1
/* pubkey.c - pubkey dispatcher
2
* Copyright (C) 1998, 1999, 2000, 2002, 2003, 2005,
3
* 2007, 2008 Free Software Foundation, Inc.
5
* This file is part of Libgcrypt.
7
* Libgcrypt is free software; you can redistribute it and/or modify
8
* it under the terms of the GNU Lesser general Public License as
9
* published by the Free Software Foundation; either version 2.1 of
10
* the License, or (at your option) any later version.
12
* Libgcrypt is distributed in the hope that it will be useful,
13
* but WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
* GNU Lesser General Public License for more details.
17
* You should have received a copy of the GNU Lesser General Public
18
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
33
static gcry_err_code_t pubkey_decrypt (int algo, gcry_mpi_t *result,
34
gcry_mpi_t *data, gcry_mpi_t *skey,
36
static gcry_err_code_t pubkey_sign (int algo, gcry_mpi_t *resarr,
37
gcry_mpi_t hash, gcry_mpi_t *skey);
38
static gcry_err_code_t pubkey_verify (int algo, gcry_mpi_t hash,
39
gcry_mpi_t *data, gcry_mpi_t *pkey,
40
int (*cmp) (void *, gcry_mpi_t),
44
/* A dummy extraspec so that we do not need to tests the extraspec
45
field from the module specification against NULL and instead
46
directly test the respective fields of extraspecs. */
47
static pk_extra_spec_t dummy_extra_spec;
50
/* This is the list of the default public-key ciphers included in
51
libgcrypt. FIPS_ALLOWED indicated whether the algorithm is used in
53
static struct pubkey_table_entry
55
gcry_pk_spec_t *pubkey;
56
pk_extra_spec_t *extraspec;
57
unsigned int algorithm;
62
{ &_gcry_pubkey_spec_rsa,
63
&_gcry_pubkey_extraspec_rsa, GCRY_PK_RSA, 1},
66
{ &_gcry_pubkey_spec_elg,
67
&_gcry_pubkey_extraspec_elg, GCRY_PK_ELG },
68
{ &_gcry_pubkey_spec_elg,
69
&_gcry_pubkey_extraspec_elg, GCRY_PK_ELG_E },
72
{ &_gcry_pubkey_spec_dsa,
73
&_gcry_pubkey_extraspec_dsa, GCRY_PK_DSA, 1 },
76
{ &_gcry_pubkey_spec_ecdsa,
77
&_gcry_pubkey_extraspec_ecdsa, GCRY_PK_ECDSA, 0 },
82
/* List of registered ciphers. */
83
static gcry_module_t pubkeys_registered;
85
/* This is the lock protecting PUBKEYS_REGISTERED. */
86
static ath_mutex_t pubkeys_registered_lock = ATH_MUTEX_INITIALIZER;;
88
/* Flag to check wether the default pubkeys have already been
90
static int default_pubkeys_registered;
92
/* Convenient macro for registering the default digests. */
93
#define REGISTER_DEFAULT_PUBKEYS \
96
ath_mutex_lock (&pubkeys_registered_lock); \
97
if (! default_pubkeys_registered) \
99
pk_register_default (); \
100
default_pubkeys_registered = 1; \
102
ath_mutex_unlock (&pubkeys_registered_lock); \
106
/* These dummy functions are used in case a cipher implementation
107
refuses to provide it's own functions. */
109
static gcry_err_code_t
110
dummy_generate (int algorithm, unsigned int nbits, unsigned long dummy,
111
gcry_mpi_t *skey, gcry_mpi_t **retfactors)
118
fips_signal_error ("using dummy public key function");
119
return GPG_ERR_NOT_IMPLEMENTED;
122
static gcry_err_code_t
123
dummy_check_secret_key (int algorithm, gcry_mpi_t *skey)
127
fips_signal_error ("using dummy public key function");
128
return GPG_ERR_NOT_IMPLEMENTED;
131
static gcry_err_code_t
132
dummy_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
133
gcry_mpi_t *pkey, int flags)
140
fips_signal_error ("using dummy public key function");
141
return GPG_ERR_NOT_IMPLEMENTED;
144
static gcry_err_code_t
145
dummy_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
146
gcry_mpi_t *skey, int flags)
153
fips_signal_error ("using dummy public key function");
154
return GPG_ERR_NOT_IMPLEMENTED;
157
static gcry_err_code_t
158
dummy_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
165
fips_signal_error ("using dummy public key function");
166
return GPG_ERR_NOT_IMPLEMENTED;
169
static gcry_err_code_t
170
dummy_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,
172
int (*cmp) (void *, gcry_mpi_t), void *opaquev)
180
fips_signal_error ("using dummy public key function");
181
return GPG_ERR_NOT_IMPLEMENTED;
185
dummy_get_nbits (int algorithm, gcry_mpi_t *pkey)
189
fips_signal_error ("using dummy public key function");
193
/* Internal function. Register all the pubkeys included in
194
PUBKEY_TABLE. Returns zero on success or an error code. */
196
pk_register_default (void)
198
gcry_err_code_t err = 0;
201
for (i = 0; (! err) && pubkey_table[i].pubkey; i++)
203
#define pubkey_use_dummy(func) \
204
if (! pubkey_table[i].pubkey->func) \
205
pubkey_table[i].pubkey->func = dummy_##func;
207
pubkey_use_dummy (generate);
208
pubkey_use_dummy (check_secret_key);
209
pubkey_use_dummy (encrypt);
210
pubkey_use_dummy (decrypt);
211
pubkey_use_dummy (sign);
212
pubkey_use_dummy (verify);
213
pubkey_use_dummy (get_nbits);
214
#undef pubkey_use_dummy
216
err = _gcry_module_add (&pubkeys_registered,
217
pubkey_table[i].algorithm,
218
(void *) pubkey_table[i].pubkey,
219
(void *) pubkey_table[i].extraspec,
227
/* Internal callback function. Used via _gcry_module_lookup. */
229
gcry_pk_lookup_func_name (void *spec, void *data)
231
gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) spec;
232
char *name = (char *) data;
233
const char **aliases = pubkey->aliases;
234
int ret = stricmp (name, pubkey->name);
236
while (ret && *aliases)
237
ret = stricmp (name, *aliases++);
242
/* Internal function. Lookup a pubkey entry by it's name. */
244
gcry_pk_lookup_name (const char *name)
246
gcry_module_t pubkey;
248
pubkey = _gcry_module_lookup (pubkeys_registered, (void *) name,
249
gcry_pk_lookup_func_name);
254
/* Register a new pubkey module whose specification can be found in
255
PUBKEY. On success, a new algorithm ID is stored in ALGORITHM_ID
256
and a pointer representhing this module is stored in MODULE. */
258
_gcry_pk_register (gcry_pk_spec_t *pubkey,
259
pk_extra_spec_t *extraspec,
260
unsigned int *algorithm_id,
261
gcry_module_t *module)
263
gcry_err_code_t err = GPG_ERR_NO_ERROR;
266
/* We do not support module loading in fips mode. */
268
return gpg_error (GPG_ERR_NOT_SUPPORTED);
270
ath_mutex_lock (&pubkeys_registered_lock);
271
err = _gcry_module_add (&pubkeys_registered, 0,
273
(void *)(extraspec? extraspec : &dummy_extra_spec),
275
ath_mutex_unlock (&pubkeys_registered_lock);
280
*algorithm_id = mod->mod_id;
286
/* Unregister the pubkey identified by ID, which must have been
287
registered with gcry_pk_register. */
289
gcry_pk_unregister (gcry_module_t module)
291
ath_mutex_lock (&pubkeys_registered_lock);
292
_gcry_module_release (module);
293
ath_mutex_unlock (&pubkeys_registered_lock);
297
release_mpi_array (gcry_mpi_t *array)
299
for (; *array; array++)
307
* Map a string to the pubkey algo
310
gcry_pk_map_name (const char *string)
312
gcry_module_t pubkey;
318
REGISTER_DEFAULT_PUBKEYS;
320
ath_mutex_lock (&pubkeys_registered_lock);
321
pubkey = gcry_pk_lookup_name (string);
324
algorithm = pubkey->mod_id;
325
_gcry_module_release (pubkey);
327
ath_mutex_unlock (&pubkeys_registered_lock);
333
/* Map the public key algorithm whose ID is contained in ALGORITHM to
334
a string representation of the algorithm name. For unknown
335
algorithm IDs this functions returns "?". */
337
gcry_pk_algo_name (int algorithm)
339
gcry_module_t pubkey;
342
REGISTER_DEFAULT_PUBKEYS;
344
ath_mutex_lock (&pubkeys_registered_lock);
345
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
348
name = ((gcry_pk_spec_t *) pubkey->spec)->name;
349
_gcry_module_release (pubkey);
353
ath_mutex_unlock (&pubkeys_registered_lock);
359
/* A special version of gcry_pk_algo name to return the first aliased
360
name of the algorithm. This is required to adhere to the spki
361
specs where the algorithm names are lowercase. */
363
_gcry_pk_aliased_algo_name (int algorithm)
365
const char *name = NULL;
366
gcry_module_t module;
368
REGISTER_DEFAULT_PUBKEYS;
370
ath_mutex_lock (&pubkeys_registered_lock);
371
module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
374
gcry_pk_spec_t *pubkey = (gcry_pk_spec_t *) module->spec;
376
name = pubkey->aliases? *pubkey->aliases : NULL;
379
_gcry_module_release (module);
381
ath_mutex_unlock (&pubkeys_registered_lock);
388
disable_pubkey_algo (int algorithm)
390
gcry_module_t pubkey;
392
ath_mutex_lock (&pubkeys_registered_lock);
393
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
396
if (! (pubkey-> flags & FLAG_MODULE_DISABLED))
397
pubkey->flags |= FLAG_MODULE_DISABLED;
398
_gcry_module_release (pubkey);
400
ath_mutex_unlock (&pubkeys_registered_lock);
405
* A USE of 0 means: don't care.
