Compare commits

...

19 Commits

Author SHA1 Message Date
David Lanzendörfer 1c3923dacc Fixing issues with multi key import 4 months ago
David Lanzendörfer 6ff0c0f480 Fixing compilation errors with the bignum library 4 months ago
David Lanzendörfer edf79a1d48 Fixed encryption/decryption 6 months ago
David Lanzendörfer c6b9aae09f Remove OpenSSL 6 months ago
David Lanzendörfer 6550190d32 Debugging key generation and reading 6 months ago
David Lanzendörfer 41cf201ec0 Unify private key function 6 months ago
David Lanzendörfer 9344763ad4 Cleaned up some more TODOs 6 months ago
David Lanzendörfer 2d45300fa8 Initial successful run with BigNum 6 months ago
David Lanzendörfer 15db2e6c11 Ported to new BigNum lib 6 months ago
David Lanzendörfer 5fd2c04a6d Only do PKCS now 6 months ago
David Lanzendörfer 4b073b6c2a Not meant for BSD kernel mode 6 months ago
David Lanzendörfer 1a7719aa00 Add bignumber lib 6 months ago
David Lanzendörfer cff0af6485 Fixing a stupid mistake 6 months ago
David Lanzendörfer f27af6f241 Backup 6 months ago
David Lanzendörfer 65fca10bff WIP: Cryptoki 7 months ago
David Lanzendörfer 3289f8bd72 Move file 7 months ago
David Lanzendörfer 8a7660a9bb Move file 7 months ago
David Lanzendörfer ab0ca983bc Move file 7 months ago
David Lanzendörfer ca2899ac78 Moving file 7 months ago
  1. 75
      ax_check_gskssl.m4
  2. 124
      ax_check_openssl.m4
  3. 136
      ax_check_pkcs.m4
  4. 109
      configure.ac
  5. 25
      include/netpgp.h
  6. 1
      include/netpgp/Makefile.am
  7. 149
      include/netpgp/bn.h
  8. 16
      include/netpgp/create.h
  9. 48
      include/netpgp/crypto.h
  10. 9
      include/netpgp/keyring.h
  11. 4
      include/netpgp/netpgpdefs.h
  12. 1
      include/netpgp/netpgpdigest.h
  13. 2
      include/netpgp/packet-parse.h
  14. 2
      include/netpgp/packet-show.h
  15. 165
      include/netpgp/packet.h
  16. 17
      include/netpgp/pkcs11_glue.h
  17. 2
      include/netpgp/signature.h
  18. 5
      include/netpgp/types.h
  19. 22
      include/netpgp/writer.h
  20. 30
      src/Makefile.am
  21. 5593
      src/bignum.c
  22. 77
      src/create.c
  23. 74
      src/crypto.c
  24. 94
      src/gskssl_glue.c
  25. 87
      src/keyring.c
  26. 1640
      src/main.c
  27. 126
      src/misc.c
  28. 40
      src/netpgp.c
  29. 1472
      src/openssl_crypto.c
  30. 284
      src/packet-parse.c
  31. 6
      src/packet-show.c
  32. 503
      src/pkcs11_crypto.c
  33. 209
      src/pkcs11_glue.c
  34. 6
      src/reader.c
  35. 137
      src/signature.c
  36. 85
      src/ssl_crypto.c
  37. 627
      src/symmetric_openssl.c
  38. 115
      src/symmetric_pkcs11.c
  39. 43
      src/validate.c
  40. 30
      src/writer.c

@ -1,75 +0,0 @@
AU_ALIAS([CHECK_SSL], [AX_CHECK_GSKSSL])
AC_DEFUN([AX_CHECK_GSKSSL], [
found=false
AC_ARG_WITH(gskssl,
AS_HELP_STRING([--with-gskssl=DIR],
[root of the GSK SSL directory]),
[
case "$withval" in
"" | y | ye | yes | n | no)
AC_MSG_ERROR([Invalid --with-gskssl value])
;;
*) ssldirs="$withval"
;;
esac
], [
# no such luck; use some default ssldirs
if ! $found; then
ssldirs="/usr/lpp/gskssl /usr"
fi
]
)
# note that we #include <gskssl/foo.h>, so the GSK SSL headers have to be in
# an 'gskssl' subdirectory
if ! $found; then
GSKSSL_INCLUDES=
for ssldir in $ssldirs; do
AC_MSG_CHECKING([for include/gskssl.h in $ssldir])
if test -f "$ssldir/include/gskssl.h"; then
if test -f "$ssldir/lib/GSKSSL.x"; then
GSKSSL_INCLUDES="-I$ssldir/include"
GSKSSL_LIBS="$ssldir/lib/GSKSSL.x $ssldir/lib/GSKCMS64.x"
found=true
AC_MSG_RESULT([yes])
fi
break
else
AC_MSG_RESULT([no])
fi
done
# if the file wasn't found, well, go ahead and try the link anyway -- maybe
# it will just work!
fi
# try the preprocessor and linker with our new flags,
# being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
AC_MSG_CHECKING([whether compiling and linking against GSK SSL works])
echo "Trying link with " \
"GSKSSL_LIBS=$GSKSSL_LIBS; GSKSSL_INCLUDES=$GSKSSL_INCLUDES" >&AS_MESSAGE_LOG_FD
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
LIBS="$GSKSSL_LIBS $LIBS"
CPPFLAGS="$GSKSSL_INCLUDES $CPPFLAGS"
AC_LINK_IFELSE(
AC_LANG_PROGRAM([#include <gskssl.h>], [gsk_handle env_handle;]),
[
AC_MSG_RESULT([yes])
$1
], [
AC_MSG_RESULT([no])
$2
])
CPPFLAGS="$save_CPPFLAGS"
LDFLAGS="$save_LDFLAGS"
LIBS="$save_LIBS"
AC_SUBST([GSKSSL_INCLUDES])
AC_SUBST([GSKSSL_LIBS])
])

