computation of SHA-1 hash over publicKeyInfo object
[strongswan.git] / src / libstrongswan / crypto / rsa / rsa_private_key.c
1 /**
2 * @file rsa_private_key.c
3 *
4 * @brief Implementation of rsa_private_key_t.
5 *
6 */
7
8 /*
9 * Copyright (C) 2005 Jan Hutter, Martin Willi
10 * Hochschule fuer Technik Rapperswil
11 *
12 * This program is free software; you can redistribute it and/or modify it
13 * under the terms of the GNU General Public License as published by the
14 * Free Software Foundation; either version 2 of the License, or (at your
15 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
19 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
20 * for more details.
21 */
22
23 #include <gmp.h>
24 #include <sys/stat.h>
25 #include <unistd.h>
26 #include <string.h>
27
28 #include "rsa_public_key.h"
29 #include "rsa_private_key.h"
30
31 #include <asn1/asn1.h>
32 #include <asn1/pem.h>
33 #include <utils/randomizer.h>
34
35 /**
36 * OIDs for hash algorithms are defined in rsa_public_key.c.
37 */
38 extern u_int8_t md2_oid[18];
39 extern u_int8_t md5_oid[18];
40 extern u_int8_t sha1_oid[15];
41 extern u_int8_t sha256_oid[19];
42 extern u_int8_t sha384_oid[19];
43 extern u_int8_t sha512_oid[19];
44
45
46 /**
47 * Public exponent to use for key generation.
48 */
49 #define PUBLIC_EXPONENT 0x10001
50
51
52 typedef struct private_rsa_private_key_t private_rsa_private_key_t;
53
54 /**
55 * Private data of a rsa_private_key_t object.
56 */
57 struct private_rsa_private_key_t {
58 /**
59 * Public interface for this signer.
60 */
61 rsa_private_key_t public;
62
63 /**
64 * Version of key, as encoded in PKCS#1
65 */
66 u_int version;
67
68 /**
69 * Public modulus.
70 */
71 mpz_t n;
72
73 /**
74 * Public exponent.
75 */
76 mpz_t e;
77
78 /**
79 * Private prime 1.
80 */
81 mpz_t p;
82
83 /**
84 * Private Prime 2.
85 */
86 mpz_t q;
87
88 /**
89 * Private exponent.
90 */
91 mpz_t d;
92
93 /**
94 * Private exponent 1.
95 */
96 mpz_t exp1;
97
98 /**
99 * Private exponent 2.
100 */
101 mpz_t exp2;
102
103 /**
104 * Private coefficient.
105 */
106 mpz_t coeff;
107
108 /**
109 * Keysize in bytes.
110 */
111 size_t k;
112
113 /**
114 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
115 */
116 chunk_t keyid;
117
118
119 /**
120 * @brief Implements the RSADP algorithm specified in PKCS#1.
121 *
122 * @param this calling object
123 * @param data data to process
124 * @return processed data
125 */
126 chunk_t (*rsadp) (private_rsa_private_key_t *this, chunk_t data);
127
128 /**
129 * @brief Implements the RSASP1 algorithm specified in PKCS#1.
130 * @param this calling object
131 * @param data data to process
132 * @return processed data
133 */
134 chunk_t (*rsasp1) (private_rsa_private_key_t *this, chunk_t data);
135
136 /**
137 * @brief Generate a prime value.
138 *
139 * @param this calling object
140 * @param prime_size size of the prime, in bytes
141 * @param[out] prime uninitialized mpz
142 */
143 status_t (*compute_prime) (private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime);
144
145 };
146
147 /* ASN.1 definition of a PKCS#1 RSA private key */
148 static const asn1Object_t privkey_objects[] = {
149 { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
150 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
151 { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
152 { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
153 { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
154 { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
155 { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
156 { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
157 { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
158 { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
159 { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
160 ASN1_LOOP }, /* 10 */
161 { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
162 { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
163 { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
164 { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
165 { 1, "end opt or loop", ASN1_EOC, ASN1_END } /* 15 */
166 };
167
168 #define PRIV_KEY_VERSION 1
169 #define PRIV_KEY_MODULUS 2
170 #define PRIV_KEY_PUB_EXP 3
171 #define PRIV_KEY_PRIV_EXP 4
172 #define PRIV_KEY_PRIME1 5
173 #define PRIV_KEY_PRIME2 6
174 #define PRIV_KEY_EXP1 7
175 #define PRIV_KEY_EXP2 8
176 #define PRIV_KEY_COEFF 9
177 #define PRIV_KEY_ROOF 16
178
179 static private_rsa_private_key_t *rsa_private_key_create_empty(void);
180
181 /**
182 * Implementation of private_rsa_private_key_t.compute_prime.
