/[pkg-mixmaster]/trunk/Mix/Src/pgpdata.c
ViewVC logotype

Contents of /trunk/Mix/Src/pgpdata.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 505 - (show annotations) (download)
Sat May 3 10:55:49 2003 UTC (10 years ago) by weaselp
File MIME type: text/plain
File size: 36989 byte(s) 
until we can handle the case where our pgp keys expire, don't create keys that expire
1 /* Mixmaster version 3 -- (C) 1999 Anonymizer Inc.
2
3 Mixmaster may be redistributed and modified under certain conditions.
4 This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF
5 ANY KIND, either express or implied. See the file COPYRIGHT for
6 details.
7
8 OpenPGP data
9 $Id: pgpdata.c,v 1.28 2003/05/03 10:55:49 weaselp Exp $ */
10
11
12 #include "mix3.h"
13 #ifdef USE_PGP
14 #include "pgp.h"
15 #include "crypto.h"
16 #include <assert.h>
17 #include <time.h>
18 #include <string.h>
19
20 int pgp_keylen(int symalgo)
21 {
22 switch (symalgo) {
23 #ifdef USE_AES
24 case PGP_K_AES256:
25 return (32);
26 case PGP_K_AES192:
27 return (24);
28 case PGP_K_AES128:
29 #endif /* USE_AES */
30 case PGP_K_IDEA:
31 case PGP_K_CAST5:
32 case PGP_K_BF:
33 return (16);
34 case PGP_K_3DES:
35 return (24);
36 default:
37 return (0);
38 }
39 }
40
41 int pgp_blocklen(int symalgo)
42 {
43 switch (symalgo) {
44 #ifdef USE_AES
45 case PGP_K_AES256:
46 case PGP_K_AES192:
47 case PGP_K_AES128:
48 return (16);
49 #endif /* USE_AES */
50 case PGP_K_IDEA:
51 case PGP_K_CAST5:
52 case PGP_K_BF:
53 case PGP_K_3DES:
54 return (8);
55 default:
56 return (16);
57 }
58 }
59
60 int mpi_get(BUFFER *b, BUFFER *mpi)
61 {
62 int l;
63
64 l = buf_geti(b);
65 buf_clear(mpi);
66
67 if (l <= 0 || b->ptr + (l + 7) / 8 > b->length)
68 return (-1);
69 buf_get(b, mpi, (l + 7) / 8);
70 return (l);
71 }
72
73
74 int mpi_bitcount(BUFFER *mpi)
75 {
76 int i, l;
77 while (!mpi->data[0] && mpi->length) /* remove leading zeros from mpi */
78 memmove(mpi->data, mpi->data+1, --mpi->length);
79 l = mpi->length * 8;
80 for (i = 7; i >= 0; i--)
81 if (((mpi->data[0] >> i) & 1) == 1) {
82 l -= 7 - i;
83 break;
84 }
85 return l;
86 }
87
88 int mpi_put(BUFFER *b, BUFFER *mpi)
89 {
90 buf_appendi(b, mpi_bitcount(mpi));
91 buf_cat(b, mpi);
92 return (0);
93 }
94
95 int skcrypt(BUFFER *data, int skalgo, BUFFER *key, BUFFER *iv, int enc)
96 {
97 switch (skalgo) {
98 case 0:
99 return (0);
100 #ifdef USE_IDEA
101 case PGP_K_IDEA:
102 return (buf_ideacrypt(data, key, iv, enc));
103 #endif /* USE_IDEA */
104 #ifdef USE_AES
105 case PGP_K_AES128:
106 case PGP_K_AES192:
107 case PGP_K_AES256:
108 return (buf_aescrypt(data, key, iv, enc));
109 #endif /* USE_AES */
110 case PGP_K_3DES:
111 return (buf_3descrypt(data, key, iv, enc));
112 case PGP_K_BF:
113 return (buf_bfcrypt(data, key, iv, enc));
114 case PGP_K_CAST5:
115 return (buf_castcrypt(data, key, iv, enc));
116 default:
117 return (-1);
118 }
119 }
120
121 int pgp_csum(BUFFER *key, int start)
122 {
123 int i, csum = 0;
124 for (i = start; i < key->length; i++)
125 csum = (csum + key->data[i]) % 65536;
126 return (csum);
127 }
128
129 #ifdef USE_RSA
130 int pgp_rsa(BUFFER *in, BUFFER *k, int mode)
131 {
132 BUFFER *mpi, *out;
133 int err = -1;
134 RSA *key;
135
136 assert(mode == PK_ENCRYPT || mode == PK_VERIFY || mode == PK_DECRYPT
137 || mode == PK_SIGN);
138 key = RSA_new();
139 out = buf_new();
140 mpi = buf_new();
141
142 mpi_get(k, mpi);
143 key->n = BN_bin2bn(mpi->data, mpi->length, NULL);
144
145 if (mpi_get(k, mpi) < 0)
146 goto end;
147 key->e = BN_bin2bn(mpi->data, mpi->length, NULL);
148
149 if (mode == PK_DECRYPT || mode == PK_SIGN) {
150 if (mpi_get(k, mpi) < 0)
151 goto end;
152 key->d = BN_bin2bn(mpi->data, mpi->length, NULL);
153
154 #if 1
155 /* compute auxiluary parameters */
156 mpi_get(k, mpi); /* PGP'p is SSLeay's q */
157 key->q = BN_bin2bn(mpi->data, mpi->length, NULL);
158
159 mpi_get(k, mpi);
160 key->p = BN_bin2bn(mpi->data, mpi->length, NULL);
161
162 if (mpi_get(k, mpi) < 0)
163 goto end;
164 key->iqmp = BN_bin2bn(mpi->data, mpi->length, NULL);
165
166 {
167 BIGNUM *i;
168 BN_CTX *ctx;
169
170 ctx = BN_CTX_new();
171 i = BN_new();
172 key->dmp1 = BN_new();
173 key->dmq1 = BN_new();
174
175 BN_sub(i, key->p, BN_value_one());
176 BN_mod(key->dmp1, key->d, i, ctx);
177
178 BN_sub(i, key->q, BN_value_one());
179 BN_mod(key->dmq1, key->d, i, ctx);
180
181 BN_free(i);
182 }
183 #endif /* 1 */
184 }
185 buf_prepare(out, RSA_size(key));
186
187 switch (mode) {
188 case PK_ENCRYPT:
189 out->length = RSA_public_encrypt(in->length, in->data, out->data, key,
190 RSA_PKCS1_PADDING);
191 break;
192 case PK_VERIFY:
193 out->length = RSA_public_decrypt(in->length, in->data, out->data, key,
194 RSA_PKCS1_PADDING);
195 break;
196 case PK_SIGN:
197 out->length = RSA_private_encrypt(in->length, in->data, out->data, key,
198 RSA_PKCS1_PADDING);
199 break;
200 case PK_DECRYPT:
201 out->length = RSA_private_decrypt(in->length, in->data, out->data, key,
202 RSA_PKCS1_PADDING);
203 break;
204 }
205 if (out->length == -1)
206 err = -1, out->length = 0;
207 else
208 err = 0;
209
210 buf_move(in, out);
211 end:
212 RSA_free(key);
213 buf_free(out);
214 buf_free(mpi);
215 return (err);
216 }
217 #endif /* USE_RSA */
218
219 /* Contrary to RFC 2440, old PGP versions use this for clearsign only.
