Browse Source

Fixing signature generation

Fixing referencing issue when writing out the signature
master
David Lanzendörfer 11 months ago
parent
commit
de7ae0b221
10 changed files with 100 additions and 90 deletions
  1. +1
    -1
      include/netpgp/crypto.h
  2. +1
    -1
      src/crypto.c
  3. +2
    -2
      src/main.c
  4. +42
    -35
      src/misc.c
  5. +4
    -2
      src/netpgp.c
  6. +1
    -13
      src/openssl_crypto.c
  7. +33
    -22
      src/signature.c
  8. +12
    -0
      src/ssl_crypto.c
  9. +2
    -11
      src/symmetric_openssl.c
  10. +2
    -3
      src/validate.c

+ 1
- 1
include/netpgp/crypto.h View File

@ -73,7 +73,7 @@
#define PGP_MIN_HASH_SIZE 16
#if defined(HAVE_GSKSSL)
unsigned gsk_num_bits ( gsk_buffer *bn );
unsigned gsk_num_bits ( const gsk_buffer *bn );
#endif
/** pgp_hash_t */


+ 1
- 1
src/crypto.c View File

@ -77,7 +77,7 @@ __RCSID("$NetBSD$");
#include <netpgp/validate.h>
#if defined(HAVE_GSKSSL)
unsigned gsk_num_bits ( gsk_buffer *bn )
unsigned gsk_num_bits ( const gsk_buffer *bn )
{
unsigned r = (bn->length-1)*8;
uint8_t x = ((uint8_t*)bn->data)[0];


+ 2
- 2
src/main.c View File

@ -383,9 +383,9 @@ int pgp_generate_keypair(netpgp_t *netpgp, prog_t *p)
newseckey = pgp_keydata_new();
newpubkey = pgp_keydata_new();
if (!pgp_rsa_generate_keypair(newseckey, 1024, 65537UL, hashalg, cipher, (const uint8_t *) "foo", (const size_t) 3)) return 0;
if (!pgp_rsa_generate_keypair(newseckey, 2048, 65537UL, hashalg, cipher, (const uint8_t *) "", (const size_t) 0)) return 0;
/* make a public key out of generated secret key */
if((newpubkey = pgp_ensure_pubkey(netpgp->pubring, &newseckey->key.seckey.pubkey, newseckey->pubkeyid))==NULL) return 0;
if( ( newpubkey = pgp_ensure_pubkey( netpgp->pubring, &newseckey->key.seckey.pubkey, newseckey->pubkeyid ) )==NULL) return 0;
if (!pgp_add_selfsigned_userid(newseckey, newpubkey, (uint8_t *)newid, 365*24*3600)) return 0;
if (newpubkey == NULL) return 0;
if (!pgp_keyring_add(netpgp->secring, newseckey)) return 0;


+ 42
- 35
src/misc.c View File

@ -407,43 +407,50 @@ pgp_fingerprint(pgp_fingerprint_t *fp, const pgp_pubkey_t *key, pgp_hash_alg_t h
pgp_memory_t *mem;
pgp_hash_t hash;
uint32_t len;
memset(&hash, 0, sizeof(pgp_hash_t));
mem = pgp_memory_new();
if (key->version == 2 || key->version == 3) {
if (key->alg != PGP_PKA_RSA &&
key->alg != PGP_PKA_RSA_ENCRYPT_ONLY &&
key->alg != PGP_PKA_RSA_SIGN_ONLY) {
(void) fprintf(stderr,
"pgp_fingerprint: bad algorithm\n");
return 0;
}
pgp_hash_md5(&hash);
if (!hash.init(&hash)) {
(void) fprintf(stderr, "pgp_fingerprint: bad md5 alloc\n");
return 0;
}
hash_bignum(&hash, key->key.rsa.n);
hash_bignum(&hash, key->key.rsa.e);
fp->length = hash.finish(&hash, fp->fingerprint);
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "v2/v3 fingerprint", fp->fingerprint, fp->length);
}
} else {
pgp_build_pubkey(mem, key, 0);
pgp_hash_sha1(&hash);
if (!hash.init(&hash)) {
(void) fprintf(stderr, "pgp_fingerprint: bad sha1 alloc\n");
return 0;
}
len = (unsigned)pgp_mem_len(mem);
pgp_hash_add_int(&hash, 0x99, 1);
pgp_hash_add_int(&hash, len, 2);
hash.add(&hash, pgp_mem_data(mem), len);
fp->length = hash.finish(&hash, fp->fingerprint);
pgp_memory_free(mem);
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sha1 fingerprint", fp->fingerprint, fp->length);
}
switch ( key->version ) {
case PGP_V2:
case PGP_V3:
if (key->alg != PGP_PKA_RSA &&
key->alg != PGP_PKA_RSA_ENCRYPT_ONLY &&
key->alg != PGP_PKA_RSA_SIGN_ONLY) {
(void) fprintf(stderr,
"pgp_fingerprint: bad algorithm\n");
return 0;
}
pgp_hash_md5(&hash);
if (!hash.init(&hash)) {
(void) fprintf(stderr, "pgp_fingerprint: bad md5 alloc\n");
return 0;
}
hash_bignum(&hash, key->key.rsa.n);
hash_bignum(&hash, key->key.rsa.e);
fp->length = hash.finish(&hash, fp->fingerprint);
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "v2/v3 fingerprint", fp->fingerprint, fp->length);
}
break;
default:
case PGP_V4:
pgp_build_pubkey(mem, key, 0);
pgp_hash_sha1( &hash );
if (! hash.init(&hash)) {
(void) fprintf(stderr, "pgp_fingerprint: bad sha1 alloc\n");
return 0;
}
len = (unsigned)pgp_mem_len(mem);
pgp_hash_add_int(&hash, 0x99, 1);
pgp_hash_add_int(&hash, len, 2);
hash.add(&hash, pgp_mem_data(mem), len);
fp->length = hash.finish(&hash, fp->fingerprint);
pgp_memory_free(mem);
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "sha1 fingerprint", fp->fingerprint, fp->length);
}
break;
}
return 1;
}


