pgpdata.c (36805B)
1 /* Mixmaster version 3.0 -- (C) 1999 - 2006 Anonymizer Inc. and others. 2 3 Mixmaster may be redistributed and modified under certain conditions. 4 This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF 5 ANY KIND, either express or implied. See the file COPYRIGHT for 6 details. 7 8 OpenPGP data 9 $Id: pgpdata.c 934 2006-06-24 13:40:39Z rabbi $ */ 10 11 12 #include "mix3.h" 13 #ifdef USE_PGP 14 #include "pgp.h" 15 #include "crypto.h" 16 #include <assert.h> 17 #include <time.h> 18 #include <string.h> 19 20 int pgp_keylen(int symalgo) 21 { 22 switch (symalgo) { 23 #ifdef USE_AES 24 case PGP_K_AES256: 25 return (32); 26 case PGP_K_AES192: 27 return (24); 28 case PGP_K_AES128: 29 #endif /* USE_AES */ 30 case PGP_K_IDEA: 31 case PGP_K_CAST5: 32 case PGP_K_BF: 33 return (16); 34 case PGP_K_3DES: 35 return (24); 36 default: 37 return (0); 38 } 39 } 40 41 int pgp_blocklen(int symalgo) 42 { 43 switch (symalgo) { 44 #ifdef USE_AES 45 case PGP_K_AES256: 46 case PGP_K_AES192: 47 case PGP_K_AES128: 48 return (16); 49 #endif /* USE_AES */ 50 case PGP_K_IDEA: 51 case PGP_K_CAST5: 52 case PGP_K_BF: 53 case PGP_K_3DES: 54 return (8); 55 default: 56 return (16); 57 } 58 } 59 60 int mpi_get(BUFFER *b, BUFFER *mpi) 61 { 62 int l; 63 64 l = buf_geti(b); 65 buf_clear(mpi); 66 67 if (l <= 0 || b->ptr + (l + 7) / 8 > b->length) 68 return (-1); 69 buf_get(b, mpi, (l + 7) / 8); 70 return (l); 71 } 72 73 74 int mpi_bitcount(BUFFER *mpi) 75 { 76 int i, l; 77 while (!mpi->data[0] && mpi->length) /* remove leading zeros from mpi */ 78 memmove(mpi->data, mpi->data+1, --mpi->length); 79 l = mpi->length * 8; 80 for (i = 7; i >= 0; i--) 81 if (((mpi->data[0] >> i) & 1) == 1) { 82 l -= 7 - i; 83 break; 84 } 85 return l; 86 } 87 88 int mpi_put(BUFFER *b, BUFFER *mpi) 89 { 90 buf_appendi(b, mpi_bitcount(mpi)); 91 buf_cat(b, mpi); 92 return (0); 93 } 94 95 int skcrypt(BUFFER *data, int skalgo, BUFFER *key, BUFFER *iv, int enc) 96 { 97 switch (skalgo) { 98 case 0: 99 return (0); 100 #ifdef USE_IDEA 101 case PGP_K_IDEA: 102 return (buf_ideacrypt(data, key, iv, enc)); 103 #endif /* USE_IDEA */ 104 #ifdef USE_AES 105 case PGP_K_AES128: 106 case PGP_K_AES192: 107 case PGP_K_AES256: 108 return (buf_aescrypt(data, key, iv, enc)); 109 #endif /* USE_AES */ 110 case PGP_K_3DES: 111 return (buf_3descrypt(data, key, iv, enc)); 112 case PGP_K_BF: 113 return (buf_bfcrypt(data, key, iv, enc)); 114 case PGP_K_CAST5: 115 return (buf_castcrypt(data, key, iv, enc)); 116 default: 117 return (-1); 118 } 119 } 120 121 int pgp_csum(BUFFER *key, int start) 122 { 123 int i, csum = 0; 124 for (i = start; i < key->length; i++) 125 csum = (csum + key->data[i]) % 65536; 126 return (csum); 127 } 128 129 int pgp_rsa(BUFFER *in, BUFFER *k, int mode) 130 { 131 BUFFER *mpi, *out; 132 int err = -1; 133 RSA *key; 134 135 assert(mode == PK_ENCRYPT || mode == PK_VERIFY || mode == PK_DECRYPT 136 || mode == PK_SIGN); 137 key = RSA_new(); 138 out = buf_new(); 139 mpi = buf_new(); 140 141 mpi_get(k, mpi); 142 key->n = BN_bin2bn(mpi->data, mpi->length, NULL); 143 144 if (mpi_get(k, mpi) < 0) 145 goto end; 146 key->e = BN_bin2bn(mpi->data, mpi->length, NULL); 147 148 if (mode == PK_DECRYPT || mode == PK_SIGN) { 149 if (mpi_get(k, mpi) < 0) 150 goto end; 151 key->d = BN_bin2bn(mpi->data, mpi->length, NULL); 152 153 #if 1 154 /* compute auxiluary parameters */ 155 mpi_get(k, mpi); /* PGP'p is SSLeay's q */ 156 key->q = BN_bin2bn(mpi->data, mpi->length, NULL); 157 158 mpi_get(k, mpi); 159 key->p = BN_bin2bn(mpi->data, mpi->length, NULL); 160 161 if (mpi_get(k, mpi) < 0) 162 goto end; 163 key->iqmp = BN_bin2bn(mpi->data, mpi->length, NULL); 164 165 { 166 BIGNUM *i; 167 BN_CTX *ctx; 168 169 ctx = BN_CTX_new(); 170 i = BN_new(); 171 key->dmp1 = BN_new(); 172 key->dmq1 = BN_new(); 173 174 BN_sub(i, key->p, BN_value_one()); 175 BN_mod(key->dmp1, key->d, i, ctx); 176 177 BN_sub(i, key->q, BN_value_one()); 178 BN_mod(key->dmq1, key->d, i, ctx); 179 180 BN_free(i); 181 } 182 #endif /* 1 */ 183 } 184 buf_prepare(out, RSA_size(key)); 185 186 switch (mode) { 187 case PK_ENCRYPT: 188 out->length = RSA_public_encrypt(in->length, in->data, out->data, key, 189 RSA_PKCS1_PADDING); 190 break; 191 case PK_VERIFY: 192 out->length = RSA_public_decrypt(in->length, in->data, out->data, key, 193 RSA_PKCS1_PADDING); 194 break; 195 case PK_SIGN: 196 out->length = RSA_private_encrypt(in->length, in->data, out->data, key, 197 RSA_PKCS1_PADDING); 198 break; 199 case PK_DECRYPT: 200 out->length = RSA_private_decrypt(in->length, in->data, out->data, key, 201 RSA_PKCS1_PADDING); 202 break; 203 } 204 if (out->length == -1) 205 err = -1, out->length = 0; 206 else 207 err = 0; 208 209 buf_move(in, out); 210 end: 211 RSA_free(key); 212 buf_free(out); 213 buf_free(mpi); 214 return (err); 215 } 216 217 /* Contrary to RFC 2440, old PGP versions use this for clearsign only. 218 * If the text is included in the OpenPGP message, the application will 219 * typically provide the text in the proper format (whatever that is); 220 * we use "canonic" format so everybody will be able to read our messages. 