220 * If the text is included in the OpenPGP message, the application will
221 * typically provide the text in the proper format (whatever that is);
222 * we use "canonic" format so everybody will be able to read our messages.
223 * In clearsigned messages, trailing whitespace is always ignored.
224 * Detached signatures are the problematic case. For PGP/MIME, we always
225 * escape trailing whitespace as quoted-printable.
226 */
227 void pgp_sigcanonic(BUFFER *msg)
228 {
229 BUFFER *line, *out;
230
231 out = buf_new();
232 line = buf_new();
233
234 while (buf_getline(msg, line) != -1) {
235 while (line->length > 0 && (line->data[line->length - 1] == ' '
236 #if 0
237 || line->data[line->length - 1] == '\t'
238 #endif /* 0 */
239 ))
240 line->length--;
241 line->data[line->length] = '\0';
242 buf_cat(out, line);
243 buf_appends(out, "\r\n");
244 }
245 buf_move(msg, out);
246 buf_free(out);
247 buf_free(line);
248 }
249
250 static void mpi_bnput(BUFFER *o, BIGNUM *i)
251 {
252 BUFFER *b;
253
254 b = buf_new();
255 buf_prepare(b, BN_num_bytes(i));
256 b->length = BN_bn2bin(i, b->data);
257 mpi_put(o, b);
258 buf_free(b);
259 }
260
261 static void mpi_bnputenc(BUFFER *o, BIGNUM *i, int ska, BUFFER *key,
262 BUFFER *iv)
263 {
264 BUFFER *b;
265 int ivlen = iv->length;
266
267 b = buf_new();
268 buf_prepare(b, BN_num_bytes(i));
269 b->length = BN_bn2bin(i, b->data);
270 buf_appendi(o, mpi_bitcount(b));
271 if (key && key->length) {
272 skcrypt(b, ska, key, iv, ENCRYPT);
273 buf_clear(iv);
274 buf_append(iv, b->data+b->length-ivlen, ivlen);
275 }
276 buf_cat(o, b);
277 buf_free(b);
278 }
279
280 static int getski(BUFFER *p, BUFFER *pass, BUFFER *key, BUFFER *iv)
281 {
282 int skalgo;
283 BUFFER *salt, *temp;
284
285 if (!pass)
286 return(-1);
287
288 salt = buf_new();
289 temp = buf_new();
290
291 skalgo = buf_getc(p);
292 switch (skalgo) {
293 case 0:
294 /* none */
295 goto end;
296 case 255:
297 /* S2K specifier */
298 skalgo = pgp_getsk(p, pass, key);
299 break;
300 default:
301 /* simple */
302 digest_md5(pass, key);
303 break;
304 }
305
306 buf_get(p, iv, pgp_blocklen(skalgo));
307
308 end:
309 buf_free(salt);
310 buf_free(temp);
311 return (skalgo);
312 }
313
314 static void makeski(BUFFER *secret, BUFFER *pass, int remail)
315 {
316 BUFFER *out, *key, *iv;
317 out = buf_new();
318 key = buf_new();
319 iv = buf_new();
320 if (pass == NULL || pass->length == 0 || remail == 2) {
321 buf_appendc(out, 0);
322 buf_cat(out, secret);
323 } else {
324 buf_appendc(out, 255);
325 pgp_makesk(out, key, PGP_K_CAST5, 3, PGP_H_SHA1, pass);
326 buf_setrnd(iv, pgp_blocklen(PGP_K_CAST5));
327 buf_cat(out, iv);
328 skcrypt(secret, PGP_K_CAST5, key, iv, 1);
329 buf_cat(out, secret);
330 }
331 buf_move(secret, out);
332 buf_free(out);
333 buf_free(key);
334 buf_free(iv);
335 }
336
337 int pgp_nummpi(int algo)
338 {
339 switch (algo) {
340 case PGP_ES_RSA:
341 return (2);
342 case PGP_S_DSA:
343 return (4);
344 case PGP_E_ELG:
345 return (3);
346 default:
347 return (0);
348 }
349 }
350
351 int pgp_numsecmpi(int algo)
352 {
353 switch (algo) {
354 case PGP_ES_RSA:
355 return (4);
356 case PGP_S_DSA:
357 return (1);
358 case PGP_E_ELG:
359 return (1);
360 default:
361 return (0);
362 }
363 }
364
365 /* store key's ID in keyid */
366 int pgp_keyid(BUFFER *key, BUFFER *keyid)
367 {
368 BUFFER *i, *k;
369 int version, algo, j, ptr;
370
371 i = buf_new();
372 k = buf_new();
373
374 ptr = key->ptr;
375 key->ptr = 0;
376 switch (version = buf_getc(key)) {
377 case 2:
378 case 3:
379 buf_getl(key);
380 buf_geti(key);
381 buf_getc(key);
382 mpi_get(key, i);
383 break;
384 case 4:
385 buf_appendc(k, version);
386 buf_appendl(k, buf_getl(key));
387 algo = buf_getc(key);
388 buf_appendc(k, algo);
389 if (pgp_nummpi(algo) == 0)
390 buf_rest(k, key); /* works for public keys only */
391 else
392 for (j = 0; j < pgp_nummpi(algo); j++) {
393 mpi_get(key, i);
394 mpi_put(k, i);
395 }
396 buf_clear(i);
397 buf_appendc(i, 0x99);
398 buf_appendi(i, k->length);
399 buf_cat(i, k);
400 digest_sha1(i, i);
401 break;
402 }
403 buf_clear(keyid);
404 buf_append(keyid, i->data + i->length - 8, 8);
405 buf_free(i);
406 buf_free(k);
407 key->ptr = ptr;
408 return(0);
409 }
410
411 static int pgp_iskeyid(BUFFER *key, BUFFER *keyid)
412 {
413 BUFFER *thisid;
414 int ret;
415
416 thisid = buf_new();
417 pgp_keyid(key, thisid);
418 ret = buf_eq(keyid, thisid);
419 buf_free(thisid);
420 return(ret);
421 }
422
423 static int pgp_get_sig_subpacket(BUFFER * p1, BUFFER *out)
424 {
425 int suptype, len = buf_getc(p1);
426 if (len > 192 && len < 255)
427 len = (len - 192) * 256 + buf_getc(p1) + 192;
428 else if (len == 255)
429 len = buf_getl(p1);
430 suptype = buf_getc(p1);
431 if (len)
432 buf_get(p1, out, len-1); /* len-1 - exclude type */
433 else
434 buf_clear(out);
435 return suptype;
436 }
437
438 typedef struct _UIDD {
439 struct _UIDD * next;
440 long created, expires;
441 int revoked, sym, mdc, uid, primary;
