gcrypt RSA private key implementation
authorMartin Willi <martin@strongswan.org>
Mon, 8 Jun 2009 09:01:24 +0000 (11:01 +0200)
committerMartin Willi <martin@strongswan.org>
Tue, 9 Jun 2009 09:27:11 +0000 (11:27 +0200)
src/libstrongswan/plugins/gcrypt/Makefile.am
src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c [new file with mode: 0644]
src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h [new file with mode: 0644]

index 35007e3..cf251b8 100644 (file)
@@ -6,6 +6,7 @@ AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS)
 plugin_LTLIBRARIES = libstrongswan-gcrypt.la
 
 libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
+       gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \
        gcrypt_dh.h gcrypt_dh.c \
        gcrypt_rng.h gcrypt_rng.c \
        gcrypt_crypter.h gcrypt_crypter.c \
index 04eb512..f1ccf0f 100644 (file)
@@ -19,6 +19,7 @@
 #include "gcrypt_crypter.h"
 #include "gcrypt_rng.h"
 #include "gcrypt_dh.h"
+#include "gcrypt_rsa_private_key.h"
 
 #include <library.h>
 #include <debug.h>
@@ -104,6 +105,8 @@ static void destroy(private_gcrypt_plugin_t *this)
                                        (rng_constructor_t)gcrypt_rng_create);
        lib->crypto->remove_dh(lib->crypto,
                                        (dh_constructor_t)gcrypt_dh_create);
+       lib->creds->remove_builder(lib->creds,
+                                       (builder_constructor_t)gcrypt_rsa_private_key_builder);
        free(this);
 }
 
@@ -194,6 +197,10 @@ plugin_t *plugin_create()
        lib->crypto->add_dh(lib->crypto, MODP_768_BIT, 
                                        (dh_constructor_t)gcrypt_dh_create);
        
+       /* RSA */
+       lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+                                       (builder_constructor_t)gcrypt_rsa_private_key_builder);
+       
        return &this->public.plugin;
 }
 
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
new file mode 100644 (file)
index 0000000..8a65eec
--- /dev/null
@@ -0,0 +1,643 @@
+/*
+ * Copyright (C) 2005-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <gcrypt.h>
+
+#include "gcrypt_rsa_private_key.h"
+
+#include <debug.h>
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+
+typedef struct private_gcrypt_rsa_private_key_t private_gcrypt_rsa_private_key_t;
+
+/**
+ * Private data of a gcrypt_rsa_private_key_t object.
+ */
+struct private_gcrypt_rsa_private_key_t {
+       
+       /**
+        * Public interface
+        */
+       gcrypt_rsa_private_key_t public;
+       
+       /**
+        * gcrypt S-expression representing an RSA key
+        */
+       gcry_sexp_t key;
+       
+       /**
+        * Keyid formed as a SHA-1 hash of a publicKey object
+        */
+       identification_t* keyid;
+       
+       /**
+        * Keyid formed as a SHA-1 hash of a publicKeyInfo object
+        */
+       identification_t* keyid_info;
+       
+       /**
+        * reference count
+        */
+       refcount_t ref;
+};
+
+/**
+ * find a token in a S-expression
+ */
+static chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name)
+{
+       gcry_sexp_t token;
+       chunk_t data = chunk_empty;
+       
+       token = gcry_sexp_find_token(sexp, name, 1);
+       if (token)
+       {
+               data.ptr = (char*)gcry_sexp_nth_data(token, 1, &data.len);
+               if (!data.ptr)
+               {
+                       data.len = 0;
+               }
+               data = chunk_clone(data);
+               gcry_sexp_release(token);
+       }
+       return data;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key_t.build_emsa_pkcs1_signature.
