2bd47c3008c143cd6adf5f8d904090dd6b76b058
[strongswan.git] / src / libstrongswan / plugins / gmp / gmp_rsa_private_key.c
1 /*
2 * Copyright (C) 2005-2008 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 *
16 * $Id$
17 */
18
19 #include <gmp.h>
20 #include <sys/stat.h>
21 #include <unistd.h>
22 #include <string.h>
23
24 #include "gmp_rsa_private_key.h"
25 #include "gmp_rsa_public_key.h"
26
27 #include <debug.h>
28 #include <asn1/oid.h>
29 #include <asn1/asn1.h>
30 #include <asn1/asn1_parser.h>
31
32 /**
33 * Public exponent to use for key generation.
34 */
35 #define PUBLIC_EXPONENT 0x10001
36
37 typedef struct private_gmp_rsa_private_key_t private_gmp_rsa_private_key_t;
38
39 /**
40 * Private data of a gmp_rsa_private_key_t object.
41 */
42 struct private_gmp_rsa_private_key_t {
43 /**
44 * Public interface for this signer.
45 */
46 gmp_rsa_private_key_t public;
47
48 /**
49 * Version of key, as encoded in PKCS#1
50 */
51 u_int version;
52
53 /**
54 * Public modulus.
55 */
56 mpz_t n;
57
58 /**
59 * Public exponent.
60 */
61 mpz_t e;
62
63 /**
64 * Private prime 1.
65 */
66 mpz_t p;
67
68 /**
69 * Private Prime 2.
70 */
71 mpz_t q;
72
73 /**
74 * Private exponent.
75 */
76 mpz_t d;
77
78 /**
79 * Private exponent 1.
80 */
81 mpz_t exp1;
82
83 /**
84 * Private exponent 2.
85 */
86 mpz_t exp2;
87
88 /**
89 * Private coefficient.
90 */
91 mpz_t coeff;
92
93 /**
94 * Keysize in bytes.
95 */
96 size_t k;
97
98 /**
99 * Keyid formed as a SHA-1 hash of a publicKey object
100 */
101 identification_t* keyid;
102
103 /**
104 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
105 */
106 identification_t* keyid_info;
107
108 /**
109 * reference count
110 */
111 refcount_t ref;
112 };
113
114 /**
115 * shared functions, implemented in gmp_rsa_public_key.c
116 */
117 bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid,
118 identification_t **keyid_info);
119 gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e);
120
121 /**
122 * Auxiliary function overwriting private key material with zero bytes
123 */
124 static void mpz_clear_randomized(mpz_t z)
125 {
126 size_t len = mpz_size(z) * GMP_LIMB_BITS / BITS_PER_BYTE;
127 u_int8_t *random = alloca(len);
128
129 memset(random, 0, len);
130 /* overwrite mpz_t with zero bytes before clearing it */
131 mpz_import(z, len, 1, 1, 1, 0, random);
132 mpz_clear(z);
133 }
134
135 /**
136 * Create a mpz prime of at least prime_size
137 */
138 static status_t compute_prime(private_gmp_rsa_private_key_t *this,
139 size_t prime_size, mpz_t *prime)
140 {
141 rng_t *rng;
142 chunk_t random_bytes;
143
144 rng = lib->crypto->create_rng(lib->crypto, RNG_REAL);
145 if (!rng)
146 {
147 DBG1("no RNG of quality %N found", rng_quality_names, RNG_REAL);
148 return FAILED;
149 }
150
151 mpz_init(*prime);
152 do
153 {
154 rng->allocate_bytes(rng, prime_size, &random_bytes);
155 /* make sure most significant bit is set */
156 random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
157
158 mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
159 mpz_nextprime (*prime, *prime);
160 chunk_clear(&random_bytes);
161 }
162 /* check if it isn't too large */
163 while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
164
165 rng->destroy(rng);
166 return SUCCESS;
167 }
168
169 /**
170 * PKCS#1 RSADP function
171 */
172 static chunk_t rsadp(private_gmp_rsa_private_key_t *this, chunk_t data)
173 {
174 mpz_t t1, t2;
175 chunk_t decrypted;
176
177 mpz_init(t1);
178 mpz_init(t2);
179
180 mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
181
182 mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
183 mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
184 mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
185 mpz_mod(t2, t2, this->p);
186 mpz_mul(t2, t2, this->coeff);
187 mpz_mod(t2, t2, this->p);
188
189 mpz_mul(t2, t2, this->q); /* m = m2 + h q */
190 mpz_add(t1, t1, t2);
191
192 decrypted.len = this->k;
193 decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
194
195 mpz_clear_randomized(t1);
196 mpz_clear_randomized(t2);
197
198 return decrypted;
199 }
200
201 /**
202 * PKCS#1 RSASP1 function
203 */
204 static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data)
205 {
206 return rsadp(this, data);
207 }
208
209 /**
210 * Implementation of gmp_rsa_private_key_t.build_emsa_pkcs1_signature.