@ -1,124 +0,0 @@
# ===========================================================================
# http://www.gnu.org/software/autoconf-archive/ax_check_openssl.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_CHECK_OPENSSL([action-if-found[, action-if-not-found]])
#
# DESCRIPTION
#
# Look for OpenSSL in a number of default spots, or in a user-selected
# spot (via --with-openssl). Sets
#
# OPENSSL_INCLUDES to the include directives required
# OPENSSL_LIBS to the -l directives required
# OPENSSL_LDFLAGS to the -L or -R flags required
#
# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately
#
# This macro sets OPENSSL_INCLUDES such that source files should use the
# openssl/ directory in include directives:
#
# #include <openssl/hmac.h>
#
# LICENSE
#
# Copyright (c) 2009 Zmanda Inc. <http://www.zmanda.com/>
# Copyright (c) 2009 Dustin J. Mitchell <dustin@zmanda.com>
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice
# and this notice are preserved. This file is offered as-is, without any
# warranty.
#serial 5
AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL])
AC_DEFUN([AX_CHECK_OPENSSL], [
found=false
AC_ARG_WITH(openssl,
AS_HELP_STRING([--with-openssl=DIR],
[root of the OpenSSL directory]),
[
case "$withval" in
"" | y | ye | yes | n | no)
AC_MSG_ERROR([Invalid --with-openssl value])
;;
*) ssldirs="$withval"
;;
esac
], [
# if pkg-config is installed and openssl has installed a .pc file,
# then use that information and don't search ssldirs
AC_PATH_PROG(PKG_CONFIG, pkg-config)
if test x"$PKG_CONFIG" != x""; then
OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null`
if test $? = 0; then
OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null`
OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null`
found=true
fi
fi
# no such luck; use some default ssldirs
if ! $found; then
ssldirs="$prefix $withval /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr"
fi
]
)
# note that we #include <openssl/foo.h>, so the OpenSSL headers have to be in
# an 'openssl' subdirectory
if ! $found; then
OPENSSL_INCLUDES=
for ssldir in $ssldirs; do
AC_MSG_CHECKING([for openssl/ssl.h in $ssldir])
if test -f "$ssldir/include/openssl/ssl.h"; then
OPENSSL_INCLUDES="-I$ssldir/include"
OPENSSL_LDFLAGS="-L$ssldir/lib"
OPENSSL_LIBS="-lssl -lcrypto"
found=true
AC_MSG_RESULT([yes])
break
else
AC_MSG_RESULT([no])
fi
done
# if the file wasn't found, well, go ahead and try the link anyway -- maybe
# it will just work!
fi
# try the preprocessor and linker with our new flags,
# being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
AC_MSG_CHECKING([whether compiling and linking against OpenSSL works])
echo "Trying link with OPENSSL_LDFLAGS=$OPENSSL_LDFLAGS;" \
"OPENSSL_LIBS=$OPENSSL_LIBS; OPENSSL_INCLUDES=$OPENSSL_INCLUDES" >&AS_MESSAGE_LOG_FD
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
LIBS="$OPENSSL_LIBS $LIBS"
CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS"
AC_LINK_IFELSE(
AC_LANG_PROGRAM([#include <openssl/ssl.h>], [SSL_new(NULL)]),
[
AC_MSG_RESULT([yes])
$1
], [
AC_MSG_RESULT([no])
$2
])
CPPFLAGS="$save_CPPFLAGS"
LDFLAGS="$save_LDFLAGS"
LIBS="$save_LIBS"
AC_SUBST([OPENSSL_INCLUDES])
AC_SUBST([OPENSSL_LIBS])
AC_SUBST([OPENSSL_LDFLAGS])
])

@ -1,90 +1,100 @@
AU_ALIAS([CHECK_PKCS], [AX_CHECK_PKCS])
AC_DEFUN([AX_CHECK_PKCS], [
AU_ALIAS([CHECK_CRYPTOKI], [AX_CHECK_CRYPTOKI])
AC_DEFUN([AX_CHECK_CRYPTOKI], [
found=false
AC_ARG_WITH(gskssl,
AS_HELP_STRING([--with-gskssl=DIR],
[root of the GSK PKCS directory]),
cryptokidirs="$prefix $withval /usr /usr/include/p11-kit-1/p11-kit /usr/include /usr/include/pkcs11"
AC_ARG_WITH(cryptoki,
AS_HELP_STRING([--with-cryptoki@<:@=DIR@:>@@<:@=ARG@:>@], [root of the CRYPTOKI directory|ARG=yes/no|ARG=y/n]),
[
case "$withval" in
"" | y | ye | yes | n | no)
AC_MSG_ERROR([Invalid --with-gskssl value])
"" | y | ye | yes)
with_cryptoki=true
;;
*) pkcsdirs="$withval"
n | no)
cryptokidirs=""
with_cryptoki=false
;;
*)
cryptokidirs="$withval"
with_cryptoki=true
;;
esac
], [
# if pkg-config is installed and gskssl has installed a .pc file,
# then use that information and don't search pkcsdirs
AC_PATH_PROG(PKG_CONFIG, pkg-config)
if test x"$PKG_CONFIG" != x""; then
PKCS_LDFLAGS=`$PKG_CONFIG gskssl --libs-only-L 2>/dev/null`
if test $? = 0; then
PKCS_LIBS=`$PKG_CONFIG gskssl --libs-only-l 2>/dev/null`
PKCS_INCLUDES=`$PKG_CONFIG gskssl --cflags-only-I 2>/dev/null`
found=true
fi
fi
# no such luck; use some default pkcsdirs
if ! $found; then
pkcsdirs="$withval /usr/lpp/pkcs11 /usr"
fi
]
)
])
# note that we #include <gskssl/foo.h>, so the GSK PKCS headers have to be in
# an 'gskssl' subdirectory
if $with_cryptoki; then
if ! $found; then
PKCS_INCLUDES=
for pkcsdir in $pkcsdirs; do
AC_MSG_CHECKING([for include/gskssl.h in $pkcsdir])
if test -f "$pkcsdir/include/csnpdefs.h"; then
if test -f "$pkcsdir/lib/CSNPCA64.x"; then
PKCS_INCLUDES="-I$pkcsdir/include"
PKCS_LDFLAGS="-L$pkcsdir/lib"
PKCS_LIBS="$pkcsdir/lib/CSNPCA64.x"
found=true
AC_MSG_RESULT([yes])
# On IBM z/OS there's no pkg-config and also the headers have really, REALLY
# strange names:
CRYPTOKI_INCLUDES=
AS_IF([test "$platform_name" == "OS/390"],[
for cryptokidir in $cryptokidirs; do
AC_MSG_CHECKING([for include/csnpdefs.h in $cryptokidir])
if test -f "$cryptokidir/include/csnpdefs.h"; then
if test -f "$cryptokidir/lib/CSNPCA64.x"; then
CRYPTOKI_INCLUDES="-I$cryptokidir/include"
CRYPTOKI_LDFLAGS="-L$cryptokidir/lib"
CRYPTOKI_LIBS="$cryptokidir/lib/CSNPCA64.x"
found=true
AC_MSG_RESULT([yes])
fi
break
else
AC_MSG_RESULT([no])
fi
done
# if the file wasn't found, well, go ahead and try the link anyway -- maybe
# it will just work!
fi
],[
# if pkg-config is installed and cryptoki has installed a .pc file,
# then use that information and don't search cryptokidirs
AC_PATH_PROG(PKG_CONFIG, pkg-config)
if test x"$PKG_CONFIG" != x""; then
CRYPTOKI_LDFLAGS=`$PKG_CONFIG p11-kit-1 --libs 2>/dev/null`
if test $? = 0; then
CRYPTOKI_LIBS=`$PKG_CONFIG p11-kit-1 --libs 2>/dev/null`
CRYPTOKI_INCLUDES=`$PKG_CONFIG p11-kit-1 --cflags 2>/dev/null`
found=true
fi
fi
])
# try the preprocessor and linker with our new flags,
# being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
AC_MSG_CHECKING([whether compiling and linking against GSK PKCS works])
echo "Trying link with PKCS_LDFLAGS=$PKCS_LDFLAGS;" \
"PKCS_LIBS=$PKCS_LIBS; PKCS_INCLUDES=$PKCS_INCLUDES" >&AS_MESSAGE_LOG_FD
AC_MSG_CHECKING([whether compiling and linking against cryptoki works])
echo "Trying link with CRYPTOKI_LDFLAGS=$CRYPTOKI_LDFLAGS;" \
"CRYPTOKI_LIBS=$CRYPTOKI_LIBS; CRYPTOKI_INCLUDES=$CRYPTOKI_INCLUDES" >&AS_MESSAGE_LOG_FD
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
LDFLAGS="$LDFLAGS $PKCS_LDFLAGS"
LIBS="$PKCS_LIBS $LIBS"
CPPFLAGS="$PKCS_INCLUDES $CPPFLAGS"
AC_LINK_IFELSE(
AC_LANG_PROGRAM([#include <gskssl.h>], [gsk_handle env_handle;]),
[
AC_MSG_RESULT([yes])
$1
], [
AC_MSG_RESULT([no])
$2
])
LDFLAGS="$LDFLAGS $CRYPTOKI_LDFLAGS"
LIBS="$CRYPTOKI_LIBS $LIBS"
CPPFLAGS="$CRYPTOKI_INCLUDES $CPPFLAGS"
AS_IF([test "$platform_name" == "OS/390"],[
AC_LINK_IFELSE(
AC_LANG_PROGRAM([#include <csnpdefs.h>], [CK_SESSION_HANDLE *session;]),
[
AC_MSG_RESULT([yes])
$1
], [
AC_MSG_RESULT([no])
$2
])
],[
AC_LINK_IFELSE(
AC_LANG_PROGRAM([#include <p11-kit/pkcs11.h>], [CK_SESSION_HANDLE *session;]),
[
AC_MSG_RESULT([yes])
$1
], [
AC_MSG_RESULT([no])
$2
])
])
CPPFLAGS="$save_CPPFLAGS"
LDFLAGS="$save_LDFLAGS"
LIBS="$save_LIBS"
AC_SUBST([PKCS_INCLUDES])
AC_SUBST([PKCS_LIBS])
AC_SUBST([PKCS_LDFLAGS])
AC_SUBST([CRYPTOKI_INCLUDES])
AC_SUBST([CRYPTOKI_LIBS])
AC_SUBST([CRYPTOKI_LDFLAGS])
fi
])

