/* generate DES key */ static int desGenKey( const TestParams *testParams, B_KEY_OBJ *desKey) { int brtn; uint8 keyBytes[KEY_SIZE_BYTES]; CSSM_DATA keyData = {KEY_SIZE_BYTES, keyBytes}; B_DestroyKeyObject(desKey); brtn = B_CreateKeyObject(desKey); if(brtn) { printf("***Error on B_CreateKeyObject (%d)\n", brtn); return 1; } #if SAFE_RAND_DATA threadGetRandData(testParams, &keyData, KEY_SIZE_BYTES); #else simpleGenData(&keyData, KEY_SIZE_BYTES, KEY_SIZE_BYTES); #endif brtn = B_SetKeyInfo(*desKey, KI_DES8, (POINTER)keyBytes); if(brtn) { printf("***Error on B_SetKeyInfo (%d)\n", brtn); return 1; } return 0; }
/* Initialize BSafe pubkey structure from a RSApub. */ static int rpubk_init(B_KEY_OBJ rpubk, RSApub const *pub, PGPMemoryMgrRef mgr) { A_RSA_KEY kdata; PGPByte *buf; PGPSize bufsize; int err; bufsize = bnBytes(&pub->n) + bnBytes(&pub->e); buf = PGPNewSecureData( mgr, bufsize, 0 ); kdata.modulus.data = buf; kdata.modulus.len = bnBytes(&pub->n); kdata.exponent.data = buf + kdata.modulus.len; kdata.exponent.len = bnBytes(&pub->e); bnExtractBigBytes (&pub->n, kdata.modulus.data, 0, kdata.modulus.len); bnExtractBigBytes (&pub->e, kdata.exponent.data, 0, kdata.exponent.len); err = B_SetKeyInfo (rpubk, KI_RSAPublic, (POINTER)&kdata); pgpAssert (err == 0); pgpClearMemory (buf, bufsize); PGPFreeData (buf); return err; }
/* form of *info varies per bKeyInfo */ void BSafe::BSafeContext::setKeyAtom( B_INFO_TYPE bKeyInfo, const void *info) { /* debug only */ if((bKeyInfo == KI_RSAPublicBER) || (bKeyInfo == KI_RSAPublic)) { printf("Aargh! Unhandled KI_RSAPublic!\n"); CssmError::throwMe(CSSMERR_CSP_INVALID_KEY); } assert(bKeyInfo != KI_RSAPublicBER); // handled elsewhere for now assert(bKeyInfo != KI_RSAPublic); // handled elsewhere for now createBsKey(); check(B_SetKeyInfo(bsKey, bKeyInfo, POINTER(info)), true); }
/* cook up a Binary key */ void BSafe::BSafeKeyInfoProvider::CssmKeyToBinary( CssmKey *paramKey, // optional, ignored CSSM_KEYATTR_FLAGS &attrFlags, // IN/OUT BinaryKey **binKey) { *binKey = NULL; const CSSM_KEYHEADER *hdr = &mKey.KeyHeader; assert(hdr->BlobType == CSSM_KEYBLOB_RAW); B_INFO_TYPE bsType; CSSM_KEYBLOB_FORMAT format; bool isPub; switch(hdr->KeyClass) { case CSSM_KEYCLASS_PUBLIC_KEY: isPub = true; break; case CSSM_KEYCLASS_PRIVATE_KEY: isPub = false; break; default: // someone else's key CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); } if(!bsafeAlgToInfoType(hdr->AlgorithmId, isPub, bsType, format)) { // someone else's key CssmError::throwMe(CSSMERR_CSP_INVALID_ALGORITHM); } if(hdr->Format != format) { dprintf0("BSafe::cssmKeyToBinary: format mismatch\n"); CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); } BSafeBinaryKey *bsBinKey = new BSafeBinaryKey(isPub, hdr->AlgorithmId); // set up key material as appropriate if(format == CSSM_KEYBLOB_RAW_FORMAT_PKCS1) { /* special case, decode the PKCS1 format blob */ BS_setKeyPkcs1(mKey, bsBinKey->bsKey()); } else { /* normal case, use key blob as is */ BSafeItem item(mKey.KeyData); BSafe::check( B_SetKeyInfo(bsBinKey->bsKey(), bsType, POINTER(&item)), true); } *binKey = bsBinKey; }
int read_priv_key (FILE * privring, PRIVATE_KEY * privkey, unsigned char *newID) { unsigned char line[1024]; int i, err, len, length; unsigned char iv[20]; unsigned char *temp, *temp2; byte digest[16], *byteptr; byte des3key[24]; BUFFER *buff; #ifdef USE_RSAREF R_DIGEST_CTX digest_context; DES3_CBC_CTX context; #else B_ALGORITHM_OBJ digest_obj; B_ALGORITHM_OBJ des_obj; B_KEY_OBJ key_obj; A_PKCS_RSA_PRIVATE_KEY keyinfo; #endif buff = new_buffer (); /* read in the length */ if ((temp = getline (line, sizeof (line), privring)) == NULL) return -1; sscanf (line, "%d", &length); /* Read in iv */ if (((temp = getline (line, sizeof (line), privring)) == NULL) || (decode_block (iv, &len, line, strlen (line)))) return -1; if ((temp = getline (line, sizeof (line), privring)) == NULL) return -1; while (temp != NULL && !streq (line, end_key)) { add_to_buffer (buff, line, strlen (line)); temp = getline (line, sizeof (line), privring); } temp = malloc (buff->length); temp2 = malloc (buff->length); if (decode_block (temp, &len, buff->message, buff->length) != 0) return -1; if (len < length) { fprintf (errlog, "Error: recovered key is too small!