X-Git-Url: http://git.silcnet.org/gitweb/?p=silc.git;a=blobdiff_plain;f=lib%2Fsilccrypt%2Fsilcpkcs.c;h=9611866171e7af8ba286dc5dc92cfb7a1a5102ea;hp=83a16d005e4bb6073164dfbc77d171d21c95e274;hb=e7b6c157b80152bf9fb9266e6bdd93f9fb0db776;hpb=ecb19b3983b3e74bc4aaa82277abd125c53c3623 diff --git a/lib/silccrypt/silcpkcs.c b/lib/silccrypt/silcpkcs.c index 83a16d00..96118661 100644 --- a/lib/silccrypt/silcpkcs.c +++ b/lib/silccrypt/silcpkcs.c @@ -1,10 +1,10 @@ /* - silcpkcs.c + silcpkcs.c Author: Pekka Riikonen - Copyright (C) 1997 - 2002 Pekka Riikonen + Copyright (C) 1997 - 2007 Pekka Riikonen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,97 +18,245 @@ */ /* $Id$ */ -#include "silcincludes.h" +#include "silc.h" +#include "silcpk_i.h" +#include "silcpkcs1_i.h" +#include "dsa.h" +#ifdef SILC_DIST_SSH +#include "silcssh_pkcs.h" +#endif /* SILC_DIST_SSH */ -#include "rsa.h" -#include "pkcs1.h" - -/* The main SILC PKCS structure. */ -struct SilcPKCSStruct { - void *context; /* Algorithm internal context */ - SilcPKCSObject *pkcs; /* Algorithm implementation */ - SilcUInt32 key_len; /* Key length in bits */ -}; - -#ifndef SILC_EPOC +#ifndef SILC_SYMBIAN /* Dynamically registered list of PKCS. */ SilcDList silc_pkcs_list = NULL; +SilcDList silc_pkcs_alg_list = NULL; #define SILC_PKCS_LIST silc_pkcs_list +#define SILC_PKCS_ALG_LIST silc_pkcs_alg_list #else #define SILC_PKCS_LIST TRUE -#endif /* SILC_EPOC */ +#define SILC_PKCS_ALG_LIST TRUE +#endif /* SILC_SYMBIAN */ /* Static list of PKCS for silc_pkcs_register_default(). */ const SilcPKCSObject silc_default_pkcs[] = { - /* RSA with PKCS #1 (Uses directly routines from Raw RSA operations) */ - { "rsa", - silc_rsa_init, silc_rsa_clear_keys, silc_rsa_get_public_key, - silc_rsa_get_private_key, silc_rsa_set_public_key, - silc_rsa_set_private_key, silc_rsa_context_len, - silc_pkcs1_encrypt, silc_pkcs1_decrypt, - silc_pkcs1_sign, silc_pkcs1_verify }, - - /* Raw RSA operations */ - { "rsa-raw", - silc_rsa_init, silc_rsa_clear_keys, silc_rsa_get_public_key, - silc_rsa_get_private_key, silc_rsa_set_public_key, - silc_rsa_set_private_key, silc_rsa_context_len, - silc_rsa_encrypt, silc_rsa_decrypt, - silc_rsa_sign, silc_rsa_verify }, - - { NULL, NULL, NULL, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, NULL } + /* SILC PKCS */ + { + SILC_PKCS_SILC, + silc_pkcs_silc_get_algorithm, + silc_pkcs_silc_import_public_key_file, + silc_pkcs_silc_import_public_key, + silc_pkcs_silc_export_public_key_file, + silc_pkcs_silc_export_public_key, + silc_pkcs_silc_public_key_bitlen, + silc_pkcs_silc_public_key_copy, + silc_pkcs_silc_public_key_compare, + silc_pkcs_silc_public_key_free, + silc_pkcs_silc_import_private_key_file, + silc_pkcs_silc_import_private_key, + silc_pkcs_silc_export_private_key_file, + silc_pkcs_silc_export_private_key, + silc_pkcs_silc_private_key_bitlen, + silc_pkcs_silc_private_key_free, + silc_pkcs_silc_encrypt, + silc_pkcs_silc_decrypt, + silc_pkcs_silc_sign, + silc_pkcs_silc_verify, + }, + +#ifdef SILC_DIST_SSH + /* SSH2 PKCS */ + { + SILC_PKCS_SSH2, + silc_pkcs_ssh_get_algorithm, + silc_pkcs_ssh_import_public_key_file, + silc_pkcs_ssh_import_public_key, + silc_pkcs_ssh_export_public_key_file, + silc_pkcs_ssh_export_public_key, + silc_pkcs_ssh_public_key_bitlen, + silc_pkcs_ssh_public_key_copy, + silc_pkcs_ssh_public_key_compare, + silc_pkcs_ssh_public_key_free, + silc_pkcs_ssh_import_private_key_file, + silc_pkcs_ssh_import_private_key, + silc_pkcs_ssh_export_private_key_file, + silc_pkcs_ssh_export_private_key, + silc_pkcs_ssh_private_key_bitlen, + silc_pkcs_ssh_private_key_free, + silc_pkcs_ssh_encrypt, + silc_pkcs_ssh_decrypt, + silc_pkcs_ssh_sign, + silc_pkcs_ssh_verify, + }, +#endif /* SILC_DIST_SSH */ + + { + 0, NULL, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, NULL + } }; -/* Register a new PKCS into SILC. This is used at the initialization of - the SILC. */ +/* Builtin PKCS algorithms */ +const SilcPKCSAlgorithm silc_default_pkcs_alg[] = +{ + /* PKCS #1, Version 1.5 without hash OIDs */ + { + "rsa", + "pkcs1-no-oid", + "sha1,md5", + silc_pkcs1_generate_key, + silc_pkcs1_import_public_key, + silc_pkcs1_export_public_key, + silc_pkcs1_public_key_bitlen, + silc_pkcs1_public_key_copy, + silc_pkcs1_public_key_compare, + silc_pkcs1_public_key_free, + silc_pkcs1_import_private_key, + silc_pkcs1_export_private_key, + silc_pkcs1_private_key_bitlen, + silc_pkcs1_private_key_free, + silc_pkcs1_encrypt, + silc_pkcs1_decrypt, + silc_pkcs1_sign_no_oid, + silc_pkcs1_verify_no_oid + }, + + /* PKCS #1, Version 1.5 */ + { + "rsa", + "pkcs1", + "sha1,md5", + silc_pkcs1_generate_key, + silc_pkcs1_import_public_key, + silc_pkcs1_export_public_key, + silc_pkcs1_public_key_bitlen, + silc_pkcs1_public_key_copy, + silc_pkcs1_public_key_compare, + silc_pkcs1_public_key_free, + silc_pkcs1_import_private_key, + silc_pkcs1_export_private_key, + silc_pkcs1_private_key_bitlen, + silc_pkcs1_private_key_free, + silc_pkcs1_encrypt, + silc_pkcs1_decrypt, + silc_pkcs1_sign, + silc_pkcs1_verify + }, + + /* DSS */ + { + "dsa", + "dss", + "sha1", + silc_dsa_generate_key, + silc_dsa_import_public_key, + silc_dsa_export_public_key, + silc_dsa_public_key_bitlen, + silc_dsa_public_key_copy, + silc_dsa_public_key_compare, + silc_dsa_public_key_free, + silc_dsa_import_private_key, + silc_dsa_export_private_key, + silc_dsa_private_key_bitlen, + silc_dsa_private_key_free, + silc_dsa_encrypt, + silc_dsa_decrypt, + silc_dsa_sign, + silc_dsa_verify + }, + +#ifdef SILC_DIST_SSH + /* PKCS #1, SSH2 style public keys */ + { + "rsa", + "ssh", + "sha1", + silc_pkcs1_generate_key, + silc_ssh_rsa_import_public_key, + silc_ssh_rsa_export_public_key, + silc_pkcs1_public_key_bitlen, + silc_pkcs1_public_key_copy, + silc_pkcs1_public_key_compare, + silc_pkcs1_public_key_free, + silc_pkcs1_import_private_key, + silc_pkcs1_export_private_key, + silc_pkcs1_private_key_bitlen, + silc_pkcs1_private_key_free, + silc_pkcs1_encrypt, + silc_pkcs1_decrypt, + silc_pkcs1_sign, + silc_pkcs1_verify + }, + + /* DSS, SSH2 style public keys */ + { + "dsa", + "ssh", + "sha1", + silc_dsa_generate_key, + silc_ssh_dsa_import_public_key, + silc_ssh_dsa_export_public_key, + silc_dsa_public_key_bitlen, + silc_dsa_public_key_copy, + silc_dsa_public_key_compare, + silc_dsa_public_key_free, + silc_dsa_import_private_key, + silc_dsa_export_private_key, + silc_dsa_private_key_bitlen, + silc_dsa_private_key_free, + silc_dsa_encrypt, + silc_dsa_decrypt, + silc_dsa_sign, + silc_dsa_verify + }, +#endif /* SILC_DIST_SSH */ + + { + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL + } +}; -bool silc_pkcs_register(const SilcPKCSObject *pkcs) +/* Register a new PKCS */ + +SilcBool silc_pkcs_register(const SilcPKCSObject *pkcs) { -#ifndef SILC_EPOC - SilcPKCSObject *new; +#ifndef SILC_SYMBIAN + SilcPKCSObject *newpkcs; - SILC_LOG_DEBUG(("Registering new PKCS `%s'", pkcs->name)); + SILC_LOG_DEBUG(("Registering new PKCS")); /* Check if exists already */ if (silc_pkcs_list) { SilcPKCSObject *entry; silc_dlist_start(silc_pkcs_list); while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { - if (!strcmp(entry->name, pkcs->name)) + if (entry->type == pkcs->type) return FALSE; } } - new = silc_calloc(1, sizeof(*new)); - new->name = strdup(pkcs->name); - new->init = pkcs->init; - new->clear_keys = pkcs->clear_keys; - new->get_public_key = pkcs->get_public_key; - new->get_private_key = pkcs->get_private_key; - new->set_public_key = pkcs->set_public_key; - new->set_private_key = pkcs->set_private_key; - new->context_len = pkcs->context_len; - new->encrypt = pkcs->encrypt; - new->decrypt = pkcs->decrypt; - new->sign = pkcs->sign; - new->verify = pkcs->verify; + newpkcs = silc_calloc(1, sizeof(*newpkcs)); + if (!newpkcs) + return FALSE; + *newpkcs = *pkcs; /* Add to list */ if (silc_pkcs_list == NULL) silc_pkcs_list = silc_dlist_init(); - silc_dlist_add(silc_pkcs_list, new); + silc_dlist_add(silc_pkcs_list, newpkcs); -#endif /* SILC_EPOC */ +#endif /* SILC_SYMBIAN */ return TRUE; } -/* Unregister a PKCS from the SILC. */ +/* Unregister a PKCS */ -bool silc_pkcs_unregister(SilcPKCSObject *pkcs) +SilcBool silc_pkcs_unregister(SilcPKCSObject *pkcs) { -#ifndef SILC_EPOC +#ifndef SILC_SYMBIAN SilcPKCSObject *entry; SILC_LOG_DEBUG(("Unregistering PKCS")); @@ -120,7 +268,6 @@ bool silc_pkcs_unregister(SilcPKCSObject *pkcs) while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { if (pkcs == SILC_ALL_PKCS || entry == pkcs) { silc_dlist_del(silc_pkcs_list, entry); - silc_free(entry->name); silc_free(entry); if (silc_dlist_count(silc_pkcs_list) == 0) { @@ -132,796 +279,478 @@ bool silc_pkcs_unregister(SilcPKCSObject *pkcs) } } -#endif /* SILC_EPOC */ +#endif /* SILC_SYMBIAN */ return FALSE; } -/* Function that registers all the default PKCS (all builtin PKCS). - The application may use this to register the default PKCS if specific - PKCS in any specific order is not wanted. */ +/* Register algorithm */ -bool silc_pkcs_register_default(void) +SilcBool silc_pkcs_algorithm_register(const SilcPKCSAlgorithm *pkcs) { -#ifndef SILC_EPOC - int i; - - for (i = 0; silc_default_pkcs[i].name; i++) - silc_pkcs_register(&(silc_default_pkcs[i])); +#ifndef SILC_SYMBIAN + SilcPKCSAlgorithm *newalg; -#endif /* SILC_EPOC */ - return TRUE; -} + SILC_LOG_DEBUG(("Registering new PKCS algorithm %s", + pkcs->name)); -bool silc_pkcs_unregister_all(void) -{ -#ifndef SILC_EPOC - SilcPKCSObject *entry; + /* Check if exists already */ + if (silc_pkcs_alg_list) { + SilcPKCSAlgorithm *entry; + silc_dlist_start(silc_pkcs_alg_list); + while ((entry = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + if (!strcmp(entry->name, pkcs->name) && + entry->scheme && pkcs->scheme && + !strcmp(entry->scheme, pkcs->scheme)) + return FALSE; + } + } - if (!silc_pkcs_list) + newalg = silc_calloc(1, sizeof(*newalg)); + if (!newalg) return FALSE; - silc_dlist_start(silc_pkcs_list); - while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { - silc_pkcs_unregister(entry); - if (!silc_pkcs_list) - break; + *newalg = *pkcs; + newalg->name = strdup(pkcs->name); + if (!newalg->name) + return FALSE; + if (pkcs->scheme) { + newalg->scheme = strdup(pkcs->scheme); + if (!newalg->scheme) + return FALSE; } -#endif /* SILC_EPOC */ + newalg->hash = strdup(pkcs->hash); + if (!newalg->hash) + return FALSE; + + /* Add to list */ + if (silc_pkcs_alg_list == NULL) + silc_pkcs_alg_list = silc_dlist_init(); + silc_dlist_add(silc_pkcs_alg_list, newalg); + +#endif /* SILC_SYMBIAN */ return TRUE; } -/* Allocates a new SilcPKCS object. The new allocated object is returned - to the 'new_pkcs' argument. */ +/* Unregister algorithm */ -bool silc_pkcs_alloc(const unsigned char *name, SilcPKCS *new_pkcs) +SilcBool silc_pkcs_algorithm_unregister(SilcPKCSAlgorithm *pkcs) { - SilcPKCSObject *entry = NULL; +#ifndef SILC_SYMBIAN + SilcPKCSAlgorithm*entry; - SILC_LOG_DEBUG(("Allocating new PKCS object")); + SILC_LOG_DEBUG(("Unregistering PKCS algorithm")); -#ifndef SILC_EPOC - if (silc_pkcs_list) { - silc_dlist_start(silc_pkcs_list); - while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { - if (!strcmp(entry->name, name)) - break; - } - } -#else - { - /* On EPOC which don't have globals we check our constant hash list. */ - int i; - for (i = 0; silc_default_pkcs[i].name; i++) { - if (!strcmp(silc_default_pkcs[i].name, name)) { - entry = (SilcPKCSObject *)&(silc_default_pkcs[i]); - break; + if (!silc_pkcs_alg_list) + return FALSE; + + silc_dlist_start(silc_pkcs_alg_list); + while ((entry = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + if (pkcs == SILC_ALL_PKCS_ALG || entry == pkcs) { + silc_dlist_del(silc_pkcs_alg_list, entry); + silc_free(entry->name); + silc_free(entry->scheme); + silc_free(entry->hash); + silc_free(entry); + + if (silc_dlist_count(silc_pkcs_alg_list) == 0) { + silc_dlist_uninit(silc_pkcs_alg_list); + silc_pkcs_alg_list = NULL; } - } - } -#endif /* SILC_EPOC */ - if (entry) { - *new_pkcs = silc_calloc(1, sizeof(**new_pkcs)); - (*new_pkcs)->pkcs = entry; - (*new_pkcs)->context = silc_calloc(1, entry->context_len()); - return TRUE; + return TRUE; + } } +#endif /* SILC_SYMBIAN */ return FALSE; } -/* Free's the PKCS object */ +/* Function that registers all the default PKCS and PKCS algorithms. */ -void silc_pkcs_free(SilcPKCS pkcs) +SilcBool silc_pkcs_register_default(void) { - if (pkcs) { - pkcs->pkcs->clear_keys(pkcs->context); - silc_free(pkcs->context); - } - silc_free(pkcs); + /* We use builtin PKCS and algorithms */ + return TRUE; } -/* Return TRUE if PKCS algorithm `name' is supported. */ +/* Unregister all PKCS and algorithms */ -bool silc_pkcs_is_supported(const unsigned char *name) +SilcBool silc_pkcs_unregister_all(void) { -#ifndef SILC_EPOC +#ifndef SILC_SYMBIAN SilcPKCSObject *entry; + SilcPKCSAlgorithm *alg; if (silc_pkcs_list) { silc_dlist_start(silc_pkcs_list); while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { - if (!strcmp(entry->name, name)) - return TRUE; + silc_pkcs_unregister(entry); + if (!silc_pkcs_list) + break; } } -#else - { - int i; - for (i = 0; silc_default_pkcs[i].name; i++) - if (!strcmp(silc_default_pkcs[i].name, name)) - return TRUE; + + if (silc_pkcs_alg_list) { + silc_dlist_start(silc_pkcs_alg_list); + while ((alg = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + silc_pkcs_algorithm_unregister(alg); + if (!silc_pkcs_alg_list) + break; + } } -#endif /* SILC_EPOC */ - return FALSE; + +#endif /* SILC_SYMBIAN */ + return TRUE; } /* Returns comma separated list of supported PKCS algorithms */ char *silc_pkcs_get_supported(void) { - SilcPKCSObject *entry; + SilcPKCSAlgorithm *entry, *entry2; char *list = NULL; - int len = 0; + int i, len = 0; -#ifndef SILC_EPOC - if (silc_pkcs_list) { - silc_dlist_start(silc_pkcs_list); - while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { +#ifndef SILC_SYMBIAN + if (silc_pkcs_alg_list) { + silc_dlist_start(silc_pkcs_alg_list); + while ((entry = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { len += strlen(entry->name); list = silc_realloc(list, len + 1); - - memcpy(list + (len - strlen(entry->name)), - entry->name, strlen(entry->name)); - memcpy(list + len, ",", 1); - len++; - } - } -#else - { - int i; - for (i = 0; silc_default_pkcs[i].name; i++) { - entry = (SilcPKCSObject *)&(silc_default_pkcs[i]); - len += strlen(entry->name); - list = silc_realloc(list, len + 1); - - memcpy(list + (len - strlen(entry->name)), + if (!list) + return NULL; + + memcpy(list + (len - strlen(entry->name)), entry->name, strlen(entry->name)); memcpy(list + len, ",", 1); len++; } } -#endif /* SILC_EPOC */ +#endif /* SILC_SYMBIAN */ - list[len - 1] = 0; + for (i = 0; silc_default_pkcs_alg[i].name; i++) { + entry = (SilcPKCSAlgorithm *)&(silc_default_pkcs_alg[i]); - return list; -} - -/* Generate new key pair into the `pkcs' context. */ - -bool silc_pkcs_generate_key(SilcPKCS pkcs, SilcUInt32 bits_key_len, - SilcRng rng) -{ - return pkcs->pkcs->init(pkcs->context, bits_key_len, rng); -} - -/* Returns the length of the key */ + if (silc_pkcs_alg_list) { + silc_dlist_start(silc_pkcs_alg_list); + while ((entry2 = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + if (!strcmp(entry2->name, entry->name)) + break; + } + if (entry2) + continue; + } -SilcUInt32 silc_pkcs_get_key_len(SilcPKCS pkcs) -{ - return pkcs->key_len; -} + len += strlen(entry->name); + list = silc_realloc(list, len + 1); + if (!list) + return NULL; -const char *silc_pkcs_get_name(SilcPKCS pkcs) -{ - return pkcs->pkcs->name; -} + memcpy(list + (len - strlen(entry->name)), + entry->name, strlen(entry->name)); + memcpy(list + len, ",", 1); + len++; + } -/* Returns SILC style public key */ + list[len - 1] = 0; -unsigned char *silc_pkcs_get_public_key(SilcPKCS pkcs, SilcUInt32 *len) -{ - return pkcs->pkcs->get_public_key(pkcs->context, len); + return list; } -/* Returns SILC style private key */ +/* Finds PKCS object */ -unsigned char *silc_pkcs_get_private_key(SilcPKCS pkcs, SilcUInt32 *len) +const SilcPKCSObject *silc_pkcs_find_pkcs(SilcPKCSType type) { - return pkcs->pkcs->get_private_key(pkcs->context, len); -} - -/* Sets public key from SilcPublicKey. */ + SilcPKCSObject *entry; + int i; -SilcUInt32 silc_pkcs_public_key_set(SilcPKCS pkcs, SilcPublicKey public_key) -{ - pkcs->key_len = pkcs->pkcs->set_public_key(pkcs->context, public_key->pk, - public_key->pk_len); - return pkcs->key_len; -} +#ifndef SILC_SYMBIAN + if (silc_pkcs_list) { + silc_dlist_start(silc_pkcs_list); + while ((entry = silc_dlist_get(silc_pkcs_list)) != SILC_LIST_END) { + if (entry->type == type) + return (const SilcPKCSObject *)entry; + } + } +#endif /* SILC_SYMBIAN */ -/* Sets public key from data. */ + for (i = 0; silc_default_pkcs[i].type; i++) { + entry = (SilcPKCSObject *)&(silc_default_pkcs[i]); + if (entry->type == type) + return (const SilcPKCSObject *)entry; + } -SilcUInt32 silc_pkcs_public_key_data_set(SilcPKCS pkcs, unsigned char *pk, - SilcUInt32 pk_len) -{ - pkcs->key_len = pkcs->pkcs->set_public_key(pkcs->context, pk, pk_len); - return pkcs->key_len; + return NULL; } -/* Sets private key from SilcPrivateKey. */ +/* Finds PKCS algorithms object */ -SilcUInt32 silc_pkcs_private_key_set(SilcPKCS pkcs, SilcPrivateKey private_key) +const SilcPKCSAlgorithm *silc_pkcs_find_algorithm(const char *algorithm, + const char *scheme) { - SilcUInt32 key_len; - key_len = pkcs->pkcs->set_private_key(pkcs->context, private_key->prv, - private_key->prv_len); - if (!pkcs->key_len) - pkcs->key_len = key_len; - return pkcs->key_len; -} - -/* Sets private key from data. */ + SilcPKCSAlgorithm *entry; + int i; -SilcUInt32 silc_pkcs_private_key_data_set(SilcPKCS pkcs, unsigned char *prv, - SilcUInt32 prv_len) -{ - SilcUInt32 key_len; - key_len = pkcs->pkcs->set_private_key(pkcs->context, prv, prv_len); - if (!pkcs->key_len) - pkcs->key_len = key_len; - return pkcs->key_len; -} +#ifndef SILC_SYMBIAN + if (silc_pkcs_alg_list) { + silc_dlist_start(silc_pkcs_alg_list); + while ((entry = silc_dlist_get(silc_pkcs_alg_list)) != SILC_LIST_END) { + if (!strcmp(entry->name, algorithm) && + (!scheme || !entry->scheme || !strcmp(entry->scheme, scheme))) + return (const SilcPKCSAlgorithm *)entry; + } + } +#endif /* SILC_SYMBIAN */ -/* Encrypts */ + for (i = 0; silc_default_pkcs_alg[i].name; i++) { + entry = (SilcPKCSAlgorithm *)&(silc_default_pkcs_alg[i]); + if (!strcmp(entry->name, algorithm) && + (!scheme || !entry->scheme || !strcmp(entry->scheme, scheme))) + return (const SilcPKCSAlgorithm *)entry; + } -bool silc_pkcs_encrypt(SilcPKCS pkcs, unsigned char *src, SilcUInt32 src_len, - unsigned char *dst, SilcUInt32 *dst_len) -{ - return pkcs->pkcs->encrypt(pkcs->context, src, src_len, dst, dst_len); + return NULL; } -/* Decrypts */ +/* Returns PKCS context */ -bool silc_pkcs_decrypt(SilcPKCS pkcs, unsigned char *src, SilcUInt32 src_len, - unsigned char *dst, SilcUInt32 *dst_len) +const SilcPKCSObject *silc_pkcs_get_pkcs(void *key) { - return pkcs->pkcs->decrypt(pkcs->context, src, src_len, dst, dst_len); + SilcPublicKey public_key = key; + return public_key->pkcs; } -/* Generates signature */ +/* Returns PKCS algorithm context */ -bool silc_pkcs_sign(SilcPKCS pkcs, unsigned char *src, SilcUInt32 src_len, - unsigned char *dst, SilcUInt32 *dst_len) +const SilcPKCSAlgorithm *silc_pkcs_get_algorithm(void *key) { - return pkcs->pkcs->sign(pkcs->context, src, src_len, dst, dst_len); + SilcPublicKey public_key = key; + return public_key->alg; } -/* Verifies signature */ +/* Return algorithm name */ -bool silc_pkcs_verify(SilcPKCS pkcs, unsigned char *signature, - SilcUInt32 signature_len, unsigned char *data, - SilcUInt32 data_len) +const char *silc_pkcs_get_name(void *key) { - return pkcs->pkcs->verify(pkcs->context, signature, signature_len, - data, data_len); + const SilcPKCSAlgorithm *pkcs = silc_pkcs_get_algorithm(key); + return pkcs->name; } -/* Generates signature with hash. The hash is signed. */ +/* Returns PKCS type */ -bool silc_pkcs_sign_with_hash(SilcPKCS pkcs, SilcHash hash, - unsigned char *src, SilcUInt32 src_len, - unsigned char *dst, SilcUInt32 *dst_len) +SilcPKCSType silc_pkcs_get_type(void *key) { - unsigned char hashr[32]; - SilcUInt32 hash_len; - int ret; - - silc_hash_make(hash, src, src_len, hashr); - hash_len = silc_hash_len(hash); - - SILC_LOG_HEXDUMP(("Hash"), hashr, hash_len); - - ret = pkcs->pkcs->sign(pkcs->context, hashr, hash_len, dst, dst_len); - memset(hashr, 0, sizeof(hashr)); - - return ret; + SilcPublicKey public_key = key; + return public_key->pkcs->type; } -/* Verifies signature with hash. The `data' is hashed and verified against - the `signature'. */ +/* Allocates new public key from the key data */ -bool silc_pkcs_verify_with_hash(SilcPKCS pkcs, SilcHash hash, - unsigned char *signature, - SilcUInt32 signature_len, - unsigned char *data, - SilcUInt32 data_len) +SilcBool silc_pkcs_public_key_alloc(SilcPKCSType type, + unsigned char *key, + SilcUInt32 key_len, + SilcPublicKey *ret_public_key) { - unsigned char hashr[32]; - SilcUInt32 hash_len; - int ret; - - silc_hash_make(hash, data, data_len, hashr); - hash_len = silc_hash_len(hash); - - SILC_LOG_HEXDUMP(("Hash"), hashr, hash_len); - - ret = pkcs->pkcs->verify(pkcs->context, signature, signature_len, - hashr, hash_len); - memset(hashr, 0, sizeof(hashr)); - - return ret; -} - -/* Encodes and returns SILC public key identifier. If some of the - arguments is NULL those are not encoded into the identifier string. - Protocol says that at least username and host must be provided. */ - -char *silc_pkcs_encode_identifier(char *username, char *host, char *realname, - char *email, char *org, char *country) -{ - SilcBuffer buf; - char *identifier; - SilcUInt32 len, tlen = 0; - - if (!username || !host) - return NULL; - - len = (username ? strlen(username) : 0) + - (host ? strlen(host) : 0) + - (realname ? strlen(realname) : 0) + - (email ? strlen(email) : 0) + - (org ? strlen(org) : 0) + - (country ? strlen(country) : 0); - - if (len < 3) - return NULL; - - len += 3 + 5 + 5 + 4 + 4 + 4; - buf = silc_buffer_alloc(len); - silc_buffer_pull_tail(buf, len); - - if (username) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING("UN="), - SILC_STR_UI32_STRING(username), - SILC_STR_END); - silc_buffer_pull(buf, 3 + strlen(username)); - tlen = 3 + strlen(username); - } - - if (host) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("HN="), - SILC_STR_UI32_STRING(host), - SILC_STR_END); - silc_buffer_pull(buf, 5 + strlen(host)); - tlen += 5 + strlen(host); - } - - if (realname) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("RN="), - SILC_STR_UI32_STRING(realname), - SILC_STR_END); - silc_buffer_pull(buf, 5 + strlen(realname)); - tlen += 5 + strlen(realname); - } - - if (email) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("E="), - SILC_STR_UI32_STRING(email), - SILC_STR_END); - silc_buffer_pull(buf, 4 + strlen(email)); - tlen += 4 + strlen(email); - } - - if (org) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("O="), - SILC_STR_UI32_STRING(org), - SILC_STR_END); - silc_buffer_pull(buf, 4 + strlen(org)); - tlen += 4 + strlen(org); - } - - if (country) { - silc_buffer_format(buf, - SILC_STR_UI32_STRING(", "), - SILC_STR_UI32_STRING("C="), - SILC_STR_UI32_STRING(country), - SILC_STR_END); - silc_buffer_pull(buf, 4 + strlen(country)); - tlen += 4 + strlen(country); - } - - silc_buffer_push(buf, buf->data - buf->head); - identifier = silc_calloc(tlen + 1, sizeof(*identifier)); - memcpy(identifier, buf->data, tlen); - silc_buffer_free(buf); - - return identifier; -} + const SilcPKCSObject *pkcs; + SilcPublicKey public_key; -/* Decodes the provided `identifier' and returns allocated context for - the identifier. */ + if (!ret_public_key) + return FALSE; -SilcPublicKeyIdentifier silc_pkcs_decode_identifier(char *identifier) -{ - SilcPublicKeyIdentifier ident; - char *cp, *item; - int len; - - ident = silc_calloc(1, sizeof(*ident)); - - cp = identifier; - while (cp) { - len = strcspn(cp, ","); - if (len - 1 >= 0 && cp[len - 1] == '\\') { - while (cp) { - cp += len + 1; - len = strcspn(cp, ",") + len; - if (len - 1 >= 0 && cp[len - 1] != '\\') - break; - } - } + /* Allocate public key context */ + public_key = silc_calloc(1, sizeof(*public_key)); + if (!public_key) + return FALSE; - item = silc_calloc(len + 1, sizeof(char)); - memcpy(item, cp, len); - - if (strstr(item, "UN=")) - ident->username = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "HN=")) - ident->host = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "RN=")) - ident->realname = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "E=")) - ident->email = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "O=")) - ident->org = strdup(item + strcspn(cp, "=") + 1); - else if (strstr(item, "C=")) - ident->country = strdup(item + strcspn(cp, "=") + 1); - - cp += len; - if (strlen(cp) == 0) - cp = NULL; - else - cp += 1; - - if (item) - silc_free(item); + pkcs = silc_pkcs_find_pkcs(type); + public_key->pkcs = (SilcPKCSObject *)pkcs; + if (!public_key->pkcs) { + silc_free(public_key); + return FALSE; } - return ident; -} - -/* Free's decoded public key identifier context. Call this to free the - context returned by the silc_pkcs_decode_identifier. */ - -void silc_pkcs_free_identifier(SilcPublicKeyIdentifier identifier) -{ - silc_free(identifier->username); - silc_free(identifier->host); - silc_free(identifier->realname); - silc_free(identifier->email); - silc_free(identifier->org); - silc_free(identifier->country); - silc_free(identifier); -} - -/* Allocates SILC style public key formed from sent arguments. All data - is duplicated. */ - -SilcPublicKey silc_pkcs_public_key_alloc(const char *name, - const char *identifier, - const unsigned char *pk, - SilcUInt32 pk_len) -{ - SilcPublicKey public_key; - char *tmp = NULL; - - public_key = silc_calloc(1, sizeof(*public_key)); - public_key->name = strdup(name); - public_key->pk_len = pk_len; - public_key->pk = silc_calloc(pk_len, sizeof(*public_key->pk)); - public_key->pk_type = SILC_SKE_PK_TYPE_SILC; - memcpy(public_key->pk, pk, pk_len); - - if (!silc_utf8_valid(identifier, strlen(identifier))) { - int len = silc_utf8_encoded_len(identifier, strlen(identifier), 0); - tmp = silc_calloc(len + 1, sizeof(*tmp)); - silc_utf8_encode(identifier, strlen(identifier), 0, tmp, len); - identifier = tmp; + /* Import the PKCS public key */ + if (!pkcs->import_public_key(pkcs, NULL, key, key_len, + &public_key->public_key, + &public_key->alg)) { + silc_free(public_key); + return FALSE; } - public_key->identifier = strdup(identifier); - public_key->len = 2 + strlen(name) + 2 + strlen(identifier) + pk_len; - silc_free(tmp); + *ret_public_key = public_key; - return public_key; + return TRUE; } -/* Free's public key */ +/* Frees the public key */ void silc_pkcs_public_key_free(SilcPublicKey public_key) { - if (public_key) { - silc_free(public_key->name); - silc_free(public_key->identifier); - silc_free(public_key->pk); - silc_free(public_key); - } + public_key->pkcs->public_key_free(public_key->pkcs, public_key->public_key); + silc_free(public_key); } -/* Allocates SILC private key formed from sent arguments. All data is - duplicated. */ +/* Exports public key */ -SilcPrivateKey silc_pkcs_private_key_alloc(const char *name, - const unsigned char *prv, - SilcUInt32 prv_len) +unsigned char *silc_pkcs_public_key_encode(SilcStack stack, + SilcPublicKey public_key, + SilcUInt32 *ret_len) { - SilcPrivateKey private_key; - - private_key = silc_calloc(1, sizeof(*private_key)); - private_key->name = strdup(name); - private_key->prv_len = prv_len; - private_key->prv = silc_calloc(prv_len, sizeof(*private_key->prv)); - memcpy(private_key->prv, prv, prv_len); - - return private_key; + return public_key->pkcs->export_public_key(public_key->pkcs, stack, + public_key->public_key, ret_len); } -/* Free's private key */ +/* Return key length */ -void silc_pkcs_private_key_free(SilcPrivateKey private_key) +SilcUInt32 silc_pkcs_public_key_get_len(SilcPublicKey public_key) { - if (private_key) { - silc_free(private_key->name); - silc_free(private_key->prv); - silc_free(private_key); - } + return public_key->pkcs->public_key_bitlen(public_key->pkcs, + public_key->public_key); } -/* Encodes SILC style public key from SilcPublicKey. Returns the encoded - data. */ +/* Returns internal PKCS public key context */ -unsigned char * -silc_pkcs_public_key_encode(SilcPublicKey public_key, SilcUInt32 *len) +void *silc_pkcs_public_key_get_pkcs(SilcPKCSType type, + SilcPublicKey public_key) { - SilcBuffer buf; - unsigned char *ret; - - buf = silc_buffer_alloc_size(public_key->len + 4); - if (!buf) + if (public_key->pkcs->type != type) return NULL; - - silc_buffer_format(buf, - SILC_STR_UI_INT(public_key->len), - SILC_STR_UI_SHORT(strlen(public_key->name)), - SILC_STR_UI32_STRING(public_key->name), - SILC_STR_UI_SHORT(strlen(public_key->identifier)), - SILC_STR_UI32_STRING(public_key->identifier), - SILC_STR_UI_XNSTRING(public_key->pk, - public_key->pk_len), - SILC_STR_END); - - ret = silc_buffer_steal(buf, len); - silc_buffer_free(buf); - return ret; + return public_key->public_key; } -/* Encodes SILC style public key. Returns the encoded data. */ +/* Returns internal PKCS private key context */ -unsigned char * -silc_pkcs_public_key_data_encode(unsigned char *pk, SilcUInt32 pk_len, - char *pkcs, char *identifier, - SilcUInt32 *len) +void *silc_pkcs_private_key_get_pkcs(SilcPKCSType type, + SilcPrivateKey private_key) { - SilcBuffer buf; - unsigned char *ret; - SilcUInt32 totlen; - - totlen = 2 + strlen(pkcs) + 2 + strlen(identifier) + pk_len; - buf = silc_buffer_alloc_size(totlen + 4); - if (!buf) + if (private_key->pkcs->type != type) return NULL; - - silc_buffer_format(buf, - SILC_STR_UI_INT(totlen), - SILC_STR_UI_SHORT(strlen(pkcs)), - SILC_STR_UI32_STRING(pkcs), - SILC_STR_UI_SHORT(strlen(identifier)), - SILC_STR_UI32_STRING(identifier), - SILC_STR_UI_XNSTRING(pk, pk_len), - SILC_STR_END); - - ret = silc_buffer_steal(buf, len); - silc_buffer_free(buf); - return ret; + return private_key->private_key; } -/* Decodes SILC style public key. Returns TRUE if the decoding was - successful. Allocates new public key as well. */ +/* Allocates new