summaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>1997-11-24 23:24:04 +0100
committerWerner Koch <wk@gnupg.org>1997-11-24 23:24:04 +0100
commit46900fbd437a134bd16e5030182fb3a219cd370e (patch)
treef13063a7c4896b189c7a3d09791d5464241174c7 /g10
parentIDEA removed, signing works (diff)
downloadgnupg2-46900fbd437a134bd16e5030182fb3a219cd370e.tar.xz
gnupg2-46900fbd437a134bd16e5030182fb3a219cd370e.zip
ElGamal funktioniert und ist default
Diffstat (limited to 'g10')
-rw-r--r--g10/Makefile.am1
-rw-r--r--g10/Makefile.in15
-rw-r--r--g10/build-packet.c43
-rw-r--r--g10/checksig.c96
-rw-r--r--g10/encode.c29
-rw-r--r--g10/free-packet.c91
-rw-r--r--g10/g10.c2
-rw-r--r--g10/getkey.c43
-rw-r--r--g10/keydb.h7
-rw-r--r--g10/keygen.c129
-rw-r--r--g10/keyid.c88
-rw-r--r--g10/main.h12
-rw-r--r--g10/mainproc.c33
-rw-r--r--g10/packet.h61
-rw-r--r--g10/parse-packet.c121
-rw-r--r--g10/pubkey-enc.c55
-rw-r--r--g10/seckey-cert.c102
-rw-r--r--g10/seskey.c47
-rw-r--r--g10/sig-check.c280
19 files changed, 909 insertions, 346 deletions
diff --git a/g10/Makefile.am b/g10/Makefile.am
index a8d13eaec..bb0b96552 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -21,6 +21,7 @@ g10_SOURCES = g10.c \
cipher.c \
options.h \
openfile.c \
+ keyid.c \
packet.h \
parse-packet.c \
passphrase.c \
diff --git a/g10/Makefile.in b/g10/Makefile.in
index d7b08551d..651fdf2dd 100644
--- a/g10/Makefile.in
+++ b/g10/Makefile.in
@@ -59,6 +59,7 @@ g10_SOURCES = g10.c \
cipher.c \
options.h \
openfile.c \
+ keyid.c \
packet.h \
parse-packet.c \
passphrase.c \
@@ -90,7 +91,7 @@ COMPILE = $(CC) -c $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS)
LINK = $(CC) $(LDFLAGS) -o $@
g10_OBJECTS = g10.o build-packet.o compress.o encode.o encr-data.o \
free-packet.o getkey.o keygen.o mainproc.o armor.o mdfilter.o cipher.o \
-openfile.o parse-packet.o passphrase.o plaintext.o pubkey-enc.o \
+openfile.o keyid.o parse-packet.o passphrase.o plaintext.o pubkey-enc.o \
seckey-cert.o seskey.o sign.o comment.o sig-check.o
EXTRA_g10_SOURCES =
g10_LDADD = $(LDADD)
@@ -111,12 +112,12 @@ $(srcdir)/.deps/cipher.P $(srcdir)/.deps/comment.P \
$(srcdir)/.deps/compress.P $(srcdir)/.deps/encode.P \
$(srcdir)/.deps/encr-data.P $(srcdir)/.deps/free-packet.P \
$(srcdir)/.deps/g10.P $(srcdir)/.deps/getkey.P $(srcdir)/.deps/keygen.P \
-$(srcdir)/.deps/mainproc.P $(srcdir)/.deps/mdfilter.P \
-$(srcdir)/.deps/openfile.P $(srcdir)/.deps/parse-packet.P \
-$(srcdir)/.deps/passphrase.P $(srcdir)/.deps/plaintext.P \
-$(srcdir)/.deps/pubkey-enc.P $(srcdir)/.deps/seckey-cert.P \
-$(srcdir)/.deps/seskey.P $(srcdir)/.deps/sig-check.P \
-$(srcdir)/.deps/sign.P
+$(srcdir)/.deps/keyid.P $(srcdir)/.deps/mainproc.P \
+$(srcdir)/.deps/mdfilter.P $(srcdir)/.deps/openfile.P \
+$(srcdir)/.deps/parse-packet.P $(srcdir)/.deps/passphrase.P \
+$(srcdir)/.deps/plaintext.P $(srcdir)/.deps/pubkey-enc.P \
+$(srcdir)/.deps/seckey-cert.P $(srcdir)/.deps/seskey.P \
+$(srcdir)/.deps/sig-check.P $(srcdir)/.deps/sign.P
SOURCES = $(g10_SOURCES)
OBJECTS = $(g10_OBJECTS)
diff --git a/g10/build-packet.c b/g10/build-packet.c
index 5bda607b9..c0ddb9e24 100644
--- a/g10/build-packet.c
+++ b/g10/build-packet.c
@@ -163,7 +163,12 @@ do_pubkey_cert( IOBUF out, int ctb, PKT_pubkey_cert *pkc )
write_32(a, pkc->timestamp );
write_16(a, pkc->valid_days );
iobuf_put(a, pkc->pubkey_algo );
- if( pkc->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ if( pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ mpi_encode(a, pkc->d.elg.p );
+ mpi_encode(a, pkc->d.elg.g );
+ mpi_encode(a, pkc->d.elg.y );
+ }
+ else if( pkc->pubkey_algo == PUBKEY_ALGO_RSA ) {
mpi_encode(a, pkc->d.rsa.rsa_n );
mpi_encode(a, pkc->d.rsa.rsa_e );
}
@@ -191,7 +196,26 @@ do_seckey_cert( IOBUF out, int ctb, PKT_seckey_cert *skc )
write_32(a, skc->timestamp );
write_16(a, skc->valid_days );
iobuf_put(a, skc->pubkey_algo );
- if( skc->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ if( skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ mpi_encode(a, skc->d.elg.p );
+ mpi_encode(a, skc->d.elg.g );
+ mpi_encode(a, skc->d.elg.y );
+ iobuf_put(a, skc->d.elg.protect_algo );
+ skc->d.elg.calc_csum = 0;
+ if( skc->d.elg.protect_algo ) {
+ assert( skc->d.elg.is_protected == 1 );
+ assert( skc->d.elg.protect_algo == CIPHER_ALGO_BLOWFISH );
+ iobuf_write(a, skc->d.elg.protect.blowfish.iv, 8 );
+ mpi_write_csum(a, (byte*)skc->d.elg.x, &skc->d.elg.calc_csum );
+ }
+ else { /* not protected */
+ assert( !skc->d.elg.is_protected );
+ mpi_encode_csum(a, skc->d.elg.x, &skc->d.elg.calc_csum );
+ }
+
+ write_16(a, skc->d.elg.calc_csum );
+ }
+ else if( skc->pubkey_algo == PUBKEY_ALGO_RSA ) {
mpi_encode(a, skc->d.rsa.rsa_n );
mpi_encode(a, skc->d.rsa.rsa_e );
iobuf_put(a, skc->d.rsa.protect_algo );
@@ -240,7 +264,11 @@ do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc )
write_32(a, enc->keyid[0] );
write_32(a, enc->keyid[1] );
iobuf_put(a,enc->pubkey_algo );
- if( enc->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ if( enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ mpi_encode(a, enc->d.elg.a );
+ mpi_encode(a, enc->d.elg.b );
+ }
+ else if( enc->pubkey_algo == PUBKEY_ALGO_RSA ) {
mpi_encode(a, enc->d.rsa.rsa_integer );
}
else {
@@ -342,7 +370,14 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
write_32(a, sig->keyid[0] );
write_32(a, sig->keyid[1] );
iobuf_put(a, sig->pubkey_algo );
- if( sig->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ iobuf_put(a, sig->d.elg.digest_algo );
+ iobuf_put(a, sig->d.elg.digest_start[0] );
+ iobuf_put(a, sig->d.elg.digest_start[1] );
+ mpi_encode(a, sig->d.elg.a );
+ mpi_encode(a, sig->d.elg.b );
+ }
+ else if( sig->pubkey_algo == PUBKEY_ALGO_RSA ) {
iobuf_put(a, sig->d.rsa.digest_algo );
iobuf_put(a, sig->d.rsa.digest_start[0] );
iobuf_put(a, sig->d.rsa.digest_start[1] );
diff --git a/g10/checksig.c b/g10/checksig.c
deleted file mode 100644
index 7f00d5801..000000000
--- a/g10/checksig.c
+++ /dev/null
@@ -1,96 +0,0 @@
-/* checksig.c - check a signature
- * Copyright (c) 1997 by Werner Koch (dd9jn)
- *
- * This file is part of G10.
