support of SHA224-based certificate signatures
[strongswan.git] / src / libstrongswan / plugins / gmp / gmp_rsa_public_key.c
1 /*
2 * Copyright (C) 2005-2008 Martin Willi
3 * Copyright (C) 2005 Jan Hutter
4 * Hochschule fuer Technik Rapperswil
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include <gmp.h>
18 #include <sys/stat.h>
19 #include <unistd.h>
20 #include <stdio.h>
21 #include <string.h>
22
23 #include "gmp_rsa_public_key.h"
24
25 #include <debug.h>
26 #include <asn1/oid.h>
27 #include <asn1/asn1.h>
28 #include <asn1/asn1_parser.h>
29 #include <asn1/pem.h>
30 #include <crypto/hashers/hasher.h>
31 #include <pgp/pgp.h>
32
33 typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t;
34
35 /**
36 * Private data structure with signing context.
37 */
38 struct private_gmp_rsa_public_key_t {
39 /**
40 * Public interface for this signer.
41 */
42 gmp_rsa_public_key_t public;
43
44 /**
45 * Public modulus.
46 */
47 mpz_t n;
48
49 /**
50 * Public exponent.
51 */
52 mpz_t e;
53
54 /**
55 * Keysize in bytes.
56 */
57 size_t k;
58
59 /**
60 * Keyid formed as a SHA-1 hash of a publicKeyInfo object
61 */
62 identification_t *keyid_info;
63
64 /**
65 * Keyid formed as a SHA-1 hash of a publicKey object
66 */
67 identification_t *keyid;
68
69 /**
70 * reference counter
71 */
72 refcount_t ref;
73 };
74
75 /**
76 * Shared functions defined in gmp_rsa_private_key.c
77 */
78 extern chunk_t gmp_mpz_to_chunk(const mpz_t value);
79 extern chunk_t gmp_mpz_to_asn1(const mpz_t value);
80
81 /**
82 * RSAEP algorithm specified in PKCS#1.
83 */
84 static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data)
85 {
86 mpz_t m, c;
87 chunk_t encrypted;
88
89 mpz_init(c);
90 mpz_init(m);
91
92 mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
93
94 mpz_powm(c, m, this->e, this->n);
95
96 encrypted.len = this->k;
97 encrypted.ptr = mpz_export(NULL, NULL, 1, encrypted.len, 1, 0, c);
98 if (encrypted.ptr == NULL)
99 {
100 encrypted.len = 0;
101 }
102
103 mpz_clear(c);
104 mpz_clear(m);
105
106 return encrypted;
107 }
108
109 /**
110 * RSAVP1 algorithm specified in PKCS#1.
111 */
112 static chunk_t rsavp1(private_gmp_rsa_public_key_t *this, chunk_t data)
113 {
114 return rsaep(this, data);
115 }
116
117 /**
118 * ASN.1 definition of digestInfo
119 */
120 static const asn1Object_t digestInfoObjects[] = {
121 { 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
122 { 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
123 { 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */
124 { 0, "exit", ASN1_EOC, ASN1_EXIT }
125 };
126 #define DIGEST_INFO 0
127 #define DIGEST_INFO_ALGORITHM 1
128 #define DIGEST_INFO_DIGEST 2
129
130 /**
131 * Verification of an EMPSA PKCS1 signature described in PKCS#1
132 */
133 static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
134 hash_algorithm_t algorithm,
135 chunk_t data, chunk_t signature)
136 {
137 chunk_t em_ori, em;
138 bool success = FALSE;
139
140 /* remove any preceding 0-bytes from signature */
141 while (signature.len && *(signature.ptr) == 0x00)
142 {
143 signature = chunk_skip(signature, 1);
144 }
145
146 if (signature.len == 0 || signature.len > this->k)
147 {
148 return INVALID_ARG;
149 }
150
151 /* unpack signature */
152 em_ori = em = rsavp1(this, signature);
153
154 /* result should look like this:
155 * EM = 0x00 || 0x01 || PS || 0x00 || T.