221 * In clearsigned messages, trailing whitespace is always ignored. 222 * Detached signatures are the problematic case. For PGP/MIME, we always 223 * escape trailing whitespace as quoted-printable. 224 */ 225 void pgp_sigcanonic(BUFFER *msg) 226 { 227 BUFFER *line, *out; 228 229 out = buf_new(); 230 line = buf_new(); 231 232 while (buf_getline(msg, line) != -1) { 233 while (line->length > 0 && (line->data[line->length - 1] == ' ' 234 #if 0 235 || line->data[line->length - 1] == '\t' 236 #endif /* 0 */ 237 )) 238 line->length--; 239 line->data[line->length] = '\0'; 240 buf_cat(out, line); 241 buf_appends(out, "\r\n"); 242 } 243 buf_move(msg, out); 244 buf_free(out); 245 buf_free(line); 246 } 247 248 static void mpi_bnput(BUFFER *o, BIGNUM *i) 249 { 250 BUFFER *b; 251 252 b = buf_new(); 253 buf_prepare(b, BN_num_bytes(i)); 254 b->length = BN_bn2bin(i, b->data); 255 mpi_put(o, b); 256 buf_free(b); 257 } 258 259 static void mpi_bnputenc(BUFFER *o, BIGNUM *i, int ska, BUFFER *key, 260 BUFFER *iv) 261 { 262 BUFFER *b; 263 int ivlen = iv->length; 264 265 b = buf_new(); 266 buf_prepare(b, BN_num_bytes(i)); 267 b->length = BN_bn2bin(i, b->data); 268 buf_appendi(o, mpi_bitcount(b)); 269 if (key && key->length) { 270 skcrypt(b, ska, key, iv, ENCRYPT); 271 buf_clear(iv); 272 buf_append(iv, b->data+b->length-ivlen, ivlen); 273 } 274 buf_cat(o, b); 275 buf_free(b); 276 } 277 278 static int getski(BUFFER *p, BUFFER *pass, BUFFER *key, BUFFER *iv) 279 { 280 int skalgo; 281 BUFFER *salt, *temp; 282 283 if (!pass) 284 return(-1); 285 286 salt = buf_new(); 287 temp = buf_new(); 288 289 skalgo = buf_getc(p); 290 switch (skalgo) { 291 case 0: 292 /* none */ 293 goto end; 294 case 255: 295 /* S2K specifier */ 296 skalgo = pgp_getsk(p, pass, key); 297 break; 298 default: 299 /* simple */ 300 digest_md5(pass, key); 301 break; 302 } 303 304 buf_get(p, iv, pgp_blocklen(skalgo)); 305 306 end: 307 buf_free(salt); 308 buf_free(temp); 309 return (skalgo); 310 } 311 312 static void makeski(BUFFER *secret, BUFFER *pass, int remail) 313 { 314 BUFFER *out, *key, *iv; 315 out = buf_new(); 316 key = buf_new(); 317 iv = buf_new(); 318 if (pass == NULL || pass->length == 0 || remail == 2) { 319 buf_appendc(out, 0); 320 buf_cat(out, secret); 321 } else { 322 buf_appendc(out, 255); 323 pgp_makesk(out, key, PGP_K_CAST5, 3, PGP_H_SHA1, pass); 324 buf_setrnd(iv, pgp_blocklen(PGP_K_CAST5)); 325 buf_cat(out, iv); 326 skcrypt(secret, PGP_K_CAST5, key, iv, 1); 327 buf_cat(out, secret); 328 } 329 buf_move(secret, out); 330 buf_free(out); 331 buf_free(key); 332 buf_free(iv); 333 } 334 335 int pgp_nummpi(int algo) 336 { 337 switch (algo) { 338 case PGP_ES_RSA: 339 return (2); 340 case PGP_S_DSA: 341 return (4); 342 case PGP_E_ELG: 343 return (3); 344 default: 345 return (0); 346 } 347 } 348 349 int pgp_numsecmpi(int algo) 350 { 351 switch (algo) { 352 case PGP_ES_RSA: 353 return (4); 354 case PGP_S_DSA: 355 return (1); 356 case PGP_E_ELG: 357 return (1); 358 default: 359 return (0); 360 } 361 } 362 363 /* store key's ID in keyid */ 364 int pgp_keyid(BUFFER *key, BUFFER *keyid) 365 { 366 BUFFER *i, *k; 367 int version, algo, j, ptr; 368 369 i = buf_new(); 370 k = buf_new(); 371 372 ptr = key->ptr; 373 key->ptr = 0; 374 switch (version = buf_getc(key)) { 375 case 2: 376 case 3: 377 buf_getl(key); 378 buf_geti(key); 379 buf_getc(key); 380 mpi_get(key, i); 381 break; 382 case 4: 383 buf_appendc(k, version); 384 buf_appendl(k, buf_getl(key)); 385 algo = buf_getc(key); 386 buf_appendc(k, algo); 387 if (pgp_nummpi(algo) == 0) 388 buf_rest(k, key); /* works for public keys only */ 389 else 390 for (j = 0; j < pgp_nummpi(algo); j++) { 391 mpi_get(key, i); 392 mpi_put(k, i); 393 } 394 buf_clear(i); 395 buf_appendc(i, 0x99); 396 buf_appendi(i, k->length); 397 buf_cat(i, k); 398 digest_sha1(i, i); 399 break; 400 } 401 buf_clear(keyid); 402 buf_append(keyid, i->data + i->length - 8, 8); 403 buf_free(i); 404 buf_free(k); 405 key->ptr = ptr; 406 return(0); 407 } 408 409 static int pgp_iskeyid(BUFFER *key, BUFFER *keyid) 410 { 411 BUFFER *thisid; 412 int ret; 413 414 thisid = buf_new(); 415 pgp_keyid(key, thisid); 416 ret = buf_eq(keyid, thisid); 417 buf_free(thisid); 418 return(ret); 419 } 420 421 static int pgp_get_sig_subpacket(BUFFER * p1, BUFFER *out) 422 { 423 int suptype, len = buf_getc(p1); 424 if (len > 192 && len < 255) 425 len = (len - 192) * 256 + buf_getc(p1) + 192; 426 else if (len == 255) 427 len = buf_getl(p1); 428 suptype = buf_getc(p1); 429 if (len) 430 buf_get(p1, out, len-1); /* len-1 - exclude type */ 431 else 432 buf_clear(out); 433 return suptype; 434 } 435 436 typedef struct _UIDD { 437 struct _UIDD * next; 438 long created, expires; 439 int