From f73fba54dc8b30c6482e1e8abf15bbf455592fcd Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Sun, 28 Nov 2010 11:42:20 +0000 Subject: [svn-upgrade] new version strongswan (4.5.0) --- src/libstrongswan/plugins/gmp/Makefile.in | 20 +++- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c | 106 +++++++++-------- src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h | 11 ++ src/libstrongswan/plugins/gmp/gmp_plugin.c | 27 +++-- .../plugins/gmp/gmp_rsa_private_key.c | 127 +++++++++------------ .../plugins/gmp/gmp_rsa_private_key.h | 2 +- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c | 111 ++++++++---------- src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h | 2 +- 8 files changed, 205 insertions(+), 201 deletions(-) (limited to 'src/libstrongswan/plugins/gmp') diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index bd7100b27..b4ec1ed8d 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/lt~obsolete.m4 \ $(top_srcdir)/m4/macros/with.m4 \ $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) @@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ @@ -196,14 +199,17 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ +c_plugins = @c_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ gtk_CFLAGS = @gtk_CFLAGS@ gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ ipsecuid = @ipsecuid@ ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ libexecdir = @libexecdir@ -libhydra_plugins = @libhydra_plugins@ -libstrongswan_plugins = @libstrongswan_plugins@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ pdfdir = @pdfdir@ piddir = @piddir@ +pki_plugins = @pki_plugins@ plugindir = @plugindir@ pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ @@ -243,7 +256,10 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c index 4ee449890..e99502b27 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c @@ -85,10 +85,8 @@ struct private_gmp_diffie_hellman_t { bool computed; }; -/** - * Implementation of gmp_diffie_hellman_t.set_other_public_value. - */ -static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t value) +METHOD(diffie_hellman_t, set_other_public_value, void, + private_gmp_diffie_hellman_t *this, chunk_t value) { mpz_t p_min_1; @@ -146,10 +144,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v mpz_clear(p_min_1); } -/** - * Implementation of gmp_diffie_hellman_t.get_my_public_value. - */ -static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *value) +METHOD(diffie_hellman_t, get_my_public_value, void, + private_gmp_diffie_hellman_t *this,chunk_t *value) { value->len = this->p_len; value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya); @@ -159,10 +155,8 @@ static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *valu } } -/** - * Implementation of gmp_diffie_hellman_t.get_shared_secret. - */ -static status_t get_shared_secret(private_gmp_diffie_hellman_t *this, chunk_t *secret) +METHOD(diffie_hellman_t, get_shared_secret, status_t, + private_gmp_diffie_hellman_t *this, chunk_t *secret) { if (!this->computed) { @@ -177,18 +171,14 @@ static status_t get_shared_secret(private_gmp_diffie_hellman_t *this, chunk_t *s return SUCCESS; } -/** - * Implementation of gmp_diffie_hellman_t.get_dh_group. - */ -static diffie_hellman_group_t get_dh_group(private_gmp_diffie_hellman_t *this) +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_gmp_diffie_hellman_t *this) { return this->group; } -/** - * Implementation of gmp_diffie_hellman_t.destroy. - */ -static void destroy(private_gmp_diffie_hellman_t *this) +METHOD(diffie_hellman_t, destroy, void, + private_gmp_diffie_hellman_t *this) { mpz_clear(this->p); mpz_clear(this->xa); @@ -199,44 +189,38 @@ static void destroy(private_gmp_diffie_hellman_t *this) free(this); } -/* - * Described in header. +/** + * Generic internal constructor */ -gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) +static gmp_diffie_hellman_t *create_generic(diffie_hellman_group_t group, + size_t exp_len, chunk_t g, chunk_t p) { private_gmp_diffie_hellman_t *this; - diffie_hellman_params_t *params; - rng_t *rng; chunk_t random; + rng_t *rng; - params = diffie_hellman_get_params(group); - if (!params) - { - return NULL; - } - - this = malloc_thing(private_gmp_diffie_hellman_t); - - /* public functions */ - this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret; - this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value; - this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value; - this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group; - this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy; + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + .p_len = p.len, + ); - /* private variables */ - this->group = group; mpz_init(this->p); mpz_init(this->yb); mpz_init(this->ya); mpz_init(this->xa); mpz_init(this->zz); mpz_init(this->g); - - this->computed = FALSE; - this->p_len = params->prime.len; - mpz_import(this->p, params->prime.len, 1, 1, 1, 0, params->prime.ptr); - mpz_import(this->g, params->generator.len, 1, 1, 1, 0, params->generator.ptr); + mpz_import(this->g, g.len, 1, 1, 1, 0, g.ptr); + mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr); rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) @@ -247,10 +231,10 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) return NULL; } - rng->allocate_bytes(rng, params->exp_len, &random); + rng->allocate_bytes(rng, exp_len, &random); rng->destroy(rng); - if (params->exp_len == this->p_len) + if (exp_len == this->p_len) { /* achieve bitsof(p)-1 by setting MSB to 0 */ *random.ptr &= 0x7F; @@ -265,3 +249,29 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) return &this->public; } +/* + * Described in header. + */ +gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group) +{ + diffie_hellman_params_t *params; + + params = diffie_hellman_get_params(group); + if (!params) + { + return NULL; + } + return create_generic(group, params->exp_len, + params->generator, params->prime); +} + + +gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom( + diffie_hellman_group_t group, chunk_t g, chunk_t p) +{ + if (group == MODP_CUSTOM) + { + return create_generic(MODP_CUSTOM, p.len, g, p); + } + return NULL; +} diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h index 2a54eebb1..6d73c0863 100644 --- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h +++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h @@ -45,5 +45,16 @@ struct gmp_diffie_hellman_t { */ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group); +/** + * Creates a new gmp_diffie_hellman_t object for MODP_CUSTOM. + * + * @param group MODP_CUSTOM + * @param g generator + * @param p prime + * @return gmp_diffie_hellman_t object, NULL if not supported + */ +gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom( + diffie_hellman_group_t group, chunk_t g, chunk_t p); + #endif /** GMP_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index fbce9732f..9b4fad3da 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -33,13 +33,13 @@ struct private_gmp_plugin_t { gmp_plugin_t public; }; -/** - * Implementation of gmp_plugin_t.gmptroy - */ -static void destroy(private_gmp_plugin_t *this) +METHOD(plugin_t, destroy, void, + private_gmp_plugin_t *this) { lib->crypto->remove_dh(lib->crypto, (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->remove_dh(lib->crypto, + (dh_constructor_t)gmp_diffie_hellman_create_custom); lib->creds->remove_builder(lib->creds, (builder_function_t)gmp_rsa_private_key_gen); lib->creds->remove_builder(lib->creds, @@ -54,9 +54,15 @@ static void destroy(private_gmp_plugin_t *this) */ plugin_t *gmp_plugin_create() { - private_gmp_plugin_t *this = malloc_thing(private_gmp_plugin_t); + private_gmp_plugin_t *this; - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + INIT(this, + .public = { + .plugin = { + .destroy = _destroy, + }, + }, + ); lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, (dh_constructor_t)gmp_diffie_hellman_create); @@ -81,11 +87,14 @@ plugin_t *gmp_plugin_create() lib->crypto->add_dh(lib->crypto, MODP_768_BIT, (dh_constructor_t)gmp_diffie_hellman_create); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, + (dh_constructor_t)gmp_diffie_hellman_create_custom); + + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)gmp_rsa_private_key_gen); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE, (builder_function_t)gmp_rsa_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE, (builder_function_t)gmp_rsa_public_key_load); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index cc9985320..1b6c20817 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -209,7 +209,7 @@ static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data) } /** - * Implementation of gmp_rsa_private_key_t.build_emsa_pkcs1_signature. + * Build a signature using the PKCS#1 EMSA scheme */ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, @@ -250,7 +250,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, { free(digestInfo.ptr); DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len, - this->k * 8); + mpz_sizeinbase(this->n, 2)); return FALSE; } @@ -280,19 +280,15 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, return TRUE; } -/** - * Implementation of gmp_rsa_private_key.get_type. - */ -static key_type_t get_type(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, get_type, key_type_t, + private_gmp_rsa_private_key_t *this) { return KEY_RSA; } -/** - * Implementation of gmp_rsa_private_key.sign. - */ -static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t *signature) +METHOD(private_key_t, sign, bool, + private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t *signature) { switch (scheme) { @@ -317,15 +313,19 @@ static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme, } } -/** - * Implementation of gmp_rsa_private_key.decrypt. - */ -static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto, - chunk_t *plain) +METHOD(private_key_t, decrypt, bool, + private_gmp_rsa_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) { chunk_t em, stripped; bool success = FALSE; + if (scheme != ENCRYPT_RSA_PKCS1) + { + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); + return FALSE; + } /* rsa decryption using PKCS#1 RSADP */ stripped = em = rsadp(this, crypto); @@ -356,18 +356,14 @@ end: return success; } -/** - * Implementation of gmp_rsa_private_key.get_keysize. - */ -static size_t get_keysize(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, get_keysize, int, + private_gmp_rsa_private_key_t *this) { - return this->k; + return mpz_sizeinbase(this->n, 2); } -/** - * Implementation of gmp_rsa_private_key.get_public_key. - */ -static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, get_public_key, public_key_t*, + private_gmp_rsa_private_key_t *this) { chunk_t n, e; public_key_t *public; @@ -383,27 +379,9 @@ static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this) return public; } -/** - * Implementation of gmp_rsa_private_key.equals. - */ -static bool equals(private_gmp_rsa_private_key_t *this, private_key_t *other) -{ - return private_key_equals(&this->public.interface, other); -} - -/** - * Implementation of gmp_rsa_private_key.belongs_to. - */ -static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public) -{ - return private_key_belongs_to(&this->public.interface, public); -} - -/** - * Implementation of private_key_t.get_encoding - */ -static bool get_encoding(private_gmp_rsa_private_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(private_key_t, get_encoding, bool, + private_gmp_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { chunk_t n, e, d, p, q, exp1, exp2, coeff; bool success; @@ -435,11 +413,8 @@ static bool get_encoding(private_gmp_rsa_private_key_t *this, return success; } -/** - * Implementation of private_key_t.get_fingerprint - */ -static bool get_fingerprint(private_gmp_rsa_private_key_t *this, - cred_encoding_type_t type, chunk_t *fp) +METHOD(private_key_t, get_fingerprint, bool, + private_gmp_rsa_private_key_t *this, cred_encoding_type_t type, chunk_t *fp) { chunk_t n, e; bool success; @@ -459,19 +434,15 @@ static bool get_fingerprint(private_gmp_rsa_private_key_t *this, return success; } -/** - * Implementation of gmp_rsa_private_key.get_ref. - */ -static private_gmp_rsa_private_key_t* get_ref(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, get_ref, private_key_t*, + private_gmp_rsa_private_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.key; } -/** - * Implementation of gmp_rsa_private_key.destroy. - */ -static void destroy(private_gmp_rsa_private_key_t *this) +METHOD(private_key_t, destroy, void, + private_gmp_rsa_private_key_t *this) { if (ref_put(&this->ref)) { @@ -592,23 +563,27 @@ static status_t check(private_gmp_rsa_private_key_t *this) */ static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void) { - private_gmp_rsa_private_key_t *this = malloc_thing(private_gmp_rsa_private_key_t); - - this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type; - this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign; - this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt; - this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize; - this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key; - this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals; - this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to; - this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref; - this->public.interface.destroy = (void (*) (private_key_t*))destroy; - - this->ref = 1; + private_gmp_rsa_private_key_t *this; + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); return this; } diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h index db1fcf535..32e1f292c 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h @@ -34,7 +34,7 @@ struct gmp_rsa_private_key_t { /** * Implements private_key_t interface */ - private_key_t interface; + private_key_t key; }; /** diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index c114ae80d..a7ba80138 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -273,19 +273,15 @@ end: return success; } -/** - * Implementation of public_key_t.get_type. - */ -static key_type_t get_type(private_gmp_rsa_public_key_t *this) +METHOD(public_key_t, get_type, key_type_t, + private_gmp_rsa_public_key_t *this) { return KEY_RSA; } -/** - * Implementation of public_key_t.verify. - */ -static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, - chunk_t data, chunk_t signature) +METHOD(public_key_t, verify, bool, + private_gmp_rsa_public_key_t *this, signature_scheme_t scheme, + chunk_t data, chunk_t signature) { switch (scheme) { @@ -312,24 +308,21 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme #define MIN_PS_PADDING 8 -/** - * Implementation of public_key_t.encrypt. - */ -static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, - chunk_t *crypto) +METHOD(public_key_t, encrypt_, bool, + private_gmp_rsa_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypto) { chunk_t em; u_char *pos; int padding, i; rng_t *rng; - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (rng == NULL) + if (scheme != ENCRYPT_RSA_PKCS1) { - DBG1(DBG_LIB, "no random generator available"); + DBG1(DBG_LIB, "encryption scheme %N not supported", + encryption_scheme_names, scheme); return FALSE; } - /* number of pseudo-random padding octets */ padding = this->k - plain.len - 3; if (padding < MIN_PS_PADDING) @@ -338,6 +331,12 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, MIN_PS_PADDING); return FALSE; } + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (rng == NULL) + { + DBG1(DBG_LIB, "no random generator available"); + return FALSE; + } /* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */ DBG2(DBG_LIB, "padding %u bytes of data to the rsa modulus size of" @@ -376,27 +375,15 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain, return TRUE; } -/** - * Implementation of gmp_rsa_public_key.equals. - */ -static bool equals(private_gmp_rsa_public_key_t *this, public_key_t *other) -{ - return public_key_equals(&this->public.interface, other); -} - -/** - * Implementation of public_key_t.get_keysize. - */ -static size_t get_keysize(private_gmp_rsa_public_key_t *this) +METHOD(public_key_t, get_keysize, int, + private_gmp_rsa_public_key_t *this) { - return this->k; + return mpz_sizeinbase(this->n, 2); } -/** - * Implementation of public_key_t.get_encoding - */ -static bool get_encoding(private_gmp_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(public_key_t, get_encoding, bool, + private_gmp_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) { chunk_t n, e; bool success; @@ -412,11 +399,8 @@ static bool get_encoding(private_gmp_rsa_public_key_t *this, return success; } -/** - * Implementation of public_key_t.get_fingerprint - */ -static bool get_fingerprint(private_gmp_rsa_public_key_t *this, - cred_encoding_type_t type, chunk_t *fp) +METHOD(public_key_t, get_fingerprint, bool, + private_gmp_rsa_public_key_t *this, cred_encoding_type_t type, chunk_t *fp) { chunk_t n, e; bool success; @@ -436,19 +420,15 @@ static bool get_fingerprint(private_gmp_rsa_public_key_t *this, return success; } -/** - * Implementation of public_key_t.get_ref. - */ -static private_gmp_rsa_public_key_t* get_ref(private_gmp_rsa_public_key_t *this) +METHOD(public_key_t, get_ref, public_key_t*, + private_gmp_rsa_public_key_t *this) { ref_get(&this->ref); - return this; + return &this->public.key; } -/** - * Implementation of gmp_rsa_public_key.destroy. - */ -static void destroy(private_gmp_rsa_public_key_t *this) +METHOD(public_key_t, destroy, void, + private_gmp_rsa_public_key_t *this) { if (ref_put(&this->ref)) { @@ -490,20 +470,23 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args) return NULL; } - this = malloc_thing(private_gmp_rsa_public_key_t); - - this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type; - this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify; - this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_; - this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals; - this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize; - this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint; - this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint; - this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding; - this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref; - this->public.interface.destroy = (void (*) (public_key_t *this))destroy; - - this->ref = 1; + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt_, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); mpz_init(this->n); mpz_init(this->e); diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h index 807f0bb7c..14dd71e0b 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h @@ -35,7 +35,7 @@ struct gmp_rsa_public_key_t { /** * Implements the public_key_t interface */ - public_key_t interface; + public_key_t key; }; /** -- cgit v1.2.3