+ */
+static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
+                                          hash_algorithm_t hash_algorithm, char *hash_name,
+                                          chunk_t data, chunk_t *signature)
+{
+       hasher_t *hasher;
+       chunk_t hash;
+       gcry_error_t err;
+       gcry_sexp_t in, out;
+       int hash_oid;
+       
+       hash_oid = hasher_algorithm_to_oid(hash_algorithm);
+       if (hash_oid == OID_UNKNOWN)
+       {
+               return FALSE;
+       }
+       hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
+       if (!hasher)
+       {
+               return FALSE;
+       }
+       hasher->allocate_hash(hasher, data, &hash);
+       hasher->destroy(hasher);
+       
+       err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
+                                                 hash_name, hash.len, hash.ptr);
+       chunk_free(&hash);
+       if (err)
+       {
+               DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+               return FALSE;
+       }
+       err = gcry_pk_sign(&out, in, this->key);
+       gcry_sexp_release(in);
+       if (err)
+       {
+               DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err));
+               return FALSE;
+       }
+       *signature = gcrypt_rsa_find_token(out, "s");
+       gcry_sexp_release(out);
+       return !!signature->len;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static key_type_t get_type(private_gcrypt_rsa_private_key_t *this)
+{
+       return KEY_RSA;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme, 
+                                chunk_t data, chunk_t *sig)
+{
+       switch (scheme)
+       {
+               case SIGN_DEFAULT:
+                       /* default is EMSA-PKCS1 using SHA1 */
+               case SIGN_RSA_EMSA_PKCS1_SHA1:
+                       return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
+               case SIGN_RSA_EMSA_PKCS1_SHA256:
+                       return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig);
+               case SIGN_RSA_EMSA_PKCS1_SHA384:
+                       return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig);
+               case SIGN_RSA_EMSA_PKCS1_SHA512:
+                       return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig);
+               case SIGN_RSA_EMSA_PKCS1_MD5:
+                       return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
+               default:
+                       DBG1("signature scheme %N not supported in RSA",
+                                signature_scheme_names, scheme);
+                       return FALSE;
+       }
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static bool decrypt(private_gcrypt_rsa_private_key_t *this,
+                                       chunk_t crypto, chunk_t *plain)
+{
+       DBG1("RSA private key decryption not implemented");
+       return FALSE;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.get_keysize.
+ */
+static size_t get_keysize(private_gcrypt_rsa_private_key_t *this)
+{
+       return gcry_pk_get_nbits(this->key) / 8;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static identification_t* get_id(private_gcrypt_rsa_private_key_t *this,
+                                                               id_type_t type)
+{
+       switch (type)
+       {
+               case ID_PUBKEY_INFO_SHA1:
+                       return this->keyid_info;
+               case ID_PUBKEY_SHA1:
+                       return this->keyid;
+               default:
+                       return NULL;
+       }
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.get_public_key.
+ */
+static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this)
+{
+       return NULL;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.equals.
+ */
+static bool equals(private_gcrypt_rsa_private_key_t *this, private_key_t *other)
+{
+       identification_t *keyid;
+
+       if (&this->public.interface == other)
+       {
+               return TRUE;
+       }
+       if (other->get_type(other) != KEY_RSA)
+       {
+               return FALSE;
+       }
+       keyid = other->get_id(other, ID_PUBKEY_SHA1);
+       if (keyid && keyid->equals(keyid, this->keyid))
+       {
+               return TRUE;
+       }
+       keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
+       if (keyid && keyid->equals(keyid, this->keyid_info))
+       {
+               return TRUE;
+       }
+       return FALSE;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.belongs_to.
+ */
+static bool belongs_to(private_gcrypt_rsa_private_key_t *this,
+                                          public_key_t *public)
+{
+       identification_t *keyid;
+       
+       if (public->get_type(public) != KEY_RSA)
+       {
+               return FALSE;
+       }
+       keyid = public->get_id(public, ID_PUBKEY_SHA1);
+       if (keyid && keyid->equals(keyid, this->keyid))
+       {
+               return TRUE;
+       }
+       keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
+       if (keyid && keyid->equals(keyid, this->keyid_info))
+       {
+               return TRUE;
+       }
+       return FALSE;
+}
+
+/**
+ * Implementation of private_key_t.get_encoding.