407
static gcry_err_code_t
408
check_pubkey_algo (int algorithm, unsigned use)
410
gcry_err_code_t err = GPG_ERR_NO_ERROR;
411
gcry_pk_spec_t *pubkey;
412
gcry_module_t module;
414
REGISTER_DEFAULT_PUBKEYS;
416
ath_mutex_lock (&pubkeys_registered_lock);
417
module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
420
pubkey = (gcry_pk_spec_t *) module->spec;
422
if (((use & GCRY_PK_USAGE_SIGN)
423
&& (! (pubkey->use & GCRY_PK_USAGE_SIGN)))
424
|| ((use & GCRY_PK_USAGE_ENCR)
425
&& (! (pubkey->use & GCRY_PK_USAGE_ENCR))))
426
err = GPG_ERR_WRONG_PUBKEY_ALGO;
427
else if (module->flags & FLAG_MODULE_DISABLED)
428
err = GPG_ERR_PUBKEY_ALGO;
429
_gcry_module_release (module);
432
err = GPG_ERR_PUBKEY_ALGO;
433
ath_mutex_unlock (&pubkeys_registered_lock);
440
* Return the number of public key material numbers
443
pubkey_get_npkey (int algorithm)
445
gcry_module_t pubkey;
448
REGISTER_DEFAULT_PUBKEYS;
450
ath_mutex_lock (&pubkeys_registered_lock);
451
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
454
npkey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_pkey);
455
_gcry_module_release (pubkey);
457
ath_mutex_unlock (&pubkeys_registered_lock);
463
* Return the number of secret key material numbers
466
pubkey_get_nskey (int algorithm)
468
gcry_module_t pubkey;
471
REGISTER_DEFAULT_PUBKEYS;
473
ath_mutex_lock (&pubkeys_registered_lock);
474
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
477
nskey = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_skey);
478
_gcry_module_release (pubkey);
480
ath_mutex_unlock (&pubkeys_registered_lock);
486
* Return the number of signature material numbers
489
pubkey_get_nsig (int algorithm)
491
gcry_module_t pubkey;
494
REGISTER_DEFAULT_PUBKEYS;
496
ath_mutex_lock (&pubkeys_registered_lock);
497
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
500
nsig = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_sig);
501
_gcry_module_release (pubkey);
503
ath_mutex_unlock (&pubkeys_registered_lock);
509
* Return the number of encryption material numbers
512
pubkey_get_nenc (int algorithm)
514
gcry_module_t pubkey;
517
REGISTER_DEFAULT_PUBKEYS;
519
ath_mutex_lock (&pubkeys_registered_lock);
520
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
523
nenc = strlen (((gcry_pk_spec_t *) pubkey->spec)->elements_enc);
524
_gcry_module_release (pubkey);
526
ath_mutex_unlock (&pubkeys_registered_lock);
532
/* Generate a new public key with algorithm ALGORITHM of size NBITS
533
and return it at SKEY. USE_E depends on the ALGORITHM. GENPARMS
534
is passed to the algorithm module if it features an extended
535
generation function. RETFACTOR is used by some algorithms to
536
return certain additional information which are in general not
539
The function returns the error code number or 0 on success. */
540
static gcry_err_code_t
541
pubkey_generate (int algorithm,
544
gcry_sexp_t genparms,
545
gcry_mpi_t *skey, gcry_mpi_t **retfactors,
546
gcry_sexp_t *r_extrainfo)
548
gcry_err_code_t ec = GPG_ERR_PUBKEY_ALGO;
549
gcry_module_t pubkey;
551
REGISTER_DEFAULT_PUBKEYS;
553
ath_mutex_lock (&pubkeys_registered_lock);
554
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
557
pk_extra_spec_t *extraspec = pubkey->extraspec;
559
if (extraspec && extraspec->ext_generate)
561
/* Use the extended generate function. */
562
ec = extraspec->ext_generate
563
(algorithm, nbits, use_e, genparms, skey, retfactors, r_extrainfo);
567
/* Use the standard generate function. */
568
ec = ((gcry_pk_spec_t *) pubkey->spec)->generate
569
(algorithm, nbits, use_e, skey, retfactors);
571
_gcry_module_release (pubkey);
573
ath_mutex_unlock (&pubkeys_registered_lock);
579
static gcry_err_code_t
580
pubkey_check_secret_key (int algorithm, gcry_mpi_t *skey)
582
gcry_err_code_t err = GPG_ERR_PUBKEY_ALGO;
583
gcry_module_t pubkey;
585
REGISTER_DEFAULT_PUBKEYS;
587
ath_mutex_lock (&pubkeys_registered_lock);
588
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
591
err = ((gcry_pk_spec_t *) pubkey->spec)->check_secret_key
593
_gcry_module_release (pubkey);
595
ath_mutex_unlock (&pubkeys_registered_lock);
602
* This is the interface to the public key encryption. Encrypt DATA
603
* with PKEY and put it into RESARR which should be an array of MPIs
604
* of size PUBKEY_MAX_NENC (or less if the algorithm allows this -
605
* check with pubkey_get_nenc() )
607
static gcry_err_code_t
608
pubkey_encrypt (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
609
gcry_mpi_t *pkey, int flags)
611
gcry_pk_spec_t *pubkey;
612
gcry_module_t module;
616
/* Note: In fips mode DBG_CIPHER will enver evaluate to true but as
617
an extra failsafe protection we explicitly test for fips mode
619
if (DBG_CIPHER && !fips_mode ())
621
log_debug ("pubkey_encrypt: algo=%d\n", algorithm);
622
for(i = 0; i < pubkey_get_npkey (algorithm); i++)
623
log_mpidump (" pkey:", pkey[i]);
624
log_mpidump (" data:", data);
627
ath_mutex_lock (&pubkeys_registered_lock);
628
module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
631
pubkey = (gcry_pk_spec_t *) module->spec;
632
rc = pubkey->encrypt (algorithm, resarr, data, pkey, flags);
633
_gcry_module_release (module);
636
rc = GPG_ERR_PUBKEY_ALGO;
639
ath_mutex_unlock (&pubkeys_registered_lock);
641
if (!rc && DBG_CIPHER && !fips_mode ())
643
for(i = 0; i < pubkey_get_nenc (algorithm); i++)
644
log_mpidump(" encr:", resarr[i] );
651
* This is the interface to the public key decryption.
652
* ALGO gives the algorithm to use and this implicitly determines
653
* the size of the arrays.
654
* result is a pointer to a mpi variable which will receive a
655
* newly allocated mpi or NULL in case of an error.
657
static gcry_err_code_t
658
pubkey_decrypt (int algorithm, gcry_mpi_t *result, gcry_mpi_t *data,
659
gcry_mpi_t *skey, int flags)
661
gcry_pk_spec_t *pubkey;
662
gcry_module_t module;
666
*result = NULL; /* so the caller can always do a mpi_free */
667
if (DBG_CIPHER && !fips_mode ())
669
log_debug ("pubkey_decrypt: algo=%d\n", algorithm);
670
for(i = 0; i < pubkey_get_nskey (algorithm); i++)
671
log_mpidump (" skey:", skey[i]);
672
for(i = 0; i < pubkey_get_nenc (algorithm); i++)
673
log_mpidump (" data:", data[i]);
676
ath_mutex_lock (&pubkeys_registered_lock);
677
module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
680
pubkey = (gcry_pk_spec_t *) module->spec;
681
rc = pubkey->decrypt (algorithm, result, data, skey, flags);
682
_gcry_module_release (module);
686
rc = GPG_ERR_PUBKEY_ALGO;
689
ath_mutex_unlock (&pubkeys_registered_lock);
691
if (!rc && DBG_CIPHER && !fips_mode ())
692
log_mpidump (" plain:", *result);
699
* This is the interface to the public key signing.
