Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/netpgp/dist/src/lib adding initial suppo...
details: https://anonhg.NetBSD.org/src/rev/6e39c29d22d0
branches: trunk
changeset: 369642:6e39c29d22d0
user: jhigh <jhigh%NetBSD.org@localhost>
date: Fri Aug 26 19:18:38 2022 +0000
description:
adding initial support for ECDSA (19) to netpgp. tested using p256/sha256, p384/sha384, and p521/sha512
diffstat:
crypto/external/bsd/netpgp/dist/src/lib/create.c | 7 +-
crypto/external/bsd/netpgp/dist/src/lib/crypto.h | 10 +
crypto/external/bsd/netpgp/dist/src/lib/misc.c | 86 ++++++++-
crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h | 4 +
crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c | 151 ++++++++++++++-
crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c | 43 ++++-
crypto/external/bsd/netpgp/dist/src/lib/packet-print.c | 13 +-
crypto/external/bsd/netpgp/dist/src/lib/packet-show.c | 4 +-
crypto/external/bsd/netpgp/dist/src/lib/packet.h | 26 ++-
crypto/external/bsd/netpgp/dist/src/lib/signature.c | 84 ++++++++-
crypto/external/bsd/netpgp/dist/src/lib/version.h | 2 +-
11 files changed, 418 insertions(+), 12 deletions(-)
diffs (truncated from 754 to 300 lines):
diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/create.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/create.c Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/create.c Fri Aug 26 19:18:38 2022 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.38 2010/11/15 08:03:39 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.39 2022/08/26 19:18:38 jhigh Exp $");
#endif
#include <sys/types.h>
@@ -250,6 +250,11 @@
pgp_write_mpi(output, key->key.dsa.g) &&
pgp_write_mpi(output, key->key.dsa.y);
+ case PGP_PKA_ECDSA:
+ return pgp_write(output, &key->key.ecdsa.len, 1) &&
+ pgp_write(output, key->key.ecdsa.oid, key->key.ecdsa.len) &&
+ pgp_write_mpi(output, key->key.ecdsa.p);
+
case PGP_PKA_RSA:
case PGP_PKA_RSA_ENCRYPT_ONLY:
case PGP_PKA_RSA_SIGN_ONLY:
diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/crypto.h
--- a/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Fri Aug 26 19:18:38 2022 +0000
@@ -58,7 +58,9 @@
#include "memory.h"
#include "packet-parse.h"
+#include <openssl/evp.h>
#include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
#define PGP_MIN_HASH_SIZE 16
@@ -119,6 +121,10 @@
const pgp_dsa_sig_t *,
const pgp_dsa_pubkey_t *);
+unsigned pgp_ecdsa_verify(const uint8_t *, size_t,
+ const pgp_ecdsa_sig_t *,
+ const pgp_ecdsa_pubkey_t *);
+
int pgp_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t,
const pgp_rsa_pubkey_t *);
int pgp_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t,
@@ -214,6 +220,10 @@
const pgp_dsa_seckey_t *,
const pgp_dsa_pubkey_t *);
+ECDSA_SIG *pgp_ecdsa_sign(uint8_t *, unsigned,
+ const pgp_ecdsa_seckey_t *,
+ const pgp_ecdsa_pubkey_t *);
+
int openssl_read_pem_seckey(const char *, pgp_key_t *, const char *, int);
/** pgp_reader_t */
diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/misc.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/misc.c Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/misc.c Fri Aug 26 19:18:38 2022 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: misc.c,v 1.43 2020/04/18 19:27:48 jhigh Exp $");
+__RCSID("$NetBSD: misc.c,v 1.44 2022/08/26 19:18:38 jhigh Exp $");
#endif
#include <sys/types.h>
@@ -96,6 +96,18 @@
#define vsnprintf _vsnprintf
#endif
+struct ecdsa_map {
+ char *sname;
+ int nid;
+ int bits;
+ int len;
+ uint8_t oid[8];
+} ecdsa_map[] = {
+ { "P-256", NID_X9_62_prime256v1, 256, 8, {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07} },
+ { "P-384", NID_secp384r1, 384, 5, {0x2B, 0x81, 0x04, 0x00, 0x22} },
+ { "P-521", NID_secp521r1, 521, 5, {0x2B, 0x81, 0x04, 0x00, 0x23} },
+ { NULL, 0, 0, 0, {0} }
+};
typedef struct {
pgp_keyring_t *keyring;
@@ -1364,3 +1376,75 @@
}
return n;
}
+
+int
+ecdsa_nid(const pgp_ecdsa_pubkey_t * pub)
+{
+ int i;
+
+ for (i = 0; ecdsa_map[i].sname; i++ ) {
+ if (pub->len == ecdsa_map[i].len) {
+ if (memcmp(pub->oid, ecdsa_map[i].oid, pub->len) == 0) {
+ return ecdsa_map[i].nid;
+ }
+ }
+ }
+ return -1;