156 * PS = 0xFF padding, with length to fill em
157 * T = oid || hash
158 */
159
160 /* check magic bytes */
161 if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
162 {
163 goto end;
164 }
165 em = chunk_skip(em, 2);
166
167 /* find magic 0x00 */
168 while (em.len > 0)
169 {
170 if (*em.ptr == 0x00)
171 {
172 /* found magic byte, stop */
173 em = chunk_skip(em, 1);
174 break;
175 }
176 else if (*em.ptr != 0xFF)
177 {
178 /* bad padding, decryption failed ?!*/
179 goto end;
180 }
181 em = chunk_skip(em, 1);
182 }
183
184 if (em.len == 0)
185 {
186 /* no digestInfo found */
187 goto end;
188 }
189
190 if (algorithm == HASH_UNKNOWN)
191 { /* IKEv1 signatures without digestInfo */
192 if (em.len != data.len)
193 {
194 DBG1("hash size in signature is %u bytes instead of %u bytes",
195 em.len, data.len);
196 goto end;
197 }
198 success = memeq(em.ptr, data.ptr, data.len);
199 }
200 else
201 { /* IKEv2 and X.509 certificate signatures */
202 asn1_parser_t *parser;
203 chunk_t object;
204 int objectID;
205 hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
206
207 DBG2("signature verification:");
208 parser = asn1_parser_create(digestInfoObjects, em);
209
210 while (parser->iterate(parser, &objectID, &object))
211 {
212 switch (objectID)
213 {
214 case DIGEST_INFO:
215 {
216 if (em.len > object.len)
217 {
218 DBG1("digestInfo field in signature is followed by %u surplus bytes",
219 em.len - object.len);
220 goto end_parser;
221 }
222 break;
223 }
224 case DIGEST_INFO_ALGORITHM:
225 {
226 int hash_oid = asn1_parse_algorithmIdentifier(object,
227 parser->get_level(parser)+1, NULL);
228
229 hash_algorithm = hasher_algorithm_from_oid(hash_oid);
230 if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm)
231 {
232 DBG1("expected hash algorithm %N, but found %N (OID: %#B)",
233 hash_algorithm_names, algorithm,
234 hash_algorithm_names, hash_algorithm, &object);
235 goto end_parser;
236 }
237 break;
238 }
239 case DIGEST_INFO_DIGEST:
240 {
241 chunk_t hash;
242 hasher_t *hasher;
243
244 hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
245 if (hasher == NULL)
246 {
247 DBG1("hash algorithm %N not supported",
248 hash_algorithm_names, hash_algorithm);
249 goto end_parser;
250 }
251
252 if (object.len != hasher->get_hash_size(hasher))
253 {
254 DBG1("hash size in signature is %u bytes instead of %u "
255 "bytes", object.len, hasher->get_hash_size(hasher));
256 hasher->destroy(hasher);
257 goto end_parser;
258 }
259
260 /* build our own hash and compare */
261 hasher->allocate_hash(hasher, data, &hash);
262 hasher->destroy(hasher);
263 success = memeq(object.ptr, hash.ptr, hash.len);
264 free(hash.ptr);
265 break;
266 }
267 default:
268 break;
269 }
270 }
271
272 end_parser:
273 success &= parser->success(parser);
274 parser->destroy(parser);
275 }
276
277 end:
278 free(em_ori.ptr);
279 return success;
280 }
281
282 /**
283 * Implementation of public_key_t.get_type.
284 */
285 static key_type_t get_type(private_gmp_rsa_public_key_t *this)
286 {
287 return KEY_RSA;
288 }
289
290 /**
291 * Implementation of public_key_t.verify.
