ECDSA with OpenSSL
authorTobias Brunner <tobias@strongswan.org>
Tue, 10 Jun 2008 09:08:27 +0000 (09:08 -0000)
committerTobias Brunner <tobias@strongswan.org>
Tue, 10 Jun 2008 09:08:27 +0000 (09:08 -0000)
30 files changed:
src/charon/Makefile.am
src/charon/config/peer_cfg.c
src/charon/config/peer_cfg.h
src/charon/encoding/payloads/auth_payload.c
src/charon/plugins/medcli/medcli_config.c
src/charon/plugins/medsrv/medsrv_config.c
src/charon/plugins/stroke/stroke_cred.c
src/charon/sa/authenticators/authenticator.c
src/charon/sa/authenticators/authenticator.h
src/charon/sa/authenticators/pubkey_authenticator.c [new file with mode: 0644]
src/charon/sa/authenticators/pubkey_authenticator.h [new file with mode: 0644]
src/charon/sa/authenticators/rsa_authenticator.c [deleted file]
src/charon/sa/authenticators/rsa_authenticator.h [deleted file]
src/charon/sa/tasks/ike_auth.c
src/charon/sa/tasks/ike_cert_post.c
src/libstrongswan/credentials/keys/public_key.c
src/libstrongswan/credentials/keys/public_key.h
src/libstrongswan/plugins/openssl/Makefile.am
src/libstrongswan/plugins/openssl/openssl_ec_private_key.c [new file with mode: 0644]
src/libstrongswan/plugins/openssl/openssl_ec_private_key.h [new file with mode: 0644]
src/libstrongswan/plugins/openssl/openssl_ec_public_key.c [new file with mode: 0644]
src/libstrongswan/plugins/openssl/openssl_ec_public_key.h [new file with mode: 0644]
src/libstrongswan/plugins/openssl/openssl_plugin.c
src/libstrongswan/plugins/openssl/openssl_util.c [new file with mode: 0644]
src/libstrongswan/plugins/openssl/openssl_util.h [new file with mode: 0644]
src/libstrongswan/plugins/pubkey/pubkey_public_key.c
src/libstrongswan/plugins/x509/x509_cert.c
src/pluto/constants.h
src/starter/confread.c
src/starter/starterstroke.c

index 65d70a2..7ddd117 100644 (file)
@@ -64,7 +64,7 @@ sa/authenticators/eap_authenticator.c sa/authenticators/eap_authenticator.h \
 sa/authenticators/eap/eap_method.c sa/authenticators/eap/eap_method.h \
 sa/authenticators/eap/eap_manager.c sa/authenticators/eap/eap_manager.h \
 sa/authenticators/psk_authenticator.c sa/authenticators/psk_authenticator.h \
-sa/authenticators/rsa_authenticator.c sa/authenticators/rsa_authenticator.h \
+sa/authenticators/pubkey_authenticator.c sa/authenticators/pubkey_authenticator.h \
 sa/child_sa.c sa/child_sa.h \
 sa/ike_sa.c sa/ike_sa.h \
 sa/ike_sa_id.c sa/ike_sa_id.h \
index c290c79..b8fe59b 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007 Tobias Brunner
+ * Copyright (C) 2007-2008 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
 ENUM(cert_policy_names, CERT_ALWAYS_SEND, CERT_NEVER_SEND,
        "CERT_ALWAYS_SEND",
        "CERT_SEND_IF_ASKED",
-       "CERT_NEVER_SEND"
+       "CERT_NEVER_SEND",
+);
+
+ENUM(unique_policy_names, UNIQUE_NO, UNIQUE_KEEP,
+       "UNIQUE_NO",
+       "UNIQUE_REPLACE",
+       "UNIQUE_KEEP",
+);
+
+ENUM(config_auth_method_names, CONF_AUTH_PUBKEY, CONF_AUTH_EAP,
+       "CONF_AUTH_PUBKEY",
+       "CONF_AUTH_PSK",
+       "CONF_AUTH_EAP",
 );
 
 typedef struct private_peer_cfg_t private_peer_cfg_t;
@@ -96,7 +108,7 @@ struct private_peer_cfg_t {
        /**
         * Method to use for own authentication data
         */
-       auth_method_t auth_method;
+       config_auth_method_t auth_method;
        
        /**
         * EAP type to use for peer authentication
@@ -307,15 +319,15 @@ static unique_policy_t get_unique_policy(private_peer_cfg_t *this)
 }
 
 /**
- * Implementation of connection_t.auth_method_t.
+ * Implementation of peer_cfg_t.get_auth_method.
  */
-static auth_method_t get_auth_method(private_peer_cfg_t *this)
+static config_auth_method_t get_auth_method(private_peer_cfg_t *this)
 {
        return this->auth_method;
 }
 
 /**
- * Implementation of connection_t.get_eap_type.
+ * Implementation of peer_cfg_t.get_eap_type.
  */
 static eap_type_t get_eap_type(private_peer_cfg_t *this, u_int32_t *vendor)
 {
@@ -324,7 +336,7 @@ static eap_type_t get_eap_type(private_peer_cfg_t *this, u_int32_t *vendor)
 }
 
 /**
- * Implementation of connection_t.get_keyingtries.
+ * Implementation of peer_cfg_t.get_keyingtries.
  */
 static u_int32_t get_keyingtries(private_peer_cfg_t *this)
 {
@@ -521,7 +533,7 @@ static void destroy(private_peer_cfg_t *this)
 peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg,
                                                        identification_t *my_id, identification_t *other_id,
                                                        cert_policy_t cert_policy, unique_policy_t unique,
-                                                       auth_method_t auth_method, eap_type_t eap_type,
+                                                       config_auth_method_t auth_method, eap_type_t eap_type,
                                                        u_int32_t eap_vendor,
                                                        u_int32_t keyingtries, u_int32_t rekey_time,
                                                        u_int32_t reauth_time, u_int32_t jitter_time,
@@ -544,7 +556,7 @@ peer_cfg_t *peer_cfg_create(char *name, u_int ike_version, ike_cfg_t *ike_cfg,
        this->public.get_other_id = (identification_t* (*)(peer_cfg_t *))get_other_id;
        this->public.get_cert_policy = (cert_policy_t (*) (peer_cfg_t *))get_cert_policy;
        this->public.get_unique_policy = (unique_policy_t (*) (peer_cfg_t *))get_unique_policy;
-       this->public.get_auth_method = (auth_method_t (*) (peer_cfg_t *))get_auth_method;
+       this->public.get_auth_method = (config_auth_method_t (*) (peer_cfg_t *))get_auth_method;
        this->public.get_eap_type = (eap_type_t (*) (peer_cfg_t *,u_int32_t*))get_eap_type;
        this->public.get_keyingtries = (u_int32_t (*) (peer_cfg_t *))get_keyingtries;
        this->public.get_rekey_time = (u_int32_t(*)(peer_cfg_t*))get_rekey_time;
index 795ca12..d682534 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007 Tobias Brunner
+ * Copyright (C) 2007-2008 Tobias Brunner
  * Copyright (C) 2005-2007 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -27,6 +27,7 @@
 
 typedef enum cert_policy_t cert_policy_t;
 typedef enum unique_policy_t unique_policy_t;
+typedef enum config_auth_method_t config_auth_method_t;
 typedef struct peer_cfg_t peer_cfg_t;
 
 #include <library.h>
@@ -81,6 +82,23 @@ enum unique_policy_t {
 extern enum_name_t *unique_policy_names;
 
 /**
+ * Authentication method for this IKE_SA.
+ */
+enum config_auth_method_t {
+       /** authentication using public keys (RSA, ECDSA) */
+       CONF_AUTH_PUBKEY = 0,
+       /** authentication using a pre-shared secret */
+       CONF_AUTH_PSK,
+       /** authentication using EAP */
+       CONF_AUTH_EAP,
+};
+
+/**
+ * enum strings for config_auth_method_t
+ */
+extern enum_name_t *config_auth_method_names;
+
+/**
  * Configuration of a peer, specified by IDs.
  *
  * The peer config defines a connection between two given IDs. It contains
@@ -208,7 +226,7 @@ struct peer_cfg_t {
         * 
         * @return                      authentication method
         */
-       auth_method_t (*get_auth_method) (peer_cfg_t *this);
+       config_auth_method_t (*get_auth_method) (peer_cfg_t *this);
        