\n"); return (-2); } /* decrypt key */ #ifdef USE_RSAREF R_DigestInit (&digest_context, DA_MD5); R_DigestUpdate (&digest_context, PASSPHRASE, strlen (PASSPHRASE)); R_DigestFinal (&digest_context, digest, &i); memcpy (des3key, digest, 16); /* set first 2 keys */ memcpy (des3key + 16, digest, 8); /* third key = first key */ DES3_CBCInit (&context, des3key, iv, 0); while (len % 8 != 0) len++; /* align on block boundry */ err = DES3_CBCUpdate (&context, temp2, temp, len); #else B_CreateAlgorithmObject (&digest_obj); B_SetAlgorithmInfo (digest_obj, AI_MD5, NULL); B_DigestInit (digest_obj, NULL, CHOOSER, NULL); B_DigestUpdate (digest_obj, PASSPHRASE, strlen (PASSPHRASE), NULL); B_DigestFinal (digest_obj, digest, &i, 16, NULL); B_DestroyAlgorithmObject (&digest_obj); memcpy (des3key, digest, 16); /* set first 2 keys */ memcpy (des3key + 16, digest, 8); /* third key = first key */ B_CreateAlgorithmObject (&des_obj); B_SetAlgorithmInfo (des_obj, AI_DES_EDE3_CBC_IV8, iv); B_CreateKeyObject (&key_obj); err = B_SetKeyInfo (key_obj, KI_DES24Strong, des3key); B_DecryptInit (des_obj, key_obj, CHOOSER, NULL); err = B_DecryptUpdate (des_obj, temp2, &i, len, temp, len, random_obj, NULL); B_DecryptFinal (des_obj, temp2 + i, &i, len - i, random_obj, NULL); B_DestroyKeyObject (&key_obj); B_DestroyAlgorithmObject (&des_obj); #endif if (err) { printf ("Error: Problem decrypting key %x\n", err); return (-1); } memset ((void *) digest, 0, 16); /* zero password */ free (temp); /* Rebuild privkey */ byteptr = temp2; i = *byteptr++; i += (*byteptr++ * 256); #ifdef USE_RSAREF (*privkey).bits = i; for (i = 0; i < MAX_RSA_MODULUS_LEN; i++) (*privkey).modulus[i] = *byteptr++; for (i = 0; i < MAX_RSA_MODULUS_LEN; i++) (*privkey).publicExponent[i] = *byteptr++; for (i = 0; i < MAX_RSA_MODULUS_LEN; i++) (*privkey).exponent[i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).prime[0][i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).prime[1][i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).primeExponent[0][i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).primeExponent[1][i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).coefficient[i] = *byteptr++; free (temp2); /* Make Key ID */ R_DigestInit (&digest_context, DA_MD5); R_DigestUpdate (&digest_context, privkey->modulus, MAX_RSA_MODULUS_LEN); R_DigestUpdate (&digest_context, privkey->publicExponent, MAX_RSA_MODULUS_LEN); R_DigestFinal (&digest_context, newID, &i); #else i = (i + 7) / 8; if (i < MAX_RSA_MODULUS_LEN) i = MAX_RSA_MODULUS_LEN; keyinfo.modulus.len = i; keyinfo.publicExponent.len = i; keyinfo.privateExponent.len = i; keyinfo.prime[0].len = (i + 1) / 2; keyinfo.prime[1].len = (i + 1) / 2; keyinfo.primeExponent[0].len = (i + 1) / 2; keyinfo.primeExponent[1].len = (i + 1) / 2; keyinfo.coefficient.len = (i + 1) / 2; keyinfo.modulus.data = malloc (keyinfo.modulus.len); memcpy (keyinfo.modulus.data, byteptr, keyinfo.modulus.len); byteptr += keyinfo.modulus.len; keyinfo.publicExponent.data = malloc (keyinfo.publicExponent.len); memcpy (keyinfo.publicExponent.data, byteptr, keyinfo.publicExponent.len); byteptr += keyinfo.publicExponent.len; keyinfo.privateExponent.data = malloc (keyinfo.privateExponent.len); memcpy (keyinfo.privateExponent.data, byteptr, keyinfo.privateExponent.len); byteptr += keyinfo.privateExponent.len; keyinfo.prime[0].data = malloc (keyinfo.prime[0].len); memcpy (keyinfo.prime[0].data, byteptr, keyinfo.prime[0].len); byteptr += keyinfo.prime[0].len; keyinfo.prime[1].data = malloc (keyinfo.prime[1].len); memcpy (keyinfo.prime[1].data, byteptr, keyinfo.prime[1].len); byteptr += keyinfo.prime[1].len; keyinfo.primeExponent[0].data = malloc (keyinfo.primeExponent[0].len); memcpy (keyinfo.primeExponent[0].data, byteptr, keyinfo.primeExponent[0].len); byteptr += keyinfo.primeExponent[0].len; keyinfo.primeExponent[1].data = malloc (keyinfo.primeExponent[1].len); memcpy (keyinfo.primeExponent[1].data, byteptr, keyinfo.primeExponent[1].len); byteptr += keyinfo.primeExponent[1].len; keyinfo.coefficient.data = malloc (keyinfo.coefficient.len); memcpy (keyinfo.coefficient.data, byteptr, keyinfo.coefficient.len); B_CreateKeyObject (privkey); B_SetKeyInfo (*privkey, KI_PKCS_RSAPrivate, (POINTER) & keyinfo); /* Make Key ID */ B_CreateAlgorithmObject (&digest_obj); B_SetAlgorithmInfo (digest_obj, AI_MD5, NULL); B_DigestInit (digest_obj, NULL, CHOOSER, NULL); B_DigestUpdate (digest_obj, keyinfo.modulus.data, keyinfo.modulus.len, NULL); B_DigestUpdate (digest_obj, keyinfo.publicExponent.data, keyinfo.publicExponent.len, NULL); B_DigestFinal (digest_obj, newID, &i, 16, NULL); B_DestroyAlgorithmObject (&digest_obj); free (keyinfo.modulus.data); free (keyinfo.publicExponent.data); free (keyinfo.privateExponent.data); free (keyinfo.prime[0].data); free (keyinfo.prime[1].data); free (keyinfo.primeExponent[0].data); free (keyinfo.primeExponent[1].data); free (keyinfo.coefficient.data); free (temp2); #endif return 0; }
int generate_key (const char *header) { PUBLIC_KEY pubkey; PRIVATE_KEY privkey; unsigned char line[1024]; int i, err, len; unsigned char iv[8]; byte digest[16], ID[16], tmpbyte; byte des3key[24]; BUFFER *b1, *encrypted_key; FILE *privring, *privlock; #ifdef USE_RSAREF R_DIGEST_CTX digest_context; DES3_CBC_CTX context; R_RSA_PROTO_KEY protokey; #else B_ALGORITHM_OBJ digest_obj; B_ALGORITHM_OBJ des_obj; B_ALGORITHM_OBJ gen_obj; B_KEY_OBJ key_obj; A_RSA_KEY_GEN_PARAMS keypar; A_PKCS_RSA_PRIVATE_KEY *keyinfo; unsigned char pubexpt[] = {1, 0, 1}; #endif #ifdef DEBUG printf ("Generating key:\n%s", header); #endif /* Generate a 1024 bit key with pub exponent = 65537 */ #ifdef USE_RSAREF protokey.bits = MIX_RSA_MOD; protokey.useFermat4 = 1; err = R_GeneratePEMKeys (&pubkey, &privkey, &protokey, &random_obj); #else B_CreateAlgorithmObject (&gen_obj); /* Generate a 1024 bit key with pub exponent = 65537 */ keypar.modulusBits = 1024; keypar.publicExponent.data = pubexpt; keypar.publicExponent.len = sizeof (pubexpt); B_SetAlgorithmInfo (gen_obj, AI_RSAKeyGen, (POINTER) & keypar); B_GenerateInit (gen_obj, CHOOSER, NULL); B_CreateKeyObject (&pubkey); B_CreateKeyObject (&privkey); err = (B_GenerateKeypair (gen_obj, pubkey, privkey, random_obj, NULL)); #endif if (err != 0) { fprintf (errlog, "Key generation error.\n"); return (-1); } #ifdef DEBUG printf ("Done.\n"); #endif /* put private key in a buffer */ b1 = new_buffer (); #ifdef USE_RSAREF /* Convert privkey.bits to two bytes */ i = privkey.bits; #else B_GetKeyInfo ((POINTER *) & keyinfo, privkey, KI_PKCS_RSAPrivate); i = keyinfo->modulus.len * 8; #endif tmpbyte = i & 0xFF; add_to_buffer (b1, &tmpbyte, 1); /* low byte of bits */ tmpbyte = (i / 256) & 0xFF; add_to_buffer (b1, &tmpbyte, 1); /* high byte of bits */ #ifdef USE_RSAREF add_to_buffer (b1, privkey.modulus, MAX_RSA_MODULUS_LEN); add_to_buffer (b1, privkey.publicExponent, MAX_RSA_MODULUS_LEN); /* Make Key ID */ R_DigestInit (&digest_context, DA_MD5); R_DigestUpdate (&digest_context, pubkey.modulus, MAX_RSA_MODULUS_LEN); R_DigestUpdate (&digest_context, pubkey.exponent, MAX_RSA_MODULUS_LEN); R_DigestFinal (&digest_context, ID, &i); add_to_buffer (b1, privkey.exponent, MAX_RSA_MODULUS_LEN); add_to_buffer (b1, privkey.prime[0], MAX_RSA_PRIME_LEN); add_to_buffer (b1, privkey.prime[1], MAX_RSA_PRIME_LEN); add_to_buffer (b1, privkey.primeExponent[0], MAX_RSA_PRIME_LEN); add_to_buffer (b1, privkey.primeExponent[1], MAX_RSA_PRIME_LEN); add_to_buffer (b1, privkey.coefficient, MAX_RSA_PRIME_LEN); #else i = (i + 7) / 8; /* Make Key ID */ B_CreateAlgorithmObject (&digest_obj); B_SetAlgorithmInfo (digest_obj, AI_MD5, NULL); B_DigestInit (digest_obj, NULL, CHOOSER, NULL); add_to_buffer (b1, keyinfo->modulus.data, i); if (keyinfo->publicExponent.len < i) add_to_buffer (b1, NULL, i - keyinfo->publicExponent.len); add_to_buffer (b1, keyinfo->publicExponent.data, keyinfo->publicExponent.len); B_DigestUpdate (digest_obj, b1->message + 2, 2 * i, NULL); B_DigestFinal (digest_obj, ID, &i, 16, NULL); B_DestroyAlgorithmObject (&digest_obj); if (keyinfo->privateExponent.len < i) add_to_buffer (b1, NULL, i - keyinfo->privateExponent.len); add_to_buffer (b1, keyinfo->privateExponent.data, keyinfo->privateExponent.len); i = (i + 1) / 2; if (keyinfo->prime[0].len < i) add_to_buffer (b1, NULL, i - keyinfo->prime[0].len); add_to_buffer (b1, keyinfo->prime[0].data, keyinfo->prime[0].len); if (keyinfo->prime[1].len < i) add_to_buffer (b1, NULL, i - keyinfo->prime[1].len); add_to_buffer (b1, keyinfo->prime[1].data, keyinfo->prime[1].len); if (keyinfo->primeExponent[0].len < i) add_to_buffer (b1, NULL, i - keyinfo->primeExponent[0].len); add_to_buffer (b1, keyinfo->primeExponent[0].data, keyinfo->primeExponent[0].len); if (keyinfo->primeExponent[1].len < i) add_to_buffer (b1, NULL, i - keyinfo->primeExponent[1].len); add_to_buffer (b1, keyinfo->primeExponent[1].data, keyinfo->primeExponent[1].len); if (keyinfo->coefficient.len < i) add_to_buffer (b1, NULL, i - keyinfo->coefficient.len); add_to_buffer (b1, keyinfo->coefficient.data, keyinfo->coefficient.len); #endif /* Encrypt the secret key */ encrypted_key = new_buffer (); len = b1->length; if (len % 8 != 0) /* ensure length is mult of 8 */ len += 8 - len % 8; add_to_buffer (encrypted_key, malloc (len), len); our_randombytes (iv, 8); #ifdef USE_RSAREF R_DigestInit (&digest_context, DA_MD5); R_DigestUpdate (&digest_context, PASSPHRASE, strlen (PASSPHRASE)); R_DigestFinal (&digest_context, digest, &i); memcpy (des3key, digest, 16); /* set first 2 keys */ memcpy (des3key + 16, digest, 8); /* third key = first key */ DES3_CBCInit (&context, des3key, iv, 1); if (DES3_CBCUpdate (&context, encrypted_key->message, b1->message, encrypted_key->length)) { printf ("Error: Problem encrypting key\n"); return (-1); } #else B_CreateAlgorithmObject (&digest_obj); B_SetAlgorithmInfo (digest_obj, AI_MD5, NULL); B_DigestInit (digest_obj, NULL, CHOOSER, NULL); B_DigestUpdate (digest_obj, PASSPHRASE, strlen (PASSPHRASE), NULL); B_DigestFinal (digest_obj, digest, &i, 16, NULL); B_DestroyAlgorithmObject (&digest_obj); memcpy (des3key, digest, 16); /* set first 2 keys */ memcpy (des3key + 16, digest, 8); /* third key = first key */ B_CreateAlgorithmObject (&des_obj); B_SetAlgorithmInfo (des_obj, AI_DES_EDE3_CBC_IV8, iv); B_CreateKeyObject (&key_obj); B_SetKeyInfo (key_obj, KI_DES24Strong, des3key); B_EncryptInit (des_obj, key_obj, CHOOSER, NULL); B_EncryptUpdate (des_obj, encrypted_key->message, &len, encrypted_key->length, b1->message, b1->length, random_obj, NULL); B_EncryptFinal (des_obj, encrypted_key->message + len, &len, encrypted_key->length - len, random_obj, NULL); /* err? XXX */ #endif memset ((void *) digest, 0, 16); /* zero password */ mix_lock ("secring", &privlock); if ((privring = open_mix_file (SECRING, "a+")) == NULL) { mix_unlock ("secring", privlock); return (-1); } fprintf (privring, "%s\n", begin_key); if (strlen (header) > 0) { fprintf (privring, KEY_VERSION "%s\n", VERSION); fprintf (privring, "%s", header); } print_ID (privring, ID); fprintf (privring, "%d\n", len); encode_block (line, &i, iv, 8); fwrite (line, 1, i, privring); fprintf (privring, "\n"); /* Armor privkey */ armor (encrypted_key); write_buffer (encrypted_key, privring); free_buffer (encrypted_key); fprintf (privring, "%s\n", end_key); fclose (privring); mix_unlock ("secring", privlock); return 0; }
