if (private)
{
printf("parsed %d bits %N private key.\n",
- private->get_keysize(private)*8,
+ private->get_keysize(private),
key_type_names, private->get_type(private));
if (private->get_fingerprint(private, KEYID_PUBKEY_INFO_SHA1, &chunk))
{
if (public)
{
printf("parsed %d bits %N public key.\n",
- public->get_keysize(public)*8,
+ public->get_keysize(public),
key_type_names, public->get_type(public));
if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &chunk))
{
{
switch (private->get_keysize(private))
{
- case 32:
+ case 256:
scheme = SIGN_ECDSA_256;
break;
- case 48:
+ case 384:
scheme = SIGN_ECDSA_384;
break;
- case 66:
+ case 521:
scheme = SIGN_ECDSA_521;
break;
default:
printf("%d bit ECDSA private key size not supported",
- private->get_keysize(private) * 8);
+ private->get_keysize(private));
exit(1);
}
}
- printf("%4d bit %N: ", private->get_keysize(private)*8,
+ printf("%4d bit %N: ", private->get_keysize(private),
key_type_names, type);
sigs = malloc(sizeof(chunk_t) * rounds);
fprintf(out, " pubkey: %N %d bits%s\n",
key_type_names, public->get_type(public),
- public->get_keysize(public) * 8,
+ public->get_keysize(public),
private ? ", has private key" : "");
if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid))
{
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
BUILD_BLOB_ASN1_DER, chunk,
BUILD_END);
- if (!public || public->get_keysize(public) != 256)
+ if (!public || public->get_keysize(public) != 2048)
{
return FALSE;
}
/* we try to deduct the signature scheme from the keysize */
switch (private->get_keysize(private))
{
- case 32:
+ case 256:
scheme = SIGN_ECDSA_256;
auth_method = AUTH_ECDSA_256;
break;
- case 48:
+ case 384:
scheme = SIGN_ECDSA_384;
auth_method = AUTH_ECDSA_384;
break;
- case 66:
+ case 521:
scheme = SIGN_ECDSA_521;
auth_method = AUTH_ECDSA_521;
break;
chunk_t crypto, chunk_t *plain);
/**
- * Get the strength of the key in bytes.
+ * Get the strength of the key in bits.
*
- * @return strength of the key in bytes
+ * @return strength of the key in bits
*/
- size_t (*get_keysize) (private_key_t *this);
+ int (*get_keysize) (private_key_t *this);
/**
* Get the public part from the private key.
bool (*equals)(public_key_t *this, public_key_t *other);
/**
- * Get the strength of the key in bytes.
+ * Get the strength of the key in bits.
*
- * @return strength of the key in bytes
+ * @return strength of the key in bits
*/
- size_t (*get_keysize) (public_key_t *this);
+ int (*get_keysize) (public_key_t *this);
/**
* Get the fingerprint of the key.
return FALSE;
}
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
private_agent_private_key_t *this)
{
- return this->key_size;
+ return this->key_size * 8;
}
METHOD(private_key_t, get_public_key, public_key_t*,
return TRUE;
}
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
private_gcrypt_rsa_private_key_t *this)
{
- return gcry_pk_get_nbits(this->key) / 8;
+ return gcry_pk_get_nbits(this->key);
}
METHOD(private_key_t, get_public_key, public_key_t*,
return !!encrypted->len;
}
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
private_gcrypt_rsa_public_key_t *this)
{
- return gcry_pk_get_nbits(this->key) / 8;
+ return gcry_pk_get_nbits(this->key);
}
METHOD(public_key_t, get_encoding, bool,
{
free(digestInfo.ptr);
DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
- this->k * 8);
+ mpz_sizeinbase(this->n, 2));
return FALSE;
}
return success;
}
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
private_gmp_rsa_private_key_t *this)
{
- return this->k;
+ return mpz_sizeinbase(this->n, 2);
}
METHOD(private_key_t, get_public_key, public_key_t*,
return TRUE;
}
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
private_gmp_rsa_public_key_t *this)
{
- return this->k;
+ return mpz_sizeinbase(this->n, 2);
}
METHOD(public_key_t, get_encoding, bool,
return FALSE;
}
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
