e3244ccbfb38b15f7934b77d5c6ef5745c1ae72c
[strongswan.git] / src / libstrongswan / plugins / gmp / gmp_rsa_private_key.c
1 /*
2 * Copyright (C) 2005-2008 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <gmp.h>
18 #include <sys/stat.h>
19 #include <unistd.h>
20 #include <string.h>
21
22 #include "gmp_rsa_private_key.h"
23 #include "gmp_rsa_public_key.h"
24
25 #include <debug.h>
26 #include <asn1/oid.h>
27 #include <asn1/asn1.h>
28 #include <asn1/asn1_parser.h>
29
30 /**
31 * Public exponent to use for key generation.
32 */
33 #define PUBLIC_EXPONENT 0x10001
34
35 typedef struct private_gmp_rsa_private_key_t private_gmp_rsa_private_key_t;
36
37 /**
38 * Private data of a gmp_rsa_private_key_t object.
39 */
40 struct private_gmp_rsa_private_key_t {
41 /**
42 * Public interface for this signer.
43 */
44 gmp_rsa_private_key_t public;
45
46 /**
47 * Version of key, as encoded in PKCS#1
48 */
49 u_int version;
50
51 /**
52 * Public modulus.
53 */
54 mpz_t n;
55
56 /**
57 * Public exponent.
58 */
59 mpz_t e;
60
61 /**
62 * Private prime 1.
63 */
64 mpz_t p;
65
66 /**
67 * Private Prime 2.
68 */
69 mpz_t q;
70
71 /**
72 * Private exponent.
73 */
74 mpz_t d;
75
76 /**
77 * Private exponent 1.
78 */
79 mpz_t exp1;
80
81 /**
82 * Private exponent 2.
83 */
84 mpz_t exp2;
85
86 /**
87 * Private coefficient.
88 */
89 mpz_t coeff;
90
91 /**
92 * Keysize in bytes.
93 */
94 size_t k;
95
96 /**
97 * Keyid formed as a SHA-1 hash of a publicKey object
98 */
99 identification_t* keyid;
100
101 /**
102 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
103 */
104 identification_t* keyid_info;
105
106 /**
107 * reference count
108 */
109 refcount_t ref;
110 };
111
112 /**
113 * shared functions, implemented in gmp_rsa_public_key.c
114 */
115 bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid,
116 identification_t **keyid_info);
117 gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e);
118
119 /**
120 * Auxiliary function overwriting private key material with zero bytes
121 */
122 static void mpz_clear_randomized(mpz_t z)
123 {
124 size_t len = mpz_size(z) * GMP_LIMB_BITS / BITS_PER_BYTE;
125 u_int8_t *random = alloca(len);
126
127 memset(random, 0, len);
128 /* overwrite mpz_t with zero bytes before clearing it */
129 mpz_import(z, len, 1, 1, 1, 0, random);
130 mpz_clear(z);
131 }
132
133 /**
134 * Create a mpz prime of at least prime_size
135 */
136 static status_t compute_prime(private_gmp_rsa_private_key_t *this,
137 size_t prime_size, mpz_t *prime)
138 {
139 rng_t *rng;
140 chunk_t random_bytes;
141
142 rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
143 if (!rng)
144 {
145 DBG1("no RNG of quality %N found", rng_quality_names, RNG_TRUE);
146 return FAILED;
147 }
148
149 mpz_init(*prime);
150 do
151 {
152 rng->allocate_bytes(rng, prime_size, &random_bytes);
153 /* make sure most significant bit is set */
154 random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
155
156 mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
157 mpz_nextprime (*prime, *prime);
158 chunk_clear(&random_bytes);
159 }
160 /* check if it isn't too large */
161 while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
162
163 rng->destroy(rng);
164 return SUCCESS;
165 }
166
167 /**
168 * PKCS#1 RSADP function
169 */
170 static chunk_t rsadp(private_gmp_rsa_private_key_t *this, chunk_t data)
171 {
172 mpz_t t1, t2;
173 chunk_t decrypted;
174
175 mpz_init(t1);
176 mpz_init(t2);
177
178 mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
179
180 mpz_powm(t2, t1, this->exp1, this->p); /* m1 = c^dP mod p */
181 mpz_powm(t1, t1, this->exp2, this->q); /* m2 = c^dQ mod Q */
182 mpz_sub(t2, t2, t1); /* h = qInv (m1 - m2) mod p */
183 mpz_mod(t2, t2, this->p);
184 mpz_mul(t2, t2, this->coeff);
185 mpz_mod(t2, t2, this->p);
186
187 mpz_mul(t2, t2, this->q); /* m = m2 + h q */
188 mpz_add(t1, t1, t2);
189
190 decrypted.len = this->k;
191 decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
192 if (decrypted.ptr == NULL)
193 {
194 decrypted.len = 0;
195 }
196
197 mpz_clear_randomized(t1);
198 mpz_clear_randomized(t2);
199
200 return decrypted;
201 }
202
203 /**
204 * PKCS#1 RSASP1 function
205 */
206 static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data)
207 {
208 return rsadp(this, data);
209 }
210
211 /**
212 * Implementation of gmp_rsa_private_key_t.build_emsa_pkcs1_signature.
