- x509 certificate loading with pluto asn1 code
[strongswan.git] / Source / lib / crypto / rsa / rsa_public_key.c
1 /**
2 * @file rsa_public_key.c
3 *
4 * @brief Implementation of rsa_public_key_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <gmp.h>
24 #include <sys/stat.h>
25 #include <unistd.h>
26 #include <string.h>
27
28 #include "rsa_public_key.h"
29
30 #include <daemon.h>
31 #include <crypto/hashers/hasher.h>
32 #include <asn1/asn1.h>
33
34 /*
35 * For simplicity,
36 * we use these predefined values for
37 * hash algorithm OIDs. These also contain
38 * the length of the following hash.
39 * These values are also used in rsa_private_key.c.
40 * TODO: We may move them in asn1 sometime...
41 */
42
43 u_int8_t md2_oid[] = {
44 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
45 0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,
46 0x04,0x10
47 };
48
49 u_int8_t md5_oid[] = {
50 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
51 0x48,0x86,0xf7,0x0d,0x02,0x05,0x05,0x00,
52 0x04,0x10
53 };
54
55 u_int8_t sha1_oid[] = {
56 0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0e,
57 0x03,0x02,0x1a,0x05,0x00,0x04,0x14
58 };
59
60 u_int8_t sha256_oid[] = {
61 0x30,0x31,0x30,0x0d,0x06,0x09,0x60,0x86,
62 0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05,
63 0x00,0x04,0x20
64 };
65
66 u_int8_t sha384_oid[] = {
67 0x30,0x41,0x30,0x0d,0x06,0x09,0x60,0x86,
68 0x48,0x01,0x65,0x03,0x04,0x02,0x02,0x05,
69 0x00,0x04,0x30
70 };
71
72 u_int8_t sha512_oid[] = {
73 0x30,0x51,0x30,0x0d,0x06,0x09,0x60,0x86,
74 0x48,0x01,0x65,0x03,0x04,0x02,0x03,0x05,
75 0x00,0x04,0x40
76 };
77
78 /* ASN.1 definition public key */
79 static const asn1Object_t pubkey_objects[] = {
80 { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
81 { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */
82 { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */
83 };
84
85 #define PUB_KEY_RSA_PUBLIC_KEY 0
86 #define PUB_KEY_MODULUS 1
87 #define PUB_KEY_EXPONENT 2
88 #define PUB_KEY_ROOF 3
89
90 typedef struct private_rsa_public_key_t private_rsa_public_key_t;
91
92 /**
93 * Private data structure with signing context.
94 */
95 struct private_rsa_public_key_t {
96 /**
97 * Public interface for this signer.
98 */
99 rsa_public_key_t public;
100
101 /**
102 * Public modulus.
103 */
104 mpz_t n;
105
106 /**
107 * Public exponent.
108 */
109 mpz_t e;
110
111 /**
112 * Keysize in bytes.
113 */
114 size_t k;
115
116 /**
117 * @brief Implements the RSAEP algorithm specified in PKCS#1.
118 *
119 * @param this calling object
120 * @param data data to process
121 * @return processed data
122 */
123 chunk_t (*rsaep) (private_rsa_public_key_t *this, chunk_t data);
124
125 /**
126 * @brief Implements the RSASVP1 algorithm specified in PKCS#1.
127 *
128 * @param this calling object
129 * @param data data to process
130 * @return processed data
131 */
132 chunk_t (*rsavp1) (private_rsa_public_key_t *this, chunk_t data);
133 };
134
135
136 typedef struct rsa_public_key_info_t rsa_public_key_info_t;
137
138 /**
139 * KeyInfo, as it appears in a public key file
140 */
141 struct rsa_public_key_info_t {
142 /**
143 * Algorithm for this key
144 */
145 chunk_t algorithm_oid;
146
147 /**
148 * Public key, parseable with rsa_public_key_rules
149 */
150 chunk_t public_key;
151 };
152
153 private_rsa_public_key_t *rsa_public_key_create_empty();
154
155 /**
156 * Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1
157 */
158 static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
159 {
160 mpz_t m, c;
161 chunk_t encrypted;
162
163 mpz_init(c);
164 mpz_init(m);
165
166 mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
167
168 mpz_powm(c, m, this->e, this->n);
169
170 encrypted.len = this->k;
171 encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
172
173 mpz_clear(c);
174 mpz_clear(m);
175
176 return encrypted;
177 }
178
179 /**
180 * Implementation of rsa_public_key.verify_emsa_pkcs1_signature.