183 */
184 static status_t compute_prime(private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime)
185 {
186 randomizer_t *randomizer;
187 chunk_t random_bytes;
188 status_t status;
189
190 randomizer = randomizer_create();
191 mpz_init(*prime);
192
193 do
194 {
195 status = randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes);
196 if (status != SUCCESS)
197 {
198 randomizer->destroy(randomizer);
199 mpz_clear(*prime);
200 return FAILED;
201 }
202
203 /* make sure most significant bit is set */
204 random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
205
206 /* convert chunk to mpz value */
207 mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
208
209 /* get next prime */
210 mpz_nextprime (*prime, *prime);
211
212 free(random_bytes.ptr);
213 }
214 /* check if it isnt too large */
215 while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
216
217 randomizer->destroy(randomizer);
218 return SUCCESS;
219 }
220
221 /**
222 * Implementation of private_rsa_private_key_t.rsadp and private_rsa_private_key_t.rsasp1.
223 */
224 static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data)
225 {
226 mpz_t t1, t2;
227 chunk_t decrypted;
228
229 mpz_init(t1);
230 mpz_init(t2);
231
232 mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
233
234 mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
235 mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
236 mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
237 mpz_mod(t2, t2, this->p);
238 mpz_mul(t2, t2, this->coeff);
239 mpz_mod(t2, t2, this->p);
240
241 mpz_mul(t2, t2, this->q); /* m = m2 + h q */
242 mpz_add(t1, t1, t2);
243
244 decrypted.len = this->k;
245 decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
246
247 mpz_clear(t1);
248 mpz_clear(t2);
249
250 return decrypted;
251 }
252
253 /**
254 * Implementation of rsa_private_key.build_emsa_signature.
255 */
256 static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature)
257 {
258 hasher_t *hasher;
259 chunk_t hash;
260 chunk_t em;
261 chunk_t oid;
262
263 /* get oid string prepended to hash */
264 switch (hash_algorithm)
265 {
266 case HASH_MD2:
267 {
268 oid.ptr = md2_oid;
269 oid.len = sizeof(md2_oid);
270 break;
271 }
272 case HASH_MD5:
273 {
274 oid.ptr = md5_oid;
275 oid.len = sizeof(md5_oid);
276 break;
277 }
278 case HASH_SHA1:
279 {
280 oid.ptr = sha1_oid;
281 oid.len = sizeof(sha1_oid);
282 break;
283 }
284 case HASH_SHA256:
285 {
286 oid.ptr = sha256_oid;
287 oid.len = sizeof(sha256_oid);
288 break;
289 }
290 case HASH_SHA384:
291 {
292 oid.ptr = sha384_oid;
293 oid.len = sizeof(sha384_oid);
294 break;
295 }
296 case HASH_SHA512:
297 {
298 oid.ptr = sha512_oid;
299 oid.len = sizeof(sha512_oid);
300 break;
301 }
302 default:
303 {
304 return NOT_SUPPORTED;
305 }
306 }
307
308 /* get hasher */
309 hasher = hasher_create(hash_algorithm);
310 if (hasher == NULL)
311 {
312 return NOT_SUPPORTED;
313 }
314
315 /* build hash */
316 hasher->allocate_hash(hasher, data, &hash);
317 hasher->destroy(hasher);
318
319 /* build chunk to rsa-decrypt:
320 * EM = 0x00 || 0x01 || PS || 0x00 || T.
321 * PS = 0xFF padding, with length to fill em
322 * T = oid || hash
323 */
324 em.len = this->k;
325 em.ptr = malloc(em.len);
326
327 /* fill em with padding */
328 memset(em.ptr, 0xFF, em.len);
329 /* set magic bytes */
330 *(em.ptr) = 0x00;
331 *(em.ptr+1) = 0x01;
332 *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00;
333 /* set hash */
334 memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len);
335 /* set oid */
336 memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len);
337
338 /* build signature */
339 *signature = this->rsasp1(this, em);
340
341 free(hash.ptr);
342 free(em.ptr);
343
344 return SUCCESS;
345 }
346
347 /**
348 * Implementation of rsa_private_key.get_key.