        /**
         * Get the EAP type to use for peer authentication.
@@ -375,7 +393,7 @@ struct peer_cfg_t {
 peer_cfg_t *peer_cfg_create(char *name, u_int ikev_version, ike_cfg_t *ike_cfg,
                                                        identification_t *my_id, identification_t *other_id,
                                                        cert_policy_t cert_policy, unique_policy_t unique,
-                                                       auth_method_t auth_method, eap_type_t eap_type,
+                                                       config_auth_method_t auth_method, eap_type_t eap_type,
                                                        u_int32_t eap_vendor,
                                                        u_int32_t keyingtries, u_int32_t rekey_time,
                                                        u_int32_t reauth_time, u_int32_t jitter_time,
index 5df9e90..79a2eed 100644 (file)
@@ -111,7 +111,8 @@ encoding_rule_t auth_payload_encodings[] = {
 static status_t verify(private_auth_payload_t *this)
 {
        if (this->auth_method == 0 ||
-               (this->auth_method >= 4 && this->auth_method <= 200))
+               (this->auth_method >= 4 && this->auth_method <= 8) ||
+               (this->auth_method >= 12 && this->auth_method <= 200))
        {
                /* reserved IDs */
                return FAILED;
index 8a56bfe..1bf02e4 100644 (file)
@@ -120,7 +120,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
                "mediation", 2, ike_cfg,
                identification_create_from_encoding(ID_KEY_ID, me),
                identification_create_from_encoding(ID_KEY_ID, other),
-               CERT_NEVER_SEND, UNIQUE_REPLACE, AUTH_RSA,
+               CERT_NEVER_SEND, UNIQUE_REPLACE, CONF_AUTH_PUBKEY,
                0, 0,                                                   /* EAP method, vendor */
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
@@ -149,7 +149,7 @@ static peer_cfg_t *get_peer_cfg_by_name(private_medcli_config_t *this, char *nam
                name, 2, this->ike->get_ref(this->ike),
                identification_create_from_encoding(ID_KEY_ID, me),
                identification_create_from_encoding(ID_KEY_ID, other),
-               CERT_NEVER_SEND, UNIQUE_REPLACE, AUTH_RSA,
+               CERT_NEVER_SEND, UNIQUE_REPLACE, CONF_AUTH_PUBKEY,
                0, 0,                                                   /* EAP method, vendor */
                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                this->rekey*5, this->rekey*3,   /* jitter, overtime */
index 04cb569..ff11939 100644 (file)
@@ -99,7 +99,7 @@ static enumerator_t* create_peer_cfg_enumerator(private_medsrv_config_t *this,
                        peer_cfg = peer_cfg_create(
                                name, 2, this->ike->get_ref(this->ike),
                                me->clone(me), other->clone(other),
-                               CERT_NEVER_SEND, UNIQUE_REPLACE, AUTH_RSA,
+                               CERT_NEVER_SEND, UNIQUE_REPLACE, CONF_AUTH_RSA,
                                0, 0,                                                   /* EAP method, vendor */
                                1, this->rekey*60, 0,                   /* keytries, rekey, reauth */
                                this->rekey*5, this->rekey*3,   /* jitter, overtime */
index 819b3f0..368aea1 100644 (file)
@@ -135,10 +135,6 @@ static enumerator_t* create_private_enumerator(private_stroke_cred_t *this,
 {
        id_data_t *data;
 
-       if (type != KEY_RSA && type != KEY_ANY)
-       {       /* we only have RSA keys */
-               return NULL;
-       }
        data = malloc_thing(id_data_t);
        data->this = this;
        data->id = id;
@@ -253,10 +249,6 @@ static enumerator_t* create_cert_enumerator(private_stroke_cred_t *this,
        {       /* we only have X509 certificates. TODO: ACs? */
                return NULL;
        }
-       if (key != KEY_RSA && key != KEY_ANY)
-       {       /* we only have RSA keys */
-               return NULL;
-       }
        data = malloc_thing(id_data_t);
        data->this = this;
        data->id = id;
@@ -741,7 +733,7 @@ static void load_secrets(private_stroke_cred_t *this)
                        DBG1(DBG_CFG, "line %d: missing token", line_nr);
                        goto error;
                }
-               if (match("RSA", &token))
+               if (match("RSA", &token) || match("EC", &token))
                {
                        char path[PATH_MAX];
                        chunk_t filename;
@@ -749,6 +741,7 @@ static void load_secrets(private_stroke_cred_t *this)
                        private_key_t *key;
                        bool pgp = FALSE;
                        chunk_t chunk = chunk_empty;
+                       key_type_t key_type = match("RSA", &token) ? KEY_RSA : KEY_ECDSA;
 
                        err_t ugh = extract_value(&filename, &line);
 
@@ -787,7 +780,7 @@ static void load_secrets(private_stroke_cred_t *this)
 
                        if (pem_asn1_load_file(path, &secret, &chunk, &pgp))
                        {
-                               key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+                               key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, key_type,
                                                                                 BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
                                if (key)
                                {
@@ -861,7 +854,7 @@ static void load_secrets(private_stroke_cred_t *this)
                else
                {
                        DBG1(DBG_CFG, "line %d: token must be either "
-                                "RSA, PSK, EAP, or PIN", line_nr);
+                                "RSA, EC, PSK, EAP, or PIN", line_nr);
                        goto error;
                }
        }
index fc528ff..8e246a2 100644 (file)
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2006 Martin Willi
  * Hochschule fuer Technik Rapperswil
  *
@@ -19,7 +20,7 @@
 
 #include "authenticator.h"
 
-#include <sa/authenticators/rsa_authenticator.h>
+#include <sa/authenticators/pubkey_authenticator.h>
 #include <sa/authenticators/psk_authenticator.h>
 #include <sa/authenticators/eap_authenticator.h>
 
@@ -28,23 +29,46 @@ ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
        "RSA signature",
        "pre-shared key",
        "DSS signature");
-ENUM_NEXT(auth_method_names, AUTH_EAP, AUTH_EAP, AUTH_DSS,
+ENUM_NEXT(auth_method_names, AUTH_ECDSA_256, AUTH_ECDSA_521, AUTH_DSS,
+       "ECDSA-256 signature",
+       "ECDSA-384 signature",
+       "ECDSA-521 signature");
+ENUM_NEXT(auth_method_names, AUTH_EAP, AUTH_EAP, AUTH_ECDSA_521,
        "EAP");
 ENUM_END(auth_method_names, AUTH_EAP);
 
-/*
+/**
  * Described in header.
  */
-authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method)
+authenticator_t *authenticator_create(ike_sa_t *ike_sa, config_auth_method_t auth_method)
 {
        switch (auth_method)
        {
+               case CONF_AUTH_PUBKEY:
+                       return (authenticator_t*)pubkey_authenticator_create(ike_sa);
+               case CONF_AUTH_PSK:
+                       return (authenticator_t*)psk_authenticator_create(ike_sa);
+               case CONF_AUTH_EAP:
+                       return (authenticator_t*)eap_authenticator_create(ike_sa);
+               default:
+                       return NULL;
+       }
+}
+
+/**
+ * Described in header.
+ */
+authenticator_t *authenticator_create_from_auth_payload(ike_sa_t *ike_sa, auth_payload_t *auth_payload)
+{
+       switch (auth_payload->get_auth_method(auth_payload))
+       {
                case AUTH_RSA:
-                       return (authenticator_t*)rsa_authenticator_create(ike_sa);
+               case AUTH_ECDSA_256:
+               case AUTH_ECDSA_384:
+               case AUTH_ECDSA_521:
+                       return (authenticator_t*)pubkey_authenticator_create(ike_sa);
                case AUTH_PSK:
                        return (authenticator_t*)psk_authenticator_create(ike_sa);
-               case AUTH_EAP:
-                       return (authenticator_t*)eap_authenticator_create(ike_sa);
                default:
                        return NULL;
        }
index d0286be..54a6b03 100644 (file)
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -29,6 +30,7 @@ typedef struct authenticator_t authenticator_t;
 
 #include <library.h>
 #include <sa/ike_sa.h>
+#include <config/peer_cfg.h>
 #include <encoding/payloads/auth_payload.h>
 
 /**
@@ -55,6 +57,21 @@ enum auth_method_t {
        AUTH_DSS = 3,
        
        /**
+        * ECDSA with SHA-256 on the P-256 curve as specified in RFC 4754
+        */
+       AUTH_ECDSA_256 = 9,
+       
+       /**
+        * ECDSA with SHA-384 on the P-384 curve as specified in RFC 4754
+        */
+       AUTH_ECDSA_384 = 10,
+       
+       /**
+        * ECDSA with SHA-512 on the P-521 curve as specified in RFC 4754
+        */
+       AUTH_ECDSA_521 = 11,
+       
+       /**
         * EAP authentication. This value is never negotiated and therefore
         * a value from private use.
         */
@@ -70,8 +87,9 @@ extern enum_name_t *auth_method_names;
  * Authenticator interface implemented by the various authenticators.
  *
  * Currently the following two AUTH methods are supported:
- *  - shared key message integrity code (AUTH_PSK)
- *  - RSA digital signature (AUTH_RSA)
+ *  - shared key message integrity code
+ *  - RSA digital signature
+ *  - ECDSA is supported using OpenSSL
  */
 struct authenticator_t {
 
@@ -112,13 +130,23 @@ struct authenticator_t {
 };
 
 /**
- * Creates an authenticator for the specified auth method.
+ * Creates an authenticator for the specified auth method (as configured).
  *
  * @param ike_sa               associated ike_sa
  * @param auth_method  authentication method to use for build()/verify()
  *
  * @return                             authenticator_t object
  */
-authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method);
+authenticator_t *authenticator_create(ike_sa_t *ike_sa, config_auth_method_t auth_method);
+
+/**
+ * Creates an authenticator from the given auth payload.
+ * 
+ * @param ike_sa               associated ike_sa
+ * @param auth_payload auth payload
+ * 
+ * @return                             authenticator_t object
+ */
+authenticator_t *authenticator_create_from_auth_payload(ike_sa_t *ike_sa, auth_payload_t *auth_payload);
 