700
* Sign data with skey and put the result into resarr which
701
* should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the
702
* algorithm allows this - check with pubkey_get_nsig() )
704
static gcry_err_code_t
705
pubkey_sign (int algorithm, gcry_mpi_t *resarr, gcry_mpi_t data,
708
gcry_pk_spec_t *pubkey;
709
gcry_module_t module;
713
if (DBG_CIPHER && !fips_mode ())
715
log_debug ("pubkey_sign: algo=%d\n", algorithm);
716
for(i = 0; i < pubkey_get_nskey (algorithm); i++)
717
log_mpidump (" skey:", skey[i]);
718
log_mpidump(" data:", data );
721
ath_mutex_lock (&pubkeys_registered_lock);
722
module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
725
pubkey = (gcry_pk_spec_t *) module->spec;
726
rc = pubkey->sign (algorithm, resarr, data, skey);
727
_gcry_module_release (module);
731
rc = GPG_ERR_PUBKEY_ALGO;
734
ath_mutex_unlock (&pubkeys_registered_lock);
736
if (!rc && DBG_CIPHER && !fips_mode ())
737
for (i = 0; i < pubkey_get_nsig (algorithm); i++)
738
log_mpidump (" sig:", resarr[i]);
744
* Verify a public key signature.
745
* Return 0 if the signature is good
747
static gcry_err_code_t
748
pubkey_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data,
750
int (*cmp)(void *, gcry_mpi_t), void *opaquev)
752
gcry_pk_spec_t *pubkey;
753
gcry_module_t module;
757
if (DBG_CIPHER && !fips_mode ())
759
log_debug ("pubkey_verify: algo=%d\n", algorithm);
760
for (i = 0; i < pubkey_get_npkey (algorithm); i++)
761
log_mpidump (" pkey:", pkey[i]);
762
for (i = 0; i < pubkey_get_nsig (algorithm); i++)
763
log_mpidump (" sig:", data[i]);
764
log_mpidump (" hash:", hash);
767
ath_mutex_lock (&pubkeys_registered_lock);
768
module = _gcry_module_lookup_id (pubkeys_registered, algorithm);
771
pubkey = (gcry_pk_spec_t *) module->spec;
772
rc = pubkey->verify (algorithm, hash, data, pkey, cmp, opaquev);
773
_gcry_module_release (module);
777
rc = GPG_ERR_PUBKEY_ALGO;
780
ath_mutex_unlock (&pubkeys_registered_lock);
785
/* Internal function. */
786
static gcry_err_code_t
787
sexp_elements_extract (gcry_sexp_t key_sexp, const char *element_names,
788
gcry_mpi_t *elements, const char *algo_name)
790
gcry_err_code_t err = 0;
795
for (name = element_names, idx = 0; *name && !err; name++, idx++)
797
list = gcry_sexp_find_token (key_sexp, name, 1);
799
elements[idx] = NULL;
802
elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
803
gcry_sexp_release (list);
805
err = GPG_ERR_INV_OBJ;
811
/* Check that all elements are available. */
812
for (name = element_names, idx = 0; *name; name++, idx++)
817
err = GPG_ERR_NO_OBJ;
818
/* Some are missing. Before bailing out we test for
819
optional parameters. */
820
if (algo_name && !strcmp (algo_name, "RSA")
821
&& !strcmp (element_names, "nedpqu") )
823
/* This is RSA. Test whether we got N, E and D and that
824
the optional P, Q and U are all missing. */
825
if (elements[0] && elements[1] && elements[2]
826
&& !elements[3] && !elements[4] && !elements[5])
835
for (i = 0; i < idx; i++)
837
gcry_free (elements[i]);
843
/* Internal function used for ecc. Note, that this function makes use
844
of its intimate knowledge about the ECC parameters from ecc.c. */
845
static gcry_err_code_t
846
sexp_elements_extract_ecc (gcry_sexp_t key_sexp, const char *element_names,
847
gcry_mpi_t *elements, pk_extra_spec_t *extraspec)
850
gcry_err_code_t err = 0;
855
/* Clear the array for easier error cleanup. */
856
for (name = element_names, idx = 0; *name; name++, idx++)
857
elements[idx] = NULL;
858
gcry_assert (idx >= 6); /* We know that ECC has at least 6 elements. */
860
/* Init the array with the available curve parameters. */
861
for (name = element_names, idx = 0; *name && !err; name++, idx++)
863
list = gcry_sexp_find_token (key_sexp, name, 1);
865
elements[idx] = NULL;
868
elements[idx] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
869
gcry_sexp_release (list);
872
err = GPG_ERR_INV_OBJ;
878
/* Check whether a curve parameter has been given and then fill any
880
list = gcry_sexp_find_token (key_sexp, "curve", 5);
883
if (extraspec->get_param)
886
gcry_mpi_t params[6];
888
for (idx = 0; idx < DIM(params); idx++)
891
curve = _gcry_sexp_nth_string (list, 1);
892
gcry_sexp_release (list);
895
/* No curve name given (or out of core). */
896
err = GPG_ERR_INV_OBJ;
899
err = extraspec->get_param (curve, params);
904
for (idx = 0; idx < DIM(params); idx++)
907
elements[idx] = params[idx];
909
mpi_free (params[idx]);
914
gcry_sexp_release (list);
915
err = GPG_ERR_INV_OBJ; /* "curve" given but ECC not supported. */
920
/* Check that all parameters are known. */
921
for (name = element_names, idx = 0; *name; name++, idx++)
924
err = GPG_ERR_NO_OBJ;
931
for (name = element_names, idx = 0; *name; name++, idx++)
933
gcry_free (elements[idx]);
941
* Convert a S-Exp with either a private or a public key to our
942
* internal format. Currently we do only support the following
951
* Provide a SE with the first element be either "private-key" or
952
* or "public-key". It is followed by a list with its first element
953
* be one of the above algorithm identifiers and the remaning
954
* elements are pairs with parameter-id and value.
955
* NOTE: we look through the list to find a list beginning with
956
* "private-key" or "public-key" - the first one found is used.
958
* Returns: A pointer to an allocated array of MPIs if the return value is
959
* zero; the caller has to release this array.
