1
/* ac.c - Alternative interface for asymmetric cryptography.
2
Copyright (C) 2003, 2004, 2005, 2006
3
2007, 2008 Free Software Foundation, Inc.
5
This file is part of Libgcrypt.
7
Libgcrypt is free software; you can redistribute it and/or modify
8
it under the terms of the GNU Lesser general Public License as
9
published by the Free Software Foundation; either version 2.1 of
10
the License, or (at your option) any later version.
12
Libgcrypt is distributed in the hope that it will be useful,
13
but WITHOUT ANY WARRANTY; without even the implied warranty of
14
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
GNU Lesser General Public License for more details.
17
You should have received a copy of the GNU Lesser General Public
18
License along with this program; if not, see <http://www.gnu.org/licenses/>.
34
/* At the moment the ac interface is a wrapper around the pk
35
interface, but this might change somewhen in the future, depending
36
on how many people prefer the ac interface. */
38
/* Mapping of flag numbers to the according strings as it is expected
40
static struct number_string
46
{ GCRY_AC_FLAG_NO_BLINDING, "no-blinding" },
49
/* The positions in this list correspond to the values contained in
50
the gcry_ac_key_type_t enumeration list. */
51
static const char *ac_key_identifiers[] =
57
/* These specifications are needed for key-pair generation; the caller
58
is allowed to pass additional, algorithm-specific `specs' to
59
gcry_ac_key_pair_generate. This list is used for decoding the
60
provided values according to the selected algorithm. */
61
struct gcry_ac_key_generate_spec
63
int algorithm; /* Algorithm for which this flag is
65
const char *name; /* Name of this flag. */
66
size_t offset; /* Offset in the cipher-specific spec
67
structure at which the MPI value
68
associated with this flag is to be
70
} ac_key_generate_specs[] =
72
{ GCRY_AC_RSA, "rsa-use-e", offsetof (gcry_ac_key_spec_rsa_t, e) },
76
/* Handle structure. */
79
int algorithm; /* Algorithm ID associated with this
81
const char *algorithm_name; /* Name of the algorithm. */
82
unsigned int flags; /* Flags, not used yet. */
83
gcry_module_t module; /* Reference to the algorithm
87
/* A named MPI value. */
88
typedef struct gcry_ac_mpi
90
char *name; /* Self-maintained copy of name. */
91
gcry_mpi_t mpi; /* MPI value. */
92
unsigned int flags; /* Flags. */
95
/* A data set, that is simply a list of named MPI values. */
98
gcry_ac_mpi_t *data; /* List of named values. */
99
unsigned int data_n; /* Number of values in DATA. */
105
gcry_ac_data_t data; /* Data in native ac structure. */
106
gcry_ac_key_type_t type; /* Type of the key. */
110
struct gcry_ac_key_pair
112
gcry_ac_key_t public;
113
gcry_ac_key_t secret;
119
* Functions for working with data sets.
122
/* Creates a new, empty data set and store it in DATA. */
124
_gcry_ac_data_new (gcry_ac_data_t *data)
126
gcry_ac_data_t data_new;
130
return gpg_error (GPG_ERR_NOT_SUPPORTED);
132
data_new = gcry_malloc (sizeof (*data_new));
135
err = gcry_error_from_errno (errno);
139
data_new->data = NULL;
140
data_new->data_n = 0;
149
/* Destroys all the entries in DATA, but not DATA itself. */
151
ac_data_values_destroy (gcry_ac_data_t data)
155
for (i = 0; i < data->data_n; i++)
156
if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC)
158
gcry_mpi_release (data->data[i].mpi);
159
gcry_free (data->data[i].name);
163
/* Destroys the data set DATA. */
165
_gcry_ac_data_destroy (gcry_ac_data_t data)
169
ac_data_values_destroy (data);
170
gcry_free (data->data);
175
/* This function creates a copy of the array of named MPIs DATA_MPIS,
176
which is of length DATA_MPIS_N; the copy is stored in
179
ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n,
180
gcry_ac_mpi_t **data_mpis_cp)
182
gcry_ac_mpi_t *data_mpis_new;
188
data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n);
191
err = gcry_error_from_errno (errno);
194
memset (data_mpis_new, 0, sizeof (*data_mpis_new) * data_mpis_n);
197
for (i = 0; i < data_mpis_n; i++)
201
label = gcry_strdup (data_mpis[i].name);
202
mpi = gcry_mpi_copy (data_mpis[i].mpi);
203
if (! (label && mpi))
205
err = gcry_error_from_errno (errno);
206
gcry_mpi_release (mpi);
211
data_mpis_new[i].flags = GCRY_AC_FLAG_DEALLOC;
212
data_mpis_new[i].name = label;
213
data_mpis_new[i].mpi = mpi;
218
*data_mpis_cp = data_mpis_new;
226
for (i = 0; i < data_mpis_n; i++)
228
gcry_mpi_release (data_mpis_new[i].mpi);
229
gcry_free (data_mpis_new[i].name);
231
gcry_free (data_mpis_new);
237
/* Create a copy of the data set DATA and store it in DATA_CP. */
239
_gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data)
241
gcry_ac_mpi_t *data_mpis = NULL;
242
gcry_ac_data_t data_new;
246
return gpg_error (GPG_ERR_NOT_SUPPORTED);
248
/* Allocate data set. */
249
data_new = gcry_malloc (sizeof (*data_new));
252
err = gcry_error_from_errno (errno);
256
err = ac_data_mpi_copy (data->data, data->data_n, &data_mpis);
260
data_new->data_n = data->data_n;
261
data_new->data = data_mpis;
267
gcry_free (data_new);
272
/* Returns the number of named MPI values inside of the data set
275
_gcry_ac_data_length (gcry_ac_data_t data)
281
/* Add the value MPI to DATA with the label NAME. If FLAGS contains
282
GCRY_AC_FLAG_COPY, the data set will contain copies of NAME
283
and MPI. If FLAGS contains GCRY_AC_FLAG_DEALLOC or
284
GCRY_AC_FLAG_COPY, the values contained in the data set will
285
be deallocated when they are to be removed from the data set. */
287
_gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags,
288
const char *name, gcry_mpi_t mpi)
299
return gpg_error (GPG_ERR_NOT_SUPPORTED);
301
if (flags & ~(GCRY_AC_FLAG_DEALLOC | GCRY_AC_FLAG_COPY))
303
err = gcry_error (GPG_ERR_INV_ARG);
307
if (flags & GCRY_AC_FLAG_COPY)
311
flags |= GCRY_AC_FLAG_DEALLOC;
312
name_cp = gcry_strdup (name);
313
mpi_cp = gcry_mpi_copy (mpi);
314
if (! (name_cp && mpi_cp))
316
err = gcry_error_from_errno (errno);
321
/* Search for existing entry. */
322
for (i = 0; i < data->data_n; i++)
323
if (! strcmp (name, data->data[i].name))
325
if (i < data->data_n)
327
/* An entry for NAME does already exist. */
328
if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC)
330
gcry_mpi_release (data->data[i].mpi);
331
gcry_free (data->data[i].name);
336
/* Create a new entry. */
338
gcry_ac_mpi_t *ac_mpis;
340
ac_mpis = gcry_realloc (data->data,
341
sizeof (*data->data) * (data->data_n + 1));
344
err = gcry_error_from_errno (errno);
348
if (data->data != ac_mpis)
349
data->data = ac_mpis;
353
data->data[i].name = name_cp ? name_cp : ((char *) name);
354
data->data[i].mpi = mpi_cp ? mpi_cp : mpi;
355
data->data[i].flags = flags;
362
gcry_mpi_release (mpi_cp);
369
/* Stores the value labelled with NAME found in the data set DATA in
370
MPI. The returned MPI value will be released in case
371
gcry_ac_data_set is used to associate the label NAME with a
372
different MPI value. */
374
_gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags,
375
const char *name, gcry_mpi_t *mpi)
377
gcry_mpi_t mpi_return;
382
return gpg_error (GPG_ERR_NOT_SUPPORTED);
384
if (flags & ~(GCRY_AC_FLAG_COPY))
386
err = gcry_error (GPG_ERR_INV_ARG);
390
for (i = 0; i < data->data_n; i++)
391
if (! strcmp (name, data->data[i].name))
393
if (i == data->data_n)
395
err = gcry_error (GPG_ERR_NOT_FOUND);
399
if (flags & GCRY_AC_FLAG_COPY)
401
mpi_return = gcry_mpi_copy (data->data[i].mpi);
404
err = gcry_error_from_errno (errno); /* FIXME? */
409
mpi_return = data->data[i].mpi;
419
/* Stores in NAME and MPI the named MPI value contained in the data
420
set DATA with the index IDX. NAME or MPI may be NULL. The
421
returned MPI value will be released in case gcry_ac_data_set is
422
used to associate the label NAME with a different MPI value. */
424
_gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags,
426
const char **name, gcry_mpi_t *mpi)
436
return gpg_error (GPG_ERR_NOT_SUPPORTED);
438
if (flags & ~(GCRY_AC_FLAG_COPY))
440
err = gcry_error (GPG_ERR_INV_ARG);
