implemented gmp_rsa_public_key.encrypt() method
[strongswan.git] / src / libstrongswan / plugins / gmp / gmp_rsa_public_key.c
1 /*
2 * Copyright (C) 2005-2008 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <gmp.h>
18 #include <sys/stat.h>
19 #include <unistd.h>
20 #include <stdio.h>
21 #include <string.h>
22
23 #include "gmp_rsa_public_key.h"
24
25 #include <debug.h>
26 #include <asn1/oid.h>
27 #include <asn1/asn1.h>
28 #include <asn1/asn1_parser.h>
29 #include <asn1/pem.h>
30 #include <crypto/hashers/hasher.h>
31 #include <pgp/pgp.h>
32
33 typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t;
34
35 /**
36 * Private data structure with signing context.
37 */
38 struct private_gmp_rsa_public_key_t {
39 /**
40 * Public interface for this signer.
41 */
42 gmp_rsa_public_key_t public;
43
44 /**
45 * Public modulus.
46 */
47 mpz_t n;
48
49 /**
50 * Public exponent.
51 */
52 mpz_t e;
53
54 /**
55 * Keysize in bytes.
56 */
57 size_t k;
58
59 /**
60 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
61 */
62 identification_t *keyid_info;
63
64 /**
65 * Keyid formed as a SHA-1 hash of a publicKey object
66 */
67 identification_t *keyid;
68
69 /**
70 * reference counter
71 */
72 refcount_t ref;
73 };
74
75 /**
76 * Shared functions defined in gmp_rsa_private_key.c
77 */
78 extern chunk_t gmp_mpz_to_chunk(const mpz_t value);
79 extern chunk_t gmp_mpz_to_asn1(const mpz_t value);
80
81 /**
82 * RSAEP algorithm specified in PKCS#1.
83 */
84 static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data)
85 {
86 mpz_t m, c;
87 chunk_t encrypted;
88
89 mpz_init(c);
90 mpz_init(m);
91
92 mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
93
94 mpz_powm(c, m, this->e, this->n);
95
96 encrypted.len = this->k;
97 encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
98 if (encrypted.ptr == NULL)
99 {
100 encrypted.len = 0;
101 }
102
103 mpz_clear(c);
104 mpz_clear(m);
105
106 return encrypted;
107 }
108
109 /**
110 * RSAVP1 algorithm specified in PKCS#1.
111 */
112 static chunk_t rsavp1(private_gmp_rsa_public_key_t *this, chunk_t data)
113 {
114 return rsaep(this, data);
115 }
116
117 /**
118 * ASN.1 definition of digestInfo
119 */
120 static const asn1Object_t digestInfoObjects[] = {
121 { 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
122 { 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
123 { 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */
124 { 0, "exit", ASN1_EOC, ASN1_EXIT }
125 };
126 #define DIGEST_INFO 0
127 #define DIGEST_INFO_ALGORITHM 1
128 #define DIGEST_INFO_DIGEST 2
129
130 /**
131 * Verification of an EMPSA PKCS1 signature described in PKCS#1
132 */
133 static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
134 hash_algorithm_t algorithm,
135 chunk_t data, chunk_t signature)
136 {
137 chunk_t em_ori, em;
138 bool success = FALSE;
139
140 /* remove any preceding 0-bytes from signature */
141 while (signature.len && *(signature.ptr) == 0x00)
142 {
143 signature.len -= 1;
144 signature.ptr++;
145 }
146
147 if (signature.len > this->k)
148 {
149 return INVALID_ARG;
150 }
151
152 /* unpack signature */
153 em_ori = em = rsavp1(this, signature);
154
155 /* result should look like this:
156 * EM = 0x00 || 0x01 || PS || 0x00 || T.
