Pullup ticket #4816 - requested by agc security/netpgpverify: bug fix patch security/libnetpgpverify: bug fix patch Revisions pulled up: - pkgsrc/security/netpgpverify: Makefile 1.17 - pkgsrc/security/netpgpverify/files/digest.c 1.4 - pkgsrc/security/netpgpverify/files/misc.c 1.4 - pkgsrc/security/netpgpverify/files/rsa.c 1.4 - pkgsrc/security/netpgpverify/files/verify.h 1.16 --- Module Name: pkgsrc Committed By: agc Date: Fri Sep 25 15:46:58 UTC 2015 Modified Files: pkgsrc/security/netpgpverify: Makefile pkgsrc/security/netpgpverify/files: digest.c misc.c rsa.c verify.h Log Message: Update netpgpverify, and libnetpgpverify, from version 20150911 to version 20150919 Changes: + get rid of unnecessary header inclusion (sys/syslog.h), which gives problems on HP/UX and is unused from Tobias Nygrendiff -r1.16 -r1.16.2.1 pkgsrc/security/netpgpverify/Makefile
(ryoon)
@@ -1,21 +1,21 @@ | @@ -1,21 +1,21 @@ | |||
1 | # $NetBSD: Makefile,v 1.16 2015/09/12 02:19:06 agc Exp $ | 1 | # $NetBSD: Makefile,v 1.16.2.1 2015/09/26 06:04:13 ryoon Exp $ | |
2 | 2 | |||
3 | DISTNAME= netpgpverify-20150911 | 3 | DISTNAME= netpgpverify-20150919 | |
4 | CATEGORIES= security | 4 | CATEGORIES= security | |
5 | MASTER_SITES= # empty | 5 | MASTER_SITES= # empty | |
6 | DISTFILES= # empty | 6 | DISTFILES= # empty | |
7 | 7 | |||
8 | MAINTAINER= agc@NetBSD.org | 8 | MAINTAINER= agc@NetBSD.org | |
9 | HOMEPAGE= http://www.NetBSD.org/ | 9 | HOMEPAGE= http://www.NetBSD.org/ | |
10 | COMMENT= Standalone PGP and ssh signature verification utility | 10 | COMMENT= Standalone PGP and ssh signature verification utility | |
11 | LICENSE= modified-bsd | 11 | LICENSE= modified-bsd | |
12 | 12 | |||
13 | AUTO_MKDIRS= yes | 13 | AUTO_MKDIRS= yes | |
14 | GNU_CONFIGURE= yes | 14 | GNU_CONFIGURE= yes | |
15 | 15 | |||
16 | TEST_TARGET= tst | 16 | TEST_TARGET= tst | |
17 | 17 | |||
18 | do-extract: | 18 | do-extract: | |
19 | @${CP} -R ${FILESDIR} ${WRKSRC} | 19 | @${CP} -R ${FILESDIR} ${WRKSRC} | |
20 | 20 | |||
21 | .include "../../mk/bsd.pkg.mk" | 21 | .include "../../mk/bsd.pkg.mk" |
@@ -1,306 +1,305 @@ | @@ -1,306 +1,305 @@ | |||
1 | /*- | 1 | /*- | |
2 | * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org> | 2 | * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org> | |
3 | * All rights reserved. | 3 | * All rights reserved. | |
4 | * | 4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | 7 | * are met: | |
8 | * 1. Redistributions of source code must retain the above copyright | 8 | * 1. Redistributions of source code must retain the above copyright | |
9 | * notice, this list of conditions and the following disclaimer. | 9 | * notice, this list of conditions and the following disclaimer. | |
10 | * 2. Redistributions in binary form must reproduce the above copyright | 10 | * 2. Redistributions in binary form must reproduce the above copyright | |
11 | * notice, this list of conditions and the following disclaimer in the | 11 | * notice, this list of conditions and the following disclaimer in the | |
12 | * documentation and/or other materials provided with the distribution. | 12 | * documentation and/or other materials provided with the distribution. | |
13 | * | 13 | * | |
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | */ | 24 | */ | |
25 | #include "config.h" | 25 | #include "config.h" | |
26 | 26 | |||
27 | #include <sys/types.h> | 27 | #include <sys/types.h> | |
28 | #include <sys/stat.h> | 28 | #include <sys/stat.h> | |
29 | #include <sys/param.h> | 29 | #include <sys/param.h> | |
30 | #include <sys/syslog.h> | |||
31 | 30 | |||
32 | #include <arpa/inet.h> | 31 | #include <arpa/inet.h> | |
33 | #include <ctype.h> | 32 | #include <ctype.h> | |
34 | #include <inttypes.h> | 33 | #include <inttypes.h> | |
35 | #include <stdarg.h> | 34 | #include <stdarg.h> | |
36 | #include <stdio.h> | 35 | #include <stdio.h> | |
37 | #include <stdlib.h> | 36 | #include <stdlib.h> | |
38 | #include <string.h> | 37 | #include <string.h> | |
39 | #include <time.h> | 38 | #include <time.h> | |
40 | #include <unistd.h> | 39 | #include <unistd.h> | |
41 | 40 | |||
42 | #include "md5.h" | 41 | #include "md5.h" | |
43 | #include "rmd160.h" | 42 | #include "rmd160.h" | |
44 | #include "sha1.h" | 43 | #include "sha1.h" | |
45 | #include "sha2.h" | 44 | #include "sha2.h" | |
46 | 45 | |||
47 | #include "digest.h" | 46 | #include "digest.h" | |
48 | 47 | |||
49 | static uint8_t prefix_md5[] = { | 48 | static uint8_t prefix_md5[] = { | |
50 | 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, | 49 | 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, | |
51 | 0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 | 50 | 0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 | |
52 | }; | 51 | }; | |
53 | 52 | |||
54 | static uint8_t prefix_sha1[] = { | 53 | static uint8_t prefix_sha1[] = { | |
55 | 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0E, 0x03, 0x02, | 54 | 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0E, 0x03, 0x02, | |
56 | 0x1A, 0x05, 0x00, 0x04, 0x14 | 55 | 0x1A, 0x05, 0x00, 0x04, 0x14 | |
57 | }; | 56 | }; | |
58 | 57 | |||
59 | static uint8_t prefix_sha256[] = { | 58 | static uint8_t prefix_sha256[] = { | |
60 | 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, | 59 | 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, | |
61 | 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 | 60 | 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 | |
62 | }; | 61 | }; | |
63 | 62 | |||
64 | static uint64_t prefix_tiger[] = { | 63 | static uint64_t prefix_tiger[] = { | |
65 | 0x0123456789ABCDEFLL, | 64 | 0x0123456789ABCDEFLL, | |
66 | 0xFEDCBA9876543210LL, | 65 | 0xFEDCBA9876543210LL, | |
67 | 0xF096A5B4C3B2E187LL | 66 | 0xF096A5B4C3B2E187LL | |
68 | }; | 67 | }; | |
69 | 68 | |||
70 | static uint8_t prefix_rmd160[] = { | 69 | static uint8_t prefix_rmd160[] = { | |
71 | 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, | 70 | 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, | |
72 | 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 | 71 | 0x03, 0x02, 0x01, 0x05, 0x00, 0x04, 0x14 | |
73 | }; | 72 | }; | |
74 | 73 | |||
75 | static uint8_t prefix_sha512[] = { | 74 | static uint8_t prefix_sha512[] = { | |
76 | 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, | 75 | 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, | |
77 | 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 | 76 | 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 | |
78 | }; | 77 | }; | |
79 | 78 | |||
80 | #define V4_SIGNATURE 4 | 79 | #define V4_SIGNATURE 4 | |
81 | 80 | |||
82 | /*************************************************************************/ | 81 | /*************************************************************************/ | |
83 | 82 | |||
84 | /* algorithm size (raw) */ | 83 | /* algorithm size (raw) */ | |
85 | int | 84 | int | |
86 | digest_alg_size(unsigned alg) | 85 | digest_alg_size(unsigned alg) | |
87 | { | 86 | { | |
88 | switch(alg) { | 87 | switch(alg) { | |
89 | case MD5_HASH_ALG: | 88 | case MD5_HASH_ALG: | |
90 | return 16; | 89 | return 16; | |
91 | case SHA1_HASH_ALG: | 90 | case SHA1_HASH_ALG: | |
92 | return 20; | 91 | return 20; | |
93 | case RIPEMD_HASH_ALG: | 92 | case RIPEMD_HASH_ALG: | |
94 | return RMD160_DIGEST_LENGTH; | 93 | return RMD160_DIGEST_LENGTH; | |
95 | case SHA256_HASH_ALG: | 94 | case SHA256_HASH_ALG: | |
96 | return 32; | 95 | return 32; | |
97 | case SHA512_HASH_ALG: | 96 | case SHA512_HASH_ALG: | |
98 | return 64; | 97 | return 64; | |
99 | case TIGER_HASH_ALG: | 98 | case TIGER_HASH_ALG: | |
100 | case TIGER2_HASH_ALG: | 99 | case TIGER2_HASH_ALG: | |
101 | return TIGER_DIGEST_LENGTH; | 100 | return TIGER_DIGEST_LENGTH; | |
102 | default: | 101 | default: | |
103 | printf("hash_any: bad algorithm\n"); | 102 | printf("hash_any: bad algorithm\n"); | |
104 | return 0; | 103 | return 0; | |
105 | } | 104 | } | |
106 | } | 105 | } | |
107 | 106 | |||
108 | /* initialise the hash structure */ | 107 | /* initialise the hash structure */ | |
109 | int | 108 | int | |
110 | digest_init(digest_t *hash, const uint32_t hashalg) | 109 | digest_init(digest_t *hash, const uint32_t hashalg) | |
111 | { | 110 | { | |
112 | if (hash == NULL) { | 111 | if (hash == NULL) { | |
113 | return 0; | 112 | return 0; | |
114 | } | 113 | } | |
115 | switch(hash->alg = hashalg) { | 114 | switch(hash->alg = hashalg) { | |
116 | case MD5_HASH_ALG: | 115 | case MD5_HASH_ALG: | |
117 | netpgpv_MD5Init(&hash->u.md5ctx); | 116 | netpgpv_MD5Init(&hash->u.md5ctx); | |
118 | hash->size = 16; | 117 | hash->size = 16; | |
119 | hash->prefix = prefix_md5; | 118 | hash->prefix = prefix_md5; | |
120 | hash->len = sizeof(prefix_md5); | 119 | hash->len = sizeof(prefix_md5); | |
121 | hash->ctx = &hash->u.md5ctx; | 120 | hash->ctx = &hash->u.md5ctx; | |
122 | return 1; | 121 | return 1; | |
123 | case SHA1_HASH_ALG: | 122 | case SHA1_HASH_ALG: | |
124 | netpgpv_SHA1Init(&hash->u.sha1ctx); | 123 | netpgpv_SHA1Init(&hash->u.sha1ctx); | |
125 | hash->size = 20; | 124 | hash->size = 20; | |
126 | hash->prefix = prefix_sha1; | 125 | hash->prefix = prefix_sha1; | |
127 | hash->len = sizeof(prefix_sha1); | 126 | hash->len = sizeof(prefix_sha1); | |
128 | hash->ctx = &hash->u.sha1ctx; | 127 | hash->ctx = &hash->u.sha1ctx; | |
129 | return 1; | 128 | return 1; | |
130 | case RIPEMD_HASH_ALG: | 129 | case RIPEMD_HASH_ALG: | |
131 | netpgpv_RMD160Init(&hash->u.rmd160ctx); | 130 | netpgpv_RMD160Init(&hash->u.rmd160ctx); | |
132 | hash->size = 20; | 131 | hash->size = 20; | |
133 | hash->prefix = prefix_rmd160; | 132 | hash->prefix = prefix_rmd160; | |
134 | hash->len = sizeof(prefix_rmd160); | 133 | hash->len = sizeof(prefix_rmd160); | |
135 | hash->ctx = &hash->u.rmd160ctx; | 134 | hash->ctx = &hash->u.rmd160ctx; | |
136 | return 1; | 135 | return 1; | |
137 | case SHA256_HASH_ALG: | 136 | case SHA256_HASH_ALG: | |
138 | netpgpv_SHA256_Init(&hash->u.sha256ctx); | 137 | netpgpv_SHA256_Init(&hash->u.sha256ctx); | |
139 | hash->size = 32; | 138 | hash->size = 32; | |
140 | hash->prefix = prefix_sha256; | 139 | hash->prefix = prefix_sha256; | |
141 | hash->len = sizeof(prefix_sha256); | 140 | hash->len = sizeof(prefix_sha256); | |
142 | hash->ctx = &hash->u.sha256ctx; | 141 | hash->ctx = &hash->u.sha256ctx; | |
143 | return 1; | 142 | return 1; | |
144 | case SHA512_HASH_ALG: | 143 | case SHA512_HASH_ALG: | |
145 | netpgpv_SHA512_Init(&hash->u.sha512ctx); | 144 | netpgpv_SHA512_Init(&hash->u.sha512ctx); | |
146 | hash->size = 64; | 145 | hash->size = 64; | |
147 | hash->prefix = prefix_sha512; | 146 | hash->prefix = prefix_sha512; | |
148 | hash->len = sizeof(prefix_sha512); | 147 | hash->len = sizeof(prefix_sha512); | |
149 | hash->ctx = &hash->u.sha512ctx; | 148 | hash->ctx = &hash->u.sha512ctx; | |
150 | return 1; | 149 | return 1; | |
151 | case TIGER_HASH_ALG: | 150 | case TIGER_HASH_ALG: | |