213 */
214 static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
215 hash_algorithm_t hash_algorithm,
216 chunk_t data, chunk_t *signature)
217 {
218 hasher_t *hasher;
219 chunk_t em, digestInfo, hash;
220 int hash_oid = hasher_algorithm_to_oid(hash_algorithm);
221
222 if (hash_oid == OID_UNKNOWN)
223 {
224 return FALSE;
225 }
226
227 /* get hasher */
228 hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
229 if (hasher == NULL)
230 {
231 return FALSE;
232 }
233
234 /* build hash */
235 hasher->allocate_hash(hasher, data, &hash);
236 hasher->destroy(hasher);
237
238 /* build DER-encoded digestInfo */
239 digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
240 asn1_algorithmIdentifier(hash_oid),
241 asn1_simple_object(ASN1_OCTET_STRING, hash)
242 );
243 chunk_free(&hash);
244
245 /* build chunk to rsa-decrypt:
246 * EM = 0x00 || 0x01 || PS || 0x00 || T.
247 * PS = 0xFF padding, with length to fill em
248 * T = encoded_hash
249 */
250 em.len = this->k;
251 em.ptr = malloc(em.len);
252
253 /* fill em with padding */
254 memset(em.ptr, 0xFF, em.len);
255 /* set magic bytes */
256 *(em.ptr) = 0x00;
257 *(em.ptr+1) = 0x01;
258 *(em.ptr + em.len - digestInfo.len - 1) = 0x00;
259 /* set DER-encoded hash */
260 memcpy(em.ptr + em.len - digestInfo.len, digestInfo.ptr, digestInfo.len);
261
262 /* build signature */
263 *signature = rsasp1(this, em);
264
265 free(digestInfo.ptr);
266 free(em.ptr);
267
268 return TRUE;
269 }
270
271 /**
272 * Implementation of gmp_rsa_private_key.destroy.
273 */
274 static key_type_t get_type(private_gmp_rsa_private_key_t *this)
275 {
276 return KEY_RSA;
277 }
278
279 /**
280 * Implementation of gmp_rsa_private_key.destroy.
281 */
282 static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
283 chunk_t data, chunk_t *signature)
284 {
285 switch (scheme)
286 {
287 case SIGN_DEFAULT:
288 /* default is EMSA-PKCS1 using SHA1 */
289 case SIGN_RSA_EMSA_PKCS1_SHA1:
290 return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
291 case SIGN_RSA_EMSA_PKCS1_SHA256:
292 return build_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
293 case SIGN_RSA_EMSA_PKCS1_SHA384:
294 return build_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
295 case SIGN_RSA_EMSA_PKCS1_SHA512:
296 return build_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
297 case SIGN_RSA_EMSA_PKCS1_MD5:
298 return build_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
299 default:
300 DBG1("signature scheme %N not supported in RSA",
301 signature_scheme_names, scheme);
302 return FALSE;
303 }
304 }
305
306 /**
307 * Implementation of gmp_rsa_private_key.destroy.