 #endif /* AUTHENTICATOR_H_ @} */
diff --git a/src/charon/sa/authenticators/pubkey_authenticator.c b/src/charon/sa/authenticators/pubkey_authenticator.c
new file mode 100644 (file)
index 0000000..15a79e2
--- /dev/null
@@ -0,0 +1,229 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include <string.h>
+
+#include "pubkey_authenticator.h"
+
+#include <daemon.h>
+#include <credentials/auth_info.h>
+
+
+typedef struct private_pubkey_authenticator_t private_pubkey_authenticator_t;
+
+/**
+ * Private data of an pubkey_authenticator_t object.
+ */
+struct private_pubkey_authenticator_t {
+       
+       /**
+        * Public authenticator_t interface.
+        */
+       pubkey_authenticator_t public;
+       
+       /**
+        * Assigned IKE_SA
+        */
+       ike_sa_t *ike_sa;
+};
+
+/**
+ * Function implemented in psk_authenticator.c
+ */
+extern chunk_t build_tbs_octets(chunk_t ike_sa_init, chunk_t nonce,
+                                                               identification_t *id, prf_t *prf);
+
+/**
+ * Implementation of authenticator_t.verify.
+ */
+static status_t verify(private_pubkey_authenticator_t *this, chunk_t ike_sa_init,
+                                          chunk_t my_nonce, auth_payload_t *auth_payload)
+{
+       public_key_t *public;
+       auth_method_t auth_method;
+       chunk_t auth_data, octets;
+       identification_t *other_id;
+       prf_t *prf;
+       auth_info_t *auth, *current_auth;
+       enumerator_t *enumerator;
+       key_type_t key_type = KEY_ECDSA;
+       signature_scheme_t scheme;
+       status_t status = FAILED;
+       
+       other_id = this->ike_sa->get_other_id(this->ike_sa);
+       auth_method = auth_payload->get_auth_method(auth_payload);
+       switch (auth_method)
+       {
+               case AUTH_RSA:
+                       /* We are currently fixed to SHA1 hashes.
+                        * TODO: allow other hash algorithms and note it in "auth" */
+                       key_type = KEY_RSA;
+                       scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
+                       break;
+               case AUTH_ECDSA_256:
+                       scheme = SIGN_ECDSA_256;
+                       break;
+               case AUTH_ECDSA_384:
+                       scheme = SIGN_ECDSA_384;
+                       break;
+               case AUTH_ECDSA_521:
+                       scheme = SIGN_ECDSA_521;
+                       break;
+               default:
+                       return INVALID_ARG;
+       }
+       auth_data = auth_payload->get_data(auth_payload);
+       prf = this->ike_sa->get_prf(this->ike_sa);
+       prf->set_key(prf, this->ike_sa->get_skp_verify(this->ike_sa));
+       octets = build_tbs_octets(ike_sa_init, my_nonce, other_id, prf);
+       
+       auth = this->ike_sa->get_other_auth(this->ike_sa);
+       enumerator = charon->credentials->create_public_enumerator(
+                                                               charon->credentials, key_type, other_id, auth);
+       while (enumerator->enumerate(enumerator, &public, &current_auth))
+       {
+               if (public->verify(public, scheme, octets, auth_data))
+               {
+                       DBG1(DBG_IKE, "authentication of '%D' with %N successful",
+                                                  other_id, auth_method_names, auth_method);
+                       status = SUCCESS;
+                       auth->merge(auth, current_auth);
+                       break;
+               }
+               else
+               {
+                       DBG1(DBG_IKE, "signature validation failed, looking for another key");
+               }
+       }
+       enumerator->destroy(enumerator);
+       chunk_free(&octets);
+       return status;
+}
+
+/**
+ * Implementation of authenticator_t.build.
+ */
+static status_t build(private_pubkey_authenticator_t *this, chunk_t ike_sa_init,
+                                         chunk_t other_nonce, auth_payload_t **auth_payload)
+{
+       chunk_t octets, auth_data;
+       status_t status = FAILED;
+       private_key_t *private;
+       identification_t *my_id;
+       prf_t *prf;
+       auth_info_t *auth;
+       auth_method_t auth_method;
+       signature_scheme_t scheme;
+
+       my_id = this->ike_sa->get_my_id(this->ike_sa);
+       DBG1(DBG_IKE, "authentication of '%D' (myself) with public key", my_id);
+       
+       auth = this->ike_sa->get_my_auth(this->ike_sa);
+       private = charon->credentials->get_private(charon->credentials, KEY_ANY,
+                                                                                          my_id, auth);
+       if (private == NULL)
+       {
+               DBG1(DBG_IKE, "no private key found for '%D'", my_id);
+               return NOT_FOUND;
+       }
+       
+       switch (private->get_type(private))
+       {
+               case KEY_RSA:
+                       /* we currently use always SHA1 for signatures, 
+                        * TODO: support other hashes depending on configuration/auth */
+                       scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
+                       auth_method = AUTH_RSA;
+                       break;
+               case KEY_ECDSA:
+                       /* we try to deduct the signature scheme from the keysize */
+                       switch (private->get_keysize(private))
+                       {
+                               case 32:
+                                       scheme = SIGN_ECDSA_256; 
+                                       auth_method = AUTH_ECDSA_256;
+                                       break;
+                               case 48:
+                                       scheme = SIGN_ECDSA_384;
+                                       auth_method = AUTH_ECDSA_384;
+                                       break;
+                               case 66:
+                                       scheme = SIGN_ECDSA_521;
+                                       auth_method = AUTH_ECDSA_521;
+                                       break;
+                               default:
+                                       DBG1(DBG_IKE, "ECDSA not supported by private key");
+                                       return status;
+                       }
+                       break;
+               default:
+                       DBG1(DBG_IKE, "private key of type %N not supported",
+                                       key_type_names, private->get_type(private));
+                       return status;
+       }
+       
+       prf = this->ike_sa->get_prf(this->ike_sa);
+       prf->set_key(prf, this->ike_sa->get_skp_build(this->ike_sa));
+       octets = build_tbs_octets(ike_sa_init, other_nonce, my_id, prf);
+       
+       if (private->sign(private, scheme, octets, &auth_data))
+       {
+               auth_payload_t *payload = auth_payload_create();
+               payload->set_auth_method(payload, auth_method);
+               payload->set_data(payload, auth_data);
+               *auth_payload = payload;
+               chunk_free(&auth_data);
+               status = SUCCESS;
+               DBG2(DBG_IKE, "successfully built %N with private key", auth_method_names, auth_method);
+       }
+       else
+       {
+               DBG1(DBG_IKE, "building signature failed");
+       }
+       chunk_free(&octets);
+       private->destroy(private);
+       
+       return status;
+}
+
+/**
+ * Implementation of authenticator_t.destroy.
+ */
+static void destroy(private_pubkey_authenticator_t *this)
+{
+       free(this);
+}
+
+/*
+ * Described in header.
+ */
+pubkey_authenticator_t *pubkey_authenticator_create(ike_sa_t *ike_sa)
+{
+       private_pubkey_authenticator_t *this = malloc_thing(private_pubkey_authenticator_t);
+       
+       /* public functions */
+       this->public.authenticator_interface.verify = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t*))verify;
+       this->public.authenticator_interface.build = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t**))build;
+       this->public.authenticator_interface.destroy = (void(*)(authenticator_t*))destroy;
+       
+       /* private data */
+       this->ike_sa = ike_sa;
+       
+       return &this->public;
+}
diff --git a/src/charon/sa/authenticators/pubkey_authenticator.h b/src/charon/sa/authenticators/pubkey_authenticator.h
new file mode 100644 (file)
index 0000000..de5708c
--- /dev/null
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup pubkey_authenticator pubkey_authenticator
+ * @{ @ingroup authenticators
+ */
+
+#ifndef PUBKEY_AUTHENTICATOR_H_
+#define PUBKEY_AUTHENTICATOR_H_
+
+typedef struct pubkey_authenticator_t pubkey_authenticator_t;
+
+#include <sa/authenticators/authenticator.h>
+
+/**
+ * Implementation of the authenticator_t interface using AUTH_PUBKEY.
+ */
+struct pubkey_authenticator_t {
+
+       /**
+        * Implemented authenticator_t interface.
+        */
+       authenticator_t authenticator_interface;
+};
+
+/**
+ * Creates an authenticator for AUTH_PUBKEY.
+ *
+ * @param ike_sa               associated ike_sa
+ * @return                             pubkey_authenticator_t object
+ */
+pubkey_authenticator_t *pubkey_authenticator_create(ike_sa_t *ike_sa);
+
+#endif /* PUBKEY_AUTHENTICATOR_H_ @} */
diff --git a/src/charon/sa/authenticators/rsa_authenticator.c b/src/charon/sa/authenticators/rsa_authenticator.c
deleted file mode 100644 (file)
index fff660b..0000000
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * $Id$
- */
-
-#include <string.h>
-
-#include "rsa_authenticator.h"
-
-#include <daemon.h>
-#include <credentials/auth_info.h>
-
-
-typedef struct private_rsa_authenticator_t private_rsa_authenticator_t;
-
-/**
- * Private data of an rsa_authenticator_t object.
- */
-struct private_rsa_authenticator_t {
-       
-       /**
-        * Public authenticator_t interface.
-        */
-       rsa_authenticator_t public;
-       
-       /**
-        * Assigned IKE_SA
-        */
-       ike_sa_t *ike_sa;
-};
-
-/**
- * Function implemented in psk_authenticator.c
- */
-extern chunk_t build_tbs_octets(chunk_t ike_sa_init, chunk_t nonce,
-                                                               identification_t *id, prf_t *prf);
-
-/**
- * Implementation of authenticator_t.verify.
- */
-static status_t verify(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
-                                          chunk_t my_nonce, auth_payload_t *auth_payload)
-{
-       public_key_t *public;
-       chunk_t auth_data, octets;
-       identification_t *other_id;
-       prf_t *prf;
-       auth_info_t *auth, *current_auth;
-       enumerator_t *enumerator;
-       status_t status = FAILED;
-       
-       other_id = this->ike_sa->get_other_id(this->ike_sa);
-       
-       if (auth_payload->get_auth_method(auth_payload) != AUTH_RSA)
-       {
-               return INVALID_ARG;
-       }
-       auth_data = auth_payload->get_data(auth_payload);
-       prf = this->ike_sa->get_prf(this->ike_sa);
-       prf->set_key(prf, this->ike_sa->get_skp_verify(this->ike_sa));
-       octets = build_tbs_octets(ike_sa_init, my_nonce, other_id, prf);
-       
-       auth = this->ike_sa->get_other_auth(this->ike_sa);
-       enumerator = charon->credentials->create_public_enumerator(
-                                                               charon->credentials, KEY_RSA, other_id, auth);
-       while (enumerator->enumerate(enumerator, &public, &current_auth))
-       {
-               /* We are currently fixed to SHA1 hashes.
-                * TODO: allow other hash algorithms and note it in "auth" */
-               if (public->verify(public, SIGN_RSA_EMSA_PKCS1_SHA1, octets, auth_data))
-               {
-                       DBG1(DBG_IKE, "authentication of '%D' with %N successful",
-                                                  other_id, auth_method_names, AUTH_RSA);
-                       status = SUCCESS;
-                       auth->merge(auth, current_auth);
-                       break;
-               }
-               else
-               {
-                       DBG1(DBG_IKE, "signature validation failed, looking for another key");
-               }
-       }
-       enumerator->destroy(enumerator);
-       chunk_free(&octets);
-       return status;
-}
-
-/**
- * Implementation of authenticator_t.build.
- */
-static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
-                                         chunk_t other_nonce, auth_payload_t **auth_payload)
-{
-       chunk_t octets, auth_data;
-       status_t status = FAILED;
-       private_key_t *private;
-       identification_t *my_id;
-       prf_t *prf;
-       auth_info_t *auth;
-
-       my_id = this->ike_sa->get_my_id(this->ike_sa);
-       DBG1(DBG_IKE, "authentication of '%D' (myself) with %N",
-                my_id, auth_method_names, AUTH_RSA);
-       
-       auth = this->ike_sa->get_my_auth(this->ike_sa);
-       private = charon->credentials->get_private(charon->credentials, KEY_RSA,
-                                                                                          my_id, auth);
-       if (private == NULL)
-       {
-               DBG1(DBG_IKE, "no RSA private key found for '%D'", my_id);
-               return NOT_FOUND;
-       }
-       prf = this->ike_sa->get_prf(this->ike_sa);
-       prf->set_key(prf, this->ike_sa->get_skp_build(this->ike_sa));
-       octets = build_tbs_octets(ike_sa_init, other_nonce, my_id, prf);
-       /* we currently use always SHA1 for signatures, 
-        * TODO: support other hashes depending on configuration/auth */
-       if (private->sign(private, SIGN_RSA_EMSA_PKCS1_SHA1, octets, &auth_data))
-       {
-               auth_payload_t *payload = auth_payload_create();
-               payload->set_auth_method(payload, AUTH_RSA);
-               payload->set_data(payload, auth_data);
-               *auth_payload = payload;
-               chunk_free(&auth_data);
-               status = SUCCESS;
-               DBG2(DBG_IKE, "successfully signed with RSA private key");
-       }
-       else
-       {
-               DBG1(DBG_IKE, "building RSA signature failed");
-       }
-       chunk_free(&octets);
-       private->destroy(private);
-       
-       return status;
-}
-
-/**
- * Implementation of authenticator_t.destroy.
- */
-static void destroy(private_rsa_authenticator_t *this)
-{
-       free(this);
-}
-
-/*
- * Described in header.
- */
-rsa_authenticator_t *rsa_authenticator_create(ike_sa_t *ike_sa)
-{
-       private_rsa_authenticator_t *this = malloc_thing(private_rsa_authenticator_t);
-       
-       /* public functions */
-       this->public.authenticator_interface.verify = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t*))verify;
-       this->public.authenticator_interface.build = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t**))build;
-       this->public.authenticator_interface.destroy = (void(*)(authenticator_t*))destroy;
-       
-       /* private data */
-       this->ike_sa = ike_sa;
-       
-       return &this->public;
-}
diff --git a/src/charon/sa/authenticators/rsa_authenticator.h b/src/charon/sa/authenticators/rsa_authenticator.h
deleted file mode 100644 (file)
index f5e41a9..0000000
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2006 Martin Willi
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- *
- * $Id$
- */
-
-/**
- * @defgroup rsa_authenticator rsa_authenticator
- * @{ @ingroup authenticators
- */
-
-#ifndef RSA_AUTHENTICATOR_H_
-#define RSA_AUTHENTICATOR_H_
-
-typedef struct rsa_authenticator_t rsa_authenticator_t;
-
-#include <sa/authenticators/authenticator.h>
-
-/**
- * Implementation of the authenticator_t interface using AUTH_RSA.
- */
-struct rsa_authenticator_t {
-
-       /**
-        * Implemented authenticator_t interface.
-        */
-       authenticator_t authenticator_interface;
-};
-
-/**
- * Creates an authenticator for AUTH_RSA.
- *
- * @param ike_sa               associated ike_sa
- * @return                             rsa_authenticator_t object
- */
-rsa_authenticator_t *rsa_authenticator_create(ike_sa_t *ike_sa);
-
-#endif /* RSA_AUTHENTICATOR_H_ @} */
index c3a3f3b..067d691 100644 (file)
@@ -158,7 +158,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message)
        authenticator_t *auth;
        auth_payload_t *auth_payload;
        peer_cfg_t *config;
-       auth_method_t method;
+       config_auth_method_t method;
        status_t status;
        