152 | netpgpv_TIGER_Init(&hash->u.tigerctx); | 151 | netpgpv_TIGER_Init(&hash->u.tigerctx); | |
153 | hash->size = TIGER_DIGEST_LENGTH; | 152 | hash->size = TIGER_DIGEST_LENGTH; | |
154 | hash->prefix = prefix_tiger; | 153 | hash->prefix = prefix_tiger; | |
155 | hash->len = sizeof(prefix_tiger); | 154 | hash->len = sizeof(prefix_tiger); | |
156 | hash->ctx = &hash->u.tigerctx; | 155 | hash->ctx = &hash->u.tigerctx; | |
157 | return 1; | 156 | return 1; | |
158 | case TIGER2_HASH_ALG: | 157 | case TIGER2_HASH_ALG: | |
159 | netpgpv_TIGER2_Init(&hash->u.tigerctx); | 158 | netpgpv_TIGER2_Init(&hash->u.tigerctx); | |
160 | hash->size = TIGER_DIGEST_LENGTH; | 159 | hash->size = TIGER_DIGEST_LENGTH; | |
161 | hash->prefix = prefix_tiger; | 160 | hash->prefix = prefix_tiger; | |
162 | hash->len = sizeof(prefix_tiger); | 161 | hash->len = sizeof(prefix_tiger); | |
163 | hash->ctx = &hash->u.tigerctx; | 162 | hash->ctx = &hash->u.tigerctx; | |
164 | return 1; | 163 | return 1; | |
165 | default: | 164 | default: | |
166 | printf("hash_any: bad algorithm\n"); | 165 | printf("hash_any: bad algorithm\n"); | |
167 | return 0; | 166 | return 0; | |
168 | } | 167 | } | |
169 | } | 168 | } | |
170 | 169 | |||
171 | typedef struct rec_t { | 170 | typedef struct rec_t { | |
172 | const char *s; | 171 | const char *s; | |
173 | const unsigned alg; | 172 | const unsigned alg; | |
174 | } rec_t; | 173 | } rec_t; | |
175 | 174 | |||
176 | static rec_t hashalgs[] = { | 175 | static rec_t hashalgs[] = { | |
177 | { "md5", MD5_HASH_ALG }, | 176 | { "md5", MD5_HASH_ALG }, | |
178 | { "sha1", SHA1_HASH_ALG }, | 177 | { "sha1", SHA1_HASH_ALG }, | |
179 | { "ripemd", RIPEMD_HASH_ALG }, | 178 | { "ripemd", RIPEMD_HASH_ALG }, | |
180 | { "sha256", SHA256_HASH_ALG }, | 179 | { "sha256", SHA256_HASH_ALG }, | |
181 | { "sha512", SHA512_HASH_ALG }, | 180 | { "sha512", SHA512_HASH_ALG }, | |
182 | { "tiger", TIGER_HASH_ALG }, | 181 | { "tiger", TIGER_HASH_ALG }, | |
183 | { "tiger2", TIGER2_HASH_ALG }, | 182 | { "tiger2", TIGER2_HASH_ALG }, | |
184 | { NULL, 0 } | 183 | { NULL, 0 } | |
185 | }; | 184 | }; | |
186 | 185 | |||
187 | /* initialise by string alg name */ | 186 | /* initialise by string alg name */ | |
188 | unsigned | 187 | unsigned | |
189 | digest_get_alg(const char *hashalg) | 188 | digest_get_alg(const char *hashalg) | |
190 | { | 189 | { | |
191 | rec_t *r; | 190 | rec_t *r; | |
192 | 191 | |||
193 | for (r = hashalgs ; hashalg && r->s ; r++) { | 192 | for (r = hashalgs ; hashalg && r->s ; r++) { | |
194 | if (strcasecmp(r->s, hashalg) == 0) { | 193 | if (strcasecmp(r->s, hashalg) == 0) { | |
195 | return r->alg; | 194 | return r->alg; | |
196 | } | 195 | } | |
197 | } | 196 | } | |
198 | return 0; | 197 | return 0; | |
199 | } | 198 | } | |
200 | 199 | |||
201 | int | 200 | int | |
202 | digest_update(digest_t *hash, const uint8_t *data, size_t length) | 201 | digest_update(digest_t *hash, const uint8_t *data, size_t length) | |
203 | { | 202 | { | |
204 | if (hash == NULL || data == NULL) { | 203 | if (hash == NULL || data == NULL) { | |
205 | return 0; | 204 | return 0; | |
206 | } | 205 | } | |
207 | switch(hash->alg) { | 206 | switch(hash->alg) { | |
208 | case MD5_HASH_ALG: | 207 | case MD5_HASH_ALG: | |
209 | netpgpv_MD5Update(hash->ctx, data, (unsigned)length); | 208 | netpgpv_MD5Update(hash->ctx, data, (unsigned)length); | |
210 | return 1; | 209 | return 1; | |
211 | case SHA1_HASH_ALG: | 210 | case SHA1_HASH_ALG: | |
212 | netpgpv_SHA1Update(hash->ctx, data, (unsigned)length); | 211 | netpgpv_SHA1Update(hash->ctx, data, (unsigned)length); | |
213 | return 1; | 212 | return 1; | |
214 | case RIPEMD_HASH_ALG: | 213 | case RIPEMD_HASH_ALG: | |
215 | netpgpv_RMD160Update(hash->ctx, data, (unsigned)length); | 214 | netpgpv_RMD160Update(hash->ctx, data, (unsigned)length); | |
216 | return 1; | 215 | return 1; | |
217 | case SHA256_HASH_ALG: | 216 | case SHA256_HASH_ALG: | |
218 | netpgpv_SHA256_Update(hash->ctx, data, length); | 217 | netpgpv_SHA256_Update(hash->ctx, data, length); | |
219 | return 1; | 218 | return 1; | |
220 | case SHA512_HASH_ALG: | 219 | case SHA512_HASH_ALG: | |
221 | netpgpv_SHA512_Update(hash->ctx, data, length); | 220 | netpgpv_SHA512_Update(hash->ctx, data, length); | |
222 | return 1; | 221 | return 1; | |
223 | case TIGER_HASH_ALG: | 222 | case TIGER_HASH_ALG: | |
224 | case TIGER2_HASH_ALG: | 223 | case TIGER2_HASH_ALG: | |
225 | netpgpv_TIGER_Update(hash->ctx, data, length); | 224 | netpgpv_TIGER_Update(hash->ctx, data, length); | |
226 | return 1; | 225 | return 1; | |
227 | default: | 226 | default: | |
228 | printf("hash_any: bad algorithm\n"); | 227 | printf("hash_any: bad algorithm\n"); | |
229 | return 0; | 228 | return 0; | |
230 | } | 229 | } | |
231 | } | 230 | } | |
232 | 231 | |||
233 | unsigned | 232 | unsigned | |
234 | digest_final(uint8_t *out, digest_t *hash) | 233 | digest_final(uint8_t *out, digest_t *hash) | |
235 | { | 234 | { | |
236 | if (hash == NULL || out == NULL) { | 235 | if (hash == NULL || out == NULL) { | |
237 | return 0; | 236 | return 0; | |
238 | } | 237 | } | |
239 | switch(hash->alg) { | 238 | switch(hash->alg) { | |
240 | case MD5_HASH_ALG: | 239 | case MD5_HASH_ALG: | |
241 | netpgpv_MD5Final(out, hash->ctx); | 240 | netpgpv_MD5Final(out, hash->ctx); | |
242 | break; | 241 | break; | |
243 | case SHA1_HASH_ALG: | 242 | case SHA1_HASH_ALG: | |
244 | netpgpv_SHA1Final(out, hash->ctx); | 243 | netpgpv_SHA1Final(out, hash->ctx); | |
245 | break; | 244 | break; | |
246 | case RIPEMD_HASH_ALG: | 245 | case RIPEMD_HASH_ALG: | |
247 | netpgpv_RMD160Final(out, hash->ctx); | 246 | netpgpv_RMD160Final(out, hash->ctx); | |
248 | break; | 247 | break; | |
249 | case SHA256_HASH_ALG: | 248 | case SHA256_HASH_ALG: | |
250 | netpgpv_SHA256_Final(out, hash->ctx); | 249 | netpgpv_SHA256_Final(out, hash->ctx); | |
251 | break; | 250 | break; | |
252 | case SHA512_HASH_ALG: | 251 | case SHA512_HASH_ALG: | |
253 | netpgpv_SHA512_Final(out, hash->ctx); | 252 | netpgpv_SHA512_Final(out, hash->ctx); | |
254 | break; | 253 | break; | |
255 | case TIGER_HASH_ALG: | 254 | case TIGER_HASH_ALG: | |
256 | netpgpv_TIGER_Final(out, hash->ctx); | 255 | netpgpv_TIGER_Final(out, hash->ctx); | |
257 | break; | 256 | break; | |
258 | default: | 257 | default: | |
259 | printf("hash_any: bad algorithm\n"); | 258 | printf("hash_any: bad algorithm\n"); | |
260 | return 0; | 259 | return 0; | |
261 | } | 260 | } | |
262 | (void) memset(hash->ctx, 0x0, hash->size); | 261 | (void) memset(hash->ctx, 0x0, hash->size); | |
263 | return (unsigned)hash->size; | 262 | return (unsigned)hash->size; | |
264 | } | 263 | } | |
265 | 264 | |||
266 | int | 265 | int | |
267 | digest_length(digest_t *hash, unsigned hashedlen) | 266 | digest_length(digest_t *hash, unsigned hashedlen) | |
268 | { | 267 | { | |
269 | uint8_t trailer[6]; | 268 | uint8_t trailer[6]; | |
270 | 269 | |||
271 | if (hash == NULL) { | 270 | if (hash == NULL) { | |
272 | return 0; | 271 | return 0; | |
273 | } | 272 | } | |
274 | trailer[0] = V4_SIGNATURE; | 273 | trailer[0] = V4_SIGNATURE; | |
275 | trailer[1] = 0xFF; | 274 | trailer[1] = 0xFF; | |
276 | trailer[2] = (uint8_t)((hashedlen >> 24) & 0xff); | 275 | trailer[2] = (uint8_t)((hashedlen >> 24) & 0xff); | |
277 | trailer[3] = (uint8_t)((hashedlen >> 16) & 0xff); | 276 | trailer[3] = (uint8_t)((hashedlen >> 16) & 0xff); | |
278 | trailer[4] = (uint8_t)((hashedlen >> 8) & 0xff); | 277 | trailer[4] = (uint8_t)((hashedlen >> 8) & 0xff); | |
279 | trailer[5] = (uint8_t)(hashedlen & 0xff); | 278 | trailer[5] = (uint8_t)(hashedlen & 0xff); | |
280 | digest_update(hash, trailer, sizeof(trailer)); | 279 | digest_update(hash, trailer, sizeof(trailer)); | |
281 | return 1; | 280 | return 1; | |
282 | } | 281 | } | |
283 | 282 | |||
284 | unsigned | 283 | unsigned | |
285 | digest_get_prefix(unsigned hashalg, uint8_t *prefix, size_t size) | 284 | digest_get_prefix(unsigned hashalg, uint8_t *prefix, size_t size) | |
286 | { | 285 | { | |
287 | USE_ARG(size); | 286 | USE_ARG(size); | |
288 | if (prefix == NULL) { | 287 | if (prefix == NULL) { | |
289 | return 0; | 288 | return 0; | |
290 | } | 289 | } | |
291 | switch (hashalg) { | 290 | switch (hashalg) { | |
292 | case MD5_HASH_ALG: | 291 | case MD5_HASH_ALG: | |
293 | memcpy(prefix, prefix_md5, sizeof(prefix_md5)); | 292 | memcpy(prefix, prefix_md5, sizeof(prefix_md5)); | |
294 | return sizeof(prefix_md5); | 293 | return sizeof(prefix_md5); | |
295 | case SHA1_HASH_ALG: | 294 | case SHA1_HASH_ALG: | |
296 | memcpy(prefix, prefix_sha1, sizeof(prefix_sha1)); | 295 | memcpy(prefix, prefix_sha1, sizeof(prefix_sha1)); | |
297 | return sizeof(prefix_sha1); | 296 | return sizeof(prefix_sha1); | |
298 | case SHA256_HASH_ALG: | 297 | case SHA256_HASH_ALG: | |
299 | memcpy(prefix, prefix_sha256, sizeof(prefix_sha256)); | 298 | memcpy(prefix, prefix_sha256, sizeof(prefix_sha256)); | |
300 | return sizeof(prefix_sha256); | 299 | return sizeof(prefix_sha256); | |
301 | default: | 300 | default: | |
302 | printf("digest_get_prefix: unknown hash algorithm: %d\n", hashalg); | 301 | printf("digest_get_prefix: unknown hash algorithm: %d\n", hashalg); | |
303 | return 0; | 302 | return 0; | |
304 | } | 303 | } | |
305 | } | 304 | } | |
306 | 305 |
@@ -1,697 +1,696 @@ | @@ -1,697 +1,696 @@ | |||
1 | /*- | 1 | /*- | |
2 | * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org> | 2 | * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org> | |
3 | * All rights reserved. | 3 | * All rights reserved. | |
4 | * | 4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | 7 | * are met: | |
8 | * 1. Redistributions of source code must retain the above copyright | 8 | * 1. Redistributions of source code must retain the above copyright | |
9 | * notice, this list of conditions and the following disclaimer. | 9 | * notice, this list of conditions and the following disclaimer. | |
10 | * 2. Redistributions in binary form must reproduce the above copyright | 10 | * 2. Redistributions in binary form must reproduce the above copyright | |
11 | * notice, this list of conditions and the following disclaimer in the | 11 | * notice, this list of conditions and the following disclaimer in the | |
12 | * documentation and/or other materials provided with the distribution. | 12 | * documentation and/or other materials provided with the distribution. | |
13 | * | 13 | * | |
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | */ | 24 | */ | |
25 | #include "config.h" | 25 | #include "config.h" | |
26 | 26 | |||
27 | #include <sys/types.h> | 27 | #include <sys/types.h> | |
28 | #include <sys/syslog.h> | |||
29 | 28 | |||
30 | #ifdef _KERNEL | 29 | #ifdef _KERNEL | |
31 | # include <sys/kmem.h> | 30 | # include <sys/kmem.h> | |
32 | #else | 31 | #else | |
33 | # include <stdio.h> | 32 | # include <stdio.h> | |
34 | # include <stdlib.h> | 33 | # include <stdlib.h> | |
35 | # include <string.h> | 34 | # include <string.h> | |