444
if (idx >= data->data_n)
446
err = gcry_error (GPG_ERR_INV_ARG);
450
if (flags & GCRY_AC_FLAG_COPY)
452
/* Return copies to the user. */
455
name_cp = gcry_strdup (data->data[idx].name);
458
err = gcry_error_from_errno (errno);
464
mpi_cp = gcry_mpi_copy (data->data[idx].mpi);
467
err = gcry_error_from_errno (errno);
474
*name = name_cp ? name_cp : data->data[idx].name;
476
*mpi = mpi_cp ? mpi_cp : data->data[idx].mpi;
483
gcry_mpi_release (mpi_cp);
490
/* Convert the data set DATA into a new S-Expression, which is to be
491
stored in SEXP, according to the identifiers contained in
494
_gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp,
495
const char **identifiers)
497
gcry_sexp_t sexp_new;
500
size_t sexp_buffer_n;
501
size_t identifiers_n;
514
return gpg_error (GPG_ERR_NOT_SUPPORTED);
516
/* Calculate size of S-expression representation. */
520
while (identifiers[i])
522
/* For each identifier, we add "(<IDENTIFIER>)". */
523
sexp_buffer_n += 1 + strlen (identifiers[i]) + 1;
529
/* If there are NO identifiers, we still add surrounding braces so
530
that we have a list of named MPI value lists. Otherwise it
531
wouldn't be too much fun to process these lists. */
534
data_n = _gcry_ac_data_length (data);
535
for (i = 0; i < data_n; i++)
537
err = gcry_ac_data_get_index (data, 0, i, &label, NULL);
540
/* For each MPI we add "(<LABEL> %m)". */
541
sexp_buffer_n += 1 + strlen (label) + 4;
546
/* Allocate buffer. */
548
sexp_buffer = gcry_malloc (sexp_buffer_n);
551
err = gcry_error_from_errno (errno);
560
/* Add identifiers: (<IDENTIFIER0>(<IDENTIFIER1>...)). */
563
/* Add nested identifier lists as usual. */
564
for (i = 0; i < identifiers_n; i++)
565
sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, "(%s",
570
/* Add special list. */
571
sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, "(");
575
arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1));
578
err = gcry_error_from_errno (errno);
581
for (i = 0; i < data_n; i++)
583
err = gcry_ac_data_get_index (data, 0, i, &label, &mpi);
586
sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n,
588
arg_list[i] = &data->data[i].mpi;
595
/* Add closing braces for identifier lists as usual. */
596
for (i = 0; i < identifiers_n; i++)
597
sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, ")");
601
/* Add closing braces for special list. */
602
sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, ")");
606
err = gcry_sexp_build_array (&sexp_new, NULL, sexp_buffer, arg_list);
614
gcry_free (sexp_buffer);
615
gcry_free (arg_list);
620
/* Create a new data set, which is to be stored in DATA_SET, from the
621
S-Expression SEXP, according to the identifiers contained in
624
_gcry_ac_data_from_sexp (gcry_ac_data_t *data_set, gcry_sexp_t sexp,
625
const char **identifiers)
627
gcry_ac_data_t data_set_new;
629
gcry_sexp_t sexp_cur;
630
gcry_sexp_t sexp_tmp;
647
return gpg_error (GPG_ERR_NOT_SUPPORTED);
649
/* Process S-expression/identifiers. */
653
for (i = 0; identifiers[i]; i++)
655
/* Next identifier. Extract first data item from
657
data = gcry_sexp_nth_data (sexp_cur, 0, &data_n);
659
if (! ((data_n == strlen (identifiers[i]))
660
&& (! strncmp (data, identifiers[i], data_n))))
662
/* Identifier mismatch -> error. */
663
err = gcry_error (GPG_ERR_INV_SEXP);
667
/* Identifier matches. Now we have to distinguish two
670
(i) we are at the last identifier:
673
(ii) we are not at the last identifier:
674
extract next element, which is supposed to be a
677
if (! identifiers[i + 1])
678
/* Last identifier. */
682
/* Not the last identifier, extract next sublist. */
684
sexp_tmp = gcry_sexp_nth (sexp_cur, 1);
687
/* Missing sublist. */
688
err = gcry_error (GPG_ERR_INV_SEXP);
692
/* Release old SEXP_CUR, in case it is not equal to the
694
if (sexp_cur != sexp)
695
gcry_sexp_release (sexp_cur);
697
/* Make SEXP_CUR point to the new current sublist. */
707
/* We have at least one identifier in the list, this means
708
the the list of named MPI values is prefixed, this means
709
that we need to skip the first item (the list name), when
710
processing the MPI values. */
715
/* Since there is no identifiers list, the list of named MPI
716
values is not prefixed with a list name, therefore the
717
offset to use is zero. */
722
/* Since there is no identifiers list, the list of named MPI
723
values is not prefixed with a list name, therefore the offset
727
/* Create data set from S-expression data. */
729
err = gcry_ac_data_new (&data_set_new);
733
/* Figure out amount of named MPIs in SEXP_CUR. */
735
sexp_n = gcry_sexp_length (sexp_cur) - skip_name;
739
/* Extracte the named MPIs sequentially. */
740
for (i = 0; i < sexp_n; i++)
742
/* Store next S-Expression pair, which is supposed to consist of
743
a name and an MPI value, in SEXP_TMP. */
745
sexp_tmp = gcry_sexp_nth (sexp_cur, i + skip_name);
748
err = gcry_error (GPG_ERR_INV_SEXP);
752
/* Extract name from current S-Expression pair. */
753
data = gcry_sexp_nth_data (sexp_tmp, 0, &data_n);
754
string = gcry_malloc (data_n + 1);
757
err = gcry_error_from_errno (errno);
760
memcpy (string, data, data_n);
763
/* Extract MPI value. */
764
mpi = gcry_sexp_nth_mpi (sexp_tmp, 1, 0);
767
err = gcry_error (GPG_ERR_INV_SEXP); /* FIXME? */
771
/* Store named MPI in data_set_new. */
772
err = gcry_ac_data_set (data_set_new, GCRY_AC_FLAG_DEALLOC, string, mpi);
776
/* gcry_free (string); */
778
/* gcry_mpi_release (mpi); */
781
gcry_sexp_release (sexp_tmp);
787
*data_set = data_set_new;
791
if (sexp_cur != sexp)
792
gcry_sexp_release (sexp_cur);
793
gcry_sexp_release (sexp_tmp);
794
gcry_mpi_release (mpi);
798
gcry_ac_data_destroy (data_set_new);
805
_gcry_ac_data_dump (const char *prefix, gcry_ac_data_t data)
807
unsigned char *mpi_buffer;
823
data_n = _gcry_ac_data_length (data);
824
for (i = 0; i < data_n; i++)
826
err = gcry_ac_data_get_index (data, 0, i, &name, &mpi);
829
log_error ("failed to dump data set");
833
err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &mpi_buffer, &mpi_buffer_n, mpi);
836
log_error ("failed to dump data set");
840
log_printf ("%s%s%s: %s\n",
841
prefix ? prefix : "",
845
gcry_free (mpi_buffer);
849
gcry_free (mpi_buffer);
852
/* Dump the named MPI values contained in the data set DATA to
853
Libgcrypt's logging stream. */
855
gcry_ac_data_dump (const char *prefix, gcry_ac_data_t data)
857
_gcry_ac_data_dump (prefix, data);
860
/* Destroys any values contained in the data set DATA. */
862
_gcry_ac_data_clear (gcry_ac_data_t data)
864
ac_data_values_destroy (data);
865
gcry_free (data->data);
873
* Implementation of `ac io' objects.
876
/* Initialize AC_IO according to MODE, TYPE and the variable list of
877
arguments AP. The list of variable arguments to specify depends on
880
_gcry_ac_io_init_va (gcry_ac_io_t *ac_io,
881
gcry_ac_io_mode_t mode, gcry_ac_io_type_t type, va_list ap)
883
memset (ac_io, 0, sizeof (*ac_io));
888
gcry_assert ((mode == GCRY_AC_IO_READABLE) || (mode == GCRY_AC_IO_WRITABLE));
889
gcry_assert ((type == GCRY_AC_IO_STRING) || (type == GCRY_AC_IO_STRING));
896
case GCRY_AC_IO_READABLE:
899
case GCRY_AC_IO_STRING:
900
ac_io->io.readable.string.data = va_arg (ap, unsigned char *);
901
ac_io->io.readable.string.data_n = va_arg (ap, size_t);
904
case GCRY_AC_IO_CALLBACK:
905
ac_io->io.readable.callback.cb = va_arg (ap, gcry_ac_data_read_cb_t);
906
ac_io->io.readable.callback.opaque = va_arg (ap, void *);
910
case GCRY_AC_IO_WRITABLE:
913
case GCRY_AC_IO_STRING:
914
ac_io->io.writable.string.data = va_arg (ap, unsigned char **);
915
ac_io->io.writable.string.data_n = va_arg (ap, size_t *);
918
case GCRY_AC_IO_CALLBACK:
919
ac_io->io.writable.callback.cb = va_arg (ap, gcry_ac_data_write_cb_t);
920
ac_io->io.writable.callback.opaque = va_arg (ap, void *);
927
/* Initialize AC_IO according to MODE, TYPE and the variable list of
928
arguments. The list of variable arguments to specify depends on
931
_gcry_ac_io_init (gcry_ac_io_t *ac_io,
932
gcry_ac_io_mode_t mode, gcry_ac_io_type_t type, ...)