308 */
309 static bool decrypt(private_gmp_rsa_private_key_t *this,
310 chunk_t crypto, chunk_t *plain)
311 {
312 DBG1("RSA private key decryption not implemented");
313 return FALSE;
314 }
315
316 /**
317 * Implementation of gmp_rsa_private_key.destroy.
318 */
319 static size_t get_keysize(private_gmp_rsa_private_key_t *this)
320 {
321 return this->k;
322 }
323
324 /**
325 * Implementation of gmp_rsa_private_key.destroy.
326 */
327 static identification_t* get_id(private_gmp_rsa_private_key_t *this,
328 id_type_t type)
329 {
330 switch (type)
331 {
332 case ID_PUBKEY_INFO_SHA1:
333 return this->keyid_info;
334 case ID_PUBKEY_SHA1:
335 return this->keyid;
336 default:
337 return NULL;
338 }
339 }
340
341 /**
342 * Implementation of gmp_rsa_private_key.get_public_key.
343 */
344 static gmp_rsa_public_key_t* get_public_key(private_gmp_rsa_private_key_t *this)
345 {
346 return gmp_rsa_public_key_create_from_n_e(this->n, this->e);
347 }
348
349 /**
350 * Implementation of gmp_rsa_private_key.destroy.
351 */
352 static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public)
353 {
354 identification_t *keyid;
355
356 if (public->get_type(public) != KEY_RSA)
357 {
358 return FALSE;
359 }
360 keyid = public->get_id(public, ID_PUBKEY_SHA1);
361 if (keyid && keyid->equals(keyid, this->keyid))
362 {
363 return TRUE;
364 }
365 keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
366 if (keyid && keyid->equals(keyid, this->keyid_info))
367 {
368 return TRUE;
369 }
370 return FALSE;
371 }
372
373 /**
374 * convert a MP integer into a DER coded ASN.1 object
375 */
376 chunk_t gmp_mpz_to_asn1(const mpz_t value)
377 {
378 chunk_t n;
379
380 n.len = 1 + mpz_sizeinbase(value, 2) / 8; /* size in bytes */
381 n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value);
382 if (n.ptr == NULL)
383 { /* if we have zero in "value", gmp returns NULL */
384 n.len = 0;
385 }
386 return asn1_wrap(ASN1_INTEGER, "m", n);
387 }
388
389 /**
390 * Implementation of private_key_t.get_encoding.
391 */
392 static chunk_t get_encoding(private_gmp_rsa_private_key_t *this)
393 {
394 return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm",
395 ASN1_INTEGER_0,
396 gmp_mpz_to_asn1(this->n),
397 gmp_mpz_to_asn1(this->e),
398 gmp_mpz_to_asn1(this->d),
399 gmp_mpz_to_asn1(this->p),
400 gmp_mpz_to_asn1(this->q),
401 gmp_mpz_to_asn1(this->exp1),
402 gmp_mpz_to_asn1(this->exp2),
403 gmp_mpz_to_asn1(this->coeff));
404 }
405
406 /**
407 * Implementation of gmp_rsa_private_key.destroy.
408 */
409 static private_gmp_rsa_private_key_t* get_ref(private_gmp_rsa_private_key_t *this)
410 {
411 ref_get(&this->ref);
412 return this;
413
414 }
415
416 /**
417 * Implementation of gmp_rsa_private_key.destroy.
418 */
419 static void destroy(private_gmp_rsa_private_key_t *this)
420 {
421 if (ref_put(&this->ref))
422 {
423 mpz_clear_randomized(this->n);
424 mpz_clear_randomized(this->e);
425 mpz_clear_randomized(this->p);
426 mpz_clear_randomized(this->q);
427 mpz_clear_randomized(this->d);
428 mpz_clear_randomized(this->exp1);
429 mpz_clear_randomized(this->exp2);
430 mpz_clear_randomized(this->coeff);
431 DESTROY_IF(this->keyid);
432 DESTROY_IF(this->keyid_info);
433 free(this);
434 }
435 }
436
437 /**
438 * Check the loaded key if it is valid and usable
439 */
440 static status_t check(private_gmp_rsa_private_key_t *this)
441 {
442 mpz_t t, u, q1;
443 status_t status = SUCCESS;
444
445 /* PKCS#1 1.5 section 6 requires modulus to have at least 12 octets.
