3 * Read public or secret key.
5 * Copyright (c) 2005 Marko Kreen
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * $PostgreSQL: pgsql/contrib/pgcrypto/pgp-pubkey.c,v 1.5 2009/06/11 14:48:52 momjian Exp $
38 pgp_key_alloc(PGP_PubKey **pk_p)
42 pk = px_alloc(sizeof(*pk));
43 memset(pk, 0, sizeof(*pk));
49 pgp_key_free(PGP_PubKey *pk)
56 case PGP_PUB_ELG_ENCRYPT:
57 pgp_mpi_free(pk->pub.elg.p);
58 pgp_mpi_free(pk->pub.elg.g);
59 pgp_mpi_free(pk->pub.elg.y);
60 pgp_mpi_free(pk->sec.elg.x);
62 case PGP_PUB_RSA_SIGN:
63 case PGP_PUB_RSA_ENCRYPT:
64 case PGP_PUB_RSA_ENCRYPT_SIGN:
65 pgp_mpi_free(pk->pub.rsa.n);
66 pgp_mpi_free(pk->pub.rsa.e);
67 pgp_mpi_free(pk->sec.rsa.d);
68 pgp_mpi_free(pk->sec.rsa.p);
69 pgp_mpi_free(pk->sec.rsa.q);
70 pgp_mpi_free(pk->sec.rsa.u);
72 case PGP_PUB_DSA_SIGN:
73 pgp_mpi_free(pk->pub.dsa.p);
74 pgp_mpi_free(pk->pub.dsa.q);
75 pgp_mpi_free(pk->pub.dsa.g);
76 pgp_mpi_free(pk->pub.dsa.y);
77 pgp_mpi_free(pk->sec.dsa.x);
80 memset(pk, 0, sizeof(*pk));
85 calc_key_id(PGP_PubKey *pk)
93 res = pgp_load_digest(PGP_DIGEST_SHA1, &md);
100 case PGP_PUB_ELG_ENCRYPT:
101 len += 2 + pk->pub.elg.p->bytes;
102 len += 2 + pk->pub.elg.g->bytes;
103 len += 2 + pk->pub.elg.y->bytes;
105 case PGP_PUB_RSA_SIGN:
106 case PGP_PUB_RSA_ENCRYPT:
107 case PGP_PUB_RSA_ENCRYPT_SIGN:
108 len += 2 + pk->pub.rsa.n->bytes;
109 len += 2 + pk->pub.rsa.e->bytes;
111 case PGP_PUB_DSA_SIGN:
112 len += 2 + pk->pub.dsa.p->bytes;
113 len += 2 + pk->pub.dsa.q->bytes;
114 len += 2 + pk->pub.dsa.g->bytes;
115 len += 2 + pk->pub.dsa.y->bytes;
122 px_md_update(md, hdr, 3);
124 px_md_update(md, &pk->ver, 1);
125 px_md_update(md, pk->time, 4);
126 px_md_update(md, &pk->algo, 1);
130 case PGP_PUB_ELG_ENCRYPT:
131 pgp_mpi_hash(md, pk->pub.elg.p);
132 pgp_mpi_hash(md, pk->pub.elg.g);
133 pgp_mpi_hash(md, pk->pub.elg.y);
135 case PGP_PUB_RSA_SIGN:
136 case PGP_PUB_RSA_ENCRYPT:
137 case PGP_PUB_RSA_ENCRYPT_SIGN:
138 pgp_mpi_hash(md, pk->pub.rsa.n);
139 pgp_mpi_hash(md, pk->pub.rsa.e);
141 case PGP_PUB_DSA_SIGN:
142 pgp_mpi_hash(md, pk->pub.dsa.p);
143 pgp_mpi_hash(md, pk->pub.dsa.q);
144 pgp_mpi_hash(md, pk->pub.dsa.g);
145 pgp_mpi_hash(md, pk->pub.dsa.y);
149 px_md_finish(md, hash);
152 memcpy(pk->key_id, hash + 12, 8);
159 _pgp_read_public_key(PullFilter *pkt, PGP_PubKey **pk_p)
164 res = pgp_key_alloc(&pk);
169 GETBYTE(pkt, pk->ver);
172 res = PXE_PGP_NOT_V4_KEYPKT;
177 res = pullf_read_fixed(pkt, 4, pk->time);
181 /* pubkey algorithm */
182 GETBYTE(pkt, pk->algo);