937
_gcry_ac_io_init_va (ac_io, mode, type, ap);
942
/* Write to the IO object AC_IO BUFFER_N bytes from BUFFER. Return
943
zero on success or error code. */
945
_gcry_ac_io_write (gcry_ac_io_t *ac_io, unsigned char *buffer, size_t buffer_n)
949
gcry_assert (ac_io->mode == GCRY_AC_IO_WRITABLE);
954
case GCRY_AC_IO_STRING:
958
if (*ac_io->io.writable.string.data)
960
p = gcry_realloc (*ac_io->io.writable.string.data,
961
*ac_io->io.writable.string.data_n + buffer_n);
963
err = gcry_error_from_errno (errno);
966
if (*ac_io->io.writable.string.data != p)
967
*ac_io->io.writable.string.data = p;
968
memcpy (p + *ac_io->io.writable.string.data_n, buffer, buffer_n);
969
*ac_io->io.writable.string.data_n += buffer_n;
974
if (gcry_is_secure (buffer))
975
p = gcry_malloc_secure (buffer_n);
977
p = gcry_malloc (buffer_n);
979
err = gcry_error_from_errno (errno);
982
memcpy (p, buffer, buffer_n);
983
*ac_io->io.writable.string.data = p;
984
*ac_io->io.writable.string.data_n = buffer_n;
990
case GCRY_AC_IO_CALLBACK:
991
err = (*ac_io->io.writable.callback.cb) (ac_io->io.writable.callback.opaque,
999
/* Read *BUFFER_N bytes from the IO object AC_IO into BUFFER; NREAD
1000
bytes have already been read from the object; on success, store the
1001
amount of bytes read in *BUFFER_N; zero bytes read means EOF.
1002
Return zero on success or error code. */
1004
_gcry_ac_io_read (gcry_ac_io_t *ac_io,
1005
unsigned int nread, unsigned char *buffer, size_t *buffer_n)
1009
gcry_assert (ac_io->mode == GCRY_AC_IO_READABLE);
1012
switch (ac_io->type)
1014
case GCRY_AC_IO_STRING:
1016
size_t bytes_available;
1017
size_t bytes_to_read;
1018
size_t bytes_wanted;
1020
bytes_available = ac_io->io.readable.string.data_n - nread;
1021
bytes_wanted = *buffer_n;
1023
if (bytes_wanted > bytes_available)
1024
bytes_to_read = bytes_available;
1026
bytes_to_read = bytes_wanted;
1028
memcpy (buffer, ac_io->io.readable.string.data + nread, bytes_to_read);
1029
*buffer_n = bytes_to_read;
1034
case GCRY_AC_IO_CALLBACK:
1035
err = (*ac_io->io.readable.callback.cb)
1036
(ac_io->io.readable.callback.opaque, buffer, buffer_n);
1043
/* Read all data available from the IO object AC_IO into newly
1044
allocated memory, storing an appropriate pointer in *BUFFER and the
1045
amount of bytes read in *BUFFER_N. Return zero on success or error
1048
_gcry_ac_io_read_all (gcry_ac_io_t *ac_io, unsigned char **buffer, size_t *buffer_n)
1050
unsigned char *buffer_new;
1051
size_t buffer_new_n;
1052
unsigned char buf[BUFSIZ];
1062
buf_n = sizeof (buf);
1063
err = _gcry_ac_io_read (ac_io, buffer_new_n, buf, &buf_n);
1069
p = gcry_realloc (buffer_new, buffer_new_n + buf_n);
1072
err = gcry_error_from_errno (errno);
1076
if (buffer_new != p)
1079
memcpy (buffer_new + buffer_new_n, buf, buf_n);
1080
buffer_new_n += buf_n;
1088
*buffer_n = buffer_new_n;
1089
*buffer = buffer_new;
1094
gcry_free (buffer_new);
1099
/* Read data chunks from the IO object AC_IO until EOF, feeding them
1100
to the callback function CB. Return zero on success or error
1103
_gcry_ac_io_process (gcry_ac_io_t *ac_io,
1104
gcry_ac_data_write_cb_t cb, void *opaque)
1106
unsigned char buffer[BUFSIZ];
1115
buffer_n = sizeof (buffer);
1116
err = _gcry_ac_io_read (ac_io, nread, buffer, &buffer_n);
1121
err = (*cb) (opaque, buffer, buffer_n);
1136
* Functions for converting data between the native ac and the
1137
* S-expression structure used by the pk interface.
1140
/* Extract the S-Expression DATA_SEXP into DATA under the control of
1141
TYPE and NAME. This function assumes that S-Expressions are of the
1142
following structure:
1145
(ALGORITHM <list of named MPI values>)) */
1147
ac_data_extract (const char *identifier, const char *algorithm,
1148
gcry_sexp_t sexp, gcry_ac_data_t *data)
1151
gcry_sexp_t value_sexp;
1152
gcry_sexp_t data_sexp;
1154
gcry_mpi_t value_mpi;
1156
const char *data_raw;
1158
gcry_ac_data_t data_new;
1167
/* Verify that the S-expression contains the correct identifier. */
1168
data_raw = gcry_sexp_nth_data (sexp, 0, &data_raw_n);
1169
if ((! data_raw) || strncmp (identifier, data_raw, data_raw_n))
1171
err = gcry_error (GPG_ERR_INV_SEXP);
1175
/* Extract inner S-expression. */
1176
data_sexp = gcry_sexp_find_token (sexp, algorithm, 0);
1179
err = gcry_error (GPG_ERR_INV_SEXP);
1183
/* Count data elements. */
1184
data_sexp_n = gcry_sexp_length (data_sexp);
1187
/* Allocate new data set. */
1188
err = _gcry_ac_data_new (&data_new);
1192
/* Iterate through list of data elements and add them to the data
1194
for (i = 0; i < data_sexp_n; i++)
1196
/* Get the S-expression of the named MPI, that contains the name
1197
and the MPI value. */
1198
value_sexp = gcry_sexp_nth (data_sexp, i + 1);
1201
err = gcry_error (GPG_ERR_INV_SEXP);
1205
/* Extract the name. */
1206
data_raw = gcry_sexp_nth_data (value_sexp, 0, &data_raw_n);
1209
err = gcry_error (GPG_ERR_INV_SEXP);
1213
/* Extract the MPI value. */
1214
value_mpi = gcry_sexp_nth_mpi (value_sexp, 1, GCRYMPI_FMT_USG);
1217
err = gcry_error (GPG_ERR_INTERNAL); /* FIXME? */
1221
/* Duplicate the name. */
1222
value_name = gcry_malloc (data_raw_n + 1);
1225
err = gcry_error_from_errno (errno);
1228
strncpy (value_name, data_raw, data_raw_n);
1229
value_name[data_raw_n] = 0;
1231
err = _gcry_ac_data_set (data_new, GCRY_AC_FLAG_DEALLOC, value_name, value_mpi);
1235
gcry_sexp_release (value_sexp);
1248
/* Deallocate resources. */
1251
_gcry_ac_data_destroy (data_new);
1252
gcry_mpi_release (value_mpi);
1253
gcry_free (value_name);
1254
gcry_sexp_release (value_sexp);
1256
gcry_sexp_release (data_sexp);
1261
/* Construct an S-expression from the DATA and store it in
1262
DATA_SEXP. The S-expression will be of the following structure:
1264
(IDENTIFIER [(flags [...])]