36 | # include <unistd.h> | 35 | # include <unistd.h> | |
37 | #endif | 36 | #endif | |
38 | 37 | |||
39 | #include "misc.h" | 38 | #include "misc.h" | |
40 | #include "digest.h" | 39 | #include "digest.h" | |
41 | #include "rsa.h" | 40 | #include "rsa.h" | |
42 | 41 | |||
43 | #ifndef USE_ARG | 42 | #ifndef USE_ARG | |
44 | #define USE_ARG(x) /*LINTED*/(void)&(x) | 43 | #define USE_ARG(x) /*LINTED*/(void)&(x) | |
45 | #endif | 44 | #endif | |
46 | 45 | |||
47 | #define RSA_MAX_MODULUS_BITS 16384 | 46 | #define RSA_MAX_MODULUS_BITS 16384 | |
48 | #define RSA_SMALL_MODULUS_BITS 3072 | 47 | #define RSA_SMALL_MODULUS_BITS 3072 | |
49 | #define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ | 48 | #define RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ | |
50 | 49 | |||
51 | static int | 50 | static int | |
52 | rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num) | 51 | rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num) | |
53 | { | 52 | { | |
54 | USE_ARG(num); | 53 | USE_ARG(num); | |
55 | if (flen > tlen) { | 54 | if (flen > tlen) { | |
56 | printf("r too large\n"); | 55 | printf("r too large\n"); | |
57 | return -1; | 56 | return -1; | |
58 | } | 57 | } | |
59 | (void) memset(to, 0x0, tlen - flen); | 58 | (void) memset(to, 0x0, tlen - flen); | |
60 | (void) memcpy(to + tlen - flen, from, flen); | 59 | (void) memcpy(to + tlen - flen, from, flen); | |
61 | return tlen; | 60 | return tlen; | |
62 | } | 61 | } | |
63 | 62 | |||
64 | static int | 63 | static int | |
65 | lowlevel_rsa_private_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa) | 64 | lowlevel_rsa_private_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa) | |
66 | { | 65 | { | |
67 | PGPV_BIGNUM *decbn; | 66 | PGPV_BIGNUM *decbn; | |
68 | PGPV_BIGNUM *signedbn; | 67 | PGPV_BIGNUM *signedbn; | |
69 | uint8_t *decbuf; | 68 | uint8_t *decbuf; | |
70 | int nbytes; | 69 | int nbytes; | |
71 | int signc; | 70 | int signc; | |
72 | int signedbytes; | 71 | int signedbytes; | |
73 | int r; | 72 | int r; | |
74 | 73 | |||
75 | decbuf = NULL; | 74 | decbuf = NULL; | |
76 | r = -1; | 75 | r = -1; | |
77 | decbn = PGPV_BN_new(); | 76 | decbn = PGPV_BN_new(); | |
78 | signedbn = PGPV_BN_new(); | 77 | signedbn = PGPV_BN_new(); | |
79 | nbytes = PGPV_BN_num_bytes(rsa->n); | 78 | nbytes = PGPV_BN_num_bytes(rsa->n); | |
80 | decbuf = netpgp_allocate(1, nbytes); | 79 | decbuf = netpgp_allocate(1, nbytes); | |
81 | /* add no padding */ | 80 | /* add no padding */ | |
82 | memcpy(decbuf, plain, plainc); | 81 | memcpy(decbuf, plain, plainc); | |
83 | PGPV_BN_bin2bn(decbuf, nbytes, decbn); | 82 | PGPV_BN_bin2bn(decbuf, nbytes, decbn); | |
84 | if (PGPV_BN_cmp(decbn, rsa->n) >= 0) { | 83 | if (PGPV_BN_cmp(decbn, rsa->n) >= 0) { | |
85 | printf("decbn too big\n"); | 84 | printf("decbn too big\n"); | |
86 | goto err; | 85 | goto err; | |
87 | } | 86 | } | |
88 | if (!PGPV_BN_mod_exp(signedbn, decbn, rsa->d, rsa->n, NULL)) { | 87 | if (!PGPV_BN_mod_exp(signedbn, decbn, rsa->d, rsa->n, NULL)) { | |
89 | printf("bad mod_exp\n"); | 88 | printf("bad mod_exp\n"); | |
90 | goto err; | 89 | goto err; | |
91 | } | 90 | } | |
92 | signedbytes = PGPV_BN_num_bytes(signedbn); | 91 | signedbytes = PGPV_BN_num_bytes(signedbn); | |
93 | signc = PGPV_BN_bn2bin(signedbn, &encbuf[nbytes - signedbytes]); | 92 | signc = PGPV_BN_bn2bin(signedbn, &encbuf[nbytes - signedbytes]); | |
94 | memset(encbuf, 0x0, nbytes - signc); | 93 | memset(encbuf, 0x0, nbytes - signc); | |
95 | r = nbytes; | 94 | r = nbytes; | |
96 | err: | 95 | err: | |
97 | netpgp_deallocate(decbuf, nbytes); | 96 | netpgp_deallocate(decbuf, nbytes); | |
98 | PGPV_BN_clear_free(decbn); | 97 | PGPV_BN_clear_free(decbn); | |
99 | PGPV_BN_clear_free(signedbn); | 98 | PGPV_BN_clear_free(signedbn); | |
100 | return r; | 99 | return r; | |
101 | } | 100 | } | |
102 | 101 | |||
103 | static int | 102 | static int | |
104 | lowlevel_rsa_public_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa) | 103 | lowlevel_rsa_public_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa) | |
105 | { | 104 | { | |
106 | PGPV_BIGNUM *decbn; | 105 | PGPV_BIGNUM *decbn; | |
107 | PGPV_BIGNUM *encbn; | 106 | PGPV_BIGNUM *encbn; | |
108 | uint8_t *decbuf; | 107 | uint8_t *decbuf; | |
109 | int nbytes; | 108 | int nbytes; | |
110 | int encc; | 109 | int encc; | |
111 | int r; | 110 | int r; | |
112 | int i; | 111 | int i; | |
113 | 112 | |||
114 | r = -1; | 113 | r = -1; | |
115 | decbn = PGPV_BN_new(); | 114 | decbn = PGPV_BN_new(); | |
116 | encbn = PGPV_BN_new(); | 115 | encbn = PGPV_BN_new(); | |
117 | nbytes = PGPV_BN_num_bytes(rsa->n); | 116 | nbytes = PGPV_BN_num_bytes(rsa->n); | |
118 | decbuf = netpgp_allocate(1, nbytes); | 117 | decbuf = netpgp_allocate(1, nbytes); | |
119 | (void) memcpy(decbuf, plain, plainc); | 118 | (void) memcpy(decbuf, plain, plainc); | |
120 | if (PGPV_BN_bin2bn(decbuf, nbytes, decbn) == NULL) { | 119 | if (PGPV_BN_bin2bn(decbuf, nbytes, decbn) == NULL) { | |
121 | printf("bin2bn failed\n"); | 120 | printf("bin2bn failed\n"); | |
122 | goto err; | 121 | goto err; | |
123 | } | 122 | } | |
124 | if (PGPV_BN_cmp(decbn, rsa->n) >= 0) { | 123 | if (PGPV_BN_cmp(decbn, rsa->n) >= 0) { | |
125 | printf("PGPV_BN_cmp failed\n"); | 124 | printf("PGPV_BN_cmp failed\n"); | |
126 | goto err; | 125 | goto err; | |
127 | } | 126 | } | |
128 | if (!PGPV_BN_mod_exp(encbn, decbn, rsa->e, rsa->n, NULL)) { | 127 | if (!PGPV_BN_mod_exp(encbn, decbn, rsa->e, rsa->n, NULL)) { | |
129 | printf("PGPV_BN_mod_exp failed\n"); | 128 | printf("PGPV_BN_mod_exp failed\n"); | |
130 | goto err; | 129 | goto err; | |
131 | } | 130 | } | |
132 | encc = PGPV_BN_num_bytes(encbn); | 131 | encc = PGPV_BN_num_bytes(encbn); | |
133 | i = PGPV_BN_bn2bin(encbn, &encbuf[nbytes - encc]); | 132 | i = PGPV_BN_bn2bin(encbn, &encbuf[nbytes - encc]); | |
134 | (void) memset(encbuf, 0x0, nbytes - i); | 133 | (void) memset(encbuf, 0x0, nbytes - i); | |
135 | r = nbytes; | 134 | r = nbytes; | |
136 | err: | 135 | err: | |
137 | if (decbuf) { | 136 | if (decbuf) { | |
138 | memset(decbuf, 0x0, nbytes); | 137 | memset(decbuf, 0x0, nbytes); | |
139 | netpgp_deallocate(decbuf, nbytes); | 138 | netpgp_deallocate(decbuf, nbytes); | |
140 | } | 139 | } | |
141 | PGPV_BN_clear_free(decbn); | 140 | PGPV_BN_clear_free(decbn); | |
142 | PGPV_BN_clear_free(encbn); | 141 | PGPV_BN_clear_free(encbn); | |
143 | return r; | 142 | return r; | |
144 | } | 143 | } | |
145 | 144 | |||
146 | static int | 145 | static int | |
147 | lowlevel_rsa_private_decrypt(int enclen, const unsigned char *encbuf, unsigned char *to, RSA *rsa) | 146 | lowlevel_rsa_private_decrypt(int enclen, const unsigned char *encbuf, unsigned char *to, RSA *rsa) | |
148 | { | 147 | { | |
149 | PGPV_BIGNUM *encbn; | 148 | PGPV_BIGNUM *encbn; | |
150 | PGPV_BIGNUM *decbn; | 149 | PGPV_BIGNUM *decbn; | |
151 | uint8_t *buf; | 150 | uint8_t *buf; | |
152 | int nbytes; | 151 | int nbytes; | |
153 | int j; | 152 | int j; | |
154 | int r; | 153 | int r; | |
155 | 154 | |||
156 | r = -1; | 155 | r = -1; | |
157 | decbn = encbn = NULL; | 156 | decbn = encbn = NULL; | |
158 | buf = NULL; | 157 | buf = NULL; | |
159 | if (PGPV_BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { | 158 | if (PGPV_BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { | |
160 | return -1; | 159 | return -1; | |
161 | } | 160 | } | |
162 | if (PGPV_BN_cmp(rsa->n, rsa->e) <= 0) { | 161 | if (PGPV_BN_cmp(rsa->n, rsa->e) <= 0) { | |
163 | return -1; | 162 | return -1; | |
164 | } | 163 | } | |
165 | encbn = PGPV_BN_new(); | 164 | encbn = PGPV_BN_new(); | |
166 | decbn = PGPV_BN_new(); | 165 | decbn = PGPV_BN_new(); | |
167 | nbytes = PGPV_BN_num_bytes(rsa->n); | 166 | nbytes = PGPV_BN_num_bytes(rsa->n); | |
168 | buf = netpgp_allocate(1, nbytes); | 167 | buf = netpgp_allocate(1, nbytes); | |
169 | if (enclen > nbytes) { | 168 | if (enclen > nbytes) { | |
170 | printf("bad enclen\n"); | 169 | printf("bad enclen\n"); | |
171 | goto err; | 170 | goto err; | |
172 | } | 171 | } | |
173 | PGPV_BN_bin2bn(encbuf, enclen, encbn); | 172 | PGPV_BN_bin2bn(encbuf, enclen, encbn); | |
174 | if (PGPV_BN_cmp(encbn, rsa->n) >= 0) { | 173 | if (PGPV_BN_cmp(encbn, rsa->n) >= 0) { | |
175 | printf("bad encbn\n"); | 174 | printf("bad encbn\n"); | |
176 | goto err; | 175 | goto err; | |
177 | } | 176 | } | |
178 | PGPV_BN_mod_exp(decbn, encbn, rsa->d, rsa->n, NULL); | 177 | PGPV_BN_mod_exp(decbn, encbn, rsa->d, rsa->n, NULL); | |
179 | j = PGPV_BN_bn2bin(decbn, buf); | 178 | j = PGPV_BN_bn2bin(decbn, buf); | |
180 | r = rsa_padding_check_none(to, nbytes, buf, j, nbytes); | 179 | r = rsa_padding_check_none(to, nbytes, buf, j, nbytes); | |
181 | err: | 180 | err: | |
182 | PGPV_BN_clear_free(encbn); | 181 | PGPV_BN_clear_free(encbn); | |
183 | PGPV_BN_clear_free(decbn); | 182 | PGPV_BN_clear_free(decbn); | |
184 | netpgp_deallocate(buf, nbytes); | 183 | netpgp_deallocate(buf, nbytes); | |
185 | return r; | 184 | return r; | |
186 | } | 185 | } | |
187 | 186 | |||
188 | static int | 187 | static int | |
189 | lowlevel_rsa_public_decrypt(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa) | 188 | lowlevel_rsa_public_decrypt(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa) | |
190 | { | 189 | { | |
191 | uint8_t *decbuf; | 190 | uint8_t *decbuf; | |
192 | PGPV_BIGNUM *decbn; | 191 | PGPV_BIGNUM *decbn; | |
193 | PGPV_BIGNUM *encbn; | 192 | PGPV_BIGNUM *encbn; | |
194 | int decbytes; | 193 | int decbytes; | |
195 | int nbytes; | 194 | int nbytes; | |
196 | int r; | 195 | int r; | |
197 | 196 | |||
198 | nbytes = 0; | 197 | nbytes = 0; | |
199 | r = -1; | 198 | r = -1; | |
200 | decbuf = NULL; | 199 | decbuf = NULL; | |
201 | decbn = encbn = NULL; | 200 | decbn = encbn = NULL; | |
202 | if (PGPV_BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { | 201 | if (PGPV_BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) { | |
203 | printf("rsa r modulus too large\n"); | 202 | printf("rsa r modulus too large\n"); | |
204 | goto err; | 203 | goto err; | |
205 | } | 204 | } | |
206 | if (PGPV_BN_cmp(rsa->n, rsa->e) <= 0) { | 205 | if (PGPV_BN_cmp(rsa->n, rsa->e) <= 0) { | |
207 | printf("rsa r bad n value\n"); | 206 | printf("rsa r bad n value\n"); | |
208 | goto err; | 207 | goto err; | |
209 | } | 208 | } | |
210 | if (PGPV_BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS && | 209 | if (PGPV_BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS && | |
211 | PGPV_BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) { | 210 | PGPV_BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) { | |
212 | printf("rsa r bad exponent limit\n"); | 211 | printf("rsa r bad exponent limit\n"); | |
213 | goto err; | 212 | goto err; | |
214 | } | 213 | } | |
215 | if ((encbn = PGPV_BN_new()) == NULL || | 214 | if ((encbn = PGPV_BN_new()) == NULL || | |
216 | (decbn = PGPV_BN_new()) == NULL || | 215 | (decbn = PGPV_BN_new()) == NULL || | |