349 */
350 static status_t get_key(private_rsa_private_key_t *this, chunk_t *key)
351 {
352 chunk_t n, e, p, q, d, exp1, exp2, coeff;
353
354 n.len = this->k;
355 n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
356 e.len = this->k;
357 e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
358 p.len = this->k;
359 p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p);
360 q.len = this->k;
361 q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q);
362 d.len = this->k;
363 d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d);
364 exp1.len = this->k;
365 exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1);
366 exp2.len = this->k;
367 exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2);
368 coeff.len = this->k;
369 coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff);
370
371 key->len = this->k * 8;
372 key->ptr = malloc(key->len);
373 memcpy(key->ptr + this->k * 0, n.ptr , n.len);
374 memcpy(key->ptr + this->k * 1, e.ptr, e.len);
375 memcpy(key->ptr + this->k * 2, p.ptr, p.len);
376 memcpy(key->ptr + this->k * 3, q.ptr, q.len);
377 memcpy(key->ptr + this->k * 4, d.ptr, d.len);
378 memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len);
379 memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len);
380 memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len);
381
382 free(n.ptr);
383 free(e.ptr);
384 free(p.ptr);
385 free(q.ptr);
386 free(d.ptr);
387 free(exp1.ptr);
388 free(exp2.ptr);
389 free(coeff.ptr);
390
391 return SUCCESS;
392 }
393
394 /**
395 * Implementation of rsa_private_key.save_key.
396 */
397 static status_t save_key(private_rsa_private_key_t *this, char *file)
398 {
399 return NOT_SUPPORTED;
400 }
401
402 /**
403 * Implementation of rsa_private_key.get_public_key.
404 */
405 rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
406 {
407 return NULL;
408 }
409
410 /**
411 * Implementation of rsa_private_key.belongs_to.
412 */
413 static bool belongs_to(private_rsa_private_key_t *this, rsa_public_key_t *public)
414 {
415 return chunk_equals(this->keyid, public->get_keyid(public));
416 }
417
418 /**
419 * Check the loaded key if it is valid and usable
420 * TODO: Log errors
421 */
422 static status_t check(private_rsa_private_key_t *this)
423 {
424 mpz_t t, u, q1;
425 status_t status = SUCCESS;
426
427 /* PKCS#1 1.5 section 6 requires modulus to have at least 12 octets.
428 * We actually require more (for security).
429 */
430 if (this->k < 512/8)
431 {
432 return FAILED;
433 }
434
435 /* we picked a max modulus size to simplify buffer allocation */
436 if (this->k > 8192/8)
437 {
438 return FAILED;
439 }
440
441 mpz_init(t);
442 mpz_init(u);
443 mpz_init(q1);
444
445 /* check that n == p * q */
446 mpz_mul(u, this->p, this->q);
447 if (mpz_cmp(u, this->n) != 0)
448 {
449 status = FAILED;
450 }
451
452 /* check that e divides neither p-1 nor q-1 */
453 mpz_sub_ui(t, this->p, 1);
454 mpz_mod(t, t, this->e);
455 if (mpz_cmp_ui(t, 0) == 0)
456 {
457 status = FAILED;
458 }
459
460 mpz_sub_ui(t, this->q, 1);
461 mpz_mod(t, t, this->e);
462 if (mpz_cmp_ui(t, 0) == 0)
463 {
464 status = FAILED;
465 }
466
467 /* check that d is e^-1 (mod lcm(p-1, q-1)) */
468 /* see PKCS#1v2, aka RFC 2437, for the "lcm" */
469 mpz_sub_ui(q1, this->q, 1);
470 mpz_sub_ui(u, this->p, 1);
471 mpz_gcd(t, u, q1); /* t := gcd(p-1, q-1) */
472 mpz_mul(u, u, q1); /* u := (p-1) * (q-1) */
473 mpz_divexact(u, u, t); /* u := lcm(p-1, q-1) */
474
475 mpz_mul(t, this->d, this->e);
476 mpz_mod(t, t, u);
477 if (mpz_cmp_ui(t, 1) != 0)
478 {
479 status = FAILED;
480 }
481
482 /* check that exp1 is d mod (p-1) */
483 mpz_sub_ui(u, this->p, 1);
484 mpz_mod(t, this->d, u);
485 if (mpz_cmp(t, this->exp1) != 0)
486 {
487 status = FAILED;
488 }
489
490 /* check that exp2 is d mod (q-1) */
491 mpz_sub_ui(u, this->q, 1);
492 mpz_mod(t, this->d, u);
493 if (mpz_cmp(t, this->exp2) != 0)
494 {
495 status = FAILED;
496 }
497
498 /* check that coeff is (q^-1) mod p */
499 mpz_mul(t, this->coeff, this->q);
500 mpz_mod(t, t, this->p);
501 if (mpz_cmp_ui(t, 1) != 0)
502 {
503 status = FAILED;
504 }
505
506 mpz_clear(t);
507 mpz_clear(u);
508 mpz_clear(q1);
509 return status;
510 }
511
512 /**
513 * Implementation of rsa_private_key.clone.
