aboutsummaryrefslogtreecommitdiffstats
path: root/cipher
diff options
context:
space:
mode:
Diffstat (limited to 'cipher')
-rw-r--r--cipher/ChangeLog11
-rw-r--r--cipher/pubkey.c256
2 files changed, 253 insertions, 14 deletions
diff --git a/cipher/ChangeLog b/cipher/ChangeLog
index 33b04e4f2..5925a0419 100644
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@@ -1,3 +1,14 @@
+Mon Jan 24 22:24:38 CET 2000 Werner Koch <[email protected]>
+
+ * pubkey.c (gcry_pk_decrypt): Implemented.
+ (gcry_pk_encrypt): Implemented.
+ (gcry_pk_testkey): New.
+ (gcry_pk_genkey): New.
+ (pubkey_decrypt): Made static.
+ (pubkey_encrypt): Ditto.
+ (pubkey_check_secret_key): Ditto.
+ (pubkey_generate): Ditto.
+
Mon Jan 24 13:04:28 CET 2000 Werner Koch <[email protected]>
* pubkey.c (pubkey_nbits): Removed and replaced by ...
diff --git a/cipher/pubkey.c b/cipher/pubkey.c
index 949e3b9ca..4def6f699 100644
--- a/cipher/pubkey.c
+++ b/cipher/pubkey.c
@@ -95,6 +95,7 @@ static struct {
{ NULL }};
+static int pubkey_decrypt( int algo, MPI *result, MPI *data, MPI *skey );
static int pubkey_sign( int algo, MPI *resarr, MPI hash, MPI *skey );
static int pubkey_verify( int algo, MPI hash, MPI *data, MPI *pkey,
int (*cmp)(void *, MPI), void *opaque );
@@ -432,7 +433,7 @@ pubkey_get_nenc( int algo )
}
-int
+static int
pubkey_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors )
{
int i;
@@ -447,7 +448,7 @@ pubkey_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors )
}
-int
+static int
pubkey_check_secret_key( int algo, MPI *skey )
{
int i;
@@ -467,7 +468,7 @@ pubkey_check_secret_key( int algo, MPI *skey )
* should be an array of MPIs of size PUBKEY_MAX_NENC (or less if the
* algorithm allows this - check with pubkey_get_nenc() )
*/
-int
+static int
pubkey_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey )
{
int i, rc;
@@ -504,12 +505,12 @@ pubkey_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey )
* result is a pointer to a mpi variable which will receive a
* newly allocated mpi or NULL in case of an error.
*/
-int
+static int
pubkey_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
{
int i, rc;
- *result = NULL; /* so the caller can always do an mpi_free */
+ *result = NULL; /* so the caller can always do a mpi_free */
if( DBG_CIPHER ) {
log_debug("pubkey_decrypt: algo=%d\n", algo );
for(i=0; i < pubkey_get_nskey(algo); i++ )
@@ -751,20 +752,196 @@ sexp_to_sig( GCRY_SEXP sexp, MPI **retarray, int *retalgo)
}
+/****************
+ * Take sexp and return an array of MPI as used for our internal decrypt
+ * function.
+ */
+static int
+sexp_to_enc( GCRY_SEXP sexp, MPI **retarray, int *retalgo)
+{
+ GCRY_SEXP list, l2;
+ const char *name;
+ const char *s;
+ size_t n;
+ int i, idx;
+ int algo;
+ const char *elems;
+ GCRY_MPI *array;
+
+ /* check that the first element is valid */
+ list = gcry_sexp_find_token( sexp, "enc-val" , 0 );
+ if( !list )
+ return GCRYERR_INV_OBJ; /* Does not contain a encrypted value object */
+ list = gcry_sexp_cdr( list );
+ if( !list )
+ return GCRYERR_NO_OBJ; /* no cdr for the data object */
+ name = gcry_sexp_car_data( list, &n );
+ if( !name )
+ return GCRYERR_INV_OBJ; /* invalid structure of object */
+ for(i=0; (s=enc_info_table[i].name); i++ ) {
+ if( strlen(s) == n && !memcmp( s, name, n ) )
+ break;
+ }
+ if( !s )
+ return GCRYERR_INV_PK_ALGO; /* unknown algorithm */
+ algo = enc_info_table[i].algo;
+ elems = enc_info_table[i].elements;
+ array = g10_calloc( (strlen(elems)+1) , sizeof *array );
+ if( !array )
+ return GCRYERR_NO_MEM;
+
+ idx = 0;
+ for(s=elems; *s; s++, idx++ ) {
+ l2 = gcry_sexp_find_token( list, s, 1 );
+ if( !l2 ) {
+ g10_free( array );
+ return GCRYERR_NO_OBJ; /* required parameter not found */
+ }
+ array[idx] = gcry_sexp_cdr_mpi( l2, GCRYMPI_FMT_USG );
+ if( !array[idx] ) {
+ g10_free( array );
+ return GCRYERR_INV_OBJ; /* required parameter is invalid */
+ }
+ }
+
+ *retarray = array;
+ *retalgo = algo;
+ return 0;
+}
+/****************
+ * Do a PK encrypt operation
+ *
+ * Caller has to provide a public key as the SEXP pkey and data as a SEXP
+ * with just one MPI in it. The function returns a a sexp which may
+ * be passed tp to pk_decrypt.