442 BUFFER *uidstr;
443 } UIDD;
444
445 static UIDD * new_uidd_c(UIDD *uidd_c, int uidno)
446 {
447 UIDD * tmp;
448
449 if (!uidd_c || uidd_c->uid < uidno) {
450 tmp = (UIDD *)malloc(sizeof(UIDD));
451 if (!tmp)
452 return uidd_c;
453 if (uidd_c) {
454 uidd_c->next = tmp;
455 uidd_c = uidd_c->next;
456 } else
457 uidd_c = tmp;
458 if (uidd_c) {
459 memset(uidd_c, 0, sizeof(UIDD));
460 uidd_c->uid = uidno;
461 }
462 }
463 return uidd_c;
464 }
465
466 int pgp_getkey(int mode, int algo, int *psym, int *pmdc, long *pexpires, BUFFER *keypacket, BUFFER *key,
467 BUFFER *keyid, BUFFER *userid, BUFFER *pass)
468 /* IN: mode - PK_SIGN, PK_VERIFY, PK_DECRYPT, PK_ENCRYPT
469 * algo - PGP_ANY, PGP_ES_RSA, PGP_E_ELG, PGP_S_DSA
470 * psym - reyested sym PGP_K_ANY, PGP_K_IDEA, PGP_K_3DES, ... or NULL
471 * pass - passprase or NULL
472 * keypacket - key, with key uid sig subkey packets, possibly encrypted
473 * keyid - reyested (sub)keyid or empty buffer or NULL
474 * OUT: psym - found sym algo (or NULL)
475 * pmdc - found mdc flag (or NULL)
476 * key - found key, only key packet, decrypted
477 * may be the same buffer as keypacket (or NULL)
478 * keyid - found (sub)keyid (or NULL)
479 * userid - found userid (or NULL)
480 * pexpires - expiry time, or 0 if don't expire (or NULL)
481 */
482 {
483 int tempbuf = 0, dummykey = 0;
484 int keytype = -1, type, j;
485 int thisalgo = 0, version, skalgo;
486 int needsym = 0, symfound = 0, mdcfound = 0;
487 BUFFER *p1, *iv, *sk, *i, *thiskeyid, *mainkeyid;
488 int ivlen;
489 int csstart;
490 long now = time(NULL);
491 long created = 0, expires = 0, subexpires = 0;
492 int uidno = 0, primary = 0, subkeyno = 0, subkeyok = 0;
493 UIDD * uidd_1 = NULL, * uidd_c = NULL;
494
495 p1 = buf_new();
496 i = buf_new();
497 iv = buf_new();
498 sk = buf_new();
499 thiskeyid = buf_new();
500 mainkeyid = buf_new();
501 if (psym)
502 needsym = *psym;
503 if (keypacket == key) {
504 key = buf_new();
505 tempbuf = 1;
506 }
507 if (! key) {
508 key = buf_new();
509 dummykey = 1;
510 };
511 if (userid)
512 buf_clear(userid);
513
514 while ((type = pgp_getpacket(keypacket, p1)) > 0) {
515 switch (type) {
516 case PGP_SIG:
517 {
518 /* it is assumed that only valid keys have been imported */
519 long a;
520 int self = 0, certexpires = 0, suptype;
521 int sigtype = 0, sigver = buf_getc(p1);
522 created = 0, expires = 0, primary = 0;
523 if (sigver == 4) {
524 sigtype = buf_getc(p1);
525 if (isPGP_SIG_CERT(sigtype) || sigtype == PGP_SIG_BINDSUBKEY || sigtype == PGP_SIG_CERTREVOKE) {
526 int revoked = (sigtype == PGP_SIG_CERTREVOKE), sym = PGP_K_3DES, mdc = 0;
527 buf_getc(p1); /* pk algo */
528 buf_getc(p1); /* hash algo */
529 j = buf_geti(p1); /* length of hashed signature subpackets */
530 j += p1->ptr;
531 while (p1->ptr < j) {
532 suptype = pgp_get_sig_subpacket(p1, i);
533 switch (suptype & 0x7F) {
534 case PGP_SUB_PSYMMETRIC:
535 while ((a = buf_getc(i)) != -1)
536 if ((a == PGP_K_3DES || a == PGP_K_CAST5 || a == PGP_K_BF
537 #ifdef USE_IDEA
538 || a == PGP_K_IDEA
539 #endif /* USE_IDEA */
540 #ifdef USE_AES
541 || a == PGP_K_AES128 || a == PGP_K_AES192 || a == PGP_K_AES256
542 #endif /* USE_AES */
543 ) && (a == needsym || needsym == PGP_K_ANY)) {
544 sym = a;
545 break; /* while ((a = buf_getc(i)) != -1) */
546 } /* if ((a == PGP_K_3DES)... */
547 break;
548 case PGP_SUB_FEATURES:
549 if ((a = buf_getc(i)) != -1)
550 if (a & 0x01)
551 mdc = 1;
552 break;
553 case PGP_SUB_CREATIME:
554 if ((a = buf_getl(i)) != -1)
555 created = a;
556 break;
557 case PGP_SUB_KEYEXPIRETIME:
558 if ((a = buf_getl(i)) != -1)
559 expires = a;
560 break;
561 case PGP_SUB_CERTEXPIRETIME:
562 if ((a = buf_getl(i)) != -1)
563 certexpires = a;
564 break;
565 case PGP_SUB_ISSUER: /* ISSUER normaly is in unhashed data, but check anyway */
566 if (i->length == 8)
567 self = buf_eq(i, mainkeyid);
568 break;
569 case PGP_SUB_PRIMARY:
570 if ((a = buf_getl(i)) != -1)
571 primary = a;
572 break;
573 default:
574 if (suptype & 0x80) {
575 ; /* "critical" bit set! now what? */
576 }
577 } /* switch (suptype) */
578 } /* while (p1->ptr < j) */
579 if (p1->ptr == j) {
580 j = buf_geti(p1); /* length of unhashed signature subpackets */
581 j += p1->ptr;
582 while (p1->ptr < j) {
583 suptype = pgp_get_sig_subpacket(p1, i);
584 if (suptype == PGP_SUB_ISSUER) {
585 if (i->length == 8)
586 self = buf_eq(i, mainkeyid);
587 } /* if (suptype == PGP_SUB_ISSUER) */
588 } /* while (p1->ptr < j) #2 */
589 } /* if (p1->ptr == j) */
590 if (p1->ptr != j) /* sig damaged ? */
591 break; /* switch (type) */
592 if (self) {
593 if (certexpires)
594 certexpires = ((created + certexpires < now) || (created + certexpires < 0));
595 if ((isPGP_SIG_CERT(sigtype) && !certexpires) || sigtype == PGP_SIG_CERTREVOKE) {
596 uidd_c = new_uidd_c(uidd_c, uidno);
597 if (!uidd_1)
598 uidd_1 = uidd_c;
599 if (uidd_c && uidd_c->uid == uidno) {
600 if (uidd_c->created <= created) {