211 */
212 static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
213 hash_algorithm_t hash_algorithm,
214 chunk_t data, chunk_t *signature)
215 {
216 hasher_t *hasher;
217 chunk_t em, digestInfo, hash;
218 int hash_oid = hasher_algorithm_to_oid(hash_algorithm);
219
220 if (hash_oid == OID_UNKNOWN)
221 {
222 return FALSE;
223 }
224
225 /* get hasher */
226 hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
227 if (hasher == NULL)
228 {
229 return FALSE;
230 }
231
232 /* build hash */
233 hasher->allocate_hash(hasher, data, &hash);
234 hasher->destroy(hasher);
235
236 /* build DER-encoded digestInfo */
237 digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
238 asn1_algorithmIdentifier(hash_oid),
239 asn1_simple_object(ASN1_OCTET_STRING, hash)
240 );
241 chunk_free(&hash);
242
243 /* build chunk to rsa-decrypt:
244 * EM = 0x00 || 0x01 || PS || 0x00 || T.
245 * PS = 0xFF padding, with length to fill em
246 * T = encoded_hash
247 */
248 em.len = this->k;
249 em.ptr = malloc(em.len);
250
251 /* fill em with padding */
252 memset(em.ptr, 0xFF, em.len);
253 /* set magic bytes */
254 *(em.ptr) = 0x00;
255 *(em.ptr+1) = 0x01;
256 *(em.ptr + em.len - digestInfo.len - 1) = 0x00;
257 /* set DER-encoded hash */
258 memcpy(em.ptr + em.len - digestInfo.len, digestInfo.ptr, digestInfo.len);
259
260 /* build signature */
261 *signature = rsasp1(this, em);
262
263 free(digestInfo.ptr);
264 free(em.ptr);
265
266 return TRUE;
267 }
268
269 /**
270 * Implementation of gmp_rsa_private_key.destroy.
271 */
272 static key_type_t get_type(private_gmp_rsa_private_key_t *this)
273 {
274 return KEY_RSA;
275 }
276
277 /**
278 * Implementation of gmp_rsa_private_key.destroy.
279 */
280 static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
281 chunk_t data, chunk_t *signature)
282 {
283 switch (scheme)
284 {
285 case SIGN_DEFAULT:
286 /* default is EMSA-PKCS1 using SHA1 */
287 case SIGN_RSA_EMSA_PKCS1_SHA1:
288 return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
289 case SIGN_RSA_EMSA_PKCS1_SHA256:
290 return build_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
291 case SIGN_RSA_EMSA_PKCS1_SHA384:
292 return build_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
293 case SIGN_RSA_EMSA_PKCS1_SHA512:
294 return build_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
295 case SIGN_RSA_EMSA_PKCS1_MD5:
296 return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
297 default:
298 DBG1("signature scheme %N not supported in RSA",
299 signature_scheme_names, scheme);
300 return FALSE;
301 }
302 }
303
304 /**
305 * Implementation of gmp_rsa_private_key.destroy.
