/[pkg-mixmaster]/trunk/Mix/Src/pgpdata.c
ViewVC logotype

Contents of /trunk/Mix/Src/pgpdata.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 135 - (hide annotations) (download)
Fri Aug 16 19:03:37 2002 UTC (10 years, 9 months ago) by rabbi
File MIME type: text/plain
File size: 27932 byte(s) 
Mixmaster now uses the OpenPGP MDC packets (as specified in RFC 2440-bis06).

Mixmaster will use MDC packets if the MDC flag is found in the recipient's
PGP key, or by default if it is encrypting with AES.

New keys generated with Mixmaster will have the MDC flag placed in the key's
preferences. Also, cipher preferences are now advertised as CAST5, AES128,
3DES.
1 rabbi 1 /* Mixmaster version 3 -- (C) 1999 Anonymizer Inc.
2    
3     Mixmaster may be redistributed and modified under certain conditions.
4     This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
5     ANY KIND, either express or implied. See the file COPYRIGHT for
6     details.
7    
8     OpenPGP data
9 rabbi 135 $Id: pgpdata.c,v 1.11 2002/08/16 19:03:37 rabbi Exp $ */
10 rabbi 1
11    
12     #include "mix3.h"
13     #ifdef USE_PGP
14     #include "pgp.h"
15     #include "crypto.h"
16     #include <assert.h>
17     #include <time.h>
18 weaselp 120 #include <string.h>
19 rabbi 1
20     int pgp_keylen(int symalgo)
21     {
22     switch (symalgo) {
23 rabbi 98 #ifdef USE_AES
24     case PGP_K_AES256:
25     return (32);
26     case PGP_K_AES192:
27     return (24);
28     case PGP_K_AES128:
29     #endif
30 rabbi 1 case PGP_K_IDEA:
31     case PGP_K_CAST5:
32     case PGP_K_BF:
33     return (16);
34     case PGP_K_3DES:
35     return (24);
36     default:
37 rabbi 98 return (0);
38 rabbi 1 }
39     }
40    
41 rabbi 98 int pgp_blocklen(int symalgo)
42     {
43     switch (symalgo) {
44     #ifdef USE_AES
45     case PGP_K_AES256:
46     case PGP_K_AES192:
47     case PGP_K_AES128:
48     return (16);
49     #endif
50     case PGP_K_IDEA:
51     case PGP_K_CAST5:
52     case PGP_K_BF:
53     case PGP_K_3DES:
54     return (8);
55     default:
56     return (16);
57     }
58     }
59    
60 rabbi 1 int mpi_get(BUFFER *b, BUFFER *mpi)
61     {
62     int l;
63    
64     l = buf_geti(b);
65     buf_clear(mpi);
66    
67     if (l <= 0 || b->ptr + (l + 7) / 8 > b->length)
68     return (-1);
69     buf_get(b, mpi, (l + 7) / 8);
70     return (l);
71     }
72    
73    
74     int mpi_bitcount(BUFFER *mpi)
75     {
76 weaselp 134 int i, l;
77     while (!mpi->data[0] && mpi->length) // remove leading zeros from mpi
78     memmove(mpi->data, mpi->data+1, --mpi->length);
79     l = mpi->length * 8;
80 rabbi 1 for (i = 7; i >= 0; i--)
81     if (((mpi->data[0] >> i) & 1) == 1) {
82     l -= 7 - i;
83     break;
84     }
85     return l;
86     }
87    
88     int mpi_put(BUFFER *b, BUFFER *mpi)
89     {
90     buf_appendi(b, mpi_bitcount(mpi));
91     buf_cat(b, mpi);
92     return (0);
93     }
94    
95     int skcrypt(BUFFER *data, int skalgo, BUFFER *key, BUFFER *iv, int enc)
96     {
97     switch (skalgo) {
98     case 0:
99     return (0);
100     #ifdef USE_IDEA
101     case PGP_K_IDEA:
102     return (buf_ideacrypt(data, key, iv, enc));
103     #endif
104 rabbi 98 #ifdef USE_AES
105     case PGP_K_AES128:
106     case PGP_K_AES192:
107     case PGP_K_AES256:
108     return (buf_aescrypt(data, key, iv, enc));
109     #endif
110 rabbi 1 case PGP_K_3DES:
111     return (buf_3descrypt(data, key, iv, enc));
112     case PGP_K_BF:
113     return (buf_bfcrypt(data, key, iv, enc));
114     case PGP_K_CAST5:
115     return (buf_castcrypt(data, key, iv, enc));
116     default:
117     return (-1);
118     }
119     }
120    
121     int pgp_csum(BUFFER *key, int start)
122     {
123     int i, csum = 0;
124     for (i = start; i < key->length; i++)
125     csum = (csum + key->data[i]) % 65536;
126     return (csum);
127     }
128    
129     #ifdef USE_RSA
130     int pgp_rsa(BUFFER *in, BUFFER *k, int mode)
131     {
132     BUFFER *mpi, *out;
133     int err = -1;
134     RSA *key;
135    
136     assert(mode == PK_ENCRYPT || mode == PK_VERIFY || mode == PK_DECRYPT
137     || mode == PK_SIGN);
138     key = RSA_new();
139     out = buf_new();
140     mpi = buf_new();
141    
142     mpi_get(k, mpi);
143     key->n = BN_bin2bn(mpi->data, mpi->length, NULL);
144    
145     if (mpi_get(k, mpi) < 0)
146     goto end;
147     key->e = BN_bin2bn(mpi->data, mpi->length, NULL);
148    
149     if (mode == PK_DECRYPT || mode == PK_SIGN) {
150     if (mpi_get(k, mpi) < 0)
151     goto end;
152     key->d = BN_bin2bn(mpi->data, mpi->length, NULL);
