Module Name: src
Committed By: agc
Date: Sun Nov 7 06:56:53 UTC 2010
Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: crypto.c crypto.h
openssl_crypto.c packet-parse.c
Log Message:
Add Elgamal decryption to netpgp. Inspired by (BSD-licensed) the
Elgamal decryption code from Postgresql by Marko Kreen.
% cp config.h f
% netpgp -e f
netpgp: default key set to "d4a643c5"
% netpgp -d < f.gpg > f.netpgp
netpgp: default key set to "d4a643c5"
signature 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18]
Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5
uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <a...@netbsd.org>
encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES
2013-05-18]
netpgp passphrase:
% ls -al f*
-rw-r--r-- 1 agc agc 5730 Nov 6 23:53 f
-rw------- 1 agc agc 1727 Nov 6 23:53 f.gpg
-rw-r--r-- 1 agc agc 5730 Nov 6 23:54 f.netpgp
% diff f f.netpgp
%
This makes DSA keys into first class citizens, since encryption and
decryption using DSA/Elgamal is now supported.
To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c
cvs rdiff -u -r1.25 -r1.26 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h
cvs rdiff -u -r1.31 -r1.32 \
src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
cvs rdiff -u -r1.43 -r1.44 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.30 src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.31
--- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.30 Sun Nov 7 02:29:28 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Sun Nov 7 06:56:52 2010
@@ -54,7 +54,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: crypto.c,v 1.30 2010/11/07 02:29:28 agc Exp $");
+__RCSID("$NetBSD: crypto.c,v 1.31 2010/11/07 06:56:52 agc Exp $");
#endif
#include <sys/types.h>
@@ -86,12 +86,14 @@
int
__ops_decrypt_decode_mpi(uint8_t *buf,
unsigned buflen,
+ const BIGNUM *g_to_k,
const BIGNUM *encmpi,
const __ops_seckey_t *seckey)
{
unsigned mpisize;
uint8_t encmpibuf[NETPGP_BUFSIZ];
uint8_t mpibuf[NETPGP_BUFSIZ];
+ uint8_t gkbuf[NETPGP_BUFSIZ];
int i;
int n;
@@ -101,10 +103,9 @@
(void) fprintf(stderr, "mpisize too big %u\n", mpisize);
return -1;
}
- BN_bn2bin(encmpi, encmpibuf);
-
switch (seckey->pubkey.alg) {
case OPS_PKA_RSA:
+ BN_bn2bin(encmpi, encmpibuf);
if (__ops_get_debug_level(__FILE__)) {
hexdump(stderr, "encrypted", encmpibuf, 16);
}
@@ -143,12 +144,13 @@
return n - i;
case OPS_PKA_DSA:
case OPS_PKA_ELGAMAL:
- (void) fprintf(stderr, "XXX - preliminary support for DSA/Elgamal\n");
+ (void) BN_bn2bin(g_to_k, gkbuf);
+ (void) BN_bn2bin(encmpi, encmpibuf);
if (__ops_get_debug_level(__FILE__)) {
hexdump(stderr, "encrypted", encmpibuf, 16);
}
- n = __ops_elgamal_private_decrypt(mpibuf, encmpibuf,
- (unsigned)(BN_num_bits(encmpi) + 7) / 8,
+ n = __ops_elgamal_private_decrypt(mpibuf, gkbuf, encmpibuf,
+ (unsigned)BN_num_bytes(encmpi),
&seckey->key.elgamal, &seckey->pubkey.key.elgamal);
if (n == -1) {
(void) fprintf(stderr, "ops_elgamal_private_decrypt failure\n");
@@ -161,13 +163,15 @@
return -1;
}
/* Decode EME-PKCS1_V1_5 (RFC 2437). */
- if (mpibuf[0] != 0 || mpibuf[1] != 2) {
+ if (mpibuf[0] != 2) {
+ fprintf(stderr, "mpibuf mismatch\n");
return -1;
}
/* Skip the random bytes. */
- for (i = 2; i < n && mpibuf[i]; ++i) {
+ for (i = 1; i < n && mpibuf[i]; ++i) {
}
if (i == n || i < 10) {
+ fprintf(stderr, "175 n %d\n", n);
return -1;
}
/* Skip the zero */
Index: src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.25 src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.26
--- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.25 Sun Nov 7 02:29:28 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Sun Nov 7 06:56:52 2010
@@ -131,7 +131,7 @@
int __ops_elgamal_public_encrypt(uint8_t *, uint8_t *, const uint8_t *, size_t,
const __ops_elgamal_pubkey_t *);
-int __ops_elgamal_private_decrypt(uint8_t *, const uint8_t *, size_t,
+int __ops_elgamal_private_decrypt(uint8_t *, const uint8_t *, const uint8_t *, size_t,
const __ops_elgamal_seckey_t *, const __ops_elgamal_pubkey_t *);
__ops_symm_alg_t __ops_str_to_cipher(const char *);
@@ -159,7 +159,8 @@
void __ops_reader_pop_hash(__ops_stream_t *);
int __ops_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *,
- const __ops_seckey_t *);
+ const BIGNUM *, const __ops_seckey_t *);
+
unsigned __ops_rsa_encrypt_mpi(const uint8_t *, const size_t,
const __ops_pubkey_t *,
__ops_pk_sesskey_params_t *);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.31 src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.32
--- src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.31 Sun Nov 7 02:29:28 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Sun Nov 7 06:56:52 2010
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: openssl_crypto.c,v 1.31 2010/11/07 02:29:28 agc Exp $");
+__RCSID("$NetBSD: openssl_crypto.c,v 1.32 2010/11/07 06:56:52 agc Exp $");
#endif
#ifdef HAVE_OPENSSL_DSA_H
@@ -917,7 +917,7 @@
BIGNUM *c2;
BN_CTX *tmp;
- m = BN_bin2bn(in, size, NULL);
+ m = BN_bin2bn(in, (int)size, NULL);
p = pubkey->p;
g = pubkey->g;
y = pubkey->y;
@@ -977,6 +977,7 @@
int
__ops_elgamal_private_decrypt(uint8_t *out,
+ const uint8_t *g_to_k,
const uint8_t *in,
size_t length,
const __ops_elgamal_seckey_t *seckey,
@@ -990,11 +991,12 @@
BIGNUM *p;
BIGNUM *x;
BIGNUM *m;
- int ret = 0;
+ int ret;
- /* split in byutes into c1 and c2 */
- c1 = BN_bin2bn(in, (int)(length / 2), NULL);
- c2 = BN_bin2bn(&in[length / 2], (int)(length / 2), NULL);
+ ret = 0;
+ /* c1 and c2 are in g_to_k and in, respectively*/
+ c1 = BN_bin2bn(g_to_k, (int)length, NULL);
+ c2 = BN_bin2bn(in, (int)length, NULL);
/* other bits */
p = pubkey->p;
x = seckey->x;
@@ -1018,9 +1020,7 @@
goto done;
}
/* result */
- if (BN_bn2bin(m, out) > 0) {
- ret = 1;
- }
+ ret = BN_bn2bin(m, out);
done:
if (tmp) {
BN_CTX_free(tmp);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.43 src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.44
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.43 Thu Nov 4 15:38:45 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Sun Nov 7 06:56:52 2010
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-parse.c,v 1.43 2010/11/04 15:38:45 agc Exp $");
+__RCSID("$NetBSD: packet-parse.c,v 1.44 2010/11/07 06:56:52 agc Exp $");
#endif
#ifdef HAVE_OPENSSL_CAST_H
@@ -2649,6 +2649,7 @@
uint8_t c = 0x0;
uint8_t cs[2];
unsigned k;
+ BIGNUM *g_to_k;
BIGNUM *enc_m;
int n;
uint8_t unencoded_m_buf[1024];
@@ -2681,8 +2682,10 @@
return 0;
}
enc_m = pkt.u.pk_sesskey.params.rsa.encrypted_m;
+ g_to_k = NULL;
break;
+ case OPS_PKA_DSA:
case OPS_PKA_ELGAMAL:
if (!limread_mpi(&pkt.u.pk_sesskey.params.elgamal.g_to_k,
region, stream) ||
@@ -2691,6 +2694,7 @@
region, stream)) {
return 0;
}
+ g_to_k = pkt.u.pk_sesskey.params.elgamal.g_to_k;
enc_m = pkt.u.pk_sesskey.params.elgamal.encrypted_m;
break;
@@ -2715,7 +2719,8 @@
return 1;
}
n = __ops_decrypt_decode_mpi(unencoded_m_buf,
- (unsigned)sizeof(unencoded_m_buf), enc_m, secret);
+ (unsigned)sizeof(unencoded_m_buf), g_to_k, enc_m, secret);
+
if (n < 1) {
ERRP(&stream->cbinfo, pkt, "decrypted message too short");
return 0;