@ -54,7 +54,7 @@ AC_SEARCH_LIBS(dlopen, dl)
# Checks for header files.
#
AC_HEADER_STDC
#AC_HEADER_STDC
AC_CHECK_HEADERS([CommonCrypto/CommonDigest.h])
AC_CHECK_HEADERS([dmalloc.h direct.h errno.h fcntl.h inttypes.h limits.h malloc.h zlib.h])
AC_CHECK_HEADERS([sys/cdefs.h sys/file.h sys/mman.h sys/resource.h sys/uio.h])
@ -62,16 +62,16 @@ AC_CHECK_HEADERS([sys/cdefs.h sys/file.h sys/mman.h sys/resource.h sys/uio.h])
platform_name=$(uname)
AS_IF([test "$platform_name" == "OS/390"],[
AC_MSG_NOTICE([z/OS detected... Skipping some headers])
ZLIB_FLAG="-lzz"
NETPGP_CFLAGS="$WARNCLAGS $CFLAGS -qlanglvl=extc99 -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112L"
AC_MSG_NOTICE([z/OS detected... Skipping some headers])
ZLIB_FLAG="-lzz"
NETPGP_CFLAGS="$WARNCLAGS $CFLAGS -qlanglvl=extc99 -D_XOPEN_SOURCE=600 -D_POSIX_C_SOURCE=200112L"
],[
AC_CHECK_HEADERS([sys/param.h])
AC_CHECK_HEADERS([bzlib.h], [], [
AC_MSG_FAILURE([missing <bzlib.h>; is bzip2 installed?])
])
ZLIB_FLAG="-lz"
NETPGP_CFLAGS="$WARNCLAGS $CFLAGS"
AC_CHECK_HEADERS([sys/param.h])
AC_CHECK_HEADERS([bzlib.h], [], [
AC_MSG_FAILURE([missing <bzlib.h>; is bzip2 installed?])
])
ZLIB_FLAG="-lz"
NETPGP_CFLAGS="$WARNCLAGS $CFLAGS"
])
AC_SUBST([ZLIB_FLAG])
@ -84,87 +84,34 @@ AC_TYPE_UINT32_T
AC_TYPE_UINT64_T
AC_TYPE_UINT8_T
found_gskssl="no"
found_pkcs="no"
found_openssl="no"
found_cryptoki="no"
# check for openssl
m4_include([ax_check_openssl.m4])
m4_include([ax_check_gskssl.m4])
m4_include([ax_check_pkcs.m4])
AX_CHECK_OPENSSL([found_openssl="yes"],[found_openssl="no"])
AX_CHECK_CRYPTOKI([found_cryptoki="yes"],[found_cryptoki="no"])
AS_IF(
[test "$found_openssl" == "yes"],
[
LIBS="$LIBS $OPENSSL_LIBS"
INCLUDES="$INCLUDES $OPENSSL_INCLUDES"
NETPGP_CFLAGS="$OPENSSL_LDFLAGS $NETPGP_CFLAGS"
],
[
AX_CHECK_GSKSSL([found_gskssl="yes"],[found_gskssl="no"])
AS_IF(
[test "$found_gskssl" == "yes"],
[
LIBS="$LIBS $GSKSSL_LIBS"
INCLUDES="$INCLUDES $GSKSSL_INCLUDES"
NETPGP_CFLAGS="$GSKSSL_LDFLAGS $NETPGP_CFLAGS"
],
[
AC_MSG_FAILURE([No suitable SSL library found])
]
)
AX_CHECK_PKCS([found_pkcs="yes"],[found_pkcs="no"])
AS_IF(
[test "$found_pkcs" == "yes"],
[
LIBS="$LIBS $PKCS_LIBS"
INCLUDES="$INCLUDES $PKCS_INCLUDES"
NETPGP_CFLAGS="$PKSC_LDFLAGS $NETPGP_CFLAGS"
],
[
AC_MSG_FAILURE([PKCS library not found])
]
)
]
[test "$found_cryptoki" == "yes"],
[
LIBS="$LIBS $CRYPTOKI_LIBS"
INCLUDES="$INCLUDES $CRYPTOKI_INCLUDES"
NETPGP_CFLAGS="$PKSC_LDFLAGS $NETPGP_CFLAGS"
],
[
AC_MSG_FAILURE([CRYPTOKI library not found])
]
)
AC_SUBST([NETPGP_CFLAGS])
LIBS="$LIBS $ZLIB_FLAG"
CPPFLAGS="$CPPFLAGS $INCLUDES"
AS_IF([test "$found_openssl" == "yes" ],[
AC_MSG_NOTICE([OpenSSL found])
AC_DEFINE([HAVE_OPENSSL], [1], [Use OpenSSL])
AC_CHECK_HEADERS([openssl/aes.h openssl/bn.h openssl/camellia.h openssl/cast.h \
openssl/des.h openssl/dsa.h openssl/err.h openssl/idea.h \
openssl/md5.h openssl/rand.h openssl/rsa.h openssl/sha.h \
openssl/err.h openssl/sha.h openssl/ossl_typ.h])
AC_CHECK_TYPES([SHA256_CTX],
[],
[AC_MSG_FAILURE([missing SHA256_CTX; is openssl 0.9.8 or newer installed?])],
[[
#if defined(HAVE_SYS_TYPES_H)
#include <sys/types.h>
#endif
#if defined(HAVE_OPENSSL_SHA_H)
#include <openssl/sha.h>
#endif
#if defined(HAVE_COMMONCRYPTO_COMMONDIGEST_H)
#define COMMON_DIGEST_FOR_OPENSSL 1
#include <CommonCrypto/CommonDigest.h>
#endif
]])
])
AS_IF([test "$found_gskssl" == "yes" ],[
AC_MSG_NOTICE([GSK SSL found])
AC_DEFINE([HAVE_GSKSSL], [1], [Use the SSL implementation from IBM])
AC_DEFINE([OPENSSL_NO_IDEA], [1], [Explicitely disable OPENSSL IDEA])
AS_IF([test "$found_cryptoki" == "yes" ],[
AC_MSG_NOTICE([Cryptoki found])
AS_IF([test "$platform_name" == "OS/390"],[
AC_DEFINE([HAVE_CRYPTOKI_MAINFRAME], [1], [Use the mainframe implementation from IBM])
])
AC_DEFINE([HAVE_CRYPTOKI], [1], [Use the Cryptoki backend])
])
# Checks for library functions.