153    
154     #if 1
155     /* compute auxiluary parameters */
156     mpi_get(k, mpi); /* PGP'p is SSLeay's q */
157     key->q = BN_bin2bn(mpi->data, mpi->length, NULL);
158    
159     mpi_get(k, mpi);
160     key->p = BN_bin2bn(mpi->data, mpi->length, NULL);
161    
162     if (mpi_get(k, mpi) < 0)
163     goto end;
164     key->iqmp = BN_bin2bn(mpi->data, mpi->length, NULL);
165    
166     {
167     BIGNUM *i;
168     BN_CTX *ctx;
169    
170     ctx = BN_CTX_new();
171     i = BN_new();
172     key->dmp1 = BN_new();
173     key->dmq1 = BN_new();
174    
175     BN_sub(i, key->p, BN_value_one());
176     BN_mod(key->dmp1, key->d, i, ctx);
177    
178     BN_sub(i, key->q, BN_value_one());
179     BN_mod(key->dmq1, key->d, i, ctx);
180    
181     BN_free(i);
182     }
183     #endif
184     }
185     buf_prepare(out, RSA_size(key));
186    
187     switch (mode) {
188     case PK_ENCRYPT:
189     out->length = RSA_public_encrypt(in->length, in->data, out->data, key,
190     RSA_PKCS1_PADDING);
191     break;
192     case PK_VERIFY:
193     out->length = RSA_public_decrypt(in->length, in->data, out->data, key,
194     RSA_PKCS1_PADDING);
195     break;
196     case PK_SIGN:
197     out->length = RSA_private_encrypt(in->length, in->data, out->data, key,
198     RSA_PKCS1_PADDING);
199     break;
200     case PK_DECRYPT:
201     out->length = RSA_private_decrypt(in->length, in->data, out->data, key,
202     RSA_PKCS1_PADDING);
203     break;
204     }
205     if (out->length == -1)
206     err = -1, out->length = 0;
207     else
208     err = 0;
209    
210     buf_move(in, out);
211     end:
212     RSA_free(key);
213     buf_free(out);
214     buf_free(mpi);
215     return (err);
216     }
217     #endif
218    
219     /* Contrary to RFC 2440, old PGP versions use this for clearsign only.
220     * If the text is included in the OpenPGP message, the application will
221     * typically provide the text in the proper format (whatever that is);
222     * we use "canonic" format so everybody will be able to read our messages.
223     * In clearsigned messages, trailing whitespace is always ignored.
224     * Detached signatures are the problematic case. For PGP/MIME, we always
225     * escape trailing whitespace as quoted-printable.
226     */
227     void pgp_sigcanonic(BUFFER *msg)
228     {
229     BUFFER *line, *out;
230    
231     out = buf_new();
232     line = buf_new();
233    
234     while (buf_getline(msg, line) != -1) {
235     while (line->length > 0 && (line->data[line->length - 1] == ' '
236     #if 0
237     || line->data[line->length - 1] == '\t'
238     #endif
239     ))
240     line->length--;
241     line->data[line->length] = '\0';
242     buf_cat(out, line);
243     buf_appends(out, "\r\n");
244     }
245     buf_move(msg, out);
246     buf_free(out);
247     buf_free(line);
248     }
249    
250     static void mpi_bnput(BUFFER *o, BIGNUM *i)
251     {
252     BUFFER *b;
253    
254     b = buf_new();
255     buf_prepare(b, BN_num_bytes(i));
256     b->length = BN_bn2bin(i, b->data);
257     mpi_put(o, b);
258     buf_free(b);
259     }
260    
261     static void mpi_bnputenc(BUFFER *o, BIGNUM *i, int ska, BUFFER *key,
262     BUFFER *iv)
263     {
264     BUFFER *b;
265 weaselp 134 int ivlen = iv->length;
266 rabbi 1
267     b = buf_new();
268     buf_prepare(b, BN_num_bytes(i));
269     b->length = BN_bn2bin(i, b->data);
270     buf_appendi(o, mpi_bitcount(b));
271 weaselp 134 if (key && key->length) {
272 rabbi 1 skcrypt(b, ska, key, iv, ENCRYPT);
273 weaselp 134 buf_clear(iv);
274     buf_append(iv, b->data+b->length-ivlen, ivlen);
275     }
276 rabbi 1 buf_cat(o, b);
277     buf_free(b);
278     }
279    
280     static int getski(BUFFER *p, BUFFER *pass, BUFFER *key, BUFFER *iv)
281     {
282     int skalgo;
283     BUFFER *salt, *temp;
284    
285     if (!pass)
286     return(-1);
287    
288     salt = buf_new();
289     temp = buf_new();
290    
291     skalgo = buf_getc(p);
292     switch (skalgo) {
293     case 0:
294     /* none */
295     goto end;
296     case 255:
297     /* S2K specifier */
298     skalgo = pgp_getsk(p, pass, key);
299     break;
300     default:
301     /* simple */
302     digest_md5(pass, key);
303     break;
304     }
305    
306 rabbi 98 buf_get(p, iv, pgp_blocklen(skalgo));
307 rabbi 1
308     end:
309     buf_free(salt);
310     buf_free(temp);
311     return (skalgo);
312     }
313    
314     static void makeski(BUFFER *secret, BUFFER *pass, int remail)
315     {
316     BUFFER *out, *key, *iv;
