/[pkg-mixmaster]/branches/mixmaster_2_9_STABLE/Mix/Src/pgpdata.c
ViewVC logotype

Contents of /branches/mixmaster_2_9_STABLE/Mix/Src/pgpdata.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 327 - (show annotations) (download)
Wed Oct 9 20:29:44 2002 UTC (10 years, 7 months ago) by weaselp
File MIME type: text/plain
File size: 28152 byte(s) 
Added closing comments for all #ifdef statements.
1 /* Mixmaster version 3 -- (C) 1999 Anonymizer Inc.
2
3 Mixmaster may be redistributed and modified under certain conditions.
4 This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
5 ANY KIND, either express or implied. See the file COPYRIGHT for
6 details.
7
8 OpenPGP data
9 $Id: pgpdata.c,v 1.11.2.3 2002/10/09 20:29:44 weaselp Exp $ */
10
11
12 #include "mix3.h"
13 #ifdef USE_PGP
14 #include "pgp.h"
15 #include "crypto.h"
16 #include <assert.h>
17 #include <time.h>
18 #include <string.h>
19
20 int pgp_keylen(int symalgo)
21 {
22 switch (symalgo) {
23 #ifdef USE_AES
24 case PGP_K_AES256:
25 return (32);
26 case PGP_K_AES192:
27 return (24);
28 case PGP_K_AES128:
29 #endif /* USE_AES */
30 case PGP_K_IDEA:
31 case PGP_K_CAST5:
32 case PGP_K_BF:
33 return (16);
34 case PGP_K_3DES:
35 return (24);
36 default:
37 return (0);
38 }
39 }
40
41 int pgp_blocklen(int symalgo)
42 {
43 switch (symalgo) {
44 #ifdef USE_AES
45 case PGP_K_AES256:
46 case PGP_K_AES192:
47 case PGP_K_AES128:
48 return (16);
49 #endif /* USE_AES */
50 case PGP_K_IDEA:
51 case PGP_K_CAST5:
52 case PGP_K_BF:
53 case PGP_K_3DES:
54 return (8);
55 default:
56 return (16);
57 }
58 }
59
60 int mpi_get(BUFFER *b, BUFFER *mpi)
61 {
62 int l;
63
64 l = buf_geti(b);
65 buf_clear(mpi);
66
67 if (l <= 0 || b->ptr + (l + 7) / 8 > b->length)
68 return (-1);
69 buf_get(b, mpi, (l + 7) / 8);
70 return (l);
71 }
72
73
74 int mpi_bitcount(BUFFER *mpi)
75 {
76 int i, l;
77 while (!mpi->data[0] && mpi->length) /* remove leading zeros from mpi */
78 memmove(mpi->data, mpi->data+1, --mpi->length);
79 l = mpi->length * 8;
80 for (i = 7; i >= 0; i--)
81 if (((mpi->data[0] >> i) & 1) == 1) {
82 l -= 7 - i;
83 break;
84 }
85 return l;
86 }
87
88 int mpi_put(BUFFER *b, BUFFER *mpi)
89 {
90 buf_appendi(b, mpi_bitcount(mpi));
91 buf_cat(b, mpi);
92 return (0);
93 }
94
95 int skcrypt(BUFFER *data, int skalgo, BUFFER *key, BUFFER *iv, int enc)
96 {
97 switch (skalgo) {
98 case 0:
99 return (0);
100 #ifdef USE_IDEA
101 case PGP_K_IDEA:
102 return (buf_ideacrypt(data, key, iv, enc));
103 #endif /* USE_IDEA */
104 #ifdef USE_AES
105 case PGP_K_AES128:
106 case PGP_K_AES192:
107 case PGP_K_AES256:
108 return (buf_aescrypt(data, key, iv, enc));
109 #endif /* USE_AES */
110 case PGP_K_3DES:
111 return (buf_3descrypt(data, key, iv, enc));
112 case PGP_K_BF:
113 return (buf_bfcrypt(data, key, iv, enc));
114 case PGP_K_CAST5:
115 return (buf_castcrypt(data, key, iv, enc));
116 default:
117 return (-1);
118 }
119 }
120
121 int pgp_csum(BUFFER *key, int start)
122 {
123 int i, csum = 0;
124 for (i = start; i < key->length; i++)
125 csum = (csum + key->data[i]) % 65536;
126 return (csum);
127 }
128
129 #ifdef USE_RSA
130 int pgp_rsa(BUFFER *in, BUFFER *k, int mode)
131 {
132 BUFFER *mpi, *out;
133 int err = -1;
134 RSA *key;
135
136 assert(mode == PK_ENCRYPT || mode == PK_VERIFY || mode == PK_DECRYPT
137 || mode == PK_SIGN);
138 key = RSA_new();
139 out = buf_new();
140 mpi = buf_new();
141
142 mpi_get(k, mpi);
143 key->n = BN_bin2bn(mpi->data, mpi->length, NULL);
144
145 if (mpi_get(k, mpi) < 0)
146 goto end;
147 key->e = BN_bin2bn(mpi->data, mpi->length, NULL);
148
149 if (mode == PK_DECRYPT || mode == PK_SIGN) {
150 if (mpi_get(k, mpi) < 0)
151 goto end;
152 key->d = BN_bin2bn(mpi->data, mpi->length, NULL);
153
154 #if 1
155 /* compute auxiluary parameters */
156 mpi_get(k, mpi); /* PGP'p is SSLeay's q */
157 key->q = BN_bin2bn(mpi->data, mpi->length, NULL);
158
159 mpi_get(k, mpi);
160 key->p = BN_bin2bn(mpi->data, mpi->length, NULL);
161
162 if (mpi_get(k, mpi) < 0)
163 goto end;
164 key->iqmp = BN_bin2bn(mpi->data, mpi->length, NULL);
165
166 {
167 BIGNUM *i;