217 | (decbuf = netpgp_allocate(1, nbytes = PGPV_BN_num_bytes(rsa->n))) == NULL) { | 216 | (decbuf = netpgp_allocate(1, nbytes = PGPV_BN_num_bytes(rsa->n))) == NULL) { | |
218 | printf("allocation failure\n"); | 217 | printf("allocation failure\n"); | |
219 | goto err; | 218 | goto err; | |
220 | } | 219 | } | |
221 | if (enclen > nbytes) { | 220 | if (enclen > nbytes) { | |
222 | printf("rsa r > mod len\n"); | 221 | printf("rsa r > mod len\n"); | |
223 | goto err; | 222 | goto err; | |
224 | } | 223 | } | |
225 | if (PGPV_BN_bin2bn(encbuf, enclen, encbn) == NULL) { | 224 | if (PGPV_BN_bin2bn(encbuf, enclen, encbn) == NULL) { | |
226 | printf("null encrypted BN\n"); | 225 | printf("null encrypted BN\n"); | |
227 | goto err; | 226 | goto err; | |
228 | } | 227 | } | |
229 | if (PGPV_BN_cmp(encbn, rsa->n) >= 0) { | 228 | if (PGPV_BN_cmp(encbn, rsa->n) >= 0) { | |
230 | printf("rsa r data too large for modulus\n"); | 229 | printf("rsa r data too large for modulus\n"); | |
231 | goto err; | 230 | goto err; | |
232 | } | 231 | } | |
233 | if (PGPV_BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) { | 232 | if (PGPV_BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) { | |
234 | printf("PGPV_BN_mod_exp < 0\n"); | 233 | printf("PGPV_BN_mod_exp < 0\n"); | |
235 | goto err; | 234 | goto err; | |
236 | } | 235 | } | |
237 | decbytes = PGPV_BN_num_bytes(decbn); | 236 | decbytes = PGPV_BN_num_bytes(decbn); | |
238 | (void) PGPV_BN_bn2bin(decbn, decbuf); | 237 | (void) PGPV_BN_bn2bin(decbn, decbuf); | |
239 | if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) { | 238 | if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) { | |
240 | printf("rsa r padding check failed\n"); | 239 | printf("rsa r padding check failed\n"); | |
241 | } | 240 | } | |
242 | err: | 241 | err: | |
243 | PGPV_BN_free(encbn); | 242 | PGPV_BN_free(encbn); | |
244 | PGPV_BN_free(decbn); | 243 | PGPV_BN_free(decbn); | |
245 | if (decbuf != NULL) { | 244 | if (decbuf != NULL) { | |
246 | (void) memset(decbuf, 0x0, nbytes); | 245 | (void) memset(decbuf, 0x0, nbytes); | |
247 | netpgp_deallocate(decbuf, nbytes); | 246 | netpgp_deallocate(decbuf, nbytes); | |
248 | } | 247 | } | |
249 | return r; | 248 | return r; | |
250 | } | 249 | } | |
251 | 250 | |||
252 | #if 0 | 251 | #if 0 | |
253 | /** | 252 | /** | |
254 | @file rsa_make_key.c | 253 | @file rsa_make_key.c | |
255 | RSA key generation, Tom St Denis | 254 | RSA key generation, Tom St Denis | |
256 | */ | 255 | */ | |
257 | 256 | |||
258 | /** | 257 | /** | |
259 | Create an RSA key | 258 | Create an RSA key | |
260 | @param prng An active PRNG state | 259 | @param prng An active PRNG state | |
261 | @param wprng The index of the PRNG desired | 260 | @param wprng The index of the PRNG desired | |
262 | @param size The size of the modulus (key size) desired (octets) | 261 | @param size The size of the modulus (key size) desired (octets) | |
263 | @param e The "e" value (public key). e==65537 is a good choice | 262 | @param e The "e" value (public key). e==65537 is a good choice | |
264 | @param key [out] Destination of a newly created private key pair | 263 | @param key [out] Destination of a newly created private key pair | |
265 | @return CRYPT_OK if successful, upon error all allocated ram is freed | 264 | @return CRYPT_OK if successful, upon error all allocated ram is freed | |
266 | */ | 265 | */ | |
267 | static int | 266 | static int | |
268 | rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) | 267 | rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) | |
269 | { | 268 | { | |
270 | void *p, *q, *tmp1, *tmp2, *tmp3; | 269 | void *p, *q, *tmp1, *tmp2, *tmp3; | |
271 | int err; | 270 | int err; | |
272 | 271 | |||
273 | LTC_ARGCHK(ltc_mp.name != NULL); | 272 | LTC_ARGCHK(ltc_mp.name != NULL); | |
274 | LTC_ARGCHK(key != NULL); | 273 | LTC_ARGCHK(key != NULL); | |
275 | 274 | |||
276 | if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) { | 275 | if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) { | |
277 | return CRYPT_INVALID_KEYSIZE; | 276 | return CRYPT_INVALID_KEYSIZE; | |
278 | } | 277 | } | |
279 | 278 | |||
280 | if ((e < 3) || ((e & 1) == 0)) { | 279 | if ((e < 3) || ((e & 1) == 0)) { | |
281 | return CRYPT_INVALID_ARG; | 280 | return CRYPT_INVALID_ARG; | |
282 | } | 281 | } | |
283 | 282 | |||
284 | if ((err = prng_is_valid(wprng)) != CRYPT_OK) { | 283 | if ((err = prng_is_valid(wprng)) != CRYPT_OK) { | |
285 | return err; | 284 | return err; | |
286 | } | 285 | } | |
287 | 286 | |||
288 | if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) { | 287 | if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) { | |
289 | return err; | 288 | return err; | |
290 | } | 289 | } | |
291 | 290 | |||
292 | /* make primes p and q (optimization provided by Wayne Scott) */ | 291 | /* make primes p and q (optimization provided by Wayne Scott) */ | |
293 | /* tmp3 = e */ | 292 | /* tmp3 = e */ | |
294 | if ((err = mp_set_int(tmp3, e)) != CRYPT_OK) { | 293 | if ((err = mp_set_int(tmp3, e)) != CRYPT_OK) { | |
295 | goto errkey; | 294 | goto errkey; | |
296 | } | 295 | } | |
297 | 296 | |||
298 | /* make prime "p" */ | 297 | /* make prime "p" */ | |
299 | do { | 298 | do { | |
300 | if ((err = rand_prime( p, size/2, prng, wprng)) != CRYPT_OK) { | 299 | if ((err = rand_prime( p, size/2, prng, wprng)) != CRYPT_OK) { | |
301 | goto errkey; | 300 | goto errkey; | |
302 | } | 301 | } | |
303 | /* tmp1 = p-1 */ | 302 | /* tmp1 = p-1 */ | |
304 | if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { | 303 | if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { | |
305 | goto errkey; | 304 | goto errkey; | |
306 | } | 305 | } | |
307 | /* tmp2 = gcd(p-1, e) */ | 306 | /* tmp2 = gcd(p-1, e) */ | |
308 | if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { | 307 | if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { | |
309 | goto errkey; | 308 | goto errkey; | |
310 | } | 309 | } | |
311 | } while (mp_cmp_d( tmp2, 1) != 0); | 310 | } while (mp_cmp_d( tmp2, 1) != 0); | |
312 | /* while e divides p-1 */ | 311 | /* while e divides p-1 */ | |
313 | 312 | |||
314 | /* make prime "q" */ | 313 | /* make prime "q" */ | |
315 | do { | 314 | do { | |
316 | if ((err = rand_prime( q, size/2, prng, wprng)) != CRYPT_OK) { | 315 | if ((err = rand_prime( q, size/2, prng, wprng)) != CRYPT_OK) { | |
317 | goto errkey; | 316 | goto errkey; | |
318 | } | 317 | } | |
319 | /* tmp1 = q-1 */ | 318 | /* tmp1 = q-1 */ | |
320 | if ((err = mp_sub_d( q, 1, tmp1)) != CRYPT_OK) { | 319 | if ((err = mp_sub_d( q, 1, tmp1)) != CRYPT_OK) { | |
321 | goto errkey; | 320 | goto errkey; | |
322 | } | 321 | } | |
323 | /* tmp2 = gcd(q-1, e) */ | 322 | /* tmp2 = gcd(q-1, e) */ | |
324 | if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { | 323 | if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { | |
325 | goto errkey; | 324 | goto errkey; | |
326 | } | 325 | } | |
327 | } while (mp_cmp_d( tmp2, 1) != 0); | 326 | } while (mp_cmp_d( tmp2, 1) != 0); | |
328 | /* while e divides q-1 */ | 327 | /* while e divides q-1 */ | |
329 | 328 | |||
330 | /* tmp1 = lcm(p-1, q-1) */ | 329 | /* tmp1 = lcm(p-1, q-1) */ | |
331 | /* tmp2 = p-1 */ | 330 | /* tmp2 = p-1 */ | |
332 | if ((err = mp_sub_d( p, 1, tmp2)) != CRYPT_OK) { | 331 | if ((err = mp_sub_d( p, 1, tmp2)) != CRYPT_OK) { | |
333 | goto errkey; | 332 | goto errkey; | |
334 | } | 333 | } | |
335 | /* tmp1 = q-1 (previous do/while loop) */ | 334 | /* tmp1 = q-1 (previous do/while loop) */ | |
336 | /* tmp1 = lcm(p-1, q-1) */ | 335 | /* tmp1 = lcm(p-1, q-1) */ | |
337 | if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) { | 336 | if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) { | |
338 | goto errkey; | 337 | goto errkey; | |
339 | } | 338 | } | |
340 | 339 | |||
341 | /* make key */ | 340 | /* make key */ | |
342 | if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { | 341 | if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { | |
343 | goto errkey; | 342 | goto errkey; | |
344 | } | 343 | } | |
345 | 344 | |||
346 | /* key->e = e */ | 345 | /* key->e = e */ | |
347 | if ((err = mp_set_int( key->e, e)) != CRYPT_OK) { | 346 | if ((err = mp_set_int( key->e, e)) != CRYPT_OK) { | |
348 | goto errkey; | 347 | goto errkey; | |
349 | } | 348 | } | |
350 | /* key->d = 1/e mod lcm(p-1,q-1) */ | 349 | /* key->d = 1/e mod lcm(p-1,q-1) */ | |
351 | if ((err = mp_invmod( key->e, tmp1, key->d)) != CRYPT_OK) { | 350 | if ((err = mp_invmod( key->e, tmp1, key->d)) != CRYPT_OK) { | |
352 | goto errkey; | 351 | goto errkey; | |
353 | } | 352 | } | |
354 | /* key->N = pq */ | 353 | /* key->N = pq */ | |
355 | if ((err = mp_mul( p, q, key->N)) != CRYPT_OK) { | 354 | if ((err = mp_mul( p, q, key->N)) != CRYPT_OK) { | |
356 | goto errkey; | 355 | goto errkey; | |
357 | } | 356 | } | |
358 | 357 | |||
359 | /* optimize for CRT now */ | 358 | /* optimize for CRT now */ | |
360 | /* find d mod q-1 and d mod p-1 */ | 359 | /* find d mod q-1 and d mod p-1 */ | |
361 | /* tmp1 = q-1 */ | 360 | /* tmp1 = q-1 */ | |
362 | if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { | 361 | if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { | |
363 | goto errkey; | 362 | goto errkey; | |
364 | } | 363 | } | |
365 | /* tmp2 = p-1 */ | 364 | /* tmp2 = p-1 */ | |
366 | if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { | 365 | if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { | |
367 | goto errkey; | 366 | goto errkey; | |
368 | } | 367 | } | |
369 | /* dP = d mod p-1 */ | 368 | /* dP = d mod p-1 */ | |
370 | if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { | 369 | if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { | |
371 | goto errkey; | 370 | goto errkey; | |
372 | } | 371 | } | |
373 | /* dQ = d mod q-1 */ | 372 | /* dQ = d mod q-1 */ | |
374 | if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { | 373 | if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { | |
375 | goto errkey; | 374 | goto errkey; | |
376 | } | 375 | } | |
377 | /* qP = 1/q mod p */ | 376 | /* qP = 1/q mod p */ | |
378 | if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { | 377 | if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { | |
379 | got oerrkey; | 378 | got oerrkey; | |
380 | } | 379 | } | |
381 | 380 | |||
382 | if ((err = mp_copy( p, key->p)) != CRYPT_OK) { | 381 | if ((err = mp_copy( p, key->p)) != CRYPT_OK) { | |
383 | goto errkey; | 382 | goto errkey; | |
384 | } | 383 | } | |
385 | if ((err = mp_copy( q, key->q)) != CRYPT_OK) { | 384 | if ((err = mp_copy( q, key->q)) != CRYPT_OK) { | |
386 | goto errkey; | 385 | goto errkey; | |
387 | } | 386 | } | |
388 | 387 | |||
389 | /* set key type (in this case it's CRT optimized) */ | 388 | /* set key type (in this case it's CRT optimized) */ | |
390 | key->type = PK_PRIVATE; | 389 | key->type = PK_PRIVATE; | |
391 | 390 | |||