317     out = buf_new();
318     key = buf_new();
319     iv = buf_new();
320     if (pass == NULL || pass->length == 0 || remail == 2) {
321     buf_appendc(out, 0);
322     buf_cat(out, secret);
323     } else {
324     buf_appendc(out, 255);
325     pgp_makesk(out, key, PGP_K_CAST5, 3, PGP_H_SHA1, pass);
326 rabbi 98 buf_setrnd(iv, pgp_blocklen(PGP_K_CAST5));
327 rabbi 1 buf_cat(out, iv);
328     skcrypt(secret, PGP_K_CAST5, key, iv, 1);
329     buf_cat(out, secret);
330     }
331     buf_move(secret, out);
332     buf_free(out);
333     buf_free(key);
334     buf_free(iv);
335     }
336    
337     int pgp_nummpi(int algo)
338     {
339     switch (algo) {
340     case PGP_ES_RSA:
341     return (2);
342     case PGP_S_DSA:
343     return (4);
344     case PGP_E_ELG:
345     return (3);
346     default:
347     return (0);
348     }
349     }
350    
351     int pgp_numsecmpi(int algo)
352     {
353     switch (algo) {
354     case PGP_ES_RSA:
355     return (4);
356     case PGP_S_DSA:
357     return (1);
358     case PGP_E_ELG:
359     return (1);
360     default:
361     return (0);
362     }
363     }
364    
365     /* store key's ID in keyid */
366     int pgp_keyid(BUFFER *key, BUFFER *keyid)
367     {
368     BUFFER *i, *k;
369     int version, algo, j, ptr;
370    
371     i = buf_new();
372     k = buf_new();
373    
374     ptr = key->ptr;
375     key->ptr = 0;
376     switch (version = buf_getc(key)) {
377     case 2:
378     case 3:
379     buf_getl(key);
380     buf_geti(key);
381     buf_getc(key);
382     mpi_get(key, i);
383     break;
384     case 4:
385     buf_appendc(k, version);
386     buf_appendl(k, buf_getl(key));
387     algo = buf_getc(key);
388     buf_appendc(k, algo);
389     if (pgp_nummpi(algo) == 0)
390     buf_rest(k, key); /* works for public keys only */
391     else
392     for (j = 0; j < pgp_nummpi(algo); j++) {
393     mpi_get(key, i);
394     mpi_put(k, i);
395     }
396     buf_clear(i);
397     buf_appendc(i, 0x99);
398     buf_appendi(i, k->length);
399     buf_cat(i, k);
400     digest_sha1(i, i);
401     break;
402     }
403     buf_clear(keyid);
404     buf_append(keyid, i->data + i->length - 8, 8);
405     buf_free(i);
406     buf_free(k);
407     key->ptr = ptr;
408     return(0);
409     }
410    
411     static int pgp_iskeyid(BUFFER *key, BUFFER *keyid)
412     {
413     BUFFER *thisid;
414     int ret;
415    
416     thisid = buf_new();
417     pgp_keyid(key, thisid);
418     ret = buf_eq(keyid, thisid);
419     buf_free(thisid);
420     return(ret);
421     }
422    
423 rabbi 135 int pgp_getkey(int mode, int algo, int *psym, int *pmdc, BUFFER *keypacket, BUFFER *key,
424 rabbi 1 BUFFER *keyid, BUFFER *userid, BUFFER *pass)
425     {
426     int tempbuf = 0;
427     int keytype = -1, type, j;
428 weaselp 120 int thisalgo = 0, version, skalgo;
429 rabbi 135 int needsym = 0, symfound = 0, mdcfound = 0;
430 ulfm 51 BUFFER *p1, *iv, *sk, *i, *thiskeyid;
431 rabbi 98 int ivlen;
432 rabbi 1 int csstart;
433    
434     p1 = buf_new();
435     i = buf_new();
436     iv = buf_new();
437     sk = buf_new();
438 ulfm 51 thiskeyid = buf_new();
439 rabbi 1 if (psym)
440     needsym = *psym;
441     if (keypacket == key) {
442     key = buf_new();
443     tempbuf = 1;
444     }
445     if (userid)
446     buf_clear(userid);
447    
448     while ((type = pgp_getpacket(keypacket, p1)) > 0) {
449     switch (type) {
450     case PGP_SIG:
451     /* it is assumed that only valid keys have been imported */
452     if (buf_getc(p1) == 4) {
453     if (buf_getc(p1) == PGP_SIG_CERT) {
454     buf_getc(p1);
455     buf_getc(p1);
456     j = buf_geti(p1);
457     j += p1->ptr;
458     while (p1->ptr < j) {
459     int len, type, a;
460     len = buf_getc(p1);
461     if (len > 192 && len < 255)
462     len = (len - 192) * 256 + buf_getc(p1) + 192;
463     else if (len == 255)
464     len = buf_getl(p1);
465     type = buf_getc(p1);
466 ulfm 63 if (len)
467 rabbi 135 buf_get(p1, i, len-1); // len-1 - exclude type
468 ulfm 63 else
469     buf_clear(i);
470 rabbi 135 if (type == PGP_SUB_PSYMMETRIC) {
471 rabbi 1 while ((a = buf_getc(i)) != -1)
472 rabbi 135 if ((a == PGP_K_3DES || a == PGP_K_CAST5 || a == PGP_K_BF
473 rabbi 1 #ifdef USE_IDEA
474     || a == PGP_K_IDEA
475     #endif
476 rabbi 135 #ifdef USE_AES
477     || a == PGP_K_AES128 || a == PGP_K_AES192 || a == PGP_K_AES256
478     #endif
479 rabbi 1 ) && (a == needsym || needsym == 0)) {
480     symfound = a;
481 rabbi 135 break; // while ((a = buf_getc(i)) != -1)
482     } // if ((a == PGP_K_3DES)...