@ -39,16 +39,6 @@
# endif
#endif
/*
** Check to see if this machine uses EBCDIC. (Yes, believe it or
** not, there are still machines out there that use EBCDIC.)
*/
#if 'A' == '\301'
# define NETPGP_EBCDIC 1
#else
# define NETPGP_ASCII 1
#endif
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
@ -59,10 +49,7 @@
#include <netpgp/config.h>
#include <netpgp/keyring.h>
#if defined(NETPGP_EBCDIC)
#include <unistd.h>
#endif
#include <netpgp/bn.h>
__BEGIN_DECLS
@ -125,15 +112,9 @@ int netpgp_format_json(void *, const char *, const int);
int netpgp_validate_sigs(netpgp_t *);
// helpers
unsigned uint_to_string(const int8_t *src, char **str, unsigned len);
unsigned uint_to_string(const uint8_t *src, char **str, unsigned len);
unsigned string_to_uint(const char *str, uint8_t **fpr, size_t *length);
inline char A(char c) // EBCDIC or ASCII character to ASCII character
{
#if defined(NETPGP_EBCDIC)
__e2a_l(&c,1);
#endif
return c;
}
char A(char c); // EBCDIC or ASCII character to ASCII character
__END_DECLS

@ -1,5 +1,6 @@
pkginclude_HEADERS = \
bn.h \
config.h \
create.h \
crypto.h \

@ -0,0 +1,149 @@
/*-
* Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef FAUXBN_H_
#define FAUXBN_H_ 20100108
#include <sys/types.h>
# include <inttypes.h>
# include <stdio.h>
# include <limits.h>
#ifndef __BEGIN_DECLS
# if defined(__cplusplus)
# define __BEGIN_DECLS extern "C" {
# define __END_DECLS }
# else
# define __BEGIN_DECLS
# define __END_DECLS
# endif
#endif
#ifndef MIN
#define MIN(a,b) (((a)<(b))?(a):(b))
#endif
#ifndef MAX
#define MAX(a,b) (((a)>(b))?(a):(b))
#endif
__BEGIN_DECLS
/* should be 32bit on ILP32, 64bit on LP64 */
typedef unsigned long mp_digit;
typedef uint64_t mp_word;
/* multi-precision integer */
typedef struct mp_int {
mp_digit *dp; /* array of digits */
int used; /* # of digits used */
int alloc; /* # of digits allocated */
int sign; /* non-zero if negative */
} mp_int;
#define BIGNUM mp_int
#define BN_ULONG mp_digit
/* a "context" of mp integers - never really used */
typedef struct bn_ctx_t {
size_t count;
size_t arraysize;
BIGNUM **v;
} BN_CTX;
#define MP_LT -1
#define MP_EQ 0
#define MP_GT 1
#define MP_ZPOS 0
#define MP_NEG 1
#define MP_OKAY 0
#define MP_MEM -2
#define MP_VAL -3
#define MP_RANGE MP_VAL
/*********************************/
#define BN_is_negative(x) ((x)->sign == MP_NEG)
#define BN_is_zero(a) (((a)->used == 0) ? 1 : 0)
#define BN_is_odd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? 1 : 0)
#define BN_is_even(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? 1 : 0)
BIGNUM *BN_new(void);
BIGNUM *BN_dup(const BIGNUM */*a*/);
int BN_copy(BIGNUM */*b*/, const BIGNUM */*a*/);
void BN_init(BIGNUM */*a*/);
void BN_free(BIGNUM */*a*/);
void BN_clear(BIGNUM */*a*/);
void BN_clear_free(BIGNUM */*a*/);
int BN_cmp(BIGNUM */*a*/, BIGNUM */*b*/);
BIGNUM *BN_bin2bn(const uint8_t */*buf*/, int /*size*/, BIGNUM */*bn*/);
int BN_bn2bin(const BIGNUM */*a*/, unsigned char */*b*/);
char *BN_bn2hex(const BIGNUM */*a*/);
char *BN_bn2dec(const BIGNUM */*a*/);
int BN_hex2bn(BIGNUM **/*a*/, const char */*str*/);
int BN_dec2bn(BIGNUM **/*a*/, const char */*str*/);
int BN_print_fp(FILE */*fp*/, const BIGNUM */*a*/);
int BN_add(BIGNUM */*r*/, const BIGNUM */*a*/, const BIGNUM */*b*/);
int BN_sub(BIGNUM */*r*/, const BIGNUM */*a*/, const BIGNUM */*b*/);
int BN_mul(BIGNUM */*r*/, const BIGNUM */*a*/, const BIGNUM */*b*/, BN_CTX */*ctx*/);
int BN_div(BIGNUM */*q*/, BIGNUM */*r*/, const BIGNUM */*a*/, const BIGNUM */*b*/, BN_CTX */*ctx*/);
void BN_swap(BIGNUM */*a*/, BIGNUM */*b*/);
int BN_lshift(BIGNUM */*r*/, const BIGNUM */*a*/, int /*n*/);
int BN_lshift1(BIGNUM */*r*/, BIGNUM */*a*/);
int BN_rshift(BIGNUM */*r*/, const BIGNUM */*a*/, int /*n*/);
int BN_rshift1(BIGNUM */*r*/, BIGNUM */*a*/);
int BN_set_word(BIGNUM */*a*/, BN_ULONG /*w*/);
void BN_set_negative(BIGNUM */*a*/, int /*n*/);
int BN_num_bytes(const BIGNUM */*a*/);
int BN_num_bits(const BIGNUM */*a*/);
int BN_mod_exp(BIGNUM */*r*/, BIGNUM */*a*/, BIGNUM */*p*/, BIGNUM */*m*/, BN_CTX */*ctx*/);
BIGNUM *BN_mod_inverse(BIGNUM */*ret*/, BIGNUM */*a*/, const BIGNUM */*n*/, BN_CTX */*ctx*/);
int BN_mod_mul(BIGNUM */*ret*/, BIGNUM */*a*/, BIGNUM */*b*/, const BIGNUM */*m*/, BN_CTX */*ctx*/);
int BN_mod_sub(BIGNUM */*r*/, BIGNUM */*a*/, BIGNUM */*b*/, const BIGNUM */*m*/);
BN_CTX *BN_CTX_new(void);
BIGNUM *BN_CTX_get(BN_CTX */*ctx*/);
void BN_CTX_start(BN_CTX */*ctx*/);
void BN_CTX_end(BN_CTX */*ctx*/);
void BN_CTX_init(BN_CTX */*c*/);
void BN_CTX_free(BN_CTX */*c*/);
int BN_rand(BIGNUM */*rnd*/, int /*bits*/, int /*top*/, int /*bottom*/);
int BN_rand_range(BIGNUM */*rnd*/, BIGNUM */*range*/);
int BN_is_prime(const BIGNUM */*a*/, int /*checks*/, void (*callback)(int, int, void *), BN_CTX */*ctx*/, void */*cb_arg*/);
const BIGNUM *BN_value_one(void);
int BN_is_bit_set(const BIGNUM */*a*/, int /*n*/);
__END_DECLS
#endif

@ -86,7 +86,7 @@ unsigned pgp_write_struct_seckey(const pgp_seckey_t *, pgp_output_t *);
unsigned pgp_write_struct_pubkey(pgp_output_t *, const pgp_pubkey_t *);
unsigned pgp_write_one_pass_sig(pgp_output_t *,
const pgp_seckey_t *,
const pgp_hash_alg_t,
const pgp_hashalg_t,
const pgp_sig_type_t);
unsigned pgp_write_litdata(pgp_output_t *,
const uint8_t *,
@ -104,16 +104,14 @@ unsigned pgp_write_xfer_key(
void pgp_fast_create_userid(uint8_t **, uint8_t *);
unsigned pgp_write_userid(const uint8_t*, pgp_output_t *);
#ifdef HAVE_OPENSSL
void pgp_fast_create_rsa_pubkey(pgp_pubkey_t *, time_t, BIGNUM *, BIGNUM *);
unsigned pgp_write_rsa_pubkey(time_t, const BIGNUM *, const BIGNUM *,
unsigned pgp_write_rsa_pubkey(time_t, const mp_int *, const mp_int *,
pgp_output_t *);
void pgp_fast_create_rsa_seckey(pgp_seckey_t *, time_t, BIGNUM *,
BIGNUM *, BIGNUM *, BIGNUM *,
BIGNUM *, BIGNUM *);
#endif
void pgp_fast_create_rsa_pubkey(pgp_pubkey_t *key, time_t t, mp_int *n, mp_int *e);
void pgp_fast_create_rsa_seckey(pgp_seckey_t *, time_t, mp_int *,
mp_int *, mp_int *, mp_int *,
mp_int *, mp_int *);
unsigned encode_m_buf(const uint8_t *, size_t, const pgp_pubkey_t *,
uint8_t *);

