- some improvements to new asn1 stuff
[strongswan.git] / Source / lib / crypto / rsa / rsa_private_key.c
1 /**
2 * @file rsa_private_key.c
3 *
4 * @brief Implementation of rsa_private_key_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <gmp.h>
24 #include <sys/stat.h>
25 #include <unistd.h>
26 #include <string.h>
27
28 #include "rsa_private_key.h"
29
30 #include <daemon.h>
31 #ifdef NEW_ASN1
32 # include <asn1/asn1.h>
33 # include <asn1/der_decoder.h>
34 #else
35 # include <asn1-pluto/asn1-pluto.h>
36 #endif
37
38
39 /*
40 * Oids for hash algorithms are defined in
41 * rsa_public_key.c.
42 */
43 extern u_int8_t md2_oid[18];
44 extern u_int8_t md5_oid[18];
45 extern u_int8_t sha1_oid[15];
46 extern u_int8_t sha256_oid[19];
47 extern u_int8_t sha384_oid[19];
48 extern u_int8_t sha512_oid[19];
49
50
51 /**
52 * Public exponent to use for key generation.
53 */
54 #define PUBLIC_EXPONENT 0x10001
55
56
57 typedef struct private_rsa_private_key_t private_rsa_private_key_t;
58
59 /**
60 * Private data of a rsa_private_key_t object.
61 */
62 struct private_rsa_private_key_t {
63 /**
64 * Public interface for this signer.
65 */
66 rsa_private_key_t public;
67
68 /**
69 * Version of key, as encoded in PKCS#1
70 */
71 u_int version;
72
73 /**
74 * Public modulus.
75 */
76 mpz_t n;
77
78 /**
79 * Public exponent.
80 */
81 mpz_t e;
82
83 /**
84 * Private prime 1.
85 */
86 mpz_t p;
87
88 /**
89 * Private Prime 2.
90 */
91 mpz_t q;
92
93 /**
94 * Private exponent.
95 */
96 mpz_t d;
97
98 /**
99 * Private exponent 1.
100 */
101 mpz_t exp1;
102
103 /**
104 * Private exponent 2.
105 */
106 mpz_t exp2;
107
108 /**
109 * Private coefficient.
110 */
111 mpz_t coeff;
112
113 /**
114 * Keysize in bytes.
115 */
116 size_t k;
117
118 /**
119 * @brief Implements the RSADP algorithm specified in PKCS#1.
120 *
121 * @param this calling object
122 * @param data data to process
123 * @return processed data
124 */
125 chunk_t (*rsadp) (private_rsa_private_key_t *this, chunk_t data);
126
127 /**
128 * @brief Implements the RSASP1 algorithm specified in PKCS#1.
129 * @param this calling object
130 * @param data data to process
131 * @return processed data
132 */
133 chunk_t (*rsasp1) (private_rsa_private_key_t *this, chunk_t data);
134
135 /**
136 * @brief Generate a prime value.
137 *
138 * @param this calling object
139 * @param prime_size size of the prime, in bytes
140 * @param[out] prime uninitialized mpz
141 */
142 status_t (*compute_prime) (private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime);
143
144 };
145
146 #ifdef NEW_ASN1
147 /**
148 * Rules for de-/encoding of a private key from/in ASN1
149 */
150 static asn1_rule_t rsa_private_key_rules[] = {
151 {ASN1_SEQUENCE, 0, 0, 0},
152 { ASN1_INTEGER, 0, offsetof(private_rsa_private_key_t, version), 0},
153 { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, n), 0},
154 { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, e), 0},
155 { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, d), 0},
156 { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, p), 0},
157 { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, q), 0},
158 { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp1), 0},
159 { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp2), 0},
160 { ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, coeff), 0},
161 {ASN1_END, 0, 0, 0},
162 };
163 #else
164 struct {
165 const char *name;
166 size_t offset;
167 } RSA_private_field[] = {
168 { "Modulus", offsetof(private_rsa_private_key_t, n) },
169 { "PublicExponent", offsetof(private_rsa_private_key_t, e) },
170 { "PrivateExponent", offsetof(private_rsa_private_key_t, d) },
171 { "Prime1", offsetof(private_rsa_private_key_t, p) },
172 { "Prime2", offsetof(private_rsa_private_key_t, q) },
173 { "Exponent1", offsetof(private_rsa_private_key_t, exp1) },
174 { "Exponent2", offsetof(private_rsa_private_key_t, exp2) },
175 { "Coefficient", offsetof(private_rsa_private_key_t, coeff) },
176 };
177
178 /* ASN.1 definition of a PKCS#1 RSA private key */
179
180 static const asn1Object_t privkeyObjects[] = {
181 { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
182 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
183 { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
184 { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
185 { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
186 { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
187 { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
188 { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
189 { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
190 { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
191 { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
192 ASN1_LOOP }, /* 10 */
193 { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
194 { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
195 { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
196 { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
197 { 1, "end opt or loop", ASN1_EOC, ASN1_END } /* 15 */
198 };
199
200 #define PKCS1_PRIV_KEY_VERSION 1
201 #define PKCS1_PRIV_KEY_MODULUS 2
202 #define PKCS1_PRIV_KEY_PUB_EXP 3
203 #define PKCS1_PRIV_KEY_COEFF 9
204 #define PKCS1_PRIV_KEY_ROOF 16
205 #endif
206
207
208 static private_rsa_private_key_t *rsa_private_key_create_empty();
209
210 /**
211 * Implementation of private_rsa_private_key_t.compute_prime.