392 | /* return ok and free temps */ | 391 | /* return ok and free temps */ | |
393 | err = CRYPT_OK; | 392 | err = CRYPT_OK; | |
394 | goto cleanup; | 393 | goto cleanup; | |
395 | errkey: | 394 | errkey: | |
396 | mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); | 395 | mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); | |
397 | cleanup: | 396 | cleanup: | |
398 | mp_clear_multi(tmp3, tmp2, tmp1, p, q, NULL); | 397 | mp_clear_multi(tmp3, tmp2, tmp1, p, q, NULL); | |
399 | return err; | 398 | return err; | |
400 | } | 399 | } | |
401 | #endif | 400 | #endif | |
402 | 401 | |||
403 | #define HASHBUF_LEN 512 | 402 | #define HASHBUF_LEN 512 | |
404 | 403 | |||
405 | #define DSA_MAX_MODULUS_BITS 10000 | 404 | #define DSA_MAX_MODULUS_BITS 10000 | |
406 | 405 | |||
407 | static int | 406 | static int | |
408 | dsa_do_verify(const unsigned char *calculated, int dgst_len, const dsasig_t *sig, mpi_dsa_t *dsa) | 407 | dsa_do_verify(const unsigned char *calculated, int dgst_len, const dsasig_t *sig, mpi_dsa_t *dsa) | |
409 | { | 408 | { | |
410 | PGPV_BIGNUM *M; | 409 | PGPV_BIGNUM *M; | |
411 | PGPV_BIGNUM *W; | 410 | PGPV_BIGNUM *W; | |
412 | PGPV_BIGNUM *t1; | 411 | PGPV_BIGNUM *t1; | |
413 | int ret = -1; | 412 | int ret = -1; | |
414 | int qbits; | 413 | int qbits; | |
415 | 414 | |||
416 | if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { | 415 | if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) { | |
417 | return 0; | 416 | return 0; | |
418 | } | 417 | } | |
419 | M = W = t1 = NULL; | 418 | M = W = t1 = NULL; | |
420 | qbits = PGPV_BN_num_bits(dsa->q); | 419 | qbits = PGPV_BN_num_bits(dsa->q); | |
421 | switch(qbits) { | 420 | switch(qbits) { | |
422 | case 160: | 421 | case 160: | |
423 | case 224: | 422 | case 224: | |
424 | case 256: | 423 | case 256: | |
425 | /* openssl sources say these are the valid values */ | 424 | /* openssl sources say these are the valid values */ | |
426 | /* according to FIPS 186-3 */ | 425 | /* according to FIPS 186-3 */ | |
427 | break; | 426 | break; | |
428 | default: | 427 | default: | |
429 | printf("dsa: bad # of Q bits\n"); | 428 | printf("dsa: bad # of Q bits\n"); | |
430 | return 0; | 429 | return 0; | |
431 | } | 430 | } | |
432 | if (PGPV_BN_num_bits(dsa->p) > DSA_MAX_MODULUS_BITS) { | 431 | if (PGPV_BN_num_bits(dsa->p) > DSA_MAX_MODULUS_BITS) { | |
433 | printf("dsa: p too large\n"); | 432 | printf("dsa: p too large\n"); | |
434 | return 0; | 433 | return 0; | |
435 | } | 434 | } | |
436 | /* no love for SHA512? */ | 435 | /* no love for SHA512? */ | |
437 | if (dgst_len > SHA256_DIGEST_LENGTH) { | 436 | if (dgst_len > SHA256_DIGEST_LENGTH) { | |
438 | printf("dsa: digest too long\n"); | 437 | printf("dsa: digest too long\n"); | |
439 | return 0; | 438 | return 0; | |
440 | } | 439 | } | |
441 | ret = 0; | 440 | ret = 0; | |
442 | if ((M = PGPV_BN_new()) == NULL || | 441 | if ((M = PGPV_BN_new()) == NULL || | |
443 | (W = PGPV_BN_new()) == NULL || | 442 | (W = PGPV_BN_new()) == NULL || | |
444 | (t1 = PGPV_BN_new()) == NULL) { | 443 | (t1 = PGPV_BN_new()) == NULL) { | |
445 | goto err; | 444 | goto err; | |
446 | } | 445 | } | |
447 | if (PGPV_BN_is_zero(sig->r) || | 446 | if (PGPV_BN_is_zero(sig->r) || | |
448 | PGPV_BN_is_negative(sig->r) || | 447 | PGPV_BN_is_negative(sig->r) || | |
449 | PGPV_BN_cmp(sig->r, dsa->q) >= 0) { | 448 | PGPV_BN_cmp(sig->r, dsa->q) >= 0) { | |
450 | goto err; | 449 | goto err; | |
451 | } | 450 | } | |
452 | if (PGPV_BN_is_zero(sig->s) || | 451 | if (PGPV_BN_is_zero(sig->s) || | |
453 | PGPV_BN_is_negative(sig->s) || | 452 | PGPV_BN_is_negative(sig->s) || | |
454 | PGPV_BN_cmp(sig->s, dsa->q) >= 0) { | 453 | PGPV_BN_cmp(sig->s, dsa->q) >= 0) { | |
455 | goto err; | 454 | goto err; | |
456 | } | 455 | } | |
457 | if (PGPV_BN_mod_inverse(W, sig->s, dsa->q, NULL) != MP_OKAY) { | 456 | if (PGPV_BN_mod_inverse(W, sig->s, dsa->q, NULL) != MP_OKAY) { | |
458 | goto err; | 457 | goto err; | |
459 | } | 458 | } | |
460 | if (dgst_len > qbits / 8) { | 459 | if (dgst_len > qbits / 8) { | |
461 | dgst_len = qbits / 8; | 460 | dgst_len = qbits / 8; | |
462 | } | 461 | } | |
463 | if (PGPV_BN_bin2bn(calculated, dgst_len, M) == NULL) { | 462 | if (PGPV_BN_bin2bn(calculated, dgst_len, M) == NULL) { | |
464 | goto err; | 463 | goto err; | |
465 | } | 464 | } | |
466 | if (!PGPV_BN_mod_mul(M, M, W, dsa->q, NULL)) { | 465 | if (!PGPV_BN_mod_mul(M, M, W, dsa->q, NULL)) { | |
467 | goto err; | 466 | goto err; | |
468 | } | 467 | } | |
469 | if (!PGPV_BN_mod_mul(W, sig->r, W, dsa->q, NULL)) { | 468 | if (!PGPV_BN_mod_mul(W, sig->r, W, dsa->q, NULL)) { | |
470 | goto err; | 469 | goto err; | |
471 | } | 470 | } | |
472 | if (!PGPV_BN_mod_exp(dsa->p, t1, dsa->g, M, NULL)) { | 471 | if (!PGPV_BN_mod_exp(dsa->p, t1, dsa->g, M, NULL)) { | |
473 | goto err; | 472 | goto err; | |
474 | } | 473 | } | |
475 | if (!PGPV_BN_div(NULL, M, t1, dsa->q, NULL)) { | 474 | if (!PGPV_BN_div(NULL, M, t1, dsa->q, NULL)) { | |
476 | goto err; | 475 | goto err; | |
477 | } | 476 | } | |
478 | ret = (PGPV_BN_cmp(M, sig->r) == 0); | 477 | ret = (PGPV_BN_cmp(M, sig->r) == 0); | |
479 | err: | 478 | err: | |
480 | if (M) { | 479 | if (M) { | |
481 | PGPV_BN_free(M); | 480 | PGPV_BN_free(M); | |
482 | } | 481 | } | |
483 | if (W) { | 482 | if (W) { | |
484 | PGPV_BN_free(W); | 483 | PGPV_BN_free(W); | |
485 | } | 484 | } | |
486 | if (t1) { | 485 | if (t1) { | |
487 | PGPV_BN_free(t1); | 486 | PGPV_BN_free(t1); | |
488 | } | 487 | } | |
489 | return ret; | 488 | return ret; | |
490 | } | 489 | } | |
491 | 490 | |||
492 | /*************************************************************************/ | 491 | /*************************************************************************/ | |
493 | 492 | |||
494 | int | 493 | int | |
495 | RSA_size(const RSA *rsa) | 494 | RSA_size(const RSA *rsa) | |
496 | { | 495 | { | |
497 | return (rsa == NULL) ? 0 : PGPV_BN_num_bits(rsa->n); | 496 | return (rsa == NULL) ? 0 : PGPV_BN_num_bits(rsa->n); | |
498 | } | 497 | } | |
499 | 498 | |||
500 | int | 499 | int | |
501 | DSA_size(const DSA *dsa) | 500 | DSA_size(const DSA *dsa) | |
502 | { | 501 | { | |
503 | return (dsa == NULL) ? 0 : PGPV_BN_num_bits(dsa->p); | 502 | return (dsa == NULL) ? 0 : PGPV_BN_num_bits(dsa->p); | |
504 | } | 503 | } | |
505 | 504 | |||
506 | unsigned | 505 | unsigned | |
507 | dsa_verify(const signature_t *signature, const dsa_pubkey_t *pubdsa, const uint8_t *calculated, size_t hash_length) | 506 | dsa_verify(const signature_t *signature, const dsa_pubkey_t *pubdsa, const uint8_t *calculated, size_t hash_length) | |
508 | { | 507 | { | |
509 | mpi_dsa_t odsa; | 508 | mpi_dsa_t odsa; | |
510 | dsasig_t osig; | 509 | dsasig_t osig; | |
511 | unsigned qlen; | 510 | unsigned qlen; | |
512 | int ret; | 511 | int ret; | |
513 | 512 | |||
514 | if (signature == NULL || pubdsa == NULL || calculated == NULL) { | 513 | if (signature == NULL || pubdsa == NULL || calculated == NULL) { | |
515 | return -1; | 514 | return -1; | |
516 | } | 515 | } | |
517 | (void) memset(&osig, 0x0, sizeof(osig)); | 516 | (void) memset(&osig, 0x0, sizeof(osig)); | |
518 | (void) memset(&odsa, 0x0, sizeof(odsa)); | 517 | (void) memset(&odsa, 0x0, sizeof(odsa)); | |
519 | PGPV_BN_copy(osig.r, signature->dsa.r); | 518 | PGPV_BN_copy(osig.r, signature->dsa.r); | |
520 | PGPV_BN_copy(osig.s, signature->dsa.s); | 519 | PGPV_BN_copy(osig.s, signature->dsa.s); | |
521 | odsa.p = pubdsa->p; | 520 | odsa.p = pubdsa->p; | |
522 | odsa.q = pubdsa->q; | 521 | odsa.q = pubdsa->q; | |
523 | odsa.g = pubdsa->g; | 522 | odsa.g = pubdsa->g; | |
524 | odsa.pub_key = pubdsa->y; | 523 | odsa.pub_key = pubdsa->y; | |
525 | if ((qlen = PGPV_BN_num_bytes(odsa.q)) < hash_length) { | 524 | if ((qlen = PGPV_BN_num_bytes(odsa.q)) < hash_length) { | |
526 | hash_length = qlen; | 525 | hash_length = qlen; | |
527 | } | 526 | } | |
528 | ret = dsa_do_verify(calculated, (int)hash_length, &signature->dsa, &odsa); | 527 | ret = dsa_do_verify(calculated, (int)hash_length, &signature->dsa, &odsa); | |
529 | if (ret < 0) { | 528 | if (ret < 0) { | |
530 | return 0; | 529 | return 0; | |
531 | } | 530 | } | |
532 | PGPV_BN_free(odsa.p); | 531 | PGPV_BN_free(odsa.p); | |
533 | PGPV_BN_free(odsa.q); | 532 | PGPV_BN_free(odsa.q); | |
534 | PGPV_BN_free(odsa.g); | 533 | PGPV_BN_free(odsa.g); | |
535 | PGPV_BN_free(odsa.pub_key); | 534 | PGPV_BN_free(odsa.pub_key); | |
536 | odsa.p = odsa.q = odsa.g = odsa.pub_key = NULL; | 535 | odsa.p = odsa.q = odsa.g = odsa.pub_key = NULL; | |
537 | PGPV_BN_free(osig.r); | 536 | PGPV_BN_free(osig.r); | |
538 | PGPV_BN_free(osig.s); | 537 | PGPV_BN_free(osig.s); | |
539 | osig.r = osig.s = NULL; | 538 | osig.r = osig.s = NULL; | |
540 | return (unsigned)ret; | 539 | return (unsigned)ret; | |
541 | } | 540 | } | |
542 | 541 | |||
543 | RSA * | 542 | RSA * | |
544 | RSA_new(void) | 543 | RSA_new(void) | |
545 | { | 544 | { | |
546 | return netpgp_allocate(1, sizeof(RSA)); | 545 | return netpgp_allocate(1, sizeof(RSA)); | |
547 | } | 546 | } | |
548 | 547 | |||
549 | void | 548 | void | |
550 | RSA_free(RSA *rsa) | 549 | RSA_free(RSA *rsa) | |
551 | { | 550 | { | |
552 | if (rsa) { | 551 | if (rsa) { | |
553 | netpgp_deallocate(rsa, sizeof(*rsa)); | 552 | netpgp_deallocate(rsa, sizeof(*rsa)); | |
554 | } | 553 | } | |
555 | } | 554 | } | |
556 | 555 | |||
557 | int | 556 | int | |
558 | RSA_check_key(RSA *rsa) | 557 | RSA_check_key(RSA *rsa) | |
559 | { | 558 | { | |
560 | PGPV_BIGNUM *calcn; | 559 | PGPV_BIGNUM *calcn; | |
561 | int ret; | 560 | int ret; | |
562 | 561 | |||
563 | ret = 0; | 562 | ret = 0; | |
564 | if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->n == NULL) { | 563 | if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->n == NULL) { | |
565 | return -1; | 564 | return -1; | |
566 | } | 565 | } | |
567 | /* check that p and q are coprime, and that n = p*q. */ | 566 | /* check that p and q are coprime, and that n = p*q. */ | |
568 | if (!PGPV_BN_is_prime(rsa->p, 1, NULL, NULL, NULL) || | 567 | if (!PGPV_BN_is_prime(rsa->p, 1, NULL, NULL, NULL) || | |
569 | !PGPV_BN_is_prime(rsa->q, 1, NULL, NULL, NULL)) { | 568 | !PGPV_BN_is_prime(rsa->q, 1, NULL, NULL, NULL)) { | |
570 | return 0; | 569 | return 0; | |
571 | } | 570 | } | |
572 | calcn = PGPV_BN_new(); | 571 | calcn = PGPV_BN_new(); | |
573 | PGPV_BN_mul(calcn, rsa->p, rsa->q, NULL); | 572 | PGPV_BN_mul(calcn, rsa->p, rsa->q, NULL); | |
574 | if (PGPV_BN_cmp(calcn, rsa->n) != 0) { | 573 | if (PGPV_BN_cmp(calcn, rsa->n) != 0) { | |
575 | goto errout; | 574 | goto errout; | |
576 | } | 575 | } | |
577 | /* XXX - check that d*e = 1 mod (p-1*q-1) */ | 576 | /* XXX - check that d*e = 1 mod (p-1*q-1) */ | |
578 | ret = 1; | 577 | ret = 1; | |
579 | errout: | 578 | errout: | |
580 | PGPV_BN_clear_free(calcn); | 579 | PGPV_BN_clear_free(calcn); | |
581 | return ret; | 580 | return ret; | |
582 | } | 581 | } | |
583 | 582 | |||