1265
(ALGORITHM <list of named MPI values>)) */
1267
ac_data_construct (const char *identifier, int include_flags,
1268
unsigned int flags, const char *algorithm,
1269
gcry_ac_data_t data, gcry_sexp_t *sexp)
1271
unsigned int data_length;
1272
gcry_sexp_t sexp_new;
1274
size_t sexp_format_n;
1283
/* We build a list of arguments to pass to
1284
gcry_sexp_build_array(). */
1285
data_length = _gcry_ac_data_length (data);
1286
arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2));
1289
err = gcry_error_from_errno (errno);
1293
/* Fill list with MPIs. */
1294
for (i = 0; i < data_length; i++)
1296
char **nameaddr = &data->data[i].name;
1298
arg_list[(i * 2) + 0] = nameaddr;
1299
arg_list[(i * 2) + 1] = &data->data[i].mpi;
1302
/* Calculate size of format string. */
1304
+ (include_flags ? 7 : 0)
1305
+ (algorithm ? (2 + strlen (algorithm)) : 0)
1306
+ strlen (identifier));
1308
for (i = 0; i < data_length; i++)
1309
/* Per-element sizes. */
1314
for (i = 0; i < DIM (ac_flags); i++)
1315
if (flags & ac_flags[i].number)
1316
sexp_format_n += strlen (ac_flags[i].string) + 1;
1319
sexp_format = gcry_malloc (sexp_format_n);
1322
err = gcry_error_from_errno (errno);
1326
/* Construct the format string. */
1329
strcat (sexp_format, "(");
1330
strcat (sexp_format, identifier);
1333
strcat (sexp_format, "(flags");
1334
for (i = 0; i < DIM (ac_flags); i++)
1335
if (flags & ac_flags[i].number)
1337
strcat (sexp_format, " ");
1338
strcat (sexp_format, ac_flags[i].string);
1340
strcat (sexp_format, ")");
1344
strcat (sexp_format, "(");
1345
strcat (sexp_format, algorithm);
1347
for (i = 0; i < data_length; i++)
1348
strcat (sexp_format, "(%s%m)");
1350
strcat (sexp_format, ")");
1351
strcat (sexp_format, ")");
1353
/* Create final S-expression. */
1354
err = gcry_sexp_build_array (&sexp_new, NULL, sexp_format, arg_list);
1362
/* Deallocate resources. */
1363
gcry_free (sexp_format);
1364
gcry_free (arg_list);
1366
gcry_sexp_release (sexp_new);
1374
* Handle management.
1377
/* Creates a new handle for the algorithm ALGORITHM and stores it in
1378
HANDLE. FLAGS is not used yet. */
1380
_gcry_ac_open (gcry_ac_handle_t *handle,
1381
gcry_ac_id_t algorithm, unsigned int flags)
1383
gcry_ac_handle_t handle_new;
1384
const char *algorithm_name;
1385
gcry_module_t module;
1392
return gpg_error (GPG_ERR_NOT_SUPPORTED);
1395
algorithm_name = _gcry_pk_aliased_algo_name (algorithm);
1396
if (! algorithm_name)
1398
err = gcry_error (GPG_ERR_PUBKEY_ALGO);
1402
/* Acquire reference to the pubkey module. */
1403
err = _gcry_pk_module_lookup (algorithm, &module);
1408
handle_new = gcry_malloc (sizeof (*handle_new));
1411
err = gcry_error_from_errno (errno);
1416
handle_new->algorithm = algorithm;
1417
handle_new->algorithm_name = algorithm_name;
1418
handle_new->flags = flags;
1419
handle_new->module = module;
1420
*handle = handle_new;
1424
/* Deallocate resources. */
1426
_gcry_pk_module_release (module);
1432
/* Destroys the handle HANDLE. */
1434
_gcry_ac_close (gcry_ac_handle_t handle)
1436
/* Release reference to pubkey module. */
1439
_gcry_pk_module_release (handle->module);
1450
/* Initialize a key from a given data set. */
1451
/* FIXME/Damn: the argument HANDLE is not only unnecessary, it is
1452
completely WRONG here. */
1454
_gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle,
1455
gcry_ac_key_type_t type, gcry_ac_data_t data)
1457
gcry_ac_data_t data_new;
1458
gcry_ac_key_t key_new;
1464
return gpg_error (GPG_ERR_NOT_SUPPORTED);
1467
key_new = gcry_malloc (sizeof (*key_new));
1470
err = gcry_error_from_errno (errno);
1474
/* Copy data set. */
1475
err = _gcry_ac_data_copy (&data_new, data);
1480
key_new->data = data_new;
1481
key_new->type = type;
1487
/* Deallocate resources. */
1488
gcry_free (key_new);
1494
/* Generates a new key pair via the handle HANDLE of NBITS bits and
1495
stores it in KEY_PAIR. In case non-standard settings are wanted, a
1496
pointer to a structure of type gcry_ac_key_spec_<algorithm>_t,
1497
matching the selected algorithm, can be given as KEY_SPEC.
1498
MISC_DATA is not used yet. */
1500
_gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits,
1502
gcry_ac_key_pair_t *key_pair,
1503
gcry_mpi_t **misc_data)
1505
gcry_sexp_t genkey_sexp_request;
1506
gcry_sexp_t genkey_sexp_reply;
1507
gcry_ac_data_t key_data_secret;
1508
gcry_ac_data_t key_data_public;
1509
gcry_ac_key_pair_t key_pair_new;
1510
gcry_ac_key_t key_secret;
1511
gcry_ac_key_t key_public;
1512
gcry_sexp_t key_sexp;
1514
char *genkey_format;
1515
size_t genkey_format_n;
1524
return gpg_error (GPG_ERR_NOT_SUPPORTED);
1526
key_data_secret = NULL;
1527
key_data_public = NULL;
1530
genkey_format = NULL;
1532
genkey_sexp_request = NULL;
1533
genkey_sexp_reply = NULL;
1536
/* Allocate key pair. */
1537
key_pair_new = gcry_malloc (sizeof (struct gcry_ac_key_pair));
1540
err = gcry_error_from_errno (errno);
1544
/* Allocate keys. */
1545
key_secret = gcry_malloc (sizeof (*key_secret));
1548
err = gcry_error_from_errno (errno);
1551
key_public = gcry_malloc (sizeof (*key_public));
1554
err = gcry_error_from_errno (errno);
1558
/* Calculate size of the format string, that is used for creating
1559
the request S-expression. */
1560
genkey_format_n = 22;
1562
/* Respect any relevant algorithm specific commands. */
1564
for (i = 0; i < DIM (ac_key_generate_specs); i++)
1565
if (handle->algorithm == ac_key_generate_specs[i].algorithm)
1566
genkey_format_n += 6;
1568
/* Create format string. */
1569
genkey_format = gcry_malloc (genkey_format_n);
1570
if (! genkey_format)
1572
err = gcry_error_from_errno (errno);
1576
/* Fill format string. */
1578
strcat (genkey_format, "(genkey(%s(nbits%d)");
1580
for (i = 0; i < DIM (ac_key_generate_specs); i++)
1581
if (handle->algorithm == ac_key_generate_specs[i].algorithm)
1582
strcat (genkey_format, "(%s%m)");
1583
strcat (genkey_format, "))");
1585
/* Build list of argument pointers, the algorithm name and the nbits
1586
are always needed. */
1589
/* Now the algorithm specific arguments. */
1591
for (i = 0; i < DIM (ac_key_generate_specs); i++)
1592
if (handle->algorithm == ac_key_generate_specs[i].algorithm)
1595
/* Allocate list. */
1596
arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n);
1599
err = gcry_error_from_errno (errno);
1603
arg_list[0] = (void *) &handle->algorithm_name;
1604
arg_list[1] = (void *) &nbits;
1606
for (j = 2, i = 0; i < DIM (ac_key_generate_specs); i++)
1607
if (handle->algorithm == ac_key_generate_specs[i].algorithm)
1609
/* Add name of this specification flag and the
1610
according member of the spec strucuture. */
1611
arg_list[j++] = (void *)(&ac_key_generate_specs[i].name);
1612
arg_list[j++] = (void *)
1613
(((char *) key_spec)
1614
+ ac_key_generate_specs[i].offset);
1615
/* FIXME: above seems to suck. */
1618
/* Construct final request S-expression. */
1619
err = gcry_sexp_build_array (&genkey_sexp_request,
1620
NULL, genkey_format, arg_list);
1624
/* Perform genkey operation. */
1625
err = gcry_pk_genkey (&genkey_sexp_reply, genkey_sexp_request);
1629
key_sexp = gcry_sexp_find_token (genkey_sexp_reply, "private-key", 0);
1632
err = gcry_error (GPG_ERR_INTERNAL);
1635
err = ac_data_extract ("private-key", handle->algorithm_name,
1636
key_sexp, &key_data_secret);
1640
gcry_sexp_release (key_sexp);
1641
key_sexp = gcry_sexp_find_token (genkey_sexp_reply, "public-key", 0);
1644
err = gcry_error (GPG_ERR_INTERNAL);
1647
err = ac_data_extract ("public-key", handle->algorithm_name,
1648
key_sexp, &key_data_public);
1654
key_secret->type = GCRY_AC_KEY_SECRET;
1655
key_secret->data = key_data_secret;
1656
key_public->type = GCRY_AC_KEY_PUBLIC;
1657
key_public->data = key_data_public;
1658
key_pair_new->secret = key_secret;
1659
key_pair_new->public = key_public;
1660
*key_pair = key_pair_new;
1664
/* Deallocate resources. */
1666
gcry_free (genkey_format);
1667
gcry_free (arg_list);
1668
gcry_sexp_release (genkey_sexp_request);
1669
gcry_sexp_release (genkey_sexp_reply);
1670
gcry_sexp_release (key_sexp);
1673
_gcry_ac_data_destroy (key_data_secret);
1674
_gcry_ac_data_destroy (key_data_public);
1675
