aboutsummaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
Diffstat (limited to 'g10')
-rw-r--r--g10/ChangeLog13
-rw-r--r--g10/encode.c50
-rw-r--r--g10/g10.c2
-rw-r--r--g10/keygen.c8
-rw-r--r--g10/misc.c3
-rw-r--r--g10/parse-packet.c5
-rw-r--r--g10/pubkey-enc.c70
-rw-r--r--g10/seckey-cert.c54
8 files changed, 191 insertions, 14 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index e73bae4c1..537b48ede 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,16 @@
+Mon Jan 24 22:24:38 CET 2000 Werner Koch <[email protected]>
+
+ * misc.c (mpi_read_opaque): Fixed double counting.
+
+ * seckey-cert.c (do_check): Removed buffer and the unmotivated free
+ on it.
+
+ * pubkey-enc.c (pk_decrypt): New wrapper for the gcry_ function.
+ * seckey-cert.c (pk_check_secret_key): Likewise.
+ * encode.c (pk_encrypt): Likewise.
+
+ * parse-packet.c (parse_key): Fixed case of unencrypted secret keys.
+
Mon Jan 24 13:04:28 CET 2000 Werner Koch <[email protected]>
* misc.c (mpi_print): Use gcry_mpi_aprint.
diff --git a/g10/encode.c b/g10/encode.c
index e4d701e30..736eba6f6 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -41,6 +41,52 @@
static int encode_simple( const char *filename, int mode );
static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
+/****************
+ * Emulate our old PK interface here - sometime in the future we might
+ * change the internal design to directly fit to libgcrypt.
+ */
+static int
+pk_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey )
+{
+ GCRY_SEXP s_ciph, s_data, s_pkey;
+ int rc;
+
+ /* make a sexp from pkey */
+ if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) {
+ s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 0 ),
+ gcry_sexp_vlist( SEXP_NEW( "elg", 3 ),
+ gcry_sexp_new_name_mpi( "p", pkey[0] ),
+ gcry_sexp_new_name_mpi( "g", pkey[1] ),
+ gcry_sexp_new_name_mpi( "y", pkey[2] ),
+ NULL ));
+ }
+ else
+ return G10ERR_PUBKEY_ALGO;
+
+ /* put the data into a simple list */
+ s_data = gcry_sexp_new_mpi( data );
+
+ /* pass it to libgcrypt */
+ rc = gcry_pk_encrypt( &s_ciph, s_data, s_pkey );
+ gcry_sexp_release( s_data );
+ gcry_sexp_release( s_pkey );
+
+ if( rc )
+ ;
+ else { /* add better error handling or make gnupg use S-Exp directly */
+ GCRY_SEXP list = gcry_sexp_find_token( s_ciph, "a" , 0 );
+ assert( list );
+ resarr[0] = gcry_sexp_cdr_mpi( list, 0 );
+ assert( resarr[0] );
+ list = gcry_sexp_find_token( s_ciph, "b" , 0 );
+ assert( list );
+ resarr[1] = gcry_sexp_cdr_mpi( list, 0 );
+ assert( resarr[1] );
+ }
+
+ gcry_sexp_release( s_ciph );
+ return rc;
+}
/****************
@@ -464,7 +510,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
* number of bits we have to use. We then encode the session
* key in some way and we get it back in the big intger value
* FRAME. Then we use FRAME, the public key PK->PKEY and the
- * algorithm number PK->PUBKEY_ALGO and pass it to pubkey_encrypt
+ * algorithm number PK->PUBKEY_ALGO and pass it to pk_encrypt
* which returns the encrypted value in the array ENC->DATA.
