Browse Source

The netpgp binary now compiles and runs

Finally made it compile through and I now can execute the netpgp command
on z/OS, now we can test all the basic functions and develop from here.
master
David Lanzendörfer 2 months ago
parent
commit
e31b1b5556
21 changed files with 3156 additions and 1164 deletions
  1. +1
    -1
      Makefile.am
  2. +1
    -1
      ax_check_gskssl.m4
  3. +11
    -6
      configure.ac
  4. +3
    -0
      include/netpgp/netpgpdefs.h
  5. +25
    -5
      src/Makefile.am
  6. +16
    -3
      src/compress.c
  7. +15
    -3
      src/create.c
  8. +6
    -2
      src/crypto.c
  9. +1027
    -0
      src/getopt.c
  10. +130
    -0
      src/getopt.h
  11. +176
    -0
      src/getopt1.c
  12. +57
    -0
      src/gettext.h
  13. +500
    -0
      src/gskssl_crypto.c
  14. +2
    -0
      src/keyring.c
  15. +1
    -4
      src/main.c
  16. +6
    -2
      src/misc.c
  17. +7
    -0
      src/netpgp.c
  18. +21
    -0
      src/packet-parse.c
  19. +6
    -0
      src/reader.c
  20. +6
    -0
      src/signature.c
  21. +1139
    -1137
      src/writer.c

+ 1
- 1
Makefile.am View File

@ -1,3 +1,3 @@
## $NetBSD$
SUBDIRS = . include src
SUBDIRS = . include src

+ 1
- 1
ax_check_gskssl.m4 View File

@ -44,7 +44,7 @@ AC_DEFUN([AX_CHECK_GSKSSL], [
if test -f "$ssldir/lib/GSKSSL.x"; then
GSKSSL_INCLUDES="-I$ssldir/include"
GSKSSL_LDFLAGS="-L$ssldir/lib"
GSKSSL_LIBS="$ssldir/lib/GSKSSL.x"
GSKSSL_LIBS="$ssldir/lib/GSKSSL.x $ssldir/lib/GSKCMS64.x"
found=true
AC_MSG_RESULT([yes])
fi


+ 11
- 6
configure.ac View File

@ -25,6 +25,7 @@ AC_PROG_MAKE_SET
AC_PROG_AWK
AC_PROG_CC
AC_PROG_INSTALL
AM_PROG_AR
AC_PROG_LIBTOOL
AC_PROG_LN_S
@ -61,13 +62,17 @@ AC_CHECK_HEADERS([sys/cdefs.h sys/file.h sys/mman.h\
sys/resource.h sys/uio.h])
platform_name=$(uname)
AS_IF([test "$platform_name" == "OS/390"],[AC_MSG_NOTICE([z/OS detected... Skipping some headers])],[
AC_CHECK_HEADERS([sys/param.h getopt.h])
AS_IF([test "$platform_name" == "OS/390"],[
AC_MSG_NOTICE([z/OS detected... Skipping some headers])
ZLIB_FLAG="-lzz"
],[
AC_CHECK_HEADERS([sys/param.h])
AC_CHECK_HEADERS([bzlib.h], [], [
AC_MSG_FAILURE([missing <bzlib.h>; is bzip2 installed?])
])
AC_CHECK_HEADERS([bzlib.h],
[],
[AC_MSG_FAILURE([missing <bzlib.h>; is bzip2 installed?])])
ZLIB_FLAG="-lz"
])
AC_SUBST([ZLIB_FLAG])
# Checks for typedefs, structures, and compiler characteristics.
#


+ 3
- 0
include/netpgp/netpgpdefs.h View File

@ -72,7 +72,10 @@ void *pgp_new(size_t);
#ifdef HAVE_GSKSSL
#define CAST_KEY_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define SHA224_DIGEST_LENGTH 28
#define MAXPATHLEN _POSIX_PATH_MAX
#define SHA384_DIGEST_LENGTH 48
#define MD5_DIGEST_LENGTH 16
#endif
#endif /* !NETPGPDEFS_H_ */

+ 25
- 5
src/Makefile.am View File

@ -1,10 +1,9 @@
## $NetBSD$
AM_CFLAGS = $(WARNCFLAGS)
lib_LTLIBRARIES = libnetpgp.la
libnetpgp_la_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/netpgp -D_GNU_SOURCE
libnetpgp_la_LDFLAGS = $(ZLIB_FLAG)
libnetpgp_la_SOURCES = \
compress.c \
@ -14,6 +13,7 @@ libnetpgp_la_SOURCES = \
misc.c \
netpgp.c \
openssl_crypto.c \
gskssl_crypto.c \
packet-parse.c \
packet-show.c \
reader.c \
@ -23,6 +23,26 @@ libnetpgp_la_SOURCES = \
writer.c
bin_PROGRAMS = netpgp
netpgp_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/netpgp -D_GNU_SOURCE
netpgp_LDFLAGS = -L$(top_builddir)/src -lnetpgp
netpgp_SOURCES = main.c
netpgp_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/include -I$(top_srcdir)/include/netpgp -D_GNU_SOURCE
LDADD = $(GSKSSL_LIBS) $(ZLIB_FLAG)
netpgp_LDFLAGS =
netpgp_SOURCES = \
main.c \
getopt.c \
getopt1.c \
compress.c \
create.c \
crypto.c \
keyring.c \
misc.c \
netpgp.c \
openssl_crypto.c \
gskssl_crypto.c \
packet-parse.c \
packet-show.c \
reader.c \
signature.c \
symmetric.c \
validate.c \
writer.c