gcry_free (key_secret);
1676
gcry_free (key_public);
1677
gcry_free (key_pair_new);
1683
/* Returns the key of type WHICH out of the key pair KEY_PAIR. */
1685
_gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair,
1686
gcry_ac_key_type_t which)
1695
case GCRY_AC_KEY_SECRET:
1696
key = key_pair->secret;
1699
case GCRY_AC_KEY_PUBLIC:
1700
key = key_pair->public;
1711
/* Destroys the key KEY. */
1713
_gcry_ac_key_destroy (gcry_ac_key_t key)
1721
for (i = 0; i < key->data->data_n; i++)
1723
if (key->data->data[i].mpi)
1724
gcry_mpi_release (key->data->data[i].mpi);
1725
if (key->data->data[i].name)
1726
gcry_free (key->data->data[i].name);
1728
gcry_free (key->data->data);
1729
gcry_free (key->data);
1735
/* Destroys the key pair KEY_PAIR. */
1737
_gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair)
1741
gcry_ac_key_destroy (key_pair->secret);
1742
gcry_ac_key_destroy (key_pair->public);
1743
gcry_free (key_pair);
1747
/* Returns the data set contained in the key KEY. */
1749
_gcry_ac_key_data_get (gcry_ac_key_t key)
1756
/* Verifies that the key KEY is sane via HANDLE. */
1758
_gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key)
1760
gcry_sexp_t key_sexp;
1764
return gpg_error (GPG_ERR_NOT_SUPPORTED);
1767
err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
1768
handle->algorithm_name, key->data, &key_sexp);
1772
err = gcry_pk_testkey (key_sexp);
1776
gcry_sexp_release (key_sexp);
1778
return gcry_error (err);
1781
/* Stores the number of bits of the key KEY in NBITS via HANDLE. */
1783
_gcry_ac_key_get_nbits (gcry_ac_handle_t handle,
1784
gcry_ac_key_t key, unsigned int *nbits)
1786
gcry_sexp_t key_sexp;
1791
return gpg_error (GPG_ERR_NOT_SUPPORTED);
1795
err = ac_data_construct (ac_key_identifiers[key->type],
1796
0, 0, handle->algorithm_name, key->data, &key_sexp);
1800
n = gcry_pk_get_nbits (key_sexp);
1803
err = gcry_error (GPG_ERR_PUBKEY_ALGO);
1811
gcry_sexp_release (key_sexp);
1816
/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via
1819
_gcry_ac_key_get_grip (gcry_ac_handle_t handle,
1820
gcry_ac_key_t key, unsigned char *key_grip)
1822
gcry_sexp_t key_sexp;
1827
return gpg_error (GPG_ERR_NOT_SUPPORTED);
1830
err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
1831
handle->algorithm_name, key->data, &key_sexp);
1835
ret = gcry_pk_get_keygrip (key_sexp, key_grip);
1838
err = gcry_error (GPG_ERR_INV_OBJ);
1846
gcry_sexp_release (key_sexp);
1855
* Functions performing cryptographic operations.
1858
/* Encrypts the plain text MPI value DATA_PLAIN with the key public
1859
KEY under the control of the flags FLAGS and stores the resulting
1860
data set into DATA_ENCRYPTED. */
1862
_gcry_ac_data_encrypt (gcry_ac_handle_t handle,
1865
gcry_mpi_t data_plain,
1866
gcry_ac_data_t *data_encrypted)
1868
gcry_ac_data_t data_encrypted_new;
1869
gcry_ac_data_t data_value;
1870
gcry_sexp_t sexp_request;
1871
gcry_sexp_t sexp_reply;
1872
gcry_sexp_t sexp_key;
1876
return gpg_error (GPG_ERR_NOT_SUPPORTED);
1878
data_encrypted_new = NULL;
1879
sexp_request = NULL;
1884
if (key->type != GCRY_AC_KEY_PUBLIC)
1886
err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
1890
err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
1891
handle->algorithm_name, key->data, &sexp_key);
1895
err = _gcry_ac_data_new (&data_value);
1899
err = _gcry_ac_data_set (data_value, 0, "value", data_plain);
1903
err = ac_data_construct ("data", 1, flags, handle->algorithm_name,
1904
data_value, &sexp_request);
1908
/* FIXME: error vs. errcode? */
1910
err = gcry_pk_encrypt (&sexp_reply, sexp_request, sexp_key);
1915
err = ac_data_extract ("enc-val", handle->algorithm_name,
1916
sexp_reply, &data_encrypted_new);
1920
*data_encrypted = data_encrypted_new;
1924
/* Deallocate resources. */
1926
gcry_sexp_release (sexp_request);
1927
gcry_sexp_release (sexp_reply);
1928
gcry_sexp_release (sexp_key);
1929
_gcry_ac_data_destroy (data_value);
1934
/* Decrypts the encrypted data contained in the data set
1935
DATA_ENCRYPTED with the secret key KEY under the control of the
1936
flags FLAGS and stores the resulting plain text MPI value in
1939
_gcry_ac_data_decrypt (gcry_ac_handle_t handle,
1942
gcry_mpi_t *data_plain,
1943
gcry_ac_data_t data_encrypted)
1945
gcry_mpi_t data_decrypted;
1946
gcry_sexp_t sexp_request;
1947
gcry_sexp_t sexp_reply;
1948
gcry_sexp_t sexp_value;
1949
gcry_sexp_t sexp_key;
1953
return gpg_error (GPG_ERR_NOT_SUPPORTED);
1955
sexp_request = NULL;
1960
if (key->type != GCRY_AC_KEY_SECRET)
1962
err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
1966
err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
1967
handle->algorithm_name, key->data, &sexp_key);
1971
/* Create S-expression from data. */
1972
err = ac_data_construct ("enc-val", 1, flags, handle->algorithm_name,
1973
data_encrypted, &sexp_request);
1978
err = gcry_pk_decrypt (&sexp_reply, sexp_request, sexp_key);
1982
/* Extract plain text. */
1983
sexp_value = gcry_sexp_find_token (sexp_reply, "value", 0);
1987
err = gcry_error (GPG_ERR_GENERAL);
1991
data_decrypted = gcry_sexp_nth_mpi (sexp_value, 1, GCRYMPI_FMT_USG);
1992
if (! data_decrypted)
1994
err = gcry_error (GPG_ERR_GENERAL);
1998
*data_plain = data_decrypted;
2002
/* Deallocate resources. */
2003
gcry_sexp_release (sexp_request);
2004
gcry_sexp_release (sexp_reply);
2005
gcry_sexp_release (sexp_value);
2006
gcry_sexp_release (sexp_key);
2008
return gcry_error (err);
2012
/* Signs the data contained in DATA with the secret key KEY and stores
2013
the resulting signature data set in DATA_SIGNATURE. */
2015
_gcry_ac_data_sign (gcry_ac_handle_t handle,
2018
gcry_ac_data_t *data_signature)
2020
gcry_ac_data_t data_signed;
2021
gcry_ac_data_t data_value;
2022
gcry_sexp_t sexp_request;
2023
gcry_sexp_t sexp_reply;
2024
gcry_sexp_t sexp_key;
2028
return gpg_error (GPG_ERR_NOT_SUPPORTED);
2032
sexp_request = NULL;
2036
if (key->type != GCRY_AC_KEY_SECRET)
2038
err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
2042
err = ac_data_construct (ac_key_identifiers[key->type], 0, 0,
2043
handle->algorithm_name, key->data, &sexp_key);
2047
err = _gcry_ac_data_new (&data_value);
2051
err = _gcry_ac_data_set (data_value, 0, "value", data);
2055
/* Create S-expression holding the data. */
2056
err = ac_data_construct ("data", 1, 0, NULL, data_value, &sexp_request);
2061
err = gcry_pk_sign (&sexp_reply, sexp_request, sexp_key);
2066
err = ac_data_extract ("sig-val", handle->algorithm_name,
2067
sexp_reply, &data_signed);
2072
*data_signature = data_signed;
2076
gcry_sexp_release (sexp_request);
2077
gcry_sexp_release (sexp_reply);
2078
gcry_sexp_release (sexp_key);
2079
_gcry_ac_data_destroy (data_value);
2081
return gcry_error (err);
2085
/* Verifies that the signature contained in the data set
2086
DATA_SIGNATURE is indeed the result of signing the data contained
2087
in DATA with the secret key belonging to the public key KEY. */
2089
_gcry_ac_data_verify (gcry_ac_handle_t handle,
2092
gcry_ac_data_t data_signature)
2094
gcry_sexp_t sexp_signature;
2095
gcry_ac_data_t data_value;
2096
gcry_sexp_t sexp_data;
2097
gcry_sexp_t sexp_key;
2101
return gpg_error (GPG_ERR_NOT_SUPPORTED);
2103
sexp_signature = NULL;
2108
err = ac_data_construct ("public-key", 0, 0,
2109
handle->algorithm_name, key->data, &sexp_key);
2113
if (key->type != GCRY_AC_KEY_PUBLIC)
2115
err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
2119
/* Construct S-expression holding the signature data. */
2120
err = ac_data_construct ("sig-val", 1, 0, handle->algorithm_name,
2121
data_signature, &sexp_signature);
2125
err = _gcry_ac_data_new (&data_value);
2129
err = _gcry_ac_data_set (data_value, 0, "value", data);
2133
/* Construct S-expression holding the data. */
2134
err = ac_data_construct ("data", 1, 0, NULL, data_value, &sexp_data);
2138
/* Verify signature. */
2139
err = gcry_pk_verify (sexp_signature, sexp_data, sexp_key);
2143
gcry_sexp_release (sexp_signature);
2144
gcry_sexp_release (sexp_data);
2145
gcry_sexp_release (sexp_key);
2146
_gcry_ac_data_destroy (data_value);
2148
return gcry_error (err);
2155
* Implementation of encoding methods (em).