157 * PS = 0xFF padding, with length to fill em
158 * T = oid || hash
159 */
160
161 /* check magic bytes */
162 if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
163 {
164 goto end;
165 }
166 em.ptr += 2;
167 em.len -= 2;
168
169 /* find magic 0x00 */
170 while (em.len > 0)
171 {
172 if (*em.ptr == 0x00)
173 {
174 /* found magic byte, stop */
175 em.ptr++;
176 em.len--;
177 break;
178 }
179 else if (*em.ptr != 0xFF)
180 {
181 /* bad padding, decryption failed ?!*/
182 goto end;
183 }
184 em.ptr++;
185 em.len--;
186 }
187
188 if (em.len == 0)
189 {
190 /* no digestInfo found */
191 goto end;
192 }
193
194 if (algorithm == HASH_UNKNOWN)
195 { /* IKEv1 signatures without digestInfo */
196 if (em.len != data.len)
197 {
198 DBG1("hash size in signature is %u bytes instead of %u bytes",
199 em.len, data.len);
200 goto end;
201 }
202 success = memeq(em.ptr, data.ptr, data.len);
203 }
204 else
205 { /* IKEv2 and X.509 certificate signatures */
206 asn1_parser_t *parser;
207 chunk_t object;
208 int objectID;
209 hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
210
211 DBG2("signature verification:");
212 parser = asn1_parser_create(digestInfoObjects, em);
213
214 while (parser->iterate(parser, &objectID, &object))
215 {
216 switch (objectID)
217 {
218 case DIGEST_INFO:
219 {
220 if (em.len > object.len)
221 {
222 DBG1("digestInfo field in signature is followed by %u surplus bytes",
223 em.len - object.len);
224 goto end_parser;
225 }
226 break;
227 }
228 case DIGEST_INFO_ALGORITHM:
229 {
230 int hash_oid = asn1_parse_algorithmIdentifier(object,
231 parser->get_level(parser)+1, NULL);
232
233 hash_algorithm = hasher_algorithm_from_oid(hash_oid);
234 if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm)
235 {
236 DBG1("expected hash algorithm %N, but found %N (OID: %#B)",
237 hash_algorithm_names, algorithm,
238 hash_algorithm_names, hash_algorithm, &object);
239 goto end_parser;
240 }
241 break;
242 }
243 case DIGEST_INFO_DIGEST:
244 {
245 chunk_t hash;
246 hasher_t *hasher;
247
248 hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
249 if (hasher == NULL)
250 {
251 DBG1("hash algorithm %N not supported",
252 hash_algorithm_names, hash_algorithm);
253 goto end_parser;
254 }
255
256 if (object.len != hasher->get_hash_size(hasher))
257 {
258 DBG1("hash size in signature is %u bytes instead of %u "
259 "bytes", object.len, hasher->get_hash_size(hasher));
260 hasher->destroy(hasher);
261 goto end_parser;
262 }
263
264 /* build our own hash and compare */
265 hasher->allocate_hash(hasher, data, &hash);
266 hasher->destroy(hasher);
267 success = memeq(object.ptr, hash.ptr, hash.len);
268 free(hash.ptr);
269 break;
270 }
271 default:
272 break;
273 }
274 }
275
276 end_parser:
277 success &= parser->success(parser);
278 parser->destroy(parser);
279 }
280
281 end:
282 free(em_ori.ptr);
283 return success;
284 }
285
286 /**
287 * Implementation of public_key_t.get_type.
288 */
289 static key_type_t get_type(private_gmp_rsa_public_key_t *this)
290 {
291 return KEY_RSA;
292 }
293
294 /**
295 * Implementation of public_key_t.verify.
296 */
297 static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme,
298 chunk_t data, chunk_t signature)
299 {
300 switch (scheme)
301 {
302 case SIGN_DEFAULT:
303 case SIGN_RSA_EMSA_PKCS1_NULL:
304 return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
305 case SIGN_RSA_EMSA_PKCS1_MD5:
306 return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
307 case SIGN_RSA_EMSA_PKCS1_SHA1:
308 return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
309 case SIGN_RSA_EMSA_PKCS1_SHA256:
310 return verify_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
311 case SIGN_RSA_EMSA_PKCS1_SHA384:
312 return verify_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
313 case SIGN_RSA_EMSA_PKCS1_SHA512:
314 return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
315 default:
316 DBG1("signature scheme %N not supported in RSA",
317 signature_scheme_names, scheme);
318 return FALSE;
319 }
320 }
321
322 #define MIN_PS_PADDING 8
323
324 /**
325 * Implementation of public_key_t.encrypt.