private key from key data */ -bool silc_pkcs_public_key_decode(unsigned char *data, SilcUInt32 data_len, - SilcPublicKey *public_key) +SilcBool silc_pkcs_private_key_alloc(SilcPKCSType type, + unsigned char *key, + SilcUInt32 key_len, + SilcPrivateKey *ret_private_key) { - SilcBufferStruct buf; - SilcPKCS alg; - SilcUInt16 pkcs_len, identifier_len; - SilcUInt32 totlen, key_len; - unsigned char *pkcs_name = NULL, *ident = NULL, *key_data = NULL; - int ret; - - silc_buffer_set(&buf, data, data_len); - - /* Get length */ - ret = silc_buffer_unformat(&buf, - SILC_STR_UI_INT(&totlen), - SILC_STR_END); - if (ret == -1) - return FALSE; + const SilcPKCSObject *pkcs; + SilcPrivateKey private_key; -#if 1 /* Backwards support, remove! */ - if (totlen == data_len) - totlen -= 4; -#endif + if (!ret_private_key) + return FALSE; - if (totlen + 4 != data_len) + /* Allocate private key context */ + private_key = silc_calloc(1, sizeof(*private_key)); + if (!private_key) return FALSE; - /* Get algorithm name and identifier */ - silc_buffer_pull(&buf, 4); - ret = - silc_buffer_unformat(&buf, - SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len), - SILC_STR_UI16_NSTRING_ALLOC(&ident, &identifier_len), - SILC_STR_END); - if (ret == -1) - goto err; - - if (pkcs_len < 1 || identifier_len < 3 || - pkcs_len + identifier_len > totlen) - goto err; - - /* See if we support this algorithm (check only if PKCS are registered) */ - if (SILC_PKCS_LIST && !silc_pkcs_is_supported(pkcs_name)) { - SILC_LOG_DEBUG(("Unknown PKCS %s", pkcs_name)); - goto err; + pkcs = silc_pkcs_find_pkcs(type); + private_key->pkcs = (SilcPKCSObject *)pkcs; + if (!private_key->pkcs) { + silc_free(private_key); + return FALSE; } - /* Protocol says that at least UN and HN must be provided as identifier, - check for these. */ - if (!strstr(ident, "UN=") && !strstr(ident, "HN=")) { - SILC_LOG_DEBUG(("The public does not have the required UN= and HN= " - "identifiers")); - goto err; + /* Import the PKCS private key */ + if (!pkcs->import_private_key(pkcs, NULL, key, key_len, + &private_key->private_key, + &private_key->alg)) { + silc_free(private_key); + return FALSE; } - /* Get key data. We assume that rest of the buffer is key data. */ - silc_buffer_pull(&buf, 2 + pkcs_len + 2 + identifier_len); - key_len = buf.len; - ret = silc_buffer_unformat(&buf, - SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len), - SILC_STR_END); - if (ret == -1) - goto err; - - /* Try to set the key. If this fails the key must be malformed. This - code assumes that the PKCS routine checks the format of the key. - (check only if PKCS are registered) */ - if (SILC_PKCS_LIST) { - silc_pkcs_alloc(pkcs_name, &alg); - if (!alg->pkcs->set_public_key(alg->context, key_data, key_len)) - goto err; - silc_pkcs_free(alg); - } - - if (public_key) { - *public_key = silc_calloc(1, sizeof(**public_key)); - (*public_key)->len = totlen; - (*public_key)->name = pkcs_name; - (*public_key)->identifier = ident; - (*public_key)->pk = key_data; - (*public_key)->pk_len = key_len; - (*public_key)->pk_type = SILC_SKE_PK_TYPE_SILC; - } + *ret_private_key = private_key; return TRUE; - - err: - silc_free(pkcs_name); - silc_free(ident); - silc_free(key_data); - return FALSE; } -/* Encodes Public Key Payload for transmitting public keys and certificates. */ +/* Return key length */ -SilcBuffer silc_pkcs_public_key_payload_encode(SilcPublicKey public_key) +SilcUInt32 silc_pkcs_private_key_get_len(SilcPrivateKey private_key) { - SilcBuffer buffer; - unsigned char *pk; - SilcUInt32 pk_len; - - if (!public_key) - return NULL; - - pk = silc_pkcs_public_key_encode(public_key, &pk_len); - if (!pk) - return NULL; - - buffer = silc_buffer_alloc_size(4 + pk_len); - if (!buffer) { - silc_free(pk); - return NULL; - } + return private_key->pkcs->private_key_bitlen(private_key->pkcs, + private_key->private_key); +} - silc_buffer_format(buffer, - SILC_STR_UI_SHORT(pk_len), - SILC_STR_UI_SHORT(public_key->pk_type), - SILC_STR_UI_XNSTRING(pk, pk_len), - SILC_STR_END); +/* Frees the private key */ - silc_free(pk); - return buffer; +void silc_pkcs_private_key_free(SilcPrivateKey private_key) +{ + private_key->pkcs->private_key_free(private_key->pkcs, + private_key->private_key); + silc_free(private_key); } -/* Decode Public Key Payload and decodes the public key inside it to - to `payload'. */ +/* Encrypts */ -bool silc_pkcs_public_key_payload_decode(unsigned char *data, - SilcUInt32 data_len, - SilcPublicKey *public_key) +SilcAsyncOperation silc_pkcs_encrypt(SilcPublicKey public_key, + unsigned char *src, SilcUInt32 src_len, + SilcRng rng, + SilcPKCSEncryptCb encrypt_cb, + void *context) { - SilcBufferStruct buf; - SilcUInt16 pk_len, pk_type; - unsigned char *pk; - int ret; + return public_key->pkcs->encrypt(public_key->pkcs, + public_key->public_key, src, src_len, + rng, encrypt_cb, context); +} - if (!public_key) - return FALSE; +/* Decrypts */ - silc_buffer_set(&buf, data, data_len); - ret = silc_buffer_unformat(&buf, - SILC_STR_UI_SHORT(&pk_len), - SILC_STR_UI_SHORT(&pk_type), - SILC_STR_END); - if (ret < 0 || pk_len > data_len - 4) - return FALSE; +SilcAsyncOperation silc_pkcs_decrypt(SilcPrivateKey private_key, + unsigned char *src, SilcUInt32 src_len, + SilcPKCSDecryptCb decrypt_cb, + void *context) +{ + return private_key->pkcs->decrypt(private_key->pkcs, + private_key->private_key, src, src_len, + decrypt_cb, context); +} - /* For now we support only SILC public keys */ - if (pk_type != SILC_SKE_PK_TYPE_SILC) - return FALSE; +/* Generates signature */ - silc_buffer_pull(&buf, 4); - ret = silc_buffer_unformat(&buf, - SILC_STR_UI_XNSTRING(&pk, pk_len), - SILC_STR_END); - silc_buffer_push(&buf, 4); - if (ret < 0) - return FALSE; +SilcAsyncOperation silc_pkcs_sign(SilcPrivateKey private_key, + unsigned char *src, + SilcUInt32 src_len, + SilcBool compute_hash, + SilcHash hash, + SilcRng rng, + SilcPKCSSignCb sign_cb, + void *context) +{ + return private_key->pkcs->sign(private_key->pkcs, + private_key->private_key, src, src_len, + compute_hash, hash, rng, sign_cb, context); +} - if (!silc_pkcs_public_key_decode(pk, pk_len, public_key)) - return FALSE; - (*public_key)->pk_type = SILC_SKE_PK_TYPE_SILC; +/* Verifies signature */ - return TRUE; +SilcAsyncOperation silc_pkcs_verify(SilcPublicKey public_key, + unsigned char *signature, + SilcUInt32 signature_len, + unsigned char *data, + SilcUInt32 data_len, + SilcHash hash, + SilcPKCSVerifyCb verify_cb, + void *context) +{ + return public_key->pkcs->verify(public_key->pkcs, + public_key->public_key, signature, + signature_len, data, data_len, hash, NULL, + verify_cb, context); } /* Compares two public keys and returns TRUE if they are same key, and FALSE if they are not same. */ -bool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2) +SilcBool silc_pkcs_public_key_compare(SilcPublicKey key1, SilcPublicKey key2) { - if (key1 == key2) - return TRUE; - - if (key1->len == key2->len && - key1->name && key2->name && key1->identifier && key2->identifier && - !strcmp(key1->name, key2->name) && - !strcmp(key1->identifier, key2->identifier) && - !memcmp(key1->pk, key2->pk, key1->pk_len) && - key1->pk_len == key2->pk_len) - return TRUE; + if (key1->pkcs->type != key2->pkcs->type) + return FALSE; - return FALSE; + return key1->pkcs->public_key_compare(key1->pkcs, + key1->public_key, key2->public_key); } /* Copies the public key indicated by `public_key' and returns new allocated @@ -933,619 +762,314 @@ SilcPublicKey silc_pkcs_public_key_copy(SilcPublicKey public_key) if (!key) return