+ 16
- 3
src/compress.c View File

@ -80,6 +80,7 @@ __RCSID("$NetBSD$");
#define DECOMPRESS_BUFFER 1024
#ifdef HAVE_ZLIB_H
typedef struct {
pgp_compression_type_t type;
pgp_region_t *region;
@ -89,6 +90,7 @@ typedef struct {
size_t offset;
int inflate_ret;
} z_decompress_t;
#endif
#ifdef HAVE_BZLIB_H
typedef struct {
@ -102,12 +104,15 @@ typedef struct {
} bz_decompress_t;
#endif
#ifdef HAVE_ZLIB_H
typedef struct {
z_stream stream;
uint8_t *src;
uint8_t *dst;
} compress_t;
#endif
#ifdef HAVE_ZLIB_H
/*
* \todo re move code duplication between this and
* bzip2_compressed_data_reader
@ -199,6 +204,7 @@ zlib_compressed_data_reader(pgp_stream_t *stream, void *dest, size_t length,
return (int)length;
}
#endif
#ifdef HAVE_BZLIB_H
/* \todo remove code duplication between this and zlib_compressed_data_reader */
@ -292,7 +298,9 @@ int
pgp_decompress(pgp_region_t *region, pgp_stream_t *stream,
pgp_compression_type_t type)
{
#ifdef HAVE_ZLIB_H
z_decompress_t z;
#endif
#ifdef HAVE_BZLIB_H
bz_decompress_t bz;
#endif
@ -300,6 +308,7 @@ pgp_decompress(pgp_region_t *region, pgp_stream_t *stream,
int ret;
switch (type) {
#ifdef HAVE_ZLIB_H
case PGP_C_ZIP:
case PGP_C_ZLIB:
(void) memset(&z, 0x0, sizeof(z));
@ -316,7 +325,7 @@ pgp_decompress(pgp_region_t *region, pgp_stream_t *stream,
z.zstream.opaque = Z_NULL;
break;
#endif
#ifdef HAVE_BZLIB_H
case PGP_C_BZIP2:
(void) memset(&bz, 0x0, sizeof(bz));
@ -343,6 +352,7 @@ pgp_decompress(pgp_region_t *region, pgp_stream_t *stream,
}
switch (type) {
#ifdef HAVE_ZLIB_H
case PGP_C_ZIP:
/* LINTED */ /* this is a lint problem in zlib.h header */
ret = (int)inflateInit2(&z.zstream, -15);
@ -352,7 +362,7 @@ pgp_decompress(pgp_region_t *region, pgp_stream_t *stream,
/* LINTED */ /* this is a lint problem in zlib.h header */
ret = (int)inflateInit(&z.zstream);
break;
#endif
#ifdef HAVE_BZLIB_H
case PGP_C_BZIP2:
ret = BZ2_bzDecompressInit(&bz.bzstream, 1, 0);
@ -367,6 +377,7 @@ pgp_decompress(pgp_region_t *region, pgp_stream_t *stream,
}
switch (type) {
#ifdef HAVE_ZLIB_H
case PGP_C_ZIP:
case PGP_C_ZLIB:
if (ret != Z_OK) {
@ -378,7 +389,7 @@ pgp_decompress(pgp_region_t *region, pgp_stream_t *stream,
pgp_reader_push(stream, zlib_compressed_data_reader,
NULL, &z);
break;
#endif
#ifdef HAVE_BZLIB_H
case PGP_C_BZIP2:
if (ret != BZ_OK) {
@ -406,6 +417,7 @@ pgp_decompress(pgp_region_t *region, pgp_stream_t *stream,
return ret;
}
#ifdef HAVE_ZLIB_H
/**
\ingroup Core_WritePackets
\brief Writes Compressed packet
@ -489,3 +501,4 @@ pgp_writez(pgp_output_t *out, const uint8_t *data, const unsigned len)
free(zip);
return ret;
}
#endif