        /* create own authenticator and add auth payload */
@@ -174,7 +174,7 @@ static status_t build_auth(private_ike_auth_t *this, message_t *message)
        if (auth == NULL)
        {
                SIG(IKE_UP_FAILED, "configured authentication method %N not supported",
-                       auth_method_names, method);
+                       config_auth_method_names, method);
                return FAILED;
        }
        
@@ -243,9 +243,9 @@ static status_t process_auth(private_ike_auth_t *this, message_t *message)
                /* AUTH payload is missing, client wants to use EAP authentication */
                return NOT_FOUND;
        }
-
+       
        auth_method = auth_payload->get_auth_method(auth_payload);
-       auth = authenticator_create(this->ike_sa, auth_method);
+       auth = authenticator_create_from_auth_payload(this->ike_sa, auth_payload);
 
        if (auth == NULL)
        {
@@ -539,7 +539,7 @@ static status_t build_i(private_ike_auth_t *this, message_t *message)
        }
        
        config = this->ike_sa->get_peer_cfg(this->ike_sa);
-       if (config->get_auth_method(config) == AUTH_EAP)
+       if (config->get_auth_method(config) == CONF_AUTH_EAP)
        {
                this->eap_auth = eap_authenticator_create(this->ike_sa);
        }
index 23e19a5..920a0f6 100644 (file)
@@ -105,7 +105,7 @@ static void build_certs(private_ike_cert_post_t *this, message_t *message)
        peer_cfg_t *peer_cfg;
        
        peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
-       if (peer_cfg && peer_cfg->get_auth_method(peer_cfg) == AUTH_RSA)
+       if (peer_cfg && peer_cfg->get_auth_method(peer_cfg) == CONF_AUTH_PUBKEY)
        {
                switch (peer_cfg->get_cert_policy(peer_cfg))
                {
index 654b53c..07d5833 100644 (file)
 
 #include "public_key.h"
 
-ENUM(key_type_names, KEY_RSA, KEY_RSA,
-       "RSA"
+ENUM(key_type_names, KEY_RSA, KEY_ECDSA,
+       "RSA",
+       "ECDSA"
 );
 
-ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_RSA_EMSA_PKCS1_SHA512,
+ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_ECDSA_521,
        "DEFAULT",
        "RSA_EMSA_PKCS1_MD5",
        "RSA_EMSA_PKCS1_SHA1",
        "RSA_EMSA_PKCS1_SHA256",
        "RSA_EMSA_PKCS1_SHA384",
        "RSA_EMSA_PKCS1_SHA512",
+       "ECDSA_WITH_SHA1",
+       "ECDSA-256",
+       "ECDSA-384",
+       "ECDSA-521",
 );
 
index 02a4410..b96ae9d 100644 (file)
@@ -39,7 +39,9 @@ enum key_type_t {
        KEY_ANY,
        /** RSA crypto system as in PKCS#1 */
        KEY_RSA,
-       /** DSS, ElGamal, ECDSA, ... */
+       /** ECDSA as in ANSI X9.62 */
+       KEY_ECDSA,
+       /** DSS, ElGamal, ... */
 };
 
 /**
@@ -61,11 +63,19 @@ enum signature_scheme_t {
        /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA1 as hash.  */
        SIGN_RSA_EMSA_PKCS1_SHA1,
        /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA256 as hash. */
-       SIGN_RSA_EMSA_PKCS1_SHA256,     
+       SIGN_RSA_EMSA_PKCS1_SHA256,
        /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA384 as hash. */
-       SIGN_RSA_EMSA_PKCS1_SHA384,     
+       SIGN_RSA_EMSA_PKCS1_SHA384,
        /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA512 as hash. */
-       SIGN_RSA_EMSA_PKCS1_SHA512,     
+       SIGN_RSA_EMSA_PKCS1_SHA512,
+       /** ECDSA using SHA-1 as hash. */
+       SIGN_ECDSA_WITH_SHA1,
+       /** ECDSA with SHA-256 on the P-256 curve as in RFC 4754 */
+       SIGN_ECDSA_256,
+       /** ECDSA with SHA-384 on the P-384 curve as in RFC 4754 */
+       SIGN_ECDSA_384,
+       /** ECDSA with SHA-512 on the P-521 curve as in RFC 4754 */
+       SIGN_ECDSA_521,
 };
 
 /**
index e48057b..f331a78 100644 (file)
@@ -6,12 +6,15 @@ AM_CFLAGS = -rdynamic
 plugin_LTLIBRARIES = libstrongswan-openssl.la
 
 libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \
+       openssl_util.c openssl_util.h \
        openssl_crypter.c openssl_crypter.h \
        openssl_hasher.c openssl_hasher.h \
        openssl_diffie_hellman.c openssl_diffie_hellman.h \
        openssl_rsa_private_key.c openssl_rsa_private_key.h \
        openssl_rsa_public_key.c openssl_rsa_public_key.h \
-       openssl_ec_diffie_hellman.c openssl_ec_diffie_hellman.h
+       openssl_ec_diffie_hellman.c openssl_ec_diffie_hellman.h \
+       openssl_ec_private_key.c openssl_ec_private_key.h \
+       openssl_ec_public_key.c openssl_ec_public_key.h
 