- *
- * G10 is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * G10 is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
- */
-
-#include <config.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "packet.h"
-#include "iobuf.h"
-#include "memory.h"
-#include "util.h"
-#include "cipher.h"
-
-static void
-usage(void)
-{
- fprintf(stderr, "usage: checksig textfile sigfile\n");
- exit(1);
-}
-
-
-int
-main(int argc, char **argv)
-{
- IOBUF a;
- PACKET pkt;
- PKT_signature *sig;
- int rc, result, c;
- FILE *fp;
- MD5HANDLE md5;
-
- if( argc != 3 )
- usage();
- argc--; argv++;
-
-
- if( !(a = iobuf_open(argv[1])) )
- log_fatal("can't open '%s'\n", argv[1]);
-
- init_packet(&pkt);
- while( (rc=parse_packet(a, &pkt)) != -1 ) {
- if( !rc && pkt.pkttype == PKT_SECKEY_ENC ) {
- sig = pkt.pkt.signature;
- printf("sig: keyid=%08lX%08lX: ", sig->keyid[0], sig->keyid[1] );
- if( sig->pubkey_algo == PUBKEY_ALGO_RSA ) {
- if( sig->d.rsa.digest_algo == DIGEST_ALGO_MD5 ) {
- if( !(fp = fopen(*argv, "rb")) )
- log_fatal("can't open '%s'\n", *argv);
- md5 = md5_open(0);
- while( (c=getc(fp)) != EOF )
- md5_putchar(md5, c );
- fclose(fp);
- result = md5_signature_check( sig, md5 );
- md5_close(md5);
- }
- else
- result = G10ERR_DIGEST_ALGO;
- }
- else
- result = G10ERR_PUBKEY_ALGO;
-
- if( !result )
- fputs( "signature is good", stdout );
- else if( result == G10ERR_DIGEST_ALGO )
- printf( "Unknown digest algorithm %d", sig->d.rsa.digest_algo);
- else if( result == G10ERR_PUBKEY_ALGO )
- printf( "Unknown pubkey algorithm %d", sig->pubkey_algo);
- else
- fputs( g10_errstr(result), stdout);
- putchar('\n');
- }
- free_packet(&pkt);
- }
-
- iobuf_close(a);
- return 0;
-}
-
-
diff --git a/g10/encode.c b/g10/encode.c
index 9ef2c1099..eb4875de9 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -226,10 +226,35 @@ encode_crypt( const char *filename, STRLIST remusr )
/* build the pubkey packet */
enc = m_alloc_clear( sizeof *enc );
enc->pubkey_algo = pkc->pubkey_algo;
- if( enc->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ if( enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ ELG_public_key pkey;
+ MPI frame;
+
+ enc->d.elg.a = mpi_alloc( mpi_get_nlimbs(pkc->d.elg.p) );
+ enc->d.elg.b = mpi_alloc( mpi_get_nlimbs(pkc->d.elg.p) );
+ keyid_from_pkc( pkc, enc->keyid );
+ frame = encode_session_key( cfx.dek, mpi_get_nbits(pkc->d.elg.p) );
+ pkey.p = pkc->d.elg.p;
+ pkey.g = pkc->d.elg.g;
+ pkey.y = pkc->d.elg.y;
+ if( DBG_CIPHER )
+ log_mpidump("Plain DEK frame: ", frame);
+ elg_encipher( enc->d.elg.a, enc->d.elg.b, frame, &pkey);
+ mpi_free( frame );
+ if( DBG_CIPHER ) {
+ log_mpidump("Encry DEK a: ", enc->d.elg.a );
+ log_mpidump(" DEK b: ", enc->d.elg.b );
+ }
+ if( opt.verbose ) {
+ ustr = get_user_id_string( enc->keyid );
+ log_info("ElGamal enciphered for: %s\n", ustr );
+ m_free(ustr);
+ }
+ }
+ else if( enc->pubkey_algo == PUBKEY_ALGO_RSA ) {
RSA_public_key pkey;
- mpi_get_keyid( pkc->d.rsa.rsa_n, enc->keyid );
+ keyid_from_pkc( pkc, enc->keyid );
enc->d.rsa.rsa_integer = encode_session_key( cfx.dek,
mpi_get_nbits(pkc->d.rsa.rsa_n) );
pkey.n = pkc->d.rsa.rsa_n;
diff --git a/g10/free-packet.c b/g10/free-packet.c
index 7d6eb4aaa..3103ee49e 100644
--- a/g10/free-packet.c
+++ b/g10/free-packet.c
@@ -35,22 +35,39 @@
void
free_pubkey_enc( PKT_pubkey_enc *enc )
{
- mpi_free( enc->d.rsa.rsa_integer );
+ if( enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ mpi_free( enc->d.elg.a );
+ mpi_free( enc->d.elg.b );
+ }
+ else if( enc->pubkey_algo == PUBKEY_ALGO_RSA )
+ mpi_free( enc->d.rsa.rsa_integer );
m_free(enc);
}
void
free_seckey_enc( PKT_signature *enc )
{
- mpi_free( enc->d.rsa.rsa_integer );
+ if( enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ mpi_free( enc->d.elg.a );
+ mpi_free( enc->d.elg.b );
+ }
+ else if( enc->pubkey_algo == PUBKEY_ALGO_RSA )
+ mpi_free( enc->d.rsa.rsa_integer );
m_free(enc);
}
void
free_pubkey_cert( PKT_pubkey_cert *cert )
{
- mpi_free( cert->d.rsa.rsa_n );
- mpi_free( cert->d.rsa.rsa_e );
+ if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ mpi_free( cert->d.elg.p );
+ mpi_free( cert->d.elg.g );
+ mpi_free( cert->d.elg.y );
+ }
+ else if( cert->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ mpi_free( cert->d.rsa.rsa_n );
+ mpi_free( cert->d.rsa.rsa_e );
+ }
md5_close( cert->mfx.md5 );
rmd160_close( cert->mfx.rmd160 );
m_free(cert);
@@ -62,8 +79,15 @@ copy_pubkey_cert( PKT_pubkey_cert *d, PKT_pubkey_cert *s )
if( !d )
d = m_alloc(sizeof *d);
memcpy( d, s, sizeof *d );
- d->d.rsa.rsa_n = mpi_copy( s->d.rsa.rsa_n );
- d->d.rsa.rsa_e = mpi_copy( s->d.rsa.rsa_e );
+ if( s->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ d->d.elg.p = mpi_copy( s->d.elg.p );
+ d->d.elg.g = mpi_copy( s->d.elg.g );
+ d->d.elg.y = mpi_copy( s->d.elg.y );
+ }
+ else if( s->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ d->d.rsa.rsa_n = mpi_copy( s->d.rsa.rsa_n );
+ d->d.rsa.rsa_e = mpi_copy( s->d.rsa.rsa_e );
+ }
d->mfx.md5 = NULL;
d->mfx.rmd160 =NULL;
return d;
@@ -72,19 +96,30 @@ copy_pubkey_cert( PKT_pubkey_cert *d, PKT_pubkey_cert *s )
void
free_seckey_cert( PKT_seckey_cert *cert )
{
- mpi_free( cert->d.rsa.rsa_n );
- mpi_free( cert->d.rsa.rsa_e );
- if( cert->d.rsa.is_protected ) {
- m_free( cert->d.rsa.rsa_d );
- m_free( cert->d.rsa.rsa_p );
- m_free( cert->d.rsa.rsa_q );
- m_free( cert->d.rsa.rsa_u );
+ if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ mpi_free( cert->d.elg.p );
+ mpi_free( cert->d.elg.g );
+ mpi_free( cert->d.elg.y );
+ if( cert->d.rsa.is_protected )
+ m_free( cert->d.elg.x );
+ else
+ mpi_free( cert->d.elg.x );
}
- else {
- mpi_free( cert->d.rsa.rsa_d );
- mpi_free( cert->d.rsa.rsa_p );
- mpi_free( cert->d.rsa.rsa_q );
- mpi_free( cert->d.rsa.rsa_u );
+ else if( cert->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ mpi_free( cert->d.rsa.rsa_n );
+ mpi_free( cert->d.rsa.rsa_e );
+ if( cert->d.rsa.is_protected ) {
+ m_free( cert->d.rsa.rsa_d );
+ m_free( cert->d.rsa.rsa_p );
+ m_free( cert->d.rsa.rsa_q );
+ m_free( cert->d.rsa.rsa_u );
+ }
+ else {
+ mpi_free( cert->d.rsa.rsa_d );
+ mpi_free( cert->d.rsa.rsa_p );
+ mpi_free( cert->d.rsa.rsa_q );
+ mpi_free( cert->d.rsa.rsa_u );
+ }
}
m_free(cert);
}
@@ -95,12 +130,20 @@ copy_seckey_cert( PKT_seckey_cert *d, PKT_seckey_cert *s )
if( !d )
d = m_alloc(sizeof *d);
memcpy( d, s, sizeof *d );
- d->d.rsa.rsa_n = mpi_copy( s->d.rsa.rsa_n );
- d->d.rsa.rsa_e = mpi_copy( s->d.rsa.rsa_e );
- d->d.rsa.rsa_d = mpi_copy( s->d.rsa.rsa_d );
- d->d.rsa.rsa_p = mpi_copy( s->d.rsa.rsa_p );
- d->d.rsa.rsa_q = mpi_copy( s->d.rsa.rsa_q );
- d->d.rsa.rsa_u = mpi_copy( s->d.rsa.rsa_u );
+ if( s->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ d->d.elg.p = mpi_copy( s->d.elg.p );
+ d->d.elg.g = mpi_copy( s->d.elg.g );
+ d->d.elg.y = mpi_copy( s->d.elg.y );
+ d->d.elg.x = mpi_copy( s->d.elg.x );
+ }
+ else if( s->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ d->d.rsa.rsa_n = mpi_copy( s->d.rsa.rsa_n );
+ d->d.rsa.rsa_e = mpi_copy( s->d.rsa.rsa_e );
+ d->d.rsa.rsa_d = mpi_copy( s->d.rsa.rsa_d );
+ d->d.rsa.rsa_p = mpi_copy( s->d.rsa.rsa_p );
+ d->d.rsa.rsa_q = mpi_copy( s->d.rsa.rsa_q );
+ d->d.rsa.rsa_u = mpi_copy( s->d.rsa.rsa_u );
+ }
return d;
}
diff --git a/g10/g10.c b/g10/g10.c
index 496fda348..5235d0f6e 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -220,7 +220,7 @@ main( int argc, char **argv )
case aPrimegen:
if( argc )
usage(1);
- mpi_print( stdout, generate_random_prime( pargs.r.ret_int ), 1);