+ */
+static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
+{
+       chunk_t cp, cq, cd, cexp1 = chunk_empty, cexp2 = chunk_empty;
+       gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2;
+       gcry_error_t err;
+       
+       /* p and q are swapped, gcrypt expects p < q */
+       cp = gcrypt_rsa_find_token(this->key, "q");
+       cq = gcrypt_rsa_find_token(this->key, "p");
+       cd = gcrypt_rsa_find_token(this->key, "d");
+       
+       err = gcry_mpi_scan(&p, GCRYMPI_FMT_USG, cp.ptr, cp.len, NULL)
+               | gcry_mpi_scan(&q, GCRYMPI_FMT_USG, cq.ptr, cq.len, NULL)
+               | gcry_mpi_scan(&d, GCRYMPI_FMT_USG, cd.ptr, cd.len, NULL);
+       if (err)
+       {
+               gcry_mpi_release(p);
+               gcry_mpi_release(q);
+               gcry_mpi_release(d);
+               chunk_clear(&cp);
+               chunk_clear(&cq);
+               chunk_clear(&cd);
+               DBG1("scanning mpi for export failed: %s", gpg_strerror(err));
+               return chunk_empty;
+       }
+       
+       gcry_mpi_sub_ui(p, p, 1);
+       exp1 = gcry_mpi_new(gcry_pk_get_nbits(this->key));
+       gcry_mpi_mod(exp1, d, p);
+       gcry_mpi_release(p);
+       
+       gcry_mpi_sub_ui(q, q, 1);
+       exp2 = gcry_mpi_new(gcry_pk_get_nbits(this->key));
+       gcry_mpi_mod(exp1, d, q);
+       gcry_mpi_release(q);
+       
+       err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp1.ptr, &cexp1.len, exp1)
+               | gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp2.ptr, &cexp2.len, exp2);
+       
+       gcry_mpi_release(d);
+       gcry_mpi_release(exp1);
+       gcry_mpi_release(exp2);
+       
+       if (err)
+       {
+               DBG1("printing mpi for export failed: %s", gpg_strerror(err));
+               chunk_clear(&cp);
+               chunk_clear(&cq);
+               chunk_clear(&cd);
+               chunk_clear(&cexp1);
+               chunk_clear(&cexp2);
+               return chunk_empty;
+       }
+       
+       return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", ASN1_INTEGER_0,
+                       asn1_wrap(ASN1_INTEGER, "m", gcrypt_rsa_find_token(this->key, "n")),
+                       asn1_wrap(ASN1_INTEGER, "m", gcrypt_rsa_find_token(this->key, "e")),
+                       asn1_wrap(ASN1_INTEGER, "m", cd),
+                       asn1_wrap(ASN1_INTEGER, "m", cp),
+                       asn1_wrap(ASN1_INTEGER, "m", cq),
+                       asn1_wrap(ASN1_INTEGER, "m", cexp1),
+                       asn1_wrap(ASN1_INTEGER, "m", cexp2),
+                       asn1_wrap(ASN1_INTEGER, "m", gcrypt_rsa_find_token(this->key, "u")));
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.get_ref.
+ */
+static private_key_t* get_ref(private_gcrypt_rsa_private_key_t *this)
+{
+       ref_get(&this->ref);
+       return &this->public.interface;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static void destroy(private_gcrypt_rsa_private_key_t *this)
+{
+       if (ref_put(&this->ref))
+       {
+               DESTROY_IF(this->keyid);
+               DESTROY_IF(this->keyid_info);
+               gcry_sexp_release(this->key);
+               free(this);
+       }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty()
+{
+       private_gcrypt_rsa_private_key_t *this = malloc_thing(private_gcrypt_rsa_private_key_t);
+       
+       this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
+       this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
+       this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
+       this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
+       this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
+       this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
+       this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
+       this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
+       this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
+       this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
+       this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
+       
+       this->key = NULL;
+       this->keyid = NULL;
+       this->keyid_info = NULL;
+       this->ref = 1;
+       
+       return this;
+}
+
+/**
+ * build the keyids of a private/public key
+ */
+static bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid,
+                                                                       identification_t **keyid_info)
+{
+       chunk_t publicKeyInfo, publicKey, hash;
+       hasher_t *hasher;
+       
+       hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+       if (!hasher)
+       {
+               DBG1("SHA1 hash algorithm not supported, unable to use RSA");
+               return FALSE;
+       }
+       publicKey = asn1_wrap(ASN1_SEQUENCE, "mm",
+                                asn1_wrap(ASN1_INTEGER, "m", gcrypt_rsa_find_token(key, "n")),