168 BN_CTX *ctx;
169
170 ctx = BN_CTX_new();
171 i = BN_new();
172 key->dmp1 = BN_new();
173 key->dmq1 = BN_new();
174
175 BN_sub(i, key->p, BN_value_one());
176 BN_mod(key->dmp1, key->d, i, ctx);
177
178 BN_sub(i, key->q, BN_value_one());
179 BN_mod(key->dmq1, key->d, i, ctx);
180
181 BN_free(i);
182 }
183 #endif /* 1 */
184 }
185 buf_prepare(out, RSA_size(key));
186
187 switch (mode) {
188 case PK_ENCRYPT:
189 out->length = RSA_public_encrypt(in->length, in->data, out->data, key,
190 RSA_PKCS1_PADDING);
191 break;
192 case PK_VERIFY:
193 out->length = RSA_public_decrypt(in->length, in->data, out->data, key,
194 RSA_PKCS1_PADDING);
195 break;
196 case PK_SIGN:
197 out->length = RSA_private_encrypt(in->length, in->data, out->data, key,
198 RSA_PKCS1_PADDING);
199 break;
200 case PK_DECRYPT:
201 out->length = RSA_private_decrypt(in->length, in->data, out->data, key,
202 RSA_PKCS1_PADDING);
203 break;
204 }
205 if (out->length == -1)
206 err = -1, out->length = 0;
207 else
208 err = 0;
209
210 buf_move(in, out);
211 end:
212 RSA_free(key);
213 buf_free(out);
214 buf_free(mpi);
215 return (err);
216 }
217 #endif /* USE_RSA */
218
219 /* Contrary to RFC 2440, old PGP versions use this for clearsign only.
220 * If the text is included in the OpenPGP message, the application will
221 * typically provide the text in the proper format (whatever that is);
222 * we use "canonic" format so everybody will be able to read our messages.
223 * In clearsigned messages, trailing whitespace is always ignored.
224 * Detached signatures are the problematic case. For PGP/MIME, we always
225 * escape trailing whitespace as quoted-printable.
226 */
227 void pgp_sigcanonic(BUFFER *msg)
228 {
229 BUFFER *line, *out;
230
231 out = buf_new();
232 line = buf_new();
233
234 while (buf_getline(msg, line) != -1) {
235 while (line->length > 0 && (line->data[line->length - 1] == ' '
236 #if 0
237 || line->data[line->length - 1] == '\t'
238 #endif /* 0 */
239 ))
240 line->length--;
241 line->data[line->length] = '\0';
242 buf_cat(out, line);
243 buf_appends(out, "\r\n");
244 }
245 buf_move(msg, out);
246 buf_free(out);
247 buf_free(line);
248 }
249
250 static void mpi_bnput(BUFFER *o, BIGNUM *i)
251 {
252 BUFFER *b;
253
254 b = buf_new();
255 buf_prepare(b, BN_num_bytes(i));
256 b->length = BN_bn2bin(i, b->data);
257 mpi_put(o, b);
258 buf_free(b);
259 }
260
261 static void mpi_bnputenc(BUFFER *o, BIGNUM *i, int ska, BUFFER *key,
262 BUFFER *iv)
263 {
264 BUFFER *b;
265 int ivlen = iv->length;
266
267 b = buf_new();
268 buf_prepare(b, BN_num_bytes(i));
269 b->length = BN_bn2bin(i, b->data);
270 buf_appendi(o, mpi_bitcount(b));
271 if (key && key->length) {
272 skcrypt(b, ska, key, iv, ENCRYPT);
273 buf_clear(iv);
274 buf_append(iv, b->data+b->length-ivlen, ivlen);
275 }
276 buf_cat(o, b);
277 buf_free(b);
278 }
279
280 static int getski(BUFFER *p, BUFFER *pass, BUFFER *key, BUFFER *iv)
281 {
282 int skalgo;
283 BUFFER *salt, *temp;
284
285 if (!pass)
286 return(-1);
287
288 salt = buf_new();
289 temp = buf_new();
290
291 skalgo = buf_getc(p);
292 switch (skalgo) {
293 case 0:
294 /* none */
295 goto end;
296 case 255:
297 /* S2K specifier */
298 skalgo = pgp_getsk(p, pass, key);
299 break;
300 default:
301 /* simple */
302 digest_md5(pass, key);
303 break;
304 }
305
306 buf_get(p, iv, pgp_blocklen(skalgo));
307
308 end:
309 buf_free(salt);
310 buf_free(temp);
311 return (skalgo);
312 }
313
314 static void makeski(BUFFER *secret, BUFFER *pass, int remail)
315 {
316 BUFFER *out, *key, *iv;
317 out = buf_new();
318 key = buf_new();
319 iv = buf_new();
320 if (pass == NULL || pass->length == 0 || remail == 2) {
321 buf_appendc(out, 0);
322 buf_cat(out, secret);
323 } else {
324 buf_appendc(out, 255);
325 pgp_makesk(out, key, PGP_K_CAST5, 3, PGP_H_SHA1, pass);
326 buf_setrnd(iv, pgp_blocklen(PGP_K_CAST5));
327 buf_cat(out, iv);
328 skcrypt(secret, PGP_K_CAST5, key, iv, 1);
329 buf_cat(out, secret);
330 }
331 buf_move(secret, out);
332 buf_free(out);
333 buf_free(key);
334 buf_free(iv);
335 }
336
337 int pgp_nummpi(int algo)