483     } // if (type == PGP_SUB_PSYMMETRIC)
484     else if (type == PGP_SUB_FEATURES) {
485     if ((a = buf_getc(i)) != -1)
486     if (a & 0x01)
487     mdcfound = 1;
488     } // if (type == PGP_SUB_FEATURES)
489     } // while (p1->ptr < j)
490     } // if (buf_getc(p1) == PGP_SIG_CERT)
491     } // if (buf_getc(p1) == 4)
492     break; // switch (type)
493 rabbi 1 case PGP_USERID:
494     if (userid)
495     buf_move(userid, p1);
496     break;
497     case PGP_PUBSUBKEY:
498     case PGP_SECSUBKEY:
499     if (keytype != -1 && (mode == PK_SIGN || mode == PK_VERIFY))
500     continue;
501     case PGP_PUBKEY:
502     case PGP_SECKEY:
503     if ((type == PGP_PUBKEY || type == PGP_PUBSUBKEY) &&
504     (mode == PK_DECRYPT || mode == PK_SIGN))
505     continue;
506     keytype = type;
507     version = buf_getc(p1);
508     switch (version) {
509     case 2:
510     case 3:
511     buf_getl(p1); /* created */
512     buf_geti(p1); /* valid */
513     thisalgo = buf_getc(p1);
514     if (thisalgo != PGP_ES_RSA) {
515     keytype = -1;
516     goto end;
517     }
518     symfound = PGP_K_IDEA;
519 rabbi 135 mdcfound = 0;
520 rabbi 1 break;
521     case 4:
522     buf_appendc(key, version);
523     buf_appendl(key, buf_getl(p1));
524     thisalgo = buf_getc(p1);
525     buf_appendc(key, thisalgo);
526     if (symfound == 0)
527     symfound = PGP_K_3DES; /* default algorithm */
528     break;
529     default:
530     keytype = -1;
531     goto end;
532     }
533     if (algo != PGP_ANY && thisalgo != algo) {
534     keytype = -1;
535     continue;
536     }
537     if (keyid && keyid->length && !pgp_iskeyid(p1, keyid))
538     continue;
539 ulfm 51 pgp_keyid(p1, thiskeyid);
540 rabbi 1 if (key) {
541     buf_clear(key);
542     for (j = 0; j < pgp_nummpi(thisalgo); j++) {
543     if (mpi_get(p1, i) == -1)
544     goto end;
545     mpi_put(key, i);
546     }
547     if (keytype == PGP_SECKEY || keytype == PGP_SECSUBKEY) {
548     csstart = key->length;
549     skalgo = getski(p1, pass, sk, iv);
550     switch (version) {
551     case 2:
552     case 3:
553 rabbi 98 ivlen = pgp_blocklen(skalgo);
554 rabbi 1 for (j = 0; j < pgp_numsecmpi(thisalgo); j++) {
555 rabbi 98 unsigned char lastb[16];
556 rabbi 1 if (mpi_get(p1, i) == -1) {
557     keytype = -1;
558     goto end;
559     }
560 rabbi 98 assert(ivlen <= 16);
561     memcpy(lastb, i->data+i->length-ivlen, ivlen);
562 rabbi 1 skcrypt(i, skalgo, sk, iv, DECRYPT);
563 rabbi 98 buf_clear(iv);
564     buf_append(iv, lastb, ivlen);
565 rabbi 1 mpi_put(key, i);
566     }
567     break;
568     case 4:
569     buf_clear(i);
570     buf_rest(i, p1);
571     skcrypt(i, skalgo, sk, iv, DECRYPT);
572     buf_move(p1, i);
573     for (j = 0; j < pgp_numsecmpi(thisalgo); j++) {
574     if (mpi_get(p1, i) == -1) {
575     keytype = PGP_PASS;
576     goto end;
577     }
578     mpi_put(key, i);
579     }
580     break;
581     }
582     if (pgp_csum(key, csstart) != buf_geti(p1)) {
583     keytype = PGP_PASS;
584     goto end;
585     }
586     }
587     }
588     break;
589     default:
590     /* ignore trust packets etc */
591     break;
592 rabbi 135 } // switch (type)
593     } // while ((type = pgp_getpacket(keypacket, p1)) > 0)
594 rabbi 1 end:
595 ulfm 51 if (keyid) buf_set(keyid, thiskeyid);
596 rabbi 1 if (tempbuf) {
597     buf_move(keypacket, key);
598     buf_free(key);
599     }
600     buf_free(p1);
601     buf_free(i);
602     buf_free(iv);
603     buf_free(sk);
604 ulfm 51 buf_free(thiskeyid);
605 rabbi 1 #ifndef USE_RSA
606     if (thisalgo == PGP_ES_RSA)
607     keytype = -1;
608     #endif
609     if (needsym > 0 && symfound != needsym)
610     keytype = -1;
611     else if (psym && *psym == 0)
612     *psym = symfound;
613 rabbi 135 if (pmdc)
614     *pmdc = mdcfound;
615 rabbi 1
616     return (keytype <= 0 ? keytype : thisalgo);
617     }
618    
619     int pgp_makepkpacket(int type, BUFFER *p, BUFFER *outtxt, BUFFER *out,
620     BUFFER *key, BUFFER *pass, time_t *created)
621     {
622     BUFFER *i, *id;
623     char txt[LINELEN], algoid;
624     int version, algo, valid = 0, err = 0;
625     int len, j;
626     struct tm *tc;
627    
628     i = buf_new();
629     id = buf_new();
630    
631     version = buf_getc(p);
632     buf_clear(key);
633     switch (version) {
634     case 2:
635     case 3:
636     *created = buf_getl(p);
637     valid = buf_geti(p);
638     algo = buf_getc(p);
639     if (algo != PGP_ES_RSA)
640     return(-1);
641     break;
642     case 4:
643     *created = buf_getl(p);
644     algo = buf_getc(p);
645     break;
646     default:
647     return(-1);
648     }
649    
650     switch (version) {
651     case 2:
652     case 3:
653     buf_appendc(key, version);
654     buf_appendl(key, *created);
655     buf_appendi(key, valid);
656     buf_appendc(key, algo);
657     break;
658     case 4:
659     buf_appendc(key, version);
660     buf_appendl(key, *created);
661     buf_appendc(key, algo);
662     break;
663     }
664    
665     pgp_keyid(p, id);
666     len = mpi_get(p, i);
667     mpi_put(key, i);
668     for (j = 1; j < pgp_nummpi(algo); j++) {
669     if (mpi_get(p, i) == -1) {
670     err = -1;
671     goto end;
672     }
673     mpi_put(key, i);
674     }
675     pgp_packet(key, type);
676     buf_cat(out, key);
677    
678     if (outtxt != NULL) {
679     switch(algo) {
680     case PGP_ES_RSA:
681     algoid = 'R';
682     break;
683     case PGP_S_DSA:
684     algoid = 'D';
685     break;
686     case PGP_E_ELG:
687     algoid = 'g';
688     break;
689     default:
690     algoid = '?';
691     }
692     buf_appendf(outtxt, "%s %4d%c/%02X%02X%02X%02X ", type == PGP_PUBSUBKEY ?