revoked, sym, mdc, uid, primary; 440 BUFFER *uidstr; 441 } UIDD; 442 443 static UIDD * new_uidd_c(UIDD *uidd_c, int uidno) 444 { 445 UIDD * tmp; 446 447 if (!uidd_c || uidd_c->uid < uidno) { 448 tmp = (UIDD *)malloc(sizeof(UIDD)); 449 if (!tmp) 450 return uidd_c; 451 if (uidd_c) { 452 uidd_c->next = tmp; 453 uidd_c = uidd_c->next; 454 } else 455 uidd_c = tmp; 456 if (uidd_c) { 457 memset(uidd_c, 0, sizeof(UIDD)); 458 uidd_c->uid = uidno; 459 } 460 } 461 return uidd_c; 462 } 463 464 int pgp_getkey(int mode, int algo, int *psym, int *pmdc, long *pexpires, BUFFER *keypacket, BUFFER *key, 465 BUFFER *keyid, BUFFER *userid, BUFFER *pass) 466 /* IN: mode - PK_SIGN, PK_VERIFY, PK_DECRYPT, PK_ENCRYPT 467 * algo - PGP_ANY, PGP_ES_RSA, PGP_E_ELG, PGP_S_DSA 468 * psym - reyested sym PGP_K_ANY, PGP_K_IDEA, PGP_K_3DES, ... or NULL 469 * pass - passprase or NULL 470 * keypacket - key, with key uid sig subkey packets, possibly encrypted 471 * keyid - reyested (sub)keyid or empty buffer or NULL 472 * OUT: psym - found sym algo (or NULL) 473 * pmdc - found mdc flag (or NULL) 474 * key - found key, only key packet, decrypted 475 * may be the same buffer as keypacket (or NULL) 476 * keyid - found (sub)keyid (or NULL) 477 * userid - found userid (or NULL) 478 * pexpires - expiry time, or 0 if don't expire (or NULL) 479 */ 480 { 481 int tempbuf = 0, dummykey = 0; 482 int keytype = -1, type, j; 483 int thisalgo = 0, version, skalgo; 484 int needsym = 0, symfound = 0, mdcfound = 0; 485 BUFFER *p1, *iv, *sk, *i, *thiskeyid, *mainkeyid; 486 int ivlen; 487 int csstart; 488 long now = time(NULL); 489 long created = 0, expires = 0, subexpires = 0; 490 int uidno = 0, primary = 0, subkeyno = 0, subkeyok = 0; 491 UIDD * uidd_1 = NULL, * uidd_c = NULL; 492 493 p1 = buf_new(); 494 i = buf_new(); 495 iv = buf_new(); 496 sk = buf_new(); 497 thiskeyid = buf_new(); 498 mainkeyid = buf_new(); 499 if (psym) 500 needsym = *psym; 501 if (keypacket == key) { 502 key = buf_new(); 503 tempbuf = 1; 504 } 505 if (! key) { 506 key = buf_new(); 507 dummykey = 1; 508 }; 509 if (userid) 510 buf_clear(userid); 511 512 while ((type = pgp_getpacket(keypacket, p1)) > 0) { 513 switch (type) { 514 case PGP_SIG: 515 { 516 /* it is assumed that only valid keys have been imported */ 517 long a; 518 int self = 0, certexpires = 0, suptype; 519 int sigtype = 0, sigver = buf_getc(p1); 520 created = 0, expires = 0, primary = 0; 521 if (sigver == 4) { 522 sigtype = buf_getc(p1); 523 if (isPGP_SIG_CERT(sigtype) || sigtype == PGP_SIG_BINDSUBKEY || sigtype == PGP_SIG_CERTREVOKE) { 524 int revoked = (sigtype == PGP_SIG_CERTREVOKE), sym = PGP_K_3DES, mdc = 0; 525 buf_getc(p1); /* pk algo */ 526 buf_getc(p1); /* hash algo */ 527 j = buf_geti(p1); /* length of hashed signature subpackets */ 528 j += p1->ptr; 529 while (p1->ptr < j) { 530 suptype = pgp_get_sig_subpacket(p1, i); 531 switch (suptype & 0x7F) { 532 case PGP_SUB_PSYMMETRIC: 533 while ((a = buf_getc(i)) != -1) 534 if ((a == PGP_K_3DES || a == PGP_K_CAST5 || a == PGP_K_BF 535 #ifdef USE_IDEA 536 || a == PGP_K_IDEA 537 #endif /* USE_IDEA */ 538 #ifdef USE_AES 539 || a == PGP_K_AES128 || a == PGP_K_AES192 || a == PGP_K_AES256 540 #endif /* USE_AES */ 541 ) && (a == needsym || needsym == PGP_K_ANY)) { 542 sym = a; 543 break; /* while ((a = buf_getc(i)) != -1) */ 544 } /* if ((a == PGP_K_3DES)... */ 545 break; 546 case PGP_SUB_FEATURES: 547 if ((a = buf_getc(i)) != -1) 548 if (a & 0x01) 549 mdc = 1; 550 break; 551 case PGP_SUB_CREATIME: 552 if ((a = buf_getl(i)) != -1) 553 created = a; 554 break; 555 case PGP_SUB_KEYEXPIRETIME: 556 if ((a = buf_getl(i)) != -1) 557 expires = a; 558 break; 559 case PGP_SUB_CERTEXPIRETIME: 560 if ((a = buf_getl(i)) != -1) 561 certexpires = a; 562 break; 563 case PGP_SUB_ISSUER: /* ISSUER normaly is in unhashed data, but check anyway */ 564 if (i->length == 8) 565 self = buf_eq(i, mainkeyid); 566 break; 567 case PGP_SUB_PRIMARY: 568 if ((a = buf_getl(i)) != -1) 569 primary = a; 570 break; 571 default: 572 if (suptype & 0x80) { 573 ; /* "critical" bit set! now what? */ 574 } 575 } /* switch (suptype) */ 576 } /* while (p1->ptr < j) */ 577 if (p1->ptr == j) { 578 j = buf_geti(p1); /* length of unhashed signature subpackets */ 579 j += p1->ptr; 580 while (p1->ptr < j) { 581 suptype = pgp_get_sig_subpacket(p1, i); 582 if (suptype == PGP_SUB_ISSUER) { 583 if (i->length == 8) 584 self = buf_eq(i, mainkeyid); 585 } /* if (suptype == PGP_SUB_ISSUER) */ 586 } /* while (p1->ptr < j) #2 */ 587 } /* if (p1->ptr == j) */ 588 if (p1->ptr != j) /* sig damaged ? */ 589 break; /* switch (type) */ 590 if (self) { 591 if (certexpires) 592 certexpires = ((created + certexpires < now) || (created + certexpires < 0)); 593 if ((isPGP_SIG_CERT(sigtype) && !certexpires) || sigtype == PGP_SIG_CERTREVOKE) { 594 uidd_c = new_uidd_c(uidd_c, uidno); 595 if (!uidd_1) 596 uidd_1 = uidd_c; 597 if (uidd_c && uidd_c->uid == uidno) { 598 if (uidd_c->created <= created) { 599 /* if there is several selfsigs on that uid, find the newest one */ 600 uidd_c->created = created; 601 uidd_c->expires = expires; 602 uidd_c->revoked = revoked; 603 uidd_c->primary = primary; 604 uidd_c->sym = sym; 605 uidd_c->mdc = mdc; 606 } 607 } 608 } /* if ((isPGP_SIG_CERT(sigtype) && !certexpires) || sigtype == PGP_SIG_CERTREVOKE) */ 609 else if (sigtype == PGP_SIG_BINDSUBKEY) { 610 if (!subkeyok) { 611 subexpires = expires ? created + expires : 0; 612 if (expires && ((created + expires < now) || (created + expires < 0))) { 613 if (mode == PK_ENCRYPT) { /* allow decrypt with expired subkeys, but not encrypt */ 614 keytype = -1; 615 } 616 } 617 if (keytype != -1) 618 subkeyok = subkeyno; 619 } 620 } /* if (sigtype == PGP_SIG_BINDSUBKEY) */ 621 } /* if (self) */ 622 } /* if (isPGP_SIG_CERT(sigtype) || sigtype == PGP_SIG_BINDSUBKEY || sigtype == PGP_SIG_CERTREVOKE) */ 623 } /* if (sigver == 4) */ 624 else if (sigver == 2 || sigver == 3) { 625 buf_getc(p1); /* One-octet length of following hashed material. MUST be 5 */ 626 sigtype = buf_getc(p1); 627 } /* if (sigver == 2 || sigver == 3) */ 628 if (sigtype == PGP_SIG_KEYREVOKE) { 629 /* revocation can be either v3 or v4. if v4 we could check issuer, but we don't do it... */ 630 if (mode == PK_SIGN || mode == PK_ENCRYPT) { /* allow verify and decrypt with revokeded keys, but not sign and encrypt */ 631 keytype = -1; 632 } 633 } /* if (sigtype == PGP_SIG_KEYREVOKE) */ 634 else if (sigtype == PGP_SIG_SUBKEYREVOKE) { 635 if (!subkeyok || subkeyok == subkeyno) 636 if (mode == PK_ENCRYPT) { /* allow decrypt with revokeded subkeys, but not encrypt */ 637 keytype = -1; 638 } 639 } /* if (sigtype == PGP_SIG_SUBKEYREVOKE) */ 640 break; /* switch (type) */ 641 } /* case PGP_SIG: */ 642 case PGP_USERID: 643 uidno++; 644 uidd_c = new_uidd_c(uidd_c, uidno); 645 if (!uidd_1) 646 uidd_1 = uidd_c; 647 if (uidd_c && uidd_c->uid == uidno) { 648 uidd_c->uidstr = buf_new(); 649 buf_set(uidd_c->uidstr, p1); 650 } 651 if (userid) 652 buf_move(userid, p1); 653 break; 654 case PGP_PUBSUBKEY: 655 case PGP_SECSUBKEY: 656 subkeyno++; 657 if (keytype != -1 && subkeyno > 1) { 658 /* usable subkey already found, don't bother to check other */ 659 continue; 660 } 661 if (keytype != -1 && (mode == PK_SIGN || mode == PK_VERIFY)) 662 continue; 663 case PGP_PUBKEY: 664 if ((type == PGP_PUBKEY || type == PGP_PUBSUBKEY) && 665 (mode == PK_DECRYPT || mode == PK_SIGN)) 666 continue; 667 case PGP_SECKEY: 668 if (type == PGP_PUBKEY || type == PGP_SECKEY) 669 pgp_keyid(p1, mainkeyid); 670 keytype = type; 671 version = buf_getc(p1); 672 switch (version) { 673 case 2: 674 case 3: 675 created = buf_getl(p1); /* created */ 676 expires = buf_geti(p1) * (24*60*60); /* valid */ 677 if (uidno == 0) { 678 uidd_c = new_uidd_c(uidd_c, uidno); 679 if (!uidd_1) 680 uidd_1 = uidd_c; 681 if (uidd_c && uidd_c->uid == uidno) { 682 uidd_c->created = created; 683 uidd_c->expires = expires; 684 uidd_c->sym = PGP_K_IDEA; 685 } 686 } 687 thisalgo = buf_getc(p1); 688 if (thisalgo != PGP_ES_RSA) { 689 keytype = -1; 690 goto end; 691 } 692 symfound = PGP_K_IDEA; 693 mdcfound = 0; 694 break; 695 case 4: 696 buf_appendc(key, version); 697 buf_appendl(key, buf_getl(p1)); 698 thisalgo = buf_getc(p1); 699 buf_appendc(key, thisalgo); 700 if (symfound == 0) 701 symfound = PGP_K_3DES; /* default algorithm */ 702 break; 703 default: 704 keytype = -1; 705 goto end; 706 } /* switch (version) */ 707 if (algo != PGP_ANY && thisalgo != algo) { 708 keytype = -1; 709 continue; 710 } 711 if (keyid && keyid->length && !pgp_iskeyid(p1, keyid)) 712 continue; 713 pgp_keyid(p1, thiskeyid); 714 if (key) { 715 buf_clear(key); 716 for (j = 0; j < pgp_nummpi(thisalgo); j++) { 717 if (mpi_get(p1, i) == -1) 718 goto end; 719 mpi_put(key, i); 720 } 721 if (keytype == PGP_SECKEY || keytype == PGP_SECSUBKEY) { 722 csstart = key->length; 723 skalgo = getski(p1, pass, sk, iv); 724 switch (version) { 725 case 2: 726 case 3: 727 ivlen = pgp_blocklen(skalgo); 728 for (j = 0; j < pgp_numsecmpi(thisalgo); j++) { 729 unsigned char lastb[16]; 730 if (mpi_get(p1, i) == -1) { 731 keytype = -1; 732 goto end; 733 } 734 assert(ivlen <= 16); 735 memcpy(lastb, i->data+i->length-ivlen, ivlen); 736 skcrypt(i, skalgo, sk, iv, DECRYPT); 737 buf_clear(iv); 738 buf_append(iv, lastb, ivlen); 739 mpi_put(key, i); 740 } /* for */ 741 break; /* switch (version) */ 742 case 4: 743 buf_clear(i); 744 buf_rest(i, p1); 745 skcrypt(i, skalgo, sk, iv, DECRYPT); 746 buf_move(p1, i); 747 for (j = 0; j < pgp_numsecmpi(thisalgo); j++) { 748 if (mpi_get(p1, i) == -1) { 749 keytype = PGP_PASS; 750 goto end; 751 } 752 mpi_put(key, i); 753 } 754 break; 755 } /* switch (version) */ 756 if (pgp_csum(key, csstart) != buf_geti(p1)) { 757 keytype = PGP_PASS; 758 goto end; 759 } 760 } 761 } /* if (key) */ 762 break; /* switch (type) */ 763 default: 