- starter work on asn1 with der de/encoder
authorMartin Willi <martin@strongswan.org>
Fri, 24 Mar 2006 15:37:49 +0000 (15:37 -0000)
committerMartin Willi <martin@strongswan.org>
Fri, 24 Mar 2006 15:37:49 +0000 (15:37 -0000)
- RSA private and public key can load read key from ASN1 DER
- some other fixes here and there

35 files changed:
Source/charon/Makefile
Source/charon/asn1/Makefile.asn1 [new file with mode: 0644]
Source/charon/asn1/asn1.c [new file with mode: 0644]
Source/charon/asn1/asn1.h [new file with mode: 0644]
Source/charon/asn1/der_decoder.c [new file with mode: 0644]
Source/charon/asn1/der_decoder.h [new file with mode: 0644]
Source/charon/asn1/der_encoder.c [new file with mode: 0644]
Source/charon/asn1/der_encoder.h [new file with mode: 0644]
Source/charon/sa/authenticator.c
Source/charon/sa/ike_sa.c
Source/charon/sa/ike_sa.h
Source/charon/sa/states/ike_auth_requested.c
Source/charon/sa/states/ike_sa_established.c
Source/charon/sa/states/ike_sa_init_requested.c
Source/charon/sa/states/ike_sa_init_responded.c
Source/charon/sa/states/initiator_init.c
Source/charon/sa/states/responder_init.c
Source/charon/testcases/Makefile.testcases
Source/charon/testcases/child_sa_test.c
Source/charon/testcases/connection_test.c
Source/charon/testcases/der_decoder_test.c [new file with mode: 0644]
Source/charon/testcases/der_decoder_test.h [new file with mode: 0644]
Source/charon/testcases/generator_test.c
Source/charon/testcases/hmac_signer_test.c
Source/charon/testcases/parser_test.c
Source/charon/testcases/policy_test.c
Source/charon/testcases/proposal_test.c
Source/charon/testcases/rsa_test.c
Source/charon/testcases/testcases.c
Source/charon/transforms/certificate.c [new file with mode: 0755]
Source/charon/transforms/certificate.h [new file with mode: 0755]
Source/charon/transforms/rsa/rsa_private_key.c
Source/charon/transforms/rsa/rsa_public_key.c
Source/charon/utils/logger_manager.c
Source/charon/utils/logger_manager.h

index 601d527..5154d02 100644 (file)
@@ -52,6 +52,7 @@ include $(MAIN_DIR)sa/Makefile.sa
 include $(MAIN_DIR)threads/Makefile.threads
 include $(MAIN_DIR)transforms/Makefile.transforms
 include $(MAIN_DIR)utils/Makefile.utils        
+include $(MAIN_DIR)asn1/Makefile.asn1  
 
 
 build_dir:
diff --git a/Source/charon/asn1/Makefile.asn1 b/Source/charon/asn1/Makefile.asn1
new file mode 100644 (file)
index 0000000..4aaedf4
--- /dev/null
@@ -0,0 +1,24 @@
+# Copyright (C) 2005 Jan Hutter, Martin Willi
+# Hochschule fuer Technik Rapperswil
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+#
+
+ASN1_DIR= $(MAIN_DIR)asn1/
+
+
+OBJS+= $(BUILD_DIR)asn1.o
+$(BUILD_DIR)asn1.o :                                           $(ASN1_DIR)asn1.c $(ASN1_DIR)asn1.h
+                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
+                                                                                       
+OBJS+= $(BUILD_DIR)der_decoder.o
+$(BUILD_DIR)der_decoder.o :                                    $(ASN1_DIR)der_decoder.c $(ASN1_DIR)der_decoder.h
+                                                                                       $(CC) $(CFLAGS) -c -o $@ $<
\ No newline at end of file
diff --git a/Source/charon/asn1/asn1.c b/Source/charon/asn1/asn1.c
new file mode 100644 (file)
index 0000000..cbd030b
--- /dev/null
@@ -0,0 +1,60 @@
+
+
+
+
+
+
+#include "asn1.h"
+
+
+
+
+
+mapping_t asn1_type_m[] = {
+       {ASN1_END, "ASN1_END"},
+       {ASN1_BOOLEAN, "ASN1_BOOLEAN"},
+       {ASN1_INTEGER, "ASN1_INTEGER"},
+       {ASN1_BIT_STRING, "ASN1_BIT_STRING"},
+       {ASN1_OCTET_STRING, "ASN1_OCTET_STRING"},
+       {ASN1_NULL, "ASN1_NULL"},
+       {ASN1_OID, "ASN1_OID"},
+       {ASN1_ENUMERATED, "ASN1_ENUMERATED"},
+       {ASN1_UTF8STRING, "ASN1_UTF8STRING"},
+       {ASN1_NUMERICSTRING, "ASN1_NUMERICSTRING"},
+       {ASN1_PRINTABLESTRING, "ASN1_PRINTABLESTRING"},
+       {ASN1_T61STRING, "ASN1_T61STRING"},
+       {ASN1_VIDEOTEXSTRING, "ASN1_VIDEOTEXSTRING"},
+       {ASN1_IA5STRING, "ASN1_IA5STRING"},
+       {ASN1_UTCTIME, "ASN1_UTCTIME"},
+       {ASN1_GENERALIZEDTIME, "ASN1_GENERALIZEDTIME"},
+       {ASN1_GRAPHICSTRING, "ASN1_GRAPHICSTRING"},
+       {ASN1_VISIBLESTRING, "ASN1_VISIBLESTRING"},
+       {ASN1_GENERALSTRING, "ASN1_GENERALSTRING"},
+       {ASN1_UNIVERSALSTRING, "ASN1_UNIVERSALSTRING"},
+       {ASN1_BMPSTRING, "ASN1_BMPSTRING"},
+       {ASN1_CONSTRUCTED, "ASN1_CONSTRUCTED"},
+       {ASN1_SEQUENCE, "ASN1_SEQUENCE"},
+       {ASN1_SET, "ASN1_SET"},
+       {ASN1_TAG_E_0, "ASN1_TAG_E_0"},
+       {ASN1_TAG_E_1, "ASN1_TAG_E_1"},
+       {ASN1_TAG_E_2, "ASN1_TAG_E_2"},
+       {ASN1_TAG_E_3, "ASN1_TAG_E_3"},
+       {ASN1_TAG_E_4, "ASN1_TAG_E_4"},
+       {ASN1_TAG_E_5, "ASN1_TAG_E_5"},
+       {ASN1_TAG_E_6, "ASN1_TAG_E_6"},
+       {ASN1_TAG_E_7, "ASN1_TAG_E_7"},
+       {ASN1_TAG_I_1, "ASN1_TAG_I_1"},
+       {ASN1_TAG_I_2, "ASN1_TAG_I_2"},
+       {ASN1_TAG_I_3, "ASN1_TAG_I_3"},
+       {ASN1_TAG_I_4, "ASN1_TAG_I_4"},
+       {ASN1_TAG_I_5, "ASN1_TAG_I_5"},
+       {ASN1_TAG_I_6, "ASN1_TAG_I_6"},
+       {ASN1_TAG_I_7, "ASN1_TAG_I_7"},
+};
+
+mapping_t asn1_flag_m[] = {
+       {ASN1_OPTIONAL, "ASN1_OPTIONAL"},
+       {ASN1_DEFAULT, "ASN1_DEFAULT"},
+       {ASN1_MPZ, "ASN1_MPZ"},
+       {ASN1_OF, "ASN1_OF"},
+};
diff --git a/Source/charon/asn1/asn1.h b/Source/charon/asn1/asn1.h
new file mode 100644 (file)
index 0000000..a828034
--- /dev/null
@@ -0,0 +1,116 @@
+/**
+ * @file asn1.h
+ *
+ * @brief Definition of asn1_type_t and asn1_rule_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef ASN1_H_
+#define ASN1_H_
+
+#include <types.h>
+
+typedef enum asn1_type_t asn1_type_t;
+
+enum asn1_type_t {
+       ASN1_END = 0x00,
+       ASN1_BOOLEAN = 0x01,
+       ASN1_INTEGER = 0x02,
+       ASN1_BIT_STRING = 0x03,
+       ASN1_OCTET_STRING = 0x04,
+       ASN1_NULL = 0x05,
+       ASN1_OID = 0x06,
+       ASN1_ENUMERATED = 0x0A,
+       ASN1_UTF8STRING = 0x0C,
+       ASN1_NUMERICSTRING = 0x12,
+       ASN1_PRINTABLESTRING = 0x13,
+       ASN1_T61STRING = 0x14,
+       ASN1_VIDEOTEXSTRING = 0x15,
+       ASN1_IA5STRING = 0x16,
+       ASN1_UTCTIME = 0x17,
+       ASN1_GENERALIZEDTIME = 0x18,
+       ASN1_GRAPHICSTRING = 0x19,
+       ASN1_VISIBLESTRING = 0x1A,
+       ASN1_GENERALSTRING = 0x1B,
+       ASN1_UNIVERSALSTRING = 0x1C,
+       ASN1_BMPSTRING = 0x1E,
+       ASN1_CONSTRUCTED = 0x20,
+       ASN1_SEQUENCE = 0x30,
+       ASN1_SET = 0x31,
+       ASN1_TAG_E_0 = 0xA0,
+       ASN1_TAG_E_1 = 0xA1,
+       ASN1_TAG_E_2 = 0xA2,
+       ASN1_TAG_E_3 = 0xA3,
+       ASN1_TAG_E_4 = 0xA4,
+       ASN1_TAG_E_5 = 0xA5,
+       ASN1_TAG_E_6 = 0xA6,
+       ASN1_TAG_E_7 = 0xA7,
+       ASN1_TAG_I_1 = 0x81,
+       ASN1_TAG_I_2 = 0x82,
+       ASN1_TAG_I_3 = 0x83,
+       ASN1_TAG_I_4 = 0x84,
+       ASN1_TAG_I_5 = 0x85,
+       ASN1_TAG_I_6 = 0x86,
+       ASN1_TAG_I_7 = 0x87,
+};
+
+extern mapping_t asn1_type_m[];
+
+typedef enum asn1_flag_t asn1_flag_t;
+
+enum asn1_flag_t {
+       ASN1_OPTIONAL = 0x01,
+       ASN1_DEFAULT = 0x02,
+       ASN1_MPZ = 0x04,
+       ASN1_OF = 0x08,
+};
+
+extern mapping_t asn1_flag_m[];
+
+
+typedef struct asn1_rule_t asn1_rule_t;
+
+struct asn1_rule_t {
+       /** 
+        * ASN1 type 
+        */
+       asn1_type_t type;
+       /** 
+        * implicit or explicit tag, if any 
+        */
+       asn1_flag_t flags;
+       /** 
+        * offset of data in structure 
+        */
+       u_int data_offset;
+//     union {
+               /** 
+                * offset to a boolean, which says if optional 
+                * data is available at data_offset. Used if
+                * flags & ASN1_OPTIONAL.
+                */
+//             u_int available_offset;
+               /**
+                * default value, used if flags & ASN1_DEFAULT
+                */
+               u_int default_value;
+//     };
+};
+
+
+#endif /* ASN1_H_ */
diff --git a/Source/charon/asn1/der_decoder.c b/Source/charon/asn1/der_decoder.c
new file mode 100644 (file)
index 0000000..59ea4b0
--- /dev/null
@@ -0,0 +1,218 @@
+/**
+ * @file der_decoder.c
+ *
+ * @brief Implementation of der_decoder_t.
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <gmp.h>
+
+#include "der_decoder.h"
+
+#include <utils/allocator.h>
+#include <daemon.h>
+
+
+
+typedef struct private_der_decoder_t private_der_decoder_t;
+
+/**
+ * Private data of a der_decoder_t object.
+ */
+struct private_der_decoder_t {
+       /**
+        * Public interface for this signer.
+        */
+       der_decoder_t public;
+       
+       asn1_rule_t *rule;
+       
+       asn1_rule_t *first_rule;
+       
+       void *output;
+       
+       logger_t *logger;
+};
+
+status_t read_hdr(private_der_decoder_t *this, chunk_t *data);
+
+status_t read_sequence(private_der_decoder_t *this, chunk_t data)
+{
+       while (this->rule->type != ASN1_END)
+       {
+               read_hdr(this, &data);
+       }
+       return SUCCESS;
+}
+
+
+status_t read_int(private_der_decoder_t *this, chunk_t data)
+{
+       this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER", data);
+       u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset);
+       
+       *integ = 0;
+       while (data.len-- > 0)
+       {
+               *integ = 256 * (*integ) + *data.ptr++;
+       }
+       return SUCCESS;
+}
+
+status_t read_mpz(private_der_decoder_t *this, chunk_t data)
+{
+       this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER as mpz", data);
+       mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset);
+       
+       mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr);
+       return SUCCESS;
+}
+
+u_int32_t read_length(chunk_t *data)
+{
+       u_int8_t n;
+       size_t len;
+       
+       /* read first octet of length field */
+       n = *data->ptr++;
+
+       if ((n & 0x80) == 0) 
+       {
+               /* single length octet */
+               return n;
+       }
+       
+       /* composite length, determine number of length octets */
+       n &= 0x7f;
+       
+       if (n > data->len)
+       {
+               /* length longer than available bytes */
+               return -1;
+       }
+       
+       if (n > sizeof(len))
+       {
+               /* larger than size_t can hold */
+               return -1;
+       }
+       
+       len = 0;
+       while (n-- > 0)
+       {
+               len = 256 * len + *data->ptr++;
+       }
+       return len;
+}
+
+status_t read_hdr(private_der_decoder_t *this, chunk_t *data)
+{
+       chunk_t inner;
+       
+       /* advance to the next rule */
+       this->rule++;
+       
+       if (this->rule->type == ASN1_END)
+       {
+               return SUCCESS;
+       }
+       
+       this->logger->log(this->logger, CONTROL|LEVEL2, "reading header of rule %s",
+                                         mapping_find(asn1_type_m, this->rule->type));
+       
+       this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "reading from:", *data);
+       
+       /* read type, advance in data */
+       if (*(data->ptr) != this->rule->type)
+       {
+               this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found (%x)", *data->ptr);
+               return PARSE_ERROR;
+       }
+       data->ptr++; 
+       data->len--;
+       
+       /* read length, advance in data */
+       inner.len = read_length(data);
+       if (inner.len == -1)
+       {
+               this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length");
+               return PARSE_ERROR;
+       }
+       this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d",
+                                         inner.len);
+       inner.ptr = data->ptr;
+       
+       /* advance in data */
+       data->ptr += inner.len;
+       data->len -= inner.len;
+       
+       /* process inner */
+       switch (this->rule->type)
+       {
+               case ASN1_INTEGER:
+                       if (this->rule->flags & ASN1_MPZ)
+                       {
+                               read_mpz(this, inner);
+                       }
+                       else
+                       {
+                               read_int(this, inner);
+                       }
+                       break;
+               case ASN1_SEQUENCE:
+                       read_sequence(this, inner);
+                       break;
+               default:
+                       break;
+       }
+       
+       return SUCCESS;
+}
+
+
+
+status_t decode(private_der_decoder_t *this, chunk_t input, void *output)
+{
+       this->rule = this->first_rule - 1;
+       this->output = output;
+       return read_hdr(this, &input);
+}
+
+/**
+ * Implementation of der_decoder.destroy.
+ */
+static void destroy(private_der_decoder_t *this)
+{
+       allocator_free(this);
+}
+
+/*
+ * Described in header.
+ */
+der_decoder_t *der_decoder_create(asn1_rule_t *rules)
+{
+       private_der_decoder_t *this = allocator_alloc_thing(private_der_decoder_t);
+       
+       /* public functions */
+       this->public.decode = (status_t (*) (der_decoder_t*,chunk_t,void*))decode;
+       this->public.destroy = (void (*) (der_decoder_t*))destroy;
+       
+       this->first_rule = rules;
+       this->logger = charon->logger_manager->get_logger(charon->logger_manager, DER_DECODER);
+       
+       return &(this->public);
+}
diff --git a/Source/charon/asn1/der_decoder.h b/Source/charon/asn1/der_decoder.h
new file mode 100644 (file)
index 0000000..d6ccaf4
--- /dev/null
@@ -0,0 +1,61 @@
+/**
+ * @file der_decoder.h
+ *
+ * @brief Interface of der_decoder_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef DER_DECODER_H_
+#define DER_DECODER_H_
+
+#include <types.h>
+#include <asn1/asn1.h>
+
+typedef struct der_decoder_t der_decoder_t;
+
+/**
+ * @brief Decode der_encoded bytes to usable structures.
+ * 
+ * @b Constructors:
+ *  - der_decoder_create()
+ * 
+ * @ingroup asn1
+ */
+struct der_decoder_t {
+       
+       status_t (*decode) (der_decoder_t *this, chunk_t input, void *output);
+
+       /**
+        * @brief Destroys a der_decoder object.
+        *
+        * @param der_decoder   calling object
+        */
+       void (*destroy) (der_decoder_t *this);
+};
+
+
+/**
+ * @brief Create a der_decoder instance.
+ * 
+ * @return     der_decoder_t object
+ * 
+ * @ingroup ans1
+ */
+der_decoder_t * der_decoder_create(asn1_rule_t* rules);
+
+#endif /* DER_DECODER_H_ */
diff --git a/Source/charon/asn1/der_encoder.c b/Source/charon/asn1/der_encoder.c
new file mode 100644 (file)
index 0000000..669a140
--- /dev/null
@@ -0,0 +1,218 @@
+/**
+ * @file der_encoder.c
+ *
+ * @brief Implementation of der_encoder_t.
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <gmp.h>
+
+#include "der_encoder.h"
+
+#include <utils/allocator.h>
+#include <daemon.h>
+
+
+
+typedef struct private_der_encoder_t private_der_encoder_t;
+
+/**
+ * Private data of a der_encoder_t object.
+ */
+struct private_der_encoder_t {
+       /**
+        * Public interface for this signer.
+        */
+       der_encoder_t public;
+       
+       asn1_rule_t *rule;
+       
+       asn1_rule_t *first_rule;
+       
+       void *output;
+       
+       logger_t *logger;
+};
+
+status_t read_hdr(private_der_encoder_t *this, chunk_t *data);
+
+status_t read_sequence(private_der_encoder_t *this, chunk_t data)
+{
+       while (this->rule->type != ASN1_END)
+       {
+               read_hdr(this, &data);
+       }
+       return SUCCESS;
+}
+
+
+status_t read_int(private_der_encoder_t *this, chunk_t data)
+{
+       this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER", data);
+       u_int *integ = (u_int*)((u_int8_t*)this->output + this->rule->data_offset);
+       
+       *integ = 0;
+       while (data.len-- > 0)
+       {
+               *integ = 256 * (*integ) + *data.ptr++;
+       }
+       return SUCCESS;
+}
+
+status_t read_mpz(private_der_encoder_t *this, chunk_t data)
+{
+       this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "ASN1_INTEGER as mpz", data);
+       mpz_t *mpz = (mpz_t*)((u_int8_t*)this->output + this->rule->data_offset);
+       
+       mpz_import(*mpz, data.len, 1, 1, 1, 0, data.ptr);
+       return SUCCESS;
+}
+
+u_int32_t read_length(chunk_t *data)
+{
+       u_int8_t n;
+       size_t len;
+       
+       /* read first octet of length field */
+       n = *data->ptr++;
+
+       if ((n & 0x80) == 0) 
+       {
+               /* single length octet */
+               return n;
+       }
+       
+       /* composite length, determine number of length octets */
+       n &= 0x7f;
+       
+       if (n > data->len)
+       {
+               /* length longer than available bytes */
+               return -1;
+       }
+       
+       if (n > sizeof(len))
+       {
+               /* larger than size_t can hold */
+               return -1;
+       }
+       
+       len = 0;
+       while (n-- > 0)
+       {
+               len = 256 * len + *data->ptr++;
+       }
+       return len;
+}
+
+status_t read_hdr(private_der_encoder_t *this, chunk_t *data)
+{
+       chunk_t inner;
+       
+       /* advance to the next rule */
+       this->rule++;
+       
+       if (this->rule->type == ASN1_END)
+       {
+               return SUCCESS;
+       }
+       
+       this->logger->log(this->logger, CONTROL|LEVEL2, "reading header of rule %s",
+                                         mapping_find(asn1_type_m, this->rule->type));
+       
+       this->logger->log_chunk(this->logger, CONTROL|LEVEL2, "reading from:", *data);
+       
+       /* read type, advance in data */
+       if (*(data->ptr) != this->rule->type)
+       {
+               this->logger->log(this->logger, CONTROL|LEVEL2, "Bad byte found (%x)", *data->ptr);
+               return PARSE_ERROR;
+       }
+       data->ptr++; 
+       data->len--;
+       
+       /* read length, advance in data */
+       inner.len = read_length(data);
+       if (inner.len == -1)
+       {
+               this->logger->log(this->logger, CONTROL|LEVEL2, "Error reading length");
+               return PARSE_ERROR;
+       }
+       this->logger->log(this->logger, CONTROL|LEVEL2, "Length is %d",
+                                         inner.len);
+       inner.ptr = data->ptr;
+       
+       /* advance in data */
+       data->ptr += inner.len;
+       data->len -= inner.len;
+       
+       /* process inner */
+       switch (this->rule->type)
+       {
+               case ASN1_INTEGER:
+                       if (this->rule->flags & ASN1_MPZ)
+                       {
+                               read_mpz(this, inner);
+                       }
+                       else
+                       {
+                               read_int(this, inner);
+                       }
+                       break;
+               case ASN1_SEQUENCE:
+                       read_sequence(this, inner);
+                       break;
+               default:
+                       break;
+       }
+       
+       return SUCCESS;
+}
+
+
+
+status_t decode(private_der_encoder_t *this, chunk_t input, void *output)
+{
+       this->rule = this->first_rule - 1;
+       this->output = output;
+       return read_hdr(this, &input);
+}
+
+/**
+ * Implementation of der_encoder.destroy.
+ */
+static void destroy(private_der_encoder_t *this)
+{
+       allocator_free(this);
+}
+
+/*
+ * Described in header.
+ */
+der_encoder_t *der_encoder_create(asn1_rule_t *rules)
+{
+       private_der_encoder_t *this = allocator_alloc_thing(private_der_encoder_t);
+       
+       /* public functions */
+       this->public.decode = (status_t (*) (der_encoder_t*,chunk_t,void*))decode;
+       this->public.destroy = (void (*) (der_encoder_t*))destroy;
+       
+       this->first_rule = rules;
+       this->logger = charon->logger_manager->get_logger(charon->logger_manager, DER_DECODER);
+       
+       return &(this->public);
+}
diff --git a/Source/charon/asn1/der_encoder.h b/Source/charon/asn1/der_encoder.h
new file mode 100644 (file)
index 0000000..ee4443e
--- /dev/null
@@ -0,0 +1,60 @@
+/**
+ * @file der_encoder.h
+ *
+ * @brief Interface of der_encoder_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef DER_ENCODER_H_
+#define DER_ENCODER_H_
+
+#include <types.h>
+
+typedef struct der_encoder_t der_encoder_t;
+
+/**
+ * @brief Decode der_encoded bytes to usable structures.
+ * 
+ * @b Constructors:
+ *  - der_encoder_create()
+ * 
+ * @ingroup asn1
+ */
+struct der_encoder_t {
+       
+       status_t encode(der_encoder_t *this, void *input, chunk_t output);
+
+       /**
+        * @brief Destroys a der_encoder object.
+        *
+        * @param der_encoder   calling object
+        */
+       void (*destroy) (der_encoder_t *this);
+};
+
+
+/**
+ * @brief Create a der_encoder instance.
+ * 
+ * @return     der_encoder_t object
+ * 
+ * @ingroup ans1
+ */
+der_encoder_t * der_encoder_create(asn1_rule_t *rules);
+
+#endif /* DER_ENCODER_H_ */
index 92dee5c..2ec1733 100644 (file)
@@ -388,7 +388,7 @@ authenticator_t *authenticator_create(protected_ike_sa_t *ike_sa)
        /* private data */
        this->ike_sa = ike_sa;
        this->prf = this->ike_sa->get_prf(this->ike_sa);
-       this->logger = this->ike_sa->get_logger(this->ike_sa);
+       this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
        