186 case PGP_PUB_DSA_SIGN:
187 res = pgp_mpi_read(pkt, &pk->pub.dsa.p);
190 res = pgp_mpi_read(pkt, &pk->pub.dsa.q);
193 res = pgp_mpi_read(pkt, &pk->pub.dsa.g);
196 res = pgp_mpi_read(pkt, &pk->pub.dsa.y);
200 res = calc_key_id(pk);
203 case PGP_PUB_RSA_SIGN:
204 case PGP_PUB_RSA_ENCRYPT:
205 case PGP_PUB_RSA_ENCRYPT_SIGN:
206 res = pgp_mpi_read(pkt, &pk->pub.rsa.n);
209 res = pgp_mpi_read(pkt, &pk->pub.rsa.e);
213 res = calc_key_id(pk);
215 if (pk->algo != PGP_PUB_RSA_SIGN)
219 case PGP_PUB_ELG_ENCRYPT:
220 res = pgp_mpi_read(pkt, &pk->pub.elg.p);
223 res = pgp_mpi_read(pkt, &pk->pub.elg.g);
226 res = pgp_mpi_read(pkt, &pk->pub.elg.y);
230 res = calc_key_id(pk);
236 px_debug("unknown public algo: %d", pk->algo);
237 res = PXE_PGP_UNKNOWN_PUBALGO;
250 #define HIDE_CKSUM 255
251 #define HIDE_SHA1 254
254 check_key_sha1(PullFilter *src, PGP_PubKey *pk)
261 res = pullf_read_fixed(src, 20, got_sha1);
265 res = pgp_load_digest(PGP_DIGEST_SHA1, &md);
270 case PGP_PUB_ELG_ENCRYPT:
271 pgp_mpi_hash(md, pk->sec.elg.x);
273 case PGP_PUB_RSA_SIGN:
274 case PGP_PUB_RSA_ENCRYPT:
275 case PGP_PUB_RSA_ENCRYPT_SIGN:
276 pgp_mpi_hash(md, pk->sec.rsa.d);
277 pgp_mpi_hash(md, pk->sec.rsa.p);
278 pgp_mpi_hash(md, pk->sec.rsa.q);
279 pgp_mpi_hash(md, pk->sec.rsa.u);
281 case PGP_PUB_DSA_SIGN:
282 pgp_mpi_hash(md, pk->sec.dsa.x);
285 px_md_finish(md, my_sha1);
288 if (memcmp(my_sha1, got_sha1, 20) != 0)
290 px_debug("key sha1 check failed");
291 res = PXE_PGP_KEYPKT_CORRUPT;
294 memset(got_sha1, 0, 20);
295 memset(my_sha1, 0, 20);
300 check_key_cksum(PullFilter *src, PGP_PubKey *pk)
307 res = pullf_read_fixed(src, 2, buf);
311 got_cksum = ((unsigned) buf[0] << 8) + buf[1];
314 case PGP_PUB_ELG_ENCRYPT:
315 my_cksum = pgp_mpi_cksum(0, pk->sec.elg.x);
317 case PGP_PUB_RSA_SIGN:
318 case PGP_PUB_RSA_ENCRYPT:
319 case PGP_PUB_RSA_ENCRYPT_SIGN:
320 my_cksum = pgp_mpi_cksum(0, pk->sec.rsa.d);
321 my_cksum = pgp_mpi_cksum(my_cksum, pk->sec.rsa.p);
322 my_cksum = pgp_mpi_cksum(my_cksum, pk->sec.rsa.q);
323 my_cksum = pgp_mpi_cksum(my_cksum, pk->sec.rsa.u);
325 case PGP_PUB_DSA_SIGN:
326 my_cksum = pgp_mpi_cksum(0, pk->sec.dsa.x);
329 if (my_cksum != got_cksum)
331 px_debug("key cksum check failed");
332 return PXE_PGP_KEYPKT_CORRUPT;
338 process_secret_key(PullFilter *pkt, PGP_PubKey **pk_p,
339 const uint8 *key, int key_len)
346 PullFilter *pf_decrypt = NULL,
352 /* first read public key part */
353 res = _pgp_read_public_key(pkt, &pk);
358 * is secret key encrypted?