338 {
339 switch (algo) {
340 case PGP_ES_RSA:
341 return (2);
342 case PGP_S_DSA:
343 return (4);
344 case PGP_E_ELG:
345 return (3);
346 default:
347 return (0);
348 }
349 }
350
351 int pgp_numsecmpi(int algo)
352 {
353 switch (algo) {
354 case PGP_ES_RSA:
355 return (4);
356 case PGP_S_DSA:
357 return (1);
358 case PGP_E_ELG:
359 return (1);
360 default:
361 return (0);
362 }
363 }
364
365 /* store key's ID in keyid */
366 int pgp_keyid(BUFFER *key, BUFFER *keyid)
367 {
368 BUFFER *i, *k;
369 int version, algo, j, ptr;
370
371 i = buf_new();
372 k = buf_new();
373
374 ptr = key->ptr;
375 key->ptr = 0;
376 switch (version = buf_getc(key)) {
377 case 2:
378 case 3:
379 buf_getl(key);
380 buf_geti(key);
381 buf_getc(key);
382 mpi_get(key, i);
383 break;
384 case 4:
385 buf_appendc(k, version);
386 buf_appendl(k, buf_getl(key));
387 algo = buf_getc(key);
388 buf_appendc(k, algo);
389 if (pgp_nummpi(algo) == 0)
390 buf_rest(k, key); /* works for public keys only */
391 else
392 for (j = 0; j < pgp_nummpi(algo); j++) {
393 mpi_get(key, i);
394 mpi_put(k, i);
395 }
396 buf_clear(i);
397 buf_appendc(i, 0x99);
398 buf_appendi(i, k->length);
399 buf_cat(i, k);
400 digest_sha1(i, i);
401 break;
402 }
403 buf_clear(keyid);
404 buf_append(keyid, i->data + i->length - 8, 8);
405 buf_free(i);
406 buf_free(k);
407 key->ptr = ptr;
408 return(0);
409 }
410
411 static int pgp_iskeyid(BUFFER *key, BUFFER *keyid)
412 {
413 BUFFER *thisid;
414 int ret;
415
416 thisid = buf_new();
417 pgp_keyid(key, thisid);
418 ret = buf_eq(keyid, thisid);
419 buf_free(thisid);
420 return(ret);
421 }
422
423 int pgp_getkey(int mode, int algo, int *psym, int *pmdc, BUFFER *keypacket, BUFFER *key,
424 BUFFER *keyid, BUFFER *userid, BUFFER *pass)
425 {
426 int tempbuf = 0;
427 int keytype = -1, type, j;
428 int thisalgo = 0, version, skalgo;
429 int needsym = 0, symfound = 0, mdcfound = 0;
430 BUFFER *p1, *iv, *sk, *i, *thiskeyid;
431 int ivlen;
432 int csstart;
433
434 p1 = buf_new();
435 i = buf_new();
436 iv = buf_new();
437 sk = buf_new();
438 thiskeyid = buf_new();
439 if (psym)
440 needsym = *psym;
441 if (keypacket == key) {
442 key = buf_new();
443 tempbuf = 1;
444 }
445 if (userid)
446 buf_clear(userid);
447
448 while ((type = pgp_getpacket(keypacket, p1)) > 0) {
449 switch (type) {
450 case PGP_SIG:
451 /* it is assumed that only valid keys have been imported */
452 if (buf_getc(p1) == 4) {
453 if (buf_getc(p1) == PGP_SIG_CERT) {
454 buf_getc(p1);
455 buf_getc(p1);
456 j = buf_geti(p1);
457 j += p1->ptr;
458 while (p1->ptr < j) {
459 int len, type, a;
460 len = buf_getc(p1);
461 if (len > 192 && len < 255)
462 len = (len - 192) * 256 + buf_getc(p1) + 192;
463 else if (len == 255)
464 len = buf_getl(p1);
465 type = buf_getc(p1);
466 if (len)
467 buf_get(p1, i, len-1); /* len-1 - exclude type */
468 else
469 buf_clear(i);
470 if (type == PGP_SUB_PSYMMETRIC) {
471 while ((a = buf_getc(i)) != -1)
472 if ((a == PGP_K_3DES || a == PGP_K_CAST5 || a == PGP_K_BF
473 #ifdef USE_IDEA
474 || a == PGP_K_IDEA
475 #endif /* USE_IDEA */
476 #ifdef USE_AES
477 || a == PGP_K_AES128 || a == PGP_K_AES192 || a == PGP_K_AES256
478 #endif /* USE_AES */
479 ) && (a == needsym || needsym == 0)) {
480 symfound = a;
481 break; /* while ((a = buf_getc(i)) != -1) */
482 } /* if ((a == PGP_K_3DES)... */
483 } /* if (type == PGP_SUB_PSYMMETRIC) */
484 else if (type == PGP_SUB_FEATURES) {
485 if ((a = buf_getc(i)) != -1)
486 if (a & 0x01)
487 mdcfound = 1;
488 } /* if (type == PGP_SUB_FEATURES) */
489 } /* while (p1->ptr < j) */
490 } /* if (buf_getc(p1) == PGP_SIG_CERT) */
491 } /* if (buf_getc(p1) == 4) */
492 break; /* switch (type) */
493 case PGP_USERID:
494 if (userid)
495 buf_move(userid, p1);
496 break;
497 case PGP_PUBSUBKEY:
498 case PGP_SECSUBKEY:
499 if (keytype != -1 && (mode == PK_SIGN || mode == PK_VERIFY))
500 continue;
501 case PGP_PUBKEY:
502 case PGP_SECKEY:
503 if ((type == PGP_PUBKEY || type == PGP_PUBSUBKEY) &&
504 (mode == PK_DECRYPT || mode == PK_SIGN))
505 continue;
506 keytype = type;
507 version = buf_getc(p1);