601 /* if there is several selfsigs on that uid, find the newest one */
602 uidd_c->created = created;
603 uidd_c->expires = expires;
604 uidd_c->revoked = revoked;
605 uidd_c->primary = primary;
606 uidd_c->sym = sym;
607 uidd_c->mdc = mdc;
608 }
609 }
610 } /* if ((isPGP_SIG_CERT(sigtype) && !certexpires) || sigtype == PGP_SIG_CERTREVOKE) */
611 else if (sigtype == PGP_SIG_BINDSUBKEY) {
612 if (!subkeyok) {
613 subexpires = expires ? created + expires : 0;
614 if (expires && ((created + expires < now) || (created + expires < 0))) {
615 if (mode == PK_ENCRYPT) { /* allow decrypt with expired subkeys, but not encrypt */
616 keytype = -1;
617 }
618 }
619 if (keytype != -1)
620 subkeyok = subkeyno;
621 }
622 } /* if (sigtype == PGP_SIG_BINDSUBKEY) */
623 } /* if (self) */
624 } /* if (isPGP_SIG_CERT(sigtype) || sigtype == PGP_SIG_BINDSUBKEY || sigtype == PGP_SIG_CERTREVOKE) */
625 } /* if (sigver == 4) */
626 else if (sigver == 2 || sigver == 3) {
627 buf_getc(p1); /* One-octet length of following hashed material. MUST be 5 */
628 sigtype = buf_getc(p1);
629 } /* if (sigver == 2 || sigver == 3) */
630 if (sigtype == PGP_SIG_KEYREVOKE) {
631 /* revocation can be either v3 or v4. if v4 we could check issuer, but we don't do it... */
632 if (mode == PK_SIGN || mode == PK_ENCRYPT) { /* allow verify and decrypt with revokeded keys, but not sign and encrypt */
633 keytype = -1;
634 }
635 } /* if (sigtype == PGP_SIG_KEYREVOKE) */
636 else if (sigtype == PGP_SIG_SUBKEYREVOKE) {
637 if (!subkeyok || subkeyok == subkeyno)
638 if (mode == PK_ENCRYPT) { /* allow decrypt with revokeded subkeys, but not encrypt */
639 keytype = -1;
640 }
641 } /* if (sigtype == PGP_SIG_SUBKEYREVOKE) */
642 break; /* switch (type) */
643 } /* case PGP_SIG: */
644 case PGP_USERID:
645 uidno++;
646 uidd_c = new_uidd_c(uidd_c, uidno);
647 if (!uidd_1)
648 uidd_1 = uidd_c;
649 if (uidd_c && uidd_c->uid == uidno) {
650 uidd_c->uidstr = buf_new();
651 buf_set(uidd_c->uidstr, p1);
652 }
653 if (userid)
654 buf_move(userid, p1);
655 break;
656 case PGP_PUBSUBKEY:
657 case PGP_SECSUBKEY:
658 subkeyno++;
659 if (keytype != -1 && subkeyno > 1) {
660 /* usable subkey already found, don't bother to check other */
661 continue;
662 }
663 if (keytype != -1 && (mode == PK_SIGN || mode == PK_VERIFY))
664 continue;
665 case PGP_PUBKEY:
666 if ((type == PGP_PUBKEY || type == PGP_PUBSUBKEY) &&
667 (mode == PK_DECRYPT || mode == PK_SIGN))
668 continue;
669 case PGP_SECKEY:
670 if (type == PGP_PUBKEY || type == PGP_SECKEY)
671 pgp_keyid(p1, mainkeyid);
672 keytype = type;
673 version = buf_getc(p1);
674 switch (version) {
675 case 2:
676 case 3:
677 created = buf_getl(p1); /* created */
678 expires = buf_geti(p1) * (24*60*60); /* valid */
679 if (uidno == 0) {
680 uidd_c = new_uidd_c(uidd_c, uidno);
681 if (!uidd_1)
682 uidd_1 = uidd_c;
683 if (uidd_c && uidd_c->uid == uidno) {
684 uidd_c->created = created;
685 uidd_c->expires = expires;
686 uidd_c->sym = PGP_K_IDEA;
687 }
688 }
689 thisalgo = buf_getc(p1);
690 if (thisalgo != PGP_ES_RSA) {
691 keytype = -1;
692 goto end;
693 }
694 symfound = PGP_K_IDEA;
695 mdcfound = 0;
696 break;
697 case 4:
698 buf_appendc(key, version);
699 buf_appendl(key, buf_getl(p1));
700 thisalgo = buf_getc(p1);
701 buf_appendc(key, thisalgo);
702 if (symfound == 0)
703 symfound = PGP_K_3DES; /* default algorithm */
704 break;
705 default:
706 keytype = -1;
707 goto end;
708 } /* switch (version) */
709 if (algo != PGP_ANY && thisalgo != algo) {
710 keytype = -1;
711 continue;
712 }
713 if (keyid && keyid->length && !pgp_iskeyid(p1, keyid))
714 continue;
715 pgp_keyid(p1, thiskeyid);
716 if (key) {
717 buf_clear(key);
718 for (j = 0; j < pgp_nummpi(thisalgo); j++) {
719 if (mpi_get(p1, i) == -1)
720 goto end;
721 mpi_put(key, i);
722 }
723 if (keytype == PGP_SECKEY || keytype == PGP_SECSUBKEY) {
724 csstart = key->length;
725 skalgo = getski(p1, pass, sk, iv);
726 switch (version) {
727 case 2:
728 case 3:
729 ivlen = pgp_blocklen(skalgo);
730 for (j = 0; j < pgp_numsecmpi(thisalgo); j++) {
731 unsigned char lastb[16];
732 if (mpi_get(p1, i) == -1) {
733 keytype = -1;
734 goto end;
735 }
736 assert(ivlen <= 16);
737 memcpy(lastb, i->data+i->length-ivlen, ivlen);
738 skcrypt(i, skalgo, sk, iv, DECRYPT);
739 buf_clear(iv);
740 buf_append(iv, lastb, ivlen);
741 mpi_put(key, i);
742 } /* for */
743 break; /* switch (version) */
744 case 4:
745 buf_clear(i);
746 buf_rest(i, p1);
747 skcrypt(i, skalgo, sk, iv, DECRYPT);
748 buf_move(p1, i);
749 for (j = 0; j < pgp_numsecmpi(thisalgo); j++) {
750 if (mpi_get(p1, i) == -1) {
751 keytype = PGP_PASS;
752 goto end;
753 }
754 mpi_put(key, i);
755 }
756 break;
757 } /* switch (version) */
758 if (pgp_csum(key, csstart) != buf_geti(p1)) {
759 keytype = PGP_PASS;
760 goto end;
761 }
762 }
763 } /* if (key) */
764 break; /* switch (type) */
765 default:
766 /* ignore trust packets etc */
767 break;
768 } /* switch (type) */