693     "sub" : "pub", len, algoid,
694     id->data[4], id->data[5], id->data[6], id->data[7]);
695     tc = localtime(created);
696     strftime(txt, LINELEN, "%Y/%m/%d ", tc);
697     buf_appends(outtxt, txt);
698     }
699     end:
700     buf_free(i);
701     buf_free(id);
702     return(err == 0 ? algo : err);
703     }
704    
705     int pgp_makepubkey(BUFFER *keypacket, BUFFER *outtxt, BUFFER *out,
706     BUFFER *pass, int keyalgo)
707     {
708     BUFFER *p, *pubkey, *seckey, *subkey, *sig, *tmp;
709     int err = -1, type, thisalgo;
710     time_t created;
711    
712     p = buf_new();
713     seckey = buf_new();
714     pubkey = buf_new();
715     subkey = buf_new();
716     sig = buf_new();
717     tmp = buf_new();
718    
719     buf_set(seckey, keypacket);
720     type = pgp_getpacket(keypacket, p);
721     if (type != PGP_SECKEY)
722     goto end;
723    
724     thisalgo = pgp_makepkpacket(PGP_PUBKEY, p, outtxt, tmp, pubkey, pass,
725     &created);
726     if (thisalgo == -1 || (keyalgo != 0 && keyalgo != thisalgo))
727     goto end;
728     buf_cat(out, tmp);
729    
730     while ((type = pgp_getpacket(keypacket, p)) > 0) {
731     if (type == PGP_SECSUBKEY) {
732     if (pgp_makepkpacket(PGP_PUBSUBKEY, p, outtxt, out, subkey, pass,
733     &created) == -1)
734     goto end;
735     if (pgp_sign(pubkey, subkey, sig, NULL, pass, PGP_SIG_BINDSUBKEY, 0,
736     created, 0, seckey, NULL) != -1)
737     buf_cat(out, sig);
738     if (outtxt)
739     buf_nl(outtxt);
740     } else if (type == PGP_USERID) {
741     if (outtxt != NULL) {
742     buf_cat(outtxt, p);
743     buf_nl(outtxt);
744     }
745     pgp_packet(p, PGP_USERID);
746     err = pgp_sign(pubkey, p, sig, NULL, pass, PGP_SIG_CERT, 1, created, 0,
747     seckey, NULL);
748     buf_cat(out, p);
749     if (err == 0)
750     buf_cat(out, sig);
751     } else if (type == PGP_PUBKEY || type == PGP_SECKEY)
752     break;
753     }
754     end:
755     buf_free(pubkey);
756     buf_free(seckey);
757     buf_free(subkey);
758     buf_free(sig);
759     buf_free(p);
760     buf_free(tmp);
761     return (err);
762     }
763    
764     #ifdef USE_RSA
765     int pgp_rsakeygen(int bits, BUFFER *userid, BUFFER *pass, char *pubring,
766     char *secring, int remail)
767     /* remail==2: encrypt the secring */
768     {
769     RSA *k;
770     KEYRING *keydb;
771     BUFFER *pkey, *skey;
772     BUFFER *dk, *sig, *iv, *p;
773     long now;
774     int skalgo = 0;
775     int err = 0;
776    
777     pkey = buf_new();
778     skey = buf_new();
779     iv = buf_new();
780     dk = buf_new();
781     p = buf_new();
782     sig = buf_new();
783    
784     errlog(NOTICE, "Generating OpenPGP RSA key.\n");
785     k = RSA_generate_key(bits == 0 ? 1024 : bits, 3, NULL, NULL);
786     if (k == NULL) {
787     err = -1;
788     goto end;
789     }
790     now = time(NULL);
791     if (remail) /* fake time in nym keys */
792     now -= rnd_number(4 * 24 * 60 * 60);
793    
794     buf_appendc(skey, 3);
795     buf_appendl(skey, now);
796     buf_appendi(skey, 0);
797     buf_appendc(skey, PGP_ES_RSA);
798     mpi_bnput(skey, k->n);
799     mpi_bnput(skey, k->e);
800    
801     #ifdef USE_IDEA
802     if (pass != NULL && pass->length > 0 && remail != 2) {
803     skalgo = PGP_K_IDEA;
804     digest_md5(pass, dk);
805 rabbi 98 buf_setrnd(iv, pgp_blocklen(skalgo));
806 rabbi 1 buf_appendc(skey, skalgo);
807     buf_cat(skey, iv);
808     }
809     else
810     #endif
811     buf_appendc(skey, 0);
812    
813     mpi_bnputenc(skey, k->d, skalgo, dk, iv);
814     mpi_bnputenc(skey, k->q, skalgo, dk, iv);
815     mpi_bnputenc(skey, k->p, skalgo, dk, iv);
816     mpi_bnputenc(skey, k->iqmp, skalgo, dk, iv);
817    
818     buf_clear(p);
819     mpi_bnput(p, k->d);
820     mpi_bnput(p, k->q);
821     mpi_bnput(p, k->p);
822     mpi_bnput(p, k->iqmp);
823     buf_appendi(skey, pgp_csum(p, 0));
824    
825     pgp_packet(skey, PGP_SECKEY);
826     buf_set(p, userid);
827     pgp_packet(p, PGP_USERID);
828     buf_cat(skey, p);
829    
830     if (secring == NULL)
831     secring = PGPREMSECRING;