+ mpi_print( stdout, generate_public_prime( pargs.r.ret_int ), 1);
putchar('\n');
break;
diff --git a/g10/getkey.c b/g10/getkey.c
index 8ca462210..4aea8e7ca 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -85,8 +85,9 @@ cache_pubkey_cert( PKT_pubkey_cert *pkc )
pkc_cache_entry_t ce;
u32 keyid[2];
- if( pkc->pubkey_algo == PUBKEY_ALGO_RSA ) {
- mpi_get_keyid( pkc->d.rsa.rsa_n, keyid );
+ if( pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL
+ || pkc->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ keyid_from_pkc( pkc, keyid );
}
else
return; /* don't know how to get the keyid */
@@ -252,13 +253,11 @@ get_pubkey_by_name( PKT_pubkey_cert *pkc, const char *name )
* Get a secret key and store it into skey
*/
int
-get_seckey( RSA_secret_key *skey, u32 *keyid )
+get_seckey( PKT_seckey_cert *skc, u32 *keyid )
{
int rc=0;
- PKT_seckey_cert skc;
- memset( &skc, 0, sizeof skc );
- if( !(rc=scan_secret_keyring( &skc, keyid, NULL, "../keys/secring.g10" ) ) )
+ if( !(rc=scan_secret_keyring( skc, keyid, NULL, "../keys/secring.g10" ) ) )
goto found;
/* fixme: look at other places */
goto leave;
@@ -267,22 +266,10 @@ get_seckey( RSA_secret_key *skey, u32 *keyid )
/* get the secret key (this may prompt for a passprase to
* unlock the secret key
*/
- if( (rc = check_secret_key( &skc )) )
- goto leave;
- if( skc.pubkey_algo != PUBKEY_ALGO_RSA ) {
- rc = G10ERR_PUBKEY_ALGO; /* unsupport algorithm */
+ if( (rc = check_secret_key( skc )) )
goto leave;
- }
- /* copy the stuff to SKEY. skey is then the owner */
- skey->e = skc.d.rsa.rsa_e;
- skey->n = skc.d.rsa.rsa_n;
- skey->p = skc.d.rsa.rsa_p;
- skey->q = skc.d.rsa.rsa_q;
- skey->d = skc.d.rsa.rsa_d;
- skey->u = skc.d.rsa.rsa_u;
leave:
- memset( &skc, 0, sizeof skc );
return rc;
}
@@ -357,8 +344,9 @@ scan_keyring( PKT_pubkey_cert *pkc, u32 *keyid,
}
else if( keyid && pkt.pkttype == PKT_PUBKEY_CERT ) {
switch( pkt.pkt.pubkey_cert->pubkey_algo ) {
+ case PUBKEY_ALGO_ELGAMAL:
case PUBKEY_ALGO_RSA:
- mpi_get_keyid( pkt.pkt.pubkey_cert->d.rsa.rsa_n , akeyid );
+ keyid_from_pkc( pkt.pkt.pubkey_cert, akeyid );
if( akeyid[0] == keyid[0] && akeyid[1] == keyid[1] ) {
copy_pubkey_cert( pkc, pkt.pkt.pubkey_cert );
found++;
@@ -406,8 +394,9 @@ scan_keyring( PKT_pubkey_cert *pkc, u32 *keyid,
log_error("Ooops: no pubkey for userid '%.*s'\n",
pkt.pkt.user_id->len, pkt.pkt.user_id->name);
else {
- if( last_pk->pubkey_algo == PUBKEY_ALGO_RSA ) {
- mpi_get_keyid( last_pk->d.rsa.rsa_n , akeyid );
+ if( last_pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL
+ || last_pk->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ keyid_from_pkc( last_pk, akeyid );
cache_user_id( pkt.pkt.user_id, akeyid );
}
cache_pubkey_cert( last_pk );
@@ -462,8 +451,9 @@ scan_secret_keyring( PKT_seckey_cert *skc, u32 *keyid,
}
else if( keyid && pkt.pkttype == PKT_SECKEY_CERT ) {
switch( pkt.pkt.seckey_cert->pubkey_algo ) {
+ case PUBKEY_ALGO_ELGAMAL:
case PUBKEY_ALGO_RSA:
- mpi_get_keyid( pkt.pkt.seckey_cert->d.rsa.rsa_n , akeyid );
+ keyid_from_skc( pkt.pkt.seckey_cert, akeyid );
if( akeyid[0] == keyid[0] && akeyid[1] == keyid[1] ) {
copy_seckey_cert( skc, pkt.pkt.seckey_cert );
found++;
@@ -510,9 +500,10 @@ scan_secret_keyring( PKT_seckey_cert *skc, u32 *keyid,
log_error("Ooops: no seckey for userid '%.*s'\n",
pkt.pkt.user_id->len, pkt.pkt.user_id->name);
else {
- if( last_pk->pubkey_algo == PUBKEY_ALGO_RSA ) {
- mpi_get_keyid( last_pk->d.rsa.rsa_n , akeyid );
- cache_user_id( pkt.pkt.user_id, akeyid );
+ if( last_pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL
+ || last_pk->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ keyid_from_skc( last_pk, akeyid );
+ cache_user_id( pkt.pkt.user_id, akeyid );
}
}
}
diff --git a/g10/keydb.h b/g10/keydb.h
index 62c6abe36..ae3aeb83f 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -22,6 +22,7 @@
#define G10_KEYDB_H
#include "types.h"
+#include "packet.h"
#include "cipher.h"
@@ -35,11 +36,13 @@ void cache_pubkey_cert( PKT_pubkey_cert *pkc );
void cache_user_id( PKT_user_id *uid, u32 *keyid );
int get_pubkey( PKT_pubkey_cert *pkc, u32 *keyid );
int get_pubkey_by_name( PKT_pubkey_cert *pkc, const char *name );
-int get_seckey( RSA_secret_key *skey, u32 *keyid );
+int get_seckey( PKT_seckey_cert *skc, u32 *keyid );
int get_seckey_by_name( PKT_seckey_cert *skc, const char *name );
char*get_user_id_string( u32 *keyid );
-
+/*-- keyid.c --*/
+u32 keyid_from_skc( PKT_seckey_cert *skc, u32 *keyid );
+u32 keyid_from_pkc( PKT_pubkey_cert *pkc, u32 *keyid );
diff --git a/g10/keygen.c b/g10/keygen.c
index 866824c1c..ff3715999 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -31,6 +31,13 @@
#include "ttyio.h"
#include "options.h"
+#if 0
+ #define TEST_ALGO 1
+ #define TEST_NBITS 256
+ #define TEST_UID "Karl Test"
+#endif
+
+
static int
answer_is_yes( const char *s )
{
@@ -62,6 +69,7 @@ write_uid( IOBUF out, const char *s )
}
+#ifdef HAVE_RSA_CIPHER
static int
gen_rsa(unsigned nbits, IOBUF pub_io, IOBUF sec_io)
{
@@ -114,6 +122,61 @@ gen_rsa(unsigned nbits, IOBUF pub_io, IOBUF sec_io)
free_packet(&pkt2);
return rc;
}
+#endif /*HAVE_RSA_CIPHER*/
+
+static int
+gen_elg(unsigned nbits, IOBUF pub_io, IOBUF sec_io)
+{
+ int rc;
+ PACKET pkt1, pkt2;
+ PKT_seckey_cert *skc;
+ PKT_pubkey_cert *pkc;
+ ELG_public_key pk;
+ ELG_secret_key sk;
+
+ elg_generate( &pk, &sk, nbits );
+
+ skc = m_alloc( sizeof *skc );
+ pkc = m_alloc( sizeof *pkc );
+ skc->timestamp = pkc->timestamp = make_timestamp();
+ skc->valid_days = pkc->valid_days = 0; /* fixme: make it configurable*/
+ skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_ELGAMAL;
+ memset(&pkc->mfx, 0, sizeof pkc->mfx);
+ pkc->d.elg.p = pk.p;
+ pkc->d.elg.g = pk.g;
+ pkc->d.elg.y = pk.y;
+ skc->d.elg.p = sk.p;
+ skc->d.elg.g = sk.g;
+ skc->d.elg.y = sk.y;
+ skc->d.elg.x = sk.x;
+
+ skc->d.elg.calc_csum = 0;
+ skc->d.elg.is_protected = 0; /* FIXME!!! */
+ skc->d.elg.protect_algo = 0; /* should be blowfish */
+ /*memcpy(skc->d.elg.protect.blowfish.iv,"12345678", 8);*/
+
+ init_packet(&pkt1);
+ pkt1.pkttype = PKT_PUBKEY_CERT;
+ pkt1.pkt.pubkey_cert = pkc;
+ init_packet(&pkt2);
+ pkt2.pkttype = PKT_SECKEY_CERT;
+ pkt2.pkt.seckey_cert = skc;
+
+ if( (rc = build_packet( pub_io, &pkt1 )) ) {
+ log_error("build pubkey_cert packet failed: %s\n", g10_errstr(rc) );
+ goto leave;
+ }
+ if( (rc = build_packet( sec_io, &pkt2 )) ) {
+ log_error("build seckey_cert packet failed: %s\n", g10_errstr(rc) );
+ goto leave;
+ }
+
+ leave:
+ free_packet(&pkt1);
+ free_packet(&pkt2);
+ return rc;
+}
+
/****************
@@ -130,19 +193,62 @@ generate_keypair()
IOBUF pub_io = NULL;
IOBUF sec_io = NULL;
int rc;
+ int algo;
+ const char *algo_name;
+ #ifndef TEST_ALGO
if( opt.batch || opt.answer_yes || opt.answer_no )
log_fatal("Key generation can only be used in interactive mode\n");
- tty_printf("About to generate a new keypair:\n"
+ tty_printf("Please select the algorithm to use:\n"
+ " (1) ElGamal is the suggested one.\n"
+ #ifdef HAVE_RSA_CIPHER
+ " (2) RSA cannot be used inthe U.S.\n"
+ #endif
+ );
+ #endif
+
+ for(;;) {
+ #ifdef TEST_ALGO
+ algo = TEST_ALGO;
+ #else
+ answer = tty_get("Your selection? (1,2) ");
+ tty_kill_prompt();
+ algo = *answer? atoi(answer): 1;
+ m_free(answer);
+ #endif
+ if( algo == 1 ) {
+ algo = PUBKEY_ALGO_ELGAMAL;
+ algo_name = "ElGamal";
+ break;
+ }
+ #ifdef HAVE_RSA_CIPHER
+ else if( algo == 2 ) {
+ algo = PUBKEY_ALGO_RSA;
+ algo_name = "RSA";
+ break;
+ }
+ #endif
+ }
+
+
+
+ tty_printf("About to generate a new %s keypair.\n"
+ #ifndef TEST_NBITS