NULL; - key->len = public_key->len; - key->name = silc_memdup(public_key->name, strlen(public_key->name)); - key->identifier = silc_memdup(public_key->identifier, - strlen(public_key->identifier)); - key->pk = silc_memdup(public_key->pk, public_key->pk_len); - key->pk_len = public_key->pk_len; - key->pk_type = public_key->pk_type; - - return key; -} - -/* Encodes SILC private key from SilcPrivateKey. Returns the encoded data. */ - -unsigned char * -silc_pkcs_private_key_encode(SilcPrivateKey private_key, SilcUInt32 *len) -{ - SilcBuffer buf; - unsigned char *ret; - SilcUInt32 totlen; - - totlen = 2 + strlen(private_key->name) + private_key->prv_len; - buf = silc_buffer_alloc_size(totlen); - if (!buf) + key->pkcs = public_key->pkcs; + key->public_key = public_key->pkcs->public_key_copy(public_key->pkcs, + public_key->public_key); + if (!key->public_key) { + silc_free(key); return NULL; + } - silc_buffer_format(buf, - SILC_STR_UI_SHORT(strlen(private_key->name)), - SILC_STR_UI32_STRING(private_key->name), - SILC_STR_UI_XNSTRING(private_key->prv, - private_key->prv_len), - SILC_STR_END); - - ret = silc_buffer_steal(buf, len); - silc_buffer_free(buf); - return ret; + return key; } -/* Encodes SILC private key. Returns the encoded data. */ +/* Loads any kind of public key */ -unsigned char * -silc_pkcs_private_key_data_encode(unsigned char *prv, SilcUInt32 prv_len, - char *pkcs, SilcUInt32 *len) +SilcBool silc_pkcs_load_public_key(const char *filename, + SilcPKCSType type, + SilcPublicKey *ret_public_key) { - SilcBuffer buf; - unsigned char *ret; - SilcUInt32 totlen; - - totlen = 2 + strlen(pkcs) + prv_len; - buf = silc_buffer_alloc_size(totlen); - if (!buf) - return NULL; - - silc_buffer_format(buf, - SILC_STR_UI_SHORT(strlen(pkcs)), - SILC_STR_UI32_STRING(pkcs), - SILC_STR_UI_XNSTRING(prv, prv_len), - SILC_STR_END); + unsigned char *data; + SilcUInt32 data_len; + SilcPublicKey public_key; - ret = silc_buffer_steal(buf, len); - silc_buffer_free(buf); - return ret; -} + SILC_LOG_DEBUG(("Loading public key file '%s'", filename)); -/* Decodes SILC style private key. Returns TRUE if the decoding was - successful. Allocates new private key as well. */ + if (!ret_public_key) + return FALSE; -bool silc_pkcs_private_key_decode(unsigned char *data, SilcUInt32 data_len, - SilcPrivateKey *private_key) -{ - SilcBufferStruct buf; - SilcPKCS alg; - SilcUInt16 pkcs_len; - SilcUInt32 key_len; - unsigned char *pkcs_name = NULL, *key_data = NULL; - int ret; - - silc_buffer_set(&buf, data, data_len); - - /* Get algorithm name and identifier */ - ret = - silc_buffer_unformat(&buf, - SILC_STR_UI16_NSTRING_ALLOC(&pkcs_name, &pkcs_len), - SILC_STR_END); - if (ret == -1) { - SILC_LOG_DEBUG(("Cannot decode private key buffer")); - goto err; + data = silc_file_readfile(filename, &data_len, NULL); + if (!data) { + SILC_LOG_ERROR(("No such file: %s", filename)); + return FALSE; } - if (pkcs_len < 1 || pkcs_len > buf.truelen) { - SILC_LOG_DEBUG(("Malformed private key buffer")); - goto err; + /* Allocate public key context */ + *ret_public_key = public_key = silc_calloc(1, sizeof(*public_key)); + if (!public_key) { + silc_free(data); + return FALSE; } - /* See if we support this algorithm (check only if PKCS are registered). */ - if (SILC_PKCS_LIST && !silc_pkcs_is_supported(pkcs_name)) { - SILC_LOG_DEBUG(("Unknown PKCS `%s'", pkcs_name)); - goto err; - } + if (type == SILC_PKCS_ANY) { + /* Try loading all types until one succeeds. */ + for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) { + public_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type); + if (!public_key->pkcs) + continue; + + if (public_key->pkcs->import_public_key_file(public_key->pkcs, + data, data_len, + SILC_PKCS_FILE_BASE64, + &public_key->public_key, + &public_key->alg)) { + silc_free(data); + return TRUE; + } - /* Get key data. We assume that rest of the buffer is key data. */ - silc_buffer_pull(&buf, 2 + pkcs_len); - key_len = buf.len; - ret = silc_buffer_unformat(&buf, - SILC_STR_UI_XNSTRING_ALLOC(&key_data, key_len), - SILC_STR_END); - if (ret == -1) - goto err; - - /* Try to set the key. If this fails the key must be malformed. This - code assumes that the PKCS routine checks the format of the key. - (check only if PKCS are registered) */ - if (SILC_PKCS_LIST) { - silc_pkcs_alloc(pkcs_name, &alg); - if (!alg->pkcs->set_private_key(alg->context, key_data, key_len)) { - SILC_LOG_DEBUG(("Could not set private key data")); - goto err; + if (public_key->pkcs->import_public_key_file(public_key->pkcs, + data, data_len, + SILC_PKCS_FILE_BIN, + &public_key->public_key, + &public_key->alg)) { + silc_free(data); + return TRUE; + } + } + } else { + /* Load specific type */ + public_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type); + if (!public_key->pkcs) { + silc_free(data); + silc_free(public_key); + *ret_public_key = NULL; + SILC_LOG_ERROR(("Unsupported public key type")); + return FALSE; } - silc_pkcs_free(alg); - } - - if (private_key) { - *private_key = silc_calloc(1, sizeof(**private_key)); - (*private_key)->name = pkcs_name; - (*private_key)->prv = key_data; - (*private_key)->prv_len = key_len; - } - return TRUE; + if (public_key->pkcs->import_public_key_file(public_key->pkcs, + data, data_len, + SILC_PKCS_FILE_BASE64, + &public_key->public_key, + &public_key->alg)) { + silc_free(data); + return TRUE; + } + + if (public_key->pkcs->import_public_key_file(public_key->pkcs, + data, data_len, + SILC_PKCS_FILE_BIN, + &public_key->public_key, + &public_key->alg)) { + silc_free(data); + return TRUE; + } + } - err: - silc_free(pkcs_name); - silc_free(key_data); + silc_free(data); + silc_free(public_key); + *ret_public_key = NULL; + SILC_LOG_ERROR(("Unsupported public key type")); return FALSE; } -/* Internal routine to save public key */ +/* Saves public key into a file */ -static bool silc_pkcs_save_public_key_internal(const char *filename, - unsigned char *data, - SilcUInt32 data_len, - SilcUInt32 encoding) +SilcBool silc_pkcs_save_public_key(const char *filename, + SilcPublicKey public_key, + SilcPKCSFileEncoding encoding) { - SilcBuffer buf; - SilcUInt32 len; - unsigned char *tmp = NULL; - - switch(encoding) { - case SILC_PKCS_FILE_BIN: - break; - case SILC_PKCS_FILE_PEM: - tmp = data = silc_pem_encode_file(data, data_len); - data_len = strlen(data); - break; - } + unsigned char *data; + SilcUInt32 data_len; + SilcStack stack; + + stack = silc_stack_alloc(2048, silc_crypto_stack()); - len = data_len + (strlen(SILC_PKCS_PUBLIC_KEYFILE_BEGIN) + - strlen(SILC_PKCS_PUBLIC_KEYFILE_END)); - buf = silc_buffer_alloc_size(len); - if (!buf) { - silc_free(tmp); + /* Export the public key file */ + data = public_key->pkcs->export_public_key_file(public_key->pkcs, + stack, + public_key->public_key, + encoding, &data_len); + if (!data) { + silc_stack_free(stack); return FALSE; } - silc_buffer_format(buf, - SILC_STR_UI32_STRING(SILC_PKCS_PUBLIC_KEYFILE_BEGIN), - SILC_STR_UI_XNSTRING(data, data_len), - SILC_STR_UI32_STRING(SILC_PKCS_PUBLIC_KEYFILE_END), - SILC_STR_END); - - /* Save into file */ - if (silc_file_writefile(filename, buf->data, buf->len)) { - silc_free(tmp); - silc_buffer_free(buf); + /* Write to file */ + if (silc_file_writefile(filename, data, data_len)) { + silc_sfree(stack, data); + silc_stack_free(stack); return FALSE; } - silc_free(tmp); - silc_buffer_free(buf); + silc_sfree(stack, data); + silc_stack_free(stack); return TRUE; } -/* Saves public key into file */ +/* Loads any kind of private key */ -bool silc_pkcs_save_public_key(const