306 */
307 static bool decrypt(private_gmp_rsa_private_key_t *this,
308 chunk_t crypto, chunk_t *plain)
309 {
310 DBG1("RSA private key decryption not implemented");
311 return FALSE;
312 }
313
314 /**
315 * Implementation of gmp_rsa_private_key.destroy.
316 */
317 static size_t get_keysize(private_gmp_rsa_private_key_t *this)
318 {
319 return this->k;
320 }
321
322 /**
323 * Implementation of gmp_rsa_private_key.destroy.
324 */
325 static identification_t* get_id(private_gmp_rsa_private_key_t *this,
326 id_type_t type)
327 {
328 switch (type)
329 {
330 case ID_PUBKEY_INFO_SHA1:
331 return this->keyid_info;
332 case ID_PUBKEY_SHA1:
333 return this->keyid;
334 default:
335 return NULL;
336 }
337 }
338
339 /**
340 * Implementation of gmp_rsa_private_key.destroy.
341 */
342 static gmp_rsa_public_key_t* get_public_key(private_gmp_rsa_private_key_t *this)
343 {
344 return gmp_rsa_public_key_create_from_n_e(this->n, this->e);
345 }
346
347 /**
348 * Implementation of gmp_rsa_private_key.destroy.
349 */
350 static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public)
351 {
352 identification_t *keyid;
353
354 if (public->get_type(public) != KEY_RSA)
355 {
356 return FALSE;
357 }
358 keyid = public->get_id(public, ID_PUBKEY_SHA1);
359 if (keyid && keyid->equals(keyid, this->keyid))
360 {
361 return TRUE;
362 }
363 keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
364 if (keyid && keyid->equals(keyid, this->keyid_info))
365 {
366 return TRUE;
367 }
368 return FALSE;
369 }
370
371 /**
372 * convert a MP integer into a DER coded ASN.1 object
373 */
374 chunk_t gmp_mpz_to_asn1(const mpz_t value)
375 {
376 chunk_t n;
377
378 n.len = 1 + mpz_sizeinbase(value, 2) / 8; /* size in bytes */
379 n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value);
380 if (n.ptr == NULL)
381 { /* if we have zero in "value", gmp returns NULL */
382 n.len = 0;
383 }
384 return asn1_wrap(ASN1_INTEGER, "m", n);
385 }
386
387 /**
388 * Implementation of private_key_t.get_encoding.
389 */
390 static chunk_t get_encoding(private_gmp_rsa_private_key_t *this)
391 {
392 return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm",
393 ASN1_INTEGER_0,
394 gmp_mpz_to_asn1(this->n),
395 gmp_mpz_to_asn1(this->e),
396 gmp_mpz_to_asn1(this->d),
397 gmp_mpz_to_asn1(this->p),
398 gmp_mpz_to_asn1(this->q),
399 gmp_mpz_to_asn1(this->exp1),
400 gmp_mpz_to_asn1(this->exp2),
401 gmp_mpz_to_asn1(this->coeff));
402 }
403
404 /**
405 * Implementation of gmp_rsa_private_key.destroy.
406 */
407 static private_gmp_rsa_private_key_t* get_ref(private_gmp_rsa_private_key_t *this)
408 {
409 ref_get(&this->ref);
410 return this;
411
412 }
413
414 /**
415 * Implementation of gmp_rsa_private_key.destroy.