" minimum keysize is 768 bits\n"
" default keysize is 1024 bits\n"
- " highest suggested keysize is 2048 bits\n" );
+ " highest suggested keysize is 2048 bits\n"
+ #endif
+ , algo_name );
for(;;) {
- answer = tty_get("What keysize do you want? (256) ");
+ #ifdef TEST_NBITS
+ nbits = TEST_NBITS;
+ #else
+ answer = tty_get("What keysize do you want? (1024) ");
tty_kill_prompt();
- nbits = *answer? atoi(answer): 256;
+ nbits = *answer? atoi(answer): 1024;
m_free(answer);
+ #endif
if( nbits < 128 ) /* FIXME: change this to 768 */
tty_printf("keysize too small; please select a larger one\n");
else if( nbits > 2048 ) {
@@ -167,6 +273,11 @@ generate_keypair()
nbits = ((nbits + 31) / 32) * 32;
tty_printf("rounded up to %u bits\n", nbits );
}
+
+ #ifdef TEST_UID
+ uid = m_alloc(strlen(TEST_UID)+1);
+ strcpy(uid, TEST_UID);
+ #else
tty_printf( "\nYou need a User-ID to identify your key; please use your name and your\n"
"email address in this suggested format:\n"
" \"Heinrich Heine <heinrichh@uni-duesseldorf.de>\n" );
@@ -189,6 +300,7 @@ generate_keypair()
m_free(answer);
}
}
+ #endif
/* now check wether we a are allowed to write the keyrings */
if( !(rc=overwrite_filep( pub_fname )) ) {
if( !(pub_io = iobuf_create( pub_fname )) )
@@ -226,7 +338,14 @@ generate_keypair()
write_comment( pub_io, "#public key created by G10 pre-release " VERSION );
write_comment( sec_io, "#secret key created by G10 pre-release " VERSION );
- gen_rsa(nbits, pub_io, sec_io);
+ if( algo == PUBKEY_ALGO_ELGAMAL )
+ gen_elg(nbits, pub_io, sec_io);
+ #ifdef HAVE_RSA_CIPHER
+ else if( algo == PUBKEY_ALGO_RSA )
+ gen_rsa(nbits, pub_io, sec_io);
+ #endif
+ else
+ log_bug(NULL);
write_uid(pub_io, uid );
write_uid(sec_io, uid );
m_free(uid);
diff --git a/g10/keyid.c b/g10/keyid.c
new file mode 100644
index 000000000..0e2dad93b
--- /dev/null
+++ b/g10/keyid.c
@@ -0,0 +1,88 @@
+/* keyid.c - jeyid and fingerprint handling
+ * Copyright (c) 1997 by Werner Koch (dd9jn)
+ *
+ * This file is part of G10.
+ *
+ * G10 is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * G10 is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <assert.h>
+#include "util.h"
+#include "main.h"
+#include "packet.h"
+#include "options.h"
+#include "mpi.h"
+#include "keydb.h"
+
+
+
+
+/****************
+ * Get the keyid from the secret key certificate and put it into keyid
+ * if this is not NULL. Return the 32 low bits of the keyid.
+ */
+u32
+keyid_from_skc( PKT_seckey_cert *skc, u32 *keyid )
+{
+ u32 lowbits;
+ u32 dummy_keyid[2];
+
+ if( !keyid )
+ keyid = dummy_keyid;
+
+ if( skc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ lowbits = mpi_get_keyid( skc->d.elg.y, keyid );
+ }
+ else if( skc->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ lowbits = mpi_get_keyid( skc->d.rsa.rsa_n, keyid );
+ }
+ else
+ log_bug(NULL);
+
+ return lowbits;
+}
+
+
+/****************
+ * Get the keyid from the public key certificate and put it into keyid
+ * if this is not NULL. Return the 32 low bits of the keyid.
+ */
+u32
+keyid_from_pkc( PKT_pubkey_cert *pkc, u32 *keyid )
+{
+ u32 lowbits;
+ u32 dummy_keyid[2];
+
+ if( !keyid )
+ keyid = dummy_keyid;
+
+ if( pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ lowbits = mpi_get_keyid( pkc->d.elg.y, keyid );
+ }
+ else if( pkc->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ lowbits = mpi_get_keyid( pkc->d.rsa.rsa_n, keyid );
+ }
+ else
+ log_bug(NULL);
+
+ return lowbits;
+}
+
+
diff --git a/g10/main.h b/g10/main.h
index 9d0f07a89..708563427 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -21,6 +21,11 @@
#define G10_MAIN_H
#include "types.h"
#include "iobuf.h"
+#include "cipher.h"
+
+#define DEFAULT_CIPHER_ALGO CIPHER_ALGO_BLOWFISH
+#define DEFAULT_PUBKEY_ALGO PUBKEY_ALGO_ELGAMAL
+#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_RMD160
/*-- encode.c --*/
int encode_symmetric( const char *filename );
@@ -37,4 +42,11 @@ void generate_keypair(void);
int overwrite_filep( const char *fname );
IOBUF open_outfile( const char *fname );
+/*-- seskey.c --*/
+void make_session_key( DEK *dek );
+MPI encode_session_key( DEK *dek, unsigned nbits );
+MPI encode_rmd160_value( byte *md, unsigned len, unsigned nbits );
+MPI encode_md5_value( byte *md, unsigned len, unsigned nbits );
+
+
#endif /*G10_MAIN_H*/
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 45cb8fbbd..6c7e32f3c 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -30,6 +30,7 @@
#include "cipher.h"
#include "keydb.h"
#include "filter.h"
+#include "main.h"
static int opt_list=1; /* and list the data packets to stdout */
@@ -122,8 +123,9 @@ proc_packets( IOBUF a )
puts(" (orphaned)");
}
if( pkt->pkc_parent ) {
- if( pkt->pkc_parent->pubkey_algo == PUBKEY_ALGO_RSA ) {
- mpi_get_keyid( pkt->pkc_parent->d.rsa.rsa_n, keyid );
+ if( pkt->pkc_parent->pubkey_algo == PUBKEY_ALGO_ELGAMAL
+ || pkt->pkc_parent->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ keyid_from_pkc( pkt->pkc_parent, keyid );
cache_user_id( pkt->pkt.user_id, keyid );
}
}
@@ -158,6 +160,30 @@ proc_packets( IOBUF a )
result = -1;
printstr(lvl0, "sig: from %s\n", ustr );
}
+ else if(sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ md_handle.algo = sig->d.elg.digest_algo;
+ if( sig->d.elg.digest_algo == DIGEST_ALGO_RMD160 ) {
+ if( sig->sig_class == 0x00 )
+ md_handle.u.rmd = rmd160_copy( mfx.rmd160 );
+ else {
+ md_handle.u.rmd = rmd160_copy(pkt->pkc_parent->mfx.rmd160);
+ rmd160_write(md_handle.u.rmd, pkt->user_parent->name,
+ pkt->user_parent->len);
+ }
+ result = signature_check( sig, md_handle );
+ rmd160_close(md_handle.u.rmd);
+ }
+ else if( sig->d.elg.digest_algo == DIGEST_ALGO_MD5
+ && sig->sig_class != 0x00 ) {
+ md_handle.u.md5 = md5_copy(pkt->pkc_parent->mfx.md5);
+ md5_write(md_handle.u.md5, pkt->user_parent->name,
+ pkt->user_parent->len);
+ result = signature_check( sig, md_handle );
+ md5_close(md_handle.u.md5);
+ }
+ else
+ result = G10ERR_DIGEST_ALGO;
+ }
else if(sig->pubkey_algo == PUBKEY_ALGO_RSA ) {
md_handle.algo = sig->d.rsa.digest_algo;
if( sig->d.rsa.digest_algo == DIGEST_ALGO_RMD160 ) {
@@ -204,7 +230,8 @@ proc_packets( IOBUF a )
enc = pkt->pkt.pubkey_enc;
printf("enc: encrypted by a pubkey with keyid %08lX\n",
enc->keyid[1] );
- if( enc->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ if( enc->pubkey_algo == PUBKEY_ALGO_ELGAMAL
+ || enc->pubkey_algo == PUBKEY_ALGO_RSA ) {
m_free(dek ); /* paranoid: delete a pending DEK */
dek = m_alloc_secure( sizeof *dek );
if( (result = get_session_key( enc, dek )) ) {
diff --git a/g10/packet.h b/g10/packet.h
index f57dce172..480fb54db 100644
--- a/g10/packet.h
+++ b/g10/packet.h
@@ -28,16 +28,22 @@
#include "filter.h"
-#define PKT_PUBKEY_ENC 1 /* public key encrypted packet */
-#define PKT_SIGNATURE 2 /* secret key encrypted packet */
-#define PKT_SECKEY_CERT 5 /* secret key certificate */
-#define PKT_PUBKEY_CERT 6 /* public key certificate */
-#define PKT_COMPR_DATA 8 /* compressed data packet */
-#define PKT_ENCR_DATA 9 /* conventional encrypted data */
-#define PKT_PLAINTEXT 11 /* plaintext data with filename and mode */
-#define PKT_RING_TRUST 12 /* keyring trust packet */
-#define PKT_USER_ID 13 /* user id packet */
-#define PKT_COMMENT 14 /* comment packet */
+#define PKT_PUBKEY_ENC 1 /* public key encrypted packet */
+#define PKT_SIGNATURE 2 /* secret key encrypted packet */
+#define PKT_SESSION_KEY 3 /* session key packet (OpenPGP)*/
+#define PKT_ONEPASS_SIG 4 /* one pass sig packet (OpenPGP)*/
+#define PKT_SECKEY_CERT 5 /* secret key certificate */