        return &(this->public);
 }
index 622ea34..cbdd22a 100644 (file)
@@ -412,14 +412,6 @@ static void set_new_state (private_ike_sa_t *this, state_t *state)
 }
 
 /**
- * Implementation of protected_ike_sa_t.get_logger.
- */
-static logger_t *get_logger (private_ike_sa_t *this)
-{
-       return this->logger;
-}
-
-/**
  * Implementation of protected_ike_sa_t.get_connection.
  */
 static connection_t *get_connection (private_ike_sa_t *this)
@@ -1050,7 +1042,6 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->protected.get_prf_auth_i = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_i;
        this->protected.get_prf_auth_r = (prf_t *(*) (protected_ike_sa_t *)) get_prf_auth_r;
        this->protected.add_child_sa = (void (*) (protected_ike_sa_t*,child_sa_t*)) add_child_sa;
-       this->protected.get_logger = (logger_t *(*) (protected_ike_sa_t *)) get_logger;
        this->protected.set_connection = (void (*) (protected_ike_sa_t *,connection_t *)) set_connection;
        this->protected.get_connection = (connection_t *(*) (protected_ike_sa_t *)) get_connection;
        this->protected.set_policy = (void (*) (protected_ike_sa_t *,policy_t *)) set_policy;
index 2bf6978..0a26615 100644 (file)
@@ -171,16 +171,6 @@ struct protected_ike_sa_t {
        void (*build_message) (protected_ike_sa_t *this, exchange_type_t type, bool request, message_t **message);
        
        /**
-        * @brief Get the internal stored logger_t object for given ike_sa_t object.
-        * 
-        * @warning Returned logger_t object is original one and managed by this object.
-        * 
-        * @param this                          calling object
-        * @return                                      pointer to the internal stored logger_t object
-        */
-       logger_t *(*get_logger) (protected_ike_sa_t *this);
-       
-       /**
         * @brief Get the internal stored connection_t object.
         * 
         * @param this                          calling object
index eecfaab..16eea7b 100644 (file)
@@ -660,7 +660,7 @@ ike_auth_requested_t *ike_auth_requested_create(protected_ike_sa_t *ike_sa,chunk
        this->received_nonce = received_nonce;
        this->sent_nonce = sent_nonce;
        this->ike_sa_init_reply_data = ike_sa_init_reply_data;
-       this->logger = this->ike_sa->get_logger(this->ike_sa);
+       this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
        this->my_ts = NULL;
        this->other_ts = NULL;
        this->proposal = NULL;
index 37b69c2..f967344 100644 (file)
@@ -22,6 +22,7 @@
  
 #include "ike_sa_established.h"
 
+#include <daemon.h>
 #include <utils/allocator.h>
 #include <encoding/payloads/delete_payload.h>
 
@@ -233,7 +234,7 @@ ike_sa_established_t *ike_sa_established_create(protected_ike_sa_t *ike_sa)
        