+ 15
- 3
src/create.c View File

@ -99,6 +99,13 @@ __RCSID("$NetBSD$");
* \return 1 if OK, otherwise 0
*/
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
#ifndef MAX
#define MAX(a,b) (((a)>(b))?(a):(b))
#endif
unsigned
pgp_write_ss_header(pgp_output_t *output,
size_t length,
@ -948,8 +955,9 @@ unsigned
encode_m_buf(const uint8_t *M, size_t mLen, const pgp_pubkey_t * pubkey,
uint8_t *EM)
{
unsigned k;
unsigned i;
#ifdef HAVE_OPENSSL_BN_H
unsigned k;
unsigned i;
/* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */
switch (pubkey->alg) {
@ -990,6 +998,7 @@ encode_m_buf(const uint8_t *M, size_t mLen, const pgp_pubkey_t * pubkey,
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "Encoded Message:", EM, mLen);
}
#endif
return 1;
}
@ -1011,7 +1020,7 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
* Encryption used is PK,
* can be any, we're hardcoding RSA for now
*/
#ifdef HAVE_OPENSSL_BN_H
pgp_pubkey_t *pubkey;
pgp_pk_sesskey_t *sesskey;
pgp_symm_alg_t cipher;
@ -1140,6 +1149,7 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
free(unencoded_m_buf);
free(encoded_m_buf);
return sesskey;
#endif
}
/**
@ -1152,6 +1162,7 @@ pgp_create_pk_sesskey(pgp_key_t *key, const char *ciphername, pgp_pk_sesskey_t *
unsigned
pgp_write_pk_sesskey(pgp_output_t *output, pgp_pk_sesskey_t *pksk)
{
#ifdef HAVE_OPENSSL_BN_H
/* XXX - Flexelint - Pointer parameter 'pksk' (line 1076) could be declared as pointing to const */
if (pksk == NULL) {
(void) fprintf(stderr,
@ -1187,6 +1198,7 @@ pgp_write_pk_sesskey(pgp_output_t *output, pgp_pk_sesskey_t *pksk)
"pgp_write_pk_sesskey: bad algorithm\n");
return 0;
}
#endif
}
/**


+ 6
- 2
src/crypto.c View File

@ -93,6 +93,7 @@ pgp_decrypt_decode_mpi(uint8_t *buf,
const BIGNUM *encmpi,
const pgp_seckey_t *seckey)
{
#ifdef HAVE_OPENSSL_BN_H
unsigned mpisize;
uint8_t encmpibuf[NETPGP_BUFSIZ];
uint8_t mpibuf[NETPGP_BUFSIZ];
@ -191,6 +192,7 @@ pgp_decrypt_decode_mpi(uint8_t *buf,
(void) fprintf(stderr, "pubkey algorithm wrong\n");
return -1;
}
#endif
}
/**
@ -203,7 +205,7 @@ pgp_rsa_encrypt_mpi(const uint8_t *encoded_m_buf,
const pgp_pubkey_t * pubkey,
pgp_pk_sesskey_params_t * skp)
{
#ifdef HAVE_OPENSSL_BN_H
uint8_t encmpibuf[NETPGP_BUFSIZ];
int n;
@ -227,6 +229,7 @@ pgp_rsa_encrypt_mpi(const uint8_t *encoded_m_buf,
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "encrypted mpi", encmpibuf, 16);
}
#endif
return 1;
}
@ -240,7 +243,7 @@ pgp_elgamal_encrypt_mpi(const uint8_t *encoded_m_buf,
const pgp_pubkey_t * pubkey,
pgp_pk_sesskey_params_t * skp)
{
#ifdef HAVE_OPENSSL_BN_H
uint8_t encmpibuf[NETPGP_BUFSIZ];
uint8_t g_to_k[NETPGP_BUFSIZ];
int n;
@ -266,6 +269,7 @@ pgp_elgamal_encrypt_mpi(const uint8_t *encoded_m_buf,
if (pgp_get_debug_level(__FILE__)) {
hexdump(stderr, "encrypted mpi", encmpibuf, 16);
}
#endif
return 1;
}


+ 1027
- 0
src/getopt.c
File diff suppressed because it is too large
View File


+ 130
- 0
src/getopt.h View File

@ -0,0 +1,130 @@
/* Declarations for getopt.
Copyright (C) 1989-2016 Free Software Foundation, Inc.
NOTE: The canonical source of this file is maintained with the GNU C Library.
Bugs can be reported to bug-glibc@gnu.org.
GNU Make is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3 of the License, or (at your option) any later
version.
GNU Make is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program. If not, see <http://www.gnu.org/licenses/>. */
#ifndef _GETOPT_H
#define _GETOPT_H 1
#ifdef __cplusplus
extern "C" {
#endif
/* For communication from `getopt' to the caller.
When `getopt' finds an option that takes an argument,
the argument value is returned here.
Also, when `ordering' is RETURN_IN_ORDER,
each non-option ARGV-element is returned here. */
extern char *optarg;
/* Index in ARGV of the next element to be scanned.
This is used for communication to and from the caller
and for communication between successive calls to `getopt'.
On entry to `getopt', zero means this is the first call; initialize.
When `getopt' returns -1, this is the index of the first of the
non-option elements that the caller should itself scan.
Otherwise, `optind' communicates from one call to the next
how much of ARGV has been scanned so far. */
extern int optind;
/* Callers store zero here to inhibit the error message `getopt' prints
for unrecognized options. */
extern int opterr;
/* Set to an option character which was unrecognized. */
extern int optopt;
/* Describe the long-named options requested by the application.
The LONG_OPTIONS argument to getopt_long or getopt_long_only is a vector
of `struct option' terminated by an element containing a name which is
zero.
The field `has_arg' is:
no_argument (or 0) if the option does not take an argument,
required_argument (or 1) if the option requires an argument,
optional_argument (or 2) if the option takes an optional argument.
If the field `flag' is not NULL, it points to a variable that is set
to the value given in the field `val' when the option is found, but
left unchanged if the option is not found.
To have a long-named option do something other than set an `int' to
a compiled-in constant, such as set a value from `optarg', set the
option's `flag' field to zero and its `val' field to a nonzero
value (the equivalent single-letter option character, if there is
one). For long options that have a zero `flag' field, `getopt'
returns the contents of the `val' field. */
struct option
{
#if defined (__STDC__) && __STDC__
const char *name;
#else
char *name;
#endif
/* has_arg can't be an enum because some compilers complain about
type mismatches in all the code that assumes it is an int. */
int has_arg;
int *flag;
int val;
};
/* Names for the values of the `has_arg' field of `struct option'. */
#define no_argument 0
#define required_argument 1
#define optional_argument 2
#if defined (__STDC__) && __STDC__
#ifdef __GNU_LIBRARY__
/* Many other libraries have conflicting prototypes for getopt, with
differences in the consts, in stdlib.h. To avoid compilation
errors, only prototype getopt for the GNU C library. */
extern int getopt (int argc, char *const *argv, const char *shortopts);
#else /* not __GNU_LIBRARY__ */
extern int getopt ();
#endif /* __GNU_LIBRARY__ */
extern int getopt_long (int argc, char *const *argv, const char *shortopts,
const struct option *longopts, int *longind);
extern int getopt_long_only (int argc, char *const *argv,
const char *shortopts,
const struct option *longopts, int *longind);
/* Internal only. Users should not call this directly. */
extern int _getopt_internal (int argc, char *const *argv,
const char *shortopts,
const struct option *longopts, int *longind,
int long_only);
#else /* not __STDC__ */
extern int getopt ();
extern int getopt_long ();
extern int getopt_long_only ();
extern int _getopt_internal ();
#endif /* __STDC__ */
#ifdef __cplusplus
}
#endif
#endif /* getopt.h */