@ -64,21 +64,19 @@
#include <openssl/dsa.h>
#endif
#if defined(HAVE_GSKSSL) && !defined(HAVE_OPENSSL)
#if defined(HAVE_CRYPTOKI_MAINFRAME)
#include <gskcms.h>
#include <csfbext.h>
#include <csnpdefs.h>
#elif defined(HAVE_CRYPTOKI)
#include <p11-kit/pkcs11.h>
#endif
#define PGP_MIN_HASH_SIZE 16
#if defined(HAVE_GSKSSL) && !defined(HAVE_OPENSSL)
unsigned gsk_num_bits ( const gsk_buffer *bn );
#endif
/** pgp_hash_t */
struct pgp_hash_t {
pgp_hash_alg_t alg; /* algorithm */
pgp_hashalg_t alg; /* algorithm */
size_t size; /* size */
const char *name; /* what it's known as */
int (*init)(pgp_hash_t *);
@ -86,7 +84,7 @@ struct pgp_hash_t {
unsigned (*finish)(pgp_hash_t *, uint8_t *);
#if defined(HAVE_OPENSSL)
void *data; /* blob for data */
#elif defined(HAVE_GSKSSL)
#elif defined(HAVE_CRYPTOKI)
CK_SESSION_HANDLE *session;
#endif
};
@ -117,7 +115,7 @@ struct pgp_crypt_t {
/* num is offset - see openssl _encrypt doco */
void *encrypt_key;
void *decrypt_key;
#elif defined(HAVE_GSKSSL)
#elif defined(HAVE_CRYPTOKI)
CK_SESSION_HANDLE session;
CK_MECHANISM mechanism;
CK_KEY_TYPE keyType;
@ -144,11 +142,11 @@ void pgp_hash_sha256(pgp_hash_t *);
void pgp_hash_sha512(pgp_hash_t *);
void pgp_hash_sha384(pgp_hash_t *);
void pgp_hash_sha224(pgp_hash_t *);
unsigned pgp_hash_any(pgp_hash_t *, pgp_hash_alg_t);
pgp_hash_alg_t pgp_str_to_hash_alg(const char *);
unsigned pgp_hash_any(pgp_hash_t *, pgp_hashalg_t);
pgp_hashalg_t pgp_str_to_hashalg(const char *);
const char *pgp_text_from_hash(pgp_hash_t *);
unsigned pgp_hash_size(pgp_hash_alg_t);
unsigned pgp_hash(uint8_t *, pgp_hash_alg_t, const void *, size_t);
unsigned pgp_hash_size(pgp_hashalg_t);
unsigned pgp_hash(uint8_t *, pgp_hashalg_t, const void *, size_t);
void pgp_hash_add_int(pgp_hash_t *, unsigned, unsigned);
@ -199,13 +197,8 @@ void pgp_reader_pop_decrypt(pgp_stream_t *);
void pgp_reader_push_hash(pgp_stream_t *, pgp_hash_t *);
void pgp_reader_pop_hash(pgp_stream_t *);
#if defined(HAVE_OPENSSL)
int pgp_decrypt_decode_mpi(uint8_t *, unsigned, const BIGNUM *,
const BIGNUM *, const pgp_seckey_t *);
#elif defined(HAVE_GSKSSL)
int pgp_decrypt_decode_mpi(uint8_t *, unsigned, const gsk_buffer*,
const gsk_buffer*, const pgp_seckey_t *);
#endif
int pgp_decrypt_decode_mpi(uint8_t *, unsigned, const mp_int*,
const mp_int*, const pgp_seckey_t *);
unsigned pgp_rsa_encrypt_mpi(const uint8_t *, const size_t,
@ -258,12 +251,25 @@ pgp_validate_buf(
/* Keys */
pgp_key_t *pgp_rsa_new_selfsign_key(const int,
const unsigned long, uint8_t *, const char *,
const unsigned long,
const unsigned long,
uint8_t *,
const char *,
const char *);
unsigned pgp_rsa_generate_keypair(pgp_key_t *,
const int,
const unsigned long,
const unsigned long e,
const unsigned long n,
const char *,
const char *,
const uint8_t *,
const size_t);
unsigned pgp_dsa_generate_keypair(pgp_key_t *,
const int,
const unsigned long e,
const unsigned long n,
const char *,
const char *,
const uint8_t *,

@ -69,7 +69,7 @@ typedef struct pgp_key_t pgp_key_t;
*/
typedef struct pgp_keyring_t {
DYNARRAY(pgp_key_t, key);
pgp_hash_alg_t hashtype;
pgp_hashalg_t hashtype;
} pgp_keyring_t;
pgp_key_t *pgp_getkeybyid(pgp_io_t *,
@ -142,7 +142,7 @@ unsigned pgp_update_userid(
pgp_key_t *key,
const uint8_t *userid,
const pgp_subpacket_t *sigpkt,
pgp_sig_info_t *siginfo);
const pgp_sig_info_t *siginfo);
// pgp_subpacket_t *pgp_add_subpacket(pgp_key_t *,
// const pgp_subpacket_t *);
@ -162,7 +162,7 @@ int pgp_keyring_add(pgp_keyring_t *, const pgp_key_t *);
// int pgp_add_to_pubring(pgp_keyring_t *, const pgp_pubkey_t *, pgp_content_enum tag);
pgp_key_t *pgp_ensure_pubkey(
pgp_keyring_t *,
pgp_pubkey_t *,
pgp_pubkey_t,
uint8_t *);
pgp_key_t *pgp_ensure_seckey(
pgp_keyring_t *keyring,
@ -209,4 +209,7 @@ const pgp_key_rating_t pgp_key_get_rating(pgp_key_t *key);
unsigned
pgp_key_revoke(pgp_key_t *skey, pgp_key_t *pkey, uint8_t code, const char *reason);
int
pgp_add_crypted_to_secring(pgp_keyring_t *keyring, pgp_keyring_t *pubring, const pgp_seckey_t *seckey);
#endif /* KEYRING_H_ */

@ -31,6 +31,8 @@
#include <netpgp/config.h>
#include <netpgp/types.h>
#include <stdio.h>
#include <limits.h>
@ -71,7 +73,7 @@ void *pgp_new(size_t);
} while(/* CONSTCOND */0)
#if defined(HAVE_GSKSSL) && !defined(HAVE_OPENSSL)
#if defined(HAVE_CRYPTOKI) && !defined(HAVE_OPENSSL)
#define CAST_KEY_LENGTH 16
#define SHA_DIGEST_LENGTH 20
#define SHA224_DIGEST_LENGTH 28

@ -40,6 +40,7 @@
#else
#define SHA256_DIGEST_LENGTH 32
#define SHA512_DIGEST_LENGTH 64
#define SHA_DIGEST_LENGTH 20
#endif
/* Apple */

@ -153,7 +153,7 @@ unsigned pgp_limited_read(pgp_stream_t *, uint8_t *, size_t, pgp_region_t *,
unsigned pgp_stacked_limited_read(pgp_stream_t *, uint8_t *, unsigned,
pgp_region_t *, pgp_error_t **,
pgp_reader_t *, pgp_cbdata_t *);
void pgp_parse_hash_init(pgp_stream_t *, pgp_hash_alg_t,
void pgp_parse_hash_init(pgp_stream_t *, pgp_hashalg_t,
const uint8_t *);
void pgp_parse_hash_data(pgp_stream_t *, const void *, size_t);
void pgp_parse_hash_finish(pgp_stream_t *);