446 * We actually require more (for security).
447 */
448 if (this->k < 512/8)
449 {
450 DBG1("key shorter than 512 bits");
451 return FAILED;
452 }
453
454 /* we picked a max modulus size to simplify buffer allocation */
455 if (this->k > 8192/8)
456 {
457 DBG1("key larger than 8192 bits");
458 return FAILED;
459 }
460
461 mpz_init(t);
462 mpz_init(u);
463 mpz_init(q1);
464
465 /* check that n == p * q */
466 mpz_mul(u, this->p, this->q);
467 if (mpz_cmp(u, this->n) != 0)
468 {
469 status = FAILED;
470 }
471
472 /* check that e divides neither p-1 nor q-1 */
473 mpz_sub_ui(t, this->p, 1);
474 mpz_mod(t, t, this->e);
475 if (mpz_cmp_ui(t, 0) == 0)
476 {
477 status = FAILED;
478 }
479
480 mpz_sub_ui(t, this->q, 1);
481 mpz_mod(t, t, this->e);
482 if (mpz_cmp_ui(t, 0) == 0)
483 {
484 status = FAILED;
485 }
486
487 /* check that d is e^-1 (mod lcm(p-1, q-1)) */
488 /* see PKCS#1v2, aka RFC 2437, for the "lcm" */
489 mpz_sub_ui(q1, this->q, 1);
490 mpz_sub_ui(u, this->p, 1);
491 mpz_gcd(t, u, q1); /* t := gcd(p-1, q-1) */
492 mpz_mul(u, u, q1); /* u := (p-1) * (q-1) */
493 mpz_divexact(u, u, t); /* u := lcm(p-1, q-1) */
494
495 mpz_mul(t, this->d, this->e);
496 mpz_mod(t, t, u);
497 if (mpz_cmp_ui(t, 1) != 0)
498 {
499 status = FAILED;
500 }
501
502 /* check that exp1 is d mod (p-1) */
503 mpz_sub_ui(u, this->p, 1);
504 mpz_mod(t, this->d, u);
505 if (mpz_cmp(t, this->exp1) != 0)
506 {
507 status = FAILED;
508 }
509
510 /* check that exp2 is d mod (q-1) */
511 mpz_sub_ui(u, this->q, 1);
512 mpz_mod(t, this->d, u);
513 if (mpz_cmp(t, this->exp2) != 0)
514 {
515 status = FAILED;
516 }
517
518 /* check that coeff is (q^-1) mod p */
519 mpz_mul(t, this->coeff, this->q);
520 mpz_mod(t, t, this->p);
521 if (mpz_cmp_ui(t, 1) != 0)
522 {
523 status = FAILED;
524 }
525
526 mpz_clear_randomized(t);
527 mpz_clear_randomized(u);
528 mpz_clear_randomized(q1);
529 if (status != SUCCESS)
530 {
531 DBG1("key integrity tests failed");
532 }
533 return status;
534 }
535
536 /**
537 * Internal generic constructor
538 */
539 static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void)
540 {
541 private_gmp_rsa_private_key_t *this = malloc_thing(private_gmp_rsa_private_key_t);
542
543 this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
544 this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
545 this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
546 this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
547 this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
548 this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
549 this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
550 this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
551 this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
552 this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
553
554 this->keyid = NULL;
555 this->keyid_info = NULL;
556 this->ref = 1;
557
558 return this;
559 }
560
561 /**
562 * Generate an RSA key of specified key size
563 */
564 static gmp_rsa_private_key_t *generate(size_t key_size)
565 {
566 mpz_t p, q, n, e, d, exp1, exp2, coeff;
567 mpz_t m, q1, t;
568 private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty();
569
570 key_size = key_size / 8;
571
572 /* Get values of primes p and q */
573 if (compute_prime(this, key_size/2, &p) != SUCCESS)
574 {
575 free(this);
576 return NULL;
577 }
578 if (compute_prime(this, key_size/2, &q) != SUCCESS)