961
* Example of a DSA public key:
970
* The <mpi> are expected to be in GCRYMPI_FMT_USG
972
static gcry_err_code_t
973
sexp_to_key (gcry_sexp_t sexp, int want_private, gcry_mpi_t **retarray,
974
gcry_module_t *retalgo)
976
gcry_err_code_t err = 0;
977
gcry_sexp_t list, l2;
981
gcry_module_t module;
982
gcry_pk_spec_t *pubkey;
983
pk_extra_spec_t *extraspec;
986
/* Check that the first element is valid. */
987
list = gcry_sexp_find_token (sexp,
988
want_private? "private-key":"public-key", 0);
990
return GPG_ERR_INV_OBJ; /* Does not contain a key object. */
992
l2 = gcry_sexp_cadr( list );
993
gcry_sexp_release ( list );
995
name = _gcry_sexp_nth_string (list, 0);
998
gcry_sexp_release ( list );
999
return GPG_ERR_INV_OBJ; /* Invalid structure of object. */
1002
ath_mutex_lock (&pubkeys_registered_lock);
1003
module = gcry_pk_lookup_name (name);
1004
ath_mutex_unlock (&pubkeys_registered_lock);
1006
/* Fixme: We should make sure that an ECC key is always named "ecc"
1007
and not "ecdsa". "ecdsa" should be used for the signature
1008
itself. We need a function to test whether an algorithm given
1009
with a key is compatible with an application of the key (signing,
1010
encryption). For RSA this is easy, but ECC is the first
1011
algorithm which has many flavours. */
1012
is_ecc = ( !strcmp (name, "ecdsa") || !strcmp (name, "ecc") );
1017
gcry_sexp_release (list);
1018
return GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
1022
pubkey = (gcry_pk_spec_t *) module->spec;
1023
extraspec = module->extraspec;
1026
elems = want_private ? pubkey->elements_skey : pubkey->elements_pkey;
1027
array = gcry_calloc (strlen (elems) + 1, sizeof (*array));
1029
err = gpg_err_code_from_errno (errno);
1033
err = sexp_elements_extract_ecc (list, elems, array, extraspec);
1035
err = sexp_elements_extract (list, elems, array, pubkey->name);
1038
gcry_sexp_release (list);
1044
ath_mutex_lock (&pubkeys_registered_lock);
1045
_gcry_module_release (module);
1046
ath_mutex_unlock (&pubkeys_registered_lock);
1058
static gcry_err_code_t
1059
sexp_to_sig (gcry_sexp_t sexp, gcry_mpi_t **retarray,
1060
gcry_module_t *retalgo)
1062
gcry_err_code_t err = 0;
1063
gcry_sexp_t list, l2;
1067
gcry_module_t module;
1068
gcry_pk_spec_t *pubkey;
1070
/* Check that the first element is valid. */
1071
list = gcry_sexp_find_token( sexp, "sig-val" , 0 );
1073
return GPG_ERR_INV_OBJ; /* Does not contain a signature value object. */
1075
l2 = gcry_sexp_nth (list, 1);
1078
gcry_sexp_release (list);
1079
return GPG_ERR_NO_OBJ; /* No cadr for the sig object. */
1081
name = _gcry_sexp_nth_string (l2, 0);
1084
gcry_sexp_release (list);
1085
gcry_sexp_release (l2);
1086
return GPG_ERR_INV_OBJ; /* Invalid structure of object. */
1088
else if (!strcmp (name, "flags"))
1090
/* Skip flags, since they are not used but here just for the
1091
sake of consistent S-expressions. */
1093
gcry_sexp_release (l2);
1094
l2 = gcry_sexp_nth (list, 2);
1097
gcry_sexp_release (list);
1098
return GPG_ERR_INV_OBJ;
1100
name = _gcry_sexp_nth_string (l2, 0);
1103
ath_mutex_lock (&pubkeys_registered_lock);
1104
module = gcry_pk_lookup_name (name);
1105
ath_mutex_unlock (&pubkeys_registered_lock);
1111
gcry_sexp_release (l2);
1112
gcry_sexp_release (list);
1113
return GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
1116
pubkey = (gcry_pk_spec_t *) module->spec;
1118
elems = pubkey->elements_sig;
1119
array = gcry_calloc (strlen (elems) + 1 , sizeof *array );
1121
err = gpg_err_code_from_errno (errno);
1124
err = sexp_elements_extract (list, elems, array, NULL);
1126
gcry_sexp_release (l2);
1127
gcry_sexp_release (list);
1131
ath_mutex_lock (&pubkeys_registered_lock);
1132
_gcry_module_release (module);
1133
ath_mutex_unlock (&pubkeys_registered_lock);
1148
* Take sexp and return an array of MPI as used for our internal decrypt
1153
* (<param_name1> <mpi>)
1155
* (<param_namen> <mpi>)
1157
* RET_MODERN is set to true when at least an empty flags list has been found.
1159
static gcry_err_code_t
1160
sexp_to_enc (gcry_sexp_t sexp, gcry_mpi_t **retarray, gcry_module_t *retalgo,
1161
int *ret_modern, int *ret_want_pkcs1, int *flags)
1163
gcry_err_code_t err = 0;
1164
gcry_sexp_t list = NULL, l2 = NULL;
1165
gcry_pk_spec_t *pubkey = NULL;
1166
gcry_module_t module = NULL;
1169
int parsed_flags = 0;
1171
gcry_mpi_t *array = NULL;
1173
*ret_want_pkcs1 = 0;
1176
/* Check that the first element is valid. */
1177
list = gcry_sexp_find_token (sexp, "enc-val" , 0);
1180
err = GPG_ERR_INV_OBJ; /* Does not contain an encrypted value object. */
1184
l2 = gcry_sexp_nth (list, 1);
1187
err = GPG_ERR_NO_OBJ; /* No cdr for the data object. */
1191
/* Extract identifier of sublist. */
1192
name = _gcry_sexp_nth_string (l2, 0);
1195
err = GPG_ERR_INV_OBJ; /* Invalid structure of object. */
1199
if (!strcmp (name, "flags"))
1201
/* There is a flags element - process it. */
1206
for (i = gcry_sexp_length (l2) - 1; i > 0; i--)
1208
s = gcry_sexp_nth_data (l2, i, &n);
1210
; /* Not a data element - ignore. */
1211
else if (n == 3 && !memcmp (s, "raw", 3))
1212
; /* This is just a dummy as it is the default. */
1213
else if (n == 5 && !memcmp (s, "pkcs1", 5))
1214
*ret_want_pkcs1 = 1;
1215
else if (n == 11 && ! memcmp (s, "no-blinding", 11))
1216
parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
1219
err = GPG_ERR_INV_FLAG;
1224
/* Get the next which has the actual data. */
1225
gcry_sexp_release (l2);
1226
l2 = gcry_sexp_nth (list, 2);
1229
err = GPG_ERR_NO_OBJ; /* No cdr for the data object. */
1233
/* Extract sublist identifier. */
1235
name = _gcry_sexp_nth_string (l2, 0);
1238
err = GPG_ERR_INV_OBJ; /* Invalid structure of object. */
1242
gcry_sexp_release (list);
1247
ath_mutex_lock (&pubkeys_registered_lock);
1248
module = gcry_pk_lookup_name (name);
1249
ath_mutex_unlock (&pubkeys_registered_lock);
1253
err = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
1256
pubkey = (gcry_pk_spec_t *) module->spec;
1258
elems = pubkey->elements_enc;
1259
array = gcry_calloc (strlen (elems) + 1, sizeof (*array));
1262
err = gpg_err_code_from_errno (errno);
1266
err = sexp_elements_extract (list, elems, array, NULL);
1269
gcry_sexp_release (list);
1270
gcry_sexp_release (l2);
1275
ath_mutex_lock (&pubkeys_registered_lock);
1276
_gcry_module_release (module);
1277
ath_mutex_unlock (&pubkeys_registered_lock);
1284
*flags = parsed_flags;
1290
/* Take the hash value and convert into an MPI, suitable for
1291
passing to the low level functions. We currently support the
1292
old style way of passing just a MPI and the modern interface which
1293
allows to pass flags so that we can choose between raw and pkcs1
1294
padding - may be more padding options later.
1300
[(hash <algo> <value>)]
1304
Either the VALUE or the HASH element must be present for use
1305
with signatures. VALUE is used for encryption.
1307
NBITS is the length of the key in bits.