+#define PKT_PUBKEY_CERT 6 /* public key certificate */
+#define PKT_SECKEY_SUBCERT 7 /* secret subkey certificate (OpenPGP) */
+#define PKT_COMPR_DATA 8 /* compressed data packet */
+#define PKT_ENCR_DATA 9 /* conventional encrypted data */
+#define PKT_MARKER 10 /* marker packet (OpenPGP) */
+#define PKT_PLAINTEXT 11 /* plaintext data with filename and mode */
+#define PKT_RING_TRUST 12 /* keyring trust packet */
+#define PKT_USER_ID 13 /* user id packet */
+#define PKT_COMMENT 14 /* comment packet */
+#define PKT_PUBKEY_SUBCERT 14 /* subkey certificate (OpenPGP) */
+#define PKT_NEW_COMMENT 16 /* new comment packet (OpenPGP) */
typedef struct packet_struct PACKET;
@@ -48,6 +54,9 @@ typedef struct {
struct {
MPI rsa_integer; /* integer containing the DEK */
} rsa;
+ struct {
+ MPI a, b; /* integers with the enciphered DEK */
+ } elg;
} d;
} PKT_pubkey_enc;
@@ -60,10 +69,15 @@ typedef struct {
/* (PUBKEY_ALGO_xxx) */
union {
struct {
- byte digest_algo; /* algorithm used for digest (DIGEST_ALGO_xxxx) */
+ byte digest_algo; /* algorithm used for digest (DIGEST_ALGO_xxxx) */
byte digest_start[2]; /* first 2 byte of the digest */
- MPI rsa_integer; /* the encrypted digest */
+ MPI rsa_integer; /* the encrypted digest */
} rsa;
+ struct {
+ byte digest_algo; /* algorithm used for digest (DIGEST_ALGO_xxxx) */
+ byte digest_start[2]; /* first 2 byte of the digest */
+ MPI a, b; /* integers with the digest */
+ } elg;
} d;
} PKT_signature;
@@ -78,6 +92,11 @@ typedef struct {
MPI rsa_n; /* public modulus */
MPI rsa_e; /* public exponent */
} rsa;
+ struct {
+ MPI p; /* prime */
+ MPI g; /* group generator */
+ MPI y; /* g^x mod p */
+ } elg;
} d;
} PKT_pubkey_cert;
@@ -106,6 +125,24 @@ typedef struct {
} blowfish;
} protect;
} rsa;
+ struct {
+ MPI p; /* prime */
+ MPI g; /* group generator */
+ MPI y; /* g^x mod p */
+ MPI x; /* secret exponent */
+ u16 csum; /* checksum */
+ u16 calc_csum; /* and a place to store the calculated csum */
+ byte is_protected; /* The above infos are protected and must */
+ /* be deciphered before use */
+ byte protect_algo; /* cipher used to protect the secret informations*/
+ union { /* information for the protection */
+ struct {
+ byte iv[8]; /* initialization vector for CFB mode */
+ /* when protected, the MPIs above are pointers
+ * to plain storage */
+ } blowfish;
+ } protect;
+ } elg;
} d;
} PKT_seckey_cert;
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 35fc6d766..569657c29 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -148,6 +148,7 @@ parse_packet( IOBUF inp, PACKET *pkt )
rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt );
break;
case PKT_SECKEY_CERT:
+ case PKT_SECKEY_SUBCERT:
pkt->pkt.seckey_cert = m_alloc_clear(sizeof *pkt->pkt.seckey_cert );
rc = parse_certificate(inp, pkttype, pktlen, hdr, hdrlen, pkt );
break;
@@ -230,7 +231,19 @@ parse_publickey( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
if( list_mode )
printf(":public key packet: keyid %08lX%08lX\n",
k->keyid[0], k->keyid[1]);
- if( k->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ if( k->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ n = pktlen;
+ k->d.elg.a = mpi_decode(inp, &n ); pktlen -=n;
+ k->d.elg.b = mpi_decode(inp, &n ); pktlen -=n;
+ if( list_mode ) {
+ printf("\telg a: ");
+ mpi_print(stdout, k->d.elg.a, mpi_print_mode );
+ printf("\n\telg b: ");
+ mpi_print(stdout, k->d.elg.b, mpi_print_mode );
+ putchar('\n');
+ }
+ }
+ else if( k->pubkey_algo == PUBKEY_ALGO_RSA ) {
n = pktlen;
k->d.rsa.rsa_integer = mpi_decode(inp, &n ); pktlen -=n;
if( list_mode ) {
@@ -276,7 +289,29 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
"\tversion %d, created %lu, md5len %d, sigclass %02x\n",
sig->keyid[0], sig->keyid[1],
version, sig->timestamp, md5_len, sig->sig_class );
- if( sig->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ if( sig->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ if( pktlen < 5 ) {
+ log_error("packet(%d) too short\n", pkttype);
+ goto leave;
+ }
+ sig->d.elg.digest_algo = iobuf_get_noeof(inp); pktlen--;
+ sig->d.elg.digest_start[0] = iobuf_get_noeof(inp); pktlen--;
+ sig->d.elg.digest_start[1] = iobuf_get_noeof(inp); pktlen--;
+ n = pktlen;
+ sig->d.elg.a = mpi_decode(inp, &n ); pktlen -=n;
+ sig->d.elg.b = mpi_decode(inp, &n ); pktlen -=n;
+ if( list_mode ) {
+ printf("\tdigest algo %d, begin of digest %02x %02x\n",
+ sig->d.elg.digest_algo,
+ sig->d.elg.digest_start[0], sig->d.elg.digest_start[1] );
+ printf("\telg a: ");
+ mpi_print(stdout, sig->d.elg.a, mpi_print_mode );
+ printf("\n\telg b: ");
+ mpi_print(stdout, sig->d.elg.a, mpi_print_mode );
+ putchar('\n');
+ }
+ }
+ else if( sig->pubkey_algo == PUBKEY_ALGO_RSA ) {
if( pktlen < 5 ) {
log_error("packet(%d) too short\n", pkttype);
goto leave;
@@ -315,7 +350,7 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
unsigned n;
unsigned long timestamp;
unsigned short valid_period;
- MPI rsa_pub_mod, rsa_pub_exp;
+ int is_v4=0;
if( pkttype == PKT_PUBKEY_CERT ) {
pkt->pkt.pubkey_cert->mfx.md5 = md5_open(0);
@@ -331,13 +366,18 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
goto leave;
}
version = iobuf_get_noeof(inp); pktlen--;
- if( version != 2 && version != 3 ) {
+ if( version == 4 )
+ is_v4=1;
+ else if( version != 2 && version != 3 ) {
log_error("packet(%d) with unknown version %d\n", pkttype, version);
goto leave;
}
timestamp = read_32(inp); pktlen -= 4;
- valid_period = read_16(inp); pktlen -= 2;
+ if( is_v4 )
+ valid_period = 0;
+ else
+ valid_period = read_16(inp); pktlen -= 2;
algorithm = iobuf_get_noeof(inp); pktlen--;
if( list_mode )
printf(":%s key certification packet:\n"
@@ -355,7 +395,76 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
pkt->pkt.pubkey_cert->pubkey_algo = algorithm;
}
- if( algorithm == PUBKEY_ALGO_RSA ) {
+ if( algorithm == PUBKEY_ALGO_ELGAMAL ) {
+ MPI elg_p, elg_g, elg_y;
+ n = pktlen; elg_p = mpi_decode(inp, &n ); pktlen -=n;
+ n = pktlen; elg_g = mpi_decode(inp, &n ); pktlen -=n;
+ n = pktlen; elg_y = mpi_decode(inp, &n ); pktlen -=n;
+ if( list_mode ) {
+ printf( "\telg p: ");
+ mpi_print(stdout, elg_p, mpi_print_mode );
+ printf("\n\telg g: ");
+ mpi_print(stdout, elg_g, mpi_print_mode );
+ printf("\n\telg y: ");
+ mpi_print(stdout, elg_y, mpi_print_mode );
+ putchar('\n');
+ }
+ if( pkttype == PKT_PUBKEY_CERT ) {
+ pkt->pkt.pubkey_cert->d.elg.p = elg_p;
+ pkt->pkt.pubkey_cert->d.elg.g = elg_g;
+ pkt->pkt.pubkey_cert->d.elg.y = elg_y;
+ }
+ else {
+ PKT_seckey_cert *cert = pkt->pkt.seckey_cert;
+ byte temp[8];
+ byte *mpibuf;
+
+ pkt->pkt.seckey_cert->d.elg.p = elg_p;
+ pkt->pkt.seckey_cert->d.elg.g = elg_g;
+ pkt->pkt.seckey_cert->d.elg.y = elg_y;
+ cert->d.elg.protect_algo = iobuf_get_noeof(inp); pktlen--;
+ if( list_mode )
+ printf( "\tprotect algo: %d\n", cert->d.elg.protect_algo);
+ if( cert->d.elg.protect_algo ) {
+ cert->d.elg.is_protected = 1;
+ for(i=0; i < 8 && pktlen; i++, pktlen-- )
+ temp[i] = iobuf_get_noeof(inp);
+ if( list_mode ) {
+ printf( "\tprotect IV: ");
+ for(i=0; i < 8; i++ )
+ printf(" %02x", temp[i] );
+ putchar('\n');
+ }
+ if( cert->d.elg.protect_algo == CIPHER_ALGO_BLOWFISH )
+ memcpy(cert->d.elg.protect.blowfish.iv, temp, 8 );
+ }
+ else
+ cert->d.elg.is_protected = 0;
+
+ n = pktlen; mpibuf = mpi_read(inp, &n ); pktlen -=n; assert(n>=2);
+ cert->d.elg.x = (MPI)mpibuf;
+
+ cert->d.elg.csum = read_16(inp); pktlen -= 2;
+ cert->d.elg.calc_csum = 0;
+ if( list_mode ) {
+ printf("\t[secret value x is not shown]\n"