* This array has a size which depends on the used algorithm
* (e.g. 2 for ElGamal). We don't need frame anymore because we
@@ -473,7 +519,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
*/
frame = encode_session_key( dek, pubkey_nbits( pk->pubkey_algo,
pk->pkey ) );
- rc = pubkey_encrypt( pk->pubkey_algo, enc->data, frame, pk->pkey );
+ rc = pk_encrypt( pk->pubkey_algo, enc->data, frame, pk->pkey );
mpi_release( frame );
if( rc )
log_error("pubkey_encrypt failed: %s\n", g10_errstr(rc) );
diff --git a/g10/g10.c b/g10/g10.c
index 192ac4ae4..b619a2dcc 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -488,7 +488,7 @@ make_username( const char *string )
static void
register_extension( const char *mainpgm, const char *fname )
{
- #warning fixme add resgitser cipher extension
+ #warning fixme add register cipher extension
#if 0
if( *fname != '/' ) { /* do tilde expansion etc */
char *tmp;
diff --git a/g10/keygen.c b/g10/keygen.c
index 805160696..70590bc89 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -204,9 +204,10 @@ gen_elg(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
MPI *factors;
assert( is_ELGAMAL(algo) );
- rc = pubkey_generate( algo, nbits, skey, &factors );
+ /*rc = pubkey_generate( algo, nbits, skey, &factors );*/
+ rc = gcry_pk_genkey( NULL, NULL );
if( rc ) {
- log_error("pubkey_generate failed: %s\n", g10_errstr(rc) );
+ log_error("pk_genkey failed: %s\n", g10_errstr(rc) );
return rc;
}
@@ -281,7 +282,8 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
if( nbits > 1024 )
nbits = 1024;
- rc = pubkey_generate( GCRY_PK_DSA, nbits, skey, &factors );
+ /*rc = pubkey_generate( GCRY_PK_DSA, nbits, skey, &factors );*/
+ rc = gcry_pk_genkey( NULL, NULL );
if( rc ) {
log_error("pubkey_generate failed: %s\n", g10_errstr(rc) );
return rc;
diff --git a/g10/misc.c b/g10/misc.c
index 1c311a6c0..d3c01f4ef 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -178,7 +178,7 @@ mpi_read(IOBUF inp, unsigned int *ret_nread, int secure)
/****************
* Same as mpi_read but the value is stored as an opaque MPI.
- * This function is used to read encrpted MPI of v3 packets.
+ * This function is used to read encrypted MPI of v3 packets.
*/
GCRY_MPI
mpi_read_opaque(IOBUF inp, unsigned *ret_nread )
@@ -205,7 +205,6 @@ mpi_read_opaque(IOBUF inp, unsigned *ret_nread )
p = buf;
for( i=0 ; i < nbytes; i++ ) {
p[i] = iobuf_get(inp) & 0xff;
- nread++;
}
nread += nbytes;
a = gcry_mpi_set_opaque(NULL, buf, nbits );
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index dffb874b0..71fa19ed5 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1420,10 +1420,11 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
printf("\tencrypted stuff follows\n");
}
}
- else { /* v3 method: the mpi length is not encrypted */
+ else { /* unencrypted v4 or v3 method (where length is not encrypted) */
for(i=npkey; i < nskey; i++ ) {
n = pktlen;
- sk->skey[i] = mpi_read_opaque(inp, &n );
+ sk->skey[i] = sk->is_protected ? mpi_read_opaque(inp, &n )
+ : mpi_read( inp, &n, 1 );
pktlen -=n;
if( list_mode ) {
printf( "\tskey[%d]: ", i);
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index 925b5a4d0..70e4bc6c1 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -37,6 +37,74 @@
static int get_it( PKT_pubkey_enc *k,
DEK *dek, PKT_secret_key *sk, u32 *keyid );
+
+/****************
+ * Emulate our old PK interface here - sometime in the future we might
+ * change the internal design to directly fit to libgcrypt.
+ */
+static int
+pk_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
+{
+ GCRY_SEXP s_skey, s_data, s_plain;
+ int rc;
+
+ *result = NULL;
+ /* make a sexp from skey */
+ if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) {
+ s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ),
+ gcry_sexp_vlist( SEXP_NEW( "elg", 0 ),
+ gcry_sexp_new_name_mpi( "p", skey[0] ),
+ gcry_sexp_new_name_mpi( "g", skey[1] ),
+ gcry_sexp_new_name_mpi( "y", skey[2] ),
+ gcry_sexp_new_name_mpi( "x", skey[3] ),
+ NULL ));
+ }
+ else if( algo == GCRY_PK_RSA ) {
+ s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ),
+ gcry_sexp_vlist( SEXP_NEW( "rsa", 0 ),
+ gcry_sexp_new_name_mpi( "n", skey[0] ),
+ gcry_sexp_new_name_mpi( "e", skey[1] ),
+ gcry_sexp_new_name_mpi( "d", skey[2] ),
+ gcry_sexp_new_name_mpi( "p", skey[3] ),
+ gcry_sexp_new_name_mpi( "q", skey[4] ),
+ gcry_sexp_new_name_mpi( "u", skey[5] ),
+ NULL ));
+ }
+ else
+ return G10ERR_PUBKEY_ALGO;
+
+ /* put data into a S-Exp s_data */
+ if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) {
+ s_data = SEXP_CONS( SEXP_NEW( "enc-val", 0 ),
+ gcry_sexp_vlist( SEXP_NEW( "elg", 0 ),
+ gcry_sexp_new_name_mpi( "a", data[0] ),
+ gcry_sexp_new_name_mpi( "b", data[1] ),
+ NULL ));
+ }
+ else if( algo == GCRY_PK_RSA ) {
+ s_data = SEXP_CONS( SEXP_NEW( "enc-val", 0 ),
+ gcry_sexp_vlist( SEXP_NEW( "rsa", 0 ),
+ gcry_sexp_new_name_mpi( "a", data[0] ),
+ NULL ));
+ }
+ else
+ BUG();
+
+ rc = gcry_pk_decrypt( &s_plain, s_data, s_skey );
+ gcry_sexp_release( s_skey );
+ gcry_sexp_release( s_data);
+ if( rc )
+ return rc;
+
+ *result = gcry_sexp_car_mpi( s_plain, 0 );
+ if( !*result )
+ return -1; /* oops */
+
+ return 0;
+}
+
+
+
/****************
* Get the session key from a pubkey enc paket and return
* it in DEK, which should have been allocated in secure memory.