212 */
213 static status_t compute_prime(private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime)
214 {
215 randomizer_t *randomizer;
216 chunk_t random_bytes;
217 status_t status;
218
219 randomizer = randomizer_create();
220 mpz_init(*prime);
221
222 do
223 {
224 status = randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes);
225 if (status != SUCCESS)
226 {
227 randomizer->destroy(randomizer);
228 mpz_clear(*prime);
229 return FAILED;
230 }
231
232 /* make sure most significant bit is set */
233 random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
234
235 /* convert chunk to mpz value */
236 mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
237
238 /* get next prime */
239 mpz_nextprime (*prime, *prime);
240
241 free(random_bytes.ptr);
242 }
243 /* check if it isnt too large */
244 while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
245
246 randomizer->destroy(randomizer);
247 return SUCCESS;
248 }
249
250 /**
251 * Implementation of private_rsa_private_key_t.rsadp and private_rsa_private_key_t.rsasp1.
252 */
253 static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data)
254 {
255 mpz_t t1, t2;
256 chunk_t decrypted;
257
258 mpz_init(t1);
259 mpz_init(t2);
260
261 mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
262
263 mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
264 mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
265 mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
266 mpz_mod(t2, t2, this->p);
267 mpz_mul(t2, t2, this->coeff);
268 mpz_mod(t2, t2, this->p);
269
270 mpz_mul(t2, t2, this->q); /* m = m2 + h q */
271 mpz_add(t1, t1, t2);
272
273 decrypted.len = this->k;
274 decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
275
276 mpz_clear(t1);
277 mpz_clear(t2);
278
279 return decrypted;
280 }
281
282 /**
283 * Implementation of rsa_private_key.build_emsa_signature.
284 */
285 static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature)
286 {
287 hasher_t *hasher;
288 chunk_t hash;
289 chunk_t oid;
290 chunk_t em;
291
292 /* get oid string prepended to hash */
293 switch (hash_algorithm)
294 {
295 case HASH_MD2:
296 {
297 oid.ptr = md2_oid;
298 oid.len = sizeof(md2_oid);
299 break;
300 }
301 case HASH_MD5:
302 {
303 oid.ptr = md5_oid;
304 oid.len = sizeof(md5_oid);
305 break;
306 }
307 case HASH_SHA1:
308 {
309 oid.ptr = sha1_oid;
310 oid.len = sizeof(sha1_oid);
311 break;
312 }
313 case HASH_SHA256:
314 {
315 oid.ptr = sha256_oid;
316 oid.len = sizeof(sha256_oid);
317 break;
318 }
319 case HASH_SHA384:
320 {
321 oid.ptr = sha384_oid;
322 oid.len = sizeof(sha384_oid);
323 break;
324 }
325 case HASH_SHA512:
326 {
327 oid.ptr = sha512_oid;
328 oid.len = sizeof(sha512_oid);
329 break;
330 }
331 default:
332 {
333 return NOT_SUPPORTED;
334 }
335 }
336
337 /* get hasher */
338 hasher = hasher_create(hash_algorithm);
339 if (hasher == NULL)
340 {
341 return NOT_SUPPORTED;
342 }
343
344 /* build hash */
345 hasher->allocate_hash(hasher, data, &hash);
346 hasher->destroy(hasher);
347
348 /* build chunk to rsa-decrypt:
349 * EM = 0x00 || 0x01 || PS || 0x00 || T.