2158
/* Type for functions that encode or decode (hence the name) a
2160
typedef gcry_error_t (*gcry_ac_em_dencode_t) (unsigned int flags,
2162
gcry_ac_io_t *ac_io_read,
2163
gcry_ac_io_t *ac_io_write);
2165
/* Fill the buffer BUFFER which is BUFFER_N bytes long with non-zero
2166
random bytes of random level LEVEL. */
2168
em_randomize_nonzero (unsigned char *buffer, size_t buffer_n,
2169
gcry_random_level_t level)
2171
unsigned char *buffer_rand;
2172
unsigned int buffer_rand_n;
2177
for (i = 0; i < buffer_n; i++)
2183
for (i = zeros = 0; i < buffer_n; i++)
2189
/* Get random bytes. */
2190
buffer_rand_n = zeros + (zeros / 128);
2191
buffer_rand = gcry_random_bytes_secure (buffer_rand_n, level);
2193
/* Substitute zeros with non-zero random bytes. */
2194
for (i = j = 0; zeros && (i < buffer_n) && (j < buffer_rand_n); i++)
2197
while ((j < buffer_rand_n) && (! buffer_rand[j]))
2199
if (j < buffer_rand_n)
2201
buffer[i] = buffer_rand[j++];
2207
gcry_free (buffer_rand);
2213
/* Encode a message according to the Encoding Method for Encryption
2214
`PKCS-V1_5' (EME-PKCS-V1_5). */
2216
eme_pkcs_v1_5_encode (unsigned int flags, void *opts,
2217
gcry_ac_io_t *ac_io_read,
2218
gcry_ac_io_t *ac_io_write)
2220
gcry_ac_eme_pkcs_v1_5_t *options;
2222
unsigned char *buffer;
2235
err = _gcry_ac_io_read_all (ac_io_read, &m, &m_n);
2239
/* Figure out key length in bytes. */
2240
k = options->key_size / 8;
2244
/* Key is too short for message. */
2245
err = gcry_error (GPG_ERR_TOO_SHORT);
2249
/* According to this encoding method, the first byte of the encoded
2250
message is zero. This byte will be lost anyway, when the encoded
2251
message is to be converted into an MPI, that's why we skip
2254
/* Allocate buffer. */
2255
buffer = gcry_malloc (k - 1);
2258
err = gcry_error_from_errno (errno);
2262
/* Generate an octet string PS of length k - mLen - 3 consisting
2263
of pseudorandomly generated nonzero octets. The length of PS
2264
will be at least eight octets. */
2267
em_randomize_nonzero (ps, ps_n, GCRY_STRONG_RANDOM);
2269
/* Concatenate PS, the message M, and other padding to form an
2270
encoded message EM of length k octets as:
2272
EM = 0x00 || 0x02 || PS || 0x00 || M. */
2275
buffer[ps_n + 1] = 0x00;
2276
memcpy (buffer + ps_n + 2, m, m_n);
2278
err = _gcry_ac_io_write (ac_io_write, buffer, k - 1);
2288
/* Decode a message according to the Encoding Method for Encryption
2289
`PKCS-V1_5' (EME-PKCS-V1_5). */
2291
eme_pkcs_v1_5_decode (unsigned int flags, void *opts,
2292
gcry_ac_io_t *ac_io_read,
2293
gcry_ac_io_t *ac_io_write)
2295
gcry_ac_eme_pkcs_v1_5_t *options;
2296
unsigned char *buffer;
2309
err = _gcry_ac_io_read_all (ac_io_read, &em, &em_n);
2313
/* Figure out key size. */
2314
k = options->key_size / 8;
2316
/* Search for zero byte. */
2317
for (i = 0; (i < em_n) && em[i]; i++);
2319
/* According to this encoding method, the first byte of the encoded
2320
message should be zero. This byte is lost. */
2323
&& (em_n == (k - 1))
2328
err = gcry_error (GPG_ERR_DECRYPT_FAILED);
2333
buffer = gcry_malloc (em_n - i);
2336
err = gcry_error_from_errno (errno);
2340
memcpy (buffer, em + i, em_n - i);
2341
err = _gcry_ac_io_write (ac_io_write, buffer, em_n - i);
2352
emsa_pkcs_v1_5_encode_data_cb (void *opaque,
2353
unsigned char *buffer, size_t buffer_n)
2355
gcry_md_hd_t md_handle;
2358
gcry_md_write (md_handle, buffer, buffer_n);
2364
/* Encode a message according to the Encoding Method for Signatures
2365
with Appendix `PKCS-V1_5' (EMSA-PKCS-V1_5). */
2367
emsa_pkcs_v1_5_encode (unsigned int flags, void *opts,
2368
gcry_ac_io_t *ac_io_read,
2369
gcry_ac_io_t *ac_io_write)
2371
gcry_ac_emsa_pkcs_v1_5_t *options;
2380
unsigned char *buffer;
2382
unsigned char asn[100]; /* FIXME, always enough? */
2394
/* Create hashing handle and get the necessary information. */
2395
err = gcry_md_open (&md, options->md, 0);
2400
err = gcry_md_algo_info (options->md, GCRYCTL_GET_ASNOID, asn, &asn_n);
2404
h_n = gcry_md_get_algo_dlen (options->md);
2406
err = _gcry_ac_io_process (ac_io_read, emsa_pkcs_v1_5_encode_data_cb, md);
2410
h = gcry_md_read (md, 0);
2412
/* Encode the algorithm ID for the hash function and the hash value
2413
into an ASN.1 value of type DigestInfo with the Distinguished
2414
Encoding Rules (DER), where the type DigestInfo has the syntax:
2416
DigestInfo ::== SEQUENCE {
2417
digestAlgorithm AlgorithmIdentifier,
2421
The first field identifies the hash function and the second
2422
contains the hash value. Let T be the DER encoding of the
2423
DigestInfo value and let tLen be the length in octets of T. */
2426
t = gcry_malloc (t_n);
2429
err = gcry_error_from_errno (errno);
2433
for (i = 0; i < asn_n; i++)
2435
for (i = 0; i < h_n; i++)
2436
t[asn_n + i] = h[i];
2438
/* If emLen < tLen + 11, output "intended encoded message length
2439
too short" and stop. */
2440
if (options->em_n < t_n + 11)
2442
err = gcry_error (GPG_ERR_TOO_SHORT);
2446
/* Generate an octet string PS consisting of emLen - tLen - 3 octets
2447
with hexadecimal value 0xFF. The length of PS will be at least 8
2449
ps_n = options->em_n - t_n - 3;
2450
ps = gcry_malloc (ps_n);
2453
err = gcry_error_from_errno (errno);
2456
for (i = 0; i < ps_n; i++)
2459
/* Concatenate PS, the DER encoding T, and other padding to form the
2460
encoded message EM as:
2462
EM = 0x00 || 0x01 || PS || 0x00 || T. */
2464
buffer_n = ps_n + t_n + 3;
2465
buffer = gcry_malloc (buffer_n);
2468
err = gcry_error_from_errno (errno);
2474
for (i = 0; i < ps_n; i++)
2475
buffer[2 + i] = ps[i];
2476
buffer[2 + ps_n] = 0x00;
2477
for (i = 0; i < t_n; i++)
2478
buffer[3 + ps_n + i] = t[i];
2480
err = _gcry_ac_io_write (ac_io_write, buffer, buffer_n);
2493
/* `Actions' for data_dencode(). */
2494
typedef enum dencode_action
2501
/* Encode or decode a message according to the the encoding method
2502
METHOD; ACTION specifies wether the message that is contained in
2503
BUFFER_IN and of length BUFFER_IN_N should be encoded or decoded.