+ "\tchecksum: %04hx\n", cert->d.elg.csum);
+ }
+ if( !cert->d.elg.is_protected ) { /* convert buffer to MPIs */
+ mpibuf = (byte*)cert->d.elg.x;
+ cert->d.elg.calc_csum += checksum( mpibuf );
+ cert->d.elg.x = mpi_decode_buffer( mpibuf );
+ m_free( mpibuf );
+ log_mpidump("elg p=", cert->d.elg.p );
+ log_mpidump("elg g=", cert->d.elg.g );
+ log_mpidump("elg y=", cert->d.elg.y );
+ log_mpidump("elg x=", cert->d.elg.x );
+ }
+ }
+ }
+ else if( algorithm == PUBKEY_ALGO_RSA ) {
+ MPI rsa_pub_mod, rsa_pub_exp;
+
n = pktlen; rsa_pub_mod = mpi_decode(inp, &n ); pktlen -=n;
n = pktlen; rsa_pub_exp = mpi_decode(inp, &n ); pktlen -=n;
if( list_mode ) {
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 93bdff9da..58da1aef8 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -39,24 +39,50 @@ int
get_session_key( PKT_pubkey_enc *k, DEK *dek )
{
int i, j, c, rc = 0;
- RSA_secret_key *skey = m_alloc_secure( sizeof *skey );
MPI dek_frame = mpi_alloc_secure(40);
u16 csum, csum2;
+ PKT_seckey_cert *skc = m_alloc_clear( sizeof *skc );
- if( k->pubkey_algo != PUBKEY_ALGO_RSA ) {
- rc = G10ERR_PUBKEY_ALGO; /* unsupported algorithm */
+ skc->pubkey_algo = k->pubkey_algo; /* we want a pubkey with this algo*/
+ if( (rc = get_seckey( skc, k->keyid )) )
goto leave;
+
+ if( k->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ ELG_secret_key skey;
+
+ if( DBG_CIPHER ) {
+ log_mpidump("Encr DEK a:", k->d.elg.a );
+ log_mpidump(" DEK b:", k->d.elg.b );
+ }
+ skey.p = skc->d.elg.p;
+ skey.g = skc->d.elg.g;
+ skey.y = skc->d.elg.y;
+ skey.x = skc->d.elg.x;
+ elg_decipher( dek_frame, k->d.elg.a, k->d.elg.b, &skey );
+ memset( &skey, 0, sizeof skey );
}
+ else if( k->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ RSA_secret_key skey;
- /* get the secret key for the given public key
- * and decode the rsa_integer
- */
- if( (rc = get_seckey( skey, k->keyid )) )
+ if( DBG_CIPHER )
+ log_mpidump("Encr DEK frame:", k->d.rsa.rsa_integer );
+
+ skey.e = skc->d.rsa.rsa_e;
+ skey.n = skc->d.rsa.rsa_n;
+ skey.p = skc->d.rsa.rsa_p;
+ skey.q = skc->d.rsa.rsa_q;
+ skey.d = skc->d.rsa.rsa_d;
+ skey.u = skc->d.rsa.rsa_u;
+ rsa_secret( dek_frame, k->d.rsa.rsa_integer, &skey );
+ memset( &skey, 0, sizeof skey );
+ }
+ else {
+ rc = G10ERR_PUBKEY_ALGO; /* unsupported algorithm */
goto leave;
+ }
+ free_seckey_cert( skc ); skc = NULL;
+
- if( DBG_CIPHER )
- log_mpidump("Encr DEK frame:", k->d.rsa.rsa_integer );
- rsa_secret( dek_frame, k->d.rsa.rsa_integer, skey );
/* Now get the DEK (data encryption key) from the dek_frame
*
* Old versions encode the DEK in in this format (msb is left):
@@ -87,7 +113,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
}
if( c != 2 ) /* somethink is wrong */
{ rc = G10ERR_WRONG_SECKEY; goto leave; }
- /* look for the zeor byte */
+ /* look for the zero byte */
for(i--; i > 4 ; i-- )
if( !mpi_getbyte(dek_frame,i) )
break;
@@ -95,10 +121,10 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
{ rc = G10ERR_WRONG_SECKEY; goto leave; }
/* next byte indicates the used cipher */
switch( mpi_getbyte(dek_frame, --i ) ) {
- case 1:
+ case CIPHER_ALGO_IDEA:
rc = G10ERR_NI_CIPHER;
goto leave;
- case 42:
+ case CIPHER_ALGO_BLOWFISH:
if( i != 22 ) /* length of blowfish is 20 (+2 bytes checksum) */
{ rc = G10ERR_WRONG_SECKEY; goto leave; }
dek->algo = CIPHER_ALGO_BLOWFISH;
@@ -122,7 +148,8 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
leave:
mpi_free(dek_frame);
- m_free(skey);
+ if( skc )
+ free_seckey_cert( skc );
return rc;
}
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index c103de5c7..4e1a384c2 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -30,6 +30,9 @@
#include "keydb.h"
#include "cipher.h"
+#if BLOWFISH_BLOCKSIZE != 8
+ #error unsupportted blocksize
+#endif
static u16
checksum( byte *p )
@@ -44,11 +47,9 @@ checksum( byte *p )
}
-/****************
- * Check the secret key certificate
- */
-int
-check_secret_key( PKT_seckey_cert *cert )
+
+static int
+check_elg( PKT_seckey_cert *cert )
{
byte iv[8];
byte *mpibuf;
@@ -56,13 +57,73 @@ check_secret_key( PKT_seckey_cert *cert )
MPI temp_mpi;
int res;
u32 keyid[2];
+ ELG_secret_key skey;
-#if BLOWFISH_BLOCKSIZE != 8
- #error unsupportted blocksize
-#endif
+ if( cert->d.elg.is_protected ) { /* remove the protection */
+ DEK *dek = NULL;
+ BLOWFISH_context *blowfish_ctx=NULL;
+
+ switch( cert->d.elg.protect_algo ) {
+ case CIPHER_ALGO_NONE: log_bug(NULL); break;
+ case CIPHER_ALGO_BLOWFISH:
+ keyid_from_skc( cert, keyid );
+ dek = get_passphrase_hash( keyid, NULL );
+ m_free(dek); /* pw is in secure memory, so m_free() burns it */
+ memset( iv, 0, BLOWFISH_BLOCKSIZE );
+ blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
+ blowfish_setiv( blowfish_ctx, iv );
+ blowfish_decode_cfb( blowfish_ctx,
+ cert->d.elg.protect.blowfish.iv,
+ cert->d.elg.protect.blowfish.iv, 8 );
+ cert->d.elg.calc_csum = 0;
+ mpibuf = (byte*)cert->d.elg.x;
+ n = ((mpibuf[0] << 8) | mpibuf[1])-2;
+ blowfish_decode_cfb( blowfish_ctx, mpibuf+4, mpibuf+4, n );
+ cert->d.elg.calc_csum += checksum( mpibuf );
+ cert->d.elg.x = mpi_decode_buffer( mpibuf );
+ m_free( mpibuf );
+ m_free( blowfish_ctx );
+ cert->d.elg.is_protected = 0;
+ /* now let's see wether we have used the right passphrase */
+ if( cert->d.elg.calc_csum != cert->d.elg.csum )
+ return G10ERR_BAD_PASS;
- if( cert->pubkey_algo != PUBKEY_ALGO_RSA )
- return G10ERR_PUBKEY_ALGO; /* unsupport algorithm */
+ skey.p = cert->d.elg.p;
+ skey.g = cert->d.elg.g;
+ skey.y = cert->d.elg.y;
+ skey.x = cert->d.elg.x;
+ res = elg_check_secret_key( &skey );
+ memset( &skey, 0, sizeof skey );
+ if( !res )
+ return G10ERR_BAD_PASS;
+ break;
+
+ default:
+ return G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
+ }
+ }
+ /* must check the checksum here, because we didn't do it when
+ * parsing an unprotected certificate */
+ if( cert->d.elg.calc_csum != cert->d.elg.csum ) {
+ log_error("checksum in secret key certificate is wrong\n");
+ log_debug("stored csum=%04hx calculated csum=%04hx\n",
+ cert->d.elg.csum, cert->d.elg.calc_csum );
+ return G10ERR_CHECKSUM;
+ }
+ return 0;
+}
+
+
+#ifdef HAVE_RSA_CIPHER
+static int
+check_rsa( PKT_seckey_cert *cert )
+{
+ byte iv[8];
+ byte *mpibuf;
+ u16 n;
+ MPI temp_mpi;
+ int res;
+ u32 keyid[2];
if( cert->d.rsa.is_protected ) { /* remove the protection */
DEK *dek = NULL;
@@ -73,7 +134,7 @@ check_secret_key( PKT_seckey_cert *cert )
log_bug("unprotect seckey_cert is flagged protected\n");
break;
case CIPHER_ALGO_BLOWFISH:
- mpi_get_keyid( cert->d.rsa.rsa_n , keyid );
+ keyid_from_skc( cert, keyid );
dek = get_passphrase_hash( keyid, NULL );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
@@ -133,5 +194,24 @@ check_secret_key( PKT_seckey_cert *cert )
}
return 0;
}
+#endif /*HAVE_RSA_CIPHER*/
+
+
+
+/****************
+ * Check the secret key certificate
+ */
+int
+check_secret_key( PKT_seckey_cert *cert )
+{
+ if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL )
+ return check_elg( cert );
+ #ifdef HAVE_RSA_CIPHER
+ else if( cert->pubkey_algo == PUBKEY_ALGO_RSA )
+ return check_rsa( cert );
+ #endif
+ else
+ return G10ERR_PUBKEY_ALGO;
+}
diff --git a/g10/seskey.c b/g10/seskey.c
index 317623ec8..5e944760d 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -26,6 +26,7 @@
#include "util.h"
#include "cipher.h"
#include "mpi.h"
+#include "main.h"
@@ -73,7 +74,7 @@ encode_session_key( DEK *dek, unsigned nbits )
* 0 2 RND(n bytes) 0 A DEK(k bytes) CSUM(2 bytes)
*
* RND are non-zero random bytes.