350 * PS = 0xFF padding, with length to fill em
351 * T = oid || hash
352 */
353 em.len = this->k;
354 em.ptr = malloc(em.len);
355
356 /* fill em with padding */
357 memset(em.ptr, 0xFF, em.len);
358 /* set magic bytes */
359 *(em.ptr) = 0x00;
360 *(em.ptr+1) = 0x01;
361 *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00;
362 /* set hash */
363 memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len);
364 /* set oid */
365 memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len);
366
367
368 /* build signature */
369 *signature = this->rsasp1(this, em);
370
371 free(hash.ptr);
372 free(em.ptr);
373
374 return SUCCESS;
375 }
376
377 /**
378 * Implementation of rsa_private_key.get_key.
379 */
380 static status_t get_key(private_rsa_private_key_t *this, chunk_t *key)
381 {
382 chunk_t n, e, p, q, d, exp1, exp2, coeff;
383
384 n.len = this->k;
385 n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
386 e.len = this->k;
387 e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
388 p.len = this->k;
389 p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p);
390 q.len = this->k;
391 q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q);
392 d.len = this->k;
393 d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d);
394 exp1.len = this->k;
395 exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1);
396 exp2.len = this->k;
397 exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2);
398 coeff.len = this->k;
399 coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff);
400
401 key->len = this->k * 8;
402 key->ptr = malloc(key->len);
403 memcpy(key->ptr + this->k * 0, n.ptr , n.len);
404 memcpy(key->ptr + this->k * 1, e.ptr, e.len);
405 memcpy(key->ptr + this->k * 2, p.ptr, p.len);
406 memcpy(key->ptr + this->k * 3, q.ptr, q.len);
407 memcpy(key->ptr + this->k * 4, d.ptr, d.len);
408 memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len);
409 memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len);
410 memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len);
411
412 free(n.ptr);
413 free(e.ptr);
414 free(p.ptr);
415 free(q.ptr);
416 free(d.ptr);
417 free(exp1.ptr);
418 free(exp2.ptr);
419 free(coeff.ptr);
420
421 return SUCCESS;
422 }
423
424 /**
425 * Implementation of rsa_private_key.save_key.
426 */
427 static status_t save_key(private_rsa_private_key_t *this, char *file)
428 {
429 return NOT_SUPPORTED;
430 }
431
432 /**
433 * Implementation of rsa_private_key.get_public_key.
434 */
435 rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
436 {
437 return NULL;
438 }
439
440 /**
441 * Implementation of rsa_private_key.belongs_to.
442 */
443 static bool belongs_to(private_rsa_private_key_t *this, rsa_public_key_t *public)
444 {
445 if (mpz_cmp(this->n, *public->get_modulus(public)) == 0)
446 {
447 return TRUE;
448 }
449 return FALSE;
450 }
451
452 /**
453 * Check the loaded key if it is valid and usable
454 * TODO: Log errors
455 */
456 static status_t check(private_rsa_private_key_t *this)
457 {
458 mpz_t t, u, q1;
459 status_t status = SUCCESS;
460
461 /* PKCS#1 1.5 section 6 requires modulus to have at least 12 octets.
462 * We actually require more (for security).
463 */
464 if (this->k < 512/8)
465 {
466 return FAILED;
467 }
468
469 /* we picked a max modulus size to simplify buffer allocation */
470 if (this->k > 8192/8)
471 {
472 return FAILED;
473 }
474
475 mpz_init(t);
476 mpz_init(u);
477 mpz_init(q1);
478
479 /* check that n == p * q */
480 mpz_mul(u, this->p, this->q);
481 if (mpz_cmp(u, this->n) != 0)
482 {
483 status = FAILED;
484 }
485
486 /* check that e divides neither p-1 nor q-1 */
487 mpz_sub_ui(t, this->p, 1);
488 mpz_mod(t, t, this->e);
489 if (mpz_cmp_ui(t, 0) == 0)
490 {
491 status = FAILED;
492 }
493
494 mpz_sub_ui(t, this->q, 1);
495 mpz_mod(t, t, this->e);
496 if (mpz_cmp_ui(t, 0) == 0)
497 {
498 status = FAILED;
499 }
500
501 /* check that d is e^-1 (mod lcm(p-1, q-1)) */
502 /* see PKCS#1v2, aka RFC 2437, for the "lcm" */
503 mpz_sub_ui(q1, this->q, 1);
504 mpz_sub_ui(u, this->p, 1);
505 mpz_gcd(t, u, q1); /* t := gcd(p-1, q-1) */
506 mpz_mul(u, u, q1); /* u := (p-1) * (q-1) */
507 mpz_divexact(u, u, t); /* u := lcm(p-1, q-1) */
508
509 mpz_mul(t, this->d, this->e);
510 mpz_mod(t, t, u);
511 if (mpz_cmp_ui(t, 1) != 0)
512 {
513 status = FAILED;
514 }
515
516 /* check that exp1 is d mod (p-1) */
517 mpz_sub_ui(u, this->p, 1);
518 mpz_mod(t, this->d, u);
519 if (mpz_cmp(t, this->exp1) != 0)
520 {
521 status = FAILED;
522 }
523
524 /* check that exp2 is d mod (q-1) */
525 mpz_sub_ui(u, this->q, 1);
526 mpz_mod(t, this->d, u);
527 if (mpz_cmp(t, this->exp2) != 0)
528 {
529 status = FAILED;
530 }
531
532 /* check that coeff is (q^-1) mod p */
533 mpz_mul(t, this->coeff, this->q);
534 mpz_mod(t, t, this->p);
535 if (mpz_cmp_ui(t, 1) != 0)
536 {
537 status = FAILED;
538 }
539
540 mpz_clear(t);
541 mpz_clear(u);
542 mpz_clear(q1);
543 return status;
544 }
545
546 /**
547 * Implementation of rsa_private_key.clone.