584 | RSA * | 583 | RSA * | |
585 | RSA_generate_key(int num, unsigned long e, void (*callback)(int,int,void *), void *cb_arg) | 584 | RSA_generate_key(int num, unsigned long e, void (*callback)(int,int,void *), void *cb_arg) | |
586 | { | 585 | { | |
587 | /* STUBBED */ | 586 | /* STUBBED */ | |
588 | USE_ARG(num); | 587 | USE_ARG(num); | |
589 | USE_ARG(e); | 588 | USE_ARG(e); | |
590 | USE_ARG(callback); | 589 | USE_ARG(callback); | |
591 | USE_ARG(cb_arg); | 590 | USE_ARG(cb_arg); | |
592 | printf("RSA_generate_key stubbed\n"); | 591 | printf("RSA_generate_key stubbed\n"); | |
593 | return RSA_new(); | 592 | return RSA_new(); | |
594 | } | 593 | } | |
595 | 594 | |||
596 | /* encrypt */ | 595 | /* encrypt */ | |
597 | int | 596 | int | |
598 | RSA_public_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa, int padding) | 597 | RSA_public_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa, int padding) | |
599 | { | 598 | { | |
600 | USE_ARG(padding); | 599 | USE_ARG(padding); | |
601 | if (plain == NULL || encbuf == NULL || rsa == NULL) { | 600 | if (plain == NULL || encbuf == NULL || rsa == NULL) { | |
602 | return -1; | 601 | return -1; | |
603 | } | 602 | } | |
604 | return lowlevel_rsa_public_encrypt(plainc, plain, encbuf, rsa); | 603 | return lowlevel_rsa_public_encrypt(plainc, plain, encbuf, rsa); | |
605 | } | 604 | } | |
606 | 605 | |||
607 | /* decrypt */ | 606 | /* decrypt */ | |
608 | int | 607 | int | |
609 | RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) | 608 | RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) | |
610 | { | 609 | { | |
611 | USE_ARG(padding); | 610 | USE_ARG(padding); | |
612 | if (from == NULL || to == NULL || rsa == NULL) { | 611 | if (from == NULL || to == NULL || rsa == NULL) { | |
613 | return -1; | 612 | return -1; | |
614 | } | 613 | } | |
615 | return lowlevel_rsa_private_decrypt(flen, from, to, rsa); | 614 | return lowlevel_rsa_private_decrypt(flen, from, to, rsa); | |
616 | } | 615 | } | |
617 | 616 | |||
618 | /* sign */ | 617 | /* sign */ | |
619 | int | 618 | int | |
620 | RSA_private_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa, int padding) | 619 | RSA_private_encrypt(int plainc, const unsigned char *plain, unsigned char *encbuf, RSA *rsa, int padding) | |
621 | { | 620 | { | |
622 | USE_ARG(padding); | 621 | USE_ARG(padding); | |
623 | if (plain == NULL || encbuf == NULL || rsa == NULL) { | 622 | if (plain == NULL || encbuf == NULL || rsa == NULL) { | |
624 | return -1; | 623 | return -1; | |
625 | } | 624 | } | |
626 | return lowlevel_rsa_private_encrypt(plainc, plain, encbuf, rsa); | 625 | return lowlevel_rsa_private_encrypt(plainc, plain, encbuf, rsa); | |
627 | } | 626 | } | |
628 | 627 | |||
629 | /* verify */ | 628 | /* verify */ | |
630 | int | 629 | int | |
631 | RSA_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding) | 630 | RSA_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding) | |
632 | { | 631 | { | |
633 | rsa_pubkey_t pub; | 632 | rsa_pubkey_t pub; | |
634 | int ret; | 633 | int ret; | |
635 | 634 | |||
636 | if (enc == NULL || dec == NULL || rsa == NULL) { | 635 | if (enc == NULL || dec == NULL || rsa == NULL) { | |
637 | return 0; | 636 | return 0; | |
638 | } | 637 | } | |
639 | USE_ARG(padding); | 638 | USE_ARG(padding); | |
640 | (void) memset(&pub, 0x0, sizeof(pub)); | 639 | (void) memset(&pub, 0x0, sizeof(pub)); | |
641 | pub.n = PGPV_BN_dup(rsa->n); | 640 | pub.n = PGPV_BN_dup(rsa->n); | |
642 | pub.e = PGPV_BN_dup(rsa->e); | 641 | pub.e = PGPV_BN_dup(rsa->e); | |
643 | ret = lowlevel_rsa_public_decrypt(enc, enclen, dec, &pub); | 642 | ret = lowlevel_rsa_public_decrypt(enc, enclen, dec, &pub); | |
644 | PGPV_BN_free(pub.n); | 643 | PGPV_BN_free(pub.n); | |
645 | PGPV_BN_free(pub.e); | 644 | PGPV_BN_free(pub.e); | |
646 | return ret; | 645 | return ret; | |
647 | } | 646 | } | |
648 | 647 | |||
649 | /***********************************************************************/ | 648 | /***********************************************************************/ | |
650 | 649 | |||
651 | DSA * | 650 | DSA * | |
652 | DSA_new(void) | 651 | DSA_new(void) | |
653 | { | 652 | { | |
654 | return netpgp_allocate(1, sizeof(DSA)); | 653 | return netpgp_allocate(1, sizeof(DSA)); | |
655 | } | 654 | } | |
656 | 655 | |||
657 | void | 656 | void | |
658 | DSA_free(DSA *dsa) | 657 | DSA_free(DSA *dsa) | |
659 | { | 658 | { | |
660 | if (dsa) { | 659 | if (dsa) { | |
661 | netpgp_deallocate(dsa, sizeof(*dsa)); | 660 | netpgp_deallocate(dsa, sizeof(*dsa)); | |
662 | } | 661 | } | |
663 | } | 662 | } | |
664 | 663 | |||
665 | DSA_SIG * | 664 | DSA_SIG * | |
666 | DSA_SIG_new(void) | 665 | DSA_SIG_new(void) | |
667 | { | 666 | { | |
668 | return netpgp_allocate(1, sizeof(DSA_SIG)); | 667 | return netpgp_allocate(1, sizeof(DSA_SIG)); | |
669 | } | 668 | } | |
670 | 669 | |||
671 | void | 670 | void | |
672 | DSA_SIG_free(DSA_SIG *sig) | 671 | DSA_SIG_free(DSA_SIG *sig) | |
673 | { | 672 | { | |
674 | if (sig) { | 673 | if (sig) { | |
675 | netpgp_deallocate(sig, sizeof(*sig)); | 674 | netpgp_deallocate(sig, sizeof(*sig)); | |
676 | } | 675 | } | |
677 | } | 676 | } | |
678 | 677 | |||
679 | DSA_SIG * | 678 | DSA_SIG * | |
680 | DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | 679 | DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |
681 | { | 680 | { | |
682 | /* STUBBED */ | 681 | /* STUBBED */ | |
683 | USE_ARG(dgst); | 682 | USE_ARG(dgst); | |
684 | USE_ARG(dlen); | 683 | USE_ARG(dlen); | |
685 | USE_ARG(dsa); | 684 | USE_ARG(dsa); | |
686 | printf("DSA_do_sign stubbed\n"); | 685 | printf("DSA_do_sign stubbed\n"); | |
687 | return DSA_SIG_new(); | 686 | return DSA_SIG_new(); | |
688 | } | 687 | } | |
689 | 688 | |||
690 | int | 689 | int | |
691 | DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) | 690 | DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) | |
692 | { | 691 | { | |
693 | if (dgst == NULL || dgst_len == 0 || sig == NULL || dsa == NULL) { | 692 | if (dgst == NULL || dgst_len == 0 || sig == NULL || dsa == NULL) { | |
694 | return -1; | 693 | return -1; | |
695 | } | 694 | } | |
696 | return dsa_do_verify(dgst, dgst_len, sig, dsa); | 695 | return dsa_do_verify(dgst, dgst_len, sig, dsa); | |
697 | } | 696 | } |
@@ -1,112 +1,111 @@ | @@ -1,112 +1,111 @@ | |||
1 | /*- | 1 | /*- | |
2 | * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org> | 2 | * Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org> | |
3 | * All rights reserved. | 3 | * All rights reserved. | |
4 | * | 4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | 7 | * are met: | |
8 | * 1. Redistributions of source code must retain the above copyright | 8 | * 1. Redistributions of source code must retain the above copyright | |
9 | * notice, this list of conditions and the following disclaimer. | 9 | * notice, this list of conditions and the following disclaimer. | |
10 | * 2. Redistributions in binary form must reproduce the above copyright | 10 | * 2. Redistributions in binary form must reproduce the above copyright | |
11 | * notice, this list of conditions and the following disclaimer in the | 11 | * notice, this list of conditions and the following disclaimer in the | |
12 | * documentation and/or other materials provided with the distribution. | 12 | * documentation and/or other materials provided with the distribution. | |
13 | * | 13 | * | |
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | */ | 24 | */ | |
25 | #include <sys/types.h> | 25 | #include <sys/types.h> | |
26 | #include <sys/param.h> | 26 | #include <sys/param.h> | |
27 | #include <sys/syslog.h> | |||
28 | 27 | |||
29 | #ifdef _KERNEL | 28 | #ifdef _KERNEL | |
30 | # include <sys/kmem.h> | 29 | # include <sys/kmem.h> | |
31 | #else | 30 | #else | |
32 | # include <ctype.h> | 31 | # include <ctype.h> | |
33 | # include <inttypes.h> | 32 | # include <inttypes.h> | |
34 | # include <stdarg.h> | 33 | # include <stdarg.h> | |
35 | # include <stdio.h> | 34 | # include <stdio.h> | |
36 | # include <stdlib.h> | 35 | # include <stdlib.h> | |
37 | # include <string.h> | 36 | # include <string.h> | |
38 | # include <time.h> | 37 | # include <time.h> | |
39 | # include <unistd.h> | 38 | # include <unistd.h> | |
40 | #endif | 39 | #endif | |
41 | 40 | |||
42 | #include "misc.h" | 41 | #include "misc.h" | |
43 | 42 | |||
44 | #ifndef USE_ARG | 43 | #ifndef USE_ARG | |
45 | #define USE_ARG(x) /*LINTED*/(void)&(x) | 44 | #define USE_ARG(x) /*LINTED*/(void)&(x) | |
46 | #endif | 45 | #endif | |
47 | 46 | |||
48 | void * | 47 | void * | |
49 | netpgp_allocate(size_t n, size_t nels) | 48 | netpgp_allocate(size_t n, size_t nels) | |
50 | { | 49 | { | |
51 | #ifdef _KERNEL | 50 | #ifdef _KERNEL | |
52 | return kmem_zalloc(n * nels, KM_SLEEP); | 51 | return kmem_zalloc(n * nels, KM_SLEEP); | |
53 | #else | 52 | #else | |
54 | return calloc(n, nels); | 53 | return calloc(n, nels); | |
55 | #endif | 54 | #endif | |
56 | } | 55 | } | |
57 | 56 | |||
58 | void | 57 | void | |
59 | netpgp_deallocate(void *ptr, size_t size) | 58 | netpgp_deallocate(void *ptr, size_t size) | |
60 | { | 59 | { | |
61 | #ifdef _KERNEL | 60 | #ifdef _KERNEL | |
62 | kmem_free(ptr, size); | 61 | kmem_free(ptr, size); | |
63 | #else | 62 | #else | |
64 | USE_ARG(size); | 63 | USE_ARG(size); | |
65 | free(ptr); | 64 | free(ptr); | |
66 | #endif | 65 | #endif | |
67 | } | 66 | } | |
68 | 67 | |||
69 | #define HEXDUMP_LINELEN 16 | 68 | #define HEXDUMP_LINELEN 16 | |
70 | 69 | |||
71 | #ifndef PRIsize | 70 | #ifndef PRIsize | |
72 | #define PRIsize "z" | 71 | #define PRIsize "z" | |
73 | #endif | 72 | #endif | |
74 | 73 | |||
75 | /* show hexadecimal/ascii dump */ | 74 | /* show hexadecimal/ascii dump */ | |
76 | ssize_t | 75 | ssize_t | |
77 | netpgp_hexdump(const void *vin, const size_t len, void *outvp, size_t size) | 76 | netpgp_hexdump(const void *vin, const size_t len, void *outvp, size_t size) | |
78 | { | 77 | { | |
79 | const char *in = (const char *)vin; | 78 | const char *in = (const char *)vin; | |
80 | size_t i; | 79 | size_t i; | |
81 | char line[HEXDUMP_LINELEN + 1]; | 80 | char line[HEXDUMP_LINELEN + 1]; | |
82 | char *out = (char *)outvp; | 81 | char *out = (char *)outvp; | |
83 | int o; | 82 | int o; | |
84 | 83 | |||
85 | for (i = 0, o = 0 ; i < len ; i++) { | 84 | for (i = 0, o = 0 ; i < len ; i++) { | |
86 | if (i % HEXDUMP_LINELEN == 0) { | 85 | if (i % HEXDUMP_LINELEN == 0) { | |
87 | o += snprintf(&out[o], size - o, | 86 | o += snprintf(&out[o], size - o, | |
88 | "%.5" PRIsize "u | ", i); | 87 | "%.5" PRIsize "u | ", i); | |
89 | } else if (i % (HEXDUMP_LINELEN / 2) == 0) { | 88 | } else if (i % (HEXDUMP_LINELEN / 2) == 0) { | |
90 | o += snprintf(&out[o], size - o, " "); | 89 | o += snprintf(&out[o], size - o, " "); | |
91 | } | 90 | } | |
92 | o += snprintf(&out[o], size - o, "%.02x ", (uint8_t)in[i]); | 91 | o += snprintf(&out[o], size - o, "%.02x ", (uint8_t)in[i]); | |
