[src/agc-netpgp-standalone]: src/crypto/external/bsd/netpgp/dist/src/libverif...

[agc <agc%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/5a92acc5108a
branches:  agc-netpgp-standalone
changeset: 777801:5a92acc5108a
user:      agc <agc%NetBSD.org@localhost>
date:      Sun May 06 17:49:30 2012 +0000

description:
Add a library solely consisting of signature verification functions.

This is because verfiication is a much more common occurrence than signing,
and requires only public keys to accomplish. Keeping this in its own library
allows the small library to be linked into applications without also linking
every kind of other function.

diffstat:

 crypto/external/bsd/netpgp/dist/src/libverify/Makefile          |   10 +
 crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3 |   72 ++++
 crypto/external/bsd/netpgp/dist/src/libverify/verify.c          |  145 ++++++++++
 crypto/external/bsd/netpgp/dist/src/libverify/verify.h          |   47 +++
 4 files changed, 274 insertions(+), 0 deletions(-)

diffs (290 lines):

diff -r 3d9a6ca74b34 -r 5a92acc5108a crypto/external/bsd/netpgp/dist/src/libverify/Makefile
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/Makefile    Sun May 06 17:49:30 2012 +0000
@@ -0,0 +1,10 @@
+LIB=netpgpverify
+SRCS= verify.c
+CPPFLAGS+=-I${.CURDIR}/../bn -I${.CURDIR}/../rsa
+MKMAN=no
+WARNS=4
+
+INCS=verify.h
+INCSDIR=/usr/include/netpgp
+
+.include <bsd.lib.mk>
diff -r 3d9a6ca74b34 -r 5a92acc5108a crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/libnetpgpverify.3   Sun May 06 17:49:30 2012 +0000
@@ -0,0 +1,72 @@
+.\" $NetBSD: libnetpgpverify.3,v 1.1.2.1 2012/05/06 17:49:30 agc Exp $
+.\"
+.\" Copyright (c) 2012 Alistair Crooks <agc%NetBSD.org@localhost>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd April 13, 2012
+.Dt LIBNETPGPVERIFY 3
+.Os
+.Sh NAME
+.Nm libnetpgpverify
+.Nd BIGNUM library of multi-precision integers
+.Sh LIBRARY
+.Lb libnetpgpverify
+.Sh SYNOPSIS
+.In netpgp/verify.h
+.Ft int
+.Fo RSA_public_decrypt
+.Fa "int siglen" "const uint8_t *signature" "uint8_t *to" "RSA *rsa" "int padding"
+.Fc
+.Sh DESCRIPTION
+.Nm
+is a very small library which isolates out the code
+to verify an
+.Dv RSA
+signature.
+It has been kept deliberately small and with few prerequisites to allow
+this library to be embedded easily in other applications and libraries.
+.Pp
+The
+.Fo RSA_public_decrypt
+function reads the message digest from
+.Dv siglen
+bytes of the
+.Dv signature
+using the signer's public key in
+.Dv rsa
+and places the resulting digest in
+.Dv to
+which must be long enough to hold the digest.
+.Dv padding
+was the padding with which the digest was originally calculated.
+.Sh SEE ALSO
+.Xr bn 3
+.Xr libnetpgpbn 3
+.Xr libnetpgprsa 3
+.Sh HISTORY
+The
+.Nm
+library first appeared in
+.Nx 7.0 .
+.Sh AUTHORS
+.An Alistair Crooks Aq agc%NetBSD.org@localhost
diff -r 3d9a6ca74b34 -r 5a92acc5108a crypto/external/bsd/netpgp/dist/src/libverify/verify.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/verify.c    Sun May 06 17:49:30 2012 +0000
@@ -0,0 +1,145 @@
+/*-
+ * Copyright (c) 2012 Alistair Crooks <agc%NetBSD.org@localhost>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/types.h>
+#include <sys/syslog.h>
+
+#ifdef _KERNEL
+# include <sys/kmem.h>
+# define logmessage    log
+#else
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# include <unistd.h>
+#endif
+
+#include "misc.h"
+#include "rsa.h"
+#include "verify.h"
+
+#ifndef USE_ARG
+#define USE_ARG(x)     /*LINTED*/(void)&(x)
+#endif
+
+#define RSA_MAX_MODULUS_BITS   16384
+#define RSA_SMALL_MODULUS_BITS 3072
+#define RSA_MAX_PUBEXP_BITS    64 /* exponent limit enforced for "large" modulus only */
+
+static int