416 */
417 static void destroy(private_gmp_rsa_private_key_t *this)
418 {
419 if (ref_put(&this->ref))
420 {
421 mpz_clear_randomized(this->n);
422 mpz_clear_randomized(this->e);
423 mpz_clear_randomized(this->p);
424 mpz_clear_randomized(this->q);
425 mpz_clear_randomized(this->d);
426 mpz_clear_randomized(this->exp1);
427 mpz_clear_randomized(this->exp2);
428 mpz_clear_randomized(this->coeff);
429 DESTROY_IF(this->keyid);
430 DESTROY_IF(this->keyid_info);
431 free(this);
432 }
433 }
434
435 /**
436 * Check the loaded key if it is valid and usable
437 */
438 static status_t check(private_gmp_rsa_private_key_t *this)
439 {
440 mpz_t t, u, q1;
441 status_t status = SUCCESS;
442
443 /* PKCS#1 1.5 section 6 requires modulus to have at least 12 octets.
444 * We actually require more (for security).
445 */
446 if (this->k < 512/8)
447 {
448 DBG1("key shorter than 512 bits");
449 return FAILED;
450 }
451
452 /* we picked a max modulus size to simplify buffer allocation */
453 if (this->k > 8192/8)
454 {
455 DBG1("key larger than 8192 bits");
456 return FAILED;
457 }
458
459 mpz_init(t);
460 mpz_init(u);
461 mpz_init(q1);
462
463 /* check that n == p * q */
464 mpz_mul(u, this->p, this->q);
465 if (mpz_cmp(u, this->n) != 0)
466 {
467 status = FAILED;
468 }
469
470 /* check that e divides neither p-1 nor q-1 */
471 mpz_sub_ui(t, this->p, 1);
472 mpz_mod(t, t, this->e);
473 if (mpz_cmp_ui(t, 0) == 0)
474 {
475 status = FAILED;
476 }
477
478 mpz_sub_ui(t, this->q, 1);
479 mpz_mod(t, t, this->e);
480 if (mpz_cmp_ui(t, 0) == 0)
481 {
482 status = FAILED;
483 }
484
485 /* check that d is e^-1 (mod lcm(p-1, q-1)) */
486 /* see PKCS#1v2, aka RFC 2437, for the "lcm" */
487 mpz_sub_ui(q1, this->q, 1);
488 mpz_sub_ui(u, this->p, 1);
489 mpz_gcd(t, u, q1); /* t := gcd(p-1, q-1) */
490 mpz_mul(u, u, q1); /* u := (p-1) * (q-1) */
491 mpz_divexact(u, u, t); /* u := lcm(p-1, q-1) */
492
493 mpz_mul(t, this->d, this->e);
494 mpz_mod(t, t, u);
495 if (mpz_cmp_ui(t, 1) != 0)
496 {
497 status = FAILED;
498 }
499
500 /* check that exp1 is d mod (p-1) */
501 mpz_sub_ui(u, this->p, 1);
502 mpz_mod(t, this->d, u);
503 if (mpz_cmp(t, this->exp1) != 0)
504 {
505 status = FAILED;
506 }
507
508 /* check that exp2 is d mod (q-1) */
509 mpz_sub_ui(u, this->q, 1);
510 mpz_mod(t, this->d, u);
511 if (mpz_cmp(t, this->exp2) != 0)
512 {
513 status = FAILED;
514 }
515
516 /* check that coeff is (q^-1) mod p */
517 mpz_mul(t, this->coeff, this->q);
518 mpz_mod(t, t, this->p);
519 if (mpz_cmp_ui(t, 1) != 0)
520 {
521 status = FAILED;
522 }
523
524 mpz_clear_randomized(t);
525 mpz_clear_randomized(u);
526 mpz_clear_randomized(q1);
527 if (status != SUCCESS)
528 {
529 DBG1("key integrity tests failed");
530 }
531 return status;
532 }
533
534 /**
535 * Internal generic constructor
536 */
537 static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void)
538 {
539 private_gmp_rsa_private_key_t *this = malloc_thing(private_gmp_rsa_private_key_t);
540
541 this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
542 this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
543 this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
544 this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
545 this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
546 this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
547 this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
548 this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
549 this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
550 this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
551
552 this->keyid = NULL;
553 this->keyid_info = NULL;
554 this->ref = 1;
555
556 return this;