326 */
327 static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
328 chunk_t *crypto)
329 {
330 chunk_t em;
331 u_char *pos;
332 int padding, i;
333 rng_t *rng;
334
335 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
336 if (rng == NULL)
337 {
338 DBG1("no random generator available");
339 return FALSE;
340 }
341
342 /* number of pseudo-random padding octets */
343 padding = this->k - plain.len - 3;
344 if (padding < MIN_PS_PADDING)
345 {
346 DBG1("pseudo-random padding must be at least %d octets", MIN_PS_PADDING);
347 return FALSE;
348 }
349
350 /* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */
351 DBG2("padding %u bytes of data to the rsa modulus size of %u bytes",
352 plain.len, this->k);
353 em.len = this->k;
354 em.ptr = malloc(em.len);
355 pos = em.ptr;
356 *pos++ = 0x00;
357 *pos++ = 0x02;
358
359 /* fill with pseudo random octets */
360 rng->get_bytes(rng, padding, pos);
361
362 /* replace zero-valued random octets */
363 for (i = 0; i < padding; i++)
364 {
365 while (*pos == 0)
366 {
367 rng->get_bytes(rng, 1, pos);
368 }
369 pos++;
370 }
371 rng->destroy(rng);
372
373 /* append the padding terminator */
374 *pos++ = 0x00;
375
376 /* now add the data */
377 memcpy(pos, plain.ptr, plain.len);
378 DBG3("padded data before rsa encryption: %B", &em);
379
380 *crypto = rsaep(this, em);
381 DBG3("rsa encrypted data: %B", crypto);
382 chunk_clear(&em);
383 return TRUE;
384 }
385
386 /**
387 * Implementation of gmp_rsa_public_key.equals.
388 */
389 static bool equals(private_gmp_rsa_public_key_t *this, public_key_t *other)
390 {
391 identification_t *keyid;
392
393 if (&this->public.interface == other)
394 {
395 return TRUE;
396 }
397 if (other->get_type(other) != KEY_RSA)
398 {
399 return FALSE;
400 }
401 keyid = other->get_id(other, ID_PUBKEY_SHA1);
402 if (keyid && keyid->equals(keyid, this->keyid))
403 {
404 return TRUE;
405 }
406 keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
407 if (keyid && keyid->equals(keyid, this->keyid_info))
408 {
409 return TRUE;
410 }
411 return FALSE;
412 }
413
414 /**
415 * Implementation of public_key_t.get_keysize.
416 */
417 static size_t get_keysize(private_gmp_rsa_public_key_t *this)
418 {
419 return this->k;
420 }
421
422 /**
423 * Build the PGP version 3 RSA key identifier from n and e using
424 * MD5 hashed modulus and exponent. Also used in rsa_private_key.c.
425 */
426 static identification_t* gmp_rsa_build_pgp_v3_keyid(mpz_t n, mpz_t e)
427 {
428 identification_t *keyid;
429 chunk_t modulus, mod, exponent, exp, hash;
430 hasher_t *hasher;
431
432 hasher= lib->crypto->create_hasher(lib->crypto, HASH_MD5);
433 if (hasher == NULL)
434 {
435 DBG1("computation of PGP V3 keyid failed, no MD5 hasher is available");
436 return NULL;
437 }
438 mod = modulus = gmp_mpz_to_chunk(n);
439 exp = exponent = gmp_mpz_to_chunk(e);
440
441 /* remove leading zero bytes before hashing modulus and exponent */
442 while (mod.len > 0 && *mod.ptr == 0x00)
443 {
444 mod.ptr++;
445 mod.len--;
446 }
447 while (exp.len > 0 && *exp.ptr == 0x00)
448 {
449 exp.ptr++;
450 exp.len--;
451 }
452 hasher->allocate_hash(hasher, mod, NULL);
453 hasher->allocate_hash(hasher, exp, &hash);
454 hasher->destroy(hasher);
455 keyid = identification_create_from_encoding(ID_KEY_ID, hash);
456 free(hash.ptr);
457 free(modulus.ptr);
458 free(exponent.ptr);
459 return keyid;
460 }
461
462 /**
463 * Implementation of public_key_t.get_id.