+                                asn1_wrap(ASN1_INTEGER, "m", gcrypt_rsa_find_token(key, "e")));
+       hasher->allocate_hash(hasher, publicKey, &hash);
+       *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
+       chunk_free(&hash);
+       
+       publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+                                               asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
+                                               asn1_bitstring("m", publicKey));
+       hasher->allocate_hash(hasher, publicKeyInfo, &hash);
+       *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash);
+       chunk_free(&hash);
+       
+       hasher->destroy(hasher);
+       chunk_free(&publicKeyInfo);
+       
+       return TRUE;
+}
+
+/**
+ * Generate an RSA key of specified key size
+ */
+static gcrypt_rsa_private_key_t *generate(size_t key_size)
+{
+       private_gcrypt_rsa_private_key_t *this;
+       gcry_sexp_t param, key;
+       gcry_error_t err;
+       
+       err = gcry_sexp_build(&param, NULL, "(genkey(rsa(nbits %d)))", key_size);
+       if (err)
+       {
+               DBG1("building S-expression failed: %s", gpg_strerror(err));
+               return NULL;
+       }
+       
+       err = gcry_pk_genkey(&key, param);
+       gcry_sexp_release(param);
+       if (err)
+       {
+               DBG1("generating RSA key failed: %s", gpg_strerror(err));
+               return NULL;
+       }
+       this = gcrypt_rsa_private_key_create_empty();
+       this->key = key;
+       
+       if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
+       {
+               destroy(this);
+               return NULL;
+       }
+       
+       return &this->public;
+}
+
+/**
+ * ASN.1 definition of a PKCS#1 RSA private key
+ */
+static const asn1Object_t privkeyObjects[] = {
+       { 0, "RSAPrivateKey",           ASN1_SEQUENCE,     ASN1_NONE }, /*  0 */
+       { 1,   "version",                       ASN1_INTEGER,      ASN1_BODY }, /*  1 */
+       { 1,   "modulus",                       ASN1_INTEGER,      ASN1_BODY }, /*  2 */
+       { 1,   "publicExponent",        ASN1_INTEGER,      ASN1_BODY }, /*  3 */
+       { 1,   "privateExponent",       ASN1_INTEGER,      ASN1_BODY }, /*  4 */
+       { 1,   "prime1",                        ASN1_INTEGER,      ASN1_BODY }, /*  5 */
+       { 1,   "prime2",                        ASN1_INTEGER,      ASN1_BODY }, /*  6 */
+       { 1,   "exponent1",                     ASN1_INTEGER,      ASN1_BODY }, /*  7 */
+       { 1,   "exponent2",                     ASN1_INTEGER,      ASN1_BODY }, /*  8 */
+       { 1,   "coefficient",           ASN1_INTEGER,      ASN1_BODY }, /*  9 */
+       { 1,   "otherPrimeInfos",       ASN1_SEQUENCE,     ASN1_OPT |
+                                                                                                  ASN1_LOOP }, /* 10 */
+       { 2,     "otherPrimeInfo",      ASN1_SEQUENCE,     ASN1_NONE }, /* 11 */
+       { 3,       "prime",                     ASN1_INTEGER,      ASN1_BODY }, /* 12 */
+       { 3,       "exponent",          ASN1_INTEGER,      ASN1_BODY }, /* 13 */
+       { 3,       "coefficient",       ASN1_INTEGER,      ASN1_BODY }, /* 14 */
+       { 1,   "end opt or loop",       ASN1_EOC,          ASN1_END  }, /* 15 */
+       { 0, "exit",                            ASN1_EOC,          ASN1_EXIT }
+};
+#define PRIV_KEY_VERSION                1
+#define PRIV_KEY_MODULUS                2
+#define PRIV_KEY_PUB_EXP                3
+#define PRIV_KEY_PRIV_EXP               4
+#define PRIV_KEY_PRIME1                         5
+#define PRIV_KEY_PRIME2                         6
+#define PRIV_KEY_EXP1                   7
+#define PRIV_KEY_EXP2                   8
+#define PRIV_KEY_COEFF                  9
+
+/**
+ * load private key from a ASN1 encoded blob
+ */
+static gcrypt_rsa_private_key_t *load(chunk_t blob)
+{
+       private_gcrypt_rsa_private_key_t *this;
+       asn1_parser_t *parser;
+       chunk_t object;
+       int objectID ;
+       bool success = FALSE;
+       chunk_t n, e, d, u, p, q;
+       gcry_error_t err;
+       
+       parser = asn1_parser_create(privkeyObjects, blob);
+       parser->set_flags(parser, FALSE, TRUE);
+       
+       while (parser->iterate(parser, &objectID, &object))
+       {
+               switch (objectID)
+               {
+                       case PRIV_KEY_VERSION:
+                               if (object.len > 0 && *object.ptr != 0)
+                               {
+                                       goto end;
+                               }
+                               break;
+                       case PRIV_KEY_MODULUS:
+                               n = object;
+                               break;
+                       case PRIV_KEY_PUB_EXP:
+                               e = object;
+                               break;