int read_pub_key (FILE * pubring, PUBLIC_KEY * pubkey, unsigned char *newID) { unsigned char line[1024]; int i, len, length; unsigned char *temp; byte *byteptr; BUFFER *buff; #ifdef USE_RSAREF R_DIGEST_CTX digest_context; #else B_ALGORITHM_OBJ digest_obj; A_RSA_KEY keyinfo; #endif buff = new_buffer (); /* read in the length */ if ((temp = getline (line, sizeof (line), pubring)) == NULL) return -1; sscanf (line, "%d", &length); if ((temp = getline (line, sizeof (line), pubring)) == NULL) return -1; while (temp != NULL && !streq (line, end_key)) { add_to_buffer (buff, line, strlen (line)); temp = getline (line, sizeof (line), pubring); } temp = malloc (buff->length); /* Longer than we need */ if (decode_block (temp, &len, buff->message, buff->length) != 0) { fprintf (errlog, "Error: Malformatted key!\n"); return (-2); } free_buffer (buff); if (len < length) { fprintf (errlog, "Error: recovered key is too small!\n"); return (-2); } byteptr = temp; i = *byteptr++; i += (*byteptr++ * 256); #ifdef USE_RSAREF if ((i + 7) / 8 > MAX_RSA_MODULUS_LEN) { fprintf (errlog, "Keysize not supported by RSAREF.\n"); return (-1); } (*pubkey).bits = i; for (i = 0; i < MAX_RSA_MODULUS_LEN; i++) (*pubkey).modulus[i] = *byteptr++; for (i = 0; i < MAX_RSA_MODULUS_LEN; i++) (*pubkey).exponent[i] = *byteptr++; #else keyinfo.modulus.len = (i + 7) / 8; if (keyinfo.modulus.len < MAX_RSA_MODULUS_LEN) keyinfo.modulus.len = MAX_RSA_MODULUS_LEN; keyinfo.exponent.len = keyinfo.modulus.len; keyinfo.modulus.data = malloc (keyinfo.modulus.len); memcpy (keyinfo.modulus.data, byteptr, keyinfo.modulus.len); byteptr += keyinfo.modulus.len; keyinfo.exponent.data = malloc (keyinfo.exponent.len); memcpy (keyinfo.exponent.data, byteptr, keyinfo.exponent.len); B_CreateKeyObject (pubkey); B_SetKeyInfo (*pubkey, KI_RSAPublic, (POINTER) & keyinfo); #endif free (temp); /* Make Key ID */ #ifdef USE_RSAREF R_DigestInit (&digest_context, DA_MD5); R_DigestUpdate (&digest_context, (*pubkey).modulus, MAX_RSA_MODULUS_LEN); R_DigestUpdate (&digest_context, (*pubkey).exponent, MAX_RSA_MODULUS_LEN); R_DigestFinal (&digest_context, newID, &i); #else B_CreateAlgorithmObject (&digest_obj); B_SetAlgorithmInfo (digest_obj, AI_MD5, NULL); B_DigestInit (digest_obj, NULL, CHOOSER, NULL); B_DigestUpdate (digest_obj, keyinfo.modulus.data, keyinfo.modulus.len, NULL); B_DigestUpdate (digest_obj, keyinfo.exponent.data, keyinfo.exponent.len, NULL); B_DigestFinal (digest_obj, newID, &i, 16, NULL); B_DestroyAlgorithmObject (&digest_obj); free (keyinfo.modulus.data); free (keyinfo.exponent.data); #endif return 0; }
/* this actually makes the message block and sends it */ int build_message (FILE * in_ptr, byte numdest, char **destination, int *chain, byte numsub, char **subject, char *outfile, int outfileflag, REMAILER * remailer_list, int num_remailers, int client) { int hop, i, j, k, numpackets, packet, copy; long int chunk, tmpchunk; byte iv[8]; byte ivarray[NUM_IV][8], innerkey[24], digest[16]; BUFFER *sendbuff, *bodybuff, *headbuff[21], *message, *tempbuff; long offset; char line[1024]; byte *key[5], packetID[16], commonpacketID[16], messageID[16]; byte tmpbyte; byte packet_type; #ifdef USE_RSAREF PUBLIC_KEY pubKey, *keyPtr[5]; unsigned int numPubKeys, keylen; R_ENVELOPE_CTX rsa_context; #else PUBLIC_KEY pubKey; unsigned int keylen; B_ALGORITHM_OBJ rsa_context; B_ALGORITHM_OBJ des_context; B_KEY_OBJ des_key; #endif unsigned long timestamp; message = new_buffer (); /* prepend destinations to body */ add_to_buffer (message, &numdest, 1); for (i = 0; i < numdest; i++) add_to_buffer (message, destination[i], DESTSIZE); /* add message header lines to body */ add_to_buffer (message, &numsub, 1); for (i = 0; i < numsub; i++) add_to_buffer (message, subject[i], SUBSIZE); offset = message->length; /* add the file to body */ if (in_ptr) { while ((i = fread (line, 1, sizeof (line), in_ptr)) > 0) { if (i < 0) return (-1); /* file error */ add_to_buffer (message, line, i); } fclose (in_ptr); } /* message is complete. */ add_to_random (message->message, message->length); /* Choose the final hop now. */ if (chain[chain[0]] == 0) if (rnd_select (chain[0], chain, remailer_list, num_remailers) < 0) return (-1); #ifdef USE_ZLIB /* should we compress this message? */ if (message->length > PACKETSIZE && check_abilities (remailer_list[chain[chain[0]]].abilities, "C", "")) { tempbuff = new_buffer (); if (compress_buf2buf (message, tempbuff, offset)) { free_buffer (message); message = tempbuff; } else free_buffer (tempbuff); } /* in case it already is compressed, but should not be */ if (!check_abilities (remailer_list[chain[chain[0]]].abilities, "C", "")) { tempbuff = new_buffer (); if (uncompress_buf2buf (message, tempbuff, offset)) { free_buffer (message); message = tempbuff; } else free_buffer (tempbuff); } #endif numpackets = message->length / PACKETSIZE; if (message->length % PACKETSIZE != 0) numpackets++; bodybuff = new_buffer (); sendbuff = new_buffer (); for (i = 1; i <= HOPMAX; i++) headbuff[i] = new_buffer (); our_randombytes (messageID, 16); /* Loop to make one packet at a time */ for (packet = 1; packet <= numpackets; packet++) { /* put the packet in bodybuff, and put the rest back in message */ chunk = message->length; if (chunk > PACKETSIZE) chunk = PACKETSIZE; clear_buffer (bodybuff); tmpchunk = chunk; tmpbyte = tmpchunk & 0xFF; add_to_buffer (bodybuff, &tmpbyte, 1); /* prepend length of data low byte */ tmpchunk = tmpchunk / 256; tmpbyte = tmpchunk & 0xFF; add_to_buffer (bodybuff, &tmpbyte, 1); /* prepend length of data 2nd byte */ tmpchunk = tmpchunk / 256; tmpbyte = tmpchunk & 0xFF; add_to_buffer (bodybuff, &tmpbyte, 1); /* prepend length of data 3rd byte */ tmpchunk = tmpchunk / 256; tmpbyte = tmpchunk & 0xFF; add_to_buffer (bodybuff, &tmpbyte, 1); /* prepend length of data high byte */ add_to_buffer (bodybuff, message->message, chunk); tempbuff = new_buffer (); add_to_buffer (tempbuff, (message->message) + chunk, message->length - chunk); free_buffer (message); message = tempbuff; if (NUMCOPIES < 1 || NUMCOPIES > 10) { fprintf (errlog, "Error: Invalid number of copies.\n"); return (-1); } for (copy = 1; copy <= NUMCOPIES; copy++) { clear_buffer (sendbuff); add_to_buffer (sendbuff, bodybuff->message, bodybuff->length); pad_buffer (sendbuff, PACKETSIZE + 4); /* Create fake header cards */ for (i = chain[0] + 1; i <= HOPMAX; i++) { reset_buffer (headbuff[i]); pad_buffer (headbuff[i], HEADERSIZE); } if (rnd_selectchain (chain, remailer_list, num_remailers) < 0) return (-1); for (hop = chain[0]; hop >= 1; hop--) { /* Get public key for remailer */ if (get_pub_key (remailer_list[abs (chain[hop])].key_ID, &pubKey) != 0) { fprintf (errlog, "Can't get public key!\n"); return (-1); } key[0] = malloc (MAX_ENCRYPTED_KEY_LEN); #ifdef USE_RSAREF numPubKeys = 1; keyPtr[0] = &pubKey; if (R_SealInit (&rsa_context, key, &keylen, iv, numPubKeys, keyPtr, EA_DES_EDE3_CBC, &random_obj) != 0) { fprintf (errlog, "R_SealInit error %x!!!\n", i); exit (-1); } #else B_CreateAlgorithmObject (&rsa_context); B_CreateAlgorithmObject (&des_context); B_SetAlgorithmInfo (rsa_context, AI_PKCS_RSAPublic, 0); B_SetAlgorithmInfo (des_context, AI_DES_EDE3_CBC_IV8, iv); our_randombytes (line, 24); B_CreateKeyObject (&des_key); B_SetKeyInfo (des_key, KI_DES24Strong, line); B_EncryptInit (rsa_context, pubKey, CHOOSER, NULL); B_EncryptUpdate (rsa_context, key[0], &keylen, MAX_ENCRYPTED_KEY_LEN, line, 24, random_obj, NULL); B_EncryptFinal (rsa_context, key[0] + keylen, &k, MAX_ENCRYPTED_KEY_LEN - keylen, random_obj, NULL); B_DestroyAlgorithmObject (&rsa_context); B_DestroyKeyObject (&pubKey); keylen += k; B_EncryptInit (des_context, des_key, CHOOSER, NULL); /* XXX Error handling! */ #endif /* make packet ID and innerkey */ /* packet ID is unique except for duplicates in the last hop */ if (hop != chain[0]) our_randombytes (packetID, 16); else { if (copy == 1) our_randombytes (commonpacketID, 16); memcpy (packetID, commonpacketID, 16); } our_randombytes (innerkey, 24); /* make the iv array */ for (i = 0; i < NUM_IV; i++) our_randombytes (ivarray[i], 8); /* Now build the current header */ reset_buffer (headbuff[hop]); add_to_buffer (headbuff[hop], packetID, 16); /* also like another IV */ add_to_buffer (headbuff[hop], innerkey, 24); /* Key used to encrypt headers and body */ if (hop == chain[0]) { /* if this is the last