Module Name: src Committed By: agc Date: Sun Nov 7 06:56:53 UTC 2010
Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: crypto.c crypto.h openssl_crypto.c packet-parse.c Log Message: Add Elgamal decryption to netpgp. Inspired by (BSD-licensed) the Elgamal decryption code from Postgresql by Marko Kreen. % cp config.h f % netpgp -e f netpgp: default key set to "d4a643c5" % netpgp -d < f.gpg > f.netpgp netpgp: default key set to "d4a643c5" signature 1024/DSA 8222c3ecd4a643c5 2010-05-19 [EXPIRES 2013-05-18] Key fingerprint: 3e4a 5df4 033b 2333 219b 1afd 8222 c3ec d4a6 43c5 uid Alistair Crooks (DSA TEST KEY - DO NOT USE) <a...@netbsd.org> encryption 2048/Elgamal (Encrypt-Only) a97a7db6d727bc1e 2010-05-19 [EXPIRES 2013-05-18] netpgp passphrase: % ls -al f* -rw-r--r-- 1 agc agc 5730 Nov 6 23:53 f -rw------- 1 agc agc 1727 Nov 6 23:53 f.gpg -rw-r--r-- 1 agc agc 5730 Nov 6 23:54 f.netpgp % diff f f.netpgp % This makes DSA keys into first class citizens, since encryption and decryption using DSA/Elgamal is now supported. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c cvs rdiff -u -r1.25 -r1.26 \ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h cvs rdiff -u -r1.31 -r1.32 \ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c cvs rdiff -u -r1.43 -r1.44 \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.30 src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.31 --- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c:1.30 Sun Nov 7 02:29:28 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.c Sun Nov 7 06:56:52 2010 @@ -54,7 +54,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: crypto.c,v 1.30 2010/11/07 02:29:28 agc Exp $"); +__RCSID("$NetBSD: crypto.c,v 1.31 2010/11/07 06:56:52 agc Exp $"); #endif #include <sys/types.h> @@ -86,12 +86,14 @@ int __ops_decrypt_decode_mpi(uint8_t *buf, unsigned buflen, + const BIGNUM *g_to_k, const BIGNUM *encmpi, const __ops_seckey_t *seckey) { unsigned mpisize; uint8_t encmpibuf[NETPGP_BUFSIZ]; uint8_t mpibuf[NETPGP_BUFSIZ]; + uint8_t gkbuf[NETPGP_BUFSIZ]; int i; int n; @@ -101,10 +103,9 @@ (void) fprintf(stderr, "mpisize too big %u\n", mpisize); return -1; } - BN_bn2bin(encmpi, encmpibuf); - switch (seckey->pubkey.alg) { case OPS_PKA_RSA: + BN_bn2bin(encmpi, encmpibuf); if (__ops_get_debug_level(__FILE__)) { hexdump(stderr, "encrypted", encmpibuf, 16); } @@ -143,12 +144,13 @@ return n - i; case OPS_PKA_DSA: case OPS_PKA_ELGAMAL: - (void) fprintf(stderr, "XXX - preliminary support for DSA/Elgamal\n"); + (void) BN_bn2bin(g_to_k, gkbuf); + (void) BN_bn2bin(encmpi, encmpibuf); if (__ops_get_debug_level(__FILE__)) { hexdump(stderr, "encrypted", encmpibuf, 16); } - n = __ops_elgamal_private_decrypt(mpibuf, encmpibuf, - (unsigned)(BN_num_bits(encmpi) + 7) / 8, + n = __ops_elgamal_private_decrypt(mpibuf, gkbuf, encmpibuf, + (unsigned)BN_num_bytes(encmpi), &seckey->key.elgamal, &seckey->pubkey.key.elgamal); if (n == -1) { (void) fprintf(stderr, "ops_elgamal_private_decrypt failure\n"); @@ -161,13 +163,15 @@ return -1; } /* Decode EME-PKCS1_V1_5 (RFC 2437). */ - if (mpibuf[0] != 0 || mpibuf[1] != 2) { + if (mpibuf[0] != 2) { + fprintf(stderr, "mpibuf mismatch\n"); return -1; } /* Skip the random bytes. */ - for (i = 2; i < n && mpibuf[i]; ++i) { + for (i = 1; i < n && mpibuf[i]; ++i) { } if (i == n || i < 10) { + fprintf(stderr, "175 n %d\n", n); return -1; } /* Skip the zero */ Index: src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h diff -u src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.25 src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.26 --- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.25 