579 {
580 mpz_clear(p);
581 free(this);
582 return NULL;
583 }
584
585 mpz_init(t);
586 mpz_init(n);
587 mpz_init(d);
588 mpz_init(exp1);
589 mpz_init(exp2);
590 mpz_init(coeff);
591
592 /* Swapping Primes so p is larger then q */
593 if (mpz_cmp(p, q) < 0)
594 {
595 mpz_swap(p, q);
596 }
597
598 mpz_mul(n, p, q); /* n = p*q */
599 mpz_init_set_ui(e, PUBLIC_EXPONENT); /* assign public exponent */
600 mpz_init_set(m, p); /* m = p */
601 mpz_sub_ui(m, m, 1); /* m = m -1 */
602 mpz_init_set(q1, q); /* q1 = q */
603 mpz_sub_ui(q1, q1, 1); /* q1 = q1 -1 */
604 mpz_gcd(t, m, q1); /* t = gcd(p-1, q-1) */
605 mpz_mul(m, m, q1); /* m = (p-1)*(q-1) */
606 mpz_divexact(m, m, t); /* m = m / t */
607 mpz_gcd(t, m, e); /* t = gcd(m, e) */
608
609 mpz_invert(d, e, m); /* e has an inverse mod m */
610 if (mpz_cmp_ui(d, 0) < 0) /* make sure d is positive */
611 {
612 mpz_add(d, d, m);
613 }
614 mpz_sub_ui(t, p, 1); /* t = p-1 */
615 mpz_mod(exp1, d, t); /* exp1 = d mod p-1 */
616 mpz_sub_ui(t, q, 1); /* t = q-1 */
617 mpz_mod(exp2, d, t); /* exp2 = d mod q-1 */
618
619 mpz_invert(coeff, q, p); /* coeff = q^-1 mod p */
620 if (mpz_cmp_ui(coeff, 0) < 0) /* make coeff d is positive */
621 {
622 mpz_add(coeff, coeff, p);
623 }
624
625 mpz_clear_randomized(q1);
626 mpz_clear_randomized(m);
627 mpz_clear_randomized(t);
628
629 /* apply values */
630 *(this->p) = *p;
631 *(this->q) = *q;
632 *(this->n) = *n;
633 *(this->e) = *e;
634 *(this->d) = *d;
635 *(this->exp1) = *exp1;
636 *(this->exp2) = *exp2;
637 *(this->coeff) = *coeff;
638
639 /* set key size in bytes */
640 this->k = key_size;
641
642 return &this->public;
643 }
644
645 /**
646 * ASN.1 definition of a PKCS#1 RSA private key
647 */
648 static const asn1Object_t privkeyObjects[] = {
649 { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
650 { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
651 { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
652 { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
653 { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
654 { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
655 { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
656 { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
657 { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
658 { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
659 { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
660 ASN1_LOOP }, /* 10 */
661 { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
662 { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
663 { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
664 { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
665 { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */
666 { 0, "exit", ASN1_EOC, ASN1_EXIT }
667 };
668 #define PRIV_KEY_VERSION 1
669 #define PRIV_KEY_MODULUS 2
670 #define PRIV_KEY_PUB_EXP 3
671 #define PRIV_KEY_PRIV_EXP 4
672 #define PRIV_KEY_PRIME1 5
673 #define PRIV_KEY_PRIME2 6
674 #define PRIV_KEY_EXP1 7
675 #define PRIV_KEY_EXP2 8
676 #define PRIV_KEY_COEFF 9
677
678 /**
679 * load private key from a ASN1 encoded blob
680 */
681 static gmp_rsa_private_key_t *load(chunk_t blob)
682 {
683 asn1_parser_t *parser;
684 chunk_t object;
685 int objectID ;
686 bool success = FALSE;
687
688 private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty();
689
690 mpz_init(this->n);
691 mpz_init(this->e);
692 mpz_init(this->p);