769 } /* while ((type = pgp_getpacket(keypacket, p1)) > 0) */
770 end:
771 if (keyid) buf_set(keyid, thiskeyid);
772 if (tempbuf) {
773 buf_move(keypacket, key);
774 buf_free(key);
775 }
776 if (dummykey) {
777 buf_free(key);
778 }
779 buf_free(p1);
780 buf_free(i);
781 buf_free(iv);
782 buf_free(sk);
783 buf_free(thiskeyid);
784 buf_free(mainkeyid);
785 #ifndef USE_RSA
786 if (thisalgo == PGP_ES_RSA)
787 keytype = -1;
788 #endif /* not USE_RSA */
789
790 if (uidd_1) {
791 primary = 0;
792 created = expires = 0;
793 while (uidd_1) {
794 /* find newest uid which is not revoked or expired */
795 if (primary <= uidd_1->primary && created <= uidd_1->created && !uidd_1->revoked) {
796 created = uidd_1->created;
797 expires = uidd_1->expires;
798 primary = uidd_1->primary;
799 symfound = uidd_1->sym;
800 mdcfound = uidd_1->mdc;
801 if (userid && uidd_1->uidstr)
802 buf_set(userid, uidd_1->uidstr);
803 }
804 uidd_c = uidd_1;
805 uidd_1 = uidd_1->next;
806 if (uidd_c->uidstr)
807 buf_free(uidd_c->uidstr);
808 free(uidd_c);
809 }
810 if (expires && ((created + expires < now) || (created + expires < 0))) {
811 if (mode == PK_SIGN || mode == PK_ENCRYPT) { /* allow verify and decrypt with expired keys, but not sign and encrypt */
812 keytype = -1;
813 }
814 }
815 } /* if (uidd_1) */
816 expires = expires ? created + expires : 0;
817 if (subexpires > 0 && expires > 0 && subexpires < expires)
818 expires = subexpires;
819 if (pexpires)
820 *pexpires = expires;
821
822 if (!subkeyok && keytype == PGP_E_ELG && (mode == PK_DECRYPT || mode == PK_ENCRYPT))
823 keytype = -1; /* no usable subkey found, one with valid binding */
824
825 if (needsym != PGP_K_ANY && needsym != symfound)
826 keytype = -1;
827 else if (psym && *psym == PGP_K_ANY)
828 *psym = symfound;
829 if (pmdc)
830 *pmdc = mdcfound;
831
832 return (keytype <= 0 ? keytype : thisalgo);
833 }
834
835 int pgp_makepkpacket(int type, BUFFER *p, BUFFER *outtxt, BUFFER *out,
836 BUFFER *key, BUFFER *pass, time_t *created)
837 {
838 BUFFER *i, *id;
839 char txt[LINELEN], algoid;
840 int version, algo, valid = 0, err = 0;
841 int len, j;
842 struct tm *tc;
843
844 i = buf_new();
845 id = buf_new();
846
847 version = buf_getc(p);
848 buf_clear(key);
849 switch (version) {
850 case 2:
851 case 3:
852 *created = buf_getl(p);
853 valid = buf_geti(p);
854 algo = buf_getc(p);
855 if (algo != PGP_ES_RSA)
856 return(-1);
857 break;
858 case 4:
859 *created = buf_getl(p);
860 algo = buf_getc(p);
861 break;
862 default:
863 return(-1);
864 }
865
866 switch (version) {
867 case 2:
868 case 3:
869 buf_appendc(key, version);
870 buf_appendl(key, *created);
871 buf_appendi(key, valid);
872 buf_appendc(key, algo);
873 break;
874 case 4:
875 buf_appendc(key, version);
876 buf_appendl(key, *created);
877 buf_appendc(key, algo);
878 break;
879 }
880
881 pgp_keyid(p, id);
882 len = mpi_get(p, i);
883 mpi_put(key, i);
884 for (j = 1; j < pgp_nummpi(algo); j++) {
885 if (mpi_get(p, i) == -1) {
886 err = -1;
887 goto end;
888 }
889 mpi_put(key, i);
890 }
891 pgp_packet(key, type);
892 buf_cat(out, key);
893
894 if (outtxt != NULL) {
895 switch(algo) {
896 case PGP_ES_RSA:
897 algoid = 'R';
898 break;
899 case PGP_S_DSA:
900 algoid = 'D';
901 break;
902 case PGP_E_ELG:
903 algoid = 'g';
904 break;
905 default:
906 algoid = '?';
907 }
908 buf_appendf(outtxt, "%s %5d%c/%02X%02X%02X%02X ",
909 type == PGP_PUBSUBKEY ? "sub" :
910 type == PGP_PUBKEY ? "pub" :
911 type == PGP_SECKEY ? "sec" :
912 type == PGP_SECSUBKEY ? "ssb" :
913 "???", len, algoid,
914 id->data[4], id->data[5], id->data[6], id->data[7]);
915 tc = localtime(created);
916 strftime(txt, LINELEN, "%Y-%m-%d ", tc);
917 buf_appends(outtxt, txt);
918 }
919 end:
920 buf_free(i);
921 buf_free(id);
922 return(err == 0 ? algo : err);
923 }
924
925 int pgp_makepubkey(BUFFER *keypacket, BUFFER *outtxt, BUFFER *out,
926 BUFFER *pass, int keyalgo)
927 {
928 BUFFER *p, *pubkey, *seckey, *subkey, *sig, *tmp;
929 int err = -1, type, thisalgo;
930 time_t created;
931
932 p = buf_new();
933 seckey = buf_new();
934 pubkey = buf_new();
935 subkey = buf_new();
936 sig = buf_new();
937 tmp = buf_new();
938
939 buf_set(seckey, keypacket);
940 type = pgp_getpacket(keypacket, p);
941 if (type != PGP_SECKEY)
942 goto end;
943
944 thisalgo = pgp_makepkpacket(PGP_PUBKEY, p, outtxt, tmp, pubkey, pass,
945 &created);
946 if (thisalgo == -1 || (keyalgo != 0 && keyalgo != thisalgo))
947 goto end;
948 buf_cat(out, tmp);
949
950 while ((type = pgp_getpacket(keypacket, p)) > 0) {
951 if (type == PGP_SECSUBKEY) {
952 if (pgp_makepkpacket(PGP_PUBSUBKEY, p, outtxt, out, subkey, pass,
953 &created) == -1)
954 goto end;
955 if (pgp_sign(pubkey, subkey, sig, NULL, pass, PGP_SIG_BINDSUBKEY, 0,
956 created, 0, seckey, NULL) != -1)
957 buf_cat(out, sig);
958 if (outtxt)
959 buf_nl(outtxt);
960 } else if (type == PGP_USERID) {
961 if (outtxt != NULL) {
962 buf_cat(outtxt, p);
963 buf_nl(outtxt);
964 }
965 pgp_packet(p, PGP_USERID);