292 */
293 static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme,
294 chunk_t data, chunk_t signature)
295 {
296 switch (scheme)
297 {
298 case SIGN_RSA_EMSA_PKCS1_NULL:
299 return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
300 case SIGN_RSA_EMSA_PKCS1_MD5:
301 return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
302 case SIGN_RSA_EMSA_PKCS1_SHA1:
303 return verify_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
304 case SIGN_RSA_EMSA_PKCS1_SHA224:
305 return verify_emsa_pkcs1_signature(this, HASH_SHA224, data, signature);
306 case SIGN_RSA_EMSA_PKCS1_SHA256:
307 return verify_emsa_pkcs1_signature(this, HASH_SHA256, data, signature);
308 case SIGN_RSA_EMSA_PKCS1_SHA384:
309 return verify_emsa_pkcs1_signature(this, HASH_SHA384, data, signature);
310 case SIGN_RSA_EMSA_PKCS1_SHA512:
311 return verify_emsa_pkcs1_signature(this, HASH_SHA512, data, signature);
312 default:
313 DBG1("signature scheme %N not supported in RSA",
314 signature_scheme_names, scheme);
315 return FALSE;
316 }
317 }
318
319 #define MIN_PS_PADDING 8
320
321 /**
322 * Implementation of public_key_t.encrypt.
323 */
324 static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
325 chunk_t *crypto)
326 {
327 chunk_t em;
328 u_char *pos;
329 int padding, i;
330 rng_t *rng;
331
332 rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
333 if (rng == NULL)
334 {
335 DBG1("no random generator available");
336 return FALSE;
337 }
338
339 /* number of pseudo-random padding octets */
340 padding = this->k - plain.len - 3;
341 if (padding < MIN_PS_PADDING)
342 {
343 DBG1("pseudo-random padding must be at least %d octets", MIN_PS_PADDING);
344 return FALSE;
345 }
346
347 /* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */
348 DBG2("padding %u bytes of data to the rsa modulus size of %u bytes",
349 plain.len, this->k);
350 em.len = this->k;
351 em.ptr = malloc(em.len);
352 pos = em.ptr;
353 *pos++ = 0x00;
354 *pos++ = 0x02;
355
356 /* fill with pseudo random octets */
357 rng->get_bytes(rng, padding, pos);
358
359 /* replace zero-valued random octets */
360 for (i = 0; i < padding; i++)
361 {
362 while (*pos == 0)
363 {
364 rng->get_bytes(rng, 1, pos);
365 }
366 pos++;
367 }
368 rng->destroy(rng);
369
370 /* append the padding terminator */
371 *pos++ = 0x00;
372
373 /* now add the data */
374 memcpy(pos, plain.ptr, plain.len);
375 DBG3("padded data before rsa encryption: %B", &em);
376
377 /* rsa encryption using PKCS#1 RSAEP */
378 *crypto = rsaep(this, em);
379 DBG3("rsa encrypted data: %B", crypto);
380 chunk_clear(&em);
381 return TRUE;
382 }
383
384 /**
385 * Implementation of gmp_rsa_public_key.equals.
386 */
387 static bool equals(private_gmp_rsa_public_key_t *this, public_key_t *other)
388 {
389 identification_t *keyid;
390
391 if (&this->public.interface == other)
392 {
393 return TRUE;
394 }
395 if (other->get_type(other) != KEY_RSA)
396 {
397 return FALSE;
398 }
399 keyid = other->get_id(other, ID_PUBKEY_SHA1);
400 if (keyid && keyid->equals(keyid, this->keyid))
401 {
402 return TRUE;
403 }
404 keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
405 if (keyid && keyid->equals(keyid, this->keyid_info))
406 {
407 return TRUE;
408 }
409 return FALSE;
410 }
411
412 /**
413 * Implementation of public_key_t.get_keysize.
414 */
415 static size_t get_keysize(private_gmp_rsa_public_key_t *this)
416 {
417 return this->k;
418 }
419
420 /**
421 * Build the PGP version 3 RSA key identifier from n and e using
422 * MD5 hashed modulus and exponent.