+ 176
- 0
src/getopt1.c View File

@ -0,0 +1,176 @@
/* getopt_long and getopt_long_only entry points for GNU getopt.
Copyright (C) 1987-1994, 1996-2016 Free Software Foundation, Inc.
NOTE: The canonical source of this file is maintained with the GNU C Library.
Bugs can be reported to bug-glibc@gnu.org.
GNU Make is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3 of the License, or (at your option) any later
version.
GNU Make is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program. If not, see <http://www.gnu.org/licenses/>. */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include "getopt.h"
#if !defined __STDC__ || !__STDC__
/* This is a separate conditional since some stdc systems
reject `defined (const)'. */
#ifndef const
#define const
#endif
#endif
#include <stdio.h>
/* Comment out all this code if we are using the GNU C Library, and are not
actually compiling the library itself. This code is part of the GNU C
Library, but also included in many other GNU distributions. Compiling
and linking in this code is a waste when using the GNU C library
(especially if it is a shared library). Rather than having every GNU
program understand `configure --with-gnu-libc' and omit the object files,
it is simpler to just do this in the source for each such file. */
#define GETOPT_INTERFACE_VERSION 2
#if !defined _LIBC && defined __GLIBC__ && __GLIBC__ >= 2
#include <gnu-versions.h>
#if _GNU_GETOPT_INTERFACE_VERSION == GETOPT_INTERFACE_VERSION
#define ELIDE_CODE
#endif
#endif
#ifndef ELIDE_CODE
/* This needs to come after some library #include
to get __GNU_LIBRARY__ defined. */
#ifdef __GNU_LIBRARY__
#include <stdlib.h>
#endif
#ifndef NULL
#define NULL 0
#endif
int
getopt_long (int argc, char *const *argv, const char *options,
const struct option *long_options, int *opt_index)
{
return _getopt_internal (argc, argv, options, long_options, opt_index, 0);
}
/* Like getopt_long, but '-' as well as '--' can indicate a long option.
If an option that starts with '-' (not '--') doesn't match a long option,
but does match a short option, it is parsed as a short option
instead. */
int
getopt_long_only (int argc, char *const *argv, const char *options,
const struct option *long_options, int *opt_index)
{
return _getopt_internal (argc, argv, options, long_options, opt_index, 1);
}
#endif /* Not ELIDE_CODE. */
#ifdef TEST
#include <stdio.h>
int
main (int argc, char **argv)
{
int c;
int digit_optind = 0;
while (1)
{
int this_option_optind = optind ? optind : 1;
int option_index = 0;
static struct option long_options[] =
{
{"add", 1, 0, 0},
{"append", 0, 0, 0},
{"delete", 1, 0, 0},
{"verbose", 0, 0, 0},
{"create", 0, 0, 0},
{"file", 1, 0, 0},
{0, 0, 0, 0}
};
c = getopt_long (argc, argv, "abc:d:0123456789",
long_options, &option_index);
if (c == -1)
break;
switch (c)
{
case 0:
printf ("option %s", long_options[option_index].name);
if (optarg)
printf (" with arg %s", optarg);
printf ("\n");
break;
case '0':
case '1':
case '2':
case '3':
case '4':
case '5':
case '6':
case '7':
case '8':
case '9':
if (digit_optind != 0 && digit_optind != this_option_optind)
printf ("digits occur in two different argv-elements.\n");
digit_optind = this_option_optind;
printf ("option %c\n", c);
break;
case 'a':
printf ("option a\n");
break;
case 'b':
printf ("option b\n");
break;
case 'c':
printf ("option c with value '%s'\n", optarg);
break;
case 'd':
printf ("option d with value '%s'\n", optarg);
break;
case '?':
break;
default:
printf ("?? getopt returned character code 0%o ??\n", c);
}
}
if (optind < argc)
{
printf ("non-option ARGV-elements: ");
while (optind < argc)
printf ("%s ", argv[optind++]);
printf ("\n");
}
exit (0);
}
#endif /* TEST */