464 */
465 static identification_t *get_id(private_gmp_rsa_public_key_t *this,
466 id_type_t type)
467 {
468 switch (type)
469 {
470 case ID_PUBKEY_INFO_SHA1:
471 return this->keyid_info;
472 case ID_PUBKEY_SHA1:
473 return this->keyid;
474 case ID_KEY_ID:
475 return gmp_rsa_build_pgp_v3_keyid(this->n, this->e);
476 default:
477 return NULL;
478 }
479 }
480
481 /*
482 * Implementation of public_key_t.get_encoding.
483 */
484 static chunk_t get_encoding(private_gmp_rsa_public_key_t *this)
485 {
486 return asn1_wrap(ASN1_SEQUENCE, "mm",
487 gmp_mpz_to_asn1(this->n),
488 gmp_mpz_to_asn1(this->e));
489 }
490
491 /**
492 * Implementation of public_key_t.get_ref.
493 */
494 static private_gmp_rsa_public_key_t* get_ref(private_gmp_rsa_public_key_t *this)
495 {
496 ref_get(&this->ref);
497 return this;
498 }
499
500 /**
501 * Implementation of gmp_rsa_public_key.destroy.
502 */
503 static void destroy(private_gmp_rsa_public_key_t *this)
504 {
505 if (ref_put(&this->ref))
506 {
507 mpz_clear(this->n);
508 mpz_clear(this->e);
509 DESTROY_IF(this->keyid);
510 DESTROY_IF(this->keyid_info);
511 free(this);
512 }
513 }
514
515 /**
516 * Generic private constructor
517 */
518 static private_gmp_rsa_public_key_t *gmp_rsa_public_key_create_empty()
519 {
520 private_gmp_rsa_public_key_t *this = malloc_thing(private_gmp_rsa_public_key_t);
521
522 this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type;
523 this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify;
524 this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_;
525 this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals;
526 this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize;
527 this->public.interface.get_id = (identification_t* (*) (public_key_t*, id_type_t))get_id;
528 this->public.interface.get_encoding = (chunk_t(*) (public_key_t*))get_encoding;
529 this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref;
530 this->public.interface.destroy = (void (*) (public_key_t *this))destroy;
531
532 this->keyid = NULL;
533 this->keyid_info = NULL;
534 this->ref = 1;
535
536 return this;
537 }
538
539 /**
540 * Build the RSA key identifier from n and e using SHA1 hashed publicKey(Info).
541 * Also used in rsa_private_key.c.