548 */
549 static rsa_private_key_t* _clone(private_rsa_private_key_t *this)
550 {
551 private_rsa_private_key_t *clone = rsa_private_key_create_empty();
552
553 mpz_init_set(clone->n, this->n);
554 mpz_init_set(clone->e, this->e);
555 mpz_init_set(clone->p, this->p);
556 mpz_init_set(clone->q, this->q);
557 mpz_init_set(clone->d, this->d);
558 mpz_init_set(clone->exp1, this->exp1);
559 mpz_init_set(clone->exp2, this->exp2);
560 mpz_init_set(clone->coeff, this->coeff);
561 clone->k = this->k;
562
563 return &clone->public;
564 }
565
566 /**
567 * Implementation of rsa_private_key.destroy.
568 */
569 static void destroy(private_rsa_private_key_t *this)
570 {
571 mpz_clear(this->n);
572 mpz_clear(this->e);
573 mpz_clear(this->p);
574 mpz_clear(this->q);
575 mpz_clear(this->d);
576 mpz_clear(this->exp1);
577 mpz_clear(this->exp2);
578 mpz_clear(this->coeff);
579 free(this);
580 }
581
582 /**
583 * Internal generic constructor
584 */
585 static private_rsa_private_key_t *rsa_private_key_create_empty()
586 {
587 private_rsa_private_key_t *this = malloc_thing(private_rsa_private_key_t);
588
589 /* public functions */
590 this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature;
591 this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key;
592 this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key;
593 this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key;
594 this->public.belongs_to = (bool (*) (rsa_private_key_t*,rsa_public_key_t*))belongs_to;
595 this->public.clone = (rsa_private_key_t*(*)(rsa_private_key_t*))_clone;
596 this->public.destroy = (void (*) (rsa_private_key_t*))destroy;
597
598 /* private functions */
599 this->rsadp = rsadp;
600 this->rsasp1 = rsadp; /* same algorithm */
601 this->compute_prime = compute_prime;
602
603 return this;
604 }
605
606 /*
607 * See header
608 */
609 rsa_private_key_t *rsa_private_key_create(size_t key_size)
610 {
611 mpz_t p, q, n, e, d, exp1, exp2, coeff;
612 mpz_t m, q1, t;
613 private_rsa_private_key_t *this;
614
615 this = rsa_private_key_create_empty();
616 key_size = key_size / 8;
617
618 /* Get values of primes p and q */
619 if (this->compute_prime(this, key_size/2, &p) != SUCCESS)
620 {
621 free(this);
622 return NULL;
623 }
624 if (this->compute_prime(this, key_size/2, &q) != SUCCESS)
625 {
626 mpz_clear(p);
627 free(this);
628 return NULL;
629 }
630
631
632 mpz_init(t);
633 mpz_init(n);
634 mpz_init(d);
635 mpz_init(exp1);
636 mpz_init(exp2);
637 mpz_init(coeff);
638
639
640 /* Swapping Primes so p is larger then q */
641 if (mpz_cmp(p, q) < 0)
642 {
643 mpz_set(t, p);
644 mpz_set(p, q);
645 mpz_set(q, t);
646 }
647
648 mpz_mul(n, p, q); /* n = p*q */
649 mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */
650 mpz_init_set(m, p); /* m = p */
651 mpz_sub_ui(m, m, 1); /* m = m -1 */
652 mpz_init_set(q1, q); /* q1 = q */
653 mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */
654 mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */
655 mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */
656 mpz_divexact(m, m, t); /* m = m / t */
657 mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */
658
659 mpz_invert(d, e, m); /* e has an inverse mod m */
660 if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */
661 {
662 mpz_add(d, d, m);
663 }
664 mpz_sub_ui(t, p, 1); /* t = p-1 */
665 mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */
666 mpz_sub_ui(t, q, 1); /* t = q-1 */