+ 4
- 2
src/netpgp.c View File

@ -315,8 +315,10 @@ netpgp_init(netpgp_t *netpgp)
(void) fprintf(io->errs, "Can't alloc secring\n");
return 0;
}
memset(netpgp->secring,0,sizeof(pgp_keyring_t));
memset(netpgp->pubring,0,sizeof(pgp_keyring_t));
memset(netpgp->secring, 0, sizeof(pgp_keyring_t));
memset(netpgp->pubring, 0, sizeof(pgp_keyring_t));
netpgp->secring->hashtype = PGP_HASH_SHA1;
netpgp->pubring->hashtype = PGP_HASH_SHA1;
/* only read public keys if we need to */
if (netpgp_getvar(netpgp, "need pubkey")) {


+ 1
- 13
src/openssl_crypto.c View File

@ -678,18 +678,6 @@ pgp_crypto_finish(void)
// CRYPTO_cleanup_all_ex_data();
}
/**
\ingroup Core_Hashes
\brief Get Hash name
\param hash Hash struct
\return Hash name
*/
const char *
pgp_text_from_hash(pgp_hash_t *hash)
{
return hash->name;
}
/**
\ingroup HighLevel_KeyGenerate
\brief Generates an RSA keypair
@ -762,7 +750,7 @@ pgp_rsa_generate_keypair(pgp_key_t *keydata,
/* seckey->s2k_usage = PGP_S2KU_ENCRYPTED_AND_HASHED; */
seckey->s2k_usage = PGP_S2KU_NONE;
/* seckey->s2k_specifier = PGP_S2KS_SALTED;*/
/* seckey->s2k_specifier=PGP_S2KS_SIMPLE; */
seckey->s2k_specifier = PGP_S2KS_SIMPLE;
if ((seckey->hash_alg = pgp_str_to_hash_alg(hashalg)) == PGP_HASH_UNKNOWN) {
seckey->hash_alg = PGP_HASH_SHA1;
}