423 */
424 static identification_t* gmp_rsa_build_pgp_v3_keyid(mpz_t n, mpz_t e)
425 {
426 identification_t *keyid;
427 chunk_t modulus, mod, exponent, exp, hash;
428 hasher_t *hasher;
429
430 hasher= lib->crypto->create_hasher(lib->crypto, HASH_MD5);
431 if (hasher == NULL)
432 {
433 DBG1("computation of PGP V3 keyid failed, no MD5 hasher is available");
434 return NULL;
435 }
436 mod = modulus = gmp_mpz_to_chunk(n);
437 exp = exponent = gmp_mpz_to_chunk(e);
438
439 /* remove leading zero bytes before hashing modulus and exponent */
440 while (mod.len > 0 && *mod.ptr == 0x00)
441 {
442 mod.ptr++;
443 mod.len--;
444 }
445 while (exp.len > 0 && *exp.ptr == 0x00)
446 {
447 exp.ptr++;
448 exp.len--;
449 }
450 hasher->allocate_hash(hasher, mod, NULL);
451 hasher->allocate_hash(hasher, exp, &hash);
452 hasher->destroy(hasher);
453 keyid = identification_create_from_encoding(ID_KEY_ID, hash);
454 free(hash.ptr);
455 free(modulus.ptr);
456 free(exponent.ptr);
457 return keyid;
458 }
459
460 /**
461 * Implementation of public_key_t.get_id.
462 */
463 static identification_t *get_id(private_gmp_rsa_public_key_t *this,
464 id_type_t type)
465 {
466 switch (type)
467 {
468 case ID_PUBKEY_INFO_SHA1:
469 return this->keyid_info;
470 case ID_PUBKEY_SHA1:
471 return this->keyid;
472 case ID_KEY_ID:
473 return gmp_rsa_build_pgp_v3_keyid(this->n, this->e);
474 default:
475 return NULL;
476 }
477 }
478
479 /*
480 * Implementation of public_key_t.get_encoding.
481 */
482 static chunk_t get_encoding(private_gmp_rsa_public_key_t *this)
483 {
484 return asn1_wrap(ASN1_SEQUENCE, "mm",
485 gmp_mpz_to_asn1(this->n),
486 gmp_mpz_to_asn1(this->e));
487 }
488
489 /**
490 * Implementation of public_key_t.get_ref.
491 */
492 static private_gmp_rsa_public_key_t* get_ref(private_gmp_rsa_public_key_t *this)
493 {
494 ref_get(&this->ref);
495 return this;
496 }
497
498 /**
499 * Implementation of gmp_rsa_public_key.destroy.
500 */
501 static void destroy(private_gmp_rsa_public_key_t *this)
502 {
503 if (ref_put(&this->ref))
504 {
505 mpz_clear(this->n);
506 mpz_clear(this->e);
507 DESTROY_IF(this->keyid);
508 DESTROY_IF(this->keyid_info);
509 free(this);
510 }
511 }
512
513 /**
514 * Generic private constructor
515 */
516 static private_gmp_rsa_public_key_t *gmp_rsa_public_key_create_empty()
517 {
518 private_gmp_rsa_public_key_t *this = malloc_thing(private_gmp_rsa_public_key_t);
519
520 this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type;
521 this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify;
522 this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_;
523 this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals;
524 this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize;
525 this->public.interface.get_id = (identification_t* (*) (public_key_t*, id_type_t))get_id;
526 this->public.interface.get_encoding = (chunk_t(*) (public_key_t*))get_encoding;
527 this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref;
528 this->public.interface.destroy = (void (*) (public_key_t *this))destroy;
529
530 this->keyid = NULL;
531 this->keyid_info = NULL;
532 this->ref = 1;
533
534 return this;
535 }
536
537 /**
538 * Build the RSA key identifier from n and e using SHA1 hashed publicKey(Info).
539 * Also used in rsa_private_key.c.