@ -88,7 +88,7 @@ const char *pgp_show_pka(pgp_pubkey_alg_t);
const char *pgp_show_ss_zpref(uint8_t);
const char *pgp_show_hash_alg(uint8_t);
const char *pgp_show_hashalg(uint8_t);
const char *pgp_show_symm_alg(uint8_t);
pgp_text_t *pgp_showall_ss_skapref(const pgp_data_t *);

@ -58,20 +58,9 @@
#include <time.h>
#ifdef HAVE_OPENSSL_BN_H
#include <openssl/bn.h>
#endif
#ifdef HAVE_OPENSSL_OSSL_TYP_H
#include <openssl/ossl_typ.h>
#endif
#include "types.h"
#include "errors.h"
#if defined(HAVE_GSKSSL) && !defined(HAVE_OPENSSL)
#include <gsktypes.h>
#endif
#include <netpgp/bn.h>
#include <netpgp/types.h>
#include <netpgp/errors.h>
/*
** Check to see if this machine uses EBCDIC. (Yes, believe it or
@ -392,19 +381,11 @@ typedef enum {
* \see RFC4880 5.5.2
*/
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *p; /* DSA prime p */
BIGNUM *q; /* DSA group order q */
BIGNUM *g; /* DSA group generator g */
BIGNUM *y; /* DSA public key value y (= g^x mod p
mp_int *p; /* DSA prime p */
mp_int *q; /* DSA group order q */
mp_int *g; /* DSA group generator g */
mp_int *y; /* DSA public key value y (= g^x mod p
* with x being the secret) */
#elif defined(HAVE_GSKSSL)
gsk_buffer *p; /* DSA prime p */
gsk_buffer *q; /* DSA group order q */
gsk_buffer *g; /* DSA group generator g */
gsk_buffer *y; /* DSA public key value y (= g^x mod p
* with x being the secret) */
#endif
} pgp_dsa_pubkey_t;
/** Structure to hold an RSA public key.
@ -412,13 +393,8 @@ typedef struct {
* \see RFC4880 5.5.2
*/
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *n; /* RSA public modulus n */
BIGNUM *e; /* RSA public encryption exponent e */
#elif defined(HAVE_GSKSSL)
gsk_buffer *n; /* RSA public modulus n */
gsk_buffer *e; /* RSA public encryption exponent e */
#endif
mp_int *n; /* RSA public modulus n */
mp_int *e; /* RSA public encryption exponent e */
} pgp_rsa_pubkey_t;
/** Structure to hold an ElGamal public key params.
@ -426,17 +402,10 @@ typedef struct {
* \see RFC4880 5.5.2
*/
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *p; /* ElGamal prime p */
BIGNUM *g; /* ElGamal group generator g */
BIGNUM *y; /* ElGamal public key value y (= g^x mod p
mp_int *p; /* ElGamal prime p */
mp_int *g; /* ElGamal group generator g */
mp_int *y; /* ElGamal public key value y (= g^x mod p
* with x being the secret) */
#elif defined(HAVE_GSKSSL)
gsk_buffer *p; /* ElGamal prime p */
gsk_buffer *g; /* ElGamal group generator g */
gsk_buffer *y; /* ElGamal public key value y (= g^x mod p
* with x being the secret) */
#endif
} pgp_elgamal_pubkey_t;
/** Structure to hold an ECDH public key params.
@ -444,11 +413,7 @@ typedef struct {
* \see RFC8037 (page 9)
*/
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *x;
#elif defined(HAVE_GSKSSL)
gsk_buffer *x;
#endif
mp_int *x;
} pgp_ecdh_pubkey_t;
/** Version.
@ -484,48 +449,28 @@ typedef struct {
/** Structure to hold data for one RSA secret key
*/
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *d;
BIGNUM *p;
BIGNUM *q;
BIGNUM *u;
#elif defined(HAVE_GSKSSL)
gsk_buffer *d;
gsk_buffer *p;
gsk_buffer *q;
gsk_buffer *u;
#endif
mp_int *d;
mp_int *p;
mp_int *q;
mp_int *u;
} pgp_rsa_seckey_t;
/** pgp_dsa_seckey_t */
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *x;
#elif defined(HAVE_GSKSSL)
gsk_buffer *x;
#endif
mp_int *x;
} pgp_dsa_seckey_t;
/** pgp_elgamal_seckey_t */
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *x;
#elif defined(HAVE_GSKSSL)
gsk_buffer *x;
#endif
mp_int *x;
} pgp_elgamal_seckey_t;
/** pgp_ecdh_seckey_t
* According to RFC8037 (page 9)
* */
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *d;
BIGNUM *x;
#elif defined(HAVE_GSKSSL)
gsk_buffer *d;
gsk_buffer *x;
#endif
mp_int *d;
mp_int *x;
} pgp_ecdh_seckey_t;
/** s2k_usage_t
@ -588,7 +533,7 @@ typedef enum {
PGP_HASH_SHA384 = 9, /* SHA384 */
PGP_HASH_SHA512 = 10, /* SHA512 */
PGP_HASH_SHA224 = 11 /* SHA224 */
} pgp_hash_alg_t;
} pgp_hashalg_t;
#define PGP_DEFAULT_HASH_ALGORITHM PGP_HASH_SHA256