 libstrongswan_openssl_la_LDFLAGS = -module
 libstrongswan_openssl_la_LIBADD  = -lcrypto
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
new file mode 100644 (file)
index 0000000..b29440a
--- /dev/null
@@ -0,0 +1,445 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "openssl_ec_private_key.h"
+#include "openssl_ec_public_key.h"
+#include "openssl_util.h"
+
+#include <debug.h>
+
+#include <openssl/evp.h>
+#include <openssl/ecdsa.h>
+
+typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t;
+
+/**
+ * Private data of a openssl_ec_private_key_t object.
+ */
+struct private_openssl_ec_private_key_t {
+       /**
+        * Public interface for this signer.
+        */
+       openssl_ec_private_key_t public;
+       
+       /**
+        * EC key object
+        */
+       EC_KEY *ec;
+
+       /**
+        * Keyid formed as a SHA-1 hash of a privateKey object
+        */
+       identification_t* keyid;
+
+       /**
+        * Keyid formed as a SHA-1 hash of a privateKeyInfo object
+        */
+       identification_t* keyid_info;
+       
+       /**
+        * reference count
+        */
+       refcount_t ref; 
+};
+
+/**
+ * Mapping from the signature scheme defined in (RFC 4754) to the elliptic
+ * curve and the hash algorithm
+ */
+typedef struct {
+       /**
+        * Scheme specified in RFC 4754
+        */
+       int scheme;
+       
+       /**
+        * NID of the hash
+        */
+       int hash;
+       
+       /**
+        * NID of the curve
+        */
+       int curve;
+} openssl_ecdsa_scheme_t;
+
+#define END_OF_LIST -1
+
+/**
+ * Signature schemes
+ */
+static openssl_ecdsa_scheme_t ecdsa_schemes[] = {
+       {SIGN_ECDSA_256, NID_sha256, NID_X9_62_prime256v1},
+       {SIGN_ECDSA_384, NID_sha384, NID_secp384r1},
+       {SIGN_ECDSA_521, NID_sha512, NID_secp521r1},
+       {END_OF_LIST,    0,          0},
+};
+
+/**
+ * Look up the hash and curve of a signature scheme
+ */
+static bool lookup_scheme(int scheme, int *hash, int *curve)
+{
+       openssl_ecdsa_scheme_t *ecdsa_scheme = ecdsa_schemes;
+       while (ecdsa_scheme->scheme != END_OF_LIST)
+       {
+               if (scheme == ecdsa_scheme->scheme)
+               {
+                       *hash = ecdsa_scheme->hash;
+                       *curve = ecdsa_scheme->curve;
+                       return TRUE;
+               }
+               ecdsa_scheme++;
+       }
+       return FALSE;
+}
+
+/**
+ * shared functions, implemented in openssl_ec_public_key.c
+ */
+bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid,
+                                                                identification_t **keyid_info);
+
+openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec);
+
+
+/**
+ * Convert an ECDSA_SIG to a chunk by concatenating r and s.
+ * This function allocates memory for the chunk.
+ */
+static bool sig2chunk(const EC_GROUP *group, ECDSA_SIG *sig, chunk_t *chunk)
+{
+       return openssl_bn_cat(EC_FIELD_ELEMENT_LEN(group), sig->r, sig->s, chunk);
+}
+
+/**
+ * Build the signature
+ */
+static bool build_signature(private_openssl_ec_private_key_t *this,
+                                                       int hash_type, chunk_t data, chunk_t *signature)
+{
+       chunk_t hash = chunk_empty;
+       ECDSA_SIG *sig;
+       bool ret = FALSE;
+       
+       if (!openssl_hash_chunk(hash_type, data, &hash))
+       {
+               return FALSE;
+       }
+       
+       sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec);
+       if (!sig)
+       {
+               goto error;
+       }
+       
+       if (!sig2chunk(EC_KEY_get0_group(this->ec), sig, signature))
+       {
+               goto error;
+       }
+       
+       ret = TRUE;
+error:
+       chunk_free(&hash);
+       if (sig)
+       {
+               ECDSA_SIG_free(sig);
+       }
+       return ret;
+}
+
+/**
+ * Implementation of private_key_t.get_type.
+ */
+static key_type_t get_type(private_openssl_ec_private_key_t *this)
+{
+       return KEY_ECDSA;
+}
+
+/**
+ * Implementation of private_key_t.sign.
+ */
+static bool sign(private_openssl_ec_private_key_t *this, signature_scheme_t scheme, 
+                                chunk_t data, chunk_t *signature)
+{
+       EC_GROUP *req_group;
+       const EC_GROUP *my_group;
+       int hash, curve;
+       
+       if (!lookup_scheme(scheme, &hash, &curve))
+       {
+               DBG1("signature scheme %N not supported in EC",
+                                signature_scheme_names, scheme);
+               return FALSE;
+       }
+       
+       req_group = EC_GROUP_new_by_curve_name(curve);
+       if (!req_group)
+       {
+               DBG1("signature scheme %N not supported in EC (required curve not supported)",
+                                signature_scheme_names, scheme);
+               return FALSE;
+       }
+       
+       my_group = EC_KEY_get0_group(this->ec);
+       if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
+       {
+               DBG1("signature scheme %N not supported by private key",
+                                signature_scheme_names, scheme);
+               return FALSE;
+       }
+       
+       EC_GROUP_free(req_group);
+       
+       return build_signature(this, hash, data, signature);
+}
+
+/**
+ * Implementation of private_key_t.destroy.
+ */
+static bool decrypt(private_openssl_ec_private_key_t *this,
+                                       chunk_t crypto, chunk_t *plain)
+{
+       DBG1("EC private key decryption not implemented");
+       return FALSE;
+}
+
+/**
+ * Implementation of private_key_t.get_keysize.
+ */
+static size_t get_keysize(private_openssl_ec_private_key_t *this)
+{
+       return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+}
+
+/**
+ * Implementation of private_key_t.get_id.
+ */
+static identification_t* get_id(private_openssl_ec_private_key_t *this,
+                                                               id_type_t type)
+{
+       switch (type)
+       {
+               case ID_PUBKEY_INFO_SHA1:
+                       return this->keyid_info;
+               case ID_PUBKEY_SHA1:
+                       return this->keyid;
+               default:
+                       return NULL;
+       }
+}
+
+/**
+ * Implementation of private_key_t.get_public_key.
+ */
+static openssl_ec_public_key_t* get_public_key(private_openssl_ec_private_key_t *this)
+{
+       return openssl_ec_public_key_create_from_private_key(this->ec);
+}
+
+/**
+ * Implementation of private_key_t.belongs_to.
+ */
+static bool belongs_to(private_openssl_ec_private_key_t *this, public_key_t *public)
+{
+       identification_t *keyid;
+
+       if (public->get_type(public) != KEY_ECDSA)
+       {
+               return FALSE;
+       }
+       keyid = public->get_id(public, ID_PUBKEY_SHA1);
+       if (keyid && keyid->equals(keyid, this->keyid))
+       {
+               return TRUE;
+       }
+       keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
+       if (keyid && keyid->equals(keyid, this->keyid_info))
+       {
+               return TRUE;
+       }
+       return FALSE;
+}
+
+/**
+ * Implementation of private_key_t.get_encoding.
+ */
+static chunk_t get_encoding(private_openssl_ec_private_key_t *this)
+{
+       chunk_t enc = chunk_alloc(i2d_ECPrivateKey(this->ec, NULL));
+       u_char *p = enc.ptr;
+       i2d_ECPrivateKey(this->ec, &p);
+       return enc;
+}
+
+/**
+ * Implementation of private_key_t.get_ref.
+ */
+static private_openssl_ec_private_key_t* get_ref(private_openssl_ec_private_key_t *this)
+{
+       ref_get(&this->ref);
+       return this;
+
+}
+
+/**
+ * Implementation of private_key_t.destroy.
+ */
+static void destroy(private_openssl_ec_private_key_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               if (this->ec)
+               {
+                       EC_KEY_free(this->ec);
+               }
+               DESTROY_IF(this->keyid);
+               DESTROY_IF(this->keyid_info);
+               free(this);
+       }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_openssl_ec_private_key_t *openssl_ec_private_key_create_empty(void)
+{
+       private_openssl_ec_private_key_t *this = malloc_thing(private_openssl_ec_private_key_t);
+       
+       this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
+       this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
+       this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
+       this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
+       this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
+       this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
+       this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
+       this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
+       this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
+       this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
+       
+       this->ec = NULL;
+       this->keyid = NULL;
+       this->keyid_info = NULL;
+       this->ref = 1;
+       
+       return this;
+}
+
+/**
+ * load private key from an ASN1 encoded blob
+ */
+static openssl_ec_private_key_t *load(chunk_t blob)
+{
+       u_char *p = blob.ptr;
+       private_openssl_ec_private_key_t *this = openssl_ec_private_key_create_empty();
+       
+       this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&p, blob.len);
+       
+       chunk_clear(&blob);
+
+       if (!this->ec)
+       {
+               destroy(this);
+               return NULL;
+       }
+       
+       if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info))
+       {
+               destroy(this);
+               return NULL;
+       }
+       
+       if (!EC_KEY_check_key(this->ec))
+       {
+               destroy(this);
+               return NULL;
+       }
+       
+       return &this->public;
+}
+
+typedef struct private_builder_t private_builder_t;
+/**
+ * Builder implementation for key loading/generation
+ */
+struct private_builder_t {
+       /** implements the builder interface */
+       builder_t public;
+       /** loaded/generated private key */
+       openssl_ec_private_key_t *key;
+};
+
+/**
+ * Implementation of builder_t.build
+ */
+static openssl_ec_private_key_t *build(private_builder_t *this)
+{
+       openssl_ec_private_key_t *key = this->key;
+       
+       free(this);
+       return key;
+}
+
+/**
+ * Implementation of builder_t.add
+ */
+static void add(private_builder_t *this, builder_part_t part, ...)
+{
+       va_list args;
+       
+       if (this->key)
+       {
+               DBG1("ignoring surplus build part %N", builder_part_names, part);
+               return;
+       }
+       
+       switch (part)
+       {
+               case BUILD_BLOB_ASN1_DER:
+               {
+                       va_start(args, part);
+                       this->key = load(va_arg(args, chunk_t));
+                       va_end(args);
+                       break;
+               }
+               default:
+                       DBG1("ignoring unsupported build part %N", builder_part_names, part);
+                       break;
+       }
+}
+
+/**
+ * Builder construction function
+ */
+builder_t *openssl_ec_private_key_builder(key_type_t type)
+{
+       private_builder_t *this;
+       
+       if (type != KEY_ECDSA)
+       {
+               return NULL;
+       }
+       
+       this = malloc_thing(private_builder_t);
+       
+       this->key = NULL;
+       this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
+       this->public.build = (void*(*)(builder_t *this))build;
+       
+       return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
new file mode 100644 (file)
index 0000000..b8fd0c1
--- /dev/null
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ * 
+ * $Id$
+ */
+
+/**
+ * @defgroup openssl_ec_private_key openssl_ec_private_key
+ * @{ @ingroup openssl_p
+ */
+
+#ifndef OPENSSL_EC_PRIVATE_KEY_H_
+#define OPENSSL_EC_PRIVATE_KEY_H_
+
+#include <credentials/keys/private_key.h>
+
+typedef struct openssl_ec_private_key_t openssl_ec_private_key_t;
+
+/**
+ * private_key_t implementation of ECDSA using OpenSSL.
+ */
+struct openssl_ec_private_key_t {
+
+       /**
+        * Implements private_key_t interface
+        */
+       private_key_t interface;
+};
+
+/**
+ * Create the builder for a private key.
+ *
+ * @param type         type of the key, must be KEY_ECDSA
+ * @return                     builder instance
+ */
+builder_t *openssl_ec_private_key_builder(key_type_t type);
+
+#endif /*OPENSSL_EC_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
new file mode 100644 (file)
index 0000000..0377023
--- /dev/null
@@ -0,0 +1,447 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "openssl_ec_public_key.h"
+#include "openssl_util.h"
+
+#include <debug.h>
+