+                       case PRIV_KEY_PRIV_EXP:
+                               d = object;
+                               break;
+                       case PRIV_KEY_PRIME1:
+                               /* p and q are swapped, as gcrypt expects p < q */
+                               q = object;
+                               break;
+                       case PRIV_KEY_PRIME2:
+                               p = object;
+                               break;
+                       case PRIV_KEY_EXP1:
+                       case PRIV_KEY_EXP2:
+                               break;
+                       case PRIV_KEY_COEFF:
+                               u = object;
+                               break;
+               }
+       }
+       success = parser->success(parser);
+       
+end:
+       parser->destroy(parser);
+       
+       if (!success)
+       {
+               return NULL;
+       }
+       
+       this = gcrypt_rsa_private_key_create_empty();
+       err = gcry_sexp_build(&this->key, NULL,
+                                       "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
+                                       n.len, n.ptr, e.len, e.ptr, d.len, d.ptr,
+                                       p.len, p.ptr, q.len, q.ptr, u.len, u.ptr);
+       if (err)
+       {
+               DBG1("loading private key failed: %s", gpg_strerror(err));
+               free(this);
+               return NULL;
+       }
+       err = gcry_pk_testkey(this->key);
+       if (err)
+       {
+               DBG1("private key sanity check failed: %s", gpg_strerror(err));
+               destroy(this);
+               return NULL;
+       }
+       if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
+       {
+               destroy(this);
+               return NULL;
+       }
+       return &this->public;
+}
+
+typedef struct private_builder_t private_builder_t;
+
+/**
+ * Builder implementation for key loading/generation
+ */
+struct private_builder_t {
+       /** implements the builder interface */
+       builder_t public;
+       /** loaded/generated private key */
+       gcrypt_rsa_private_key_t *key;
+};
+
+/**
+ * Implementation of builder_t.build
+ */
+static gcrypt_rsa_private_key_t *build(private_builder_t *this)
+{
+       gcrypt_rsa_private_key_t *key = this->key;
+       
+       free(this);
+       return key;
+}
+
+/**
+ * Implementation of builder_t.add
+ */
+static void add(private_builder_t *this, builder_part_t part, ...)
+{
+       if (!this->key)
+       {
+               va_list args;
+               
+               switch (part)
+               {
+                       case BUILD_BLOB_ASN1_DER:
+                       {
+                               va_start(args, part);
+                               this->key = load(va_arg(args, chunk_t));
+                               va_end(args);
+                               return;
+                       }
+                       case BUILD_KEY_SIZE:
+                       {
+                               va_start(args, part);
+                               this->key = generate(va_arg(args, u_int));
+                               va_end(args);
+                               return;
+                       }
+                       default:
+                               break;
+               }
+       }
+       if (this->key)
+       {
+               destroy((private_gcrypt_rsa_private_key_t*)this->key);
+       }
+       builder_cancel(&this->public);
+}
+
+/**
+ * Builder construction function
+ */
+builder_t *gcrypt_rsa_private_key_builder(key_type_t type)
+{
+       private_builder_t *this;
+       
+       if (type != KEY_RSA)
+       {
+               return NULL;
+       }
+       
+       this = malloc_thing(private_builder_t);
+       
+       this->key = NULL;
+       this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
+       this->public.build = (void*(*)(builder_t *this))build;
+       
+       return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
new file mode 100644 (file)
index 0000000..2edd7ce
--- /dev/null
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcrypt_rsa_private_key gcrypt_rsa_private_key
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_RSA_PRIVATE_KEY_H_
+#define GCRYPT_RSA_PRIVATE_KEY_H_
+
+#include <credentials/keys/private_key.h>
+
+typedef struct gcrypt_rsa_private_key_t gcrypt_rsa_private_key_t;
+
+/**
+ * Private_key_t implementation of RSA algorithm using libgcrypt.
+ */
+struct gcrypt_rsa_private_key_t {
+       
+       /**
+        * Implements private_key_t interface
+        */
+       private_key_t interface;
+};
+
+/**
+ * Create the builder for a private key.
+ *
+ * @param type         type of the key, must be KEY_RSA
+ * @return                     builder instance
+ */
+builder_t *gcrypt_rsa_private_key_builder(key_type_t type);
+
+#endif /** GCRYPT_RSA_PRIVATE_KEY_H_ @}*/