966 err = pgp_sign(pubkey, p, sig, NULL, pass, PGP_SIG_CERT, 1, created, 0,
967 seckey, NULL); /* maybe PGP_SIG_CERT3 ? */
968 buf_cat(out, p);
969 if (err == 0)
970 buf_cat(out, sig);
971 } else if (type == PGP_PUBKEY || type == PGP_SECKEY)
972 break;
973 }
974 end:
975 buf_free(pubkey);
976 buf_free(seckey);
977 buf_free(subkey);
978 buf_free(sig);
979 buf_free(p);
980 buf_free(tmp);
981 return (err);
982 }
983
984 int pgp_makekeyheader(int type, BUFFER *keypacket, BUFFER *outtxt,
985 BUFFER *pass, int keyalgo)
986 {
987 BUFFER *p, *pubkey, *seckey, *subkey, *sig, *tmp, *dummy;
988 int thisalgo, err = -1;
989 time_t created;
990
991 assert(type == PGP_SECKEY || type == PGP_PUBKEY);
992
993 p = buf_new();
994 seckey = buf_new();
995 pubkey = buf_new();
996 subkey = buf_new();
997 sig = buf_new();
998 tmp = buf_new();
999 dummy = buf_new();
1000
1001 buf_set(seckey, keypacket);
1002 if (type != pgp_getpacket(keypacket, p))
1003 goto end;
1004
1005 thisalgo = pgp_makepkpacket(type, p, outtxt, tmp, pubkey, pass,
1006 &created);
1007 if (thisalgo == -1 || (keyalgo != 0 && keyalgo != thisalgo))
1008 goto end;
1009
1010 while ((type = pgp_getpacket(keypacket, p)) > 0) {
1011 if (type == PGP_SECSUBKEY || type == PGP_PUBSUBKEY) {
1012 if (pgp_makepkpacket(type, p, outtxt, dummy, subkey, pass,
1013 &created) == -1)
1014 goto end;
1015 buf_nl(outtxt);
1016 } else if (type == PGP_USERID) {
1017 buf_cat(outtxt, p);
1018 buf_nl(outtxt);
1019 pgp_packet(p, PGP_USERID);
1020 } else if (type == PGP_PUBKEY || type == PGP_SECKEY)
1021 break;
1022 }
1023 err = 0;
1024 end:
1025 buf_free(pubkey);
1026 buf_free(seckey);
1027 buf_free(subkey);
1028 buf_free(sig);
1029 buf_free(p);
1030 buf_free(dummy);
1031 buf_free(tmp);
1032 return (err);
1033 }
1034
1035 #ifdef USE_RSA
1036 int pgp_rsakeygen(int bits, BUFFER *userid, BUFFER *pass, char *pubring,
1037 char *secring, int remail)
1038 /* remail==2: encrypt the secring */
1039 {
1040 RSA *k;
1041 KEYRING *keydb;
1042 BUFFER *pkey, *skey;
1043 BUFFER *dk, *sig, *iv, *p;
1044 long now;
1045 int skalgo = 0;
1046 int err = 0;
1047
1048 pkey = buf_new();
1049 skey = buf_new();
1050 iv = buf_new();
1051 dk = buf_new();
1052 p = buf_new();
1053 sig = buf_new();
1054
1055 errlog(NOTICE, "Generating OpenPGP RSA key.\n");
1056 k = RSA_generate_key(bits == 0 ? 1024 : bits, 17, NULL, NULL);
1057 if (k == NULL) {
1058 err = -1;
1059 goto end;
1060 }
1061 now = time(NULL);
1062 if (remail) /* fake time in nym keys */
1063 now -= rnd_number(4 * 24 * 60 * 60);
1064
1065 buf_appendc(skey, 3);
1066 buf_appendl(skey, now);
1067 /* until we can handle the case, where our key expires, don't create keys with expiration dates */
1068 buf_appendi(skey, 0);
1069 /* buf_appendi(skey, KEYLIFETIME/(24*60*60)); */
1070 buf_appendc(skey, PGP_ES_RSA);
1071 mpi_bnput(skey, k->n);
1072 mpi_bnput(skey, k->e);
1073
1074 #ifdef USE_IDEA
1075 if (pass != NULL && pass->length > 0 && remail != 2) {
1076 skalgo = PGP_K_IDEA;
1077 digest_md5(pass, dk);
1078 buf_setrnd(iv, pgp_blocklen(skalgo));
1079 buf_appendc(skey, skalgo);
1080 buf_cat(skey, iv);
1081 }
1082 else
1083 #endif /* USE_IDEA */
1084 buf_appendc(skey, 0);
1085
1086 mpi_bnputenc(skey, k->d, skalgo, dk, iv);
1087 mpi_bnputenc(skey, k->q, skalgo, dk, iv);
1088 mpi_bnputenc(skey, k->p, skalgo, dk, iv);
1089 mpi_bnputenc(skey, k->iqmp, skalgo, dk, iv);
1090
1091 buf_clear(p);
1092 mpi_bnput(p, k->d);
1093 mpi_bnput(p, k->q);
1094 mpi_bnput(p, k->p);
1095 mpi_bnput(p, k->iqmp);
1096 buf_appendi(skey, pgp_csum(p, 0));
1097
1098 pgp_packet(skey, PGP_SECKEY);
1099 buf_set(p, userid);
1100 pgp_packet(p, PGP_USERID);
1101 buf_cat(skey, p);
1102
1103 if (secring == NULL)
1104 secring = PGPREMSECRING;
1105 keydb = pgpdb_open(secring, remail == 2 ? pass : NULL, 1, PGP_TYPE_PRIVATE);
1106 if (keydb == NULL) {
1107 err = -1;
1108 goto end;
1109 }
1110 if (keydb->filetype == -1)
1111 keydb->filetype = ARMORED;
1112 pgpdb_append(keydb, skey);
1113 pgpdb_close(keydb);
1114
1115 if (pubring != NULL) {
1116 if (pgp_makepubkey(skey, NULL, pkey, pass, 0) == -1)
1117 goto end;
1118 keydb = pgpdb_open(pubring, NULL, 1, PGP_TYPE_PUBLIC);
1119 if (keydb == NULL)
1120 goto end;
1121 if (keydb->filetype == -1)
1122 keydb->filetype = ARMORED;
1123 pgpdb_append(keydb, pkey);
1124 pgpdb_close(keydb);
1125 }
1126 end:
1127 RSA_free(k);
1128 buf_free(pkey);
1129 buf_free(skey);
1130 buf_free(iv);
1131 buf_free(dk);
1132 buf_free(p);
1133 buf_free(sig);
1134 return (err);
1135 }
1136 #endif /* USE_RSA */
1137
1138 #define begin_param "-----BEGIN PUBLIC PARAMETER BLOCK-----"
1139 #define end_param "-----END PUBLIC PARAMETER BLOCK-----"
1140
1141 static void *params(int dsa, int bits)
1142 {
1143 DSA *k = NULL;
1144 DH *d = NULL;
1145 FILE *f;
1146 BUFFER *p, *n;
1147 char line[LINELEN];
1148 byte b[1024];
1149 int m, l;
1150
1151 if (bits == 0)
1152 bits = 1024;
1153 if (dsa && bits > 1024)
1154 bits = 1024;