508 switch (version) {
509 case 2:
510 case 3:
511 buf_getl(p1); /* created */
512 buf_geti(p1); /* valid */
513 thisalgo = buf_getc(p1);
514 if (thisalgo != PGP_ES_RSA) {
515 keytype = -1;
516 goto end;
517 }
518 symfound = PGP_K_IDEA;
519 mdcfound = 0;
520 break;
521 case 4:
522 buf_appendc(key, version);
523 buf_appendl(key, buf_getl(p1));
524 thisalgo = buf_getc(p1);
525 buf_appendc(key, thisalgo);
526 if (symfound == 0)
527 symfound = PGP_K_3DES; /* default algorithm */
528 break;
529 default:
530 keytype = -1;
531 goto end;
532 }
533 if (algo != PGP_ANY && thisalgo != algo) {
534 keytype = -1;
535 continue;
536 }
537 if (keyid && keyid->length && !pgp_iskeyid(p1, keyid))
538 continue;
539 pgp_keyid(p1, thiskeyid);
540 if (key) {
541 buf_clear(key);
542 for (j = 0; j < pgp_nummpi(thisalgo); j++) {
543 if (mpi_get(p1, i) == -1)
544 goto end;
545 mpi_put(key, i);
546 }
547 if (keytype == PGP_SECKEY || keytype == PGP_SECSUBKEY) {
548 csstart = key->length;
549 skalgo = getski(p1, pass, sk, iv);
550 switch (version) {
551 case 2:
552 case 3:
553 ivlen = pgp_blocklen(skalgo);
554 for (j = 0; j < pgp_numsecmpi(thisalgo); j++) {
555 unsigned char lastb[16];
556 if (mpi_get(p1, i) == -1) {
557 keytype = -1;
558 goto end;
559 }
560 assert(ivlen <= 16);
561 memcpy(lastb, i->data+i->length-ivlen, ivlen);
562 skcrypt(i, skalgo, sk, iv, DECRYPT);
563 buf_clear(iv);
564 buf_append(iv, lastb, ivlen);
565 mpi_put(key, i);
566 }
567 break;
568 case 4:
569 buf_clear(i);
570 buf_rest(i, p1);
571 skcrypt(i, skalgo, sk, iv, DECRYPT);
572 buf_move(p1, i);
573 for (j = 0; j < pgp_numsecmpi(thisalgo); j++) {
574 if (mpi_get(p1, i) == -1) {
575 keytype = PGP_PASS;
576 goto end;
577 }
578 mpi_put(key, i);
579 }
580 break;
581 }
582 if (pgp_csum(key, csstart) != buf_geti(p1)) {
583 keytype = PGP_PASS;
584 goto end;
585 }
586 }
587 }
588 break;
589 default:
590 /* ignore trust packets etc */
591 break;
592 } /* switch (type) */
593 } /* while ((type = pgp_getpacket(keypacket, p1)) > 0) */
594 end:
595 if (keyid) buf_set(keyid, thiskeyid);
596 if (tempbuf) {
597 buf_move(keypacket, key);
598 buf_free(key);
599 }
600 buf_free(p1);
601 buf_free(i);
602 buf_free(iv);
603 buf_free(sk);
604 buf_free(thiskeyid);
605 #ifndef USE_RSA
606 if (thisalgo == PGP_ES_RSA)
607 keytype = -1;
608 #endif /* not USE_RSA */
609 if (needsym > 0 && symfound != needsym)
610 keytype = -1;
611 else if (psym && *psym == 0)
612 *psym = symfound;
613 if (pmdc)
614 *pmdc = mdcfound;
615
616 return (keytype <= 0 ? keytype : thisalgo);
617 }
618
619 int pgp_makepkpacket(int type, BUFFER *p, BUFFER *outtxt, BUFFER *out,
620 BUFFER *key, BUFFER *pass, time_t *created)
621 {
622 BUFFER *i, *id;
623 char txt[LINELEN], algoid;
624 int version, algo, valid = 0, err = 0;
625 int len, j;
626 struct tm *tc;
627
628 i = buf_new();
629 id = buf_new();
630
631 version = buf_getc(p);
632 buf_clear(key);
633 switch (version) {
634 case 2:
635 case 3:
636 *created = buf_getl(p);
637 valid = buf_geti(p);
638 algo = buf_getc(p);
639 if (algo != PGP_ES_RSA)
640 return(-1);
641 break;
642 case 4:
643 *created = buf_getl(p);
644 algo = buf_getc(p);
645 break;
646 default:
647 return(-1);
648 }
649
650 switch (version) {
651 case 2:
652 case 3:
653 buf_appendc(key, version);
654 buf_appendl(key, *created);
655 buf_appendi(key, valid);
656 buf_appendc(key, algo);
657 break;
658 case 4:
659 buf_appendc(key, version);
660 buf_appendl(key, *created);
661 buf_appendc(key, algo);
662 break;
663 }
664
665 pgp_keyid(p, id);
666 len = mpi_get(p, i);
667 mpi_put(key, i);
668 for (j = 1; j < pgp_nummpi(algo); j++) {
669 if (mpi_get(p, i) == -1) {
670 err = -1;
671 goto end;
672 }
673 mpi_put(key, i);
674 }
675 pgp_packet(key, type);
676 buf_cat(out, key);
677
678 if (outtxt != NULL) {
679 switch(algo) {
680 case PGP_ES_RSA:
681 algoid = 'R';
682 break;
683 case PGP_S_DSA:
684 algoid = 'D';
685 break;
686 case PGP_E_ELG:
687 algoid = 'g';
688 break;
689 default:
690 algoid = '?';
691 }
692 buf_appendf(outtxt, "%s %5d%c/%02X%02X%02X%02X ", type == PGP_PUBSUBKEY ?