+rsa_padding_check_none(uint8_t *to, int tlen, const uint8_t *from, int flen, int num)
+{
+       USE_ARG(num);
+       if (flen > tlen) {
+               printf("r too large\n");
+               return -1;
+       }
+       (void) memset(to, 0x0, tlen - flen);
+       (void) memcpy(to + tlen - flen, from, flen);
+       return tlen;
+}
+
+static int
+lowlevel_rsa_public_decrypt(const uint8_t *encbuf, int enclen, uint8_t *dec, const rsa_pubkey_t *rsa)
+{
+       uint8_t         *decbuf;
+       BIGNUM          *decbn;
+       BIGNUM          *encbn;
+       int              decbytes;
+       int              nbytes;
+       int              r;
+
+       nbytes = 0;
+       r = -1;
+       decbuf = NULL;
+       decbn = encbn = NULL;
+       if (BN_num_bits(rsa->n) > RSA_MAX_MODULUS_BITS) {
+               printf("rsa r modulus too large\n");
+               goto err;
+       }
+       if (BN_cmp(rsa->n, rsa->e) <= 0) {
+               printf("rsa r bad n value\n");
+               goto err;
+       }
+       if (BN_num_bits(rsa->n) > RSA_SMALL_MODULUS_BITS &&
+           BN_num_bits(rsa->e) > RSA_MAX_PUBEXP_BITS) {
+               printf("rsa r bad exponent limit\n");
+               goto err;
+       }
+       if ((encbn = BN_new()) == NULL ||
+           (decbn = BN_new()) == NULL ||
+           (decbuf = netpgp_allocate(1, nbytes = BN_num_bytes(rsa->n))) == NULL) {
+               printf("allocation failure\n");
+               goto err;
+       }
+       if (enclen > nbytes) {
+               printf("rsa r > mod len\n");
+               goto err;
+       }
+       if (BN_bin2bn(encbuf, enclen, encbn) == NULL) {
+               printf("null encrypted BN\n");
+               goto err;
+       }
+       if (BN_cmp(encbn, rsa->n) >= 0) {
+               printf("rsa r data too large for modulus\n");
+               goto err;
+       }
+       if (BN_mod_exp(decbn, encbn, rsa->e, rsa->n, NULL) < 0) {
+               printf("BN_mod_exp < 0\n");
+               goto err;
+       }
+       decbytes = BN_num_bytes(decbn);
+       (void) BN_bn2bin(decbn, decbuf);
+       if ((r = rsa_padding_check_none(dec, nbytes, decbuf, decbytes, 0)) < 0) {
+               printf("rsa r padding check failed\n");
+       }
+err:
+       BN_free(encbn);
+       BN_free(decbn);
+       if (decbuf != NULL) {
+               (void) memset(decbuf, 0x0, nbytes);
+               netpgp_deallocate(decbuf, nbytes);
+       }
+       return r;
+}
+
+/* verify */
+int
+RSA_public_decrypt(int enclen, const unsigned char *enc, unsigned char *dec, RSA *rsa, int padding)
+{
+       rsa_pubkey_t    pub;
+       int             ret;
+
+       if (enc == NULL || dec == NULL || rsa == NULL) {
+               return 0;
+       }
+       USE_ARG(padding);
+       (void) memset(&pub, 0x0, sizeof(pub));
+       pub.n = BN_dup(rsa->n);
+       pub.e = BN_dup(rsa->e);
+       ret = lowlevel_rsa_public_decrypt(enc, enclen, dec, &pub);
+       BN_free(pub.n);
+       BN_free(pub.e);
+       return ret;
+}
diff -r 3d9a6ca74b34 -r 5a92acc5108a crypto/external/bsd/netpgp/dist/src/libverify/verify.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/libverify/verify.h    Sun May 06 17:49:30 2012 +0000
@@ -0,0 +1,47 @@
+/*-
+ * Copyright (c) 2012 Alistair Crooks <agc%NetBSD.org@localhost>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef VERIFY_H_
+#define VERIFY_H_      20120325
+
+#include "bn.h"
+#include "rsa.h"
+
+#ifndef __BEGIN_DECLS
+#  if defined(__cplusplus)
+#  define __BEGIN_DECLS           extern "C" {
+#  define __END_DECLS             }
+#  else
+#  define __BEGIN_DECLS
+#  define __END_DECLS
+#  endif
+#endif
+
+__BEGIN_DECLS
+
+int RSA_public_decrypt(int flen, const uint8_t *from, uint8_t *to, RSA *rsa, int padding);
+
+__END_DECLS
+
+#endif