557 }
558
559 /**
560 * Generate an RSA key of specified key size
561 */
562 static gmp_rsa_private_key_t *generate(size_t key_size)
563 {
564 mpz_t p, q, n, e, d, exp1, exp2, coeff;
565 mpz_t m, q1, t;
566 private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty();
567
568 key_size = key_size / 8;
569
570 /* Get values of primes p and q */
571 if (compute_prime(this, key_size/2, &p) != SUCCESS)
572 {
573 free(this);
574 return NULL;
575 }
576 if (compute_prime(this, key_size/2, &q) != SUCCESS)
577 {
578 mpz_clear(p);
579 free(this);
580 return NULL;
581 }
582
583 mpz_init(t);
584 mpz_init(n);
585 mpz_init(d);
586 mpz_init(exp1);
587 mpz_init(exp2);
588 mpz_init(coeff);
589
590 /* Swapping Primes so p is larger then q */
591 if (mpz_cmp(p, q) < 0)
592 {
593 mpz_swap(p, q);
594 }
595
596 mpz_mul(n, p, q); /* n = p*q */
597 mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */
598 mpz_init_set(m, p); /* m = p */
599 mpz_sub_ui(m, m, 1); /* m = m -1 */
600 mpz_init_set(q1, q); /* q1 = q */
601 mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */
602 mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */
603 mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */
604 mpz_divexact(m, m, t); /* m = m / t */
605 mpz_gcd(t, m, e); /* t = gcd(m, e) */
606
607 mpz_invert(d, e, m); /* e has an inverse mod m */
608 if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */
609 {
610 mpz_add(d, d, m);
611 }
612 mpz_sub_ui(t, p, 1); /* t = p-1 */
613 mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */
614 mpz_sub_ui(t, q, 1); /* t = q-1 */
615 mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */
616
617 mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */
618 if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */
619 {
620 mpz_add(coeff, coeff, p);
621 }
622
623 mpz_clear_randomized(q1);
624 mpz_clear_randomized(m);
625 mpz_clear_randomized(t);
626
627 /* apply values */
628 *(this->p) = *p;
629 *(this->q) = *q;
630 *(this->n) = *n;
631 *(this->e) = *e;
632 *(this->d) = *d;
633 *(this->exp1) = *exp1;
634 *(this->exp2) = *exp2;
635 *(this->coeff) = *coeff;
636
637 /* set key size in bytes */
638 this->k = key_size;
639
640 return &this->public;
641 }
642
643 /**
644 * ASN.1 definition of a PKCS#1 RSA private key
645 */
646 static const asn1Object_t privkeyObjects[] = {
647 { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
648 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
649 { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
650 { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
651 { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
652 { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
653 { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
654 { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
655 { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
656 { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
657 { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
658 ASN1_LOOP }, /* 10 */
659 { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
660 { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
661 { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
662 { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
663 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */
664 { 0, "exit", ASN1_EOC, ASN1_EXIT }
665 };
666 #define PRIV_KEY_VERSION 1
667 #define PRIV_KEY_MODULUS 2
668 #define PRIV_KEY_PUB_EXP 3
669 #define PRIV_KEY_PRIV_EXP 4
670 #define PRIV_KEY_PRIME1 5
671 #define PRIV_KEY_PRIME2 6
672 #define PRIV_KEY_EXP1 7
673 #define PRIV_KEY_EXP2 8
674 #define PRIV_KEY_COEFF 9
675
676 /**
677 * load private key from a ASN1 encoded blob
678 */