693 "sub" : "pub", len, algoid,
694 id->data[4], id->data[5], id->data[6], id->data[7]);
695 tc = localtime(created);
696 strftime(txt, LINELEN, "%Y-%m-%d ", tc);
697 buf_appends(outtxt, txt);
698 }
699 end:
700 buf_free(i);
701 buf_free(id);
702 return(err == 0 ? algo : err);
703 }
704
705 int pgp_makepubkey(BUFFER *keypacket, BUFFER *outtxt, BUFFER *out,
706 BUFFER *pass, int keyalgo)
707 {
708 BUFFER *p, *pubkey, *seckey, *subkey, *sig, *tmp;
709 int err = -1, type, thisalgo;
710 time_t created;
711
712 p = buf_new();
713 seckey = buf_new();
714 pubkey = buf_new();
715 subkey = buf_new();
716 sig = buf_new();
717 tmp = buf_new();
718
719 buf_set(seckey, keypacket);
720 type = pgp_getpacket(keypacket, p);
721 if (type != PGP_SECKEY)
722 goto end;
723
724 thisalgo = pgp_makepkpacket(PGP_PUBKEY, p, outtxt, tmp, pubkey, pass,
725 &created);
726 if (thisalgo == -1 || (keyalgo != 0 && keyalgo != thisalgo))
727 goto end;
728 buf_cat(out, tmp);
729
730 while ((type = pgp_getpacket(keypacket, p)) > 0) {
731 if (type == PGP_SECSUBKEY) {
732 if (pgp_makepkpacket(PGP_PUBSUBKEY, p, outtxt, out, subkey, pass,
733 &created) == -1)
734 goto end;
735 if (pgp_sign(pubkey, subkey, sig, NULL, pass, PGP_SIG_BINDSUBKEY, 0,
736 created, 0, seckey, NULL) != -1)
737 buf_cat(out, sig);
738 if (outtxt)
739 buf_nl(outtxt);
740 } else if (type == PGP_USERID) {
741 if (outtxt != NULL) {
742 buf_cat(outtxt, p);
743 buf_nl(outtxt);
744 }
745 pgp_packet(p, PGP_USERID);
746 err = pgp_sign(pubkey, p, sig, NULL, pass, PGP_SIG_CERT, 1, created, 0,
747 seckey, NULL);
748 buf_cat(out, p);
749 if (err == 0)
750 buf_cat(out, sig);
751 } else if (type == PGP_PUBKEY || type == PGP_SECKEY)
752 break;
753 }
754 end:
755 buf_free(pubkey);
756 buf_free(seckey);
757 buf_free(subkey);
758 buf_free(sig);
759 buf_free(p);
760 buf_free(tmp);
761 return (err);
762 }
763
764 #ifdef USE_RSA
765 int pgp_rsakeygen(int bits, BUFFER *userid, BUFFER *pass, char *pubring,
766 char *secring, int remail)
767 /* remail==2: encrypt the secring */
768 {
769 RSA *k;
770 KEYRING *keydb;
771 BUFFER *pkey, *skey;
772 BUFFER *dk, *sig, *iv, *p;
773 long now;
774 int skalgo = 0;
775 int err = 0;
776
777 pkey = buf_new();
778 skey = buf_new();
779 iv = buf_new();
780 dk = buf_new();
781 p = buf_new();
782 sig = buf_new();
783
784 errlog(NOTICE, "Generating OpenPGP RSA key.\n");
785 k = RSA_generate_key(bits == 0 ? 1024 : bits, 17, NULL, NULL);
786 if (k == NULL) {
787 err = -1;
788 goto end;
789 }
790 now = time(NULL);
791 if (remail) /* fake time in nym keys */
792 now -= rnd_number(4 * 24 * 60 * 60);
793
794 buf_appendc(skey, 3);
795 buf_appendl(skey, now);
796 buf_appendi(skey, 0);
797 buf_appendc(skey, PGP_ES_RSA);
798 mpi_bnput(skey, k->n);
799 mpi_bnput(skey, k->e);
800
801 #ifdef USE_IDEA
802 if (pass != NULL && pass->length > 0 && remail != 2) {
803 skalgo = PGP_K_IDEA;
804 digest_md5(pass, dk);
805 buf_setrnd(iv, pgp_blocklen(skalgo));
806 buf_appendc(skey, skalgo);
807 buf_cat(skey, iv);
808 }
809 else
810 #endif /* USE_IDEA */
811 buf_appendc(skey, 0);
812
813 mpi_bnputenc(skey, k->d, skalgo, dk, iv);
814 mpi_bnputenc(skey, k->q, skalgo, dk, iv);
815 mpi_bnputenc(skey, k->p, skalgo, dk, iv);
816 mpi_bnputenc(skey, k->iqmp, skalgo, dk, iv);
817
818 buf_clear(p);
819 mpi_bnput(p, k->d);
820 mpi_bnput(p, k->q);
821 mpi_bnput(p, k->p);
822 mpi_bnput(p, k->iqmp);
823 buf_appendi(skey, pgp_csum(p, 0));
824
825 pgp_packet(skey, PGP_SECKEY);
826 buf_set(p, userid);
827 pgp_packet(p, PGP_USERID);
828 buf_cat(skey, p);
829
830 if (secring == NULL)