+ 57
- 0
src/gettext.h View File

@ -0,0 +1,57 @@
/* Convenience header for conditional use of GNU <libintl.h>.
Copyright (C) 1995-2016 Free Software Foundation, Inc.
This file is part of GNU Make.
GNU Make is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3 of the License, or (at your option) any later
version.
GNU Make is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
this program. If not, see <http://www.gnu.org/licenses/>. */
#ifndef _LIBGETTEXT_H
#define _LIBGETTEXT_H 1
/* NLS can be disabled through the configure --disable-nls option. */
#if ENABLE_NLS
/* Get declarations of GNU message catalog functions. */
# include <libintl.h>
#else
/* Disabled NLS.
The casts to 'const char *' serve the purpose of producing warnings
for invalid uses of the value returned from these functions.
On pre-ANSI systems without 'const', the config.h file is supposed to
contain "#define const". */
# define gettext(Msgid) ((const char *) (Msgid))
# define dgettext(Domainname, Msgid) ((const char *) (Msgid))
# define dcgettext(Domainname, Msgid, Category) ((const char *) (Msgid))
# define ngettext(Msgid1, Msgid2, N) \
((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
# define dngettext(Domainname, Msgid1, Msgid2, N) \
((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
# define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \
((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2))
# define textdomain(Domainname) ((const char *) (Domainname))
# define bindtextdomain(Domainname, Dirname) ((const char *) (Dirname))
# define bind_textdomain_codeset(Domainname, Codeset) ((const char *) (Codeset))
#endif
/* A pseudo function call that serves as a marker for the automated
extraction of messages, but does not call gettext(). The run-time
translation is done at a different place in the code.
The argument, String, should be a literal string. Concatenated strings
and other string expressions won't work.
The macro's expansion is not parenthesized, so that it is suitable as
initializer for static 'char[]' or 'const char[]' variables. */
#define gettext_noop(String) String
#endif /* _LIBGETTEXT_H */