764 /* ignore trust packets etc */ 765 break; 766 } /* switch (type) */ 767 } /* while ((type = pgp_getpacket(keypacket, p1)) > 0) */ 768 end: 769 if (keyid) buf_set(keyid, thiskeyid); 770 if (tempbuf) { 771 buf_move(keypacket, key); 772 buf_free(key); 773 } 774 if (dummykey) { 775 buf_free(key); 776 } 777 buf_free(p1); 778 buf_free(i); 779 buf_free(iv); 780 buf_free(sk); 781 buf_free(thiskeyid); 782 buf_free(mainkeyid); 783 784 if (uidd_1) { 785 primary = 0; 786 created = expires = 0; 787 while (uidd_1) { 788 /* find newest uid which is not revoked or expired */ 789 if (primary <= uidd_1->primary && created <= uidd_1->created && !uidd_1->revoked) { 790 created = uidd_1->created; 791 expires = uidd_1->expires; 792 primary = uidd_1->primary; 793 symfound = uidd_1->sym; 794 mdcfound = uidd_1->mdc; 795 if (userid && uidd_1->uidstr) 796 buf_set(userid, uidd_1->uidstr); 797 } 798 uidd_c = uidd_1; 799 uidd_1 = uidd_1->next; 800 if (uidd_c->uidstr) 801 buf_free(uidd_c->uidstr); 802 free(uidd_c); 803 } 804 if (expires && ((created + expires < now) || (created + expires < 0))) { 805 if (mode == PK_SIGN || mode == PK_ENCRYPT) { /* allow verify and decrypt with expired keys, but not sign and encrypt */ 806 keytype = -1; 807 } 808 } 809 } /* if (uidd_1) */ 810 expires = expires ? created + expires : 0; 811 if (subexpires > 0 && expires > 0 && subexpires < expires) 812 expires = subexpires; 813 if (pexpires) 814 *pexpires = expires; 815 816 if (!subkeyok && keytype == PGP_E_ELG && (mode == PK_DECRYPT || mode == PK_ENCRYPT)) 817 keytype = -1; /* no usable subkey found, one with valid binding */ 818 819 if (needsym != PGP_K_ANY && needsym != symfound) 820 keytype = -1; 821 else if (psym && *psym == PGP_K_ANY) 822 *psym = symfound; 823 if (pmdc) 824 *pmdc = mdcfound; 825 826 return (keytype <= 0 ? keytype : thisalgo); 827 } 828 829 int pgp_makepkpacket(int type, BUFFER *p, BUFFER *outtxt, BUFFER *out, 830 BUFFER *key, BUFFER *pass, time_t *created) 831 { 832 BUFFER *i, *id; 833 char txt[LINELEN], algoid; 834 int version, algo, valid = 0, err = 0; 835 int len, j; 836 struct tm *tc; 837 838 i = buf_new(); 839 id = buf_new(); 840 841 version = buf_getc(p); 842 buf_clear(key); 843 switch (version) { 844 case 2: 845 case 3: 846 *created = buf_getl(p); 847 valid = buf_geti(p); 848 algo = buf_getc(p); 849 if (algo != PGP_ES_RSA) 850 return(-1); 851 break; 852 case 4: 853 *created = buf_getl(p); 854 algo = buf_getc(p); 855 break; 856 default: 857 return(-1); 858 } 859 860 switch (version) { 861 case 2: 862 case 3: 863 buf_appendc(key, version); 864 buf_appendl(key, *created); 865 buf_appendi(key, valid); 866 buf_appendc(key, algo); 867 break; 868 case 4: 869 buf_appendc(key, version); 870 buf_appendl(key, *created); 871 buf_appendc(key, algo); 872 break; 873 } 874 875 pgp_keyid(p, id); 876 len = mpi_get(p, i); 877 mpi_put(key, i); 878 for (j = 1; j < pgp_nummpi(algo); j++) { 879 if (mpi_get(p, i) == -1) { 880 err = -1; 881 goto end; 882 } 883 mpi_put(key, i); 884 } 885 pgp_packet(key, type); 886 buf_cat(out, key); 887 888 if (outtxt != NULL) { 889 switch(algo) { 890 case PGP_ES_RSA: 891 algoid = 'R'; 892 break; 893 case PGP_S_DSA: 894 algoid = 'D'; 895 break; 896 case PGP_E_ELG: 897 algoid = 'g'; 898 break; 899 default: 900 algoid = '?'; 901 } 902 buf_appendf(outtxt, "%s %5d%c/%02X%02X%02X%02X ", 903 type == PGP_PUBSUBKEY ? "sub" : 904 type == PGP_PUBKEY ? "pub" : 905 type == PGP_SECKEY ? "sec" : 906 type == PGP_SECSUBKEY ? "ssb" : 907 "???", len, algoid, 908 id->data[4], id->data[5], id->data[6], id->data[7]); 909 tc = localtime(created); 910 strftime(txt, LINELEN, "%Y-%m-%d ", tc); 911 buf_appends(outtxt, txt); 912 } 913 end: 914 buf_free(i); 915 buf_free(id); 916 return(err == 0 ? algo : err); 917 } 918 919 int pgp_makepubkey(BUFFER *keypacket, BUFFER *outtxt, BUFFER *out, 920 BUFFER *pass, int keyalgo) 921 { 922 BUFFER *p, *pubkey, *seckey, *subkey, *sig, *tmp; 923 int err = -1, type, thisalgo; 924 time_t created; 925 926 p = buf_new(); 927 seckey = buf_new(); 928 pubkey = buf_new(); 929 subkey = buf_new(); 930 sig = buf_new(); 931 tmp = buf_new(); 932 933 buf_set(seckey, keypacket); 934 type = pgp_getpacket(keypacket, p); 935 if (type != PGP_SECKEY) 936 goto end; 937 938 thisalgo = pgp_makepkpacket(PGP_PUBKEY, p, outtxt, tmp, pubkey, pass, 939 &created); 940 if (thisalgo == -1 || (keyalgo != 0 && keyalgo != thisalgo)) 941 goto end; 942 buf_cat(out, tmp); 943 944 while ((type = pgp_getpacket(keypacket, p)) > 0) { 945 if (type == PGP_SECSUBKEY) { 946 if (pgp_makepkpacket(PGP_PUBSUBKEY, p, outtxt, out, subkey, pass, 947 &created) == -1) 948 goto end; 949 if (pgp_sign(pubkey, subkey, sig, NULL, pass, PGP_SIG_BINDSUBKEY, 0, 950 created, 0, seckey, NULL) != -1) 951 buf_cat(out, sig); 952 if (outtxt) 953 buf_nl(outtxt); 954 } else if (type == PGP_USERID) { 955 if (outtxt != NULL) { 956 buf_cat(outtxt, p); 957 buf_nl(outtxt); 