1310
static gcry_err_code_t
1311
sexp_data_to_mpi (gcry_sexp_t input, unsigned int nbits, gcry_mpi_t *ret_mpi,
1312
int for_encryption, int *flags)
1314
gcry_err_code_t rc = 0;
1315
gcry_sexp_t ldata, lhash, lvalue;
1319
int is_raw = 0, is_pkcs1 = 0, unknown_flag=0;
1320
int parsed_flags = 0, dummy_flags;
1323
flags = &dummy_flags;
1326
ldata = gcry_sexp_find_token (input, "data", 0);
1328
{ /* assume old style */
1329
*ret_mpi = gcry_sexp_nth_mpi (input, 0, 0);
1330
return *ret_mpi ? GPG_ERR_NO_ERROR : GPG_ERR_INV_OBJ;
1333
/* see whether there is a flags object */
1335
gcry_sexp_t lflags = gcry_sexp_find_token (ldata, "flags", 0);
1337
{ /* parse the flags list. */
1338
for (i=gcry_sexp_length (lflags)-1; i > 0; i--)
1340
s = gcry_sexp_nth_data (lflags, i, &n);
1342
; /* not a data element*/
1343
else if ( n == 3 && !memcmp (s, "raw", 3))
1345
else if ( n == 5 && !memcmp (s, "pkcs1", 5))
1347
else if (n == 11 && ! memcmp (s, "no-blinding", 11))
1348
parsed_flags |= PUBKEY_FLAG_NO_BLINDING;
1352
gcry_sexp_release (lflags);
1356
if (!is_pkcs1 && !is_raw)
1357
is_raw = 1; /* default to raw */
1359
/* Get HASH or MPI */
1360
lhash = gcry_sexp_find_token (ldata, "hash", 0);
1361
lvalue = lhash? NULL : gcry_sexp_find_token (ldata, "value", 0);
1363
if (!(!lhash ^ !lvalue))
1364
rc = GPG_ERR_INV_OBJ; /* none or both given */
1365
else if (unknown_flag)
1366
rc = GPG_ERR_INV_FLAG;
1367
else if (is_raw && is_pkcs1 && !for_encryption)
1368
rc = GPG_ERR_CONFLICT;
1369
else if (is_raw && lvalue)
1371
*ret_mpi = gcry_sexp_nth_mpi (lvalue, 1, 0);
1373
rc = GPG_ERR_INV_OBJ;
1375
else if (is_pkcs1 && lvalue && for_encryption)
1377
/* Create pkcs#1 block type 2 padding. */
1378
unsigned char *frame = NULL;
1379
size_t nframe = (nbits+7) / 8;
1384
if ( !(value=gcry_sexp_nth_data (lvalue, 1, &valuelen)) || !valuelen )
1385
rc = GPG_ERR_INV_OBJ;
1386
else if (valuelen + 7 > nframe || !nframe)
1388
/* Can't encode a VALUELEN value in a NFRAME bytes frame. */
1389
rc = GPG_ERR_TOO_SHORT; /* the key is too short */
1391
else if ( !(frame = gcry_malloc_secure (nframe)))
1392
rc = gpg_err_code_from_errno (errno);
1397
frame[n++] = 2; /* block type */
1398
i = nframe - 3 - valuelen;
1399
gcry_assert (i > 0);
1400
p = gcry_random_bytes_secure (i, GCRY_STRONG_RANDOM);
1401
/* Replace zero bytes by new values. */
1407
/* Count the zero bytes. */
1408
for (j=k=0; j < i; j++)
1414
break; /* Okay: no (more) zero bytes. */
1416
k += k/128 + 3; /* Better get some more. */
1417
pp = gcry_random_bytes_secure (k, GCRY_STRONG_RANDOM);
1418
for (j=0; j < i && k; )
1427
memcpy (frame+n, p, i);
1432
memcpy (frame+n, value, valuelen);
1434
gcry_assert (n == nframe);
1436
/* FIXME, error checking? */
1437
gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);
1442
else if (is_pkcs1 && lhash && !for_encryption)
1444
/* Create pkcs#1 block type 1 padding. */
1445
if (gcry_sexp_length (lhash) != 3)
1446
rc = GPG_ERR_INV_OBJ;
1447
else if ( !(s=gcry_sexp_nth_data (lhash, 1, &n)) || !n )
1448
rc = GPG_ERR_INV_OBJ;
1451
static struct { const char *name; int algo; } hashnames[] =
1452
{ { "sha1", GCRY_MD_SHA1 },
1453
{ "md5", GCRY_MD_MD5 },
1454
{ "sha256", GCRY_MD_SHA256 },
1455
{ "ripemd160", GCRY_MD_RMD160 },
1456
{ "rmd160", GCRY_MD_RMD160 },
1457
{ "sha384", GCRY_MD_SHA384 },
1458
{ "sha512", GCRY_MD_SHA512 },
1459
{ "sha224", GCRY_MD_SHA224 },
1460
{ "md2", GCRY_MD_MD2 },
1461
{ "md4", GCRY_MD_MD4 },
1462
{ "tiger", GCRY_MD_TIGER },
1463
{ "haval", GCRY_MD_HAVAL },
1469
size_t nframe = (nbits+7) / 8;
1472
size_t asnlen, dlen;
1474
for (i=0; hashnames[i].name; i++)
1476
if ( strlen (hashnames[i].name) == n
1477
&& !memcmp (hashnames[i].name, s, n))
1480
if (hashnames[i].name)
1481
algo = hashnames[i].algo;
1484
/* In case of not listed or dynamically allocated hash
1485
algorithm we fall back to this somewhat slower
1486
method. Further, it also allows to use OIDs as
1490
tmpname = gcry_malloc (n+1);
1492
algo = 0; /* Out of core - silently give up. */
1495
memcpy (tmpname, s, n);
1497
algo = gcry_md_map_name (tmpname);
1498
gcry_free (tmpname);
1503
dlen = gcry_md_get_algo_dlen (algo);
1506
rc = GPG_ERR_DIGEST_ALGO;
1507
else if ( !(value=gcry_sexp_nth_data (lhash, 2, &valuelen))
1509
rc = GPG_ERR_INV_OBJ;
1510
else if (gcry_md_algo_info (algo, GCRYCTL_GET_ASNOID, asn, &asnlen))
1512
/* We don't have yet all of the above algorithms. */
1513
rc = GPG_ERR_NOT_IMPLEMENTED;
1515
else if ( valuelen != dlen )
1517
/* Hash value does not match the length of digest for
1518
the given algorithm. */
1519
rc = GPG_ERR_CONFLICT;
1521
else if( !dlen || dlen + asnlen + 4 > nframe)
1523
/* Can't encode an DLEN byte digest MD into a NFRAME
1525
rc = GPG_ERR_TOO_SHORT;
1527
else if ( !(frame = gcry_malloc (nframe)) )
1528
rc = gpg_err_code_from_errno (errno);
1530
{ /* Assemble the pkcs#1 block type 1. */
1533
frame[n++] = 1; /* block type */
1534
i = nframe - valuelen - asnlen - 3 ;
1535
gcry_assert (i > 1);
1536
memset (frame+n, 0xff, i );
1539
memcpy (frame+n, asn, asnlen);
1541
memcpy (frame+n, value, valuelen );
1543
gcry_assert (n == nframe);
1545
/* Convert it into an MPI. FIXME: error checking? */
1546
gcry_mpi_scan (ret_mpi, GCRYMPI_FMT_USG, frame, n, &nframe);
1553
rc = GPG_ERR_CONFLICT;
1555
gcry_sexp_release (ldata);
1556
gcry_sexp_release (lhash);
1557
gcry_sexp_release (lvalue);
1560
*flags = parsed_flags;
1567
Do a PK encrypt operation
1569
Caller has to provide a public key as the SEXP pkey and data as a
1570
SEXP with just one MPI in it. Alternativly S_DATA might be a
1571
complex S-Expression, similar to the one used for signature
1572
verification. This provides a flag which allows to handle PKCS#1
1573
block type 2 padding. The function returns a a sexp which may be
1574
passed to to pk_decrypt.
1576
Returns: 0 or an errorcode.
1578
s_data = See comment for sexp_data_to_mpi
1579
s_pkey = <key-as-defined-in-sexp_to_key>
1582
(<param_name1> <mpi>)
1584
(<param_namen> <mpi>)
1589
gcry_pk_encrypt (gcry_sexp_t *r_ciph, gcry_sexp_t s_data, gcry_sexp_t s_pkey)
1591
gcry_mpi_t *pkey = NULL, data = NULL, *ciph = NULL;
1592
const char *algo_name, *algo_elems;
1595
gcry_pk_spec_t *pubkey = NULL;
1596
gcry_module_t module = NULL;
1600
REGISTER_DEFAULT_PUBKEYS;
1603
rc = sexp_to_key (s_pkey, 0, &pkey, &module);
1607
gcry_assert (module);
1608
pubkey = (gcry_pk_spec_t *) module->spec;
1610
/* If aliases for the algorithm name exists, take the first one
1611
instead of the regular name to adhere to SPKI conventions. We
1612
assume that the first alias name is the lowercase version of the
1613
regular one. This change is required for compatibility with
1614
1.1.12 generated S-expressions. */
1615
algo_name = pubkey->aliases? *pubkey->aliases : NULL;
1616
if (!algo_name || !*algo_name)
1617
algo_name = pubkey->name;
1619
algo_elems = pubkey->elements_enc;
1621
/* Get the stuff we want to encrypt. */
1622
rc = sexp_data_to_mpi (s_data, gcry_pk_get_nbits (s_pkey), &data, 1,
1627
/* Now we can encrypt DATA to CIPH. */
1628
ciph = gcry_calloc (strlen (algo_elems) + 1, sizeof (*ciph));
1631
rc = gpg_err_code_from_errno (errno);
1634
rc = pubkey_encrypt (module->mod_id, ciph, data, pkey, flags);
1640
/* We did it. Now build the return list */
1644
size_t nelem = strlen (algo_elems);
1645
size_t needed = 19 + strlen (algo_name) + (nelem * 5);
1648
/* Build the string. */
1649
string = p = gcry_malloc (needed);
1652
rc = gpg_err_code_from_errno (errno);
1655
p = stpcpy ( p, "(enc-val(" );
1656
p = stpcpy ( p, algo_name );
1657
for (i=0; algo_elems[i]; i++ )
1660
*p++ = algo_elems[i];
1661
p = stpcpy ( p, "%m)" );
1665
/* And now the ugly part: We don't have a function to pass an
1666
* array to a format string, so we have to do it this way :-(. */
1667
/* FIXME: There is now such a format specifier, so we can
1668
change the code to be more clear. */
1669
arg_list = malloc (nelem * sizeof *arg_list);
1672
rc = gpg_err_code_from_errno (errno);
1676
for (i = 0; i < nelem; i++)
1677
arg_list[i] = ciph + i;
1679
rc = gcry_sexp_build_array (r_ciph, NULL, string, arg_list);
1689
release_mpi_array (pkey);
1695
release_mpi_array (ciph);
1701
ath_mutex_lock (&pubkeys_registered_lock);
1702
_gcry_module_release (module);
1703
ath_mutex_unlock (&pubkeys_registered_lock);
1706
return gcry_error (rc);
1710
Do a PK decrypt operation
1712
Caller has to provide a secret key as the SEXP skey and data in a
1713
format as created by gcry_pk_encrypt. For historic reasons the
1714
function returns simply an MPI as an S-expression part; this is
1715
deprecated and the new method should be used which returns a real
1716
S-expressionl this is selected by adding at least an empty flags
1719
Returns: 0 or an errorcode.