1155
1156 p = buf_new();
1157 n = buf_new();
1158 f = mix_openfile(dsa ? DSAPARAMS : DHPARAMS, "r");
1159 if (f != NULL) {
1160 for (;;) {
1161 if (fgets(line, sizeof(line), f) == NULL)
1162 break;
1163 if (strleft(line, begin_param)) {
1164 if (fgets(line, sizeof(line), f) == NULL)
1165 break;
1166 m = 0;
1167 sscanf(line, "%d", &m);
1168 if (bits == m) {
1169 buf_clear(p);
1170 while (fgets(line, sizeof(line), f) != NULL) {
1171 if (strleft(line, end_param)) {
1172 decode(p, p);
1173 if (dsa) {
1174 k = DSA_new();
1175 l = buf_geti(p);
1176 buf_get(p, n, l);
1177 k->p = BN_bin2bn(n->data, n->length, NULL);
1178 l = buf_geti(p);
1179 buf_get(p, n, l);
1180 k->q = BN_bin2bn(n->data, n->length, NULL);
1181 l = buf_geti(p);
1182 buf_get(p, n, l);
1183 k->g = BN_bin2bn(n->data, n->length, NULL);
1184 } else {
1185 d = DH_new();
1186 l = buf_geti(p);
1187 buf_get(p, n, l);
1188 d->p = BN_bin2bn(n->data, n->length, NULL);
1189 l = buf_geti(p);
1190 buf_get(p, n, l);
1191 d->g = BN_bin2bn(n->data, n->length, NULL);
1192 }
1193 break;
1194 }
1195 buf_appends(p, line);
1196 }
1197 }
1198 }
1199 }
1200 fclose(f);
1201 }
1202
1203 buf_free(p);
1204 buf_free(n);
1205
1206 if (dsa) {
1207 if (k == NULL) {
1208 errlog(NOTICE, "Generating DSA parameters.\n");
1209 k = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
1210 p = buf_new();
1211 l = BN_bn2bin(k->p, b);
1212 buf_appendi(p, l);
1213 buf_append(p, b, l);
1214 l = BN_bn2bin(k->q, b);
1215 buf_appendi(p, l);
1216 buf_append(p, b, l);
1217 l = BN_bn2bin(k->g, b);
1218 buf_appendi(p, l);
1219 buf_append(p, b, l);
1220 encode(p, 64);
1221 f = mix_openfile(DSAPARAMS, "a");
1222 if (f != NULL) {
1223 fprintf(f, "%s\n%d\n", begin_param, bits);
1224 buf_write(p, f);
1225 fprintf(f, "%s\n", end_param);
1226 fclose(f);
1227 } else
1228 errlog(ERRORMSG, "Cannot open %s!\n", DSAPARAMS);
1229 buf_free(p);
1230 }
1231 return (k);
1232 } else {
1233 if (d == NULL) {
1234 errlog(NOTICE, "Generating DH parameters. (This may take a long time!)\n");
1235 d = DH_generate_parameters(bits, DH_GENERATOR_5, NULL, NULL);
1236 p = buf_new();
1237 l = BN_bn2bin(d->p, b);
1238 buf_appendi(p, l);
1239 buf_append(p, b, l);
1240 l = BN_bn2bin(d->g, b);
1241 buf_appendi(p, l);
1242 buf_append(p, b, l);
1243 encode(p, 64);
1244 f = mix_openfile(DHPARAMS, "a");
1245 if (f != NULL) {
1246 fprintf(f, "%s\n%d\n", begin_param, bits);
1247 buf_write(p, f);
1248 fprintf(f, "%s\n", end_param);
1249 fclose(f);
1250 } else
1251 errlog(ERRORMSG, "Cannot open %s!\n", DHPARAMS);
1252 buf_free(p);
1253 }
1254 return (d);
1255 }
1256 }
1257
1258 int pgp_dhkeygen(int bits, BUFFER *userid, BUFFER *pass, char *pubring,
1259 char *secring, int remail)
1260 /* remail==2: encrypt the secring */
1261 {
1262 DSA *s;
1263 DH *e;
1264 KEYRING *keydb;
1265 BUFFER *pkey, *skey, *subkey, *secret;
1266 BUFFER *dk, *sig, *iv, *p;
1267 long now;
1268 int err = 0;
1269
1270 pkey = buf_new();
1271 skey = buf_new();
1272 subkey = buf_new();
1273 iv = buf_new();
1274 dk = buf_new();
1275 p = buf_new();
1276 sig = buf_new();
1277 secret = buf_new();
1278
1279 s = params(1, bits);
1280 errlog(NOTICE, "Generating OpenPGP DSA key.\n");
1281 if (s == NULL || DSA_generate_key(s) != 1) {
1282 err = -1;
1283 goto end;
1284 }
1285 e = params(0, bits);
1286 errlog(NOTICE, "Generating OpenPGP ElGamal key.\n");
1287 if (e == NULL || DH_generate_key(e) != 1) {
1288 err = -1;
1289 goto end;
1290 }
1291
1292 now = time(NULL);
1293 if (remail) /* fake time in nym keys */
1294 now -= rnd_number(4 * 24 * 60 * 60);
1295
1296 /* DSA key */
1297 buf_setc(skey, 4);
1298 buf_appendl(skey, now);
1299 buf_appendc(skey, PGP_S_DSA);
1300 mpi_bnput(skey, s->p);
1301 mpi_bnput(skey, s->q);
1302 mpi_bnput(skey, s->g);
1303 mpi_bnput(skey, s->pub_key);
1304
1305 mpi_bnput(secret, s->priv_key);
1306 buf_appendi(secret, pgp_csum(secret, 0));
1307 makeski(secret, pass, remail);
1308 buf_cat(skey, secret);
1309 pgp_packet(skey, PGP_SECKEY);
1310
1311 /* ElGamal key */
1312 buf_setc(subkey, 4);
1313 buf_appendl(subkey, now);
1314 buf_appendc(subkey, PGP_E_ELG);
1315 mpi_bnput(subkey, e->p);
1316 mpi_bnput(subkey, e->g);
1317 mpi_bnput(subkey, e->pub_key);
1318
1319 buf_clear(secret);
1320 mpi_bnput(secret, e->priv_key);
1321 buf_appendi(secret, pgp_csum(secret, 0));
1322 makeski(secret, pass, remail);
1323 buf_cat(subkey, secret);
1324
1325 buf_set(p, userid);
1326 pgp_packet(p, PGP_USERID);
1327 buf_cat(skey, p);
1328
1329 pgp_packet(subkey, PGP_SECSUBKEY);
1330 buf_cat(skey, subkey);
1331
1332 if (secring == NULL)
1333 secring = PGPREMSECRING;
1334 keydb = pgpdb_open(secring, remail == 2 ? pass : NULL, 1, PGP_TYPE_PRIVATE);
1335 if (keydb == NULL) {
1336 err = -1;
1337 goto end;
1338 }
1339 if (keydb->filetype == -1)
1340 keydb->filetype = ARMORED;
1341 pgpdb_append(keydb, skey);
1342 pgpdb_close(keydb);
1343
1344 if (pubring != NULL) {
1345 pgp_makepubkey(skey, NULL, pkey, pass, 0);