540 */
541 bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid,
542 identification_t **keyid_info)
543 {
544 chunk_t publicKeyInfo, publicKey, hash;
545 hasher_t *hasher;
546
547 hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
548 if (hasher == NULL)
549 {
550 DBG1("SHA1 hash algorithm not supported, unable to use RSA");
551 return FALSE;
552 }
553 publicKey = asn1_wrap(ASN1_SEQUENCE, "mm",
554 gmp_mpz_to_asn1(n),
555 gmp_mpz_to_asn1(e));
556 hasher->allocate_hash(hasher, publicKey, &hash);
557 *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
558 chunk_free(&hash);
559
560 publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
561 asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
562 asn1_bitstring("m", publicKey));
563 hasher->allocate_hash(hasher, publicKeyInfo, &hash);
564 *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash);
565 chunk_free(&hash);
566
567 hasher->destroy(hasher);
568 chunk_free(&publicKeyInfo);
569
570 return TRUE;
571 }
572
573 /**
574 * Create a public key from mpz values, used in gmp_rsa_private_key
575 */
576 gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e)
577 {
578 private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
579
580 mpz_init_set(this->n, n);
581 mpz_init_set(this->e, e);
582
583 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
584 if (!gmp_rsa_public_key_build_id(this->n, this->e,
585 &this->keyid, &this->keyid_info))
586 {
587 destroy(this);
588 return NULL;
589 }
590 return &this->public;
591 }
592
593 /**
594 * ASN.1 definition of RSApublicKey
595 */
596 static const asn1Object_t pubkeyObjects[] = {
597 { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
598 { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */
599 { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */
600 { 0, "exit", ASN1_EOC, ASN1_EXIT }
601 };
602 #define PUB_KEY_RSA_PUBLIC_KEY 0
603 #define PUB_KEY_MODULUS 1
604 #define PUB_KEY_EXPONENT 2
605
606 /**
607 * Load a public key from an ASN.1 encoded blob
608 */
609 static gmp_rsa_public_key_t *load_asn1_der(chunk_t blob)
610 {
611 asn1_parser_t *parser;
612 chunk_t object;
613 int objectID;
614 bool success = FALSE;
615
616 private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
617
618 mpz_init(this->n);
619 mpz_init(this->e);
620
621 parser = asn1_parser_create(pubkeyObjects, blob);
622
623 while (parser->iterate(parser, &objectID, &object))
624 {
625 switch (objectID)
626 {
627 case PUB_KEY_MODULUS:
628 mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
629 break;
630 case PUB_KEY_EXPONENT:
631 mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
632 break;
633 }
634 }
635 success = parser->success(parser);
636 free(blob.ptr);
637 parser->destroy(parser);
638
639 if (!success)
640 {
641 destroy(this);
642 return NULL;
643 }
644
645 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
646
647 if (!gmp_rsa_public_key_build_id(this->n, this->e,
648 &this->keyid, &this->keyid_info))
649 {
650 destroy(this);
651 return NULL;
652 }
653 return &this->public;
654 }
655
656 /**
657 * Load a public key from an OpenPGP blob
658 */
659 static gmp_rsa_public_key_t* load_pgp(chunk_t blob)
660 {
661 int objectID;
662 chunk_t packet = blob;
663 private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
664
665 mpz_init(this->n);
666 mpz_init(this->e);
667
668 for (objectID = PUB_KEY_MODULUS; objectID <= PUB_KEY_EXPONENT; objectID++)
669 {
670 chunk_t object;
671
672 DBG2("L3 - %s:", pubkeyObjects[objectID].name);
673 object.len = pgp_length(&packet, 2);
674
675 if (object.len == PGP_INVALID_LENGTH)
676 {
677 DBG1("OpenPGP length is invalid");
678 goto end;
679 }
680 object.len = (object.len + 7) / BITS_PER_BYTE;
681 if (object.len > packet.len)
682 {
683 DBG1("OpenPGP field is too short");
684 goto end;
685 }
686 object.ptr = packet.ptr;
687 packet.ptr += object.len;
688 packet.len -= object.len;