Sun Nov 7 02:29:28 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Sun Nov 7 06:56:52 2010 @@ -131,7 +131,7 @@ int __ops_elgamal_public_encrypt(uint8_t *, uint8_t *, const uint8_t *, size_t, const __ops_elgamal_pubkey_t *); -int __ops_elgamal_private_decrypt(uint8_t *, const uint8_t *, size_t, +int __ops_elgamal_private_decrypt(uint8_t *, const uint8_t *, const uint8_t *, size_t, const __ops_elgamal_seckey_t *, const __ops_elgamal_pubkey_t *); __ops_symm_alg_t __ops_str_to_cipher(const char *); @@ -159,7 +159,8 @@ void __ops_reader_pop_hash(__ops_stream_t *); int __ops_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *, - const __ops_seckey_t *); + const BIGNUM *, const __ops_seckey_t *); + unsigned __ops_rsa_encrypt_mpi(const uint8_t *, const size_t, const __ops_pubkey_t *, __ops_pk_sesskey_params_t *); Index: src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.31 src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.32 --- src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.31 Sun Nov 7 02:29:28 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Sun Nov 7 06:56:52 2010 @@ -57,7 +57,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: openssl_crypto.c,v 1.31 2010/11/07 02:29:28 agc Exp $"); +__RCSID("$NetBSD: openssl_crypto.c,v 1.32 2010/11/07 06:56:52 agc Exp $"); #endif #ifdef HAVE_OPENSSL_DSA_H @@ -917,7 +917,7 @@ BIGNUM *c2; BN_CTX *tmp; - m = BN_bin2bn(in, size, NULL); + m = BN_bin2bn(in, (int)size, NULL); p = pubkey->p; g = pubkey->g; y = pubkey->y; @@ -977,6 +977,7 @@ int __ops_elgamal_private_decrypt(uint8_t *out, + const uint8_t *g_to_k, const uint8_t *in, size_t length, const __ops_elgamal_seckey_t *seckey, @@ -990,11 +991,12 @@ BIGNUM *p; BIGNUM *x; BIGNUM *m; - int ret = 0; + int ret; - /* split in byutes into c1 and c2 */ - c1 = BN_bin2bn(in, (int)(length / 2), NULL); - c2 = BN_bin2bn(&in[length / 2], (int)(length / 2), NULL); + ret = 0; + /* c1 and c2 are in g_to_k and in, respectively*/ + c1 = BN_bin2bn(g_to_k, (int)length, NULL); + c2 = BN_bin2bn(in, (int)length, NULL); /* other bits */ p = pubkey->p; x = seckey->x; @@ -1018,9 +1020,7 @@ goto done; } /* result */ - if (BN_bn2bin(m, out) > 0) { - ret = 1; - } + ret = BN_bn2bin(m, out); done: if (tmp) { BN_CTX_free(tmp); Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.43 src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.44 --- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.43 Thu Nov 4 15:38:45 2010 +++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Sun Nov 7 06:56:52 2010 @@ -58,7 +58,7 @@ #if defined(__NetBSD__) __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved."); -__RCSID("$NetBSD: packet-parse.c,v 1.43 2010/11/04 15:38:45 agc Exp $"); +__RCSID("$NetBSD: packet-parse.c,v 1.44 2010/11/07 06:56:52 agc Exp $"); #endif #ifdef HAVE_OPENSSL_CAST_H @@ -2649,6 +2649,7 @@ uint8_t c = 0x0; uint8_t cs[2]; unsigned k; + BIGNUM *g_to_k; BIGNUM *enc_m; int n; uint8_t unencoded_m_buf[1024]; @@ -2681,8 +2682,10 @@ return 0; } enc_m = pkt.u.pk_sesskey.params.rsa.encrypted_m; + g_to_k = NULL; break; + case OPS_PKA_DSA: case OPS_PKA_ELGAMAL: if (!limread_mpi(&pkt.u.pk_sesskey.params.elgamal.g_to_k, region, stream) || @@ -2691,6 +2694,7 @@ region, stream)) { return 0; } + g_to_k = pkt.u.pk_sesskey.params.elgamal.g_to_k; enc_m = pkt.u.pk_sesskey.params.elgamal.encrypted_m; break; @@ -2715,7 +2719,8 @@ return 1; } n = __ops_decrypt_decode_mpi(unencoded_m_buf, - (unsigned)sizeof(unencoded_m_buf), enc_m, secret); + (unsigned)sizeof(unencoded_m_buf), g_to_k, enc_m, secret); + if (n < 1) { ERRP(&stream->cbinfo, pkt, "decrypted message too short"); return 0;