+ * Later versions of this functions may take more complex input data.
+ *
+ * Returns: 0 or an errorcode.
+ *
+ * s_data = (<mpi>)
+ * s_pkey = <key-as-defined-in-sexp_to_key>
+ * r_ciph = (enc-val
+ * (<algo>
+ * (<param_name1> <mpi>)
+ * ...
+ * (<param_namen> <mpi>)
+ * ))
+ */
int
-gcry_pk_encrypt( GCRY_SEXP *result, GCRY_SEXP data, GCRY_SEXP pkey )
+gcry_pk_encrypt( GCRY_SEXP *r_ciph, GCRY_SEXP s_data, GCRY_SEXP s_pkey )
{
- /* ... */
+ MPI *pkey, data, *ciph;
+ const char *algo_name, *algo_elems;
+ GCRY_SEXP *s_elems;
+ int i, rc, algo;
+
+ /* get the key */
+ rc = sexp_to_key( s_pkey, 0, &pkey, &algo );
+ if( rc ) {
+ return rc;
+ }
+
+ /* get the name and the required size of the return value */
+ for(i=0; (algo_name = enc_info_table[i].name); i++ ) {
+ if( enc_info_table[i].algo == algo )
+ break;
+ }
+ if( !algo_name ) {
+ release_mpi_array( pkey );
+ return GCRYERR_INV_PK_ALGO;
+ }
+ algo_elems = enc_info_table[i].elements;
+
+ /* get the stuff we want to encrypt */
+ data = gcry_sexp_car_mpi( s_data, 0 );
+ if( !data ) {
+ release_mpi_array( pkey );
+ return GCRYERR_INV_OBJ;
+ }
+
+ /* Now we can encrypt data to ciph */
+ ciph = g10_xcalloc( (strlen(algo_elems)+1) , sizeof *ciph );
+ rc = pubkey_encrypt( algo, ciph, data, pkey );
+ release_mpi_array( pkey );
+ mpi_free( data );
+ if( rc ) {
+ g10_free( ciph );
+ return rc;
+ }
+
+ /* We did it. Now build the return list */
+ s_elems = g10_xcalloc( (strlen(algo_elems)+2), sizeof *s_elems );
+ s_elems[0] = SEXP_NEW( algo_name, 0 );
+ for(i=0; algo_elems[i]; i++ ) {
+ char tmp[2];
+ tmp[0] = algo_elems[i];
+ tmp[1] = 0;
+ s_elems[i+1] = gcry_sexp_new_name_mpi( tmp, ciph[i] );
+ }
+ release_mpi_array( ciph );
+ g10_free( ciph );
+
+ *r_ciph = SEXP_CONS( SEXP_NEW( "enc-val", 0 ),
+ gcry_sexp_alist( s_elems ) );
+
+ g10_free( s_elems );
return 0;
}
+/****************
+ * Do a PK decrypt operation
+ *
+ * Caller has to provide a secret key as the SEXP skey and data in a format
+ * as created by gcry_pk_encrypt. Currently the function returns
+ * simply a MPI. Later versions of this functions may return a more
+ * complex data structure.
+ *
+ * Returns: 0 or an errorcode.
+ *
+ * s_data = (enc-val
+ * (<algo>
+ * (<param_name1> <mpi>)
+ * ...