+ 33
- 22
src/signature.c View File

@ -165,23 +165,29 @@ rsa_sign(pgp_hash_t *hash,
#if defined(HAVE_OPENSSL)
BIGNUM *bn;
#elif defined(HAVE_GSKSSL)
gsk_buffer bn;
gsk_buffer *bn;
#endif
if (strcmp(hash->name, "SHA1") == 0) {
hashsize = PGP_SHA1_HASH_SIZE + sizeof(prefix_sha1);
prefix = prefix_sha1;
prefixsize = sizeof(prefix_sha1);
expected = PGP_SHA1_HASH_SIZE;
} else if (strcmp(hash->name, "SHA256") == 0) {
hashsize = PGP_SHA256_HASH_SIZE + sizeof(prefix_sha256);
prefix = prefix_sha256;
prefixsize = sizeof(prefix_sha256);
expected = PGP_SHA256_HASH_SIZE;
} else {
hashsize = PGP_SHA512_HASH_SIZE + sizeof(prefix_sha512);
prefix = prefix_sha512;
prefixsize = sizeof(prefix_sha512);
expected = PGP_SHA512_HASH_SIZE;
switch( hash->alg ) {
default:
hash->alg = PGP_HASH_SHA1;
case PGP_HASH_SHA1:
hashsize = PGP_SHA1_HASH_SIZE + sizeof(prefix_sha1);
prefix = prefix_sha1;
prefixsize = sizeof(prefix_sha1);
expected = PGP_SHA1_HASH_SIZE;
break;
case PGP_HASH_SHA256:
hashsize = PGP_SHA256_HASH_SIZE + sizeof(prefix_sha256);
prefix = prefix_sha256;
prefixsize = sizeof(prefix_sha256);
expected = PGP_SHA256_HASH_SIZE;
break;
case PGP_HASH_SHA512:
hashsize = PGP_SHA512_HASH_SIZE + sizeof(prefix_sha512);
prefix = prefix_sha512;
prefixsize = sizeof(prefix_sha512);
expected = PGP_SHA512_HASH_SIZE;
break;
}
#if defined(HAVE_OPENSSL)
keysize = (BN_num_bits(pubrsa->n) + 7) / 8;
@ -224,19 +230,24 @@ rsa_sign(pgp_hash_t *hash,
}
t = pgp_rsa_private_encrypt(sigbuf, hashbuf, keysize, secrsa, pubrsa);
#if defined(HAVE_OPENSSL)
bn = BN_bin2bn(sigbuf, (int)t, NULL);
#elif defined(HAVE_GSKSSL)
bn.data=malloc(t);
bn.length=t;
memcpy(bn.data,sigbuf,t);
bn = malloc(sizeof(gsk_buffer));
bn->data = malloc(t);
bn->length = t;
memcpy( bn->data, sigbuf, t );
#endif
pgp_write_mpi(out, &bn);
pgp_write_mpi(out, bn);
#if defined(HAVE_OPENSSL)
BN_free(bn);
BN_free( bn );
#elif defined(HAVE_GSKSSL)
gsk_free_buffer(&bn);
gsk_free_buffer( bn );
#endif
return 1;
}


+ 12
- 0
src/ssl_crypto.c View File

@ -49,3 +49,15 @@ pgp_rsa_new_selfsign_key(const int numbits,
return keydata;
}
/**
\ingroup Core_Hashes
\brief Get Hash name
\param hash Hash struct
\return Hash name
*/
const char *
pgp_text_from_hash(pgp_hash_t *hash)
{
return pgp_show_hash_alg( hash->alg );
}

+ 2
- 11
src/symmetric_openssl.c View File

@ -107,7 +107,6 @@ std_finish(pgp_crypt_t *crypt)
static int
cast5_init(pgp_crypt_t *crypt)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
if (crypt->encrypt_key) {
free(crypt->encrypt_key);
}
@ -127,33 +126,25 @@ cast5_init(pgp_crypt_t *crypt)
static void
cast5_block_encrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
CAST_ecb_encrypt(in, out, crypt->encrypt_key, CAST_ENCRYPT);
}
static void
cast5_block_decrypt(pgp_crypt_t *crypt, void *out, const void *in)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
CAST_ecb_encrypt(in, out, crypt->encrypt_key, CAST_DECRYPT);
}
static void
cast5_cfb_encrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
CAST_cfb64_encrypt(in, out, (long)count,
crypt->encrypt_key, crypt->iv, &crypt->num,
CAST_ENCRYPT);
CAST_cfb64_encrypt(in, out, (long)count, crypt->encrypt_key, crypt->iv, &crypt->num, CAST_ENCRYPT);
}
static void
cast5_cfb_decrypt(pgp_crypt_t *crypt, void *out, const void *in, size_t count)
{
printf("%s:%d, %s\n",__FILE__,__LINE__,__FUNCTION__);
CAST_cfb64_encrypt(in, out, (long)count,
crypt->encrypt_key, crypt->iv, &crypt->num,
CAST_DECRYPT);
CAST_cfb64_encrypt(in, out, (long)count, crypt->encrypt_key, crypt->iv, &crypt->num, CAST_DECRYPT);
}
static pgp_crypt_t cast5 =


+ 2
- 3
src/validate.c View File

@ -771,15 +771,14 @@ static pgp_cb_ret_t key_filter_cb (
validate_key_cb_t *vdata,
const pgp_subpacket_t *sigpkt)
{
pgp_key_t *pubkey;
pgp_key_t *pubkey = NULL;
pgp_key_t *seckey = NULL;
key_filter_cb_t *filter = vdata->on_valid_args;
if(vdata->not_commited){
if((filter->pubkey = pgp_ensure_pubkey(
filter->destpubring,
(vdata->type == PGP_PTAG_CT_PUBLIC_KEY) ? &vdata->key.pubkey : &vdata->key.seckey.pubkey,
vdata->pubkeyid)) == NULL ) {
(vdata->type == PGP_PTAG_CT_PUBLIC_KEY) ? &vdata->key.pubkey : &vdata->key.seckey.pubkey, vdata->pubkeyid)) == NULL ) {
return PGP_RELEASE_MEMORY;
}
filter->seckey = NULL;


Loading…
Cancel
Save