- * A is the cipher algorithm ( 42 for Blowfish )
+ * A is the cipher algorithm
* DEK is the encryption key (session key) length k depends on the
* cipher algorithm (20 is used with blowfish).
* CSUM is the 16 bit checksum over the DEK
@@ -106,7 +107,7 @@ encode_session_key( DEK *dek, unsigned nbits )
MPI
encode_rmd160_value( byte *md, unsigned len, unsigned nbits )
{
- static byte asn[18] = /* stored reverse FIXME: need other values*/
+ static byte asn[18] = /* FIXME: need other values*/
{ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
int nframe = (nbits+7) / 8;
@@ -119,7 +120,7 @@ encode_rmd160_value( byte *md, unsigned len, unsigned nbits )
/* We encode the MD in this way:
*
- * 0 42 PAD(n bytes) 0 ASN(18 bytes) MD(20 bytes)
+ * 0 A PAD(n bytes) 0 ASN(18 bytes) MD(20 bytes)
*
* PAD consists of FF bytes.
*/
@@ -138,3 +139,43 @@ encode_rmd160_value( byte *md, unsigned len, unsigned nbits )
return frame;
}
+
+/****************
+ * Encode a md5 message digest of LEN bytes into NBITS.
+ * returns: A mpi with the session key (caller must free)
+ */
+MPI
+encode_md5_value( byte *md, unsigned len, unsigned nbits )
+{
+ static byte asn[18] =
+ { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
+ 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
+ int nframe = (nbits+7) / 8;
+ byte *p;
+ MPI frame;
+ int i,n,c;
+
+ if( (nbits % BITS_PER_MPI_LIMB) || nframe < 38 || len != 16 )
+ log_bug("can't encode a %d bit MD into a %d bits frame\n",len*8, nbits);
+
+ /* We encode the MD in this way:
+ *
+ * 0 A PAD(n bytes) 0 ASN(18 bytes) MD(16 bytes)
+ *
+ * PAD consists of FF bytes.
+ */
+ frame = mpi_alloc_secure( nframe / BYTES_PER_MPI_LIMB );
+ n = 0;
+ for(i=16-1; i >= 0; i--, n++ )
+ mpi_putbyte(frame, n, md[i] );
+ for( i=18-1; i >= 0; i--, n++ )
+ mpi_putbyte(frame, n, asn[i] );
+ mpi_putbyte(frame, n++, 0 );
+ while( n < nframe-2 )
+ mpi_putbyte(frame, n++, 0xff );
+ mpi_putbyte(frame, n++, DIGEST_ALGO_MD5 );
+ mpi_putbyte(frame, n++, 0 );
+ assert( n == nframe );
+ return frame;
+}
+
diff --git a/g10/sig-check.c b/g10/sig-check.c
index 75e800693..ff212585c 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -29,6 +29,7 @@
#include "mpi.h"
#include "keydb.h"
#include "cipher.h"
+#include "main.h"
/****************
@@ -40,7 +41,7 @@ int
signature_check( PKT_signature *sig, MD_HANDLE digest )
{
PKT_pubkey_cert *pkc = m_alloc_clear( sizeof *pkc );
- MPI result = mpi_alloc(35);
+ MPI result = NULL;
int rc=0, i, j, c, old_enc;
byte *dp;
@@ -50,162 +51,181 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
goto leave;
}
- if( pkc->pubkey_algo == PUBKEY_ALGO_RSA ) {
- RSA_public_key pkey;
- pkey.n = pkc->d.rsa.rsa_n;
- pkey.e = pkc->d.rsa.rsa_e;
- rsa_public( result, sig->d.rsa.rsa_integer, &pkey );
- }
- else {
- log_debug("signature_check: unsupported pubkey algo %d\n",
- pkc->pubkey_algo );
- rc = G10ERR_PUBKEY_ALGO;
- goto leave;
- }
-
+ if( pkc->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) {
+ ELG_public_key pkey;
- /* Now RESULT contains the deciphered session key.
- *
- * The session key is stored in different ways:
- *
- * Old versions encodes the digest in in this format (msb is left):
- *
- * 0 1 MD5(16 bytes) 0 PAD(n bytes) 1
- *
- * Later versions encodes the digest like this:
- *
- * 0 1 PAD(n bytes) 0 ASN(18 bytes) MD(16 bytes)
- *
- * RIPE MD 160 digests are encoded like this:
- *
- * 0 42 PAD(n bytes) 0 ASN(18 bytes) MD(20 bytes)
- *
- * FIXME: we should use another ASN!
- *
- * PAD consists of FF bytes.