        /* private data */
        this->ike_sa = ike_sa;
-       this->logger = ike_sa->get_logger(ike_sa);
+       this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
        
        return &(this->public);
 }
index 904dadf..a5b7fbc 100644 (file)
@@ -748,7 +748,7 @@ ike_sa_init_requested_t *ike_sa_init_requested_create(protected_ike_sa_t *ike_sa
        /* private data */
        this->ike_sa = ike_sa;
        this->received_nonce = CHUNK_INITIALIZER;
-       this->logger = this->ike_sa->get_logger(this->ike_sa);
+       this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
        this->diffie_hellman = diffie_hellman;
        this->proposal = NULL;
        this->sent_nonce = sent_nonce;
index da3b68c..eef8ea3 100644 (file)
@@ -696,7 +696,7 @@ ike_sa_init_responded_t *ike_sa_init_responded_create(protected_ike_sa_t *ike_sa
        this->my_ts = NULL;
        this->other_ts = NULL;
        this->child_sa = NULL;
-       this->logger = this->ike_sa->get_logger(this->ike_sa);
+       this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
        
        return &(this->public);
 }
index e23cd7a..18ffe0e 100644 (file)
@@ -342,7 +342,7 @@ initiator_init_t *initiator_init_create(protected_ike_sa_t *ike_sa)
        
        /* private data */
        this->ike_sa = ike_sa;
-       this->logger = this->ike_sa->get_logger(this->ike_sa);
+       this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
        this->sent_nonce = CHUNK_INITIALIZER;
        this->diffie_hellman = NULL;
 
index a1d951b..2710080 100644 (file)
@@ -553,7 +553,7 @@ responder_init_t *responder_init_create(protected_ike_sa_t *ike_sa)
        
        /* private data */
        this->ike_sa = ike_sa;
-       this->logger = this->ike_sa->get_logger(this->ike_sa);
+       this->logger = charon->logger_manager->get_logger(charon->logger_manager, IKE_SA);
        this->sent_nonce = CHUNK_INITIALIZER;
        this->received_nonce = CHUNK_INITIALIZER;
        this->dh_group_number = MODP_UNDEFINED;
index 366bf74..c3fe498 100644 (file)
@@ -131,4 +131,8 @@ $(BUILD_DIR)kernel_interface_test.o :       $(TESTCASES_DIR)kernel_interface_test.c $(
 TEST_OBJS+= $(BUILD_DIR)child_sa_test.o
 $(BUILD_DIR)child_sa_test.o :          $(TESTCASES_DIR)child_sa_test.c $(TESTCASES_DIR)child_sa_test.h
                                                                        $(CC) $(CFLAGS) -c -o $@ $<
+
+TEST_OBJS+= $(BUILD_DIR)der_decoder_test.o
+$(BUILD_DIR)der_decoder_test.o :       $(TESTCASES_DIR)der_decoder_test.c $(TESTCASES_DIR)der_decoder_test.h
+                                                                       $(CC) $(CFLAGS) -c -o $@ $<
                                                                        
\ No newline at end of file
index 09b49b7..0a3aec9 100644 (file)
@@ -54,10 +54,10 @@ void test_child_sa(protected_tester_t *tester)
        remote_sa = child_sa_create(remote_me, remote_other);
        
        proposal1 = proposal_create(1);
-       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
        
        proposal2 = proposal_create(2);
-       proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
+       proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
        
        list = linked_list_create();
        list->insert_last(list, proposal1);
index 204534b..ae8ed3c 100644 (file)
@@ -41,28 +41,28 @@ void test_connection(protected_tester_t *tester)
        linked_list_t *list;
 
        prop1 = proposal_create(1);
-       prop1->add_algorithm(prop1, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
-       prop1->add_algorithm(prop1, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
-       prop1->add_algorithm(prop1, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 20);
-       prop1->add_algorithm(prop1, IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+       prop1->add_algorithm(prop1, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
+       prop1->add_algorithm(prop1, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       prop1->add_algorithm(prop1, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 20);
+       prop1->add_algorithm(prop1, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
        
        prop2 = proposal_create(2);
-       prop2->add_algorithm(prop2, IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
-       prop2->add_algorithm(prop2, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
-       prop2->add_algorithm(prop2, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
-       prop2->add_algorithm(prop2, IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       prop2->add_algorithm(prop2, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
+       prop2->add_algorithm(prop2, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       prop2->add_algorithm(prop2, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
+       prop2->add_algorithm(prop2, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
        
        prop3 = proposal_create(3);
-       prop3->add_algorithm(prop3, IKE, ENCRYPTION_ALGORITHM, ENCR_DES, 20);
-       prop3->add_algorithm(prop3, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
-       prop3->add_algorithm(prop3, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
-       prop3->add_algorithm(prop3, IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
+       prop3->add_algorithm(prop3, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_DES, 20);
+       prop3->add_algorithm(prop3, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       prop3->add_algorithm(prop3, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 20);
+       prop3->add_algorithm(prop3, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
        
        prop4 = proposal_create(4);
-       prop4->add_algorithm(prop4, IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 20);
-       prop4->add_algorithm(prop4, IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
-       prop4->add_algorithm(prop4, IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_TIGER, 20);
-       prop4->add_algorithm(prop4, IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
+       prop4->add_algorithm(prop4, PROTO_IKE, ENCRYPTION_ALGORITHM, ENCR_3DES, 20);
+       prop4->add_algorithm(prop4, PROTO_IKE, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       prop4->add_algorithm(prop4, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_TIGER, 20);
+       prop4->add_algorithm(prop4, PROTO_IKE, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0);
        
        connection->add_proposal(connection, prop1);
        connection->add_proposal(connection, prop2);
diff --git a/Source/charon/testcases/der_decoder_test.c b/Source/charon/testcases/der_decoder_test.c
new file mode 100644 (file)
index 0000000..c5683fa
--- /dev/null
@@ -0,0 +1,140 @@
+/**
+ * @file der_decoder_test.c
+ *
+ * @brief Tests for the der_decoder_t class.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "der_decoder_test.h"
+
+#include <daemon.h>
+#include <asn1/der_decoder.h>
+#include <utils/allocator.h>
+#include <utils/logger.h>
+
+
+
+static char private_key_buffer[] = {
+       0x30,0x82,0x04,0xa2,0x02,0x00,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,
+       0x43,0x5b,0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,
+       0xd7,0xbb,0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,
+       0x5b,0x02,0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,
+       0x39,0xc1,0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,
+       0x9b,0x92,0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,
+       0x2d,0x5b,0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,
+       0x51,0xfb,0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,
+       0x6b,0x91,0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,
+       0x99,0xfb,0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,
+       0x10,0x1b,0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,
+       0xac,0xed,0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,
+       0xb0,0x37,0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,
+       0x31,0x96,0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,
+       0xce,0x7d,0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,
+       0x6e,0xc4,0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,
+       0x40,0x25,0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01,
+       0x02,0x82,0x01,0x00,0x12,0x42,0x38,0x58,0x21,0xfc,0x51,0x34,0xa0,0x8b,0x4f,0x58,
+       0x28,0x2c,0x7a,0x14,0xd8,0x98,0xfb,0xee,0x5b,0x85,0x69,0x0e,0x63,0x83,0x16,0xd9,
+       0xc9,0x5f,0xcc,0x12,0x5d,0xa5,0x15,0x41,0xd6,0xb8,0x0c,0x6b,0xda,0x67,0x3a,0x83,
+       0x09,0xf3,0xb8,0x89,0xd4,0x1d,0xc7,0x99,0x8f,0x23,0x59,0xe3,0x78,0x2b,0x41,0x8b,
+       0xab,0x78,0x2c,0x7e,0x3b,0xbb,0xe0,0xf4,0x96,0xa8,0xd3,0x1d,0xc6,0xea,0x67,0x91,
+       0x2c,0x30,0x1c,0xe9,0x4f,0xb8,0xa2,0xc3,0x5d,0x2c,0xf9,0x99,0x1c,0x6c,0xee,0xd7,
+       0x16,0x28,0x3c,0x5a,0x32,0x35,0xb8,0x3a,0xf3,0xa7,0xa6,0x35,0x02,0xba,0xbf,0x67,
+       0xab,0x44,0xe1,0x09,0x9b,0x48,0x5d,0xa5,0x9e,0xf4,0xb7,0xf4,0xd1,0xfc,0x68,0x9e,
+       0x98,0x26,0x69,0x28,0xcc,0x19,0x75,0xf2,0x61,0x0e,0x23,0xeb,0xf9,0x6d,0x2c,0x2b,
+       0x01,0x3f,0x4d,0x18,0x41,0xc5,0x31,0x9d,0x1c,0x20,0x81,0x4e,0x38,0x92,0xd5,0xbb,
+       0xd7,0xe7,0x49,0x0c,0x3a,0xf3,0x8f,0x9e,0xf0,0xb3,0x32,0x1e,0xa7,0x77,0xe8,0x9c,
+       0xf3,0xce,0x88,0x66,0xcc,0xe8,0x16,0xbb,0xfd,0xbc,0x62,0xc7,0xc3,0xeb,0x0a,0xf5,
+       0xd8,0x53,0x02,0x6c,0x45,0xcb,0x1d,0xa3,0x96,0xfb,0xa5,0x26,0x18,0x7f,0x04,0x9f,
+       0x80,0x4a,0xdb,0x3b,0x74,0xcf,0x0d,0x45,0xf4,0xd5,0x49,0xe9,0x27,0x54,0x9c,0x57,
+       0x92,0x48,0x78,0x52,0xb6,0x40,0x89,0x3f,0xf3,0x95,0x06,0x3d,0x90,0xab,0xa0,0x8a,
+       0xc7,0x54,0xf1,0x63,0xcf,0xa6,0xd2,0x83,0x1e,0x69,0x54,0xe0,0x77,0x2c,0x9e,0x3a,
+       0x4f,0xdd,0x14,0x6d,0x02,0x81,0x81,0x00,0xd9,0x40,0x76,0x90,0x7c,0xe7,0x3b,0xa3,
+       0x59,0x23,0x14,0x6b,0xf3,0x5f,0x6e,0x6b,0x82,0x34,0xf6,0xbd,0x3e,0xfb,0x65,0xac,
+       0x2f,0x46,0xd5,0x6e,0x9b,0xb8,0x62,0x80,0xc3,0x0c,0xa9,0xa6,0x00,0xd6,0xb8,0x1c,
+       0x12,0x8d,0x4d,0xd0,0x64,0x29,0x4c,0xac,0x38,0xe8,0x6c,0xe4,0x82,0x02,0x4e,0x10,
+       0xd5,0x39,0x19,0x29,0x0c,0x58,0x3f,0x68,0xa0,0x11,0x0e,0x11,0x74,0x22,0x2b,0x7e,
+       0xc2,0xa7,0x88,0xe3,0x33,0xe8,0xb4,0x50,0x6e,0x0c,0x54,0xc5,0x3f,0xb7,0x16,0xcb,
+       0x39,0xed,0x23,0xd0,0x66,0x26,0x57,0xf9,0xcb,0xc9,0xac,0xe2,0xa4,0xb8,0xba,0xd8,
+       0xd2,0x1f,0x4a,0xed,0x73,0x89,0xda,0x42,0x27,0x5a,0x26,0x30,0x33,0xc8,0x42,0x2a,
+       0x3d,0xc5,0xf3,0xc2,0x29,0x3d,0x58,0x67,0x02,0x81,0x81,0x00,0xb6,0xd4,0x61,0x05,
+       0x49,0xcb,0xf4,0x29,0x8a,0x22,0xd3,0xa3,0x7c,0x9c,0xd2,0x07,0xa4,0x66,0xe4,0x36,
+       0xfa,0x5e,0xf6,0x64,0xb7,0x59,0x74,0x2f,0x36,0x6d,0x12,0xd0,0xc9,0x4d,0xf8,0xd1,
+       0xba,0xd1,0xee,0xd2,0x78,0xcd,0x51,0x69,0x33,0x6a,0x03,0xff,0xc2,0x35,0x1d,0x0d,
+       0x9c,0x0a,0x87,0x5e,0x09,0xa3,0x23,0x4c,0xab,0xc3,0x4c,0x4a,0x1c,0xa4,0xc5,0xe2,
+       0x70,0x42,0x1c,0xcf,0xea,0x79,0xfb,0xb9,0x87,0x67,0x4d,0xc3,0xfc,0xcc,0x86,0x9d,
+       0xfa,0xea,0x99,0xa5,0x1b,0xc1,0x96,0xf4,0x79,0x4d,0x66,0x12,0x8f,0x90,0x98,0xb4,
+       0xa1,0x3b,0xd6,0x2f,0x64,0xb4,0x5f,0x8f,0x47,0x7f,0x43,0xa5,0x6d,0xeb,0x06,0x58,
+       0xfb,0x04,0x9e,0xef,0xaf,0x88,0x35,0x88,0xa1,0x15,0x30,0x97,0x02,0x81,0x80,0x59,
+       0xbe,0xe0,0x7b,0xc5,0xad,0x3c,0x1c,0xb9,0x98,0xdd,0x39,0xce,0xfa,0xd0,0x41,0x87,
+       0x33,0x5b,0xee,0x47,0x93,0x50,0xa7,0xf5,0x8b,0xbc,0x65,0x89,0xdc,0x7c,0x8c,0x96,
+       0x86,0xa7,0x9a,0x54,0xe4,0x5e,0x7f,0xf2,0x45,0xff,0x2c,0x24,0x04,0x4f,0x91,0x21,
+       0x9d,0x1a,0x46,0xb7,0x52,0x3e,0x6f,0x83,0xb5,0xa7,0xa8,0x26,0x5a,0x5a,0x2f,0x5d,
+       0x58,0x4e,0x48,0x75,0x82,0x1c,0x17,0xac,0x4f,0xcb,0x23,0x98,0x70,0xfb,0xf3,0xf1,
+       0xd2,0x14,0x3e,0xbb,0x98,0x65,0xc9,0x24,0x2f,0xcb,0x48,0xae,0xba,0x0e,0x43,0xb9,
+       0xa4,0xa1,0x4f,0xab,0x1e,0x48,0xc9,0x82,0xdb,0xbc,0x77,0x24,0xf0,0x80,0x82,0x2d,
+       0x81,0x77,0x1f,0x18,0x75,0x14,0xa8,0x20,0x86,0xa2,0xb0,0xc5,0x9a,0x7a,0xe7,0x02,
+       0x81,0x80,0x1b,0x6d,0xb1,0x40,0x81,0xd9,0xbf,0x3f,0x9c,0x21,0xad,0x6e,0x91,0x7b,
+       0x55,0x67,0x20,0x1a,0xef,0x91,0xef,0xed,0xdf,0x39,0x2c,0xe8,0x96,0xad,0x9e,0x94,
+       0xae,0x85,0xf4,0x2d,0x66,0x6e,0xd0,0x80,0x3e,0x3c,0x05,0x33,0x88,0x4b,0x28,0x13,
+       0x77,0x96,0x1f,0x24,0xa8,0xbf,0x29,0xf1,0xca,0x6d,0x29,0x34,0xf8,0x4e,0xc0,0x56,
+       0x04,0x53,0xfa,0x08,0x1e,0x47,0xe2,0x5f,0x88,0xc3,0x08,0x82,0x54,0x69,0x79,0x0e,
+       0xde,0x73,0xd0,0xb1,0x3e,0x60,0xe5,0x0b,0xdd,0x11,0x10,0x20,0xf2,0xec,0xaa,0x66,
+       0x1a,0x32,0x1e,0xa7,0xaa,0xc1,0x2e,0x8f,0x33,0x8a,0xd8,0xa8,0xd6,0xcd,0x40,0x04,
+       0xaf,0xb9,0x59,0xcc,0x30,0x9f,0x98,0xc9,0x10,0xaf,0x14,0xbe,0x72,0x89,0x94,0xe1,
+       0x00,0xf1,0x02,0x81,0x81,0x00,0xd6,0xac,0x26,0xd2,0x42,0x5b,0x16,0xa9,0x39,0x02,
+       0x63,0x76,0xa4,0xf5,0x40,0x3a,0xde,0xfa,0xea,0xd8,0xd3,0x12,0xee,0x44,0x00,0xfe,
+       0xcb,0xa1,0x78,0x18,0xaa,0xa7,0x08,0xea,0x5e,0x36,0x52,0x28,0x0d,0x02,0x5a,0x9e,
+       0x2d,0xc1,0x22,0x29,0x08,0x4f,0xed,0xff,0xa9,0xa6,0x08,0x8d,0x77,0xa4,0x5c,0xae,
+       0xa7,0x8a,0x19,0x90,0xc2,0x12,0xc8,0x0f,0xb8,0x24,0xb5,0xba,0x45,0x2f,0xa6,0xc2,
+       0x10,0x4c,0x0d,0x7e,0xf2,0xfd,0x11,0x26,0x16,0x34,0xbe,0x08,0x25,0x41,0x8b,0xcc,
+       0x60,0xe7,0x02,0x3e,0x6a,0x54,0x05,0x80,0x66,0x2d,0x55,0x06,0xe6,0xbe,0x9b,0x15,
+       0x9d,0xd3,0x5d,0xc4,0x6b,0x3f,0x74,0xa6,0x24,0xbc,0x7f,0x13,0xdf,0xe3,0x51,0x86,
+       0x64,0x0f,0x1d,0x1f,0xf2,0x1e,
+};
+
+asn1_rule_t private_key_rules[] = {
+       {ASN1_SEQUENCE, 0, 0, 0},
+       {       ASN1_INTEGER, 0,                0, 0},
+       {       ASN1_INTEGER, ASN1_MPZ, 0, 0},
+       {       ASN1_INTEGER, ASN1_MPZ, 0, 0},
+       {       ASN1_INTEGER, ASN1_MPZ, 0, 0},
+       {       ASN1_INTEGER, ASN1_MPZ, 0, 0},
+       {       ASN1_INTEGER, ASN1_MPZ, 0, 0},
+       {       ASN1_INTEGER, ASN1_MPZ, 0, 0},
+       {       ASN1_INTEGER, ASN1_MPZ, 0, 0},
+       {       ASN1_INTEGER, ASN1_MPZ, 0, 0},
+       {ASN1_END, 0, 0, 0},
+};
+
+/**
+ * Described in header.
+ */
+void test_der_decoder(protected_tester_t *tester)
+{
+       chunk_t private_key = {private_key_buffer, sizeof(private_key_buffer)};
+       
+       der_decoder_t *dd = der_decoder_create(private_key_rules);
+       
+       dd->decode(dd, private_key, NULL);
+       
+       dd->destroy(dd);
+       
+}
+
+
+
diff --git a/Source/charon/testcases/der_decoder_test.h b/Source/charon/testcases/der_decoder_test.h
new file mode 100644 (file)
index 0000000..e7a7b7b
--- /dev/null
@@ -0,0 +1,42 @@
+/**
+ * @file der_decoder_test.h
+ *
+ * @brief Tests for the der_decoder_t class.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+
+#ifndef DER_DECODER_TEST_H_
+#define DER_DECODER_TEST_H_
+
+#include <utils/tester.h>
+
+/**
+ * @brief Test function used to test the der_decoder_t functionality.
+ *
+ * @param tester associated protected_tester_t object
+ * 
+ * @ingroup testcases
+ */
+void test_der_decoder(protected_tester_t *tester);
+
+#endif /* DER_DECODER_TEST_H_ */
+
+
+
+
index df999cc..c611a3e 100644 (file)
@@ -570,16 +570,16 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
        