hop */ if (numpackets == 1) /* final hop */ packet_type = P_FINAL; else /* partial message */ packet_type = P_PARTIAL; add_to_buffer (headbuff[hop], &packet_type, 1); if (packet_type & P_PARTIAL) { tmpbyte = packet; /* which packet is this */ add_to_buffer (headbuff[hop], &tmpbyte, 1); tmpbyte = numpackets; /* out of how many */ add_to_buffer (headbuff[hop], &tmpbyte, 1); } add_to_buffer (headbuff[hop], messageID, 16); add_to_buffer (headbuff[hop], ivarray[BODY_IV], 8); } else { /* this is not the last hop */ packet_type = 0; /* packet type = intermediate packet */ add_to_buffer (headbuff[hop], &packet_type, 1); /* insert the array of IVs */ for (i = 0; i < NUM_IV; i++) { add_to_buffer (headbuff[hop], ivarray[i], 8); } add_to_buffer (headbuff[hop], remailer_list[abs (chain[hop + 1])].name, 80); } /* Extension to original mixmaster format: Use timestamp to prevent replay of old messages. */ add_to_buffer (headbuff[hop], TSMAGIC, sizeof(TSMAGIC)); /* Fuzzy timestamp: don't leak more information than necessary */ timestamp = time(NULL) / SECONDSPERDAY - random_number(4); tmpbyte = timestamp & 0xFF; add_to_buffer (headbuff[hop], &tmpbyte, 1); tmpbyte = (timestamp / 256) & 0xFF; add_to_buffer (headbuff[hop], &tmpbyte, 1); /* Make and append an MD5 checksum of the packet */ make_digest (headbuff[hop], digest); add_to_buffer (headbuff[hop], digest, 16); /* Now pad pre-encrypted header to standard size */ pad_buffer (headbuff[hop], INNERHEAD); /* Done building headbuff[hop] so now RSA it */ tempbuff = new_buffer (); assert (headbuff[hop]->length <= INNERHEAD); #ifdef USE_RSAREF R_SealUpdate (&rsa_context, line, &k, headbuff[hop]->message, headbuff[hop]->length); #else B_EncryptUpdate (des_context, line, &k, sizeof (line), headbuff[hop]->message, headbuff[hop]->length, random_obj, NULL); #endif add_to_buffer (tempbuff, line, k); #ifdef USE_RSAREF R_SealFinal (&rsa_context, line, &k); #else B_EncryptFinal (des_context, line, &k, INNERHEAD - k, random_obj, NULL); B_DestroyAlgorithmObject (&des_context); B_DestroyKeyObject (&des_key); #endif add_to_buffer (tempbuff, line, k); clear_buffer (headbuff[hop]); /* Prepend RSA key ID */ add_to_buffer (headbuff[hop], remailer_list[abs (chain[hop])].key_ID, 16); /* prepend keys and IV to header */ tmpbyte = keylen; add_to_buffer (headbuff[hop], &tmpbyte, 1); add_to_buffer (headbuff[hop], key[0], tmpbyte); add_to_buffer (headbuff[hop], iv, 8); /* add encryped header */ add_to_buffer (headbuff[hop], tempbuff->message, tempbuff->length); free_buffer (tempbuff); /* pad out encrypted header to standard size */ pad_buffer (headbuff[hop], HEADERSIZE); /* encrypt body */ crypt_in_buffer (innerkey, ivarray[BODY_IV], sendbuff, 1); /* encrypt all later headers */ /* i is the index for ivarray */ for (i = 0, j = hop + 1; j <= HOPMAX; j++) crypt_in_buffer (innerkey, ivarray[i++], headbuff[j], 1); } /* hop loop for a given packet */ if (VERBOSE) { fprintf (errlog, "Packet chain: "); for (i = 1; i <= chain[0]; i++) fprintf (errlog, "%s;", remailer_list[abs (chain[i])].shortname); fprintf (errlog, "\n"); } if (strlen (outfile) > 0 && (!streq (outfile, "-")) && (numpackets > 1 || NUMCOPIES > 1)) { sprintf (line, "%s.%d", outfile, (packet - 1) * NUMCOPIES + copy); send_new_packet (headbuff, sendbuff, remailer_list[abs (chain[1])].name, line, outfileflag, client); } else { send_new_packet (headbuff, sendbuff, remailer_list[abs (chain[1])].name, outfile, outfileflag, client); } } /* copies of one packet */ } /* end loop processing packets */ free_buffer (bodybuff); free_buffer (sendbuff); free_buffer (message); for (i = 1; i <= HOPMAX; i++) free_buffer (headbuff[i]); return (0); }