832     keydb = pgpdb_open(secring, remail == 2 ? pass : NULL, 1);
833     if (keydb == NULL) {
834     err = -1;
835     goto end;
836     }
837     if (keydb->filetype == -1)
838     keydb->filetype = 0;
839     pgpdb_append(keydb, skey);
840     pgpdb_close(keydb);
841    
842     if (pubring != NULL) {
843     if (pgp_makepubkey(skey, NULL, pkey, pass, 0) == -1)
844     goto end;
845     keydb = pgpdb_open(pubring, NULL, 1);
846     if (keydb == NULL)
847     goto end;
848     if (keydb->filetype == -1)
849     keydb->filetype = ARMORED;
850     pgpdb_append(keydb, pkey);
851     pgpdb_close(keydb);
852     }
853     end:
854 weaselp 86 RSA_free(k);
855 rabbi 1 buf_free(pkey);
856     buf_free(skey);
857     buf_free(iv);
858     buf_free(dk);
859     buf_free(p);
860     buf_free(sig);
861     return (err);
862     }
863     #endif
864    
865     #define begin_param "-----BEGIN PUBLIC PARAMETER BLOCK-----"
866     #define end_param "-----END PUBLIC PARAMETER BLOCK-----"
867    
868     static void *params(int dsa, int bits)
869     {
870     DSA *k = NULL;
871     DH *d = NULL;
872     FILE *f;
873     BUFFER *p, *n;
874     char line[LINELEN];
875     byte b[1024];
876     int m, l;
877    
878     if (bits == 0)
879     bits = 1024;
880     if (dsa && bits > 1024)
881     bits = 1024;
882    
883     p = buf_new();
884     n = buf_new();
885     f = mix_openfile(dsa ? DSAPARAMS : DHPARAMS, "r");
886     if (f != NULL) {
887     for (;;) {
888     if (fgets(line, sizeof(line), f) == NULL)
889     break;
890     if (strleft(line, begin_param)) {
891     if (fgets(line, sizeof(line), f) == NULL)
892     break;
893     m = 0;
894     sscanf(line, "%d", &m);
895     if (bits == m) {
896     buf_clear(p);
897     while (fgets(line, sizeof(line), f) != NULL) {
898     if (strleft(line, end_param)) {
899     decode(p, p);
900     if (dsa) {
901     k = DSA_new();
902     l = buf_geti(p);
903     buf_get(p, n, l);
904     k->p = BN_bin2bn(n->data, n->length, NULL);
905     l = buf_geti(p);
906     buf_get(p, n, l);
907     k->q = BN_bin2bn(n->data, n->length, NULL);
908     l = buf_geti(p);
909     buf_get(p, n, l);
910     k->g = BN_bin2bn(n->data, n->length, NULL);
911     } else {
912     d = DH_new();
913     l = buf_geti(p);
914     buf_get(p, n, l);
915     d->p = BN_bin2bn(n->data, n->length, NULL);
916     l = buf_geti(p);
917     buf_get(p, n, l);
918     d->g = BN_bin2bn(n->data, n->length, NULL);
919     }
920     break;
921     }
922     buf_appends(p, line);
923     }
924     }
925     }
926     }
927     fclose(f);
928     }
929    
930     buf_free(p);
931     buf_free(n);
932    
933     if (dsa) {
934     if (k == NULL) {
935     errlog(NOTICE, "Generating DSA parameters.\n");
936     k = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
937     p = buf_new();
938     l = BN_bn2bin(k->p, b);
939     buf_appendi(p, l);
940     buf_append(p, b, l);
941     l = BN_bn2bin(k->q, b);
942     buf_appendi(p, l);
943     buf_append(p, b, l);
944     l = BN_bn2bin(k->g, b);
945     buf_appendi(p, l);
946     buf_append(p, b, l);
947     encode(p, 64);
948     f = mix_openfile(DSAPARAMS, "a");
949     fprintf(f, "%s\n%d\n", begin_param, bits);
950     buf_write(p, f);
951     fprintf(f, "%s\n", end_param);
952     fclose(f);
953     buf_free(p);
954     }
955     return (k);
956     } else {
957     if (d == NULL) {
958     errlog(NOTICE, "Generating DH parameters. (This may take a long time!)\n");
959     d = DH_generate_parameters(bits, DH_GENERATOR_5, NULL, NULL);
960     p = buf_new();
961     l = BN_bn2bin(d->p, b);
962     buf_appendi(p, l);
963     buf_append(p, b, l);
964     l = BN_bn2bin(d->g, b);
965     buf_appendi(p, l);
966     buf_append(p, b, l);
967     encode(p, 64);
968     f = mix_openfile(DHPARAMS, "a");
969     fprintf(f, "%s\n%d\n", begin_param, bits);
970     buf_write(p, f);
971     fprintf(f, "%s\n", end_param);
972     fclose(f);
973     buf_free(p);
974     }
975     return (d);
976     }
977     }
978    
979     int pgp_dhkeygen(int bits, BUFFER *userid, BUFFER *pass, char *pubring,
980     char *secring, int remail)