 
        proposal1 = proposal_create(1);
-       proposal1->add_algorithm(proposal1, IKE, ENCRYPTION_ALGORITHM, 1, 20);
-       proposal1->add_algorithm(proposal1, IKE, PSEUDO_RANDOM_FUNCTION, 2, 22);
-       proposal1->add_algorithm(proposal1, IKE, INTEGRITY_ALGORITHM, 3, 24);
-       proposal1->add_algorithm(proposal1, IKE, DIFFIE_HELLMAN_GROUP, 4, 0);
+       proposal1->add_algorithm(proposal1, PROTO_IKE, ENCRYPTION_ALGORITHM, 1, 20);
+       proposal1->add_algorithm(proposal1, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, 2, 22);
+       proposal1->add_algorithm(proposal1, PROTO_IKE, INTEGRITY_ALGORITHM, 3, 24);
+       proposal1->add_algorithm(proposal1, PROTO_IKE, DIFFIE_HELLMAN_GROUP, 4, 0);
        
        proposal2 = proposal_create(2);
-       proposal2->add_algorithm(proposal2, IKE, ENCRYPTION_ALGORITHM, 5, 26);
-       proposal2->add_algorithm(proposal2, IKE, PSEUDO_RANDOM_FUNCTION, 6, 28);
-       proposal2->add_algorithm(proposal2, IKE, INTEGRITY_ALGORITHM, 7, 30);
-       proposal2->add_algorithm(proposal2, IKE, DIFFIE_HELLMAN_GROUP, 8, 0);
+       proposal2->add_algorithm(proposal2, PROTO_IKE, ENCRYPTION_ALGORITHM, 5, 26);
+       proposal2->add_algorithm(proposal2, PROTO_IKE, PSEUDO_RANDOM_FUNCTION, 6, 28);
+       proposal2->add_algorithm(proposal2, PROTO_IKE, INTEGRITY_ALGORITHM, 7, 30);
+       proposal2->add_algorithm(proposal2, PROTO_IKE, DIFFIE_HELLMAN_GROUP, 8, 0);
 
        list = linked_list_create();
        list->insert_last(list, (void*)proposal1);
@@ -643,25 +643,25 @@ void test_generator_with_sa_payload(protected_tester_t *tester)
 
        proposal1 = proposal_create(1);
        
-       proposal1->add_algorithm(proposal1, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
-       proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
-       proposal1->add_algorithm(proposal1, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
-       proposal1->set_spi(proposal1, AH, 0x01010101l);
+       proposal1->add_algorithm(proposal1, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+       proposal1->add_algorithm(proposal1, PROTO_AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
+       proposal1->set_spi(proposal1, PROTO_AH, 0x01010101l);
        
-       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
-       proposal1->add_algorithm(proposal1, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-       proposal1->set_spi(proposal1, ESP, 0x02020202);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 20);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       proposal1->set_spi(proposal1, PROTO_ESP, 0x02020202);
        
        
-       proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
-       proposal2->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
-       proposal2->add_algorithm(proposal2, AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
-       proposal2->set_spi(proposal2, AH, 0x01010101);
+       proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       proposal2->add_algorithm(proposal2, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+       proposal2->add_algorithm(proposal2, PROTO_AH, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0);
+       proposal2->set_spi(proposal2, PROTO_AH, 0x01010101);
        
-       proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
-       proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
-       proposal2->add_algorithm(proposal2, ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-       proposal2->set_spi(proposal2, ESP, 0x02020202);
+       proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
+       proposal2->add_algorithm(proposal2, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       proposal2->add_algorithm(proposal2, PROTO_ESP, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       proposal2->set_spi(proposal2, PROTO_ESP, 0x02020202);
        
        list->insert_last(list, (void*)proposal1);
        list->insert_last(list, (void*)proposal2);
@@ -1216,7 +1216,7 @@ void test_generator_with_delete_payload(protected_tester_t *tester)
        spis.ptr = "123456789012";
        spis.len = strlen(spis.ptr);
 
-       delete_payload->set_protocol_id(delete_payload,AH);
+       delete_payload->set_protocol_id(delete_payload, PROTO_AH);
        delete_payload->set_spi_count(delete_payload,3);
        delete_payload->set_spi_size(delete_payload,4);
        delete_payload->set_spis(delete_payload,spis);
@@ -1408,6 +1408,4 @@ void test_generator_with_eap_payload(protected_tester_t *tester)
        
        eap_payload->destroy(eap_payload);
        generator->destroy(generator);
-               
-       charon->logger_manager->destroy_logger(charon->logger_manager,logger);  
 }
index 6fd74c1..0cfbfdb 100644 (file)
@@ -201,6 +201,4 @@ void test_hmac_sha1_signer(protected_tester_t *tester)
        }
        
        signer->destroy(signer);
-       charon->logger_manager->destroy_logger(charon->logger_manager,logger);
-
 }
index 5dcfc7c..81a6556 100644 (file)
@@ -805,7 +805,7 @@ void test_parser_with_delete_payload(protected_tester_t *tester)
                return; 
        }
        result = delete_payload->get_spis(delete_payload);
-       tester->assert_true(tester,(delete_payload->get_protocol_id(delete_payload) == ESP), "is ESP protocol");
+       tester->assert_true(tester,(delete_payload->get_protocol_id(delete_payload) == PROTO_ESP), "is ESP protocol");
        tester->assert_true(tester,(delete_payload->get_spi_size(delete_payload) == 3), "SPI size check");
        tester->assert_true(tester,(delete_payload->get_spi_count(delete_payload) == 4), "SPI count check");
        tester->assert_true(tester,(result.len == 12), "parsed data lenght");
index da906ee..d511f4a 100644 (file)
@@ -61,16 +61,16 @@ void test_policy(protected_tester_t *tester)
        
        /* esp only prop */
        proposal1 = proposal_create(1);
-       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
        
        /* ah only prop */
        proposal2 = proposal_create(2);
-       proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
        
        /* ah and esp prop */
        proposal3 = proposal_create(3);
-       proposal3->add_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
-       proposal3->add_algorithm(proposal3, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       proposal3->add_algorithm(proposal3, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
+       proposal3->add_algorithm(proposal3, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
        
        
        policy->add_proposal(policy, proposal1);
@@ -84,13 +84,13 @@ void test_policy(protected_tester_t *tester)
        
        proposals_list = linked_list_create();
        proposal1 = proposal_create(1);
-       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
        proposal2 = proposal_create(2);
-       proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
-       proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
-       proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
-       proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
-       proposal2->add_algorithm(proposal2, AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 16);
+       proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
+       proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       proposal2->add_algorithm(proposal2, PROTO_AH, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
        
        proposals_list->insert_last(proposals_list, proposal1);
        proposals_list->insert_last(proposals_list, proposal2);
@@ -98,7 +98,7 @@ void test_policy(protected_tester_t *tester)
        proposal_sel = policy->select_proposal(policy, proposals_list);
        tester->assert_false(tester, proposal_sel == NULL, "proposal select");
        /* check ESP encryption algo */
-       iterator = proposal_sel->create_algorithm_iterator(proposal_sel, ESP, ENCRYPTION_ALGORITHM);
+       iterator = proposal_sel->create_algorithm_iterator(proposal_sel, PROTO_ESP, ENCRYPTION_ALGORITHM);
        tester->assert_false(tester, iterator == NULL, "algorithm select ESP");
        while (iterator->has_next(iterator))
        {
@@ -108,7 +108,7 @@ void test_policy(protected_tester_t *tester)
                tester->assert_true(tester, algo->key_size == 16, "ESP encryption keysize");
        }
        iterator->destroy(iterator);
-       iterator = proposal_sel->create_algorithm_iterator(proposal_sel, AH, INTEGRITY_ALGORITHM);
+       iterator = proposal_sel->create_algorithm_iterator(proposal_sel, PROTO_AH, INTEGRITY_ALGORITHM);
        /* check AH integrity algo */
        tester->assert_false(tester, iterator == NULL, "algorithm select AH");
        while (iterator->has_next(iterator))
index 7e7f2a4..8df2bf4 100644 (file)
@@ -39,38 +39,38 @@ void test_proposal(protected_tester_t *tester)
        bool result;
 
        proposal1 = proposal_create(1);
-       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
-       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
-       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
-       proposal1->add_algorithm(proposal1, ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
-       proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
-       proposal1->add_algorithm(proposal1, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
-       proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
-       proposal1->add_algorithm(proposal1, AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 32);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 0);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 20);
+       proposal1->add_algorithm(proposal1, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       proposal1->add_algorithm(proposal1, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0);
        
        proposal2 = proposal_create(2);
-       proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0);
-       proposal2->add_algorithm(proposal2, ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
-       proposal2->add_algorithm(proposal2, ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
-       proposal1->add_algorithm(proposal2, AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
+       proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_3IDEA, 0);
+       proposal2->add_algorithm(proposal2, PROTO_ESP, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 16);
+       proposal2->add_algorithm(proposal2, PROTO_ESP, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 20);
+       proposal1->add_algorithm(proposal2, PROTO_AH, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0);
        