@ -597,7 +542,7 @@ void pgp_calc_mdc_hash(const uint8_t *,
const uint8_t *,
const unsigned,
uint8_t *);
unsigned pgp_is_hash_alg_supported(const pgp_hash_alg_t *);
unsigned pgp_is_hashalg_supported(const pgp_hashalg_t *);
/* Maximum block size for symmetric crypto */
#define PGP_MAX_BLOCK_SIZE 16
@ -660,7 +605,7 @@ typedef struct pgp_seckey_t {
pgp_s2k_usage_t s2k_usage;
pgp_s2k_specifier_t s2k_specifier;
pgp_symm_alg_t alg; /* symmetric alg */
pgp_hash_alg_t hash_alg; /* hash algorithm */
pgp_hashalg_t hashalg; /* hash algorithm */
uint8_t salt[PGP_SALT_SIZE];
unsigned octetc;
uint8_t iv[PGP_MAX_BLOCK_SIZE];
@ -720,42 +665,24 @@ typedef enum {
/** Struct to hold params of an RSA signature */
typedef struct pgp_rsa_sig_t {
#if defined(HAVE_OPENSSL)
BIGNUM *sig; /* the signature value (m^d % n) */
#elif defined(HAVE_GSKSSL)
gsk_buffer *sig; /* the signature value (m^d % n) */
#endif
mp_int *sig; /* the signature value (m^d % n) */
} pgp_rsa_sig_t;
/** Struct to hold params of a DSA signature */
typedef struct pgp_dsa_sig_t {
#if defined(HAVE_OPENSSL)
BIGNUM *r; /* DSA value r */
BIGNUM *s; /* DSA value s */
#elif defined(HAVE_GSKSSL)
gsk_buffer *r; /* DSA value r */
gsk_buffer *s; /* DSA value s */
#endif
mp_int *r; /* DSA value r */
mp_int *s; /* DSA value s */
} pgp_dsa_sig_t;
/** pgp_elgamal_signature_t */
typedef struct pgp_elgamal_sig_t {
#if defined(HAVE_OPENSSL)
BIGNUM *r;
BIGNUM *s;
#elif defined(HAVE_GSKSSL)
gsk_buffer *r;
gsk_buffer *s;
#endif
mp_int *r;
mp_int *s;
} pgp_elgamal_sig_t;
/** pgp_ecdh_signature_t */
typedef struct pgp_ecdh_sig_t {
#if defined(HAVE_OPENSSL)
BIGNUM *s;
#elif defined(HAVE_GSKSSL)
gsk_buffer *s;
#endif
mp_int *s;
} pgp_ecdh_sig_t;
#define PGP_KEY_ID_SIZE 8
@ -776,7 +703,7 @@ typedef struct pgp_sig_info_t {
uint8_t signer_id[PGP_KEY_ID_SIZE]; /* Eight-octet key ID of signer */
uint8_t signer_fpr[PGP_FINGERPRINT_SIZE]; /* Eight-octet key ID of signer */
pgp_pubkey_alg_t key_alg; /* public key algorithm number */
pgp_hash_alg_t hash_alg; /* hashing algorithm number */
pgp_hashalg_t hashalg; /* hashing algorithm number */
union {
pgp_rsa_sig_t rsa; /* An RSA Signature */
pgp_dsa_sig_t dsa; /* A DSA Signature */
@ -838,7 +765,7 @@ typedef struct pgp_ss_notation_t {
/** Signature Subpacket : Signature Target */
typedef struct pgp_ss_sig_target_t {
pgp_pubkey_alg_t pka_alg;
pgp_hash_alg_t hash_alg;
pgp_hashalg_t hashalg;
pgp_data_t hash;
} pgp_ss_sig_target_t;
@ -854,7 +781,7 @@ typedef enum {
typedef struct {
uint8_t version;
pgp_sig_type_t sig_type;
pgp_hash_alg_t hash_alg;
pgp_hashalg_t hashalg;
pgp_pubkey_alg_t key_alg;
uint8_t keyid[PGP_KEY_ID_SIZE];
unsigned nested;
@ -933,24 +860,14 @@ enum {
/** pgp_pk_sesskey_params_rsa_t */
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *encrypted_m;
BIGNUM *m;
#elif defined(HAVE_GSKSSL)
gsk_buffer *encrypted_m;
gsk_buffer *m;
#endif
mp_int *encrypted_m;
mp_int *m;
} pgp_pk_sesskey_params_rsa_t;
/** pgp_pk_sesskey_params_elgamal_t */
typedef struct {
#if defined(HAVE_OPENSSL)
BIGNUM *g_to_k;
BIGNUM *encrypted_m;
#elif defined(HAVE_GSKSSL)
gsk_buffer *g_to_k;
gsk_buffer *encrypted_m;
#endif
mp_int *g_to_k;
mp_int *encrypted_m;
} pgp_pk_sesskey_params_elgamal_t;
/** pgp_pk_sesskey_params_t */
@ -1052,15 +969,15 @@ struct pgp_packet_t {
typedef struct {
uint8_t fingerprint[PGP_FINGERPRINT_SIZE];
unsigned length;
pgp_hash_alg_t hashtype;
pgp_hashalg_t hashtype;
} pgp_fingerprint_t;
int pgp_keyid(uint8_t *, const size_t, const pgp_pubkey_t *, pgp_hash_alg_t);
int pgp_fingerprint(pgp_fingerprint_t *, const pgp_pubkey_t *, pgp_hash_alg_t);
int pgp_keyid(uint8_t *, const size_t, const pgp_pubkey_t, pgp_hashalg_t);
int pgp_fingerprint(pgp_fingerprint_t *, const pgp_pubkey_t, pgp_hashalg_t);
void pgp_finish(void);
void pgp_pubkey_free(pgp_pubkey_t *);
int pgp_pubkey_dup(pgp_pubkey_t *,pgp_pubkey_t *);
int pgp_pubkey_dup(pgp_pubkey_t *,pgp_pubkey_t);
void pgp_userid_free(uint8_t **);
void pgp_data_free(pgp_data_t *);
void pgp_sig_free(pgp_sig_t *);

