ - mpz_sub_ui(m, m, 1); /* m = m -1 */ - mpz_init_set(q1, q); /* q1 = q */ - mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */ - mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */ - mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */ - mpz_divexact(m, m, t); /* m = m / t */ - mpz_gcd(t, m, e); /* t = gcd(m, e) */ + /* Create and initialize RSA private key object */ + this = gmp_rsa_private_key_create_empty(); + this->shares = shares; + this->threshold = threshold; + this->d = malloc(threshold * sizeof(mpz_t)); + *this->p = *p; + *this->q = *q; - mpz_invert(d, e, m); /* e has an inverse mod m */ - if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */ - { - mpz_add(d, d, m); - } - mpz_sub_ui(t, p, 1); /* t = p-1 */ - mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */ - mpz_sub_ui(t, q, 1); /* t = q-1 */ - mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */ + mpz_init_set_ui(this->e, PUBLIC_EXPONENT); + mpz_init(this->n); + mpz_init(this->m); + mpz_init(this->exp1); + mpz_init(this->exp2); + mpz_init(this->coeff); + mpz_init(this->v); + mpz_init(d); - mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */ - if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */ + mpz_mul(this->n, p, q); /* n = p*q */ + mpz_lcm(this->m, p1, q1); /* m = lcm(p-1,q-1) */ + mpz_invert(d, this->e, this->m); /* e has an inverse mod m */ + mpz_mod(this->exp1, d, p1); /* exp1 = d mod p-1 */ + mpz_mod(this->exp2, d, q1); /* exp2 = d mod q-1 */ + mpz_invert(this->coeff, q, p); /* coeff = q^-1 mod p */ + + invert_failed = mpz_cmp_ui(this->m, 0) == 0 || + mpz_cmp_ui(this->coeff, 0) == 0; + + /* store secret exponent d */ + (*this->d)[0] = *d; + + /* generate and store random coefficients of secret sharing polynomial */ + if (threshold > 1) { - mpz_add(coeff, coeff, p); + rng_t *rng; + chunk_t random_bytes; + mpz_t u; + int i; + + rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); + mpz_init(u); + + for (i = 1; i < threshold; i++) + { + mpz_init(d); + + if (!rng->allocate_bytes(rng, key_size, &random_bytes)) + { + rng_failed = TRUE; + continue; + } + mpz_import(d, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); + mpz_mod(d, d, this->m); + (*this->d)[i] = *d; + chunk_clear(&random_bytes); + } + + /* generate verification key v as a square number */ + do + { + if (!rng->allocate_bytes(rng, key_size, &random_bytes)) + { + rng_failed = TRUE; + break; + } + mpz_import(this->v, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr); + mpz_mul(this->v, this->v, this->v); + mpz_mod(this->v, this->v, this->n); + mpz_gcd(u, this->v, this->n); + chunk_free(&random_bytes); + } + while (mpz_cmp_ui(u, 1) != 0); + + mpz_clear(u); + rng->destroy(rng); } + mpz_clear_sensitive(p1); mpz_clear_sensitive(q1); - mpz_clear_sensitive(m); - mpz_clear_sensitive(t); - - /* apply values */ - *(this->p) = *p; - *(this->q) = *q; - *(this->n) = *n; - *(this->e) = *e; - *(this->d) = *d; - *(this->exp1) = *exp1; - *(this->exp2) = *exp2; - *(this->coeff) = *coeff; + + if (rng_failed || invert_failed) + { + DBG1(DBG_LIB, "rsa key generation failed"); + destroy(this); + return NULL; + } /* set key size in bytes */ this->k = key_size; @@ -701,8 +803,8 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_gen(key_type_t type, va_list args) */ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args) { - chunk_t n, e, d, p, q, exp1, exp2, coeff; private_gmp_rsa_private_key_t *this; + chunk_t n, e, d, p, q, exp1, exp2, coeff; n = e = d = p = q = exp1 = exp2 = coeff = chunk_empty; while (TRUE) @@ -743,25 +845,28 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args) this = gmp_rsa_private_key_create_empty(); + this->d = malloc(sizeof(mpz_t)); mpz_init(this->n); mpz_init(this->e); + mpz_init(*this->d); mpz_init(this->p); mpz_init(this->q); - mpz_init(this->d); + mpz_init(this->m); mpz_init(this->exp1); mpz_init(this->exp2); mpz_init(this->coeff); + mpz_init(this->v); mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr); mpz_import(this->e, e.len, 1, 1, 1, 0, e.ptr); - mpz_import(this->d, d.len, 1, 1, 1, 0, d.ptr); + mpz_import(*this->d, d.len, 1, 1, 1, 0, d.ptr); mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr); mpz_import(this->q, q.len, 1, 1, 1, 0, q.ptr); mpz_import(this->coeff, coeff.len, 1, 1, 1, 0, coeff.ptr); if (!exp1.len) { /* exp1 missing in key, recalculate: exp1 = d mod (p-1) */ mpz_sub_ui(this->exp1, this->p, 1); - mpz_mod(this->exp1, this->d, this->exp1); + mpz_mod(this->exp1, *this->d, this->exp1); } else { @@ -770,7 +875,7 @@ gmp_rsa_private_key_t *gmp_rsa_private_key_load(key_type_t type, va_list args) if (!exp2.len) { /* exp2 missing in key, recalculate: exp2 = d mod (q-1) */ mpz_sub_ui(this->exp2, this->q, 1); - mpz_mod(this->exp2, this->d, this->exp2); + mpz_mod(this->exp2, *this->d, this->exp2); } else { diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 2d84f0025..ad659e4d7 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -22,7 +22,7 @@ #include "gmp_rsa_public_key.h" -#include +#include #include #include #include @@ -361,6 +361,8 @@ METHOD(public_key_t, encrypt_, bool, } rng->destroy(rng); + pos += padding; + /* append the padding terminator */ *pos++ = 0x00; -- cgit v1.2.3