514 */
515 static rsa_private_key_t* _clone(private_rsa_private_key_t *this)
516 {
517 private_rsa_private_key_t *clone = rsa_private_key_create_empty();
518
519 mpz_init_set(clone->n, this->n);
520 mpz_init_set(clone->e, this->e);
521 mpz_init_set(clone->p, this->p);
522 mpz_init_set(clone->q, this->q);
523 mpz_init_set(clone->d, this->d);
524 mpz_init_set(clone->exp1, this->exp1);
525 mpz_init_set(clone->exp2, this->exp2);
526 mpz_init_set(clone->coeff, this->coeff);
527 clone->keyid = chunk_clone(this->keyid);
528 clone->k = this->k;
529
530 return &clone->public;
531 }
532
533 /**
534 * Implementation of rsa_private_key.destroy.
535 */
536 static void destroy(private_rsa_private_key_t *this)
537 {
538 mpz_clear(this->n);
539 mpz_clear(this->e);
540 mpz_clear(this->p);
541 mpz_clear(this->q);
542 mpz_clear(this->d);
543 mpz_clear(this->exp1);
544 mpz_clear(this->exp2);
545 mpz_clear(this->coeff);
546 free(this->keyid.ptr);
547 free(this);
548 }
549
550 /**
551 * Internal generic constructor
552 */
553 static private_rsa_private_key_t *rsa_private_key_create_empty(void)
554 {
555 private_rsa_private_key_t *this = malloc_thing(private_rsa_private_key_t);
556
557 /* public functions */
558 this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature;
559 this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key;
560 this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key;
561 this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key;
562 this->public.belongs_to = (bool (*) (rsa_private_key_t*,rsa_public_key_t*))belongs_to;
563 this->public.clone = (rsa_private_key_t*(*)(rsa_private_key_t*))_clone;
564 this->public.destroy = (void (*) (rsa_private_key_t*))destroy;
565
566 /* private functions */
567 this->rsadp = rsadp;
568 this->rsasp1 = rsadp; /* same algorithm */
569 this->compute_prime = compute_prime;
570
571 return this;
572 }
573
574 /*
575 * See header
576 */
577 rsa_private_key_t *rsa_private_key_create(size_t key_size)
578 {
579 mpz_t p, q, n, e, d, exp1, exp2, coeff;
580 mpz_t m, q1, t;
581 private_rsa_private_key_t *this;
582
583 this = rsa_private_key_create_empty();
584 key_size = key_size / 8;
585
586 /* Get values of primes p and q */
587 if (this->compute_prime(this, key_size/2, &p) != SUCCESS)
588 {
589 free(this);
590 return NULL;
591 }
592 if (this->compute_prime(this, key_size/2, &q) != SUCCESS)
593 {
594 mpz_clear(p);
595 free(this);
596 return NULL;
597 }
598
599 mpz_init(t);
600 mpz_init(n);
601 mpz_init(d);
602 mpz_init(exp1);
603 mpz_init(exp2);
604 mpz_init(coeff);
605
606 /* Swapping Primes so p is larger then q */
607 if (mpz_cmp(p, q) < 0)
608 {
609 mpz_set(t, p);
610 mpz_set(p, q);
611 mpz_set(q, t);
612 }
613
614 mpz_mul(n, p, q); /* n = p*q */
615 mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */
616 mpz_init_set(m, p); /* m = p */
617 mpz_sub_ui(m, m, 1); /* m = m -1 */
618 mpz_init_set(q1, q); /* q1 = q */
619 mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */
620 mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */
621 mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */
622 mpz_divexact(m, m, t); /* m = m / t */
623 mpz_gcd(t, m, e); /* t = gcd(m, e) (greatest common divisor) */
624
625 mpz_invert(d, e, m); /* e has an inverse mod m */
626 if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */
627 {
628 mpz_add(d, d, m);
629 }