char *filename, SilcPublicKey public_key, - SilcUInt32 encoding) +SilcBool silc_pkcs_load_private_key(const char *filename, + const unsigned char *passphrase, + SilcUInt32 passphrase_len, + SilcPKCSType type, + SilcPrivateKey *ret_private_key) { unsigned char *data; SilcUInt32 data_len; - bool ret; - - data = silc_pkcs_public_key_encode(public_key, &data_len); - ret = silc_pkcs_save_public_key_internal(filename, data, data_len, - encoding); - silc_free(data); - return ret; -} - -/* Saves public key into file */ - -bool silc_pkcs_save_public_key_data(const char *filename, unsigned char *data, - SilcUInt32 data_len, SilcUInt32 encoding) -{ - return silc_pkcs_save_public_key_internal(filename, data, data_len, - encoding); -} - -#define SILC_PKCS_PRIVATE_KEY_MAGIC 0x738df531 - -/* Internal routine to save private key. */ - -static bool silc_pkcs_save_private_key_internal(const char *filename, - unsigned char *data, - SilcUInt32 data_len, - unsigned char *key, - SilcUInt32 key_len, - SilcUInt32 encoding) -{ - SilcCipher aes; - SilcHash sha1; - SilcHmac sha1hmac; - SilcBuffer buf, enc; - SilcUInt32 len, blocklen, padlen; - unsigned char tmp[32], keymat[64]; - int i; + SilcPrivateKey private_key; - memset(tmp, 0, sizeof(tmp)); - memset(keymat, 0, sizeof(keymat)); + SILC_LOG_DEBUG(("Loading private key file '%s'", filename)); - /* Allocate the AES cipher */ - if (!silc_cipher_alloc("aes-256-cbc", &aes)) { - SILC_LOG_ERROR(("Could not allocate AES cipher, probably not registered")); - return FALSE; - } - blocklen = silc_cipher_get_block_len(aes); - if (blocklen * 2 > sizeof(tmp)) + if (!ret_private_key) return FALSE; - /* Allocate SHA1 hash */ - if (!silc_hash_alloc("sha1", &sha1)) { - SILC_LOG_ERROR(("Could not allocate SHA1 hash, probably not registered")); - silc_cipher_free(aes); + data = silc_file_readfile(filename, &data_len, NULL); + if (!data) { + SILC_LOG_ERROR(("No such file: %s", filename)); return FALSE; } - /* Allocate HMAC */ - if (!silc_hmac_alloc("hmac-sha1-96", NULL, &sha1hmac)) { - SILC_LOG_ERROR(("Could not allocate SHA1 HMAC, probably not registered")); - silc_hash_free(sha1); - silc_cipher_free(aes); + /* Allocate private key context */ + *ret_private_key = private_key = silc_calloc(1, sizeof(*private_key)); + if (!private_key) { + silc_free(data); return FALSE; } - /* Derive the encryption key from the provided key material. The key - is 256 bits length, and derived by taking hash of the data, then - re-hashing the data and the previous digest, and using the first and - second digest as the key. */ - silc_hash_init(sha1); - silc_hash_update(sha1, key, key_len); - silc_hash_final(sha1, keymat); - silc_hash_init(sha1); - silc_hash_update(sha1, key, key_len); - silc_hash_update(sha1, keymat, 16); - silc_hash_final(sha1, keymat + 16); - - /* Set the key to the cipher */ - silc_cipher_set_key(aes, keymat, 256); - - /* Encode the buffer to be encrypted. Add padding to it too, at least - block size of the cipher. */ - - /* Allocate buffer for encryption */ - len = silc_hmac_len(sha1hmac); - padlen = 16 + (16 - ((data_len + 4) % blocklen)); - enc = silc_buffer_alloc_size(4 + 4 + data_len + padlen + len); - if (!enc) { - silc_hmac_free(sha1hmac); - silc_hash_free(sha1); - silc_cipher_free(aes); - return FALSE; - } + if (type == SILC_PKCS_ANY) { + /* Try loading all types until one succeeds. */ + for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) { + private_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type); + if (!private_key->pkcs) + continue; + + if (private_key->pkcs->import_private_key_file( + private_key->pkcs, + data, data_len, + passphrase, + passphrase_len, + SILC_PKCS_FILE_BIN, + &private_key->private_key, + &private_key->alg)) { + silc_free(data); + return TRUE; + } - /* Generate padding */ - for (i = 0; i < padlen; i++) - tmp[i] = silc_rng_global_get_byte_fast(); - - /* Put magic number */ - SILC_PUT32_MSB(SILC_PKCS_PRIVATE_KEY_MAGIC, enc->data); - silc_buffer_pull(enc, 4); - - /* Encode the buffer */ - silc_buffer_format(enc, - SILC_STR_UI_INT(data_len), - SILC_STR_UI_XNSTRING(data, data_len), - SILC_STR_UI_XNSTRING(tmp, padlen), - SILC_STR_END); - - /* Encrypt. */ - silc_cipher_encrypt(aes, enc->data, enc->data, enc->len - len, - silc_cipher_get_iv(aes)); - - silc_buffer_push(enc, 4); - - /* Compute HMAC over the encrypted data and append the MAC to data. - The key is the first digest of the original key material. */ - data_len = enc->len - len; - silc_hmac_init_with_key(sha1hmac, keymat, 16); - silc_hmac_update(sha1hmac, enc->data, data_len); - silc_buffer_pull(enc, data_len); - silc_hmac_final(sha1hmac, enc->data, NULL); - silc_buffer_push(enc, data_len); - - /* Cleanup */ - memset(keymat, 0, sizeof(keymat)); - memset(tmp, 0, sizeof(tmp)); - silc_hmac_free(sha1hmac); - silc_hash_free(sha1); - silc_cipher_free(aes); - - data = enc->data; - data_len = enc->len; - - switch (encoding) { - case SILC_PKCS_FILE_BIN: - break; - case SILC_PKCS_FILE_PEM: - data = silc_pem_encode_file(data, data_len); - data_len = strlen(data); - break; - } + if (private_key->pkcs->import_private_key_file( + private_key->pkcs, + data, data_len, + passphrase, + passphrase_len, + SILC_PKCS_FILE_BASE64, + &private_key->private_key, + &private_key->alg)) { + silc_free(data); + return TRUE; + } + } + } else { + /* Load specific type */ + private_key->pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type); + if (!private_key->pkcs) { + silc_free(data); + silc_free(private_key); + *ret_private_key = NULL; + SILC_LOG_ERROR(("Unsupported private key type")); + return FALSE; + } - /* Encode the data and save to file */ - len = data_len + (strlen(SILC_PKCS_PRIVATE_KEYFILE_BEGIN) + - strlen(SILC_PKCS_PRIVATE_KEYFILE_END)); - buf = silc_buffer_alloc_size(len); - silc_buffer_format(buf, - SILC_STR_UI32_STRING(SILC_PKCS_PRIVATE_KEYFILE_BEGIN), - SILC_STR_UI_XNSTRING(data, data_len), - SILC_STR_UI32_STRING(SILC_PKCS_PRIVATE_KEYFILE_END), - SILC_STR_END); - - /* Save into a file */ - if (silc_file_writefile_mode(filename, buf->data, buf->len, 0600)) { - silc_buffer_clear(buf); - silc_buffer_free(buf); - silc_buffer_clear(enc); - silc_buffer_free(enc); - return FALSE; + if (private_key->pkcs->import_private_key_file( + private_key->pkcs, + data, data_len, + passphrase, + passphrase_len, + SILC_PKCS_FILE_BIN, + &private_key->private_key, + &private_key->alg)) { + silc_free(data); + return TRUE; + } + + if (private_key->pkcs->import_private_key_file( + private_key->pkcs, + data, data_len, + passphrase, + passphrase_len, + SILC_PKCS_FILE_BASE64, + &private_key->private_key, + &private_key->alg)) { + silc_free(data); + return TRUE; + } } - silc_buffer_clear(buf); - silc_buffer_free(buf); - silc_buffer_clear(enc); - silc_buffer_free(enc); - return TRUE; + silc_free(data); + silc_free(private_key); + *ret_private_key = NULL; + return FALSE; } -/* Saves private key into file. */ +/* Saves private key into a file */ -bool silc_pkcs_save_private_key(const char *filename, - SilcPrivateKey private_key, - unsigned char *passphrase, - SilcUInt32 passphrase_len, - SilcUInt32 encoding) +SilcBool silc_pkcs_save_private_key(const char *filename, + SilcPrivateKey private_key, + const unsigned char *passphrase, + SilcUInt32 passphrase_len, + SilcPKCSFileEncoding encoding, + SilcRng rng) { unsigned char *data; SilcUInt32 data_len; - bool ret; - - data = silc_pkcs_private_key_encode(private_key, &data_len); - ret = silc_pkcs_save_private_key_internal(filename, data, data_len, - passphrase, passphrase_len, - encoding); - memset(data, 