831 secring = PGPREMSECRING;
832 keydb = pgpdb_open(secring, remail == 2 ? pass : NULL, 1);
833 if (keydb == NULL) {
834 err = -1;
835 goto end;
836 }
837 if (keydb->filetype == -1)
838 keydb->filetype = 0;
839 pgpdb_append(keydb, skey);
840 pgpdb_close(keydb);
841
842 if (pubring != NULL) {
843 if (pgp_makepubkey(skey, NULL, pkey, pass, 0) == -1)
844 goto end;
845 keydb = pgpdb_open(pubring, NULL, 1);
846 if (keydb == NULL)
847 goto end;
848 if (keydb->filetype == -1)
849 keydb->filetype = ARMORED;
850 pgpdb_append(keydb, pkey);
851 pgpdb_close(keydb);
852 }
853 end:
854 RSA_free(k);
855 buf_free(pkey);
856 buf_free(skey);
857 buf_free(iv);
858 buf_free(dk);
859 buf_free(p);
860 buf_free(sig);
861 return (err);
862 }
863 #endif /* USE_RSA */
864
865 #define begin_param "-----BEGIN PUBLIC PARAMETER BLOCK-----"
866 #define end_param "-----END PUBLIC PARAMETER BLOCK-----"
867
868 static void *params(int dsa, int bits)
869 {
870 DSA *k = NULL;
871 DH *d = NULL;
872 FILE *f;
873 BUFFER *p, *n;
874 char line[LINELEN];
875 byte b[1024];
876 int m, l;
877
878 if (bits == 0)
879 bits = 1024;
880 if (dsa && bits > 1024)
881 bits = 1024;
882
883 p = buf_new();
884 n = buf_new();
885 f = mix_openfile(dsa ? DSAPARAMS : DHPARAMS, "r");
886 if (f != NULL) {
887 for (;;) {
888 if (fgets(line, sizeof(line), f) == NULL)
889 break;
890 if (strleft(line, begin_param)) {
891 if (fgets(line, sizeof(line), f) == NULL)
892 break;
893 m = 0;
894 sscanf(line, "%d", &m);
895 if (bits == m) {
896 buf_clear(p);
897 while (fgets(line, sizeof(line), f) != NULL) {
898 if (strleft(line, end_param)) {
899 decode(p, p);
900 if (dsa) {
901 k = DSA_new();
902 l = buf_geti(p);
903 buf_get(p, n, l);
904 k->p = BN_bin2bn(n->data, n->length, NULL);
905 l = buf_geti(p);
906 buf_get(p, n, l);
907 k->q = BN_bin2bn(n->data, n->length, NULL);
908 l = buf_geti(p);
909 buf_get(p, n, l);
910 k->g = BN_bin2bn(n->data, n->length, NULL);
911 } else {
912 d = DH_new();
913 l = buf_geti(p);
914 buf_get(p, n, l);
915 d->p = BN_bin2bn(n->data, n->length, NULL);
916 l = buf_geti(p);
917 buf_get(p, n, l);
918 d->g = BN_bin2bn(n->data, n->length, NULL);
919 }
920 break;
921 }
922 buf_appends(p, line);
923 }
924 }
925 }
926 }
927 fclose(f);
928 }
929
930 buf_free(p);
931 buf_free(n);
932
933 if (dsa) {
934 if (k == NULL) {
935 errlog(NOTICE, "Generating DSA parameters.\n");
936 k = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
937 p = buf_new();
938 l = BN_bn2bin(k->p, b);
939 buf_appendi(p, l);
940 buf_append(p, b, l);
941 l = BN_bn2bin(k->q, b);
942 buf_appendi(p, l);
943 buf_append(p, b, l);
944 l = BN_bn2bin(k->g, b);
945 buf_appendi(p, l);
946 buf_append(p, b, l);
947 encode(p, 64);
948 f = mix_openfile(DSAPARAMS, "a");
949 fprintf(f, "%s\n%d\n", begin_param, bits);
950 buf_write(p, f);
951 fprintf(f, "%s\n", end_param);
952 fclose(f);
953 buf_free(p);
954 }
955 return (k);
956 } else {
957 if (d == NULL) {
958 errlog(NOTICE, "Generating DH parameters. (This may take a long time!)\n");
959 d = DH_generate_parameters(bits, DH_GENERATOR_5, NULL, NULL);
960 p = buf_new();
961 l = BN_bn2bin(d->p, b);
962 buf_appendi(p, l);
963 buf_append(p, b, l);
964 l = BN_bn2bin(d->g, b);
965 buf_appendi(p, l);
966 buf_append(p, b, l);
967 encode(p, 64);
968 f = mix_openfile(DHPARAMS, "a");
969 fprintf(f, "%s\n%d\n", begin_param, bits);
970 buf_write(p, f);
971 fprintf(f, "%s\n", end_param);
972 fclose(f);
973 buf_free(p);
974 }
975 return (d);
976 }
977 }
978
979 int pgp_dhkeygen(int bits, BUFFER *userid, BUFFER *pass, char *pubring,
980 char *secring, int remail)