630 mpz_sub_ui(t, p, 1); /* t = p-1 */
631 mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */
632 mpz_sub_ui(t, q, 1); /* t = q-1 */
633 mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */
634
635 mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */
636 if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */
637 {
638 mpz_add(coeff, coeff, p);
639 }
640
641 mpz_clear(q1);
642 mpz_clear(m);
643 mpz_clear(t);
644
645 /* apply values */
646 *(this->p) = *p;
647 *(this->q) = *q;
648 *(this->n) = *n;
649 *(this->e) = *e;
650 *(this->d) = *d;
651 *(this->exp1) = *exp1;
652 *(this->exp2) = *exp2;
653 *(this->coeff) = *coeff;
654
655 /* set key size in bytes */
656 this->k = key_size;
657
658 return &this->public;
659 }
660
661 /*
662 * see header
663 */
664 rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t blob)
665 {
666 asn1_ctx_t ctx;
667 chunk_t object;
668 u_int level;
669 int objectID = 0;
670 private_rsa_private_key_t *this;
671
672 this = rsa_private_key_create_empty();
673
674 mpz_init(this->n);
675 mpz_init(this->e);
676 mpz_init(this->p);
677 mpz_init(this->q);
678 mpz_init(this->d);
679 mpz_init(this->exp1);
680 mpz_init(this->exp2);
681 mpz_init(this->coeff);
682
683 asn1_init(&ctx, blob, 0, FALSE);
684
685 while (objectID < PRIV_KEY_ROOF)
686 {
687 if (!extract_object(privkey_objects, &objectID, &object, &level, &ctx))
688 {
689 destroy(this);
690 return FALSE;
691 }
692 switch (objectID)
693 {
694 case PRIV_KEY_VERSION:
695 if (object.len > 0 && *object.ptr != 0)
696 {
697 destroy(this);
698 return NULL;
699 }
700 break;
701 case PRIV_KEY_MODULUS:
702 mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
703 break;
704 case PRIV_KEY_PUB_EXP:
705 mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
706 break;
707 case PRIV_KEY_PRIV_EXP:
708 mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr);
709 break;
710 case PRIV_KEY_PRIME1:
711 mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr);
712 break;
713 case PRIV_KEY_PRIME2:
714 mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr);
715 break;
716 case PRIV_KEY_EXP1:
717 mpz_import(this->exp1, object.len, 1, 1, 1, 0, object.ptr);
718 break;
719 case PRIV_KEY_EXP2:
720 mpz_import(this->exp2, object.len, 1, 1, 1, 0, object.ptr);
721 break;
722 case PRIV_KEY_COEFF:
723 mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr);
724 break;
725 }
726 objectID++;
727 }
728
729 this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
730
731 /* form the keyid as a SHA-1 hash of a publicKeyInfo object */
732 {
733 chunk_t publicKeyInfo = rsa_public_key_info_to_asn1(this->n, this->e);
734 hasher_t *hasher = hasher_create(HASH_SHA1);
735
736 hasher->allocate_hash(hasher, publicKeyInfo, &this->keyid);
737 hasher->destroy(hasher);
738 free(publicKeyInfo.ptr);
739 }
740
741 if (check(this) != SUCCESS)
742 {
743 destroy(this);
744 return NULL;
745 }
746 else
747 {
748 return &this->public;
749 }
750 }
751
752 /*
753 * see header
754 */
755 rsa_private_key_t *rsa_private_key_create_from_file(char *filename, char *passphrase)
756 {
757 bool pgp = FALSE;
758 chunk_t chunk = CHUNK_INITIALIZER;
759 rsa_private_key_t *key = NULL;
760
761 if (!pem_asn1_load_file(filename, passphrase, "private key", &chunk, &pgp))
762 return NULL;
763
764 key = rsa_private_key_create_from_chunk(chunk);
765 free(chunk.ptr);
766 return key;
767 }