+ 500
- 0
src/gskssl_crypto.c View File

@ -0,0 +1,500 @@
#include "config.h"
#ifdef HAVE_GSKSSL
#ifdef HAVE_SYS_CDEFS_H
#include <sys/cdefs.h>
#endif
#include <stdlib.h>
#include <string.h>
#include <gskcms.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include "crypto.h"
#include "keyring.h"
#include "readerwriter.h"
#include "netpgpdefs.h"
#include "netpgpdigest.h"
#include "packet.h"
#define CAST_KEY_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define SHA224_DIGEST_LENGTH 28
#define MAXPATHLEN _POSIX_PATH_MAX
#define SHA384_DIGEST_LENGTH 48
#define MD5_DIGEST_LENGTH 16
static int
md5_init(pgp_hash_t *hash)
{
return 1;
}
static void
md5_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
}
static unsigned
md5_finish(pgp_hash_t *hash, uint8_t *out)
{
return 16;
}
static const pgp_hash_t md5 = {
PGP_HASH_MD5,
MD5_DIGEST_LENGTH,
"MD5",
md5_init,
md5_add,
md5_finish,
NULL
};
/**
\ingroup Core_Crypto
\brief Initialise to MD5
\param hash Hash to initialise
*/
void
pgp_hash_md5(pgp_hash_t *hash)
{
*hash = md5;
}
static int
sha1_init(pgp_hash_t *hash)
{
return 1;
}
static void
sha1_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
}
static unsigned
sha1_finish(pgp_hash_t *hash, uint8_t *out)
{
return PGP_SHA1_HASH_SIZE;
}
static const pgp_hash_t sha1 = {
PGP_HASH_SHA1,
PGP_SHA1_HASH_SIZE,
"SHA1",
sha1_init,
sha1_add,
sha1_finish,
NULL
};
/**
\ingroup Core_Crypto
\brief Initialise to SHA1
\param hash Hash to initialise
*/
void
pgp_hash_sha1(pgp_hash_t *hash)
{
*hash = sha1;
}
static int
sha256_init(pgp_hash_t *hash)
{
return 1;
}
static void
sha256_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
}
static unsigned
sha256_finish(pgp_hash_t *hash, uint8_t *out)
{
return SHA256_DIGEST_LENGTH;
}
static const pgp_hash_t sha256 = {
PGP_HASH_SHA256,
SHA256_DIGEST_LENGTH,
"SHA256",
sha256_init,
sha256_add,
sha256_finish,
NULL
};
void
pgp_hash_sha256(pgp_hash_t *hash)
{
*hash = sha256;
}
/*
* SHA384
*/
static int
sha384_init(pgp_hash_t *hash)
{
return 1;
}
static void
sha384_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
}
static unsigned
sha384_finish(pgp_hash_t *hash, uint8_t *out)
{
return SHA384_DIGEST_LENGTH;
}
static const pgp_hash_t sha384 = {
PGP_HASH_SHA384,
SHA384_DIGEST_LENGTH,
"SHA384",
sha384_init,
sha384_add,
sha384_finish,
NULL
};
void
pgp_hash_sha384(pgp_hash_t *hash)
{
*hash = sha384;
}
/*
* SHA512
*/
static int
sha512_init(pgp_hash_t *hash)
{
return 1;
}
static void
sha512_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
}
static unsigned
sha512_finish(pgp_hash_t *hash, uint8_t *out)
{
return SHA512_DIGEST_LENGTH;
}
static const pgp_hash_t sha512 = {
PGP_HASH_SHA512,
SHA512_DIGEST_LENGTH,
"SHA512",
sha512_init,
sha512_add,
sha512_finish,
NULL
};
void
pgp_hash_sha512(pgp_hash_t *hash)
{
*hash = sha512;
}
/*
* SHA224
*/
static int
sha224_init(pgp_hash_t *hash)
{
return 1;
}
static void
sha224_add(pgp_hash_t *hash, const uint8_t *data, unsigned length)
{
}
static unsigned
sha224_finish(pgp_hash_t *hash, uint8_t *out)
{
return SHA224_DIGEST_LENGTH;
}
static const pgp_hash_t sha224 = {
PGP_HASH_SHA224,
SHA224_DIGEST_LENGTH,
"SHA224",
sha224_init,
sha224_add,
sha224_finish,
NULL
};
void
pgp_hash_sha224(pgp_hash_t *hash)
{
*hash = sha224;
}
unsigned
pgp_dsa_verify(const uint8_t *hash, size_t hash_length,
const pgp_dsa_sig_t *sig,
const pgp_dsa_pubkey_t *dsa)
{
int ret;
return (unsigned)ret;
}
/**
\ingroup Core_Crypto
\brief Recovers message digest from the signature
\param out Where to write decrypted data to
\param in Encrypted data
\param length Length of encrypted data
\param pubkey RSA public key
\return size of recovered message digest
*/
int
pgp_rsa_public_decrypt(uint8_t *out,
const uint8_t *in,
size_t length,
const pgp_rsa_pubkey_t *pubkey)
{
int n;
return n;
}
/**
\ingroup Core_Crypto
\brief Signs data with RSA
\param out Where to write signature
\param in Data to sign
\param length Length of data
\param seckey RSA secret key
\param pubkey RSA public key
\return number of bytes decrypted
*/
int
pgp_rsa_private_encrypt(uint8_t *out,
const uint8_t *in,
size_t length,
const pgp_rsa_seckey_t *seckey,
const pgp_rsa_pubkey_t *pubkey)
{
int n;
return n;
}
int
pgp_rsa_private_check(const pgp_seckey_t *seckey)
{
int res = 1;
return res;
}
int pgp_dsa_private_check(const pgp_dsa_seckey_t *secdsa)
{
// No ready made OpenSSL method to check DSA private key.
// ==> reject DSA until consistency can be checked
return 0;
}
int pgp_elgamal_private_check(const pgp_elgamal_seckey_t *seckey)
{
// No ready made OpenSSL method to check Elgamal private key.
// ==> reject ElGamal until consistency can be checked
return 0;
}
/**
\ingroup Core_Crypto
\brief Decrypts RSA-encrypted data
\param out Where to write the plaintext
\param in Encrypted data
\param length Length of encrypted data
\param seckey RSA secret key
\param pubkey RSA public key
\return size of recovered plaintext
*/
int
pgp_rsa_private_decrypt(uint8_t *out,
const uint8_t *in,
size_t length,
const pgp_rsa_seckey_t *seckey,
const pgp_rsa_pubkey_t *pubkey)
{
int n;
return n;
}
/**
\ingroup Core_Crypto
\brief RSA-encrypts data
\param out Where to write the encrypted data
\param in Plaintext
\param length Size of plaintext
\param pubkey RSA Public Key
*/
int
pgp_rsa_public_encrypt(uint8_t *out,
const uint8_t *in,
size_t length,
const pgp_rsa_pubkey_t *pubkey)
{
int n;
return n;
}
/**
\ingroup Core_Crypto
\brief Finalise openssl
\note Would usually call pgp_finish() instead
\sa pgp_finish()
*/
void
pgp_crypto_finish(void)
{
// No cleanup since OpenSSL 1.1.0
// CRYPTO_cleanup_all_ex_data();
}
/**
\ingroup Core_Hashes
\brief Get Hash name
\param hash Hash struct
\return Hash name
*/
const char *
pgp_text_from_hash(pgp_hash_t *hash)
{
return hash->name;
}
/**
\ingroup HighLevel_KeyGenerate
\brief Generates an RSA keypair
\param numbits Modulus size
\param e Public Exponent
\param keydata Pointer to keydata struct to hold new key
\return 1 if key generated successfully; otherwise 0
\note It is the caller's responsibility to call pgp_keydata_free(keydata)
*/
unsigned
pgp_rsa_generate_keypair(pgp_key_t *keydata,
const int numbits,
const unsigned long e,
const char *hashalg,
const char *cipher,
const uint8_t *passphrase,
const size_t pplen)
{
x509_algorithm_type key_algorithm;
int key_size;
gsk_buffer *key_params;
x509_public_key_info *public_key;
pkcs_private_key_info *private_key;
gsk_buffer *key_identifier;
gsk_status status;
status = gsk_generate_key_pair (key_algorithm, key_size, key_params, public_key, private_key, key_identifier);
return 1;
}
/**
\ingroup HighLevel_KeyGenerate
\brief Creates a self-signed RSA keypair
\param numbits Modulus size
\param e Public Exponent
\param userid User ID
\return The new keypair or NULL
\note It is the caller's responsibility to call pgp_keydata_free(keydata)
\sa pgp_rsa_generate_keypair()
\sa pgp_keydata_free()
*/
pgp_key_t *
pgp_rsa_new_selfsign_key(const int numbits,
const unsigned long e,
uint8_t *userid,
const char *hashalg,
const char *cipher)
{
pgp_key_t *keydata;
keydata = pgp_keydata_new();
if (!pgp_rsa_generate_keypair(keydata, numbits, e, hashalg, cipher,
(const uint8_t *) "", (const size_t) 0) ||
!pgp_add_selfsigned_userid(keydata, NULL, userid, 0 /*never expire*/)) {
pgp_keydata_free(keydata);
return NULL;
}
return keydata;
}
pgp_dsa_sig_t *
pgp_dsa_sign(uint8_t *hashbuf,
unsigned hashsize,
const pgp_dsa_seckey_t *secdsa,
const pgp_dsa_pubkey_t *pubdsa)
{
pgp_dsa_sig_t *pgpdsasig;
return pgpdsasig;
}
/*
* Decide the number of bits in the random componont k
*
* It should be in the same range as p for signing (which
* is deprecated), but can be much smaller for encrypting.
*
* Until I research it further, I just mimic gpg behaviour.
* It has a special mapping table, for values <= 5120,
* above that it uses 'arbitrary high number'. Following
* algorihm hovers 10-70 bits above gpg values. And for
* larger p, it uses gpg's algorihm.
*
* The point is - if k gets large, encryption will be
* really slow. It does not matter for decryption.
*/
static int
decide_k_bits(int p_bits)
{
return (p_bits <= 5120) ? p_bits / 10 + 160 : (p_bits / 8 + 200) * 3 / 2;
}
int
pgp_elgamal_public_encrypt(uint8_t *g_to_k, uint8_t *encm,
const uint8_t *in,
size_t size,
const pgp_elgamal_pubkey_t *pubkey)
{
int ret = 0;
return ret;
}
int
pgp_elgamal_private_decrypt(uint8_t *out,
const uint8_t *g_to_k,
const uint8_t *in,
size_t length,
const pgp_elgamal_seckey_t *seckey,
const pgp_elgamal_pubkey_t *pubkey)
{
int ret = 0;
return ret;
}
#endif