1724
(<param_name1> <mpi>)
1726
(<param_namen> <mpi>)
1728
s_skey = <key-as-defined-in-sexp_to_key>
1729
r_plain= Either an incomplete S-expression without the parentheses
1730
or if the flags list is used (even if empty) a real S-expression:
1734
gcry_pk_decrypt (gcry_sexp_t *r_plain, gcry_sexp_t s_data, gcry_sexp_t s_skey)
1736
gcry_mpi_t *skey = NULL, *data = NULL, plain = NULL;
1737
int modern, want_pkcs1, flags;
1739
gcry_module_t module_enc = NULL, module_key = NULL;
1740
gcry_pk_spec_t *pubkey = NULL;
1744
REGISTER_DEFAULT_PUBKEYS;
1746
rc = sexp_to_key (s_skey, 1, &skey, &module_key);
1750
rc = sexp_to_enc (s_data, &data, &module_enc, &modern, &want_pkcs1, &flags);
1754
if (module_key->mod_id != module_enc->mod_id)
1756
rc = GPG_ERR_CONFLICT; /* Key algo does not match data algo. */
1760
pubkey = (gcry_pk_spec_t *) module_key->spec;
1762
rc = pubkey_decrypt (module_key->mod_id, &plain, data, skey, flags);
1766
if (gcry_sexp_build (r_plain, NULL, modern? "(value %m)" : "%m", plain))
1772
release_mpi_array (skey);
1781
release_mpi_array (data);
1785
if (module_key || module_enc)
1787
ath_mutex_lock (&pubkeys_registered_lock);
1789
_gcry_module_release (module_key);
1791
_gcry_module_release (module_enc);
1792
ath_mutex_unlock (&pubkeys_registered_lock);
1795
return gcry_error (rc);
1803
Caller has to provide a secret key as the SEXP skey and data
1804
expressed as a SEXP list hash with only one element which should
1805
instantly be available as a MPI. Alternatively the structure given
1806
below may be used for S_HASH, it provides the abiliy to pass flags
1807
to the operation; the only flag defined by now is "pkcs1" which
1808
does PKCS#1 block type 1 style padding.
1810
Returns: 0 or an errorcode.
1811
In case of 0 the function returns a new SEXP with the
1812
signature value; the structure of this signature depends on the
1813
other arguments but is always suitable to be passed to
1816
s_hash = See comment for sexp_data_to_mpi
1818
s_skey = <key-as-defined-in-sexp_to_key>
1821
(<param_name1> <mpi>)
1823
(<param_namen> <mpi>))
1826
Note that (hash algo) in R_SIG is not used.
1829
gcry_pk_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_hash, gcry_sexp_t s_skey)
1831
gcry_mpi_t *skey = NULL, hash = NULL, *result = NULL;
1832
gcry_pk_spec_t *pubkey = NULL;
1833
gcry_module_t module = NULL;
1834
const char *algo_name, *algo_elems;
1840
REGISTER_DEFAULT_PUBKEYS;
1842
rc = sexp_to_key (s_skey, 1, &skey, &module);
1846
gcry_assert (module);
1847
pubkey = (gcry_pk_spec_t *) module->spec;
1848
algo_name = pubkey->aliases? *pubkey->aliases : NULL;
1849
if (!algo_name || !*algo_name)
1850
algo_name = pubkey->name;
1852
algo_elems = pubkey->elements_sig;
1854
/* Get the stuff we want to sign. Note that pk_get_nbits does also
1855
work on a private key. */
1856
rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_skey),
1861
result = gcry_calloc (strlen (algo_elems) + 1, sizeof (*result));
1864
rc = gpg_err_code_from_errno (errno);
1867
rc = pubkey_sign (module->mod_id, result, hash, skey);
1873
size_t nelem, needed = strlen (algo_name) + 20;
1876
nelem = strlen (algo_elems);
1878
/* Count elements, so that we can allocate enough space. */
1879
needed += 10 * nelem;
1881
/* Build the string. */
1882
string = p = gcry_malloc (needed);
1885
rc = gpg_err_code_from_errno (errno);
1888
p = stpcpy (p, "(sig-val(");
1889
p = stpcpy (p, algo_name);
1890
for (i = 0; algo_elems[i]; i++)
1893
*p++ = algo_elems[i];
1894
p = stpcpy (p, "%m)");
1898
arg_list = malloc (nelem * sizeof *arg_list);
1901
rc = gpg_err_code_from_errno (errno);
1905
for (i = 0; i < nelem; i++)
1906
arg_list[i] = result + i;
1908
rc = gcry_sexp_build_array (r_sig, NULL, string, arg_list);
1918
release_mpi_array (skey);
1927
release_mpi_array (result);
1931
return gcry_error (rc);
1938
Caller has to supply the public key pkey, the signature sig and his
1939
hashvalue data. Public key has to be a standard public key given
1940
as an S-Exp, sig is a S-Exp as returned from gcry_pk_sign and data
1941
must be an S-Exp like the one in sign too. */
1943
gcry_pk_verify (gcry_sexp_t s_sig, gcry_sexp_t s_hash, gcry_sexp_t s_pkey)
1945
gcry_module_t module_key = NULL, module_sig = NULL;
1946
gcry_mpi_t *pkey = NULL, hash = NULL, *sig = NULL;
1949
REGISTER_DEFAULT_PUBKEYS;
1951
rc = sexp_to_key (s_pkey, 0, &pkey, &module_key);
1955
rc = sexp_to_sig (s_sig, &sig, &module_sig);
1959
/* Fixme: Check that the algorithm of S_SIG is compatible to the one
1962
if (module_key->mod_id != module_sig->mod_id)
1964
rc = GPG_ERR_CONFLICT;
1968
rc = sexp_data_to_mpi (s_hash, gcry_pk_get_nbits (s_pkey), &hash, 0, 0);
1972
rc = pubkey_verify (module_key->mod_id, hash, sig, pkey, NULL, NULL);
1977
release_mpi_array (pkey);
1982
release_mpi_array (sig);
1988
if (module_key || module_sig)
1990
ath_mutex_lock (&pubkeys_registered_lock);
1992
_gcry_module_release (module_key);
1994
_gcry_module_release (module_sig);
1995
ath_mutex_unlock (&pubkeys_registered_lock);
1998
return gcry_error (rc);
2005
This may be used either for a public or a secret key to see whether
2006
the internal structure is okay.
2008
Returns: 0 or an errorcode.
2010
s_key = <key-as-defined-in-sexp_to_key> */
2012
gcry_pk_testkey (gcry_sexp_t s_key)
2014
gcry_module_t module = NULL;
2015
gcry_mpi_t *key = NULL;
2018
REGISTER_DEFAULT_PUBKEYS;
2020
/* Note we currently support only secret key checking. */
2021
rc = sexp_to_key (s_key, 1, &key, &module);
2024
rc = pubkey_check_secret_key (module->mod_id, key);
2025
release_mpi_array (key);
2028
return gcry_error (rc);
2033
Create a public key pair and return it in r_key.
2034
How the key is created depends on s_parms:
2037
(parameter_name_1 ....)
2039
(parameter_name_n ....)
2041
The key is returned in a format depending on the
2042
algorithm. Both, private and secret keys are returned
2043
and optionally some additional informatin.