1346 keydb = pgpdb_open(pubring, NULL, 1, PGP_TYPE_PUBLIC);
1347 if (keydb == NULL)
1348 goto end;
1349 if (keydb->filetype == -1)
1350 keydb->filetype = ARMORED;
1351 pgpdb_append(keydb, pkey);
1352 pgpdb_close(keydb);
1353 }
1354 end:
1355 buf_free(pkey);
1356 buf_free(skey);
1357 buf_free(subkey);
1358 buf_free(iv);
1359 buf_free(dk);
1360 buf_free(p);
1361 buf_free(sig);
1362 buf_free(secret);
1363 return (err);
1364 }
1365
1366 int pgp_dsasign(BUFFER *data, BUFFER *key, BUFFER *out)
1367 {
1368 BUFFER *mpi, *b;
1369 DSA *d;
1370 DSA_SIG *sig = NULL;
1371
1372 d = DSA_new();
1373 b = buf_new();
1374 mpi = buf_new();
1375 mpi_get(key, mpi);
1376 d->p = BN_bin2bn(mpi->data, mpi->length, NULL);
1377 mpi_get(key, mpi);
1378 d->q = BN_bin2bn(mpi->data, mpi->length, NULL);
1379 mpi_get(key, mpi);
1380 d->g = BN_bin2bn(mpi->data, mpi->length, NULL);
1381 mpi_get(key, mpi);
1382 d->pub_key = BN_bin2bn(mpi->data, mpi->length, NULL);
1383 if (mpi_get(key, mpi) == -1) {
1384 goto end;
1385 }
1386 d->priv_key = BN_bin2bn(mpi->data, mpi->length, NULL);
1387
1388 sig = DSA_do_sign(data->data, data->length, d);
1389 if (sig) {
1390 buf_prepare(b, BN_num_bytes(sig->r));
1391 b->length = BN_bn2bin(sig->r, b->data);
1392 mpi_put(out, b);
1393 b->length = BN_bn2bin(sig->s, b->data);
1394 mpi_put(out, b);
1395 }
1396 end:
1397 buf_free(mpi);
1398 buf_free(b);
1399 DSA_SIG_free(sig);
1400 DSA_free(d);
1401 return(sig ? 0 : -1);
1402 }
1403
1404 int pgp_dosign(int algo, BUFFER *data, BUFFER *key)
1405 {
1406 int err;
1407 BUFFER *out, *r, *s;
1408
1409 out = buf_new();
1410 r = buf_new();
1411 s = buf_new();
1412 switch (algo) {
1413 #ifdef USE_RSA
1414 case PGP_ES_RSA:
1415 err = pgp_rsa(data, key, PK_SIGN);
1416 if (err == 0)
1417 mpi_put(out, data);
1418 break;
1419 #endif /* USE_RSA */
1420 case PGP_S_DSA:
1421 err = pgp_dsasign(data, key, out);
1422 break;
1423 default:
1424 errlog(NOTICE, "Unknown encryption algorithm!\n");
1425 return (-1);
1426 }
1427 if (err == -1)
1428 errlog(ERRORMSG, "Signing operation failed!\n");
1429
1430 buf_move(data, out);
1431 buf_free(out);
1432 buf_free(r);
1433 buf_free(s);
1434 return (err);
1435 }
1436
1437 int pgp_elgdecrypt(BUFFER *in, BUFFER *key)
1438 {
1439 BIGNUM *a = NULL, *b = NULL, *c = NULL,
1440 *p = NULL, *g = NULL, *x = NULL;
1441 BN_CTX *ctx;
1442 BUFFER *i;
1443 int err = -1;
1444
1445 i = buf_new();
1446 ctx = BN_CTX_new();
1447 if (ctx == NULL) goto end;
1448 mpi_get(key, i);
1449 p = BN_bin2bn(i->data, i->length, NULL);
1450 mpi_get(key, i);
1451 g = BN_bin2bn(i->data, i->length, NULL);
1452 mpi_get(key, i); /* y */
1453 mpi_get(key, i);
1454 x = BN_bin2bn(i->data, i->length, NULL);
1455 mpi_get(in, i);
1456 a = BN_bin2bn(i->data, i->length, NULL);
1457 if (mpi_get(in, i) == -1)
1458 goto e1;
1459 b = BN_bin2bn(i->data, i->length, NULL);
1460 c = BN_new();
1461
1462 if (BN_mod_exp(c, a, x, p, ctx) == 0) goto end;
1463 if (BN_mod_inverse(a, c, p, ctx) == 0) goto end;
1464 if (BN_mod_mul(c, a, b, p, ctx) == 0) goto end;
1465
1466 buf_prepare(i, BN_num_bytes(c));
1467 i->length = BN_bn2bin(c, i->data);
1468
1469 buf_prepare(in, BN_num_bytes(c));
1470 in->length = RSA_padding_check_PKCS1_type_2(in->data, in->length, i->data,
1471 i->length, i->length + 1);
1472 if (in->length <= 0)
1473 in->length = 0;
1474 else
1475 err = 0;
1476
1477 end:
1478 BN_free(b);
1479 BN_free(c);
1480 e1:
1481 buf_free(i);
1482 BN_free(a);
1483 BN_free(p);
1484 BN_free(g);
1485 BN_clear_free(x);
1486 BN_CTX_free(ctx);
1487
1488 return (err);
1489 }
1490
1491 int pgp_elgencrypt(BUFFER *in, BUFFER *key)
1492 {
1493 BIGNUM *m, *k, *a, *b, *c, *p, *g, *y = NULL;
1494 BN_CTX *ctx;
1495 BUFFER *i;
1496 int err = -1;
1497
1498 i = buf_new();
1499 ctx = BN_CTX_new();
1500 if (ctx == NULL) goto end;
1501 mpi_get(key, i);
1502 p = BN_bin2bn(i->data, i->length, NULL);
1503 mpi_get(key, i);
1504 g = BN_bin2bn(i->data, i->length, NULL);
1505 if (mpi_get(key, i) == -1)
1506 goto e1;
1507 y = BN_bin2bn(i->data, i->length, NULL);
1508
1509 buf_prepare(i, BN_num_bytes(p));
1510 if (RSA_padding_add_PKCS1_type_2(i->data, i->length, in->data, in->length)
1511 != 1)
1512 goto end;
1513 m = BN_bin2bn(i->data, i->length, NULL);
1514
1515 k = BN_new();
1516 BN_rand(k, BN_num_bits(p), 0, 0);
1517
1518 a = BN_new();
1519 b = BN_new();
1520 c = BN_new();
1521
1522 if (BN_mod_exp(a, g, k, p, ctx) == 0) goto end;
1523 if (BN_mod_exp(c, y, k, p, ctx) == 0) goto end;
1524 if (BN_mod_mul(b, m, c, p, ctx) == 0) goto end;
1525
1526 buf_clear(in);
1527 i->length = BN_bn2bin(a, i->data);
1528 mpi_put(in, i);
1529 i->length = BN_bn2bin(b, i->data);
1530 mpi_put(in, i);
1531
1532 err = 0;
1533
1534 BN_free(a);
1535 BN_free(b);
1536 BN_free(c);
1537 BN_free(m);
1538 e1:
1539 buf_free(i);
1540 BN_free(p);
1541 BN_free(g);
1542 BN_free(y);
1543 BN_CTX_free(ctx);
1544 end:
1545
1546 return (err);
1547 }
1548
1549 #endif /* USE_PGP */
  ViewVC Help
Powered by ViewVC 1.1.5