693 mpz_init(this->q);
694 mpz_init(this->d);
695 mpz_init(this->exp1);
696 mpz_init(this->exp2);
697 mpz_init(this->coeff);
698
699 parser = asn1_parser_create(privkeyObjects, blob);
700 parser->set_flags(parser, FALSE, TRUE);
701
702 while (parser->iterate(parser, &objectID, &object))
703 {
704 switch (objectID)
705 {
706 case PRIV_KEY_VERSION:
707 if (object.len > 0 && *object.ptr != 0)
708 {
709 goto end;
710 }
711 break;
712 case PRIV_KEY_MODULUS:
713 mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
714 break;
715 case PRIV_KEY_PUB_EXP:
716 mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
717 break;
718 case PRIV_KEY_PRIV_EXP:
719 mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr);
720 break;
721 case PRIV_KEY_PRIME1:
722 mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr);
723 break;
724 case PRIV_KEY_PRIME2:
725 mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr);
726 break;
727 case PRIV_KEY_EXP1:
728 mpz_import(this->exp1, object.len, 1, 1, 1, 0, object.ptr);
729 break;
730 case PRIV_KEY_EXP2:
731 mpz_import(this->exp2, object.len, 1, 1, 1, 0, object.ptr);
732 break;
733 case PRIV_KEY_COEFF:
734 mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr);
735 break;
736 }
737 }
738 success = parser->success(parser);
739
740 end:
741 parser->destroy(parser);
742 chunk_clear(&blob);
743
744 if (!success)
745 {
746 destroy(this);
747 return NULL;
748 }
749
750 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
751
752 if (!gmp_rsa_public_key_build_id(this->n, this->e,
753 &this->keyid, &this->keyid_info))
754 {
755 destroy(this);
756 return NULL;
757 }
758
759 if (check(this) != SUCCESS)
760 {
761 destroy(this);
762 return NULL;
763 }
764 return &this->public;
765 }
766
767 typedef struct private_builder_t private_builder_t;
768 /**
769 * Builder implementation for key loading/generation
770 */
771 struct private_builder_t {
772 /** implements the builder interface */
773 builder_t public;
774 /** loaded/generated private key */
775 gmp_rsa_private_key_t *key;
776 };
777
778 /**
779 * Implementation of builder_t.build
780 */
781 static gmp_rsa_private_key_t *build(private_builder_t *this)
782 {
783 gmp_rsa_private_key_t *key = this->key;
784
785 free(this);
786 return key;
787 }
788
789 /**
790 * Implementation of builder_t.add
791 */
792 static void add(private_builder_t *this, builder_part_t part, ...)
793 {
794 if (!this->key)
795 {
796 va_list args;
797 chunk_t chunk;
798
799 switch (part)
800 {
801 case BUILD_BLOB_ASN1_DER:
802 {
803 va_start(args, part);
804 chunk = va_arg(args, chunk_t);
805 this->key = load(chunk_clone(chunk));
806 va_end(args);
807 return;
808 }
809 case BUILD_KEY_SIZE:
810 {
811 va_start(args, part);
812 this->key = generate(va_arg(args, u_int));
813 va_end(args);
814 return;
815 }
816 default:
817 break;
818 }
819 }
820 if (this->key)
821 {
822 destroy((private_gmp_rsa_private_key_t*)this->key);
823 }
824 builder_cancel(&this->public);
825 }
826
827 /**
828 * Builder construction function
829 */
830 builder_t *gmp_rsa_private_key_builder(key_type_t type)
831 {
832 private_builder_t *this;
833
834 if (type != KEY_RSA)
835 {
836 return NULL;
837 }
838
839 this = malloc_thing(private_builder_t);
840
841 this->key = NULL;
842 this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
843 this->public.build = (void*(*)(builder_t *this))build;
844
845 return &this->public;
846 }
847