2504
The resulting message will be stored in a newly allocated buffer in
2505
BUFFER_OUT and BUFFER_OUT_N. */
2507
ac_data_dencode (gcry_ac_em_t method, dencode_action_t action,
2508
unsigned int flags, void *options,
2509
gcry_ac_io_t *ac_io_read,
2510
gcry_ac_io_t *ac_io_write)
2514
gcry_ac_em_t method;
2515
gcry_ac_em_dencode_t encode;
2516
gcry_ac_em_dencode_t decode;
2519
{ GCRY_AC_EME_PKCS_V1_5,
2520
eme_pkcs_v1_5_encode, eme_pkcs_v1_5_decode },
2521
{ GCRY_AC_EMSA_PKCS_V1_5,
2522
emsa_pkcs_v1_5_encode, NULL },
2528
methods_n = sizeof (methods) / sizeof (*methods);
2530
for (i = 0; i < methods_n; i++)
2531
if (methods[i].method == method)
2535
err = gcry_error (GPG_ERR_NOT_FOUND); /* FIXME? */
2543
if (methods[i].encode)
2545
err = (*methods[i].encode) (flags, options, ac_io_read, ac_io_write);
2549
if (methods[i].decode)
2551
err = (*methods[i].decode) (flags, options, ac_io_read, ac_io_write);
2555
err = gcry_error (GPG_ERR_INV_ARG);
2564
/* Encode a message according to the encoding method METHOD. OPTIONS
2565
must be a pointer to a method-specific structure
2568
_gcry_ac_data_encode (gcry_ac_em_t method,
2569
unsigned int flags, void *options,
2570
gcry_ac_io_t *ac_io_read,
2571
gcry_ac_io_t *ac_io_write)
2574
return gpg_error (GPG_ERR_NOT_SUPPORTED);
2576
return ac_data_dencode (method, DATA_ENCODE, flags, options,
2577
ac_io_read, ac_io_write);
2580
/* Dencode a message according to the encoding method METHOD. OPTIONS
2581
must be a pointer to a method-specific structure
2584
_gcry_ac_data_decode (gcry_ac_em_t method,
2585
unsigned int flags, void *options,
2586
gcry_ac_io_t *ac_io_read,
2587
gcry_ac_io_t *ac_io_write)
2590
return gpg_error (GPG_ERR_NOT_SUPPORTED);
2592
return ac_data_dencode (method, DATA_DECODE, flags, options,
2593
ac_io_read, ac_io_write);
2596
/* Convert an MPI into an octet string. */
2598
_gcry_ac_mpi_to_os (gcry_mpi_t mpi, unsigned char *os, size_t os_n)
2600
unsigned long digit;
2610
base = gcry_mpi_new (0);
2611
gcry_mpi_set_ui (base, 256);
2614
m = gcry_mpi_copy (mpi);
2615
while (gcry_mpi_cmp_ui (m, 0))
2618
gcry_mpi_div (m, NULL, m, base, 0);
2621
gcry_mpi_set (m, mpi);
2622
d = gcry_mpi_new (0);
2623
for (i = 0; (i < n) && (i < os_n); i++)
2625
gcry_mpi_mod (d, m, base);
2626
_gcry_mpi_get_ui (d, &digit);
2627
gcry_mpi_div (m, NULL, m, base, 0);
2628
os[os_n - i - 1] = (digit & 0xFF);
2631
for (; i < os_n; i++)
2632
os[os_n - i - 1] = 0;
2634
gcry_mpi_release (base);
2635
gcry_mpi_release (d);
2636
gcry_mpi_release (m);
2639
/* Convert an MPI into an newly allocated octet string. */
2641
_gcry_ac_mpi_to_os_alloc (gcry_mpi_t mpi, unsigned char **os, size_t *os_n)
2643
unsigned char *buffer;
2649
return gpg_error (GPG_ERR_NOT_SUPPORTED);
2651
nbits = gcry_mpi_get_nbits (mpi);
2652
buffer_n = (nbits + 7) / 8;
2653
buffer = gcry_malloc (buffer_n);
2656
err = gcry_error_from_errno (errno);
2660
_gcry_ac_mpi_to_os (mpi, buffer, buffer_n);
2671
/* Convert an octet string into an MPI. */
2673
_gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n)
2683
a = gcry_mpi_new (0);
2684
gcry_mpi_set_ui (a, 1);
2685
x = gcry_mpi_new (0);
2686
gcry_mpi_set_ui (x, 0);
2687
xi = gcry_mpi_new (0);
2689
for (i = 0; i < os_n; i++)
2691
gcry_mpi_mul_ui (xi, a, os[os_n - i - 1]);
2692
gcry_mpi_add (x, x, xi);
2693
gcry_mpi_mul_ui (a, a, 256);
2696
gcry_mpi_release (xi);
2697
gcry_mpi_release (a);
2699
gcry_mpi_set (mpi, x);
2700
gcry_mpi_release (x); /* FIXME: correct? */
2706
* Implementation of Encryption Schemes (ES) and Signature Schemes
2707
* with Appendix (SSA).
2710
/* Schemes consist of two things: encoding methods and cryptographic
2713
Since encoding methods are accessible through a common API with
2714
method-specific options passed as an anonymous struct, schemes have
2715
to provide functions that construct this method-specific structure;
2716
this is what the functions of type `gcry_ac_dencode_prepare_t' are
2719
typedef gcry_error_t (*gcry_ac_dencode_prepare_t) (gcry_ac_handle_t handle,
2724
/* The `dencode_prepare' function for ES-PKCS-V1_5. */
2726
ac_es_dencode_prepare_pkcs_v1_5 (gcry_ac_handle_t handle, gcry_ac_key_t key,
2727
void *opts, void *opts_em)
2729
gcry_ac_eme_pkcs_v1_5_t *options_em;
2735
err = _gcry_ac_key_get_nbits (handle, key, &nbits);
2739
options_em = opts_em;
2740
options_em->key_size = nbits;
2747
/* The `dencode_prepare' function for SSA-PKCS-V1_5. */
2749
ac_ssa_dencode_prepare_pkcs_v1_5 (gcry_ac_handle_t handle, gcry_ac_key_t key,
2750
void *opts, void *opts_em)
2752
gcry_ac_emsa_pkcs_v1_5_t *options_em;
2753
gcry_ac_ssa_pkcs_v1_5_t *options;
2757
options_em = opts_em;
2760
err = _gcry_ac_key_get_nbits (handle, key, &k);
2765
options_em->md = options->md;
2766
options_em->em_n = k;
2773
/* Type holding the information about each supported
2774
Encryption/Signature Scheme. */
2775
typedef struct ac_scheme
2777
gcry_ac_scheme_t scheme;
2778
gcry_ac_em_t scheme_encoding;
2779
gcry_ac_dencode_prepare_t dencode_prepare;
2780
size_t options_em_n;
2783
/* List of supported Schemes. */
2784
static ac_scheme_t ac_schemes[] =
2786
{ GCRY_AC_ES_PKCS_V1_5, GCRY_AC_EME_PKCS_V1_5,
2787
ac_es_dencode_prepare_pkcs_v1_5,
2788
sizeof (gcry_ac_eme_pkcs_v1_5_t) },
2789
{ GCRY_AC_SSA_PKCS_V1_5, GCRY_AC_EMSA_PKCS_V1_5,
2790
ac_ssa_dencode_prepare_pkcs_v1_5,
2791
sizeof (gcry_ac_emsa_pkcs_v1_5_t) }
2794
/* Lookup a scheme by it's ID. */
2795
static ac_scheme_t *
2796
ac_scheme_get (gcry_ac_scheme_t scheme)
2798
ac_scheme_t *ac_scheme;
2801
for (i = 0; i < DIM (ac_schemes); i++)
2802
if (scheme == ac_schemes[i].scheme)
2804
if (i == DIM (ac_schemes))
2807
ac_scheme = ac_schemes + i;
2812
/* Prepares the encoding/decoding by creating an according option
2815
ac_dencode_prepare (gcry_ac_handle_t handle, gcry_ac_key_t key, void *opts,
2816
ac_scheme_t scheme, void **opts_em)
2821
options_em = gcry_malloc (scheme.options_em_n);
2824
err = gcry_error_from_errno (errno);
2828
err = (*scheme.dencode_prepare) (handle, key, opts, options_em);
2832
*opts_em = options_em;
2842
/* Convert a data set into a single MPI; currently, this is only
2843
supported for data sets containing a single MPI. */
2845
ac_data_set_to_mpi (gcry_ac_data_t data, gcry_mpi_t *mpi)
2851
elems = _gcry_ac_data_length (data);
2855
/* FIXME: I guess, we should be more flexible in this respect by
2856
allowing the actual encryption/signature schemes to implement
2857
this conversion mechanism. */
2858
err = gcry_error (GPG_ERR_CONFLICT);
2862
err = _gcry_ac_data_get_index (data, GCRY_AC_FLAG_COPY, 0, NULL, &mpi_new);
2873
/* Encrypts the plain text message contained in M, which is of size
2874
M_N, with the public key KEY_PUBLIC according to the Encryption
2875
Scheme SCHEME_ID. HANDLE is used for accessing the low-level
2876
cryptographic primitives. If OPTS is not NULL, it has to be an
2877
anonymous structure specific to the chosen scheme (gcry_ac_es_*_t).