+}
+
+int
+ecdsa_numbits(const pgp_ecdsa_pubkey_t * pub)
+{
+ int i;
+
+ for (i = 0; ecdsa_map[i].sname; i++ ) {
+ if (pub->len == ecdsa_map[i].len) {
+ if (memcmp(pub->oid, ecdsa_map[i].oid, pub->len) == 0) {
+ return ecdsa_map[i].bits;
+ }
+ }
+ }
+ return -1;
+}
+
+int
+ecdsa_hashsize(const pgp_ecdsa_pubkey_t * pub)
+{
+ int bits;
+
+ bits = ecdsa_numbits(pub);
+
+ if (bits == -1) {
+ return -1;
+ }
+
+ return (bits/8) - (bits%8);
+}
+
+pgp_hash_alg_t
+ecdsa_hashalg(const pgp_ecdsa_pubkey_t * pub)
+{
+ int nid;
+
+ if (pub == NULL) {
+ return PGP_HASH_UNKNOWN;
+ }
+
+ nid = ecdsa_nid(pub);
+
+ switch (nid) {
+ case NID_X9_62_prime256v1:
+ return PGP_HASH_SHA256;
+
+ case NID_secp384r1:
+ return PGP_HASH_SHA384;
+
+ case NID_secp521r1:
+ return PGP_HASH_SHA512;
+
+ default:
+ (void) fprintf(stderr, "ecdsa_hashalg: unknown NID\n");
+ }
+
+ return PGP_HASH_UNKNOWN;
+}
diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h
--- a/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h Fri Aug 26 19:18:38 2022 +0000
@@ -74,5 +74,9 @@
int netpgp_strcasecmp(const char *, const char *);
char *netpgp_strdup(const char *);
+int ecdsa_numbits(const pgp_ecdsa_pubkey_t *);
+int ecdsa_nid(const pgp_ecdsa_pubkey_t *);
+pgp_hash_alg_t ecdsa_hashalg(const pgp_ecdsa_pubkey_t *);
+int ecdsa_hashsize(const pgp_ecdsa_pubkey_t *);
#endif
diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Fri Aug 26 19:18:38 2022 +0000
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: openssl_crypto.c,v 1.34 2018/02/05 23:56:01 christos Exp $");
+__RCSID("$NetBSD: openssl_crypto.c,v 1.35 2022/08/26 19:18:38 jhigh Exp $");
#endif
#ifdef HAVE_OPENSSL_DSA_H
@@ -87,6 +87,7 @@
#include "readerwriter.h"
#include "netpgpdefs.h"
#include "netpgpdigest.h"
+#include "netpgpsdk.h"
#include "packet.h"
static void
@@ -223,6 +224,103 @@
sk->x = BN_dup(x);
}
+static ECDSA_SIG *
+makeECDSADSA_SIG(const pgp_ecdsa_sig_t *sig)
+{
+ ECDSA_SIG *osig;
+ BIGNUM *r, *s;
+
+ osig = ECDSA_SIG_new();
+ r = BN_dup(sig->r);
+ s = BN_dup(sig->s);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ ECDSA_SIG_set0(osig, r, s);
+#else
+ BN_free(osig->r);
+ BN_free(osig->s);
+ osig->r = r;
+ osig->s = s;
+#endif
+
+ return osig;
+}
+
+static EC_KEY *
+makeECDSA(const pgp_ecdsa_pubkey_t *ecdsa, const pgp_ecdsa_seckey_t *sececdsa)
+{
+ EC_KEY *key;
+ BIGNUM *x;
+ BIGNUM *y;
+ EC_GROUP *group;
+ EC_POINT *pub_key;
+ EC_POINT *point;
+ int nid;
+
+ key = EC_KEY_new();
+ x = BN_new();
+ y = BN_new();
+
+ nid = ecdsa_nid(ecdsa);
+ if (nid == -1) {
+ (void) fprintf(stderr,"makeECDSA: failed to determine NID\n");
+ return 0;
+ }
+
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL) {
+ (void) fprintf(stderr,"makeECDSA: failed to get group for specified NID\n");
+ return 0;
+ }
+
+ pub_key = EC_POINT_new(group);
+ if (pub_key == NULL) {
+ (void) fprintf(stderr,"makeECDSA: failed to alloc point\n");
+ return 0;
+ }
+
+ point = EC_POINT_bn2point(group, ecdsa->p, NULL, NULL);
+ if (point == NULL) {
+ (void) fprintf(stderr,"makeECDSA: failed to conv BN to point\n");
+ return 0;
+ }
+
+
+ if ((EC_POINT_get_affine_coordinates(group, point, x, y, NULL)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to get coordinates from point\n");
+ return 0;
+ }
+
+ if ((EC_POINT_set_affine_coordinates(group, pub_key, x, y, NULL)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to set coordinates from point\n");
+ return 0;
+ }
+
+ if ((EC_KEY_set_group(key, group)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to set group for key\n");
+ return 0;
+ }
+
+ if ((EC_KEY_set_public_key(key, pub_key)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to set pubkey for key\n");
+ return 0;
+ }
+
+ if (sececdsa) {
+ if ((EC_KEY_set_private_key(key, sececdsa->x)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to set seckey for key\n");
+ return 0;
+ }
+
+ if ((EC_POINT_mul(group, pub_key, sececdsa->x, NULL, NULL, NULL)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to calculate generator\n");
+ return 0;
+ }
+ }
+
+ return key;
+}
+
Home |
Main Index |
Thread Index |
Old Index