@@ -106,7 +174,7 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid )
size_t nframe;
u16 csum, csum2;
- rc = pubkey_decrypt(sk->pubkey_algo, &plain_dek, k->data, sk->skey );
+ rc = pk_decrypt(sk->pubkey_algo, &plain_dek, k->data, sk->skey );
if( rc )
goto leave;
if( gcry_mpi_aprint( GCRYMPI_FMT_USG, &frame, &nframe, plain_dek ) )
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 10f7092d2..88ec69389 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -33,11 +33,58 @@
#include "i18n.h"
#include "status.h"
+/****************
+ * Emulate our old PK interface here - sometime in the future we might
+ * change the internal design to directly fit to libgcrypt.
+ */
+static int
+pk_check_secret_key( int algo, MPI *skey )
+{
+ GCRY_SEXP s_skey;
+ int rc;
+
+ /* make a sexp from skey */
+ if( algo == GCRY_PK_DSA ) {
+ s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ),
+ gcry_sexp_vlist( SEXP_NEW( "dsa", 0 ),
+ gcry_sexp_new_name_mpi( "p", skey[0] ),
+ gcry_sexp_new_name_mpi( "q", skey[1] ),
+ gcry_sexp_new_name_mpi( "g", skey[2] ),
+ gcry_sexp_new_name_mpi( "y", skey[3] ),
+ gcry_sexp_new_name_mpi( "x", skey[4] ),
+ NULL ));
+ }
+ else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) {
+ s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ),
+ gcry_sexp_vlist( SEXP_NEW( "elg", 0 ),
+ gcry_sexp_new_name_mpi( "p", skey[0] ),
+ gcry_sexp_new_name_mpi( "g", skey[1] ),
+ gcry_sexp_new_name_mpi( "y", skey[2] ),
+ gcry_sexp_new_name_mpi( "x", skey[3] ),
+ NULL ));
+ }
+ else if( algo == GCRY_PK_RSA ) {
+ s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ),
+ gcry_sexp_vlist( SEXP_NEW( "rsa", 0 ),
+ gcry_sexp_new_name_mpi( "n", skey[0] ),
+ gcry_sexp_new_name_mpi( "e", skey[1] ),
+ gcry_sexp_new_name_mpi( "d", skey[2] ),
+ gcry_sexp_new_name_mpi( "p", skey[3] ),
+ gcry_sexp_new_name_mpi( "q", skey[4] ),
+ gcry_sexp_new_name_mpi( "u", skey[5] ),
+ NULL ));
+ }
+ else
+ return G10ERR_PUBKEY_ALGO;
+
+ rc = gcry_pk_testkey( s_skey );
+ gcry_sexp_release( s_skey );
+ return rc;
+}
static int
do_check( PKT_secret_key *sk )
{
- byte *buffer;
u16 csum=0;
int i, res;
unsigned nbytes;
@@ -141,7 +188,7 @@ do_check( PKT_secret_key *sk )
log_bug("gcry_mpi_scan failed in do_check: rc=%d\n", res);
csum += checksum_mpi( sk->skey[i] );
- gcry_free( buffer );
+ gcry_free( data );
}
}
gcry_cipher_close( cipher_hd );
@@ -152,7 +199,7 @@ do_check( PKT_secret_key *sk )
return G10ERR_BAD_PASS;
}
/* the checksum may fail, so we also check the key itself */
- res = pubkey_check_secret_key( sk->pubkey_algo, sk->skey );
+ res = pk_check_secret_key( sk->pubkey_algo, sk->skey );
if( res ) {
copy_secret_key( sk, save_sk );
free_secret_key( save_sk );
@@ -165,6 +212,7 @@ do_check( PKT_secret_key *sk )
csum = 0;
for(i=pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
+ assert( !gcry_mpi_get_flag( sk->skey[i], GCRYMPI_FLAG_OPAQUE ) );
csum += checksum_mpi( sk->skey[i] );
}
if( csum != sk->csum )
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-28 19:07:21 +0000