private_openssl_ec_private_key_t *this)
{
- return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+ switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
+ {
+ case NID_X9_62_prime256v1:
+ return 256;
+ case NID_secp384r1:
+ return 384;
+ case NID_secp521r1:
+ return 521;
+ default:
+ return 0;
+ }
}
METHOD(private_key_t, get_type, key_type_t,
return FALSE;
}
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
private_openssl_ec_public_key_t *this)
{
- return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+ switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
+ {
+ case NID_X9_62_prime256v1:
+ return 256;
+ case NID_secp384r1:
+ return 384;
+ case NID_secp521r1:
+ return 521;
+ default:
+ return 0;
+ }
}
/**
return FALSE;
}
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
private_openssl_rsa_private_key_t *this)
{
- return RSA_size(this->rsa);
+ return RSA_size(this->rsa) * 8;
}
METHOD(private_key_t, get_public_key, public_key_t*,
return FALSE;
}
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
private_openssl_rsa_public_key_t *this)
{
- return RSA_size(this->rsa);
+ return RSA_size(this->rsa) * 8;
}
/**
return this->pubkey->get_type(this->pubkey);
}
-METHOD(private_key_t, get_keysize, size_t,
+METHOD(private_key_t, get_keysize, int,
private_pkcs11_private_key_t *this)
{
return this->pubkey->get_keysize(this->pubkey);
DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
- len = get_keysize(this);
+ len = (get_keysize(this) + 7) / 8;
buf = malloc(len);
rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len);
this->mutex->unlock(this->mutex);
return FALSE;
}
-METHOD(public_key_t, get_keysize, size_t,
+METHOD(public_key_t, get_keysize, int,
private_pkcs11_public_key_t *this)
{
- return this->k;
+ return this->k * 8;
}
/**
chunk_t chunk;
printf("pubkey: %N %d bits\n", key_type_names, key->get_type(key),
- key->get_keysize(key) * 8);
+ key->get_keysize(key));
if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &chunk))
{
printf("keyid: %#B\n", &chunk);
whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
key_type_names, key->get_type(key),
- key->get_keysize(key) * BITS_PER_BYTE,
+ key->get_keysize(key),
has_private_key(cert)? ", has private key" : "");
if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &keyid))
{
if (policy & POLICY_PUBKEY)
{
- int auth_method = 0;
- size_t key_size = 0;
+ int auth_method = 0, key_size = 0;
key_type_t key_type = KEY_ANY;
-
if (c->spd.this.cert)
{
certificate_t *certificate = c->spd.this.cert->cert;
public_key_t *key = certificate->get_public_key(certificate);
if (key == NULL)
- {
+ {
plog("ike alg: unable to retrieve my public key");
continue;
}
case KEY_ECDSA:
switch (key_size)
{
- case 32:
+ case 256:
auth_method = OAKLEY_ECDSA_256;
break;
- case 48:
+ case 384:
auth_method = OAKLEY_ECDSA_384;
break;
- case 66:
+ case 521:
auth_method = OAKLEY_ECDSA_521;
break;
default:
whack_log(RC_COMMENT, " identity: '%Y'", key->id);
whack_log(RC_COMMENT, " pubkey: %N %4d bits, until %T %s",
key_type_names, public->get_type(public),
- public->get_keysize(public) * BITS_PER_BYTE,
+ public->get_keysize(public),
&key->until_time, utc,
check_expiry(key->until_time, PUBKEY_WARNING_INTERVAL, TRUE));
if (public->get_fingerprint(public, KEYID_PUBKEY_INFO_SHA1, &keyid))
{
whack_log(RC_COMMENT, " pubkey: %N %4d bits%s",
key_type_names, key->get_type(key),
- key->get_keysize(key) * BITS_PER_BYTE,
+ key->get_keysize(key),
cert->smartcard ? ", on smartcard" :
(has_private_key(cert)? ", has private key" : ""));
public_key = private_key->get_public_key(private_key);
/* check for minimum key length */
- if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS)
+ if (private_key->get_keysize(private_key) < RSA_MIN_OCTETS / BITS_PER_BYTE)
{
exit_scepclient("length of RSA key has to be at least %d bits"
,RSA_MIN_OCTETS * BITS_PER_BYTE);
projects / thirdparty / strongswan.git / commitdiff