        /* ah and esp prop */
        proposal3 = proposal1->select(proposal1, proposal2);
        tester->assert_false(tester, proposal3 == NULL, "proposal select");
        if (proposal3)
        {
-               result = proposal3->get_algorithm(proposal3, ESP, ENCRYPTION_ALGORITHM, &algo);
+               result = proposal3->get_algorithm(proposal3, PROTO_ESP, ENCRYPTION_ALGORITHM, &algo);
                tester->assert_true(tester, result, "encryption algo select");
                tester->assert_true(tester, algo->algorithm == ENCR_AES_CBC, "encryption algo");
                tester->assert_true(tester, algo->key_size == 16, "encryption keylen");
                
                
-               result = proposal3->get_algorithm(proposal3, ESP, INTEGRITY_ALGORITHM, &algo);
+               result = proposal3->get_algorithm(proposal3, PROTO_ESP, INTEGRITY_ALGORITHM, &algo);
                tester->assert_true(tester, result, "integrity algo select");
                tester->assert_true(tester, algo->algorithm == AUTH_HMAC_MD5_96, "integrity algo");
                tester->assert_true(tester, algo->key_size == 20, "integrity keylen");
                
-               iterator = proposal3->create_algorithm_iterator(proposal3, ESP, INTEGRITY_ALGORITHM);
+               iterator = proposal3->create_algorithm_iterator(proposal3, PROTO_ESP, INTEGRITY_ALGORITHM);
                tester->assert_false(tester, iterator == NULL, "integrity algo select");
                while(iterator->has_next(iterator))
                {
@@ -80,7 +80,7 @@ void test_proposal(protected_tester_t *tester)
                }
                iterator->destroy(iterator);
                
-               iterator = proposal3->create_algorithm_iterator(proposal3, AH, DIFFIE_HELLMAN_GROUP );
+               iterator = proposal3->create_algorithm_iterator(proposal3, PROTO_AH, DIFFIE_HELLMAN_GROUP );
                tester->assert_false(tester, iterator == NULL, "dh group algo select");
                while(iterator->has_next(iterator))
                {
index 31b6a24..847096e 100644 (file)
 #include <utils/allocator.h>
 #include <utils/logger.h>
 
+char private_key_buffer[] = {
+       0x30,0x82,0x04,0xa2,0x02,0x00,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,
+       0x43,0x5b,0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,
+       0xd7,0xbb,0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,
+       0x5b,0x02,0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,
+       0x39,0xc1,0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,
+       0x9b,0x92,0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,
+       0x2d,0x5b,0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,
+       0x51,0xfb,0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,
+       0x6b,0x91,0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,
+       0x99,0xfb,0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,
+       0x10,0x1b,0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,
+       0xac,0xed,0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,
+       0xb0,0x37,0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,
+       0x31,0x96,0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,
+       0xce,0x7d,0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,
+       0x6e,0xc4,0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,
+       0x40,0x25,0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01,
+       0x02,0x82,0x01,0x00,0x12,0x42,0x38,0x58,0x21,0xfc,0x51,0x34,0xa0,0x8b,0x4f,0x58,
+       0x28,0x2c,0x7a,0x14,0xd8,0x98,0xfb,0xee,0x5b,0x85,0x69,0x0e,0x63,0x83,0x16,0xd9,
+       0xc9,0x5f,0xcc,0x12,0x5d,0xa5,0x15,0x41,0xd6,0xb8,0x0c,0x6b,0xda,0x67,0x3a,0x83,
+       0x09,0xf3,0xb8,0x89,0xd4,0x1d,0xc7,0x99,0x8f,0x23,0x59,0xe3,0x78,0x2b,0x41,0x8b,
+       0xab,0x78,0x2c,0x7e,0x3b,0xbb,0xe0,0xf4,0x96,0xa8,0xd3,0x1d,0xc6,0xea,0x67,0x91,
+       0x2c,0x30,0x1c,0xe9,0x4f,0xb8,0xa2,0xc3,0x5d,0x2c,0xf9,0x99,0x1c,0x6c,0xee,0xd7,
+       0x16,0x28,0x3c,0x5a,0x32,0x35,0xb8,0x3a,0xf3,0xa7,0xa6,0x35,0x02,0xba,0xbf,0x67,
+       0xab,0x44,0xe1,0x09,0x9b,0x48,0x5d,0xa5,0x9e,0xf4,0xb7,0xf4,0xd1,0xfc,0x68,0x9e,
+       0x98,0x26,0x69,0x28,0xcc,0x19,0x75,0xf2,0x61,0x0e,0x23,0xeb,0xf9,0x6d,0x2c,0x2b,
+       0x01,0x3f,0x4d,0x18,0x41,0xc5,0x31,0x9d,0x1c,0x20,0x81,0x4e,0x38,0x92,0xd5,0xbb,
+       0xd7,0xe7,0x49,0x0c,0x3a,0xf3,0x8f,0x9e,0xf0,0xb3,0x32,0x1e,0xa7,0x77,0xe8,0x9c,
+       0xf3,0xce,0x88,0x66,0xcc,0xe8,0x16,0xbb,0xfd,0xbc,0x62,0xc7,0xc3,0xeb,0x0a,0xf5,
+       0xd8,0x53,0x02,0x6c,0x45,0xcb,0x1d,0xa3,0x96,0xfb,0xa5,0x26,0x18,0x7f,0x04,0x9f,
+       0x80,0x4a,0xdb,0x3b,0x74,0xcf,0x0d,0x45,0xf4,0xd5,0x49,0xe9,0x27,0x54,0x9c,0x57,
+       0x92,0x48,0x78,0x52,0xb6,0x40,0x89,0x3f,0xf3,0x95,0x06,0x3d,0x90,0xab,0xa0,0x8a,
+       0xc7,0x54,0xf1,0x63,0xcf,0xa6,0xd2,0x83,0x1e,0x69,0x54,0xe0,0x77,0x2c,0x9e,0x3a,
+       0x4f,0xdd,0x14,0x6d,0x02,0x81,0x81,0x00,0xd9,0x40,0x76,0x90,0x7c,0xe7,0x3b,0xa3,
+       0x59,0x23,0x14,0x6b,0xf3,0x5f,0x6e,0x6b,0x82,0x34,0xf6,0xbd,0x3e,0xfb,0x65,0xac,
+       0x2f,0x46,0xd5,0x6e,0x9b,0xb8,0x62,0x80,0xc3,0x0c,0xa9,0xa6,0x00,0xd6,0xb8,0x1c,
+       0x12,0x8d,0x4d,0xd0,0x64,0x29,0x4c,0xac,0x38,0xe8,0x6c,0xe4,0x82,0x02,0x4e,0x10,
+       0xd5,0x39,0x19,0x29,0x0c,0x58,0x3f,0x68,0xa0,0x11,0x0e,0x11,0x74,0x22,0x2b,0x7e,
+       0xc2,0xa7,0x88,0xe3,0x33,0xe8,0xb4,0x50,0x6e,0x0c,0x54,0xc5,0x3f,0xb7,0x16,0xcb,
+       0x39,0xed,0x23,0xd0,0x66,0x26,0x57,0xf9,0xcb,0xc9,0xac,0xe2,0xa4,0xb8,0xba,0xd8,
+       0xd2,0x1f,0x4a,0xed,0x73,0x89,0xda,0x42,0x27,0x5a,0x26,0x30,0x33,0xc8,0x42,0x2a,
+       0x3d,0xc5,0xf3,0xc2,0x29,0x3d,0x58,0x67,0x02,0x81,0x81,0x00,0xb6,0xd4,0x61,0x05,
+       0x49,0xcb,0xf4,0x29,0x8a,0x22,0xd3,0xa3,0x7c,0x9c,0xd2,0x07,0xa4,0x66,0xe4,0x36,
+       0xfa,0x5e,0xf6,0x64,0xb7,0x59,0x74,0x2f,0x36,0x6d,0x12,0xd0,0xc9,0x4d,0xf8,0xd1,
+       0xba,0xd1,0xee,0xd2,0x78,0xcd,0x51,0x69,0x33,0x6a,0x03,0xff,0xc2,0x35,0x1d,0x0d,
+       0x9c,0x0a,0x87,0x5e,0x09,0xa3,0x23,0x4c,0xab,0xc3,0x4c,0x4a,0x1c,0xa4,0xc5,0xe2,
+       0x70,0x42,0x1c,0xcf,0xea,0x79,0xfb,0xb9,0x87,0x67,0x4d,0xc3,0xfc,0xcc,0x86,0x9d,
+       0xfa,0xea,0x99,0xa5,0x1b,0xc1,0x96,0xf4,0x79,0x4d,0x66,0x12,0x8f,0x90,0x98,0xb4,
+       0xa1,0x3b,0xd6,0x2f,0x64,0xb4,0x5f,0x8f,0x47,0x7f,0x43,0xa5,0x6d,0xeb,0x06,0x58,
+       0xfb,0x04,0x9e,0xef,0xaf,0x88,0x35,0x88,0xa1,0x15,0x30,0x97,0x02,0x81,0x80,0x59,
+       0xbe,0xe0,0x7b,0xc5,0xad,0x3c,0x1c,0xb9,0x98,0xdd,0x39,0xce,0xfa,0xd0,0x41,0x87,
+       0x33,0x5b,0xee,0x47,0x93,0x50,0xa7,0xf5,0x8b,0xbc,0x65,0x89,0xdc,0x7c,0x8c,0x96,
+       0x86,0xa7,0x9a,0x54,0xe4,0x5e,0x7f,0xf2,0x45,0xff,0x2c,0x24,0x04,0x4f,0x91,0x21,
+       0x9d,0x1a,0x46,0xb7,0x52,0x3e,0x6f,0x83,0xb5,0xa7,0xa8,0x26,0x5a,0x5a,0x2f,0x5d,
+       0x58,0x4e,0x48,0x75,0x82,0x1c,0x17,0xac,0x4f,0xcb,0x23,0x98,0x70,0xfb,0xf3,0xf1,
+       0xd2,0x14,0x3e,0xbb,0x98,0x65,0xc9,0x24,0x2f,0xcb,0x48,0xae,0xba,0x0e,0x43,0xb9,
+       0xa4,0xa1,0x4f,0xab,0x1e,0x48,0xc9,0x82,0xdb,0xbc,0x77,0x24,0xf0,0x80,0x82,0x2d,
+       0x81,0x77,0x1f,0x18,0x75,0x14,0xa8,0x20,0x86,0xa2,0xb0,0xc5,0x9a,0x7a,0xe7,0x02,
+       0x81,0x80,0x1b,0x6d,0xb1,0x40,0x81,0xd9,0xbf,0x3f,0x9c,0x21,0xad,0x6e,0x91,0x7b,
+       0x55,0x67,0x20,0x1a,0xef,0x91,0xef,0xed,0xdf,0x39,0x2c,0xe8,0x96,0xad,0x9e,0x94,
+       0xae,0x85,0xf4,0x2d,0x66,0x6e,0xd0,0x80,0x3e,0x3c,0x05,0x33,0x88,0x4b,0x28,0x13,
+       0x77,0x96,0x1f,0x24,0xa8,0xbf,0x29,0xf1,0xca,0x6d,0x29,0x34,0xf8,0x4e,0xc0,0x56,
+       0x04,0x53,0xfa,0x08,0x1e,0x47,0xe2,0x5f,0x88,0xc3,0x08,0x82,0x54,0x69,0x79,0x0e,
+       0xde,0x73,0xd0,0xb1,0x3e,0x60,0xe5,0x0b,0xdd,0x11,0x10,0x20,0xf2,0xec,0xaa,0x66,
+       0x1a,0x32,0x1e,0xa7,0xaa,0xc1,0x2e,0x8f,0x33,0x8a,0xd8,0xa8,0xd6,0xcd,0x40,0x04,
+       0xaf,0xb9,0x59,0xcc,0x30,0x9f,0x98,0xc9,0x10,0xaf,0x14,0xbe,0x72,0x89,0x94,0xe1,
+       0x00,0xf1,0x02,0x81,0x81,0x00,0xd6,0xac,0x26,0xd2,0x42,0x5b,0x16,0xa9,0x39,0x02,
+       0x63,0x76,0xa4,0xf5,0x40,0x3a,0xde,0xfa,0xea,0xd8,0xd3,0x12,0xee,0x44,0x00,0xfe,
+       0xcb,0xa1,0x78,0x18,0xaa,0xa7,0x08,0xea,0x5e,0x36,0x52,0x28,0x0d,0x02,0x5a,0x9e,
+       0x2d,0xc1,0x22,0x29,0x08,0x4f,0xed,0xff,0xa9,0xa6,0x08,0x8d,0x77,0xa4,0x5c,0xae,
+       0xa7,0x8a,0x19,0x90,0xc2,0x12,0xc8,0x0f,0xb8,0x24,0xb5,0xba,0x45,0x2f,0xa6,0xc2,
+       0x10,0x4c,0x0d,0x7e,0xf2,0xfd,0x11,0x26,0x16,0x34,0xbe,0x08,0x25,0x41,0x8b,0xcc,
+       0x60,0xe7,0x02,0x3e,0x6a,0x54,0x05,0x80,0x66,0x2d,0x55,0x06,0xe6,0xbe,0x9b,0x15,
+       0x9d,0xd3,0x5d,0xc4,0x6b,0x3f,0x74,0xa6,0x24,0xbc,0x7f,0x13,0xdf,0xe3,0x51,0x86,
+       0x64,0x0f,0x1d,0x1f,0xf2,0x1e,
+};
+
+char public_key_buffer[] = {
+       0x30,0x82,0x01,0x0a,0x02,0x82,0x01,0x01,0x00,0x9b,0x28,0x10,0x02,0xd2,0x43,0x5b,
+       0x2b,0x7c,0x81,0xce,0x2b,0x77,0xb4,0xbf,0x5f,0x2a,0x9a,0x96,0xc9,0xa4,0xd7,0xbb,
+       0xb3,0xfb,0xc1,0x8a,0xad,0xbe,0x21,0x4e,0xd7,0x15,0xc4,0x8c,0x0a,0x88,0x5b,0x02,
+       0xa9,0xcd,0x2e,0xee,0xd3,0x5e,0xb9,0xfd,0x27,0x0b,0xdb,0xf6,0xe7,0xb7,0x39,0xc1,
+       0xfa,0x34,0x3f,0xa7,0xe4,0x04,0xaf,0xa8,0xc2,0x36,0x4e,0xf5,0x0c,0xf1,0x9b,0x92,
+       0x26,0x32,0x20,0xdb,0x04,0xf5,0xb8,0x2e,0xf5,0xfc,0x47,0xd3,0x2a,0xa1,0x2d,0x5b,
+       0x68,0x2c,0x5e,0xc6,0xc9,0x35,0x57,0x7b,0x65,0x17,0xd7,0x5d,0x10,0x5c,0x51,0xfb,
+       0xcb,0x95,0xd1,0x17,0x42,0xa9,0xfd,0xd1,0xc4,0x32,0x1f,0x13,0xf2,0xeb,0x6b,0x91,
+       0x01,0xe9,0x89,0x19,0x3a,0x2b,0x6d,0xae,0x91,0x27,0xe2,0x5e,0x06,0x5b,0x99,0xfb,
+       0x20,0x3c,0xc4,0x92,0x20,0xc4,0x68,0x24,0x6b,0x74,0xdc,0x6d,0xf7,0xa8,0x10,0x1b,
+       0xdf,0x20,0xed,0x4e,0x90,0x0e,0x3d,0xf6,0xef,0x3a,0x94,0x8b,0x12,0x61,0xac,0xed,
+       0x95,0xbc,0xe2,0xed,0xb9,0x22,0xc2,0xdd,0xc7,0x19,0x68,0x09,0x14,0x71,0xb0,0x37,
+       0xf7,0xbd,0x65,0x11,0x31,0x9d,0x89,0x6e,0x21,0xcf,0x60,0xc1,0x8d,0xbe,0x31,0x96,
+       0xd2,0xdd,0x0e,0x20,0x38,0x07,0xd5,0xea,0xda,0xc8,0x9a,0x47,0x5b,0x05,0xce,0x7d,
+       0xf7,0x4e,0xcd,0xbb,0x89,0xdd,0x46,0x16,0x8f,0x39,0x9d,0x32,0x19,0xaf,0x6e,0xc4,
+       0xb3,0x6c,0x79,0x5a,0x70,0x11,0x8f,0xe2,0x75,0x33,0x09,0xc8,0xf6,0xd7,0x40,0x25,
+       0xe7,0xa3,0xf0,0x6f,0x9a,0xdb,0x35,0x74,0xc1,0x02,0x03,0x01,0x00,0x01,
+};
 