- * ASN is here the constant: 3020300c06082a864886f70d020505000410
- */
- old_enc = 0;
- for(i=j=0; (c=mpi_getbyte(result, i)) != -1; i++ ) {
- if( !j ) {
- if( !i && c != 1 )
- break;
- else if( i && c == 0xff )
- ; /* skip the padding */
- else if( i && !c )
- j++;
- else
- break;
+ if( sig->d.elg.digest_algo == DIGEST_ALGO_RMD160 ) {
+ /* complete the digest */
+ rmd160_putchar( digest.u.rmd, sig->sig_class );
+ { u32 a = sig->timestamp;
+ rmd160_putchar( digest.u.rmd, (a >> 24) & 0xff );
+ rmd160_putchar( digest.u.rmd, (a >> 16) & 0xff );
+ rmd160_putchar( digest.u.rmd, (a >> 8) & 0xff );
+ rmd160_putchar( digest.u.rmd, a & 0xff );
+ }
+ dp = rmd160_final( digest.u.rmd );
+ result = encode_rmd160_value( dp, 20, mpi_get_nbits(pkc->d.elg.p));
}
- else if( ++j == 18 && c != 1 )
- break;
- else if( j == 19 && c == 0 ) {
- old_enc++;
- break;
+ else if( sig->d.rsa.digest_algo == DIGEST_ALGO_MD5 ) {
+ md5_putchar( digest.u.md5, sig->sig_class );
+ { u32 a = sig->timestamp;
+ md5_putchar( digest.u.md5, (a >> 24) & 0xff );
+ md5_putchar( digest.u.md5, (a >> 16) & 0xff );
+ md5_putchar( digest.u.md5, (a >> 8) & 0xff );
+ md5_putchar( digest.u.md5, a & 0xff );
+ }
+ md5_final( digest.u.md5 );
+ dp = md5_read( digest.u.md5 );
+ result = encode_md5_value( dp, 16, mpi_get_nbits(pkc->d.elg.p));
}
+ else {
+ rc = G10ERR_DIGEST_ALGO;
+ goto leave;
+ }
+
+ pkey.p = pkc->d.elg.p;
+ pkey.g = pkc->d.elg.g;
+ pkey.y = pkc->d.elg.y;
+ if( !elg_verify( sig->d.elg.a, sig->d.elg.b, result, &pkey ) )
+ rc = G10ERR_BAD_SIGN;
}
- if( old_enc ) {
- log_error("old encoding scheme is not supported\n");
- rc = G10ERR_GENERAL;
- goto leave;
- }
+ else if( pkc->pubkey_algo == PUBKEY_ALGO_RSA ) {
+ RSA_public_key pkey;
- if( sig->d.rsa.digest_algo == DIGEST_ALGO_RMD160 ) {
- static byte asn[18] = /* stored reverse FIXME: need other values*/
- { 0x10, 0x04, 0x00, 0x05, 0x05, 0x02, 0x0d, 0xf7, 0x86,
- 0x48, 0x86, 0x2a, 0x08, 0x06, 0x0c, 0x30, 0x20, 0x30 };
+ result = mpi_alloc(40);
+ pkey.n = pkc->d.rsa.rsa_n;
+ pkey.e = pkc->d.rsa.rsa_e;
+ rsa_public( result, sig->d.rsa.rsa_integer, &pkey );
- for(i=20,j=0; (c=mpi_getbyte(result, i)) != -1 && j < 18; i++, j++ )
- if( asn[j] != c )
+ old_enc = 0;
+ for(i=j=0; (c=mpi_getbyte(result, i)) != -1; i++ ) {
+ if( !j ) {
+ if( !i && c != 1 )
+ break;
+ else if( i && c == 0xff )
+ ; /* skip the padding */
+ else if( i && !c )
+ j++;
+ else
+ break;
+ }
+ else if( ++j == 18 && c != 1 )
break;
- if( j != 18 || c ) { /* ASN is wrong */
- rc = G10ERR_BAD_PUBKEY;
- goto leave;
- }
- for(i++; (c=mpi_getbyte(result, i)) != -1; i++ )
- if( c != 0xff )
+ else if( j == 19 && c == 0 ) {
+ old_enc++;
break;
- i++;
- if( c != DIGEST_ALGO_RMD160 || mpi_getbyte(result, i) ) {
- /* Padding or leading bytes in signature is wrong */
- rc = G10ERR_BAD_PUBKEY;
- goto leave;
+ }
}
- if( mpi_getbyte(result, 19) != sig->d.rsa.digest_start[0]
- || mpi_getbyte(result, 18) != sig->d.rsa.digest_start[1] ) {
- /* Wrong key used to check the signature */
- rc = G10ERR_BAD_PUBKEY;
+ if( old_enc ) {
+ log_error("old encoding scheme is not supported\n");
+ rc = G10ERR_GENERAL;
goto leave;
}
- /* complete the digest */
- rmd160_putchar( digest.u.rmd, sig->sig_class );
- { u32 a = sig->timestamp;
- rmd160_putchar( digest.u.rmd, (a >> 24) & 0xff );
- rmd160_putchar( digest.u.rmd, (a >> 16) & 0xff );
- rmd160_putchar( digest.u.rmd, (a >> 8) & 0xff );
- rmd160_putchar( digest.u.rmd, a & 0xff );
- }
- dp = rmd160_final( digest.u.rmd );
- for(i=19; i >= 0; i--, dp++ )
- if( mpi_getbyte( result, i ) != *dp ) {
- rc = G10ERR_BAD_SIGN;
+ if( sig->d.rsa.digest_algo == DIGEST_ALGO_RMD160 ) {
+ static byte asn[18] = /* stored reverse FIXME: need other values*/
+ { 0x10, 0x04, 0x00, 0x05, 0x05, 0x02, 0x0d, 0xf7, 0x86,
+ 0x48, 0x86, 0x2a, 0x08, 0x06, 0x0c, 0x30, 0x20, 0x30 };
+
+ for(i=20,j=0; (c=mpi_getbyte(result, i)) != -1 && j < 18; i++, j++ )
+ if( asn[j] != c )
+ break;
+ if( j != 18 || c ) { /* ASN is wrong */
+ rc = G10ERR_BAD_PUBKEY;
+ goto leave;
+ }
+ for(i++; (c=mpi_getbyte(result, i)) != -1; i++ )
+ if( c != 0xff )
+ break;
+ i++;
+ if( c != DIGEST_ALGO_RMD160 || mpi_getbyte(result, i) ) {
+ /* Padding or leading bytes in signature is wrong */
+ rc = G10ERR_BAD_PUBKEY;
+ goto leave;
+ }
+ if( mpi_getbyte(result, 19) != sig->d.rsa.digest_start[0]
+ || mpi_getbyte(result, 18) != sig->d.rsa.digest_start[1] ) {
+ /* Wrong key used to check the signature */
+ rc = G10ERR_BAD_PUBKEY;
goto leave;
}
- }
- else if( sig->d.rsa.digest_algo == DIGEST_ALGO_MD5 ) {
- static byte asn[18] = /* stored reverse */
- { 0x10, 0x04, 0x00, 0x05, 0x05, 0x02, 0x0d, 0xf7, 0x86,
- 0x48, 0x86, 0x2a, 0x08, 0x06, 0x0c, 0x30, 0x20, 0x30 };
- for(i=16,j=0; j < 18 && (c=mpi_getbyte(result, i)) != -1; i++, j++ )
- if( asn[j] != c )
- break;
- if( j != 18 || c ) { /* ASN is wrong */
- rc = G10ERR_BAD_PUBKEY;
- goto leave;
- }
- for(i++; (c=mpi_getbyte(result, i)) != -1; i++ )
- if( c != 0xff )
- break;
- i++;
- if( c != DIGEST_ALGO_MD5 || mpi_getbyte(result, i) ) {
- /* Padding or leading bytes in signature is wrong */
- rc = G10ERR_BAD_PUBKEY;
- goto leave;
- }
- if( mpi_getbyte(result, 15) != sig->d.rsa.digest_start[0]
- || mpi_getbyte(result, 14) != sig->d.rsa.digest_start[1] ) {
- /* Wrong key used to check the signature */
- rc = G10ERR_BAD_PUBKEY;
- goto leave;
+ /* complete the digest */
+ rmd160_putchar( digest.u.rmd, sig->sig_class );
+ { u32 a = sig->timestamp;
+ rmd160_putchar( digest.u.rmd, (a >> 24) & 0xff );
+ rmd160_putchar( digest.u.rmd, (a >> 16) & 0xff );
+ rmd160_putchar( digest.u.rmd, (a >> 8) & 0xff );
+ rmd160_putchar( digest.u.rmd, a & 0xff );
+ }
+ dp = rmd160_final( digest.u.rmd );
+ for(i=19; i >= 0; i--, dp++ )
+ if( mpi_getbyte( result, i ) != *dp ) {
+ rc = G10ERR_BAD_SIGN;
+ goto leave;
+ }
}
+ else if( sig->d.rsa.digest_algo == DIGEST_ALGO_MD5 ) {
+ static byte asn[18] = /* stored reverse */
+ { 0x10, 0x04, 0x00, 0x05, 0x05, 0x02, 0x0d, 0xf7, 0x86,
+ 0x48, 0x86, 0x2a, 0x08, 0x06, 0x0c, 0x30, 0x20, 0x30 };
- /* complete the digest */
- md5_putchar( digest.u.md5, sig->sig_class );
- { u32 a = sig->timestamp;
- md5_putchar( digest.u.md5, (a >> 24) & 0xff );
- md5_putchar( digest.u.md5, (a >> 16) & 0xff );
- md5_putchar( digest.u.md5, (a >> 8) & 0xff );
- md5_putchar( digest.u.md5, a & 0xff );
- }
- md5_final( digest.u.md5 );
- dp = md5_read( digest.u.md5 );
- for(i=15; i >= 0; i--, dp++ )
- if( mpi_getbyte( result, i ) != *dp ) {
- rc = G10ERR_BAD_SIGN;
+ for(i=16,j=0; j < 18 && (c=mpi_getbyte(result, i)) != -1; i++, j++ )
+ if( asn[j] != c )
+ break;
+ if( j != 18 || c ) { /* ASN is wrong */
+ rc = G10ERR_BAD_PUBKEY;
goto leave;
}
+ for(i++; (c=mpi_getbyte(result, i)) != -1; i++ )
+ if( c != 0xff )
+ break;
+ i++;
+ if( c != DIGEST_ALGO_MD5 || mpi_getbyte(result, i) ) {
+ /* Padding or leading bytes in signature is wrong */
+ rc = G10ERR_BAD_PUBKEY;
+ goto leave;
+ }
+ if( mpi_getbyte(result, 15) != sig->d.rsa.digest_start[0]
+ || mpi_getbyte(result, 14) != sig->d.rsa.digest_start[1] ) {
+ /* Wrong key used to check the signature */
+ rc = G10ERR_BAD_PUBKEY;
+ goto leave;
+ }
+
+ /* complete the digest */
+ md5_putchar( digest.u.md5, sig->sig_class );
+ { u32 a = sig->timestamp;
+ md5_putchar( digest.u.md5, (a >> 24) & 0xff );
+ md5_putchar( digest.u.md5, (a >> 16) & 0xff );
+ md5_putchar( digest.u.md5, (a >> 8) & 0xff );
+ md5_putchar( digest.u.md5, a & 0xff );
+ }
+ md5_final( digest.u.md5 );
+ dp = md5_read( digest.u.md5 );
+ for(i=15; i >= 0; i--, dp++ )
+ if( mpi_getbyte( result, i ) != *dp ) {
+ rc = G10ERR_BAD_SIGN;
+ goto leave;
+ }
+ }
+ else {
+ rc = G10ERR_DIGEST_ALGO;
+ goto leave;
+ }
}
else {
- rc = G10ERR_DIGEST_ALGO;
+ log_debug("signature_check: unsupported pubkey algo %d\n",
+ pkc->pubkey_algo );
+ rc = G10ERR_PUBKEY_ALGO;
goto leave;
}
+
leave:
- mpi_free( result );
if( pkc )
free_pubkey_cert( pkc );
+ mpi_free( result );
return rc;
}