542 */
543 bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid,
544 identification_t **keyid_info)
545 {
546 chunk_t publicKeyInfo, publicKey, hash;
547 hasher_t *hasher;
548
549 hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
550 if (hasher == NULL)
551 {
552 DBG1("SHA1 hash algorithm not supported, unable to use RSA");
553 return FALSE;
554 }
555 publicKey = asn1_wrap(ASN1_SEQUENCE, "mm",
556 gmp_mpz_to_asn1(n),
557 gmp_mpz_to_asn1(e));
558 hasher->allocate_hash(hasher, publicKey, &hash);
559 *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
560 chunk_free(&hash);
561
562 publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
563 asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
564 asn1_bitstring("m", publicKey));
565 hasher->allocate_hash(hasher, publicKeyInfo, &hash);
566 *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash);
567 chunk_free(&hash);
568
569 hasher->destroy(hasher);
570 chunk_free(&publicKeyInfo);
571
572 return TRUE;
573 }
574
575 /**
576 * Create a public key from mpz values, used in gmp_rsa_private_key
577 */
578 gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e)
579 {
580 private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
581
582 mpz_init_set(this->n, n);
583 mpz_init_set(this->e, e);
584
585 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
586 if (!gmp_rsa_public_key_build_id(this->n, this->e,
587 &this->keyid, &this->keyid_info))
588 {
589 destroy(this);
590 return NULL;
591 }
592 return &this->public;
593 }
594
595 /**
596 * ASN.1 definition of RSApublicKey
597 */
598 static const asn1Object_t pubkeyObjects[] = {
599 { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
600 { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */
601 { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */
602 { 0, "exit", ASN1_EOC, ASN1_EXIT }
603 };
604 #define PUB_KEY_RSA_PUBLIC_KEY 0
605 #define PUB_KEY_MODULUS 1
606 #define PUB_KEY_EXPONENT 2
607
608 /**
609 * Load a public key from an ASN.1 encoded blob
610 */
611 static gmp_rsa_public_key_t *load_asn1_der(chunk_t blob)
612 {
613 asn1_parser_t *parser;
614 chunk_t object;
615 int objectID;
616 bool success = FALSE;
617
618 private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
619
620 mpz_init(this->n);
621 mpz_init(this->e);
622
623 parser = asn1_parser_create(pubkeyObjects, blob);
624
625 while (parser->iterate(parser, &objectID, &object))
626 {
627 switch (objectID)
628 {
629 case PUB_KEY_MODULUS:
630 mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
631 break;
632 case PUB_KEY_EXPONENT:
633 mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
634 break;
635 }
636 }
637 success = parser->success(parser);
638 free(blob.ptr);
639 parser->destroy(parser);
640
641 if (!success)
642 {
643 destroy(this);
644 return NULL;
645 }
646
647 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
648
649 if (!gmp_rsa_public_key_build_id(this->n, this->e,
650 &this->keyid, &this->keyid_info))
651 {
652 destroy(this);
653 return NULL;
654 }
655 return &this->public;
656 }
657
658 /**
659 * Load a public key from an OpenPGP blob
660 */
661 static gmp_rsa_public_key_t* load_pgp(chunk_t blob)
662 {
663 int objectID;
664 chunk_t packet = blob;
665 private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
666
667 mpz_init(this->n);
668 mpz_init(this->e);
669
670 for (objectID = PUB_KEY_MODULUS; objectID <= PUB_KEY_EXPONENT; objectID++)
671 {
672 chunk_t object;
673
674 DBG2("L3 - %s:", pubkeyObjects[objectID].name);
675 object.len = pgp_length(&packet, 2);
676
677 if (object.len == PGP_INVALID_LENGTH)
678 {
679 DBG1("OpenPGP length is invalid");
680 goto end;
681 }
682 object.len = (object.len + 7) / BITS_PER_BYTE;
683 if (object.len > packet.len)
684 {
685 DBG1("OpenPGP field is too short");
686 goto end;
687 }
688 object.ptr = packet.ptr;
689 packet.ptr += object.len;
690 packet.len -= object.len;