981 /* remail==2: encrypt the secring */
982 {
983 DSA *s;
984 DH *e;
985 KEYRING *keydb;
986 BUFFER *pkey, *skey, *subkey, *secret;
987 BUFFER *dk, *sig, *iv, *p;
988 long now;
989 int err = 0;
990
991 pkey = buf_new();
992 skey = buf_new();
993 subkey = buf_new();
994 iv = buf_new();
995 dk = buf_new();
996 p = buf_new();
997 sig = buf_new();
998 secret = buf_new();
999
1000 s = params(1, bits);
1001 errlog(NOTICE, "Generating OpenPGP DSA key.\n");
1002 if (s == NULL || DSA_generate_key(s) != 1) {
1003 err = -1;
1004 goto end;
1005 }
1006 e = params(0, bits);
1007 errlog(NOTICE, "Generating OpenPGP ElGamal key.\n");
1008 if (e == NULL || DH_generate_key(e) != 1) {
1009 err = -1;
1010 goto end;
1011 }
1012
1013 now = time(NULL);
1014 if (remail) /* fake time in nym keys */
1015 now -= rnd_number(4 * 24 * 60 * 60);
1016
1017 /* DSA key */
1018 buf_setc(skey, 4);
1019 buf_appendl(skey, now);
1020 buf_appendc(skey, PGP_S_DSA);
1021 mpi_bnput(skey, s->p);
1022 mpi_bnput(skey, s->q);
1023 mpi_bnput(skey, s->g);
1024 mpi_bnput(skey, s->pub_key);
1025
1026 mpi_bnput(secret, s->priv_key);
1027 buf_appendi(secret, pgp_csum(secret, 0));
1028 makeski(secret, pass, remail);
1029 buf_cat(skey, secret);
1030 pgp_packet(skey, PGP_SECKEY);
1031
1032 /* ElGamal key */
1033 buf_setc(subkey, 4);
1034 buf_appendl(subkey, now);
1035 buf_appendc(subkey, PGP_E_ELG);
1036 mpi_bnput(subkey, e->p);
1037 mpi_bnput(subkey, e->g);
1038 mpi_bnput(subkey, e->pub_key);
1039
1040 buf_clear(secret);
1041 mpi_bnput(secret, e->priv_key);
1042 buf_appendi(secret, pgp_csum(secret, 0));
1043 makeski(secret, pass, remail);
1044 buf_cat(subkey, secret);
1045
1046 buf_set(p, userid);
1047 pgp_packet(p, PGP_USERID);
1048 buf_cat(skey, p);
1049
1050 pgp_packet(subkey, PGP_SECSUBKEY);
1051 buf_cat(skey, subkey);
1052
1053 if (secring == NULL)
1054 secring = PGPREMSECRING;
1055 keydb = pgpdb_open(secring, remail == 2 ? pass : NULL, 1);
1056 if (keydb == NULL) {
1057 err = -1;
1058 goto end;
1059 }
1060 if (keydb->filetype == -1)
1061 keydb->filetype = 0;
1062 pgpdb_append(keydb, skey);
1063 pgpdb_close(keydb);
1064
1065 if (pubring != NULL) {
1066 pgp_makepubkey(skey, NULL, pkey, pass, 0);
1067 keydb = pgpdb_open(pubring, NULL, 1);
1068 if (keydb == NULL)
1069 goto end;
1070 if (keydb->filetype == -1)
1071 keydb->filetype = ARMORED;
1072 pgpdb_append(keydb, pkey);
1073 pgpdb_close(keydb);
1074 }
1075 end:
1076 buf_free(pkey);
1077 buf_free(skey);
1078 buf_free(subkey);
1079 buf_free(iv);
1080 buf_free(dk);
1081 buf_free(p);
1082 buf_free(sig);
1083 buf_free(secret);
1084 return (err);
1085 }
1086
1087 int pgp_dsasign(BUFFER *data, BUFFER *key, BUFFER *out)
1088 {
1089 BUFFER *mpi, *b;
1090 DSA *d;
1091 DSA_SIG *sig = NULL;
1092
1093 d = DSA_new();
1094 b = buf_new();
1095 mpi = buf_new();
1096 mpi_get(key, mpi);
1097 d->p = BN_bin2bn(mpi->data, mpi->length, NULL);
1098 mpi_get(key, mpi);
1099 d->q = BN_bin2bn(mpi->data, mpi->length, NULL);
1100 mpi_get(key, mpi);
1101 d->g = BN_bin2bn(mpi->data, mpi->length, NULL);
1102 mpi_get(key, mpi);
1103 d->pub_key = BN_bin2bn(mpi->data, mpi->length, NULL);
1104 if (mpi_get(key, mpi) == -1) {
1105 goto end;
1106 }
1107 d->priv_key = BN_bin2bn(mpi->data, mpi->length, NULL);
1108
1109 sig = DSA_do_sign(data->data, data->length, d);
1110 if (sig) {
1111 buf_prepare(b, BN_num_bytes(sig->r));
1112 b->length = BN_bn2bin(sig->r, b->data);
1113 mpi_put(out, b);
1114 b->length = BN_bn2bin(sig->s, b->data);
1115 mpi_put(out, b);
1116 }
1117 end:
1118 buf_free(mpi);
1119 buf_free(b);
1120 DSA_SIG_free(sig);