689 DBG4("%B", &object);
690
691 switch (objectID)
692 {
693 case PUB_KEY_MODULUS:
694 mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
695 break;
696 case PUB_KEY_EXPONENT:
697 mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
698 break;
699 }
700 }
701
702 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
703 free(blob.ptr);
704
705 if (!gmp_rsa_public_key_build_id(this->n, this->e,
706 &this->keyid, &this->keyid_info))
707 {
708 destroy(this);
709 return NULL;
710 }
711 return &this->public;
712
713 end:
714 free(blob.ptr);
715 destroy(this);
716 return NULL;
717 }
718
719 /**
720 * Load a public key from an RFC 3110 encoded blob
721 */
722 static gmp_rsa_public_key_t *load_rfc_3110(chunk_t blob)
723 {
724 chunk_t exponent, modulus;
725 u_char *pos = blob.ptr;
726 size_t len = blob.len;
727 private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
728
729 mpz_init(this->n);
730 mpz_init(this->e);
731
732 if (blob.len < 3)
733 {
734 DBG1("RFC 3110 public key blob too short for exponent length");
735 goto end;
736 }
737 if (pos[0] != 0x00)
738 {
739 exponent = chunk_create(pos + 1, pos[0]);
740 pos++;
741 len--;
742 }
743 else
744 {
745 exponent = chunk_create(pos + 3, 256*pos[1] + pos[2]);
746 pos += 3;
747 len -= 3;
748 }
749 if (exponent.len > len)
750 {
751 DBG1("RFC 3110 public key blob too short for exponent");
752 goto end;
753 }
754 pos += exponent.len;
755 len -= exponent.len;
756
757 if (len == 0)
758 {
759 DBG1("RFC 3110 public key blob has zero length modulus");
760 goto end;
761 }
762 modulus = chunk_create(pos, len);
763
764 mpz_import(this->n, modulus.len, 1, 1, 1, 0, modulus.ptr);
765 mpz_import(this->e, exponent.len, 1, 1, 1, 0, exponent.ptr);
766 this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
767 free(blob.ptr);
768
769 if (!gmp_rsa_public_key_build_id(this->n, this->e,
770 &this->keyid, &this->keyid_info))
771 {
772 destroy(this);
773 return NULL;
774 }
775 return &this->public;
776
777 end:
778 free(blob.ptr);
779 destroy(this);
780 return NULL;
781 }
782
783 typedef struct private_builder_t private_builder_t;
784 /**
785 * Builder implementation for key loading
786 */
787 struct private_builder_t {
788 /** implements the builder interface */
789 builder_t public;
790 /** loaded public key */
791 gmp_rsa_public_key_t *key;
792 };
793
794 /**
795 * Implementation of builder_t.build
796 */
797 static gmp_rsa_public_key_t *build(private_builder_t *this)
798 {
799 gmp_rsa_public_key_t *key = this->key;
800
801 free(this);
802 return key;
803 }
804
805 /**
806 * Implementation of builder_t.add
807 */
808 static void add(private_builder_t *this, builder_part_t part, ...)
809 {
810 if (!this->key)
811 {
812 va_list args;
813 chunk_t chunk;
814
815 switch (part)
816 {
817 case BUILD_BLOB_ASN1_DER:
818 {
819 va_start(args, part);
820 chunk = va_arg(args, chunk_t);
821 this->key = load_asn1_der(chunk_clone(chunk));
822 va_end(args);
823 return;
824 }
825 case BUILD_BLOB_PGP:
826 {
827 va_start(args, part);
828 chunk = va_arg(args, chunk_t);
829 this->key = load_pgp(chunk_clone(chunk));
830 va_end(args);
831 return;
832 }
833 case BUILD_BLOB_RFC_3110:
834 {
835 va_start(args, part);
836 chunk = va_arg(args, chunk_t);
837 this->key = load_rfc_3110(chunk_clone(chunk));
838 va_end(args);
839 return;
840 }
841 default:
842 break;
843 }
844 }
845 if (this->key)
846 {
847 destroy((private_gmp_rsa_public_key_t*)this->key);
848 }
849 builder_cancel(&this->public);
850 }
851
852 /**
853 * Builder construction function
854 */
855 builder_t *gmp_rsa_public_key_builder(key_type_t type)
856 {
857 private_builder_t *this;
858
859 if (type != KEY_RSA)
860 {
861 return NULL;
862 }
863
864 this = malloc_thing(private_builder_t);
865
866 this->key = NULL;
867 this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
868 this->public.build = (void*(*)(builder_t *this))build;
869
870 return &this->public;
871 }
872