 /* 
  * described in Header-File
@@ -36,9 +133,13 @@ void test_rsa(protected_tester_t *tester)
 {
        rsa_private_key_t *private_key;
        rsa_public_key_t *public_key;
-       chunk_t data, signature, private_key_chunk, public_key_chunk;
+       chunk_t data, signature;
+       chunk_t der_private_key = {private_key_buffer, sizeof(private_key_buffer)};
+       chunk_t der_public_key = {public_key_buffer, sizeof(public_key_buffer)};
        logger_t *logger;
        status_t status;
+       
+       /* key generation and signing */
        u_int8_t test_data[] = {
                0x01,0x02,0x03,0x04,
                0x01,0x02,0x03,0x04,
@@ -61,25 +162,32 @@ void test_rsa(protected_tester_t *tester)
        private_key->generate_key(private_key, 512);
        
        status = private_key->build_emsa_pkcs1_signature(private_key, HASH_MD5, data, &signature);
-       tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature");
+       tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature (genkey)");
        
        public_key = private_key->get_public_key(private_key);
        
        status = public_key->verify_emsa_pkcs1_signature(public_key, data, signature);
-       tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature");
+       tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature (genkey)"); 
        
-       public_key->get_key(public_key, &public_key_chunk);
-       private_key->get_key(private_key, &private_key_chunk);
+       allocator_free(signature.ptr);
        
-       logger->log_chunk(logger, RAW, "Public Key", public_key_chunk);
-       logger->log_chunk(logger, RAW, "Private Key", private_key_chunk);
+       private_key->destroy(private_key);
+       public_key->destroy(public_key);
+       
+       /* key loading */
+       private_key = rsa_private_key_create();
+       private_key->set_key(private_key, der_private_key);
        
+       public_key = rsa_public_key_create();
+       public_key->set_key(public_key, der_public_key);
+       
+       status = private_key->build_emsa_pkcs1_signature(private_key, HASH_MD5, data, &signature);
+       tester->assert_true(tester, status == SUCCESS, "build emsa_pkcs1_signature (setkey)");  
+       status = public_key->verify_emsa_pkcs1_signature(public_key, data, signature);
+       tester->assert_true(tester, status == SUCCESS, "verify emsa_pkcs1_signature (setkey)"); 
        
-       allocator_free(public_key_chunk.ptr);
-       allocator_free(private_key_chunk.ptr);
        allocator_free(signature.ptr);
        
-       private_key->destroy(private_key);
        public_key->destroy(public_key);
-       
+       private_key->destroy(private_key);
 }
index 1d44cf5..34a3ff5 100644 (file)
@@ -62,6 +62,7 @@
 #include <testcases/rsa_test.h>
 #include <testcases/kernel_interface_test.h>
 #include <testcases/child_sa_test.h>
+#include <testcases/der_decoder_test.h>
 
 /* output for test messages */
 extern FILE * stderr;
@@ -128,6 +129,7 @@ test_t proposal_test = {test_proposal, "proposal_t test"};
 test_t rsa_test = {test_rsa, "RSA private/public key test"};
 test_t kernel_interface_test = {test_kernel_interface, "Kernel Interface"};
 test_t child_sa_test = {test_child_sa, "Child SA"};
+test_t der_decoder_test = {test_der_decoder, "DER decoder"};
 
 
 daemon_t* charon;
@@ -135,7 +137,7 @@ daemon_t* charon;
 static void daemon_kill(daemon_t *this, char* none)
 {
        this->logger_manager->destroy(this->logger_manager);
-       this->socket->destroy(this->socket);
+       //this->socket->destroy(this->socket);
        this->ike_sa_manager->destroy(this->ike_sa_manager);
        this->job_queue->destroy(this->job_queue);
        this->event_queue->destroy(this->event_queue);
@@ -158,7 +160,7 @@ daemon_t *daemon_create()
        charon->kill = daemon_kill;
        
        charon->logger_manager = logger_manager_create(0);
-       charon->socket = socket_create(4510);
+       //charon->socket = socket_create(4510);
        charon->ike_sa_manager = ike_sa_manager_create();
        charon->job_queue = job_queue_create();
        charon->event_queue = event_queue_create();
@@ -250,14 +252,13 @@ int main()
        daemon_create();
  
        charon->logger_manager->disable_log_level(charon->logger_manager,TESTER,FULL);
-       charon->logger_manager->enable_log_level(charon->logger_manager,CHILD_SA,FULL);
-       /* charon->logger_manager->enable_log_level(charon->logger_manager,TESTER,RAW); */
+       charon->logger_manager->enable_log_level(charon->logger_manager,DER_DECODER,FULL);
        
        tester_t *tester = tester_create(test_output, FALSE);
        
 
        //tester->perform_tests(tester,all_tests);
-       tester->perform_test(tester,&kernel_interface_test);
+       tester->perform_test(tester,&rsa_test);
        