679 static gmp_rsa_private_key_t *load(chunk_t blob)
680 {
681 asn1_parser_t *parser;
682 chunk_t object;
683 int objectID ;
684 bool success = FALSE;
685
686 private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty();
687
688 mpz_init(this->n);
689 mpz_init(this->e);
690 mpz_init(this->p);
691 mpz_init(this->q);
692 mpz_init(this->d);
693 mpz_init(this->exp1);
694 mpz_init(this->exp2);
695 mpz_init(this->coeff);
696
697 parser = asn1_parser_create(privkeyObjects, blob);
698 parser->set_flags(parser, FALSE, TRUE);
699
700 while (parser->iterate(parser, &objectID, &object))
701 {
702 switch (objectID)
703 {
704 case PRIV_KEY_VERSION:
705 if (object.len > 0 && *object.ptr != 0)
706 {
707 goto end;
708 }
709 break;
710 case PRIV_KEY_MODULUS:
711 mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
712 break;
713 case PRIV_KEY_PUB_EXP:
714 mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
715 break;
716 case PRIV_KEY_PRIV_EXP:
717 mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr);
718 break;
719 case PRIV_KEY_PRIME1:
720 mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr);
721 break;
722 case PRIV_KEY_PRIME2:
723 mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr);
724 break;
725 case PRIV_KEY_EXP1:
726 mpz_import(this->exp1, object.len, 1, 1, 1, 0, object.ptr);
727 break;
728 case PRIV_KEY_EXP2:
729 mpz_import(this->exp2, object.len, 1, 1, 1, 0, object.ptr);
730 break;
731 case PRIV_KEY_COEFF:
732 mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr);
733 break;
734 }
735 }
736 success = parser->success(parser);
737
738 end:
739 parser->destroy(parser);
740 chunk_clear(&blob);
741
742 if (!success)
743 {
744 destroy(this);
745 return NULL;
746 }
747
748 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
749
750 if (!gmp_rsa_public_key_build_id(this->n, this->e,
751 &this->keyid, &this->keyid_info))
752 {
753 destroy(this);
754 return NULL;
755 }
756
757 if (check(this) != SUCCESS)
758 {
759 destroy(this);
760 return NULL;
761 }
762 return &this->public;
763 }
764
765 typedef struct private_builder_t private_builder_t;
766 /**
767 * Builder implementation for key loading/generation
768 */
769 struct private_builder_t {
770 /** implements the builder interface */
771 builder_t public;
772 /** loaded/generated private key */
773 gmp_rsa_private_key_t *key;
774 };
775
776 /**
777 * Implementation of builder_t.build
778 */
779 static gmp_rsa_private_key_t *build(private_builder_t *this)
780 {
781 gmp_rsa_private_key_t *key = this->key;
782
783 free(this);
784 return key;
785 }
786
787 /**
788 * Implementation of builder_t.add
789 */
790 static void add(private_builder_t *this, builder_part_t part, ...)
791 {
792 va_list args;
793
794 if (this->key)
795 {
796 DBG1("ignoring surplus build part %N", builder_part_names, part);
797 return;
798 }
799
800 switch (part)
801 {
802 case BUILD_BLOB_ASN1_DER:
803 {
804 va_start(args, part);
805 this->key = load(va_arg(args, chunk_t));
806 va_end(args);
807 break;
808 }
809 case BUILD_KEY_SIZE:
810 {
811 va_start(args, part);
812 this->key = generate(va_arg(args, u_int));
813 va_end(args);
814 break;
815 }
816 default:
817 DBG1("ignoring unsupported build part %N", builder_part_names, part);
818 break;
819 }
820 }
821
822 /**
823 * Builder construction function
824 */
825 builder_t *gmp_rsa_private_key_builder(key_type_t type)
826 {
827 private_builder_t *this;
828
829 if (type != KEY_RSA)
830 {
831 return NULL;
832 }
833
834 this = malloc_thing(private_builder_t);
835
836 this->key = NULL;
837 this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
838 this->public.build = (void*(*)(builder_t *this))build;
839
840 return &this->public;
841 }
842