+#include <openssl/evp.h>
+#include <openssl/ecdsa.h>
+#include <openssl/x509.h>
+
+typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_openssl_ec_public_key_t {
+       /**
+        * Public interface for this signer.
+        */
+       openssl_ec_public_key_t public;
+       
+       /**
+        * EC key object
+        */
+       EC_KEY *ec;
+       
+       /**
+        * Keyid formed as a SHA-1 hash of a publicKeyInfo object
+        */
+       identification_t *keyid_info;
+       
+       /**
+        * Keyid formed as a SHA-1 hash of a publicKey object
+        */
+       identification_t *keyid;
+       
+       /**
+        * reference counter
+        */
+       refcount_t ref;
+};
+
+/**
+ * Convert a chunk to an ECDSA_SIG (which must already exist). r and s
+ * of the signature have to be concatenated in the chunk.
+ */
+static bool chunk2sig(const EC_GROUP *group, chunk_t chunk, ECDSA_SIG *sig)
+{
+       return openssl_bn_split(chunk, sig->r, sig->s);
+}
+
+/**
+ * Verification of a signature as in RFC 4754
+ */
+static bool verify_signature(private_openssl_ec_public_key_t *this,
+                                                               int hash_type, chunk_t data, chunk_t signature)
+{
+       chunk_t hash = chunk_empty;
+       ECDSA_SIG *sig;
+       bool valid = FALSE;
+       
+       if (!openssl_hash_chunk(hash_type, data, &hash))
+       {
+               return FALSE;
+       }
+       
+       sig = ECDSA_SIG_new();
+       if (!sig)
+       {
+               goto error;
+       }
+       
+       if (!chunk2sig(EC_KEY_get0_group(this->ec), signature, sig))
+       {
+               goto error;
+       }
+       
+       valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1);
+       
+error:
+       if (sig)
+       {
+               ECDSA_SIG_free(sig);
+       }
+       chunk_free(&hash);
+       return valid;
+}
+
+
+/**
+ * Verification of the default signature using SHA-1
+ */
+static bool verify_default_signature(private_openssl_ec_public_key_t *this,
+                                                               chunk_t data, chunk_t signature)
+{
+       bool valid = FALSE;
+       chunk_t hash = chunk_empty;
+       u_char *p;
+       ECDSA_SIG *sig;
+       
+       /* remove any preceding 0-bytes from signature */
+       while (signature.len && *(signature.ptr) == 0x00)
+       {
+               signature.len -= 1;
+               signature.ptr++;
+       }
+       
+       p = signature.ptr;
+       sig = d2i_ECDSA_SIG(NULL, (const u_char**)&p, signature.len);
+       if (!sig)
+       {
+               return FALSE;
+       }
+       
+       if (!openssl_hash_chunk(NID_sha1, data, &hash))
+       {
+               goto error;
+       }
+       
+       valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1);
+
+error:
+       if (sig)
+       {
+               ECDSA_SIG_free(sig);
+       }
+       chunk_free(&hash);
+       return valid;
+}
+
+/**
+ * Implementation of public_key_t.get_type.
+ */
+static key_type_t get_type(private_openssl_ec_public_key_t *this)
+{
+       return KEY_ECDSA;
+}
+
+/**
+ * Implementation of public_key_t.verify.
+ */
+static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t scheme, 
+                                  chunk_t data, chunk_t signature)
+{
+       switch (scheme)
+       {
+               case SIGN_ECDSA_WITH_SHA1:
+                       return verify_default_signature(this, data, signature);
+               case SIGN_ECDSA_256:
+                       return verify_signature(this, NID_sha256, data, signature);
+               case SIGN_ECDSA_384:
+                       return verify_signature(this, NID_sha384, data, signature);
+               case SIGN_ECDSA_521:
+                       return verify_signature(this, NID_sha512, data, signature);
+               default:
+                       DBG1("signature scheme %N not supported in EC",
+                                signature_scheme_names, scheme);
+                       return FALSE;
+       }
+}
+
+/**
+ * Implementation of public_key_t.get_keysize.
+ */
+static bool encrypt(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain)
+{
+       DBG1("EC public key encryption not implemented");
+       return FALSE;
+}
+
+/**
+ * Implementation of public_key_t.get_keysize.
+ */
+static size_t get_keysize(private_openssl_ec_public_key_t *this)
+{
+       return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+}
+
+/**
+ * Implementation of public_key_t.get_id.
+ */
+static identification_t *get_id(private_openssl_ec_public_key_t *this,
+                                                               id_type_t type)
+{
+       switch (type)
+       {
+               case ID_PUBKEY_INFO_SHA1:
+                       return this->keyid_info;
+               case ID_PUBKEY_SHA1:
+                       return this->keyid;
+               default:
+                       return NULL;
+       }
+}
+
+/**
+ * Encodes the public key
+ */ 
+static chunk_t get_encoding_raw(EC_KEY *ec)
+{
+       /* since the points can be stored in three different forms this may not
+        * be correct for all cases */
+       const EC_GROUP *group = EC_KEY_get0_group(ec);
+       const EC_POINT *pub = EC_KEY_get0_public_key(ec);
+       chunk_t enc = chunk_alloc(EC_POINT_point2oct(group, pub,
+                                               POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL));
+       EC_POINT_point2oct(group, pub, POINT_CONVERSION_UNCOMPRESSED,
+                                               enc.ptr, enc.len, NULL);
+       return enc;     
+}
+
+/**
+ * Encodes the public key info (public key with ec parameters)
+ */ 
+static chunk_t get_encoding_full(EC_KEY *ec)
+{
+       chunk_t enc = chunk_alloc(i2d_EC_PUBKEY(ec, NULL));
+       u_char *p = enc.ptr;
+       i2d_EC_PUBKEY(ec, &p);
+       return enc;
+}
+
+/*
+ * Implementation of public_key_t.get_encoding.
+ */
+static chunk_t get_encoding(private_openssl_ec_public_key_t *this)
+{
+       return get_encoding_full(this->ec);
+}
+
+/**
+ * Implementation of public_key_t.get_ref.
+ */
+static private_openssl_ec_public_key_t* get_ref(private_openssl_ec_public_key_t *this)
+{
+       ref_get(&this->ref);
+       return this;
+}
+
+/**
+ * Implementation of openssl_ec_public_key.destroy.
+ */
+static void destroy(private_openssl_ec_public_key_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               if (this->ec)
+               {
+                       EC_KEY_free(this->ec);
+               }
+               DESTROY_IF(this->keyid);
+               DESTROY_IF(this->keyid_info);
+               free(this);
+       }
+}
+
+/**
+ * Generic private constructor
+ */
+static private_openssl_ec_public_key_t *openssl_ec_public_key_create_empty()
+{
+       private_openssl_ec_public_key_t *this = malloc_thing(private_openssl_ec_public_key_t);
+       
+       this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
+       this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
+       this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt;
+       this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
+       this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
+       this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
+       this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
+       this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
+       
+       this->ec = NULL;
+       this->keyid = NULL;
+       this->keyid_info = NULL;
+       this->ref = 1;
+       
+       return this;
+}
+
+/**
+ * Build key identifier from the public key using SHA1 hashed publicKey(Info).
+ * Also used in openssl_ec_private_key.c.
+ */
+bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid,
+                                                                identification_t **keyid_info)
+{
+       chunk_t publicKeyInfo, publicKey, hash;
+       hasher_t *hasher;
+       
+       hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+       if (hasher == NULL)
+       {
+               DBG1("SHA1 hash algorithm not supported, unable to use EC");
+               return FALSE;
+       }
+       
+       publicKey = get_encoding_raw(ec);
+       
+       hasher->allocate_hash(hasher, publicKey, &hash);
+       *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
+       chunk_free(&hash);
+       
+       publicKeyInfo = get_encoding_full(ec);
+       
+       hasher->allocate_hash(hasher, publicKeyInfo, &hash);
+       *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash);
+       chunk_free(&hash);
+       
+       hasher->destroy(hasher);
+       chunk_free(&publicKeyInfo);
+       chunk_free(&publicKey);
+       
+       return TRUE;
+}
+
+/**
+ * Create a public key from BIGNUM values, used in openssl_ec_private_key.c
+ */
+openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec)
+{
+       private_openssl_ec_public_key_t *this = openssl_ec_public_key_create_empty();
+       
+       this->ec = EC_KEY_new();
+       EC_KEY_set_public_key(this->ec, EC_KEY_get0_public_key(ec));
+       
+       if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info))
+       {
+               destroy(this);
+               return NULL;
+       }
+       return &this->public;
+}
+
+/**
+ * Load a public key from an ASN1 encoded blob
+ */
+static openssl_ec_public_key_t *load(chunk_t blob)
+{
+       u_char *p = blob.ptr;
+       private_openssl_ec_public_key_t *this = openssl_ec_public_key_create_empty();
+       
+       this->ec = d2i_EC_PUBKEY(NULL, (const u_char**)&p, blob.len);
+       
+       chunk_clear(&blob);
+       
+       if (!this->ec)
+       {
+               destroy(this);
+               return NULL;
+       }
+       
+       if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info))
+       {
+               destroy(this);
+               return NULL;
+       }
+       return &this->public;
+}
+
+typedef struct private_builder_t private_builder_t;
+/**
+ * Builder implementation for key loading
+ */
+struct private_builder_t {
+       /** implements the builder interface */
+       builder_t public;
+       /** loaded public key */
+       openssl_ec_public_key_t *key;
+};
+
+/**
+ * Implementation of builder_t.build
+ */
+static openssl_ec_public_key_t *build(private_builder_t *this)
+{
+       openssl_ec_public_key_t *key = this->key;
+       
+       free(this);
+       return key;
+}
+
+/**
+ * Implementation of builder_t.add
+ */
+static void add(private_builder_t *this, builder_part_t part, ...)
+{
+       va_list args;
+       
+       if (this->key)
+       {
+               DBG1("ignoring surplus build part %N", builder_part_names, part);
+               return;
+       }
+       
+       switch (part)
+       {
+               case BUILD_BLOB_ASN1_DER:
+               {
+                       va_start(args, part);
+                       this->key = load(va_arg(args, chunk_t));
+                       va_end(args);
+                       break;
+               }
+               default:
+                       DBG1("ignoring unsupported build part %N", builder_part_names, part);
+                       break;
+       }
+}
+
+/**
+ * Builder construction function
+ */
+builder_t *openssl_ec_public_key_builder(key_type_t type)
+{
+       private_builder_t *this;
+       
+       if (type != KEY_ECDSA)
+       {
+               return NULL;
+       }
+       
+       this = malloc_thing(private_builder_t);
+       
+       this->key = NULL;
+       this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
+       this->public.build = (void*(*)(builder_t *this))build;
+       
+       return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
new file mode 100644 (file)
index 0000000..a4809f7
--- /dev/null
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup openssl_ec_public_key openssl_ec_public_key
+ * @{ @ingroup openssl_p
+ */
+
+#ifndef OPENSSL_EC_PUBLIC_KEY_H_
+#define OPENSSL_EC_PUBLIC_KEY_H_
+
+typedef struct openssl_ec_public_key_t openssl_ec_public_key_t;
+
+#include <credentials/keys/public_key.h>
+
+/**
+ * public_key_t implementation of ECDSA using OpenSSL.
+ */
+struct openssl_ec_public_key_t {
+
+       /**
+        * Implements the public_key_t interface
+        */
+       public_key_t interface;
+};
+
+/**
+ * Create the builder for a public key.
+ *
+ * @param type         type of the key, must be KEY_ECDSA
+ * @return                     builder instance
+ */
+builder_t *openssl_ec_public_key_builder(key_type_t type);
+
+#endif /*OPENSSL_EC_PUBLIC_KEY_H_ @}*/
index 697a2c9..eaedcc4 100644 (file)
@@ -26,6 +26,8 @@
 #include "openssl_ec_diffie_hellman.h"
 #include "openssl_rsa_private_key.h"
 #include "openssl_rsa_public_key.h"
+#include "openssl_ec_private_key.h"
+#include "openssl_ec_public_key.h"
 