        
        tester->destroy(tester);
diff --git a/Source/charon/transforms/certificate.c b/Source/charon/transforms/certificate.c
new file mode 100755 (executable)
index 0000000..6d10d9f
--- /dev/null
@@ -0,0 +1,518 @@
+/**
+ * @file certificate.c
+ * 
+ * @brief Implementation of certificate_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <gmp.h>
+
+#include "certificate.h"
+
+#include <daemon.h>
+#include <utils/allocator.h>
+#include <asn1/der_decoder.h>
+
+
+typedef struct private_certificate_t private_certificate_t;
+
+/**
+ * Private data of a certificate_t object.
+ */
+struct private_certificate_t {
+       /**
+        * Public interface for this signer.
+        */
+       certificate_t public;
+};
+
+#define OSET(x) offsetof(private_certiciate_t, x)
+
+/**
+ * Rules for de-/encoding of a certificate from/in ASN1 
+ */
+static asn1_rule_t certificate_rules[] = {
+       {ASN1_SEQUENCE,                         0,                              0,                                      0                                       }, /* certificate */
+       { ASN1_SEQUENCE,                        0,                              0,                                      0                                       }, /*  tbsCertificate */
+       {  ASN1_TAG_E_0,                        ASN1_DEFAULT,   OSET(version),          0                                       }, /*   EXPLICIT version DEFAULT v1(0) */
+       {   ASN1_INTEGER,                       0,                              OSET(version),          0                                       },
+       {  ASN1_INTEGER,                        0,                              OSET(serial),           0                                       }, /*  serialNumber */
+       {  ASN1_SEQUENCE,                       0,                              0,                                      0                                       }, /*  signature */
+       {   ASN1_OID,                           0,                              OSET(sign_alg),         0                                       }, /*   algorithm */
+       {  ASN1_END,                            0,                              0,                                      0                                       }, /*  signature */
+       {  ASN1_CHOICE,                         0,                              0,                                      0                                       }, /*  issuer */
+       {   ASN1_SEQUENCE,                      ASN1_OF,                0,                                      0                                       },
+       /* name */
+       {   ASN1_END,                           0,                              0,                                      0                                       },
+       {  ASN1_END,                            0,                              0,                                      0                                       }, /*  issuer */
+       {  ASN1_SEQUENCE,                       0,                              0,                                      0                                       }, /*  validity */
+       {   ASN1_CHOICE,                        0,                              0,                                      0                                       }, /*   notBefore */
+       {    ASN1_UTCTIME,                      0,                              OSET(not_before),       0                                       }, /*    utcTime */
+       {    ASN1_GENERALIZEDTIME,      0,                              OSET(not_before),       0                                       }, /*    generalTime */
+       {   ASN1_END,                           0,                              0,                                      0                                       }, /*   notBefore */
+       {   ASN1_CHOICE,                        0,                              0,                                      0                                       }, /*   notAfter */
+       {    ASN1_UTCTIME,                      0,                              OSET(not_after),        0                                       }, /*    utcTime */
+       {    ASN1_GENERALIZEDTIME,      0,                              OSET(not_after),        0                                       }, /*    generalTime */
+       {   ASN1_END,                           0,                              0,                                      0                                       }, /*   notAfter */
+       {  ASN1_END,                            0,                              0,                                      0                                       }, /*  validity */
+       {  ASN1_CHOICE,                         0,                              0,                                      0                                       }, /*  subject */
+       {   ASN1_SEQUENCE,                      ASN1_OF,                0,                                      0                                       },
+       /* name */
+       {   ASN1_END,                           0,                              0,                                      0                                       },
+       {  ASN1_END,                            0,                              0,                                      0                                       }, /*  subject */
+       {  ASN1_SEQUENCE,                       0,                              0,                                      0                                       }, /*  subjectPublicKeyInfo */
+       {   ASN1_OID,                           0,                              OSET(pubkey_alg),       0                                       }, /*   algorithm */
+       {   ASN1_BITSTRING,             0,                              OSET(pubkey),           0                                       }, /*   subjectPublicKey */
+       {  ASN1_END,                            0,                              0,                                      0                                       }, /*  subjectPublicKeyInfo */
+       {  ASN1_TAG_I_1,                        ASN1_OPTIONAL,  0,                                      OSET(has_issuer_uid)}, /*  IMPLICIT issuerUniqueID OPTIONAL */
+       {   ASN1_BITSTRING,                     0,                              OSET(issuer_uid),       0                                       },
+       {  ASN1_TAG_I_2,                        ASN1_OPTIONAL,  0,                                      OSET(has_subject_uid)},/*  IMPLICIT subjectUniqueID OPTIONAL */
+       {   ASN1_BITSTRING,                     0,                              OSET(subject_uid),      0                                       },
+       {  ASN1_TAG_E_3,                        ASN1_OPTIONAL,  0,                                      0                                       }, /*  EXPLICIT extensions OPTIONAL*/
+       {   ASN1_SEQUENCE,                      ASN1_OF,                0,                                      0                                       },
+       /* extension */
+       {   ASN1_END                            0,                              0,                                      0,                                      }, /*  extensions */
+       { ASN1_END,                             0,                              0,                                      0                                       }, /* certificate */
+};
+
+/**
+ * Implementation of private_certificate_t.compute_prime.
+ */
+static void compute_prime(private_certificate_t *this, size_t prime_size, mpz_t *prime)
+{
+       randomizer_t *randomizer;
+       chunk_t random_bytes;
+       
+       randomizer = randomizer_create();
+       mpz_init(*prime);
+       
+       do
+       {
+               randomizer->allocate_random_bytes(randomizer, prime_size, &random_bytes);
+               
+               /* make sure most significant bit is set */
+               random_bytes.ptr[0] = random_bytes.ptr[0] | 0x80;
+               
+               /* convert chunk to mpz value */
+               mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
+               
+               /* get next prime */
+               mpz_nextprime (*prime, *prime);
+               
+               allocator_free(random_bytes.ptr);
+       }
+       /* check if it isnt too large */
+       while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
+       
+       randomizer->destroy(randomizer);
+}
+
+/**
+ * Implementation of private_certificate_t.rsadp and private_certificate_t.rsasp1.
+ */
+static chunk_t rsadp(private_certificate_t *this, chunk_t data)
+{
+       mpz_t t1, t2;
+       chunk_t decrypted;
+       
+       mpz_init(t1);
+       mpz_init(t2);
+       
+       mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
+       
+       mpz_powm(t2, t1, this->exp1, this->p);  /* m1 = c^dP mod p */
+       mpz_powm(t1, t1, this->exp2, this->q);  /* m2 = c^dQ mod Q */
+       mpz_sub(t2, t2, t1);                                    /* h = qInv (m1 - m2) mod p */
+       mpz_mod(t2, t2, this->p);
+       mpz_mul(t2, t2, this->coeff);
+       mpz_mod(t2, t2, this->p);
+       
+       mpz_mul(t2, t2, this->q);                               /* m = m2 + h q */
+       mpz_add(t1, t1, t2);
+       
+       decrypted.len = this->k;
+       decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
+       
+       mpz_clear(t1);
+       mpz_clear(t2);
+       
+       return decrypted;
+}
+
+/**
+ * Implementation of certificate.build_emsa_signature.
+ */
+static status_t build_emsa_pkcs1_signature(private_certificate_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature)
+{
+       hasher_t *hasher;
+       chunk_t hash;
+       chunk_t oid;
+       chunk_t em;
+       
+       /* get oid string prepended to hash */
+       switch (hash_algorithm)
+       {       
+               case HASH_MD2:
+               {
+                       oid.ptr = md2_oid;
+                       oid.len = sizeof(md2_oid);
+                       break;
+               }
+               case HASH_MD5:
+               {
+                       oid.ptr = md5_oid;
+                       oid.len = sizeof(md5_oid);
+                       break;
+               }
+               case HASH_SHA1:
+               {
+                       oid.ptr = sha1_oid;
+                       oid.len = sizeof(sha1_oid);
+                       break;
+               }
+               case HASH_SHA256:
+               {
+                       oid.ptr = sha256_oid;
+                       oid.len = sizeof(sha256_oid);
+                       break;
+               }
+               case HASH_SHA384:
+               {
+                       oid.ptr = sha384_oid;
+                       oid.len = sizeof(sha384_oid);
+                       break;
+               }
+               case HASH_SHA512:
+               {
+                       oid.ptr = sha512_oid;
+                       oid.len = sizeof(sha512_oid);
+                       break;
+               }
+               default:
+               {
+                       return NOT_SUPPORTED;   
+               }
+       }
+       
+       /* get hasher */
+       hasher = hasher_create(hash_algorithm);
+       if (hasher == NULL)
+       {
+               return NOT_SUPPORTED;   
+       }
+       
+       /* build hash */
+       hasher->allocate_hash(hasher, data, &hash);
+       hasher->destroy(hasher);
+       
+       /* build chunk to rsa-decrypt:
+        * EM = 0x00 || 0x01 || PS || 0x00 || T. 
+        * PS = 0xFF padding, with length to fill em
+        * T = oid || hash
+        */
+       em.len = this->k;
+       em.ptr = allocator_alloc(em.len);
+       
+       /* fill em with padding */
+       memset(em.ptr, 0xFF, em.len);
+       /* set magic bytes */
+       *(em.ptr) = 0x00;
+       *(em.ptr+1) = 0x01;
+       *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00;
+       /* set hash */
+       memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len);
+       /* set oid */
+       memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len);
+
+       
+       /* build signature */
+       *signature = this->rsasp1(this, em);
+       
+       allocator_free(hash.ptr);
+       allocator_free(em.ptr);
+       
+       return SUCCESS; 
+}
+
+       
+/**
+ * Implementation of certificate.set_key.
+ */
+static status_t set_key(private_certificate_t *this, chunk_t key)
+{
+       der_decoder_t *dd;
+       status_t status;
+       
+       dd = der_decoder_create(certificate_rules);
+       
+       status = dd->decode(dd, key, this);
+       if (status == SUCCESS)
+       {
+               this->is_key_set = TRUE;
+               this->k = mpz_sizeinbase(this->n, 2) / 8;
+       }
+       dd->destroy(dd);
+       return status;
+}
+
+/**
+ * Implementation of certificate.get_key.
+ */
+static status_t get_key(private_certificate_t *this, chunk_t *key)
+{
+       if (!this->is_key_set)
+       {
+               return INVALID_STATE;   
+       }
+       
+       chunk_t n, e, p, q, d, exp1, exp2, coeff;
+
+       n.len = this->k;
+       n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
+       e.len = this->k;
+       e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
+       p.len = this->k;
+       p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p);
+       q.len = this->k;
+       q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q);
+       d.len = this->k;
+       d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d);
+       exp1.len = this->k;
+       exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1);
+       exp2.len = this->k;
+       exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2);
+       coeff.len = this->k;
+       coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff);
+       
+       key->len = this->k * 8;
+       key->ptr = allocator_alloc(key->len);
+       memcpy(key->ptr + this->k * 0, n.ptr , n.len);
+       memcpy(key->ptr + this->k * 1, e.ptr, e.len);
+       memcpy(key->ptr + this->k * 2, p.ptr, p.len);
+       memcpy(key->ptr + this->k * 3, q.ptr, q.len);
+       memcpy(key->ptr + this->k * 4, d.ptr, d.len);
+       memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len);
+       memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len);
+       memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len);
+       
+       allocator_free(n.ptr);
+       allocator_free(e.ptr);
+       allocator_free(p.ptr);
+       allocator_free(q.ptr);
+       allocator_free(d.ptr);
+       allocator_free(exp1.ptr);
+       allocator_free(exp2.ptr);
+       allocator_free(coeff.ptr);
+       
+       return SUCCESS;
+}
+       
+/**
+ * Implementation of certificate.load_key.
+ */
+static status_t load_key(private_certificate_t *this, char *file)
+{
+       return NOT_SUPPORTED;
+}
+
+/**
+ * Implementation of certificate.save_key.
+ */
+static status_t save_key(private_certificate_t *this, char *file)
+{
+       return NOT_SUPPORTED;
+}
+
+/**
+ * Implementation of certificate.generate_key.
+ */
+static status_t generate_key(private_certificate_t *this, size_t key_size)
+{
+       mpz_t p, q, n, e, d, exp1, exp2, coeff;
+       mpz_t m, q1, t;
+       
+       if (key_size < 0) 
+       {
+               return INVALID_ARG;
+       }
+       
+       mpz_clear(this->n);
+       mpz_clear(this->e);
+       mpz_clear(this->p);
+       mpz_clear(this->q);
+       mpz_clear(this->d);
+       mpz_clear(this->exp1);
+       mpz_clear(this->exp2);
+       mpz_clear(this->coeff);
+       
+       key_size = key_size / 8;
+       
+       mpz_init(t);    
+       mpz_init(n);
+       mpz_init(d);
+       mpz_init(exp1);
+       mpz_init(exp2);
+       mpz_init(coeff);
+       
+       /* Get values of primes p and q  */
+       this->compute_prime(this, key_size/2, &p);
+       this->compute_prime(this, key_size/2, &q);
+
+       /* Swapping Primes so p is larger then q */
+       if (mpz_cmp(p, q) < 0)
+       {
+               mpz_set(t, p);
+               mpz_set(p, q);
+               mpz_set(q, t);
+       }
+       
+       mpz_mul(n, p, q);                                               /* n = p*q */
+       mpz_init_set_ui(e, PUBLIC_EXPONENT);    /* assign public exponent */
+       mpz_init_set(m, p);                                     /* m = p */
+       mpz_sub_ui(m, m, 1);                                    /* m = m -1 */
+       mpz_init_set(q1, q);                                    /* q1 = q */
+       mpz_sub_ui(q1, q1, 1);                                  /* q1 = q1 -1 */
+       mpz_gcd(t, m, q1);                                              /* t = gcd(p-1, q-1) */
+       mpz_mul(m, m, q1);                                              /* m = (p-1)*(q-1) */
+       mpz_divexact(m, m, t);                                  /* m = m / t */
+       mpz_gcd(t, m, e);                                               /* t = gcd(m, e) (greatest common divisor) */
+
+       mpz_invert(d, e, m);                                    /* e has an inverse mod m */
+       if (mpz_cmp_ui(d, 0) < 0)                               /* make sure d is positive */
+       {
+               mpz_add(d, d, m);
+       }
+       mpz_sub_ui(t, p, 1);                                    /* t = p-1 */
+       mpz_mod(exp1, d, t);                                    /* exp1 = d mod p-1 */
+       mpz_sub_ui(t, q, 1);                                    /* t = q-1 */
+       mpz_mod(exp2, d, t);                                    /* exp2 = d mod q-1 */
+       
+       mpz_invert(coeff, q, p);                                /* coeff = q^-1 mod p */
+       if (mpz_cmp_ui(coeff, 0) < 0)                   /* make coeff d is positive */
+       {
+               mpz_add(coeff, coeff, p);
+       }
+
+       mpz_clear(q1);
+       mpz_clear(m);
+       mpz_clear(t);
+
+       /* apply values */
+       *(this->p) = *p;
+       *(this->q) = *q;
+       *(this->n) = *n;
+       *(this->e) = *e;
+       *(this->d) = *d;
+       *(this->exp1) = *exp1;
+       *(this->exp2) = *exp2;
+       *(this->coeff) = *coeff;
+       
+       /* set key size in bytes */
+       
+       this->is_key_set = TRUE;
+       this->k = key_size;
+       
+       return SUCCESS;
+}
+
+/**
+ * Implementation of certificate.get_public_key.
+ */
+rsa_public_key_t *get_public_key(private_certificate_t *this)
+{
+       rsa_public_key_t *public_key;
+       //chunk_t key;
+       
+       public_key = rsa_public_key_create();
+       
+       if (this->is_key_set)
+       {       
+       
+               chunk_t n, e, key;
+
+               n.len = this->k;
+               n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
+               e.len = this->k;
+               e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
+               
+               key.len = this->k * 2;
+               key.ptr = allocator_alloc(key.len);
+               memcpy(key.ptr, n.ptr, n.len);
+               memcpy(key.ptr + n.len, e.ptr, e.len);
+               allocator_free(n.ptr);
+               allocator_free(e.ptr);
+               
+               public_key->set_key(public_key, key);
+               allocator_free(key.ptr);
+
+       }
+       
+       return public_key;
+}
+
+
+/**
+ * Implementation of certificate.destroy.
+ */
+static void destroy(private_certificate_t *this)
+{
+       mpz_clear(this->n);
+       mpz_clear(this->e);
+       mpz_clear(this->p);
+       mpz_clear(this->q);
+       mpz_clear(this->d);
+       mpz_clear(this->exp1);
+       mpz_clear(this->exp2);
+       mpz_clear(this->coeff);
+       allocator_free(this);
+}
+
+/*
+ * Described in header.
+ */
+certificate_t *certificate_create(hash_algorithm_t hash_algoritm)
+{
+       private_certificate_t *this = allocator_alloc_thing(private_certificate_t);
+       
+       /* public functions */
+       this->public.build_emsa_pkcs1_signature = (status_t (*) (certificate_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature;
+       this->public.set_key = (status_t (*) (certificate_t*,chunk_t))set_key;
+       this->public.get_key = (status_t (*) (certificate_t*,chunk_t*))get_key;
+       this->public.load_key = (status_t (*) (certificate_t*,char*))load_key;
+       this->public.save_key = (status_t (*) (certificate_t*,char*))save_key;
+       this->public.generate_key = (status_t (*) (certificate_t*,size_t))generate_key;
+       this->public.get_public_key = (rsa_public_key_t *(*) (certificate_t*))get_public_key;
+       this->public.destroy = (void (*) (certificate_t*))destroy;
+       
+       /* private functions */
+       this->rsadp = rsadp;
+       this->rsasp1 = rsadp; /* same algorithm */
+       this->compute_prime = compute_prime;
+       
+       mpz_init(this->n);
+       mpz_init(this->e);
+       mpz_init(this->p);
+       mpz_init(this->q);
+       mpz_init(this->d);
+       mpz_init(this->exp1);
+       mpz_init(this->exp2);
+       mpz_init(this->coeff);
+       this->is_key_set = FALSE;
+       
+       return &(this->public);
+}
diff --git a/Source/charon/transforms/certificate.h b/Source/charon/transforms/certificate.h
new file mode 100755 (executable)
index 0000000..3cbe7f9
--- /dev/null
@@ -0,0 +1,72 @@
+/**
+ * @file certificate.h
+ * 
+ * @brief Interface of certificate_t.
+ * 
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef CERTIFICATE_H_
+#define CERTIFICATE_H_
+
+#include <types.h>
+#include <definitions.h>
+#include <transforms/rsa/rsa_public_key.h>
+#include <transforms/hashers/hasher.h>
+
+
+typedef struct certificate_t certificate_t;
+
+/**
+ * @brief X509 certificate.
+ * 
+ * Currently only supports signing using EMSA encoding.
+ * 
+ * @b Constructors:
+ *  - certificate_create()
+ *
+ * @ingroup rsa
+ */
+struct certificate_t {
+
+       /**
+        * @brief Get the RSA public key from the certificate.
+        * 
+        * @param this                          calling object
+        * @return                                      public_key
+        */
+       rsa_public_key_t *(*get_public_key) (certificate_t *this);
+       
+       /**
+        * @brief Destroys the private key.
+        * 
+        * @param this                          private key to destroy
+        */
+       void (*destroy) (certificate_t *this);
+};
+
+/**
+ * @brief Create a new certificate without
+ * any key inside.
+ * 
+ * @return created certificate_t.
+ * 
+ * @ingroup rsa
+ */
+certificate_t *certificate_create();
+
+#endif /* CERTIFICATE_H_ */
index 34a217c..22315e9 100644 (file)
@@ -26,6 +26,7 @@
 
 #include <daemon.h>
 #include <utils/allocator.h>
+#include <asn1/der_decoder.h>
 
 
 /* 
@@ -39,20 +40,6 @@ extern u_int8_t sha256_oid[19];
 extern u_int8_t sha384_oid[19];
 extern u_int8_t sha512_oid[19];
 