981     /* remail==2: encrypt the secring */
982     {
983     DSA *s;
984     DH *e;
985     KEYRING *keydb;
986     BUFFER *pkey, *skey, *subkey, *secret;
987     BUFFER *dk, *sig, *iv, *p;
988     long now;
989     int err = 0;
990    
991     pkey = buf_new();
992     skey = buf_new();
993     subkey = buf_new();
994     iv = buf_new();
995     dk = buf_new();
996     p = buf_new();
997     sig = buf_new();
998     secret = buf_new();
999    
1000     s = params(1, bits);
1001     errlog(NOTICE, "Generating OpenPGP DSA key.\n");
1002     if (s == NULL || DSA_generate_key(s) != 1) {
1003     err = -1;
1004     goto end;
1005     }
1006     e = params(0, bits);
1007     errlog(NOTICE, "Generating OpenPGP ElGamal key.\n");
1008     if (e == NULL || DH_generate_key(e) != 1) {
1009     err = -1;
1010     goto end;
1011     }
1012    
1013     now = time(NULL);
1014     if (remail) /* fake time in nym keys */
1015     now -= rnd_number(4 * 24 * 60 * 60);
1016    
1017     /* DSA key */
1018     buf_setc(skey, 4);
1019     buf_appendl(skey, now);
1020     buf_appendc(skey, PGP_S_DSA);
1021     mpi_bnput(skey, s->p);
1022     mpi_bnput(skey, s->q);
1023     mpi_bnput(skey, s->g);
1024     mpi_bnput(skey, s->pub_key);
1025    
1026     mpi_bnput(secret, s->priv_key);
1027     buf_appendi(secret, pgp_csum(secret, 0));
1028     makeski(secret, pass, remail);
1029     buf_cat(skey, secret);
1030     pgp_packet(skey, PGP_SECKEY);
1031    
1032     /* ElGamal key */
1033     buf_setc(subkey, 4);
1034     buf_appendl(subkey, now);
1035     buf_appendc(subkey, PGP_E_ELG);
1036     mpi_bnput(subkey, e->p);
1037     mpi_bnput(subkey, e->g);
1038     mpi_bnput(subkey, e->pub_key);
1039    
1040     buf_clear(secret);
1041     mpi_bnput(secret, e->priv_key);
1042     buf_appendi(secret, pgp_csum(secret, 0));
1043     makeski(secret, pass, remail);
1044     buf_cat(subkey, secret);
1045    
1046     buf_set(p, userid);
1047     pgp_packet(p, PGP_USERID);
1048     buf_cat(skey, p);
1049    
1050     pgp_packet(subkey, PGP_SECSUBKEY);
1051     buf_cat(skey, subkey);
1052    
1053     if (secring == NULL)
1054     secring = PGPREMSECRING;
1055     keydb = pgpdb_open(secring, remail == 2 ? pass : NULL, 1);
1056     if (keydb == NULL) {
1057     err = -1;
1058     goto end;
1059     }
1060     if (keydb->filetype == -1)
1061     keydb->filetype = 0;
1062     pgpdb_append(keydb, skey);
1063     pgpdb_close(keydb);
1064    
1065     if (pubring != NULL) {
1066     pgp_makepubkey(skey, NULL, pkey, pass, 0);
1067     keydb = pgpdb_open(pubring, NULL, 1);
1068     if (keydb == NULL)
1069     goto end;
1070     if (keydb->filetype == -1)
1071     keydb->filetype = ARMORED;
1072     pgpdb_append(keydb, pkey);
1073     pgpdb_close(keydb);
1074     }
1075     end:
1076     buf_free(pkey);
1077     buf_free(skey);
1078     buf_free(subkey);
1079     buf_free(iv);
1080     buf_free(dk);
1081     buf_free(p);
1082     buf_free(sig);
1083     buf_free(secret);
1084     return (err);
1085     }
1086    
1087     int pgp_dsasign(BUFFER *data, BUFFER *key, BUFFER *out)
1088     {
1089     BUFFER *mpi, *b;
1090     DSA *d;
1091     DSA_SIG *sig = NULL;
1092    
1093     d = DSA_new();
1094     b = buf_new();
1095     mpi = buf_new();
1096     mpi_get(key, mpi);
1097     d->p = BN_bin2bn(mpi->data, mpi->length, NULL);
1098     mpi_get(key, mpi);
1099     d->q = BN_bin2bn(mpi->data, mpi->length, NULL);
1100     mpi_get(key, mpi);
1101     d->g = BN_bin2bn(mpi->data, mpi->length, NULL);
1102     mpi_get(key, mpi);
1103     d->pub_key = BN_bin2bn(mpi->data, mpi->length, NULL);
1104     if (mpi_get(key, mpi) == -1) {
1105     goto end;
1106     }
1107     d->priv_key = BN_bin2bn(mpi->data, mpi->length, NULL);
1108    
1109     sig = DSA_do_sign(data->data, data->length, d);
1110     if (sig) {
1111     buf_prepare(b, BN_num_bytes(sig->r));
1112     b->length = BN_bn2bin(sig->r, b->data);
1113     mpi_put(out, b);
1114     b->length = BN_bn2bin(sig->s, b->data);
1115     mpi_put(out, b);
1116     }
1117     end:
1118     buf_free(mpi);
1119     buf_free(b);
1120     DSA_SIG_free(sig);
1121     DSA_free(d);