181 */
182 static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature)
183 {
184 hasher_t *hasher = NULL;
185 chunk_t hash;
186 chunk_t em;
187 u_int8_t *pos;
188
189 if (signature.len > this->k)
190 {
191 return INVALID_ARG;
192 }
193
194 /* unpack signature */
195 em = this->rsavp1(this, signature);
196
197 /* result should look like this:
198 * EM = 0x00 || 0x01 || PS || 0x00 || T.
199 * PS = 0xFF padding, with length to fill em
200 * T = oid || hash
201 */
202
203 /* check magic bytes */
204 if ((*(em.ptr) != 0x00) ||
205 (*(em.ptr+1) != 0x01))
206 {
207 free(em.ptr);
208 return FAILED;
209 }
210
211 /* find magic 0x00 */
212 pos = em.ptr + 2;
213 while (pos <= em.ptr + em.len)
214 {
215 if (*pos == 0x00)
216 {
217 /* found magic byte, stop */
218 pos++;
219 break;
220 }
221 else if (*pos != 0xFF)
222 {
223 /* bad padding, decryption failed ?!*/
224 free(em.ptr);
225 return FAILED;
226 }
227 pos++;
228 }
229
230 if (pos + 20 > em.ptr + em.len)
231 {
232 /* not enought room for oid compare */
233 free(em.ptr);
234 return FAILED;
235 }
236
237 if (memcmp(md2_oid, pos, sizeof(md2_oid)) == 0)
238 {
239 hasher = hasher_create(HASH_MD2);
240 pos += sizeof(md2_oid);
241 }
242 else if (memcmp(md5_oid, pos, sizeof(md5_oid)) == 0)
243 {
244 hasher = hasher_create(HASH_MD5);
245 pos += sizeof(md5_oid);
246 }
247 else if (memcmp(sha1_oid, pos, sizeof(sha1_oid)) == 0)
248 {
249 hasher = hasher_create(HASH_SHA1);
250 pos += sizeof(sha1_oid);
251 }
252 else if (memcmp(sha256_oid, pos, sizeof(sha256_oid)) == 0)
253 {
254 hasher = hasher_create(HASH_SHA256);
255 pos += sizeof(sha256_oid);
256 }
257 else if (memcmp(sha384_oid, pos, sizeof(sha384_oid)) == 0)
258 {
259 hasher = hasher_create(HASH_SHA384);
260 pos += sizeof(sha384_oid);
261 }
262 else if (memcmp(sha512_oid, pos, sizeof(sha512_oid)) == 0)
263 {
264 hasher = hasher_create(HASH_SHA512);
265 pos += sizeof(sha512_oid);
266 }
267
268 if (hasher == NULL)
269 {
270 /* not supported hash algorithm */
271 free(em.ptr);
272 return NOT_SUPPORTED;
273 }
274
275 if (pos + hasher->get_block_size(hasher) != em.ptr + em.len)
276 {
277 /* bad length */
278 free(em.ptr);
279 hasher->destroy(hasher);
280 return FAILED;
281 }
282
283 /* build own hash for a compare */
284 hasher->allocate_hash(hasher, data, &hash);
285 hasher->destroy(hasher);
286
287 if (memcmp(hash.ptr, pos, hash.len) != 0)
288 {
289 /* hash does not equal */
290 free(hash.ptr);
291 free(em.ptr);
292 return FAILED;
293
294 }
295
296 /* seems good */
297 free(hash.ptr);
298 free(em.ptr);
299 return SUCCESS;
300 }
301
302 /**
303 * Implementation of rsa_public_key.get_key.