667 mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */
668
669 mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */
670 if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */
671 {
672 mpz_add(coeff, coeff, p);
673 }
674
675 mpz_clear(q1);
676 mpz_clear(m);
677 mpz_clear(t);
678
679 /* apply values */
680 *(this->p) = *p;
681 *(this->q) = *q;
682 *(this->n) = *n;
683 *(this->e) = *e;
684 *(this->d) = *d;
685 *(this->exp1) = *exp1;
686 *(this->exp2) = *exp2;
687 *(this->coeff) = *coeff;
688
689 /* set key size in bytes */
690 this->k = key_size;
691
692 return &this->public;
693 }
694
695 #ifdef NEW_ASN1
696 /*
697 * see header
698 */
699 rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t chunk)
700 {
701 private_rsa_private_key_t *this;
702 der_decoder_t *dd;
703 status_t status;
704
705 this = rsa_private_key_create_empty();
706
707 mpz_init(this->n);
708 mpz_init(this->e);
709 mpz_init(this->p);
710 mpz_init(this->q);
711 mpz_init(this->d);
712 mpz_init(this->exp1);
713 mpz_init(this->exp2);
714 mpz_init(this->coeff);
715
716 dd = der_decoder_create(rsa_private_key_rules);
717 status = dd->decode(dd, chunk, this);
718 dd->destroy(dd);
719 if (status != SUCCESS)
720 {
721 destroy(this);
722 return NULL;
723 }
724 this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
725
726 if (check(this) != SUCCESS)
727 {
728 destroy(this);
729 return NULL;
730 }
731 else
732 {
733 return &this->public;
734 }
735 }
736 #else
737 /*
738 * see header
739 */
740 rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t blob)
741 {
742 asn1_ctx_t ctx;
743 chunk_t object;
744 u_int level;
745 int objectID = 0;
746 private_rsa_private_key_t *this;
747
748 this = rsa_private_key_create_empty();
749
750 mpz_init(this->n);
751 mpz_init(this->e);
752 mpz_init(this->p);
753 mpz_init(this->q);
754 mpz_init(this->d);
755 mpz_init(this->exp1);
756 mpz_init(this->exp2);
757 mpz_init(this->coeff);
758
759 asn1_init(&ctx, blob, 0, FALSE);
760
761 while (objectID < PKCS1_PRIV_KEY_ROOF)
762 {
763 if (!extract_object(privkeyObjects, &objectID, &object, &level, &ctx))
764 {
765 destroy(this);
766 return FALSE;
767 }
768 if (objectID == PKCS1_PRIV_KEY_VERSION)
769 {
770 if (object.len > 0 && *object.ptr != 0)
771 {
772 destroy(this);
773 return NULL;
774 }
775 }
776 else if (objectID >= PKCS1_PRIV_KEY_MODULUS &&
777 objectID <= PKCS1_PRIV_KEY_COEFF)
778 {
779 mpz_t *u = (mpz_t *) ((char *)this
780 + RSA_private_field[objectID - PKCS1_PRIV_KEY_MODULUS].offset);
781
782 mpz_import(*u, object.len, 1, 1, 1, 0, object.ptr);
783 }
784 objectID++;
785 }
786
787 this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
788
789 if (check(this) != SUCCESS)
790 {
791 destroy(this);
792 return NULL;
793 }
794 else
795 {
796 return &this->public;
797 }
798 }
799 #endif
800
801 /*
802 * see header
803 * TODO: PEM files
804 */
805 rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase)
806 {
807 chunk_t chunk;
808 struct stat stb;
809 FILE *file;
810 char *buffer;
811
812 if (stat(filename, &stb) == -1)
813 {
814 return NULL;
815 }
816
817 buffer = alloca(stb.st_size);
818
819 file = fopen(filename, "r");
820 if (file == NULL)
821 {
822 return NULL;
823 }
824
825 if (fread(buffer, stb.st_size, 1, file) != 1)
826 {
827 fclose(file);
828 return NULL;
829 }
830 fclose(file);
831
832 chunk.ptr = buffer;
833 chunk.len = stb.st_size;
834
835 return rsa_private_key_create_from_chunk(chunk);
836 }