-/*
-asn1_module_t rsa_private_key_module = {
-       {ASN1_SEQUENCE, 0, 0, 0},
-       {       ASN1_INTEGER, 0,                offsetof(private_rsa_private_key, version), 0},
-       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, n), 0},
-       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, e), 0},
-       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, d), 0},
-       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, p), 0},
-       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, q), 0},
-       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp1), 0},
-       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, exp2), 0},
-       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key, coeff), 0},
-       {ASN1_END, 0, 0, 0},
-};*/
 
 /**
  *  Public exponent to use for key generation.
@@ -155,6 +142,23 @@ struct private_rsa_private_key_t {
 };
 
 /**
+ * Rules for de-/encoding of a private key from/in ASN1 
+ */
+static asn1_rule_t rsa_private_key_rules[] = {
+       {ASN1_SEQUENCE, 0, 0, 0},
+       {       ASN1_INTEGER, 0,                offsetof(private_rsa_private_key_t, version), 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, n), 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, e), 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, d), 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, p), 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, q), 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp1), 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, exp2), 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_private_key_t, coeff), 0},
+       {ASN1_END, 0, 0, 0},
+};
+
+/**
  * Implementation of private_rsa_private_key_t.compute_prime.
  */
 static void compute_prime(private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime)
@@ -174,10 +178,10 @@ static void compute_prime(private_rsa_private_key_t *this, size_t prime_size, mp
                
                /* convert chunk to mpz value */
                mpz_import(*prime, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
-
+               
                /* get next prime */
                mpz_nextprime (*prime, *prime);
-
+               
                allocator_free(random_bytes.ptr);
        }
        /* check if it isnt too large */
@@ -194,28 +198,28 @@ static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data)
        mpz_t t1, t2;
        chunk_t decrypted;
        
-    mpz_init(t1);
-    mpz_init(t2);
-    
-    mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
-    
-    mpz_powm(t2, t1, this->exp1, this->p);     /* m1 = c^dP mod p */
-    mpz_powm(t1, t1, this->exp2, this->q);     /* m2 = c^dQ mod Q */
-    mpz_sub(t2, t2, t1);                                       /* h = qInv (m1 - m2) mod p */
-    mpz_mod(t2, t2, this->p);
-    mpz_mul(t2, t2, this->coeff);
-    mpz_mod(t2, t2, this->p);
-
-    mpz_mul(t2, t2, this->q);                          /* m = m2 + h q */
-    mpz_add(t1, t1, t2);
-
-    decrypted.len = this->k;
-    decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
-
-    mpz_clear(t1);
-    mpz_clear(t2);
-    
-    return decrypted;
+       mpz_init(t1);
+       mpz_init(t2);
+       
+       mpz_import(t1, data.len, 1, 1, 1, 0, data.ptr);
+       
+       mpz_powm(t2, t1, this->exp1, this->p);  /* m1 = c^dP mod p */
+       mpz_powm(t1, t1, this->exp2, this->q);  /* m2 = c^dQ mod Q */
+       mpz_sub(t2, t2, t1);                                    /* h = qInv (m1 - m2) mod p */
+       mpz_mod(t2, t2, this->p);
+       mpz_mul(t2, t2, this->coeff);
+       mpz_mod(t2, t2, this->p);
+       
+       mpz_mul(t2, t2, this->q);                               /* m = m2 + h q */
+       mpz_add(t1, t1, t2);
+       
+       decrypted.len = this->k;
+       decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
+       
+       mpz_clear(t1);
+       mpz_clear(t2);
+       
+       return decrypted;
 }
 
 /**
@@ -319,51 +323,21 @@ static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash
  */
 static status_t set_key(private_rsa_private_key_t *this, chunk_t key)
 {
-       chunk_t n, e, p, q, d, exp1, exp2, coeff;
-       this->k = key.len / 8;
-       
-       n.len = this->k;
-       e.len = this->k;
-       p.len = this->k;
-       q.len = this->k;
-       d.len = this->k;
-       exp1.len = this->k;
-       exp2.len = this->k;
-       coeff.len = this->k;
+       der_decoder_t *dd;
+       status_t status;
        
-       n.ptr = key.ptr + this->k * 0;
-       e.ptr = key.ptr + this->k * 1;
-       p.ptr = key.ptr + this->k * 2;
-       q.ptr = key.ptr + this->k * 3;
-       d.ptr = key.ptr + this->k * 4;
-       exp1.ptr = key.ptr + this->k * 5;
-       exp2.ptr = key.ptr + this->k * 6;
-       coeff.ptr = key.ptr + this->k * 7;
+       dd = der_decoder_create(rsa_private_key_rules);
        
-       mpz_init(this->n);
-       mpz_init(this->e);
-       mpz_init(this->p);
-       mpz_init(this->q);
-       mpz_init(this->d);
-       mpz_init(this->exp1);
-       mpz_init(this->exp2);
-       mpz_init(this->coeff);
-       
-       mpz_import(this->n, this->k, 1, 1, 1, 0, n.ptr);
-       mpz_import(this->e, this->k, 1, 1, 1, 0, e.ptr);
-       mpz_import(this->p, this->k, 1, 1, 1, 0, p.ptr);
-       mpz_import(this->q, this->k, 1, 1, 1, 0, q.ptr);
-       mpz_import(this->d, this->k, 1, 1, 1, 0, d.ptr);
-       mpz_import(this->exp1, this->k, 1, 1, 1, 0, exp1.ptr);
-       mpz_import(this->exp2, this->k, 1, 1, 1, 0, exp2.ptr);
-       mpz_import(this->coeff, this->k, 1, 1, 1, 0, coeff.ptr);
-       
-       this->is_key_set = TRUE;
-       
-       return SUCCESS;
-
+       status = dd->decode(dd, key, this);
+       if (status == SUCCESS)
+       {
+               this->is_key_set = TRUE;
+               this->k = mpz_sizeinbase(this->n, 2) / 8;
+       }
+       dd->destroy(dd);
+       return status;
 }
-       
+
 /**
  * Implementation of rsa_private_key.get_key.
  */
@@ -445,17 +419,14 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
                return INVALID_ARG;
        }
        
-       if (this->is_key_set)
-       {
-               mpz_clear(this->n);
-               mpz_clear(this->e);
-               mpz_clear(this->p);
-               mpz_clear(this->q);
-               mpz_clear(this->d);
-               mpz_clear(this->exp1);
-               mpz_clear(this->exp2);
-               mpz_clear(this->coeff);
-       }
+       mpz_clear(this->n);
+       mpz_clear(this->e);
+       mpz_clear(this->p);
+       mpz_clear(this->q);
+       mpz_clear(this->d);
+       mpz_clear(this->exp1);
+       mpz_clear(this->exp2);
+       mpz_clear(this->coeff);
        
        key_size = key_size / 8;
        
@@ -471,7 +442,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
        this->compute_prime(this, key_size/2, &q);
 
        /* Swapping Primes so p is larger then q */
-       if (mpz_cmp(p, q) < 0)                                  
+       if (mpz_cmp(p, q) < 0)
        {
                mpz_set(t, p);
                mpz_set(p, q);
@@ -510,7 +481,7 @@ static status_t generate_key(private_rsa_private_key_t *this, size_t key_size)
        mpz_clear(t);
 
        /* apply values */
-       *(this->p) = *p;                                
+       *(this->p) = *p;
        *(this->q) = *q;
        *(this->n) = *n;
        *(this->e) = *e;
@@ -568,17 +539,14 @@ rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
  */
 static void destroy(private_rsa_private_key_t *this)
 {
-       if (this->is_key_set)
-       {
-               mpz_clear(this->n);
-               mpz_clear(this->e);
-               mpz_clear(this->p);
-               mpz_clear(this->q);
-               mpz_clear(this->d);
-               mpz_clear(this->exp1);
-               mpz_clear(this->exp2);
-               mpz_clear(this->coeff);
-       }
+       mpz_clear(this->n);
+       mpz_clear(this->e);
+       mpz_clear(this->p);
+       mpz_clear(this->q);
+       mpz_clear(this->d);
+       mpz_clear(this->exp1);
+       mpz_clear(this->exp2);
+       mpz_clear(this->coeff);
        allocator_free(this);
 }
 
@@ -604,6 +572,14 @@ rsa_private_key_t *rsa_private_key_create(hash_algorithm_t hash_algoritm)
        this->rsasp1 = rsadp; /* same algorithm */
        this->compute_prime = compute_prime;
        
+       mpz_init(this->n);
+       mpz_init(this->e);
+       mpz_init(this->p);
+       mpz_init(this->q);
+       mpz_init(this->d);
+       mpz_init(this->exp1);
+       mpz_init(this->exp2);
+       mpz_init(this->coeff);
        this->is_key_set = FALSE;
        
        return &(this->public);
index 6271e4a..fb3fe3c 100644 (file)
 #include <daemon.h>
 #include <utils/allocator.h>
 #include <transforms/hashers/hasher.h>
+#include <asn1/der_decoder.h>
 
 /* 
- * Since we don't have an ASN1 parser/generator,
+ * For simplicity,
  * we use these predefined values for
- * hash algorithm oids. These also contain
+ * hash algorithm OIDs. These also contain
  * the length of the following hash.
  * These values are also used in rsa_private_key.c.
  */
 
-u_int8_t md2_oid[18] = {
+u_int8_t md2_oid[] = {
        0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,
        0x48,0x86,0xf7,0x0d,0x02,0x02,0x05,0x00,
        0x04,0x10
@@ -92,6 +93,7 @@ struct private_rsa_public_key_t {
         * Public modulus.
         */
        mpz_t n;
+       
        /**
         * Public exponent.
         */
@@ -122,7 +124,17 @@ struct private_rsa_public_key_t {
 };
 
 /**
- * Implementation of private_rsa_public_key_t.rsadp and private_rsa_public_key_t.rsavp1
+ * Rules for de-/encoding of a public key from/in ASN1 
+ */
+static asn1_rule_t rsa_public_key_rules[] = {
+       {ASN1_SEQUENCE, 0, 0, 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, n), 0},
+       {       ASN1_INTEGER, ASN1_MPZ, offsetof(private_rsa_public_key_t, e), 0},
+       {ASN1_END, 0, 0, 0},
+};
+
+/**
+ * Implementation of private_rsa_public_key_t.rsaep and private_rsa_public_key_t.rsavp1
  */
 static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
 {
@@ -146,7 +158,7 @@ static chunk_t rsaep(private_rsa_public_key_t *this, chunk_t data)
 }
 
 /**
- * Implementation of rsa_public_key.verify_emsa_signature.
+ * Implementation of rsa_public_key.verify_emsa_pkcs1_signature.
  */
 static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chunk_t data, chunk_t signature)
 {
@@ -278,25 +290,20 @@ static status_t verify_emsa_pkcs1_signature(private_rsa_public_key_t *this, chun
  */
 static status_t set_key(private_rsa_public_key_t *this, chunk_t key)
 {
-       chunk_t n, e;
-       
-       n.len = key.len/2;
-       n.ptr = key.ptr;
-       e.len = n.len;
-       e.ptr = key.ptr + n.len;
-       
-       mpz_init(this->n);
-       mpz_init(this->e);
+       der_decoder_t *dd;
+       status_t status;
        
-       mpz_import(this->n, n.len, 1, 1, 1, 0, n.ptr);
-       mpz_import(this->e, n.len, 1, 1, 1, 0, e.ptr);
+       dd = der_decoder_create(rsa_public_key_rules);
        
-       this->k = n.len;
-       
-       this->is_key_set = TRUE;
-       
-       return SUCCESS;
-}      
+       status = dd->decode(dd, key, this);
+       if (status == SUCCESS)
+       {
+               this->is_key_set = TRUE;
+               this->k = mpz_sizeinbase(this->n, 2) / 8;
+       }
+       dd->destroy(dd);
+       return status;
+}
 
        
 /**
@@ -347,11 +354,8 @@ static status_t save_key(private_rsa_public_key_t *this, char *file)
  */
 static void destroy(private_rsa_public_key_t *this)
 {
-       if (this->is_key_set)
-       {
-               mpz_clear(this->n);
-               mpz_clear(this->e);
-       }
+       mpz_clear(this->n);
+       mpz_clear(this->e);
        allocator_free(this);
 }
 
@@ -374,6 +378,8 @@ rsa_public_key_t *rsa_public_key_create()
        this->rsaep = rsaep;
        this->rsavp1 = rsaep; /* same algorithm */
        
+       mpz_init(this->n);
+       mpz_init(this->e);
        this->is_key_set = FALSE;
        
        return &(this->public);
index ad7a031..05824e6 100644 (file)
@@ -49,6 +49,8 @@ mapping_t logger_context_t_mappings[] = {
        {CONFIG, "CONFIG"},
        {ENCRYPTION_PAYLOAD, "ENCRYPTION_PAYLOAD"},
        {PAYLOAD, "PAYLOAD"},
+       {DER_DECODER, "DER_DECODER"},
+       {DER_ENCODER, "DER_ENCODER"},
        {MAPPING_END, NULL},
 };
 
@@ -75,6 +77,8 @@ struct {
        { "CONFG", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE,  NULL}, /* CONFIG */
        { "ENCPL", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE,  NULL}, /* ENCRYPTION_PAYLOAD */
        { "PAYLD", ERROR|CONTROL|AUDIT|LEVEL0,  TRUE,  NULL}, /* PAYLOAD */
+       { "DERDC", ERROR|CONTROL|AUDIT|RAW|PRIVATE|LEVEL3,      TRUE,  NULL}, /* DER_DECODER */
+       { "DEREC", ERROR|CONTROL|AUDIT|RAW|PRIVATE|LEVEL3,      TRUE,  NULL}, /* DER_ENCODER */
 };
 
 
index 475fdc9..3614204 100644 (file)
@@ -53,6 +53,8 @@ enum logger_context_t {
        CONFIG,
        ENCRYPTION_PAYLOAD,
        PAYLOAD,
+       DER_DECODER,
+       DER_ENCODER,
        LOGGER_CONTEXT_ROOF,
 };