958 } 959 pgp_packet(p, PGP_USERID); 960 err = pgp_sign(pubkey, p, sig, NULL, pass, PGP_SIG_CERT, 1, created, 0, 961 seckey, NULL); /* maybe PGP_SIG_CERT3 ? */ 962 buf_cat(out, p); 963 if (err == 0) 964 buf_cat(out, sig); 965 } else if (type == PGP_PUBKEY || type == PGP_SECKEY) 966 break; 967 } 968 end: 969 buf_free(pubkey); 970 buf_free(seckey); 971 buf_free(subkey); 972 buf_free(sig); 973 buf_free(p); 974 buf_free(tmp); 975 return (err); 976 } 977 978 int pgp_makekeyheader(int type, BUFFER *keypacket, BUFFER *outtxt, 979 BUFFER *pass, int keyalgo) 980 { 981 BUFFER *p, *pubkey, *seckey, *subkey, *sig, *tmp, *dummy; 982 int thisalgo, err = -1; 983 time_t created; 984 985 assert(type == PGP_SECKEY || type == PGP_PUBKEY); 986 987 p = buf_new(); 988 seckey = buf_new(); 989 pubkey = buf_new(); 990 subkey = buf_new(); 991 sig = buf_new(); 992 tmp = buf_new(); 993 dummy = buf_new(); 994 995 buf_set(seckey, keypacket); 996 if (type != pgp_getpacket(keypacket, p)) 997 goto end; 998 999 thisalgo = pgp_makepkpacket(type, p, outtxt, tmp, pubkey, pass, 1000 &created); 1001 if (thisalgo == -1 || (keyalgo != 0 && keyalgo != thisalgo)) 1002 goto end; 1003 1004 while ((type = pgp_getpacket(keypacket, p)) > 0) { 1005 if (type == PGP_SECSUBKEY || type == PGP_PUBSUBKEY) { 1006 if (pgp_makepkpacket(type, p, outtxt, dummy, subkey, pass, 1007 &created) == -1) 1008 goto end; 1009 buf_nl(outtxt); 1010 } else if (type == PGP_USERID) { 1011 buf_cat(outtxt, p); 1012 buf_nl(outtxt); 1013 pgp_packet(p, PGP_USERID); 1014 } else if (type == PGP_PUBKEY || type == PGP_SECKEY) 1015 break; 1016 } 1017 err = 0; 1018 end: 1019 buf_free(pubkey); 1020 buf_free(seckey); 1021 buf_free(subkey); 1022 buf_free(sig); 1023 buf_free(p); 1024 buf_free(dummy); 1025 buf_free(tmp); 1026 return (err); 1027 } 1028 1029 int pgp_rsakeygen(int bits, BUFFER *userid, BUFFER *pass, char *pubring, 1030 char *secring, int remail) 1031 /* remail==2: encrypt the secring */ 1032 { 1033 RSA *k; 1034 KEYRING *keydb; 1035 BUFFER *pkey, *skey; 1036 BUFFER *dk, *sig, *iv, *p; 1037 long now; 1038 int skalgo = 0; 1039 int err = 0; 1040 1041 pkey = buf_new(); 1042 skey = buf_new(); 1043 iv = buf_new(); 1044 dk = buf_new(); 1045 p = buf_new(); 1046 sig = buf_new(); 1047 1048 errlog(NOTICE, "Generating OpenPGP RSA key.\n"); 1049 k = RSA_generate_key(bits == 0 ? 1024 : bits, 17, NULL, NULL); 1050 if (k == NULL) { 1051 err = -1; 1052 goto end; 1053 } 1054 now = time(NULL); 1055 if (remail) /* fake time in nym keys */ 1056 now -= rnd_number(4 * 24 * 60 * 60); 1057 1058 buf_appendc(skey, 3); 1059 buf_appendl(skey, now); 1060 /* until we can handle the case, where our key expires, don't create keys with expiration dates */ 1061 buf_appendi(skey, 0); 1062 /* buf_appendi(skey, KEYLIFETIME/(24*60*60)); */ 1063 buf_appendc(skey, PGP_ES_RSA); 1064 mpi_bnput(skey, k->n); 1065 mpi_bnput(skey, k->e); 1066 1067 #ifdef USE_IDEA 1068 if (pass != NULL && pass->length > 0 && remail != 2) { 1069 skalgo = PGP_K_IDEA; 1070 digest_md5(pass, dk); 1071 buf_setrnd(iv, pgp_blocklen(skalgo)); 1072 buf_appendc(skey, skalgo); 1073 buf_cat(skey, iv); 1074 } 1075 else 1076 #endif /* USE_IDEA */ 1077 buf_appendc(skey, 0); 1078 1079 mpi_bnputenc(skey, k->d, skalgo, dk, iv); 1080 mpi_bnputenc(skey, k->q, skalgo, dk, iv); 1081 mpi_bnputenc(skey, k->p, skalgo, dk, iv); 1082 mpi_bnputenc(skey, k->iqmp, skalgo, dk, iv); 1083 1084 buf_clear(p); 1085 mpi_bnput(p, k->d); 1086 mpi_bnput(p, k->q); 1087 mpi_bnput(p, k->p); 1088 mpi_bnput(p, k->iqmp); 1089 buf_appendi(skey, pgp_csum(p, 0)); 1090 1091 pgp_packet(skey, PGP_SECKEY); 1092 buf_set(p, userid); 1093 pgp_packet(p, PGP_USERID); 1094 buf_cat(skey, p); 1095 1096 if (secring == NULL) 1097 secring = PGPREMSECRING; 1098 keydb = pgpdb_open(secring, remail == 2 ? pass : NULL, 1, PGP_TYPE_PRIVATE); 1099 if (keydb == NULL) { 1100 err = -1; 1101 goto end; 1102 } 1103 if (keydb->filetype == -1) 1104 keydb->filetype = ARMORED; 1105 pgpdb_append(keydb, skey); 1106 pgpdb_close(keydb); 1107 1108 if (pubring != NULL) { 1109 if (pgp_makepubkey(skey, NULL, pkey, pass, 0) == -1) 1110 goto end; 1111 keydb = pgpdb_open(pubring, NULL, 1, PGP_TYPE_PUBLIC); 1112 if (keydb == NULL) 1113 goto end; 1114 if (keydb->filetype == -1) 1115 keydb->filetype = ARMORED; 1116 pgpdb_append(keydb, pkey); 1117 pgpdb_close(keydb); 1118 } 1119 end: 1120 RSA_free(k); 1121 buf_free(pkey); 1122 buf_free(skey); 1123 buf_free(iv); 1124 buf_free(dk); 1125 buf_free(p); 1126 buf_free(sig); 1127 return (err); 1128 } 1129 1130 #define begin_param "-----BEGIN PUBLIC PARAMETER BLOCK-----" 1131 #define end_param "-----END PUBLIC PARAMETER BLOCK-----" 1132 1133 static void *params(int dsa, int bits) 1134 { 1135 DSA *k = NULL; 1136 DH *d = NULL; 1137 FILE *f; 1138 BUFFER *p, *n; 1139 char line[LINELEN]; 1140 byte b[1024]; 1141 int m, l; 1142 1143 if (bits == 0) 1144 bits = 1024; 1145 if (dsa && bits > 1024) 1146 bits = 1024; 1147 1148 p = buf_new(); 1149 n = buf_new(); 1150 f = mix_openfile(dsa ? DSAPARAMS : DHPARAMS, "r"); 1151 if (f != NULL) { 1152 for (;;) { 1153 if (fgets(line, sizeof(line), f) == NULL) 1154 break; 1155 if (strleft(line, begin_param)) { 1156 if (fgets(line, sizeof(line), f) == NULL) 1157 break; 1158 m = 0; 1159 sscanf(line, "%d", &m); 1160 if (bits == m) { 1161 buf_clear(p); 1162 while (fgets(line, sizeof(line), f) != NULL) { 1163 if (strleft(line, end_param)) { 1164 decode(p, p); 1165 if (dsa) { 1166 k = DSA_new(); 1167 l = buf_geti(p); 1168 buf_get(p, n, l); 1169 k->p = BN_bin2bn(n->data, n->length, NULL); 1170 l = buf_geti(p); 1171 buf_get(p, n, l); 1172 k->q = BN_bin2bn(n->data, n->length, NULL); 1173 l = buf_geti(p); 1174 buf_get(p, n, l); 1175 k->g = BN_bin2bn(n->data, n->length, NULL); 1176 } else { 1177 d = DH_new(); 1178 l = buf_geti(p); 1179 buf_get(p, n, l); 1180 d->p = BN_bin2bn(n->data, n->length, NULL); 1181 l = buf_geti(p); 1182 buf_get(p, n, l); 1183 d->g = BN_bin2bn(n->data, n->length, NULL); 1184 } 1185 break; 1186 } 1187 buf_appends(p, line); 1188 } 1189 } 1190 } 1191 } 1192 fclose(f); 1193 } 1194 1195 buf_free(p); 1196 buf_free(n); 1197 1198 if (dsa) { 1199 if (k == NULL) { 1200 errlog(NOTICE, "Generating DSA parameters.\n"); 1201 k = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); 1202 p = buf_new(); 1203 l = BN_bn2bin(k->p, b); 1204 buf_appendi(p, l); 1205 buf_append(p, b, l); 1206 l = BN_bn2bin(k->q, b); 1207 buf_appendi(p, l); 1208 buf_append(p, b, l); 1209 l = BN_bn2bin(k->g, b); 1210 buf_appendi(p, l); 1211 buf_append(p, b, l); 1212 encode(p, 64); 1213 f = mix_openfile(DSAPARAMS, "a"); 1214 if (f != NULL) { 1215 fprintf(f, "%s\n%d\n", begin_param, bits); 1216 buf_write(p, f); 1217 fprintf(f, "%s\n", end_param); 1218 fclose(f); 1219 } else 1220 errlog(ERRORMSG, "Cannot open %s!\n", DSAPARAMS); 1221 buf_free(p); 1222 } 1223 return (k); 1224 } else { 1225 if (d == NULL) { 1226 errlog(NOTICE, "Generating DH parameters. (This may take a long time!)\n"); 1227 d = DH_generate_parameters(bits, DH_GENERATOR_5, NULL, NULL); 1228 p = buf_new(); 1229 l = BN_bn2bin(d->p, b); 1230 buf_appendi(p, l); 1231 buf_append(p, b, l); 1232 l = BN_bn2bin(d->g, b); 1233 buf_appendi(p, l); 1234 buf_append(p, b, l); 1235 encode(p, 64); 1236 f = mix_openfile(DHPARAMS, "a"); 1237 if (f != NULL) { 1238 fprintf(f, "%s\n%d\n", begin_param, bits); 1239 buf_write(p, f); 1240 fprintf(f, "%s\n", end_param); 1241 fclose(f); 1242 } else 1243 errlog(ERRORMSG, "Cannot open %s!\n", DHPARAMS); 1244 buf_free(p); 1245 } 1246 return (d); 1247 } 1248 } 1249 1250 int pgp_dhkeygen(int bits, BUFFER *userid, BUFFER *pass, char *pubring, 1251 char *secring, int remail) 1252 /* remail==2: encrypt the secring */ 1253 { 1254 DSA *s; 1255 DH *e; 1256 KEYRING *keydb; 1257 BUFFER *pkey, *skey, *subkey, *secret; 1258 BUFFER *dk, *sig, *iv, *p; 1259 long now; 1260 int err = 0; 1261 1262 pkey = buf_new(); 1263 skey = buf_new(); 1264 subkey = buf_new(); 1265 iv = buf_new(); 1266 dk = buf_new(); 1267 p = buf_new(); 1268 sig = buf_new(); 1269 secret = buf_new(); 1270 1271 s = params(1, bits); 1272 errlog(NOTICE, "Generating OpenPGP DSA key.\n"); 1273 if (s == NULL || DSA_generate_key(s) != 1) { 1274 err = -1; 1275 goto end; 1276 } 1277 e = params(0, bits); 1278 errlog(NOTICE, "Generating OpenPGP ElGamal key.\n"); 1279 if (e == NULL || DH_generate_key(e) != 1) { 1280 err = -1; 1281 goto end; 1282 } 1283 1284 now = time(NULL); 1285 if (remail) /* fake time in nym keys */ 1286 now -= rnd_number(4 * 24 * 60 * 60); 1287 1288 /* DSA key */ 1289 buf_setc(skey, 4); 1290 buf_appendl(skey, now); 1291 buf_appendc(skey, PGP_S_DSA); 1292 mpi_bnput(skey, s->p); 1293 mpi_bnput(skey, s->q); 1294 mpi_bnput(skey, s->g); 1295 mpi_bnput(skey, s->pub_key); 1296 1297 mpi_bnput(secret, s->priv_key); 1298 buf_appendi(secret, pgp_csum(secret, 0)); 1299 makeski(secret, pass, remail); 1300 buf_cat(skey, secret); 1301 pgp_packet(skey, PGP_SECKEY); 1302 1303 /* ElGamal key */ 1304 buf_setc(subkey, 4); 1305 buf_appendl(subkey, now); 1306 buf_appendc(subkey, PGP_E_ELG); 1307 mpi_bnput(subkey, e->p); 1308 mpi_bnput(subkey, e->g); 1309 mpi_bnput(subkey, e->pub_key); 1310 1311 buf_clear(secret); 1312 mpi_bnput(secret, e->priv_key); 1313 buf_appendi(secret, pgp_csum(secret, 0)); 1314 makeski(secret, pass, remail); 1315 buf_cat(subkey, secret); 1316 1317 buf_set(p, userid); 1318 pgp_packet(p, PGP_USERID); 1319 buf_cat(skey, p); 1320 1321 pgp_packet(subkey, PGP_SECSUBKEY); 1322 buf_cat(skey, subkey); 1323 1324 if (secring == NULL) 1325 secring = PGPREMSECRING; 1326 keydb = pgpdb_open(secring, remail == 2 ? pass : NULL, 1, PGP_TYPE_PRIVATE); 1327 if (keydb == NULL) { 1328 err = -1; 1329 goto end; 1330 } 1331 if (keydb->filetype == -1) 1332 keydb->filetype = ARMORED; 1333 pgpdb_append(keydb, skey); 1334 pgpdb_close(keydb); 1335 1336 if (pubring != NULL) { 1337 