2878
The encrypted message will be stored in C and C_N. */
2880
_gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle,
2881
gcry_ac_scheme_t scheme_id,
2882
unsigned int flags, void *opts,
2884
gcry_ac_io_t *io_message,
2885
gcry_ac_io_t *io_cipher)
2891
gcry_mpi_t mpi_plain;
2892
gcry_ac_data_t data_encrypted;
2893
gcry_mpi_t mpi_encrypted;
2894
unsigned char *buffer;
2897
ac_scheme_t *scheme;
2902
return gpg_error (GPG_ERR_NOT_SUPPORTED);
2904
data_encrypted = NULL;
2905
mpi_encrypted = NULL;
2911
scheme = ac_scheme_get (scheme_id);
2914
err = gcry_error (GPG_ERR_NO_ENCRYPTION_SCHEME);
2918
if (key->type != GCRY_AC_KEY_PUBLIC)
2920
err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
2924
err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
2928
_gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE,
2929
GCRY_AC_IO_STRING, &em, &em_n);
2931
err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em,
2932
io_message, &io_em);
2936
mpi_plain = gcry_mpi_snew (0);
2937
gcry_ac_os_to_mpi (mpi_plain, em, em_n);
2939
err = _gcry_ac_data_encrypt (handle, 0, key, mpi_plain, &data_encrypted);
2943
err = ac_data_set_to_mpi (data_encrypted, &mpi_encrypted);
2947
err = _gcry_ac_mpi_to_os_alloc (mpi_encrypted, &buffer, &buffer_n);
2951
err = _gcry_ac_io_write (io_cipher, buffer, buffer_n);
2955
gcry_ac_data_destroy (data_encrypted);
2956
gcry_mpi_release (mpi_encrypted);
2957
gcry_mpi_release (mpi_plain);
2958
gcry_free (opts_em);
2965
/* Decryptes the cipher message contained in C, which is of size C_N,
2966
with the secret key KEY_SECRET according to the Encryption Scheme
2967
SCHEME_ID. Handle is used for accessing the low-level
2968
cryptographic primitives. If OPTS is not NULL, it has to be an
2969
anonymous structure specific to the chosen scheme (gcry_ac_es_*_t).
2970
The decrypted message will be stored in M and M_N. */
2972
_gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle,
2973
gcry_ac_scheme_t scheme_id,
2974
unsigned int flags, void *opts,
2976
gcry_ac_io_t *io_cipher,
2977
gcry_ac_io_t *io_message)
2981
gcry_ac_data_t data_encrypted;
2984
gcry_mpi_t mpi_encrypted;
2985
gcry_mpi_t mpi_decrypted;
2987
ac_scheme_t *scheme;
2989
size_t elements_enc_n;
2996
return gpg_error (GPG_ERR_NOT_SUPPORTED);
2998
data_encrypted = NULL;
2999
mpi_encrypted = NULL;
3000
mpi_decrypted = NULL;
3001
elements_enc = NULL;
3006
scheme = ac_scheme_get (scheme_id);
3009
err = gcry_error (GPG_ERR_NO_ENCRYPTION_SCHEME);
3013
if (key->type != GCRY_AC_KEY_SECRET)
3015
err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
3019
err = _gcry_ac_io_read_all (io_cipher, &c, &c_n);
3023
mpi_encrypted = gcry_mpi_snew (0);
3024
gcry_ac_os_to_mpi (mpi_encrypted, c, c_n);
3026
err = _gcry_pk_get_elements (handle->algorithm, &elements_enc, NULL);
3030
elements_enc_n = strlen (elements_enc);
3031
if (elements_enc_n != 1)
3034
err = gcry_error (GPG_ERR_CONFLICT);
3038
err = _gcry_ac_data_new (&data_encrypted);
3042
err = _gcry_ac_data_set (data_encrypted, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC,
3043
elements_enc, mpi_encrypted);
3047
err = _gcry_ac_data_decrypt (handle, 0, key, &mpi_decrypted, data_encrypted);
3051
err = _gcry_ac_mpi_to_os_alloc (mpi_decrypted, &em, &em_n);
3055
err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
3059
_gcry_ac_io_init (&io_em, GCRY_AC_IO_READABLE,
3060
GCRY_AC_IO_STRING, em, em_n);
3062
err = _gcry_ac_data_decode (scheme->scheme_encoding, 0, opts_em,
3063
&io_em, io_message);
3069
_gcry_ac_data_destroy (data_encrypted);
3070
gcry_mpi_release (mpi_encrypted);
3071
gcry_mpi_release (mpi_decrypted);
3072
free (elements_enc);
3073
gcry_free (opts_em);
3081
/* Signs the message contained in M, which is of size M_N, with the
3082
secret key KEY according to the Signature Scheme SCHEME_ID. Handle
3083
is used for accessing the low-level cryptographic primitives. If
3084
OPTS is not NULL, it has to be an anonymous structure specific to
3085
the chosen scheme (gcry_ac_ssa_*_t). The signed message will be
3086
stored in S and S_N. */
3088
_gcry_ac_data_sign_scheme (gcry_ac_handle_t handle,
3089
gcry_ac_scheme_t scheme_id,
3090
unsigned int flags, void *opts,
3092
gcry_ac_io_t *io_message,
3093
gcry_ac_io_t *io_signature)
3097
gcry_ac_data_t data_signed;
3102
unsigned char *buffer;
3104
gcry_mpi_t mpi_signed;
3105
ac_scheme_t *scheme;
3110
return gpg_error (GPG_ERR_NOT_SUPPORTED);
3119
if (key->type != GCRY_AC_KEY_SECRET)
3121
err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
3125
scheme = ac_scheme_get (scheme_id);
3128
/* FIXME: adjust api of scheme_get in respect to err codes. */
3129
err = gcry_error (GPG_ERR_NO_SIGNATURE_SCHEME);
3133
err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
3137
_gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE,
3138
GCRY_AC_IO_STRING, &em, &em_n);
3140
err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em,
3141
io_message, &io_em);
3145
mpi = gcry_mpi_new (0);
3146
_gcry_ac_os_to_mpi (mpi, em, em_n);
3148
err = _gcry_ac_data_sign (handle, key, mpi, &data_signed);
3152
err = ac_data_set_to_mpi (data_signed, &mpi_signed);
3156
err = _gcry_ac_mpi_to_os_alloc (mpi_signed, &buffer, &buffer_n);
3160
err = _gcry_ac_io_write (io_signature, buffer, buffer_n);
3164
_gcry_ac_data_destroy (data_signed);
3165
gcry_mpi_release (mpi_signed);
3166
gcry_mpi_release (mpi);
3167
gcry_free (opts_em);
3174
/* Verifies that the signature contained in S, which is of length S_N,
3175
is indeed the result of signing the message contained in M, which
3176
is of size M_N, with the secret key belonging to the public key
3177
KEY_PUBLIC. If OPTS is not NULL, it has to be an anonymous
3178
structure (gcry_ac_ssa_*_t) specific to the Signature Scheme, whose
3179
ID is contained in SCHEME_ID. */
3181
_gcry_ac_data_verify_scheme (gcry_ac_handle_t handle,
3182
gcry_ac_scheme_t scheme_id,
3183
unsigned int flags, void *opts,
3185
gcry_ac_io_t *io_message,
3186
gcry_ac_io_t *io_signature)
3190
gcry_ac_data_t data_signed;
3194
gcry_mpi_t mpi_signature;
3195
gcry_mpi_t mpi_data;
3196
ac_scheme_t *scheme;
3198
size_t elements_sig_n;
3205
return gpg_error (GPG_ERR_NOT_SUPPORTED);
3207
mpi_signature = NULL;
3208
elements_sig = NULL;
3215
if (key->type != GCRY_AC_KEY_PUBLIC)
3217
err = gcry_error (GPG_ERR_WRONG_KEY_USAGE);
3221
scheme = ac_scheme_get (scheme_id);
3224
err = gcry_error (GPG_ERR_NO_SIGNATURE_SCHEME);
3228
err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em);
3232
_gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE,
3233
GCRY_AC_IO_STRING, &em, &em_n);
3235
err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em,
3236
io_message, &io_em);
3240
mpi_data = gcry_mpi_new (0);
3241
_gcry_ac_os_to_mpi (mpi_data, em, em_n);
3243
err = _gcry_ac_io_read_all (io_signature, &s, &s_n);
3247
mpi_signature = gcry_mpi_new (0);
3248
_gcry_ac_os_to_mpi (mpi_signature, s, s_n);
3250
err = _gcry_pk_get_elements (handle->algorithm, NULL, &elements_sig);
3254
elements_sig_n = strlen (elements_sig);
3255
if (elements_sig_n != 1)
3258
err = gcry_error (GPG_ERR_CONFLICT);
3262
err = _gcry_ac_data_new (&data_signed);
3266
err = _gcry_ac_data_set (data_signed, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC,
3267
elements_sig, mpi_signature);
3271
gcry_mpi_release (mpi_signature);
3272
mpi_signature = NULL;
3274
err = _gcry_ac_data_verify (handle, key, mpi_data, data_signed);
3278
_gcry_ac_data_destroy (data_signed);
3279
gcry_mpi_release (mpi_signature);
3280
gcry_mpi_release (mpi_data);
3281
free (elements_sig);
3282
gcry_free (opts_em);
3291
* General functions.
3295
_gcry_ac_init (void)
3298
return GPG_ERR_NOT_SUPPORTED;
added
removed
grub-core/lib/libgcrypt/cipher/ac.c