93 | line[i % HEXDUMP_LINELEN] = | 92 | line[i % HEXDUMP_LINELEN] = | |
94 | (isprint((uint8_t)in[i])) ? in[i] : '.'; | 93 | (isprint((uint8_t)in[i])) ? in[i] : '.'; | |
95 | if (i % HEXDUMP_LINELEN == HEXDUMP_LINELEN - 1) { | 94 | if (i % HEXDUMP_LINELEN == HEXDUMP_LINELEN - 1) { | |
96 | line[HEXDUMP_LINELEN] = 0x0; | 95 | line[HEXDUMP_LINELEN] = 0x0; | |
97 | o += snprintf(&out[o], size - o, " | %s\n", line); | 96 | o += snprintf(&out[o], size - o, " | %s\n", line); | |
98 | } | 97 | } | |
99 | } | 98 | } | |
100 | if (i % HEXDUMP_LINELEN != 0) { | 99 | if (i % HEXDUMP_LINELEN != 0) { | |
101 | for ( ; i % HEXDUMP_LINELEN != 0 ; i++) { | 100 | for ( ; i % HEXDUMP_LINELEN != 0 ; i++) { | |
102 | o += snprintf(&out[o], size - o, " "); | 101 | o += snprintf(&out[o], size - o, " "); | |
103 | if (i % (HEXDUMP_LINELEN / 2) == 0) { | 102 | if (i % (HEXDUMP_LINELEN / 2) == 0) { | |
104 | o += snprintf(&out[o], size - o, " "); | 103 | o += snprintf(&out[o], size - o, " "); | |
105 | } | 104 | } | |
106 | line[i % HEXDUMP_LINELEN] = ' '; | 105 | line[i % HEXDUMP_LINELEN] = ' '; | |
107 | } | 106 | } | |
108 | line[HEXDUMP_LINELEN] = 0x0; | 107 | line[HEXDUMP_LINELEN] = 0x0; | |
109 | o += snprintf(&out[o], size - o, " | %s\n", line); | 108 | o += snprintf(&out[o], size - o, " | %s\n", line); | |
110 | } | 109 | } | |
111 | return (ssize_t)o; | 110 | return (ssize_t)o; | |
112 | } | 111 | } |
@@ -1,298 +1,298 @@ | @@ -1,298 +1,298 @@ | |||
1 | /*- | 1 | /*- | |
2 | * Copyright (c) 2012,2013,2014,2015 Alistair Crooks <agc@NetBSD.org> | 2 | * Copyright (c) 2012,2013,2014,2015 Alistair Crooks <agc@NetBSD.org> | |
3 | * All rights reserved. | 3 | * All rights reserved. | |
4 | * | 4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | 7 | * are met: | |
8 | * 1. Redistributions of source code must retain the above copyright | 8 | * 1. Redistributions of source code must retain the above copyright | |
9 | * notice, this list of conditions and the following disclaimer. | 9 | * notice, this list of conditions and the following disclaimer. | |
10 | * 2. Redistributions in binary form must reproduce the above copyright | 10 | * 2. Redistributions in binary form must reproduce the above copyright | |
11 | * notice, this list of conditions and the following disclaimer in the | 11 | * notice, this list of conditions and the following disclaimer in the | |
12 | * documentation and/or other materials provided with the distribution. | 12 | * documentation and/or other materials provided with the distribution. | |
13 | * | 13 | * | |
14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR | |
15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 15 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | |
16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 16 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | |
17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | 17 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, | |
18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 18 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 19 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | |
20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 20 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | |
21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 21 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | |
23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
24 | */ | 24 | */ | |
25 | #ifndef NETPGP_VERIFY_H_ | 25 | #ifndef NETPGP_VERIFY_H_ | |
26 | #define NETPGP_VERIFY_H_ 20150911 | 26 | #define NETPGP_VERIFY_H_ 20150919 | |
27 | 27 | |||
28 | #define NETPGPVERIFY_VERSION "netpgpverify portable 20150901" | 28 | #define NETPGPVERIFY_VERSION "netpgpverify portable 20150919" | |
29 | 29 | |||
30 | #include <sys/types.h> | 30 | #include <sys/types.h> | |
31 | 31 | |||
32 | #include <inttypes.h> | 32 | #include <inttypes.h> | |
33 | 33 | |||
34 | #ifndef PGPV_ARRAY | 34 | #ifndef PGPV_ARRAY | |
35 | /* creates 2 unsigned vars called "name"c and "name"size in current scope */ | 35 | /* creates 2 unsigned vars called "name"c and "name"size in current scope */ | |
36 | /* also creates an array called "name"s in current scope */ | 36 | /* also creates an array called "name"s in current scope */ | |
37 | #define PGPV_ARRAY(type, name) \ | 37 | #define PGPV_ARRAY(type, name) \ | |
38 | unsigned name##c; unsigned name##vsize; type *name##s | 38 | unsigned name##c; unsigned name##vsize; type *name##s | |
39 | #endif | 39 | #endif | |
40 | 40 | |||
41 | /* 64bit key ids */ | 41 | /* 64bit key ids */ | |
42 | #define PGPV_KEYID_LEN 8 | 42 | #define PGPV_KEYID_LEN 8 | |
43 | #define PGPV_STR_KEYID_LEN (PGPV_KEYID_LEN + PGPV_KEYID_LEN + 1) | 43 | #define PGPV_STR_KEYID_LEN (PGPV_KEYID_LEN + PGPV_KEYID_LEN + 1) | |
44 | 44 | |||
45 | /* bignum structure */ | 45 | /* bignum structure */ | |
46 | typedef struct pgpv_bignum_t { | 46 | typedef struct pgpv_bignum_t { | |
47 | void *bn; /* hide the implementation details */ | 47 | void *bn; /* hide the implementation details */ | |
48 | uint16_t bits; /* cached number of bits */ | 48 | uint16_t bits; /* cached number of bits */ | |
49 | } pgpv_bignum_t; | 49 | } pgpv_bignum_t; | |
50 | 50 | |||
51 | /* right now, our max binary digest length is 20 bytes */ | 51 | /* right now, our max binary digest length is 20 bytes */ | |
52 | #define PGPV_MAX_HASH_LEN 64 | 52 | #define PGPV_MAX_HASH_LEN 64 | |
53 | 53 | |||
54 | /* fingerprint */ | 54 | /* fingerprint */ | |
55 | typedef struct pgpv_fingerprint_t { | 55 | typedef struct pgpv_fingerprint_t { | |
56 | uint8_t hashalg; /* algorithm for digest */ | 56 | uint8_t hashalg; /* algorithm for digest */ | |
57 | uint8_t v[PGPV_MAX_HASH_LEN]; /* the digest */ | 57 | uint8_t v[PGPV_MAX_HASH_LEN]; /* the digest */ | |
58 | uint32_t len; /* its length */ | 58 | uint32_t len; /* its length */ | |
59 | } pgpv_fingerprint_t; | 59 | } pgpv_fingerprint_t; | |
60 | 60 | |||
61 | /* specify size for array of bignums */ | 61 | /* specify size for array of bignums */ | |
62 | #define PGPV_MAX_PUBKEY_BN 4 | 62 | #define PGPV_MAX_PUBKEY_BN 4 | |
63 | 63 | |||
64 | /* public key */ | 64 | /* public key */ | |
65 | typedef struct pgpv_pubkey_t { | 65 | typedef struct pgpv_pubkey_t { | |
66 | pgpv_fingerprint_t fingerprint; /* key fingerprint i.e. digest */ | 66 | pgpv_fingerprint_t fingerprint; /* key fingerprint i.e. digest */ | |
67 | uint8_t keyid[PGPV_KEYID_LEN]; /* last 8 bytes of v4 keys */ | 67 | uint8_t keyid[PGPV_KEYID_LEN]; /* last 8 bytes of v4 keys */ | |
68 | int64_t birth; /* creation time */ | 68 | int64_t birth; /* creation time */ | |
69 | int64_t expiry; /* expiry time */ | 69 | int64_t expiry; /* expiry time */ | |
70 | pgpv_bignum_t bn[PGPV_MAX_PUBKEY_BN]; /* bignums */ | 70 | pgpv_bignum_t bn[PGPV_MAX_PUBKEY_BN]; /* bignums */ | |
71 | uint8_t keyalg; /* key algorithm */ | 71 | uint8_t keyalg; /* key algorithm */ | |
72 | uint8_t hashalg; /* hash algorithm */ | 72 | uint8_t hashalg; /* hash algorithm */ | |
73 | uint8_t version; /* key version */ | 73 | uint8_t version; /* key version */ | |
74 | } pgpv_pubkey_t; | 74 | } pgpv_pubkey_t; | |
75 | 75 | |||
76 | #define PGPV_MAX_SESSKEY_BN 2 | 76 | #define PGPV_MAX_SESSKEY_BN 2 | |
77 | 77 | |||
78 | /* a (size, byte array) string */ | 78 | /* a (size, byte array) string */ | |
79 | typedef struct pgpv_string_t { | 79 | typedef struct pgpv_string_t { | |
80 | size_t size; | 80 | size_t size; | |
81 | uint8_t *data; | 81 | uint8_t *data; | |
82 | } pgpv_string_t; | 82 | } pgpv_string_t; | |
83 | 83 | |||
84 | typedef struct pgpv_ref_t { | 84 | typedef struct pgpv_ref_t { | |
85 | void *vp; | 85 | void *vp; | |
86 | size_t offset; | 86 | size_t offset; | |
87 | unsigned mem; | 87 | unsigned mem; | |
88 | } pgpv_ref_t; | 88 | } pgpv_ref_t; | |
89 | 89 | |||
90 | #define PGPV_MAX_SECKEY_BN 4 | 90 | #define PGPV_MAX_SECKEY_BN 4 | |
91 | 91 | |||
92 | typedef struct pgpv_compress_t { | 92 | typedef struct pgpv_compress_t { | |
93 | pgpv_string_t s; | 93 | pgpv_string_t s; | |
94 | uint8_t compalg; | 94 | uint8_t compalg; | |
95 | } pgpv_compress_t; | 95 | } pgpv_compress_t; | |
96 | 96 | |||
97 | /* a packet dealing with trust */ | 97 | /* a packet dealing with trust */ | |
98 | typedef struct pgpv_trust_t { | 98 | typedef struct pgpv_trust_t { | |
99 | uint8_t level; | 99 | uint8_t level; | |
100 | uint8_t amount; | 100 | uint8_t amount; | |
101 | } pgpv_trust_t; | 101 | } pgpv_trust_t; | |
102 | 102 | |||
103 | /* a signature sub packet */ | 103 | /* a signature sub packet */ | |
104 | typedef struct pgpv_sigsubpkt_t { | 104 | typedef struct pgpv_sigsubpkt_t { | |
105 | pgpv_string_t s; | 105 | pgpv_string_t s; | |
106 | uint8_t tag; | 106 | uint8_t tag; | |
107 | uint8_t critical; | 107 | uint8_t critical; | |
108 | } pgpv_sigsubpkt_t; | 108 | } pgpv_sigsubpkt_t; | |
109 | 109 | |||
110 | #define PGPV_MAX_SIG_BN 2 | 110 | #define PGPV_MAX_SIG_BN 2 | |
111 | 111 | |||
112 | typedef struct pgpv_signature_t { | 112 | typedef struct pgpv_signature_t { | |
113 | uint8_t *signer; /* key id of signer */ | 113 | uint8_t *signer; /* key id of signer */ | |
114 | pgpv_ref_t hashstart; | 114 | pgpv_ref_t hashstart; | |
115 | uint8_t *hash2; | 115 | uint8_t *hash2; | |
116 | uint8_t *mpi; | 116 | uint8_t *mpi; | |
117 | int64_t birth; | 117 | int64_t birth; | |
118 | int64_t keyexpiry; | 118 | int64_t keyexpiry; | |
119 | int64_t expiry; | 119 | int64_t expiry; | |
120 | uint32_t hashlen; | 120 | uint32_t hashlen; | |
121 | uint8_t version; | 121 | uint8_t version; | |
122 | uint8_t type; | 122 | uint8_t type; | |
123 | uint8_t keyalg; | 123 | uint8_t keyalg; | |
124 | uint8_t hashalg; | 124 | uint8_t hashalg; | |
125 | uint8_t trustlevel; | 125 | uint8_t trustlevel; | |
126 | uint8_t trustamount; | 126 | uint8_t trustamount; | |
127 | pgpv_bignum_t bn[PGPV_MAX_SIG_BN]; | 127 | pgpv_bignum_t bn[PGPV_MAX_SIG_BN]; | |
128 | char *regexp; | 128 | char *regexp; | |
129 | char *pref_key_server; | 129 | char *pref_key_server; | |
130 | char *policy; | 130 | char *policy; | |
131 | char *features; | 131 | char *features; | |
132 | char *why_revoked; | 132 | char *why_revoked; | |
133 | uint8_t *revoke_fingerprint; | 133 | uint8_t *revoke_fingerprint; | |
134 | uint8_t revoke_alg; | 134 | uint8_t revoke_alg; | |
135 | uint8_t revoke_sensitive; | 135 | uint8_t revoke_sensitive; | |
136 | uint8_t trustsig; | 136 | uint8_t trustsig; | |
137 | uint8_t revocable; | 137 | uint8_t revocable; | |
138 | uint8_t pref_symm_alg; | 138 | uint8_t pref_symm_alg; | |
139 | uint8_t pref_hash_alg; | 139 | uint8_t pref_hash_alg; | |
140 | uint8_t pref_compress_alg; | 140 | uint8_t pref_compress_alg; | |
141 | uint8_t key_server_modify; | 141 | uint8_t key_server_modify; | |
142 | uint8_t notation; | 142 | uint8_t notation; | |
143 | uint8_t type_key; | 143 | uint8_t type_key; | |