+ 2
- 0
src/keyring.c View File

@ -535,6 +535,7 @@ const uint8_t *pgp_key_get_primary_userid(pgp_key_t *key)
unsigned key_bit_len(const pgp_pubkey_t *key)
{
#ifdef HAVE_OPENSSL_BN_H
switch (key->alg) {
case PGP_PKA_DSA:
return BN_num_bits(key->key.dsa.p);
@ -548,6 +549,7 @@ unsigned key_bit_len(const pgp_pubkey_t *key)
default:
return 0;
}
#endif
}
unsigned key_is_weak(


+ 1
- 4
src/main.c View File

@ -40,10 +40,6 @@
#include <sys/stat.h>
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
#include <regex.h>
#include <netpgp.h>
#include <stdio.h>
@ -56,6 +52,7 @@
#include "crypto.h"
#include "packet.h"
#include "keyring.h"
#include "getopt.h"
/*
* SHA1 is now looking as though it should not be used. Let's


+ 6
- 2
src/misc.c View File

@ -326,11 +326,11 @@ hash_string(pgp_hash_t *hash, const uint8_t *buf, uint32_t len)
static int
hash_bignum(pgp_hash_t *hash, BIGNUM *bignum)
{
#ifdef HAVE_OPENSSL_BN_H
uint8_t *bn;
size_t len;
int padbyte;
#ifdef HAVE_OPENSSL
if (BN_is_zero(bignum)) {
hash_uint32(hash, 0);
return sizeof(len);
@ -348,8 +348,8 @@ hash_bignum(pgp_hash_t *hash, BIGNUM *bignum)
padbyte = (bn[1] & 0x80) ? 1 : 0;
hash_string(hash, bn + 1 - padbyte, (unsigned)(len + padbyte));
free(bn);
#endif
return (int)(sizeof(len) + len + padbyte);
#endif
}
/** \file
@ -420,6 +420,7 @@ pgp_fingerprint(pgp_fingerprint_t *fp, const pgp_pubkey_t *key, pgp_hash_alg_t h
int
pgp_keyid(uint8_t *keyid, const size_t idlen, const pgp_pubkey_t *key, pgp_hash_alg_t hashtype)
{
#ifdef HAVE_OPENSSL_BN_H
pgp_fingerprint_t finger;
if (key->version == 2 || key->version == 3) {
@ -445,6 +446,7 @@ pgp_keyid(uint8_t *keyid, const size_t idlen, const pgp_pubkey_t *key, pgp_hash_
finger.fingerprint + finger.length - idlen,
idlen);
}
#endif
return 1;
}
@ -705,7 +707,9 @@ pgp_str_to_cipher(const char *cipher)
void
pgp_random(void *dest, size_t length)
{
#ifdef HAVE_OPENSSL
RAND_bytes(dest, (int)length);
#endif
}
/**