691 DBG4("%B", &object);
692
693 switch (objectID)
694 {
695 case PUB_KEY_MODULUS:
696 mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
697 break;
698 case PUB_KEY_EXPONENT:
699 mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
700 break;
701 }
702 }
703
704 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
705 free(blob.ptr);
706
707 if (!gmp_rsa_public_key_build_id(this->n, this->e,
708 &this->keyid, &this->keyid_info))
709 {
710 destroy(this);
711 return NULL;
712 }
713 return &this->public;
714
715 end:
716 free(blob.ptr);
717 destroy(this);
718 return NULL;
719 }
720
721 /**
722 * Load a public key from an RFC 3110 encoded blob
723 */
724 static gmp_rsa_public_key_t *load_rfc_3110(chunk_t blob)
725 {
726 chunk_t exponent, modulus;
727 u_char *pos = blob.ptr;
728 size_t len = blob.len;
729 private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
730
731 mpz_init(this->n);
732 mpz_init(this->e);
733
734 if (blob.len < 3)
735 {
736 DBG1("RFC 3110 public key blob too short for exponent length");
737 goto end;
738 }
739 if (pos[0] != 0x00)
740 {
741 exponent = chunk_create(pos + 1, pos[0]);
742 pos++;
743 len--;
744 }
745 else
746 {
747 exponent = chunk_create(pos + 3, 256*pos[1] + pos[2]);
748 pos += 3;
749 len -= 3;
750 }
751 if (exponent.len > len)
752 {
753 DBG1("RFC 3110 public key blob too short for exponent");
754 goto end;
755 }
756 pos += exponent.len;
757 len -= exponent.len;
758
759 if (len == 0)
760 {
761 DBG1("RFC 3110 public key blob has zero length modulus");
762 goto end;
763 }
764 modulus = chunk_create(pos, len);
765
766 mpz_import(this->n, modulus.len, 1, 1, 1, 0, modulus.ptr);
767 mpz_import(this->e, exponent.len, 1, 1, 1, 0, exponent.ptr);
768 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
769 free(blob.ptr);
770
771 if (!gmp_rsa_public_key_build_id(this->n, this->e,
772 &this->keyid, &this->keyid_info))
773 {
774 destroy(this);
775 return NULL;
776 }
777 return &this->public;
778
779 end:
780 free(blob.ptr);
781 destroy(this);
782 return NULL;
783 }
784
785 typedef struct private_builder_t private_builder_t;
786 /**
787 * Builder implementation for key loading
788 */
789 struct private_builder_t {
790 /** implements the builder interface */
791 builder_t public;
792 /** loaded public key */
793 gmp_rsa_public_key_t *key;
794 };
795
796 /**
797 * Implementation of builder_t.build
798 */
799 static gmp_rsa_public_key_t *build(private_builder_t *this)
800 {
801 gmp_rsa_public_key_t *key = this->key;
802
803 free(this);
804 return key;
805 }
806
807 /**
808 * Implementation of builder_t.add
809 */
810 static void add(private_builder_t *this, builder_part_t part, ...)
811 {
812 if (!this->key)
813 {
814 va_list args;
815 chunk_t chunk;
816
817 switch (part)
818 {
819 case BUILD_BLOB_ASN1_DER:
820 {
821 va_start(args, part);
822 chunk = va_arg(args, chunk_t);
823 this->key = load_asn1_der(chunk_clone(chunk));
824 va_end(args);
825 return;
826 }
827 case BUILD_BLOB_PGP:
828 {
829 va_start(args, part);
830 chunk = va_arg(args, chunk_t);
831 this->key = load_pgp(chunk_clone(chunk));
832 va_end(args);
833 return;
834 }
835 case BUILD_BLOB_RFC_3110:
836 {
837 va_start(args, part);
838 chunk = va_arg(args, chunk_t);
839 this->key = load_rfc_3110(chunk_clone(chunk));
840 va_end(args);
841 return;
842 }
843 default:
844 break;
845 }
846 }
847 if (this->key)
848 {
849 destroy((private_gmp_rsa_public_key_t*)this->key);
850 }
851 builder_cancel(&this->public);
852 }
853
854 /**
855 * Builder construction function
856 */
857 builder_t *gmp_rsa_public_key_builder(key_type_t type)
858 {
859 private_builder_t *this;
860
861 if (type != KEY_RSA)
862 {
863 return NULL;
864 }
865
866 this = malloc_thing(private_builder_t);
867
868 this->key = NULL;
869 this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
870 this->public.build = (void*(*)(builder_t *this))build;
871
872 return &this->public;
873 }
874