0, data_len); - silc_free(data); - return ret; -} - -/* Loads public key from file and allocates new public key. Returns TRUE - if loading was successful. */ - -bool silc_pkcs_load_public_key(const char *filename, SilcPublicKey *public_key, - SilcUInt32 encoding) -{ - unsigned char *cp, *old, *data, byte; - SilcUInt32 i, data_len, len; - - SILC_LOG_DEBUG(("Loading public key `%s' with %s encoding", filename, - encoding == SILC_PKCS_FILE_PEM ? "Base64" : - encoding == SILC_PKCS_FILE_BIN ? "Binary" : "Unkonwn")); - - old = data = silc_file_readfile(filename, &data_len); - if (!data) + SilcStack stack; + + stack = silc_stack_alloc(2048, silc_crypto_stack()); + + /* Export the private key file */ + data = private_key->pkcs->export_private_key_file(private_key->pkcs, stack, + private_key->private_key, + passphrase, + passphrase_len, + encoding, rng, &data_len); + if (!data) { + silc_stack_free(stack); return FALSE; - - /* Check start of file and remove header from the data. */ - len = strlen(SILC_PKCS_PUBLIC_KEYFILE_BEGIN); - cp = data; - for (i = 0; i < len; i++) { - byte = cp[0]; - cp++; - if (byte != SILC_PKCS_PUBLIC_KEYFILE_BEGIN[i]) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } } - data = cp; - - /* Decode public key */ - if (public_key) { - len = data_len - (strlen(SILC_PKCS_PUBLIC_KEYFILE_BEGIN) + - strlen(SILC_PKCS_PUBLIC_KEYFILE_END)); - - switch(encoding) { - case SILC_PKCS_FILE_BIN: - break; - case SILC_PKCS_FILE_PEM: - data = silc_pem_decode(data, len, &len); - memset(old, 0, data_len); - silc_free(old); - old = data; - data_len = len; - break; - } - if (!data || !silc_pkcs_public_key_decode(data, len, public_key)) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } + /* Write to file */ + if (silc_file_writefile(filename, data, data_len)) { + silc_sfree(stack, data); + silc_stack_free(stack); + return FALSE; } - memset(old, 0, data_len); - silc_free(old); + silc_sfree(stack, data); + silc_stack_free(stack); return TRUE; } -/* Load private key from file and allocates new private key. Returns TRUE - if loading was successful. */ +/* Hash public key of any type. */ -bool silc_pkcs_load_private_key(const char *filename, - SilcPrivateKey *private_key, - unsigned char *passphrase, - SilcUInt32 passphrase_len, - SilcUInt32 encoding) +SilcUInt32 silc_hash_public_key(void *key, void *user_context) { - SilcCipher aes; - SilcHash sha1; - SilcHmac sha1hmac; - SilcUInt32 blocklen; - unsigned char tmp[32], keymat[64]; - unsigned char *cp, *old, *data, byte; - SilcUInt32 i, data_len, len, magic, mac_len; - - SILC_LOG_DEBUG(("Loading private key `%s' with %s encoding", filename, - encoding == SILC_PKCS_FILE_PEM ? "Base64" : - encoding == SILC_PKCS_FILE_BIN ? "Binary" : "Unkonwn")); - - old = data = silc_file_readfile(filename, &data_len); - if (!data) - return FALSE; - - /* Check start of file and remove header from the data. */ - len = strlen(SILC_PKCS_PRIVATE_KEYFILE_BEGIN); - cp = data; - for (i = 0; i < len; i++) { - byte = cp[0]; - cp++; - if (byte != SILC_PKCS_PRIVATE_KEYFILE_BEGIN[i]) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } - } - data = cp; - - /* Decode private key */ - len = data_len - (strlen(SILC_PKCS_PRIVATE_KEYFILE_BEGIN) + - strlen(SILC_PKCS_PRIVATE_KEYFILE_END)); - - switch(encoding) { - case SILC_PKCS_FILE_BIN: - break; - case SILC_PKCS_FILE_PEM: - data = silc_pem_decode(data, len, &len); - if (!data) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } - break; - } - - memset(tmp, 0, sizeof(tmp)); - memset(keymat, 0, sizeof(keymat)); - - /* Private key files without the specific magic number are assumed - to be the old-style private keys that are not encrypted. */ - SILC_GET32_MSB(magic, data); - if (magic != SILC_PKCS_PRIVATE_KEY_MAGIC) { - SILC_LOG_DEBUG(("Private key does not have correct magic!")); + SilcPublicKey public_key = key; + unsigned char *pk; + SilcUInt32 pk_len; + SilcUInt32 hash = 0; + SilcStack stack = NULL; - /* Now decode the actual private key */ - if (!silc_pkcs_private_key_decode(data, len, private_key)) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } + if (silc_crypto_stack()) + stack = silc_stack_alloc(2048, silc_crypto_stack()); - memset(old, 0, data_len); - silc_free(old); - return TRUE; + pk = silc_pkcs_public_key_encode(stack, public_key, &pk_len); + if (!pk) { + silc_stack_free(stack); + return hash; } - /* Allocate the AES cipher */ - if (!silc_cipher_alloc("aes-256-cbc", &aes)) { - SILC_LOG_ERROR(("Could not allocate AES cipher, probably not registered")); - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } - blocklen = silc_cipher_get_block_len(aes); - if (blocklen * 2 > sizeof(tmp)) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } + hash = silc_hash_data(pk, SILC_32_TO_PTR(pk_len)); - /* Allocate SHA1 hash */ - if (!silc_hash_alloc("sha1", &sha1)) { - SILC_LOG_ERROR(("Could not allocate SHA1 hash, probably not registered")); - silc_cipher_free(aes); - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } + silc_sfree(stack, pk); + silc_stack_free(stack); - /* Allocate HMAC */ - if (!silc_hmac_alloc("hmac-sha1-96", NULL, &sha1hmac)) { - SILC_LOG_ERROR(("Could not allocate SHA1 HMAC, probably not registered")); - silc_hash_free(sha1); - silc_cipher_free(aes); - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } + return hash; +} - /* Derive the decryption key from the provided key material. The key - is 256 bits length, and derived by taking hash of the data, then - re-hashing the data and the previous digest, and using the first and - second digest as the key. */ - silc_hash_init(sha1); - silc_hash_update(sha1, passphrase, passphrase_len); - silc_hash_final(sha1, keymat); - silc_hash_init(sha1); - silc_hash_update(sha1, passphrase, passphrase_len); - silc_hash_update(sha1, keymat, 16); - silc_hash_final(sha1, keymat + 16); - - /* Set the key to the cipher */ - silc_cipher_set_key(aes, keymat, 256); - - /* First, verify the MAC of the private key data */ - mac_len = silc_hmac_len(sha1hmac); - silc_hmac_init_with_key(sha1hmac, keymat, 16); - silc_hmac_update(sha1hmac, data, len - mac_len); - silc_hmac_final(sha1hmac, tmp, NULL); - if (memcmp(tmp, data + (len - mac_len), mac_len)) { - SILC_LOG_DEBUG(("Integrity check for private key failed")); - memset(keymat, 0, sizeof(keymat)); - memset(tmp, 0, sizeof(tmp)); - silc_hmac_free(sha1hmac); - silc_hash_free(sha1); - silc_cipher_free(aes); - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } - data += 4; - len -= 4; - - /* Decrypt the private key buffer */ - silc_cipher_decrypt(aes, data, data, len - mac_len, NULL); - SILC_GET32_MSB(i, data); - if (i > len) { - SILC_LOG_DEBUG(("Bad private key length in buffer!")); - memset(keymat, 0, sizeof(keymat)); - memset(tmp, 0, sizeof(tmp)); - silc_hmac_free(sha1hmac); - silc_hash_free(sha1); - silc_cipher_free(aes); - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } - data += 4; - len = i; - - /* Cleanup */ - memset(keymat, 0, sizeof(keymat)); - memset(tmp, 0, sizeof(tmp)); - silc_hmac_free(sha1hmac); - silc_hash_free(sha1); - silc_cipher_free(aes); - - /* Now decode the actual private key */ - if (!silc_pkcs_private_key_decode(data, len, private_key)) { - memset(old, 0, data_len); - silc_free(old); - return FALSE; - } +/* Compares two SILC Public keys. It may be used as SilcHashTable + comparison function. */ - memset(old, 0, data_len); - silc_free(old); - return TRUE; +SilcBool silc_hash_public_key_compare(void *key1, void *key2, + void *user_context) +{ + return silc_pkcs_public_key_compare(key1, key2); }