+ 7
- 0
src/netpgp.c View File

@ -87,6 +87,13 @@ __RCSID("$NetBSD$");
#include "crypto.h"
#include "defs.h"
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
#ifndef MAX
#define MAX(a,b) (((a)>(b))?(a):(b))
#endif
/* read any gpg config file */
static int
conffile(netpgp_t *netpgp, char *homedir, char *userid, size_t length)


+ 21
- 0
src/packet-parse.c View File

@ -100,6 +100,13 @@ __RCSID("$NetBSD$");
/*NOTREACHED*/ \
} while(/*CONSTCOND*/0)
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
#ifndef MAX
#define MAX(a,b) (((a)>(b))?(a):(b))
#endif
/**
* limread_data reads the specified amount of the subregion's data
* into a data_t structure
@ -726,7 +733,9 @@ limread_mpi(BIGNUM **pbn, pgp_region_t *region, pgp_stream_t *stream)
* draft says. -- peter */
return 0;
}
#ifdef HAVE_OPENSSL_BN_H
*pbn = BN_bin2bn(buf, (int)length, NULL);
#endif
return 1;
}
@ -963,14 +972,18 @@ cmd_get_passphrase_free(pgp_seckey_passphrase_t *skp)
static void
free_BN(BIGNUM **pp)
{
#ifdef HAVE_OPENSSL_BN_H
BN_free(*pp);
*pp = NULL;
#endif
}
static void
dup_BN(BIGNUM **dst, const BIGNUM *src)
{
#ifdef HAVE_OPENSSL_BN_H
*dst = BN_dup(src);
#endif
}
void
@ -1031,17 +1044,23 @@ pgp_free_sig_info(pgp_sig_info_t *info)
switch (info->key_alg) {
case PGP_PKA_RSA:
case PGP_PKA_RSA_SIGN_ONLY:
#ifdef HAVE_OPENSSL_BN_H
free_BN(&info->sig.rsa.sig);
#endif
break;
case PGP_PKA_DSA:
#ifdef HAVE_OPENSSL_BN_H
free_BN(&info->sig.dsa.r);
free_BN(&info->sig.dsa.s);
#endif
break;
case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
#ifdef HAVE_OPENSSL_BN_H
free_BN(&info->sig.elgamal.r);
free_BN(&info->sig.elgamal.s);
#endif
break;
case PGP_PKA_PRIVATE00:
@ -2162,7 +2181,9 @@ parse_v4_sig(pgp_region_t *region, pgp_stream_t *stream)
}
if (pgp_get_debug_level(__FILE__)) {
(void) fprintf(stderr, "parse_v4_sig: RSA: sig is\n");
#ifdef HAVE_OPENSSL_BN_H
BN_print_fp(stderr, pkt.u.sig.info.sig.rsa.sig);
#endif
(void) fprintf(stderr, "\n");
}
break;


+ 6
- 0
src/reader.c View File

@ -134,6 +134,12 @@ __RCSID("$NetBSD$");
#include "netpgpdefs.h"
#include "netpgpdigest.h"
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
#ifndef MAX
#define MAX(a,b) (((a)>(b))?(a):(b))
#endif
/* get a pass phrase from the user */
int


+ 6
- 0
src/signature.c View File

@ -153,6 +153,7 @@ rsa_sign(pgp_hash_t *hash,
const pgp_rsa_seckey_t *secrsa,
pgp_output_t *out)
{
#ifdef HAVE_OPENSSL_BN_H
unsigned prefixsize;
unsigned expected;
unsigned hashsize;
@ -219,6 +220,7 @@ rsa_sign(pgp_hash_t *hash,
bn = BN_bin2bn(sigbuf, (int)t, NULL);
pgp_write_mpi(out, bn);
BN_free(bn);
#endif
return 1;
}
@ -228,6 +230,7 @@ dsa_sign(pgp_hash_t *hash,
const pgp_dsa_seckey_t *sdsa,
pgp_output_t *output)
{
#ifdef HAVE_OPENSSL_BN_H
unsigned hashsize;
unsigned t;
uint8_t hashbuf[NETPGP_BUFSIZ];
@ -261,6 +264,7 @@ dsa_sign(pgp_hash_t *hash,
BN_free(pgpdsasig->r);
BN_free(pgpdsasig->s);
free(pgpdsasig);
#endif
return 1;
}
@ -271,6 +275,7 @@ rsa_verify(pgp_hash_alg_t type,
const pgp_rsa_sig_t *sig,
const pgp_rsa_pubkey_t *pubrsa)
{
#ifdef HAVE_OPENSSL_BN_H
const uint8_t *prefix;
unsigned n;
unsigned keysize;
@ -350,6 +355,7 @@ rsa_verify(pgp_hash_alg_t type,
}
return (memcmp(&hashbuf_from_sig[n], prefix, plen) == 0 &&
memcmp(&hashbuf_from_sig[n + plen], hash, hash_length) == 0);
#endif
}
static void


+ 1139
- 1137
src/writer.c
File diff suppressed because it is too large
View File


Loading…
Cancel
Save