@ -1,12 +1,19 @@
#ifndef _GSKSSL_GLUE_H
#define _GSKSSL_GLUE_H
#ifndef _CRYPTOKI_GLUE_H
#define _CRYPTOKI_GLUE_H
#include <netpgp/bn.h>
#include <netpgp/types.h>
#include <stdio.h>
#include <stdlib.h>
#if defined(HAVE_CRYPTOKI_MAINFRAME)
#include <csnpdefs.h>
#include <gskcms.h>
#include <csfbext.h>
#else
#include <p11-kit/pkcs11.h>
#endif
#include <dlfcn.h>
#define CAST_KEY_LENGTH 16
@ -29,9 +36,11 @@
#define MAXPATHLEN _POSIX_PATH_MAX
#endif
CK_FUNCTION_LIST *funcs;
extern CK_FUNCTION_LIST *funcs;
CK_RV getSession(CK_SESSION_HANDLE *session);
CK_RV getFunctionList(void);
CK_RV getMechanismInfo (CK_MECHANISM_TYPE type, CK_MECHANISM_INFO_PTR pInfo);
CK_RV extractKeyValue ( CK_SESSION_HANDLE session, mp_int** dst, CK_OBJECT_HANDLE, CK_ATTRIBUTE_TYPE );
#endif

@ -90,7 +90,7 @@ void pgp_sig_start_key_sig(pgp_create_sig_t *,
pgp_sig_type_t);
void pgp_start_sig(pgp_create_sig_t *,
const pgp_seckey_t *,
const pgp_hash_alg_t,
const pgp_hashalg_t,
const pgp_sig_type_t);
void pgp_sig_add_data(pgp_create_sig_t *, const void *, size_t);

@ -49,10 +49,14 @@
#ifndef TYPES_H_
#define TYPES_H_