+ * (<param_namen> <mpi>)
+ * ))
+ * s_skey = <key-as-defined-in-sexp_to_key>
+ * r_plain= (<mpi>) FIXME: Return a more structered value
+ */
int
-gcry_pk_decrypt( GCRY_SEXP *result, GCRY_SEXP data, GCRY_SEXP skey )
+gcry_pk_decrypt( GCRY_SEXP *r_plain, GCRY_SEXP s_data, GCRY_SEXP s_skey )
{
- /* ... */
+ MPI *skey, *data, plain;
+ int rc, algo, dataalgo;
+
+ rc = sexp_to_key( s_skey, 1, &skey, &algo );
+ if( rc ) {
+ return rc;
+ }
+ rc = sexp_to_enc( s_data, &data, &dataalgo );
+ if( rc ) {
+ release_mpi_array( skey );
+ return rc;
+ }
+ if( algo != dataalgo ) {
+ release_mpi_array( skey );
+ release_mpi_array( data );
+ return -1; /* fixme: add real errornumber - algo does not match */
+ }
+
+ rc = pubkey_decrypt( algo, &plain, data, skey );
+ if( rc ) {
+ release_mpi_array( skey );
+ release_mpi_array( data );
+ return -1; /* fixme: add real errornumber - decryption failed */
+ }
+
+ *r_plain = gcry_sexp_new_mpi( plain );
+ mpi_free( plain );
+ release_mpi_array( data );
+ release_mpi_array( skey );
return 0;
}
@@ -800,7 +977,7 @@ gcry_pk_sign( GCRY_SEXP *r_sig, GCRY_SEXP s_hash, GCRY_SEXP s_skey )
MPI *result;
int i, algo, rc;
const char *algo_name, *algo_elems;
- GCRY_SEXP s;
+ GCRY_SEXP *s_elems;
rc = sexp_to_key( s_skey, 1, &skey, &algo );
if( rc )
@@ -832,16 +1009,21 @@ gcry_pk_sign( GCRY_SEXP *r_sig, GCRY_SEXP s_hash, GCRY_SEXP s_skey )
return rc;
}
- s = SEXP_NEW( algo_name, 0 );
+ s_elems = g10_xcalloc( (strlen(algo_elems)+2), sizeof *s_elems );
+ s_elems[0] = SEXP_NEW( algo_name, 0 );
for(i=0; algo_elems[i]; i++ ) {
char tmp[2];
tmp[0] = algo_elems[i];
tmp[1] = 0;
- s = gcry_sexp_append( s, gcry_sexp_new_name_mpi( tmp, result[i] ) );
+ s_elems[i+1] = gcry_sexp_new_name_mpi( tmp, result[i] );
}
+ release_mpi_array( result );
g10_free( result );
- *r_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), s );
- gcry_sexp_dump( *r_sig );
+
+ *r_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ),
+ gcry_sexp_alist( s_elems ) );
+
+ g10_free( s_elems );
return 0;
}
@@ -890,6 +1072,52 @@ gcry_pk_verify( GCRY_SEXP s_sig, GCRY_SEXP s_hash, GCRY_SEXP s_pkey )
/****************
+ * Test a key. This may be used either for a public or a secret key
+ * to see whether internal structre is valid.
+ *
+ * Returns: 0 or an errorcode.
+ *
+ * s_key = <key-as-defined-in-sexp_to_key>
+ */
+int
+gcry_pk_testkey( GCRY_SEXP s_key )
+{
+ MPI *key;
+ int rc, algo;
+
+ /* Note we currently support only secret key checking */
+ rc = sexp_to_key( s_key, 1, &key, &algo );
+ if( rc ) {
+ return rc;
+ }
+
+ rc = pubkey_check_secret_key( algo, key );
+ release_mpi_array( key );
+ return rc;
+}
+
+
+/****************
+ * Create a public key pair and return it in r_key.
+ * How the key is created depends on s_parms:
+ * (GNU
+ * (genkey
+ * (algo
+ * (parameter_name_1 ....)
+ * ....
+ * (parameter_name_n ....)
+ * )))
+ * The key is returned in a format depending on the
+ * algorithm. Both, private and secret key are returned
+ * and optionally some additional informatin.
+ */
+int
+gcry_pk_genkey( GCRY_SEXP *r_key, GCRY_SEXP s_parms )
+{
+ return GCRYERR_NOT_IMPL;
+}
+
+/****************
* Get the number of nbits from the public key
* Hmmm: Should we have really this function or is it
* better to have a more general function to retrieve
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 22:23:32 +0000