/* * Obtain key size in bits. */ void BSafe::BSafeKeyInfoProvider::QueryKeySizeInBits( CSSM_KEY_SIZE &keySize) { if(mKey.blobType() != CSSM_KEYBLOB_RAW) { CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); } /* cook up BSAFE key */ B_KEY_OBJ bKey; A_RSA_KEY *rsaKeyInfo = NULL; A_DSA_PUBLIC_KEY *dsaPubKeyInfo = NULL; A_DSA_PRIVATE_KEY *dsaPrivKeyInfo = NULL; ITEM *sizeItem = NULL; BSafe::check(B_CreateKeyObject(&bKey), true); B_INFO_TYPE infoType; switch(mKey.algorithm()) { case CSSM_ALGID_RSA: switch(mKey.keyClass()) { case CSSM_KEYCLASS_PUBLIC_KEY: if(mKey.blobFormat() != CSSM_KEYBLOB_RAW_FORMAT_PKCS1) { CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); } /* convert from PKCS1 blob to raw key */ BS_setKeyPkcs1(mKey, bKey); infoType = KI_RSAPublic; /* break to common RSA code */ break; case CSSM_KEYCLASS_PRIVATE_KEY: { if(mKey.blobFormat() != CSSM_KEYBLOB_RAW_FORMAT_PKCS8) { CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); } /* convert from PKCS8 blob to raw key */ BSafeItem item(mKey.KeyData); BSafe::check( B_SetKeyInfo(bKey, KI_PKCS_RSAPrivateBER, POINTER(&item)), true); infoType = KI_RSAPrivate; break; } default: CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); } rsaKeyInfo = getKey<A_RSA_KEY>(bKey, infoType); sizeItem = &rsaKeyInfo->modulus; break; case CSSM_ALGID_DSA: /* untested as of 9/11/00 */ if(mKey.blobFormat() != CSSM_KEYBLOB_RAW_FORMAT_FIPS186) { CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_FORMAT); } switch(mKey.keyClass()) { case CSSM_KEYCLASS_PUBLIC_KEY: { BSafeItem item(mKey.KeyData); BSafe::check(B_SetKeyInfo(bKey, DSA_PUB_KEYINFO_TYPE, (POINTER)&item), true); /* get the key bits */ dsaPubKeyInfo = getKey<A_DSA_PUBLIC_KEY>(bKey, KI_DSAPublic); sizeItem = &dsaPubKeyInfo->params.prime; break; } case CSSM_KEYCLASS_PRIVATE_KEY: { BSafeItem item(mKey.KeyData); BSafe::check(B_SetKeyInfo(bKey, DSA_PRIV_KEYINFO_TYPE, (POINTER)&item), true); /* get the key bits */ dsaPrivKeyInfo = getKey<A_DSA_PRIVATE_KEY>(bKey, KI_DSAPrivate); sizeItem = &dsaPrivKeyInfo->params.prime; break; } default: CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS); } break; default: CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR); } uint32 iSize = B_IntegerBits(sizeItem->data, sizeItem->len); keySize.LogicalKeySizeInBits = iSize; keySize.EffectiveKeySizeInBits = iSize; B_DestroyKeyObject(&bKey); }
/* Initialize BSafe privkey structure from a RSAsec. */ static int rprivk_init(B_KEY_OBJ rprivk, RSAsec const *sec, PGPMemoryMgrRef mgr) { BigNum dmodp, dmodq, tmp; A_RSA_CRT_KEY kdata; PGPByte *buf; PGPSize bufsize; int err; /* Calculate d mod p-1 and d mod q-1 */ bnBegin(&dmodp, mgr, TRUE); bnBegin(&dmodq, mgr, TRUE); bnBegin(&tmp, mgr, TRUE); bnCopy(&tmp, &sec->p); bnSubQ(&tmp, 1); bnMod(&dmodp, &sec->d, &tmp); bnCopy(&tmp, &sec->q); bnSubQ(&tmp, 1); bnMod(&dmodq, &sec->d, &tmp); bufsize = bnBytes(&sec->n) + bnBytes(&sec->q) + bnBytes(&sec->p) + bnBytes(&dmodq) + bnBytes(&dmodp) + bnBytes(&sec->u); buf = PGPNewSecureData( mgr, bufsize, 0 ); kdata.modulus.data = buf; kdata.modulus.len = bnBytes(&sec->n); kdata.prime[0].data = kdata.modulus.data + kdata.modulus.len; kdata.prime[0].len = bnBytes(&sec->q); kdata.prime[1].data = kdata.prime[0].data + kdata.prime[0].len; kdata.prime[1].len = bnBytes(&sec->p); kdata.primeExponent[0].data = kdata.prime[1].data + kdata.prime[1].len; kdata.primeExponent[0].len = bnBytes(&dmodq); kdata.primeExponent[1].data = kdata.primeExponent[0].data + kdata.primeExponent[0].len; kdata.primeExponent[1].len = bnBytes(&dmodp); kdata.coefficient.data = kdata.primeExponent[1].data + kdata.primeExponent[1].len; kdata.coefficient.len = bnBytes(&sec->u); bnExtractBigBytes (&sec->n, kdata.modulus.data, 0, kdata.modulus.len); bnExtractBigBytes (&sec->q, kdata.prime[0].data, 0, kdata.prime[0].len); bnExtractBigBytes (&sec->p, kdata.prime[1].data, 0, kdata.prime[1].len); bnExtractBigBytes (&dmodq, kdata.primeExponent[0].data, 0, kdata.primeExponent[0].len); bnExtractBigBytes (&dmodp, kdata.primeExponent[1].data, 0, kdata.primeExponent[1].len); bnExtractBigBytes (&sec->u, kdata.coefficient.data, 0, kdata.coefficient.len); err = B_SetKeyInfo (rprivk, KI_RSA_CRT, (POINTER)&kdata); pgpAssert (err == 0); pgpClearMemory (buf, bufsize); PGPFreeData (buf); bnEnd(&dmodp); bnEnd(&dmodq); bnEnd(&tmp); return err; }