360 GETBYTE(pkt, hide_type);
361 if (hide_type == HIDE_SHA1 || hide_type == HIDE_CKSUM)
364 return PXE_PGP_NEED_SECRET_PSW;
365 GETBYTE(pkt, cipher_algo);
366 res = pgp_s2k_read(pkt, &s2k);
370 res = pgp_s2k_process(&s2k, cipher_algo, key, key_len);
374 bs = pgp_get_cipher_block_size(cipher_algo);
377 px_debug("unknown cipher algo=%d", cipher_algo);
378 return PXE_PGP_UNSUPPORTED_CIPHER;
380 res = pullf_read_fixed(pkt, bs, iv);
385 * create decrypt filter
387 res = pgp_cfb_create(&cfb, cipher_algo, s2k.key, s2k.key_len, 0, iv);
390 res = pullf_create(&pf_decrypt, &pgp_decrypt_filter, cfb, pkt);
395 else if (hide_type == HIDE_CLEAR)
401 px_debug("unknown hide type");
402 return PXE_PGP_KEYPKT_CORRUPT;
405 /* read secret key */
408 case PGP_PUB_RSA_SIGN:
409 case PGP_PUB_RSA_ENCRYPT:
410 case PGP_PUB_RSA_ENCRYPT_SIGN:
411 res = pgp_mpi_read(pkt, &pk->sec.rsa.d);
414 res = pgp_mpi_read(pkt, &pk->sec.rsa.p);
417 res = pgp_mpi_read(pkt, &pk->sec.rsa.q);
420 res = pgp_mpi_read(pkt, &pk->sec.rsa.u);
424 case PGP_PUB_ELG_ENCRYPT:
425 res = pgp_mpi_read(pf_key, &pk->sec.elg.x);
427 case PGP_PUB_DSA_SIGN:
428 res = pgp_mpi_read(pf_key, &pk->sec.dsa.x);
431 px_debug("unknown public algo: %d", pk->algo);
432 res = PXE_PGP_KEYPKT_CORRUPT;
434 /* read checksum / sha1 */
437 if (hide_type == HIDE_SHA1)
438 res = check_key_sha1(pf_key, pk);
440 res = check_key_cksum(pf_key, pk);
443 res = pgp_expect_packet_end(pf_key);
446 pullf_free(pf_decrypt);
459 internal_read_key(PullFilter *src, PGP_PubKey **pk_p,
460 const uint8 *psw, int psw_len, int pubtype)
462 PullFilter *pkt = NULL;
466 PGP_PubKey *enc_key = NULL;
467 PGP_PubKey *pk = NULL;
468 int got_main_key = 0;
471 * Search for encryption key.
473 * Error out on anything fancy.
477 res = pgp_parse_pkt_hdr(src, &tag, &len, 0);
480 res = pgp_create_pkt_reader(&pkt, src, len, res, NULL);
486 case PGP_PKT_PUBLIC_KEY:
487 case PGP_PKT_SECRET_KEY:
490 res = PXE_PGP_MULTIPLE_KEYS;
494 res = pgp_skip_packet(pkt);
497 case PGP_PKT_PUBLIC_SUBKEY:
499 res = PXE_PGP_EXPECT_SECRET_KEY;
501 res = _pgp_read_public_key(pkt, &pk);
504 case PGP_PKT_SECRET_SUBKEY:
506 res = PXE_PGP_EXPECT_PUBLIC_KEY;
508 res = process_secret_key(pkt, &pk, psw, psw_len);
511 case PGP_PKT_SIGNATURE:
514 case PGP_PKT_USER_ID:
515 case PGP_PKT_USER_ATTR:
516 case PGP_PKT_PRIV_61:
517 res = pgp_skip_packet(pkt);
520 px_debug("unknown/unexpected packet: %d", tag);
521 res = PXE_PGP_UNEXPECTED_PKT;
528 if (res >= 0 && pk->can_encrypt)
536 res = PXE_PGP_MULTIPLE_SUBKEYS;
554 pgp_key_free(enc_key);
559 res = PXE_PGP_NO_USABLE_KEY;
566 pgp_set_pubkey(PGP_Context *ctx, MBuf *keypkt,
567 const uint8 *key, int key_len, int pubtype)
571 PGP_PubKey *pk = NULL;
573 res = pullf_create_mbuf_reader(&src, keypkt);
577 res = internal_read_key(src, &pk, key, key_len, pubtype);
583 return res < 0 ? res : 0;