pgp_makepubkey(skey, NULL, pkey, pass, 0); 1338 keydb = pgpdb_open(pubring, NULL, 1, PGP_TYPE_PUBLIC); 1339 if (keydb == NULL) 1340 goto end; 1341 if (keydb->filetype == -1) 1342 keydb->filetype = ARMORED; 1343 pgpdb_append(keydb, pkey); 1344 pgpdb_close(keydb); 1345 } 1346 end: 1347 buf_free(pkey); 1348 buf_free(skey); 1349 buf_free(subkey); 1350 buf_free(iv); 1351 buf_free(dk); 1352 buf_free(p); 1353 buf_free(sig); 1354 buf_free(secret); 1355 return (err); 1356 } 1357 1358 int pgp_dsasign(BUFFER *data, BUFFER *key, BUFFER *out) 1359 { 1360 BUFFER *mpi, *b; 1361 DSA *d; 1362 DSA_SIG *sig = NULL; 1363 1364 d = DSA_new(); 1365 b = buf_new(); 1366 mpi = buf_new(); 1367 mpi_get(key, mpi); 1368 d->p = BN_bin2bn(mpi->data, mpi->length, NULL); 1369 mpi_get(key, mpi); 1370 d->q = BN_bin2bn(mpi->data, mpi->length, NULL); 1371 mpi_get(key, mpi); 1372 d->g = BN_bin2bn(mpi->data, mpi->length, NULL); 1373 mpi_get(key, mpi); 1374 d->pub_key = BN_bin2bn(mpi->data, mpi->length, NULL); 1375 if (mpi_get(key, mpi) == -1) { 1376 goto end; 1377 } 1378 d->priv_key = BN_bin2bn(mpi->data, mpi->length, NULL); 1379 1380 sig = DSA_do_sign(data->data, data->length, d); 1381 if (sig) { 1382 buf_prepare(b, BN_num_bytes(sig->r)); 1383 b->length = BN_bn2bin(sig->r, b->data); 1384 mpi_put(out, b); 1385 b->length = BN_bn2bin(sig->s, b->data); 1386 mpi_put(out, b); 1387 } 1388 end: 1389 buf_free(mpi); 1390 buf_free(b); 1391 DSA_SIG_free(sig); 1392 DSA_free(d); 1393 return(sig ? 0 : -1); 1394 } 1395 1396 int pgp_dosign(int algo, BUFFER *data, BUFFER *key) 1397 { 1398 int err; 1399 BUFFER *out, *r, *s; 1400 1401 out = buf_new(); 1402 r = buf_new(); 1403 s = buf_new(); 1404 switch (algo) { 1405 case PGP_ES_RSA: 1406 err = pgp_rsa(data, key, PK_SIGN); 1407 if (err == 0) 1408 mpi_put(out, data); 1409 break; 1410 case PGP_S_DSA: 1411 err = pgp_dsasign(data, key, out); 1412 break; 1413 default: 1414 errlog(NOTICE, "Unknown encryption algorithm!\n"); 1415 return (-1); 1416 } 1417 if (err == -1) 1418 errlog(ERRORMSG, "Signing operation failed!\n"); 1419 1420 buf_move(data, out); 1421 buf_free(out); 1422 buf_free(r); 1423 buf_free(s); 1424 return (err); 1425 } 1426 1427 int pgp_elgdecrypt(BUFFER *in, BUFFER *key) 1428 { 1429 BIGNUM *a = NULL, *b = NULL, *c = NULL, 1430 *p = NULL, *g = NULL, *x = NULL; 1431 BN_CTX *ctx; 1432 BUFFER *i; 1433 int err = -1; 1434 1435 i = buf_new(); 1436 ctx = BN_CTX_new(); 1437 if (ctx == NULL) goto end; 1438 mpi_get(key, i); 1439 p = BN_bin2bn(i->data, i->length, NULL); 1440 mpi_get(key, i); 1441 g = BN_bin2bn(i->data, i->length, NULL); 1442 mpi_get(key, i); /* y */ 1443 mpi_get(key, i); 1444 x = BN_bin2bn(i->data, i->length, NULL); 1445 mpi_get(in, i); 1446 a = BN_bin2bn(i->data, i->length, NULL); 1447 if (mpi_get(in, i) == -1) 1448 goto e1; 1449 b = BN_bin2bn(i->data, i->length, NULL); 1450 c = BN_new(); 1451 1452 if (BN_mod_exp(c, a, x, p, ctx) == 0) goto end; 1453 if (BN_mod_inverse(a, c, p, ctx) == 0) goto end; 1454 if (BN_mod_mul(c, a, b, p, ctx) == 0) goto end; 1455 1456 buf_prepare(i, BN_num_bytes(c)); 1457 i->length = BN_bn2bin(c, i->data); 1458 1459 buf_prepare(in, BN_num_bytes(c)); 1460 in->length = RSA_padding_check_PKCS1_type_2(in->data, in->length, i->data, 1461 i->length, i->length + 1); 1462 if (in->length <= 0) 1463 in->length = 0; 1464 else 1465 err = 0; 1466 1467 end: 1468 BN_free(b); 1469 BN_free(c); 1470 e1: 1471 buf_free(i); 1472 BN_free(a); 1473 BN_free(p); 1474 BN_free(g); 1475 BN_clear_free(x); 1476 BN_CTX_free(ctx); 1477 1478 return (err); 1479 } 1480 1481 int pgp_elgencrypt(BUFFER *in, BUFFER *key) 1482 { 1483 BIGNUM *m, *k, *a, *b, *c, *p, *g, *y = NULL; 1484 BN_CTX *ctx; 1485 BUFFER *i; 1486 int err = -1; 1487 1488 i = buf_new(); 1489 ctx = BN_CTX_new(); 1490 if (ctx == NULL) goto end; 1491 mpi_get(key, i); 1492 p = BN_bin2bn(i->data, i->length, NULL); 1493 mpi_get(key, i); 1494 g = BN_bin2bn(i->data, i->length, NULL); 1495 if (mpi_get(key, i) == -1) 1496 goto e1; 1497 y = BN_bin2bn(i->data, i->length, NULL); 1498 1499 buf_prepare(i, BN_num_bytes(p)); 1500 if (RSA_padding_add_PKCS1_type_2(i->data, i->length, in->data, in->length) 1501 != 1) 1502 goto end; 1503 m = BN_bin2bn(i->data, i->length, NULL); 1504 1505 k = BN_new(); 1506 BN_rand(k, BN_num_bits(p), 0, 0); 1507 1508 a = BN_new(); 1509 b = BN_new(); 1510 c = BN_new(); 1511 1512 if (BN_mod_exp(a, g, k, p, ctx) == 0) goto end; 1513 if (BN_mod_exp(c, y, k, p, ctx) == 0) goto end; 1514 if (BN_mod_mul(b, m, c, p, ctx) == 0) goto end; 1515 1516 buf_clear(in); 1517 i->length = BN_bn2bin(a, i->data); 1518 mpi_put(in, i); 1519 i->length = BN_bn2bin(b, i->data); 1520 mpi_put(in, i); 1521 1522 err = 0; 1523 1524 BN_free(a); 1525 BN_free(b); 1526 BN_free(c); 1527 BN_free(m); 1528 e1: 1529 buf_free(i); 1530 BN_free(p); 1531 BN_free(g); 1532 BN_free(y); 1533 BN_CTX_free(ctx); 1534 end: 1535 1536 return (err); 1537 } 1538 1539 #endif /* USE_PGP */