2044
For elgamal we return this structure:
2062
(pm1-factors n1 n2 ... nn)
2066
gcry_pk_genkey (gcry_sexp_t *r_key, gcry_sexp_t s_parms)
2068
gcry_pk_spec_t *pubkey = NULL;
2069
gcry_module_t module = NULL;
2070
gcry_sexp_t list = NULL;
2071
gcry_sexp_t l2 = NULL;
2072
gcry_sexp_t l3 = NULL;
2075
gcry_err_code_t rc = GPG_ERR_NO_ERROR;
2077
const char *algo_name = NULL;
2079
const char *sec_elems = NULL, *pub_elems = NULL;
2080
gcry_mpi_t skey[12];
2081
gcry_mpi_t *factors = NULL;
2082
gcry_sexp_t extrainfo = NULL;
2083
unsigned int nbits = 0;
2084
unsigned long use_e = 0;
2089
REGISTER_DEFAULT_PUBKEYS;
2091
list = gcry_sexp_find_token (s_parms, "genkey", 0);
2094
rc = GPG_ERR_INV_OBJ; /* Does not contain genkey data. */
2098
l2 = gcry_sexp_cadr (list);
2099
gcry_sexp_release (list);
2104
rc = GPG_ERR_NO_OBJ; /* No cdr for the genkey. */
2108
name = _gcry_sexp_nth_string (list, 0);
2111
rc = GPG_ERR_INV_OBJ; /* Algo string missing. */
2115
ath_mutex_lock (&pubkeys_registered_lock);
2116
module = gcry_pk_lookup_name (name);
2117
ath_mutex_unlock (&pubkeys_registered_lock);
2122
rc = GPG_ERR_PUBKEY_ALGO; /* Unknown algorithm. */
2126
pubkey = (gcry_pk_spec_t *) module->spec;
2127
algo = module->mod_id;
2128
algo_name = pubkey->aliases? *pubkey->aliases : NULL;
2129
if (!algo_name || !*algo_name)
2130
algo_name = pubkey->name;
2131
pub_elems = pubkey->elements_pkey;
2132
sec_elems = pubkey->elements_skey;
2133
if (strlen (sec_elems) >= DIM(skey))
2136
/* Handle the optional rsa-use-e element. Actually this belong into
2137
the algorithm module but we have this parameter in the public
2138
module API, so we need to parse it right here. */
2139
l2 = gcry_sexp_find_token (list, "rsa-use-e", 0);
2145
s = gcry_sexp_nth_data (l2, 1, &n);
2146
if ( !s || n >= DIM (buf) - 1 )
2148
rc = GPG_ERR_INV_OBJ; /* No value or value too large. */
2153
use_e = strtoul (buf, NULL, 0);
2154
gcry_sexp_release (l2);
2158
use_e = 65537; /* Not given, use the value generated by old versions. */
2161
/* Get the "nbits" parameter. */
2162
l2 = gcry_sexp_find_token (list, "nbits", 0);
2168
s = gcry_sexp_nth_data (l2, 1, &n);
2169
if (!s || n >= DIM (buf) - 1 )
2171
rc = GPG_ERR_INV_OBJ; /* NBITS given without a cdr. */
2176
nbits = (unsigned int)strtoul (buf, NULL, 0);
2177
gcry_sexp_release (l2); l2 = NULL;
2182
/* Pass control to the algorithm module. */
2183
rc = pubkey_generate (module->mod_id, nbits, use_e, list, skey,
2184
&factors, &extrainfo);
2185
gcry_sexp_release (list); list = NULL;
2189
/* Key generation succeeded: Build an S-expression. */
2192
size_t nelem=0, nelem_cp = 0, needed=0;
2193
gcry_mpi_t mpis[30];
2195
/* Estimate size of format string. */
2196
nelem = strlen (pub_elems) + strlen (sec_elems);
2199
for (i = 0; factors[i]; i++)
2204
needed += nelem * 10;
2205
/* (+5 is for EXTRAINFO ("%S")). */
2206
needed += 2 * strlen (algo_name) + 300 + 5;
2207
if (nelem > DIM (mpis))
2210
/* Build the string. */
2212
string = p = gcry_malloc (needed);
2215
rc = gpg_err_code_from_errno (errno);
2218
p = stpcpy (p, "(key-data");
2219
p = stpcpy (p, "(public-key(");
2220
p = stpcpy (p, algo_name);
2221
for(i = 0; pub_elems[i]; i++)
2224
*p++ = pub_elems[i];
2225
p = stpcpy (p, "%m)");
2226
mpis[nelem++] = skey[i];
2228
p = stpcpy (p, "))");
2229
p = stpcpy (p, "(private-key(");
2230
p = stpcpy (p, algo_name);
2231
for (i = 0; sec_elems[i]; i++)
2234
*p++ = sec_elems[i];
2235
p = stpcpy (p, "%m)");
2236
mpis[nelem++] = skey[i];
2238
p = stpcpy (p, "))");
2240
/* Hack to make release_mpi_array() work. */
2245
/* If we have extrainfo we should not have any factors. */
2246
p = stpcpy (p, "%S");
2248
else if (factors && factors[0])
2250
p = stpcpy (p, "(misc-key-info(pm1-factors");
2251
for(i = 0; factors[i]; i++)
2253
p = stpcpy (p, "%m");
2254
mpis[nelem++] = factors[i];
2256
p = stpcpy (p, "))");
2259
gcry_assert (p - string < needed);
2261
while (nelem < DIM (mpis))
2262
mpis[nelem++] = NULL;
2265
int elem_n = strlen (pub_elems) + strlen (sec_elems);
2268
/* Allocate one extra for EXTRAINFO ("%S"). */
2269
arg_list = gcry_calloc (nelem_cp+1, sizeof *arg_list);
2272
rc = gpg_err_code_from_errno (errno);
2275
for (i = 0; i < elem_n; i++)
2276
arg_list[i] = mpis + i;
2278
arg_list[i] = &extrainfo;
2279
else if (factors && factors[0])
2281
for (; i < nelem_cp; i++)
2282
arg_list[i] = factors + i - elem_n;
2285
rc = gcry_sexp_build_array (r_key, NULL, string, arg_list);
2286
gcry_free (arg_list);
2289
gcry_assert (DIM (mpis) == 30); /* Reminder to make sure that
2290
the array gets increased if
2291
new parameters are added. */
2298
gcry_sexp_release (extrainfo);
2299
release_mpi_array (skey);
2300
/* Don't free SKEY itself, it is an stack allocated array. */
2304
release_mpi_array ( factors );
2305
gcry_free (factors);
2308
gcry_sexp_release (l3);
2309
gcry_sexp_release (l2);
2310
gcry_sexp_release (list);
2314
ath_mutex_lock (&pubkeys_registered_lock);
2315
_gcry_module_release (module);
2316
ath_mutex_unlock (&pubkeys_registered_lock);
2319
return gcry_error (rc);
2324
Get the number of nbits from the public key.
2326
Hmmm: Should we have really this function or is it better to have a
2327
more general function to retrieve different properties of the key? */
2329
gcry_pk_get_nbits (gcry_sexp_t key)
2331
gcry_module_t module = NULL;
2332
gcry_pk_spec_t *pubkey;
2333
gcry_mpi_t *keyarr = NULL;
2334
unsigned int nbits = 0;
2337
REGISTER_DEFAULT_PUBKEYS;
2339
rc = sexp_to_key (key, 0, &keyarr, &module);
2340
if (rc == GPG_ERR_INV_OBJ)
2341
rc = sexp_to_key (key, 1, &keyarr, &module);
2343
return 0; /* Error - 0 is a suitable indication for that. */
2345
pubkey = (gcry_pk_spec_t *) module->spec;
2346
nbits = (*pubkey->get_nbits) (module->mod_id, keyarr);
2348
ath_mutex_lock (&pubkeys_registered_lock);
2349
_gcry_module_release (module);
2350
ath_mutex_unlock (&pubkeys_registered_lock);
2352
release_mpi_array (keyarr);
2359
/* Return the so called KEYGRIP which is the SHA-1 hash of the public
2360
key parameters expressed in a way depended on the algorithm.