 typedef struct private_openssl_plugin_t private_openssl_plugin_t;
 
@@ -57,6 +59,10 @@ static void destroy(private_openssl_plugin_t *this)
                                        (builder_constructor_t)openssl_rsa_private_key_builder);
        lib->creds->remove_builder(lib->creds,
                                        (builder_constructor_t)openssl_rsa_public_key_builder);
+       lib->creds->remove_builder(lib->creds,
+                                       (builder_constructor_t)openssl_ec_private_key_builder);
+       lib->creds->remove_builder(lib->creds,
+                                       (builder_constructor_t)openssl_ec_public_key_builder);
        
        EVP_cleanup();
        
@@ -142,5 +148,11 @@ plugin_t *plugin_create()
        lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
                                                (builder_constructor_t)openssl_rsa_public_key_builder);
        
+       /* ec */
+       lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+                                               (builder_constructor_t)openssl_ec_private_key_builder);
+       lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA,
+                                               (builder_constructor_t)openssl_ec_public_key_builder);
+       
        return &this->public.plugin;
 }
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
new file mode 100644 (file)
index 0000000..9a5e74a
--- /dev/null
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+#include "openssl_util.h"
+
+#include <debug.h>
+
+#include <openssl/evp.h>
+
+/**
+ * Described in header.
+ */
+bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash)
+{
+       EVP_MD_CTX *ctx;
+       bool ret = FALSE;
+       const EVP_MD *hasher = EVP_get_digestbynid(hash_type);
+       if (!hasher)
+       {
+               return FALSE;
+       }
+       
+       ctx = EVP_MD_CTX_create();      
+       if (!ctx)
+       {
+               goto error;
+       }
+       
+       if (!EVP_DigestInit_ex(ctx, hasher, NULL))
+       {
+               goto error;
+       }
+       
+       if (!EVP_DigestUpdate(ctx, data.ptr, data.len))
+       {
+               goto error;
+       }
+       
+       *hash = chunk_alloc(hasher->md_size);
+       if (!EVP_DigestFinal_ex(ctx, hash->ptr, NULL))
+       {
+               chunk_free(hash);
+               goto error;
+       }
+       
+       ret = TRUE;
+error:
+       if (ctx)
+       {
+               EVP_MD_CTX_destroy(ctx);
+       }
+       return ret;
+}
+
+/**
+ * Described in header.
+ */
+bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk)
+{
+       int offset;
+       
+       chunk->len = len * 2;
+       chunk->ptr = malloc(chunk->len);
+       memset(chunk->ptr, 0, chunk->len);
+       
+       offset = len - BN_num_bytes(a);
+       if (!BN_bn2bin(a, chunk->ptr + offset))
+       {
+               goto error;
+       }
+       
+       offset = len - BN_num_bytes(b);
+       if (!BN_bn2bin(b, chunk->ptr + len + offset))
+       {
+               goto error;
+       }
+       
+       return TRUE;
+error:
+       chunk_free(chunk);
+       return FALSE;
+}
+
+
+/**
+ * Described in header.
+ */
+bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b)
+{
+       int len;
+       
+       if ((chunk.len % 2) != 0)
+       {
+               return FALSE;
+       }
+       
+       len = chunk.len / 2;
+       
+       if (!BN_bin2bn(chunk.ptr, len, a) ||
+               !BN_bin2bn(chunk.ptr + len, len, b))
+       {
+               return FALSE;
+       }
+       
+       return TRUE;
+}
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
new file mode 100644 (file)
index 0000000..fda4eda
--- /dev/null
@@ -0,0 +1,70 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ *
+ * $Id$
+ */
+
+/**
+ * @defgroup openssl_util openssl_util
+ * @{ @ingroup openssl_p
+ */
+
+#ifndef OPENSSL_UTIL_H_
+#define OPENSSL_UTIL_H_
+
+#include <library.h>
+#include <openssl/bn.h>
+
+/**
+ * Returns the length in bytes of a field element
+ */
+#define EC_FIELD_ELEMENT_LEN(group) ((EC_GROUP_get_degree(group) + 7) / 8)
+
+/**
+ * Creates a hash of a given type of a chunk of data.
+ * 
+ * Note: this function allocates memory for the hash
+ * 
+ * @param hash_type    NID of the hash
+ * @param data         the chunk of data to hash
+ * @param hash         chunk that contains the hash
+ * @return                     TRUE on success, FALSE otherwise
+ */
+bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash);
+
+/**
+ * Concatenates two bignums into a chunk, thereby enfocing the length of
+ * a single BIGNUM, if necessary, by pre-pending it with zeros.
+ * 
+ * Note: this function allocates memory for the chunk
+ * 
+ * @param len          the length of a single BIGNUM
+ * @param a                    first BIGNUM
+ * @param b                    second BIGNUM
+ * @param chunk                resulting chunk
+ * @return                     TRUE on success, FALSE otherwise
+ */
+bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk);
+
+/**
+ * Splits a chunk into two bignums of equal binary length.
+ * 
+ * @param chunk                a chunk that contains the two BIGNUMs
+ * @param a                    first BIGNUM
+ * @param b                    second BIGNUM
+ * @return                     TRUE on success, FALSE otherwise
+ */
+bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b);
+
+#endif /*OPENSSL_UTIL_H_ @}*/
index c4805aa..1291b6e 100644 (file)
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2008 Martin Willi
  * Copyright (C) 2000-2008 Andreas Steffen
  * Hochschule fuer Technik Rapperswil
@@ -62,6 +63,14 @@ static public_key_t *load(chunk_t blob)
                                {
                                        type = KEY_RSA;
                                }
+                               else if (oid == OID_EC_PUBLICKEY)
+                               {
+                                       /* we need the whole subjectPublicKeyInfo for EC public keys */
+                                       key = lib->creds->create(lib->creds,
+                                                               CRED_PUBLIC_KEY, KEY_ECDSA, BUILD_BLOB_ASN1_DER,
+                                                               chunk_clone(blob), BUILD_END);
+                                       goto end;
+                               }
                                else
                                {
                                        /* key type not supported */
index 06b7510..d604b5e 100644 (file)
@@ -923,6 +923,9 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer)
                case OID_SHA512_WITH_RSA:
                        scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
                        break;
+               case OID_ECDSA_WITH_SHA1:
+                       scheme = SIGN_ECDSA_WITH_SHA1;
+                       break;
                default:
                        return FALSE;
        }
index 7511e84..989faee 100644 (file)
@@ -877,6 +877,7 @@ extern const char *prettypolicy(lset_t policy);
 #define POLICY_BEET            LELEM(22)       /* bound end2end tunnel, IKEv2 */
 #define POLICY_MOBIKE          LELEM(23)       /* enable MOBIKE for IKEv2  */
 #define POLICY_FORCE_ENCAP     LELEM(24)       /* force UDP encapsulation (IKEv2)  */
+#define POLICY_ECDSASIG        LELEM(25)   /* ecdsa signature (IKEv2) */
 
 /* Any IPsec policy?  If not, a connection description
  * is only for ISAKMP SA, not IPSEC SA.  (A pun, I admit.)
index d1777cd..3794992 100644 (file)
@@ -535,10 +535,12 @@ load_conn(starter_conn_t *conn, kw_list_t *kw, starter_config_t *cfg)
                                /* also handles the cases secret|rsasig and rsasig|secret */
                                for (;;)
                                {
-                                       if (streq(value, "rsasig"))
+                                       if (streq(value, "rsa") || streq(value, "rsasig"))
                                                conn->policy |= POLICY_RSASIG | POLICY_ENCRYPT;
                                        else if (streq(value, "secret") || streq(value, "psk"))
                                                conn->policy |= POLICY_PSK | POLICY_ENCRYPT;
+                                       else if (streq(value, "ecdsa") || streq(value, "ecdsasig"))
+                                               conn->policy |= POLICY_ECDSASIG | POLICY_ENCRYPT;
                                        else if (streq(value, "xauthrsasig"))
                                                conn->policy |= POLICY_XAUTH_RSASIG | POLICY_ENCRYPT;
                                        else if (streq(value, "xauthpsk"))
index b3b0881..0183c26 100644 (file)
 #include "files.h"
 
 /**
- * Authentication mehtods, must be the same values as in charon
+ * Authentication mehtods, must be the same as in charon
  */
 enum auth_method_t {
-       AUTH_RSA = 1,
-       AUTH_PSK = 2,
-       AUTH_DSS = 3,
-       AUTH_EAP = 201,
+       AUTH_PUBKEY = 0,
+       AUTH_PSK,
+       AUTH_EAP,
 };
 
 static char* push_string(stroke_msg_t *msg, char *string)
@@ -213,10 +212,10 @@ int starter_stroke_add_conn(starter_config_t *cfg, starter_conn_t *conn)
        msg.add_conn.ikev2 = conn->keyexchange == KEY_EXCHANGE_IKEV2;
        msg.add_conn.name = push_string(&msg, connection_name(conn));
        
-       /* RSA is preferred before PSK and EAP */
-       if (conn->policy & POLICY_RSASIG)
+       /* PUBKEY is preferred to PSK and EAP */
+       if (conn->policy & POLICY_RSASIG || conn->policy & POLICY_ECDSASIG)
        {
-               msg.add_conn.auth_method = AUTH_RSA;
+               msg.add_conn.auth_method = AUTH_PUBKEY;
        }
        else if (conn->policy & POLICY_PSK)
        {