144 | uint8_t primary_userid; | 144 | uint8_t primary_userid; | |
145 | uint8_t revoked; /* subtract 1 to get real reason, 0 == not revoked */ | 145 | uint8_t revoked; /* subtract 1 to get real reason, 0 == not revoked */ | |
146 | } pgpv_signature_t; | 146 | } pgpv_signature_t; | |
147 | 147 | |||
148 | /* a signature packet */ | 148 | /* a signature packet */ | |
149 | typedef struct pgpv_sigpkt_t { | 149 | typedef struct pgpv_sigpkt_t { | |
150 | pgpv_signature_t sig; | 150 | pgpv_signature_t sig; | |
151 | uint16_t subslen; | 151 | uint16_t subslen; | |
152 | uint16_t unhashlen; | 152 | uint16_t unhashlen; | |
153 | PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts); | 153 | PGPV_ARRAY(pgpv_sigsubpkt_t, subpkts); | |
154 | } pgpv_sigpkt_t; | 154 | } pgpv_sigpkt_t; | |
155 | 155 | |||
156 | /* a one-pass signature packet */ | 156 | /* a one-pass signature packet */ | |
157 | typedef struct pgpv_onepass_t { | 157 | typedef struct pgpv_onepass_t { | |
158 | uint8_t keyid[PGPV_KEYID_LEN]; | 158 | uint8_t keyid[PGPV_KEYID_LEN]; | |
159 | uint8_t version; | 159 | uint8_t version; | |
160 | uint8_t type; | 160 | uint8_t type; | |
161 | uint8_t hashalg; | 161 | uint8_t hashalg; | |
162 | uint8_t keyalg; | 162 | uint8_t keyalg; | |
163 | uint8_t nested; | 163 | uint8_t nested; | |
164 | } pgpv_onepass_t; | 164 | } pgpv_onepass_t; | |
165 | 165 | |||
166 | /* a literal data packet */ | 166 | /* a literal data packet */ | |
167 | typedef struct pgpv_litdata_t { | 167 | typedef struct pgpv_litdata_t { | |
168 | uint8_t *filename; | 168 | uint8_t *filename; | |
169 | pgpv_string_t s; | 169 | pgpv_string_t s; | |
170 | uint32_t secs; | 170 | uint32_t secs; | |
171 | uint8_t namelen; | 171 | uint8_t namelen; | |
172 | char format; | 172 | char format; | |
173 | unsigned mem; | 173 | unsigned mem; | |
174 | size_t offset; | 174 | size_t offset; | |
175 | size_t len; | 175 | size_t len; | |
176 | } pgpv_litdata_t; | 176 | } pgpv_litdata_t; | |
177 | 177 | |||
178 | /* user attributes - images */ | 178 | /* user attributes - images */ | |
179 | typedef struct pgpv_userattr_t { | 179 | typedef struct pgpv_userattr_t { | |
180 | size_t len; | 180 | size_t len; | |
181 | PGPV_ARRAY(pgpv_string_t, subattrs); | 181 | PGPV_ARRAY(pgpv_string_t, subattrs); | |
182 | } pgpv_userattr_t; | 182 | } pgpv_userattr_t; | |
183 | 183 | |||
184 | /* a general PGP packet */ | 184 | /* a general PGP packet */ | |
185 | typedef struct pgpv_pkt_t { | 185 | typedef struct pgpv_pkt_t { | |
186 | uint8_t tag; | 186 | uint8_t tag; | |
187 | uint8_t newfmt; | 187 | uint8_t newfmt; | |
188 | uint8_t allocated; | 188 | uint8_t allocated; | |
189 | uint8_t mement; | 189 | uint8_t mement; | |
190 | size_t offset; | 190 | size_t offset; | |
191 | pgpv_string_t s; | 191 | pgpv_string_t s; | |
192 | union { | 192 | union { | |
193 | pgpv_sigpkt_t sigpkt; | 193 | pgpv_sigpkt_t sigpkt; | |
194 | pgpv_onepass_t onepass; | 194 | pgpv_onepass_t onepass; | |
195 | pgpv_litdata_t litdata; | 195 | pgpv_litdata_t litdata; | |
196 | pgpv_compress_t compressed; | 196 | pgpv_compress_t compressed; | |
197 | pgpv_trust_t trust; | 197 | pgpv_trust_t trust; | |
198 | pgpv_pubkey_t pubkey; | 198 | pgpv_pubkey_t pubkey; | |
199 | pgpv_string_t userid; | 199 | pgpv_string_t userid; | |
200 | pgpv_userattr_t userattr; | 200 | pgpv_userattr_t userattr; | |
201 | } u; | 201 | } u; | |
202 | } pgpv_pkt_t; | 202 | } pgpv_pkt_t; | |
203 | 203 | |||
204 | /* a memory structure */ | 204 | /* a memory structure */ | |
205 | typedef struct pgpv_mem_t { | 205 | typedef struct pgpv_mem_t { | |
206 | size_t size; | 206 | size_t size; | |
207 | size_t cc; | 207 | size_t cc; | |
208 | uint8_t *mem; | 208 | uint8_t *mem; | |
209 | FILE *fp; | 209 | FILE *fp; | |
210 | uint8_t dealloc; | 210 | uint8_t dealloc; | |
211 | const char *allowed; /* the types of packet that are allowed */ | 211 | const char *allowed; /* the types of packet that are allowed */ | |
212 | } pgpv_mem_t; | 212 | } pgpv_mem_t; | |
213 | 213 | |||
214 | /* packet parser */ | 214 | /* packet parser */ | |
215 | 215 | |||
216 | typedef struct pgpv_signed_userid_t { | 216 | typedef struct pgpv_signed_userid_t { | |
217 | pgpv_string_t userid; | 217 | pgpv_string_t userid; | |
218 | PGPV_ARRAY(pgpv_signature_t, sigs); | 218 | PGPV_ARRAY(pgpv_signature_t, sigs); | |
219 | uint8_t primary_userid; | 219 | uint8_t primary_userid; | |
220 | uint8_t revoked; | 220 | uint8_t revoked; | |
221 | } pgpv_signed_userid_t; | 221 | } pgpv_signed_userid_t; | |
222 | 222 | |||
223 | typedef struct pgpv_signed_userattr_t { | 223 | typedef struct pgpv_signed_userattr_t { | |
224 | pgpv_userattr_t userattr; | 224 | pgpv_userattr_t userattr; | |
225 | PGPV_ARRAY(pgpv_signature_t, sigs); | 225 | PGPV_ARRAY(pgpv_signature_t, sigs); | |
226 | uint8_t revoked; | 226 | uint8_t revoked; | |
227 | } pgpv_signed_userattr_t; | 227 | } pgpv_signed_userattr_t; | |
228 | 228 | |||
229 | typedef struct pgpv_signed_subkey_t { | 229 | typedef struct pgpv_signed_subkey_t { | |
230 | pgpv_pubkey_t subkey; | 230 | pgpv_pubkey_t subkey; | |
231 | pgpv_signature_t revoc_self_sig; | 231 | pgpv_signature_t revoc_self_sig; | |
232 | PGPV_ARRAY(pgpv_signature_t, sigs); | 232 | PGPV_ARRAY(pgpv_signature_t, sigs); | |
233 | } pgpv_signed_subkey_t; | 233 | } pgpv_signed_subkey_t; | |
234 | 234 | |||
235 | typedef struct pgpv_primarykey_t { | 235 | typedef struct pgpv_primarykey_t { | |
236 | pgpv_pubkey_t primary; | 236 | pgpv_pubkey_t primary; | |
237 | pgpv_signature_t revoc_self_sig; | 237 | pgpv_signature_t revoc_self_sig; | |
238 | PGPV_ARRAY(pgpv_signature_t, direct_sigs); | 238 | PGPV_ARRAY(pgpv_signature_t, direct_sigs); | |
239 | PGPV_ARRAY(pgpv_signed_userid_t, signed_userids); | 239 | PGPV_ARRAY(pgpv_signed_userid_t, signed_userids); | |
240 | PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs); | 240 | PGPV_ARRAY(pgpv_signed_userattr_t, signed_userattrs); | |
241 | PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys); | 241 | PGPV_ARRAY(pgpv_signed_subkey_t, signed_subkeys); | |
242 | size_t fmtsize; | 242 | size_t fmtsize; | |
243 | uint8_t primary_userid; | 243 | uint8_t primary_userid; | |
244 | } pgpv_primarykey_t; | 244 | } pgpv_primarykey_t; | |
245 | 245 | |||
246 | /* everything stems from this structure */ | 246 | /* everything stems from this structure */ | |
247 | typedef struct pgpv_t { | 247 | typedef struct pgpv_t { | |
248 | PGPV_ARRAY(pgpv_pkt_t, pkts); /* packet array */ | 248 | PGPV_ARRAY(pgpv_pkt_t, pkts); /* packet array */ | |
249 | PGPV_ARRAY(pgpv_primarykey_t, primaries); /* array of primary keys */ | 249 | PGPV_ARRAY(pgpv_primarykey_t, primaries); /* array of primary keys */ | |
250 | PGPV_ARRAY(pgpv_mem_t, areas); /* areas we read packets from */ | 250 | PGPV_ARRAY(pgpv_mem_t, areas); /* areas we read packets from */ | |
251 | PGPV_ARRAY(size_t, datastarts); /* starts of data packets */ | 251 | PGPV_ARRAY(size_t, datastarts); /* starts of data packets */ | |
252 | size_t pkt; /* when parsing, current pkt number */ | 252 | size_t pkt; /* when parsing, current pkt number */ | |
253 | const char *op; /* the operation we're doing */ | 253 | const char *op; /* the operation we're doing */ | |
254 | unsigned ssh; /* using ssh keys */ | 254 | unsigned ssh; /* using ssh keys */ | |
255 | } pgpv_t; | 255 | } pgpv_t; | |
256 | 256 | |||
257 | #define PGPV_REASON_LEN 128 | 257 | #define PGPV_REASON_LEN 128 | |
258 | 258 | |||
259 | /* when searching, we define a cursor, and fill in an array of subscripts */ | 259 | /* when searching, we define a cursor, and fill in an array of subscripts */ | |
260 | typedef struct pgpv_cursor_t { | 260 | typedef struct pgpv_cursor_t { | |
261 | pgpv_t *pgp; /* pointer to pgp tree */ | 261 | pgpv_t *pgp; /* pointer to pgp tree */ | |
262 | char *field; /* field we're searching on */ | 262 | char *field; /* field we're searching on */ | |
263 | char *op; /* operation we're doing */ | 263 | char *op; /* operation we're doing */ | |
264 | char *value; /* value we're searching for */ | 264 | char *value; /* value we're searching for */ | |
265 | void *ptr; /* for regexps etc */ | 265 | void *ptr; /* for regexps etc */ | |
266 | PGPV_ARRAY(uint32_t, found); /* array of matched pimary key subscripts */ | 266 | PGPV_ARRAY(uint32_t, found); /* array of matched pimary key subscripts */ | |
267 | PGPV_ARRAY(size_t, datacookies); /* cookies to retrieve matched data */ | 267 | PGPV_ARRAY(size_t, datacookies); /* cookies to retrieve matched data */ | |
268 | int64_t sigtime; /* time of signature */ | 268 | int64_t sigtime; /* time of signature */ | |
269 | char why[PGPV_REASON_LEN]; /* reason for bad signature */ | 269 | char why[PGPV_REASON_LEN]; /* reason for bad signature */ | |
270 | } pgpv_cursor_t; | 270 | } pgpv_cursor_t; | |
271 | 271 | |||
272 | #ifndef __BEGIN_DECLS | 272 | #ifndef __BEGIN_DECLS | |
273 | # if defined(__cplusplus) | 273 | # if defined(__cplusplus) | |
274 | # define __BEGIN_DECLS extern "C" { | 274 | # define __BEGIN_DECLS extern "C" { | |
275 | # define __END_DECLS } | 275 | # define __END_DECLS } | |
276 | # else | 276 | # else | |
277 | # define __BEGIN_DECLS | 277 | # define __BEGIN_DECLS | |
278 | # define __END_DECLS | 278 | # define __END_DECLS | |
279 | # endif | 279 | # endif | |
280 | #endif | 280 | #endif | |
281 | 281 | |||
282 | __BEGIN_DECLS | 282 | __BEGIN_DECLS | |
283 | 283 | |||
284 | int pgpv_read_pubring(pgpv_t */*pgp*/, const void */*keyringfile/mem*/, ssize_t /*size*/); | 284 | int pgpv_read_pubring(pgpv_t */*pgp*/, const void */*keyringfile/mem*/, ssize_t /*size*/); | |
285 | int pgpv_read_ssh_pubkeys(pgpv_t */*pgp*/, const void */*keyring*/, ssize_t /*size*/); | 285 | int pgpv_read_ssh_pubkeys(pgpv_t */*pgp*/, const void */*keyring*/, ssize_t /*size*/); | |
286 | 286 | |||
287 | size_t pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/); | 287 | size_t pgpv_verify(pgpv_cursor_t */*cursor*/, pgpv_t */*pgp*/, const void */*mem/file*/, ssize_t /*size*/); | |
288 | size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, size_t /*cookie*/, char **/*ret*/); | 288 | size_t pgpv_get_verified(pgpv_cursor_t */*cursor*/, size_t /*cookie*/, char **/*ret*/); | |
289 | int pgpv_get_cursor_element(pgpv_cursor_t */*cursor*/, size_t /*element*/); | 289 | int pgpv_get_cursor_element(pgpv_cursor_t */*cursor*/, size_t /*element*/); | |
290 | size_t pgpv_dump(pgpv_t */*pgp*/, char **/*data*/); | 290 | size_t pgpv_dump(pgpv_t */*pgp*/, char **/*data*/); | |
291 | 291 | |||
292 | size_t pgpv_get_entry(pgpv_t */*pgp*/, unsigned /*ent*/, char **/*ret*/, const char */*modifiers*/); | 292 | size_t pgpv_get_entry(pgpv_t */*pgp*/, unsigned /*ent*/, char **/*ret*/, const char */*modifiers*/); | |
293 | 293 | |||
294 | int pgpv_close(pgpv_t */*pgp*/); | 294 | int pgpv_close(pgpv_t */*pgp*/); | |
295 | 295 | |||
296 | __END_DECLS | 296 | __END_DECLS | |
297 | 297 | |||
298 | #endif | 298 | #endif |