2362
ARRAY must either be 20 bytes long or NULL; in the latter case a
2363
newly allocated array of that size is returned, otherwise ARRAY or
2364
NULL is returned to indicate an error which is most likely an
2365
unknown algorithm. The function accepts public or secret keys. */
2367
gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)
2369
gcry_sexp_t list = NULL, l2 = NULL;
2370
gcry_pk_spec_t *pubkey = NULL;
2371
gcry_module_t module = NULL;
2372
pk_extra_spec_t *extraspec;
2377
gcry_md_hd_t md = NULL;
2379
REGISTER_DEFAULT_PUBKEYS;
2381
/* Check that the first element is valid. */
2382
list = gcry_sexp_find_token (key, "public-key", 0);
2384
list = gcry_sexp_find_token (key, "private-key", 0);
2386
list = gcry_sexp_find_token (key, "protected-private-key", 0);
2388
list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
2390
return NULL; /* No public- or private-key object. */
2392
l2 = gcry_sexp_cadr (list);
2393
gcry_sexp_release (list);
2397
name = _gcry_sexp_nth_string (list, 0);
2399
goto fail; /* Invalid structure of object. */
2401
ath_mutex_lock (&pubkeys_registered_lock);
2402
module = gcry_pk_lookup_name (name);
2403
ath_mutex_unlock (&pubkeys_registered_lock);
2406
goto fail; /* Unknown algorithm. */
2408
pubkey = (gcry_pk_spec_t *) module->spec;
2409
extraspec = module->extraspec;
2411
elems = pubkey->elements_grip;
2413
goto fail; /* No grip parameter. */
2415
if (gcry_md_open (&md, GCRY_MD_SHA1, 0))
2418
if (extraspec && extraspec->comp_keygrip)
2420
/* Module specific method to compute a keygrip. */
2421
if (extraspec->comp_keygrip (md, list))
2426
/* Generic method to compute a keygrip. */
2427
for (idx = 0, s = elems; *s; s++, idx++)
2433
l2 = gcry_sexp_find_token (list, s, 1);
2436
data = gcry_sexp_nth_data (l2, 1, &datalen);
2440
snprintf (buf, sizeof buf, "(1:%c%u:", *s, (unsigned int)datalen);
2441
gcry_md_write (md, buf, strlen (buf));
2442
gcry_md_write (md, data, datalen);
2443
gcry_sexp_release (l2);
2444
gcry_md_write (md, ")", 1);
2450
array = gcry_malloc (20);
2455
memcpy (array, gcry_md_read (md, GCRY_MD_SHA1), 20);
2457
gcry_sexp_release (list);
2462
gcry_sexp_release (l2);
2464
gcry_sexp_release (list);
2470
gcry_pk_ctl (int cmd, void *buffer, size_t buflen)
2472
gcry_err_code_t err = GPG_ERR_NO_ERROR;
2474
REGISTER_DEFAULT_PUBKEYS;
2478
case GCRYCTL_DISABLE_ALGO:
2479
/* This one expects a buffer pointing to an integer with the
2481
if ((! buffer) || (buflen != sizeof (int)))
2482
err = GPG_ERR_INV_ARG;
2484
disable_pubkey_algo (*((int *) buffer));
2488
err = GPG_ERR_INV_OP;
2491
return gcry_error (err);
2495
/* Return information about the given algorithm
2497
WHAT selects the kind of information returned:
2500
Returns 0 when the specified algorithm is available for use.
2501
Buffer must be NULL, nbytes may have the address of a variable
2502
with the required usage of the algorithm. It may be 0 for don't
2503
care or a combination of the GCRY_PK_USAGE_xxx flags;
2505
GCRYCTL_GET_ALGO_USAGE:
2506
Return the usage glafs for the give algo. An invalid alog
2507
does return 0. Disabled algos are ignored here becuase we
2508
only want to know whether the algo is at all capable of
2511
Note: Because this function is in most cases used to return an
2512
integer value, we can make it easier for the caller to just look at
2513
the return value. The caller will in all cases consult the value
2514
and thereby detecting whether a error occured or not (i.e. while
2515
checking the block size) */
2517
gcry_pk_algo_info (int algorithm, int what, void *buffer, size_t *nbytes)
2519
gcry_err_code_t err = GPG_ERR_NO_ERROR;
2523
case GCRYCTL_TEST_ALGO:
2525
int use = nbytes ? *nbytes : 0;
2527
err = GPG_ERR_INV_ARG;
2528
else if (check_pubkey_algo (algorithm, use))
2529
err = GPG_ERR_PUBKEY_ALGO;
2533
case GCRYCTL_GET_ALGO_USAGE:
2535
gcry_module_t pubkey;
2538
REGISTER_DEFAULT_PUBKEYS;
2540
ath_mutex_lock (&pubkeys_registered_lock);
2541
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
2544
use = ((gcry_pk_spec_t *) pubkey->spec)->use;
2545
_gcry_module_release (pubkey);
2547
ath_mutex_unlock (&pubkeys_registered_lock);
2555
case GCRYCTL_GET_ALGO_NPKEY:
2558
int npkey = pubkey_get_npkey (algorithm);
2562
case GCRYCTL_GET_ALGO_NSKEY:
2565
int nskey = pubkey_get_nskey (algorithm);
2569
case GCRYCTL_GET_ALGO_NSIGN:
2572
int nsign = pubkey_get_nsig (algorithm);
2576
case GCRYCTL_GET_ALGO_NENCR:
2579
int nencr = pubkey_get_nenc (algorithm);
2585
err = GPG_ERR_INV_OP;
2588
return gcry_error (err);
2592
/* Explicitly initialize this module. */
2594
_gcry_pk_init (void)
2596
gcry_err_code_t err = GPG_ERR_NO_ERROR;
2598
REGISTER_DEFAULT_PUBKEYS;
2605
_gcry_pk_module_lookup (int algorithm, gcry_module_t *module)
2607
gcry_err_code_t err = GPG_ERR_NO_ERROR;
2608
gcry_module_t pubkey;
2610
REGISTER_DEFAULT_PUBKEYS;
2612
ath_mutex_lock (&pubkeys_registered_lock);
2613
pubkey = _gcry_module_lookup_id (pubkeys_registered, algorithm);
2617
err = GPG_ERR_PUBKEY_ALGO;
2618
ath_mutex_unlock (&pubkeys_registered_lock);
2625
_gcry_pk_module_release (gcry_module_t module)
2627
ath_mutex_lock (&pubkeys_registered_lock);
2628
_gcry_module_release (module);
2629
ath_mutex_unlock (&pubkeys_registered_lock);
2632
/* Get a list consisting of the IDs of the loaded pubkey modules. If
2633
LIST is zero, write the number of loaded pubkey modules to
2634
LIST_LENGTH and return. If LIST is non-zero, the first
2635
*LIST_LENGTH algorithm IDs are stored in LIST, which must be of
2636
according size. In case there are less pubkey modules than
2637
*LIST_LENGTH, *LIST_LENGTH is updated to the correct number. */
2639
gcry_pk_list (int *list, int *list_length)
2641
gcry_err_code_t err = GPG_ERR_NO_ERROR;
2643
ath_mutex_lock (&pubkeys_registered_lock);
2644
err = _gcry_module_list (pubkeys_registered, list, list_length);
2645
ath_mutex_unlock (&pubkeys_registered_lock);
2651
/* Run the selftests for pubkey algorithm ALGO with optional reporting
2654
_gcry_pk_selftest (int algo, int extended, selftest_report_func_t report)
2656
gcry_module_t module = NULL;
2657
pk_extra_spec_t *extraspec = NULL;
2658
gcry_err_code_t ec = 0;
2660
REGISTER_DEFAULT_PUBKEYS;
2662
ath_mutex_lock (&pubkeys_registered_lock);
2663
module = _gcry_module_lookup_id (pubkeys_registered, algo);
2664
if (module && !(module->flags & FLAG_MODULE_DISABLED))
2665
extraspec = module->extraspec;
2666
ath_mutex_unlock (&pubkeys_registered_lock);
2667
if (extraspec && extraspec->selftest)
2668
ec = extraspec->selftest (algo, extended, report);
2671
ec = GPG_ERR_PUBKEY_ALGO;
2673
report ("pubkey", algo, "module",
2674
module && !(module->flags & FLAG_MODULE_DISABLED)?
2675
"no selftest available" :
2676
module? "algorithm disabled" : "algorithm not found");
2681
ath_mutex_lock (&pubkeys_registered_lock);
2682
_gcry_module_release (module);
2683
ath_mutex_unlock (&pubkeys_registered_lock);
2685
return gpg_error (ec);
2689
/* This function is only used by ac.c! */
2691
_gcry_pk_get_elements (int algo, char **enc, char **sig)
2693
gcry_module_t pubkey;
2694
gcry_pk_spec_t *spec;
2695
gcry_err_code_t err;
2699
REGISTER_DEFAULT_PUBKEYS;
2705
pubkey = _gcry_module_lookup_id (pubkeys_registered, algo);
2708
err = GPG_ERR_INTERNAL;
2711
spec = pubkey->spec;
2715
enc_cp = strdup (spec->elements_enc);
2718
err = gpg_err_code_from_errno (errno);
2725
sig_cp = strdup (spec->elements_sig);
2728
err = gpg_err_code_from_errno (errno);
2741
_gcry_module_release (pubkey);
added
removed
grub-core/lib/libgcrypt/cipher/pubkey.c