1121 DSA_free(d);
1122 return(sig ? 0 : -1);
1123 }
1124
1125 int pgp_dosign(int algo, BUFFER *data, BUFFER *key)
1126 {
1127 int err;
1128 BUFFER *out, *r, *s;
1129
1130 out = buf_new();
1131 r = buf_new();
1132 s = buf_new();
1133 switch (algo) {
1134 #ifdef USE_RSA
1135 case PGP_ES_RSA:
1136 err = pgp_rsa(data, key, PK_SIGN);
1137 if (err == 0)
1138 mpi_put(out, data);
1139 break;
1140 #endif /* USE_RSA */
1141 case PGP_S_DSA:
1142 err = pgp_dsasign(data, key, out);
1143 break;
1144 default:
1145 errlog(NOTICE, "Unknown encryption algorithm!\n");
1146 return (-1);
1147 }
1148 if (err == -1)
1149 errlog(ERRORMSG, "Signing operation failed!\n");
1150
1151 buf_move(data, out);
1152 buf_free(out);
1153 buf_free(r);
1154 buf_free(s);
1155 return (err);
1156 }
1157
1158 int pgp_elgdecrypt(BUFFER *in, BUFFER *key)
1159 {
1160 BIGNUM *a = NULL, *b = NULL, *c = NULL,
1161 *p = NULL, *g = NULL, *x = NULL;
1162 BN_CTX *ctx;
1163 BUFFER *i;
1164 int err = -1;
1165
1166 i = buf_new();
1167 ctx = BN_CTX_new();
1168 if (ctx == NULL) goto end;
1169 mpi_get(key, i);
1170 p = BN_bin2bn(i->data, i->length, NULL);
1171 mpi_get(key, i);
1172 g = BN_bin2bn(i->data, i->length, NULL);
1173 mpi_get(key, i); /* y */
1174 mpi_get(key, i);
1175 x = BN_bin2bn(i->data, i->length, NULL);
1176 mpi_get(in, i);
1177 a = BN_bin2bn(i->data, i->length, NULL);
1178 if (mpi_get(in, i) == -1)
1179 goto e1;
1180 b = BN_bin2bn(i->data, i->length, NULL);
1181 c = BN_new();
1182
1183 if (BN_mod_exp(c, a, x, p, ctx) == 0) goto end;
1184 if (BN_mod_inverse(a, c, p, ctx) == 0) goto end;
1185 if (BN_mod_mul(c, a, b, p, ctx) == 0) goto end;
1186
1187 buf_prepare(i, BN_num_bytes(c));
1188 i->length = BN_bn2bin(c, i->data);
1189
1190 buf_prepare(in, BN_num_bytes(c));
1191 in->length = RSA_padding_check_PKCS1_type_2(in->data, in->length, i->data,
1192 i->length, i->length + 1);
1193 if (in->length <= 0)
1194 in->length = 0;
1195 else
1196 err = 0;
1197
1198 end:
1199 BN_free(b);
1200 BN_free(c);
1201 e1:
1202 buf_free(i);
1203 BN_free(a);
1204 BN_free(p);
1205 BN_free(g);
1206 BN_clear_free(x);
1207 BN_CTX_free(ctx);
1208
1209 return (err);
1210 }
1211
1212 int pgp_elgencrypt(BUFFER *in, BUFFER *key)
1213 {
1214 BIGNUM *m, *k, *a, *b, *c, *p, *g, *y = NULL;
1215 BN_CTX *ctx;
1216 BUFFER *i;
1217 int err = -1;
1218
1219 i = buf_new();
1220 ctx = BN_CTX_new();
1221 if (ctx == NULL) goto end;
1222 mpi_get(key, i);
1223 p = BN_bin2bn(i->data, i->length, NULL);
1224 mpi_get(key, i);
1225 g = BN_bin2bn(i->data, i->length, NULL);
1226 if (mpi_get(key, i) == -1)
1227 goto e1;
1228 y = BN_bin2bn(i->data, i->length, NULL);
1229
1230 buf_prepare(i, BN_num_bytes(p));
1231 if (RSA_padding_add_PKCS1_type_2(i->data, i->length, in->data, in->length)
1232 != 1)
1233 goto end;
1234 m = BN_bin2bn(i->data, i->length, NULL);
1235
1236 k = BN_new();
1237 BN_rand(k, BN_num_bits(p), 0, 0);
1238
1239 a = BN_new();
1240 b = BN_new();
1241 c = BN_new();
1242
1243 if (BN_mod_exp(a, g, k, p, ctx) == 0) goto end;
1244 if (BN_mod_exp(c, y, k, p, ctx) == 0) goto end;
1245 if (BN_mod_mul(b, m, c, p, ctx) == 0) goto end;
1246
1247 buf_clear(in);
1248 i->length = BN_bn2bin(a, i->data);
1249 mpi_put(in, i);
1250 i->length = BN_bn2bin(b, i->data);
1251 mpi_put(in, i);
1252
1253 err = 0;
1254
1255 BN_free(a);
1256 BN_free(b);
1257 BN_free(c);
1258 BN_free(m);
1259 e1:
1260 buf_free(i);
1261 BN_free(p);
1262 BN_free(g);
1263 BN_free(y);
1264 BN_CTX_free(ctx);
1265 end:
1266
1267 return (err);
1268 }
1269
1270 #endif /* USE_PGP */
  ViewVC Help
Powered by ViewVC 1.1.5