1122     return(sig ? 0 : -1);
1123     }
1124    
1125     int pgp_dosign(int algo, BUFFER *data, BUFFER *key)
1126     {
1127     int err;
1128     BUFFER *out, *r, *s;
1129    
1130     out = buf_new();
1131     r = buf_new();
1132     s = buf_new();
1133     switch (algo) {
1134     #ifdef USE_RSA
1135     case PGP_ES_RSA:
1136     err = pgp_rsa(data, key, PK_SIGN);
1137     if (err == 0)
1138     mpi_put(out, data);
1139     break;
1140     #endif
1141     case PGP_S_DSA:
1142     err = pgp_dsasign(data, key, out);
1143     break;
1144     default:
1145     errlog(NOTICE, "Unknown encryption algorithm!\n");
1146     return (-1);
1147     }
1148     if (err == -1)
1149     errlog(ERRORMSG, "Signing operation failed!\n");
1150    
1151     buf_move(data, out);
1152     buf_free(out);
1153     buf_free(r);
1154     buf_free(s);
1155     return (err);
1156     }
1157    
1158     int pgp_elgdecrypt(BUFFER *in, BUFFER *key)
1159     {
1160 weaselp 120 BIGNUM *a = NULL, *b = NULL, *c = NULL,
1161     *p = NULL, *g = NULL, *x = NULL;
1162 rabbi 1 BN_CTX *ctx;
1163     BUFFER *i;
1164     int err = -1;
1165    
1166     i = buf_new();
1167     ctx = BN_CTX_new();
1168     if (ctx == NULL) goto end;
1169     mpi_get(key, i);
1170     p = BN_bin2bn(i->data, i->length, NULL);
1171     mpi_get(key, i);
1172     g = BN_bin2bn(i->data, i->length, NULL);
1173     mpi_get(key, i); /* y */
1174     mpi_get(key, i);
1175     x = BN_bin2bn(i->data, i->length, NULL);
1176     mpi_get(in, i);
1177     a = BN_bin2bn(i->data, i->length, NULL);
1178     if (mpi_get(in, i) == -1)
1179     goto e1;
1180     b = BN_bin2bn(i->data, i->length, NULL);
1181     c = BN_new();
1182    
1183     if (BN_mod_exp(c, a, x, p, ctx) == 0) goto end;
1184     if (BN_mod_inverse(a, c, p, ctx) == 0) goto end;
1185     if (BN_mod_mul(c, a, b, p, ctx) == 0) goto end;
1186    
1187     buf_prepare(i, BN_num_bytes(c));
1188     i->length = BN_bn2bin(c, i->data);
1189    
1190     buf_prepare(in, BN_num_bytes(c));
1191     in->length = RSA_padding_check_PKCS1_type_2(in->data, in->length, i->data,
1192     i->length, i->length + 1);
1193     if (in->length <= 0)
1194     in->length = 0;
1195     else
1196     err = 0;
1197    
1198     end:
1199     BN_free(b);
1200     BN_free(c);
1201     e1:
1202     buf_free(i);
1203     BN_free(a);
1204     BN_free(p);
1205     BN_free(g);
1206     BN_clear_free(x);
1207     BN_CTX_free(ctx);
1208    
1209     return (err);
1210     }
1211    
1212     int pgp_elgencrypt(BUFFER *in, BUFFER *key)
1213     {
1214 weaselp 120 BIGNUM *m, *k, *a, *b, *c, *p, *g, *y = NULL;
1215 rabbi 1 BN_CTX *ctx;
1216     BUFFER *i;
1217     int err = -1;
1218    
1219     i = buf_new();
1220     ctx = BN_CTX_new();
1221     if (ctx == NULL) goto end;
1222     mpi_get(key, i);
1223     p = BN_bin2bn(i->data, i->length, NULL);
1224     mpi_get(key, i);
1225     g = BN_bin2bn(i->data, i->length, NULL);
1226     if (mpi_get(key, i) == -1)
1227     goto e1;
1228     y = BN_bin2bn(i->data, i->length, NULL);
1229    
1230     buf_prepare(i, BN_num_bytes(p));
1231     if (RSA_padding_add_PKCS1_type_2(i->data, i->length, in->data, in->length)
1232     != 1)
1233     goto end;
1234     m = BN_bin2bn(i->data, i->length, NULL);
1235    
1236     k = BN_new();
1237     BN_rand(k, BN_num_bits(p), 0, 0);
1238    
1239     a = BN_new();
1240     b = BN_new();
1241     c = BN_new();
1242    
1243     if (BN_mod_exp(a, g, k, p, ctx) == 0) goto end;
1244     if (BN_mod_exp(c, y, k, p, ctx) == 0) goto end;
1245     if (BN_mod_mul(b, m, c, p, ctx) == 0) goto end;
1246    
1247     buf_clear(in);
1248     i->length = BN_bn2bin(a, i->data);
1249     mpi_put(in, i);
1250     i->length = BN_bn2bin(b, i->data);
1251     mpi_put(in, i);
1252    
1253     err = 0;
1254    
1255     BN_free(a);
1256     BN_free(b);
1257     BN_free(c);
1258     BN_free(m);
1259     e1:
1260     buf_free(i);
1261     BN_free(p);
1262     BN_free(g);
1263     BN_free(y);
1264     BN_CTX_free(ctx);
1265     end:
1266    
1267     return (err);
1268     }
1269    
1270     #endif /* USE_PGP */
  ViewVC Help
Powered by ViewVC 1.1.5