304 */
305 static status_t get_key(private_rsa_public_key_t *this, chunk_t *key)
306 {
307 chunk_t n, e;
308
309 n.len = this->k;
310 n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
311 e.len = this->k;
312 e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
313
314 key->len = this->k * 2;
315 key->ptr = malloc(key->len);
316 memcpy(key->ptr, n.ptr, n.len);
317 memcpy(key->ptr + n.len, e.ptr, e.len);
318 free(n.ptr);
319 free(e.ptr);
320
321 return SUCCESS;
322 }
323
324 /**
325 * Implementation of rsa_public_key.save_key.
326 */
327 static status_t save_key(private_rsa_public_key_t *this, char *file)
328 {
329 return NOT_SUPPORTED;
330 }
331
332 /**
333 * Implementation of rsa_public_key.get_modulus.
334 */
335 static mpz_t *get_modulus(private_rsa_public_key_t *this)
336 {
337 return &this->n;
338 }
339
340 /**
341 * Implementation of rsa_public_key.clone.
342 */
343 static rsa_public_key_t* _clone(private_rsa_public_key_t *this)
344 {
345 private_rsa_public_key_t *clone = rsa_public_key_create_empty();
346
347 mpz_init_set(clone->n, this->n);
348 mpz_init_set(clone->e, this->e);
349 clone->k = this->k;
350
351 return &clone->public;
352 }
353
354 /**
355 * Implementation of rsa_public_key.destroy.
356 */
357 static void destroy(private_rsa_public_key_t *this)
358 {
359 mpz_clear(this->n);
360 mpz_clear(this->e);
361 free(this);
362 }
363
364 /**
365 * Generic private constructor
366 */
367 private_rsa_public_key_t *rsa_public_key_create_empty()
368 {
369 private_rsa_public_key_t *this = malloc_thing(private_rsa_public_key_t);
370
371 /* public functions */
372 this->public.verify_emsa_pkcs1_signature = (status_t (*) (rsa_public_key_t*,chunk_t,chunk_t))verify_emsa_pkcs1_signature;
373 this->public.get_key = (status_t (*) (rsa_public_key_t*,chunk_t*))get_key;
374 this->public.save_key = (status_t (*) (rsa_public_key_t*,char*))save_key;
375 this->public.get_modulus = (mpz_t *(*) (rsa_public_key_t*))get_modulus;
376 this->public.clone = (rsa_public_key_t* (*) (rsa_public_key_t*))_clone;
377 this->public.destroy = (void (*) (rsa_public_key_t*))destroy;
378
379 /* private functions */
380 this->rsaep = rsaep;
381 this->rsavp1 = rsaep; /* same algorithm */
382
383 return this;
384 }
385
386 /*
387 * See header
388 */
389 rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t blob)
390 {
391 asn1_ctx_t ctx;
392 chunk_t object;
393 u_int level;
394 int objectID = 0;
395 private_rsa_public_key_t *this;
396
397 this = rsa_public_key_create_empty();
398 mpz_init(this->n);
399 mpz_init(this->e);
400
401 asn1_init(&ctx, blob, 0, FALSE);
402
403 while (objectID < PUB_KEY_ROOF)
404 {
405 if (!extract_object(pubkey_objects, &objectID, &object, &level, &ctx))
406 {
407 destroy(this);
408 return FALSE;
409 }
410 switch (objectID)
411 {
412 case PUB_KEY_MODULUS:
413 mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
414 break;
415 case PUB_KEY_EXPONENT:
416 mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
417 break;
418 }
419 objectID++;
420 }
421
422 this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
423 return &this->public;
424 }
425
426 /*
427 * See header
428 */
429 rsa_public_key_t *rsa_public_key_create_from_file(char *filename)
430 {
431 struct stat stb;
432 FILE *file;
433 char *buffer;
434 chunk_t chunk;
435
436 if (stat(filename, &stb) == -1)
437 {
438 return NULL;
439 }
440
441 buffer = alloca(stb.st_size);
442
443 file = fopen(filename, "r");
444 if (file == NULL)
445 {
446 return NULL;
447 }
448
449 if (fread(buffer, stb.st_size, 1, file) != 1)
450 {
451 return NULL;
452 }
453
454 chunk.ptr = buffer;
455 chunk.len = stb.st_size;
456
457 return rsa_public_key_create_from_chunk(chunk);
458 }