static int
test_add (void)
{
gcry_mpi_t one;
gcry_mpi_t two;
gcry_mpi_t ff;
gcry_mpi_t result;
unsigned char* pc;
gcry_mpi_scan(&one, GCRYMPI_FMT_USG, ones, sizeof(ones), NULL);
gcry_mpi_scan(&two, GCRYMPI_FMT_USG, twos, sizeof(twos), NULL);
gcry_mpi_scan(&ff, GCRYMPI_FMT_USG, manyff, sizeof(manyff), NULL);
result = gcry_mpi_new(0);
gcry_mpi_add(result, one, two);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
if (verbose)
printf("Result of one plus two:\n%s\n", pc);
gcry_free(pc);
gcry_mpi_add(result, ff, one);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
if (verbose)
printf("Result of ff plus one:\n%s\n", pc);
gcry_free(pc);
gcry_mpi_release(one);
gcry_mpi_release(two);
gcry_mpi_release(ff);
gcry_mpi_release(result);
return 1;
}
const char* spakeNext(unsigned char* mIn, unsigned char* passHash){
size_t scanned;
unsigned char *skString;
unsigned char *mString;
gcry_mpi_t a = gcry_mpi_new(0);
gcry_mpi_t sk = gcry_mpi_new(0);
gcry_mpi_t m = gcry_mpi_new(0);
gcry_mpi_t X = gcry_mpi_new(0);
gcry_mpi_scan(&m, GCRYMPI_FMT_HEX, mIn, 0, &scanned);
gcry_mpi_scan(&a, GCRYMPI_FMT_HEX, passHash, 0, &scanned);
spake_next_client(&sk, &X, m, a);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, &skString, NULL, sk);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, &mString, NULL, X);
return concat(concat(skString, ","), mString);
}
char* decrypt(char *private_key, char *ciphertext){
gcry_error_t error;
gcry_sexp_t data = sexp_new(ciphertext);
gcry_sexp_t private_sexp = sexp_new(private_key);
gcry_sexp_t r_plain;
struct timeval timer;
timer_start(&timer);
if ((error = gcry_pk_decrypt(&r_plain, data, private_sexp))) {
printf("Error in gcry_pk_decrypt(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
timer_poll("\nSoftware decrypt: %d.%06d seconds\n", &timer);
gcry_mpi_t r_mpi = gcry_sexp_nth_mpi(r_plain, 0, GCRYMPI_FMT_USG);
unsigned char *plaintext;
size_t plaintext_size;
if ((error = gcry_mpi_aprint(GCRYMPI_FMT_HEX, &plaintext, &plaintext_size, r_mpi))) {
printf("Error in gcry_mpi_aprint(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
// Return type hack
return (char *) plaintext;
}
/* Print an MPI on a line. */
static void
print_mpi_line (const char *label, gcry_mpi_t a)
{
unsigned char *buf, *p;
gcry_error_t err;
int writerr = 0;
if (with_labels && label)
printf ("%s = ", label);
err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, a);
if (err)
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
p = buf;
if (!keep_lz && p[0] == '0' && p[1] == '0' && p[2])
p += 2;
printf ("%s\n", p);
if (ferror (stdout))
writerr++;
if (!writerr && fflush (stdout) == EOF)
writerr++;
if (writerr)
die ("writing output failed: %s\n", strerror (errno));
gcry_free (buf);
}
const char* genGcryptRand(unsigned char* x){
size_t scanned;
unsigned char *result;
gcry_mpi_t a = gcry_mpi_new(0);
gcry_mpi_t r = gcry_mpi_new(0);
gcry_mpi_scan(&a, GCRYMPI_FMT_HEX, x, 0, &scanned);
gen_rand(r, a);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, &result, NULL, r);
return result;
}
unsigned char* inv(unsigned char* x, unsigned char* y){
size_t scanned;
unsigned char *result;
gcry_mpi_t a = gcry_mpi_new(0);
gcry_mpi_t b = gcry_mpi_new(0);
gcry_mpi_scan(&a, GCRYMPI_FMT_HEX, x, 0, &scanned);
gcry_mpi_scan(&b, GCRYMPI_FMT_HEX, y, 0, &scanned);
gcry_mpi_invm(a, a, b);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, &result, NULL, a);
return result;
}
int32_t nuts_mpi_dump(const nuts_mpi_t mpi, uint8_t **buffer) {
if (mpi == NULL || buffer == NULL) {
return -1;
}
size_t nbytes;
if (gcry_mpi_aprint(GCRYMPI_FMT_SSH, buffer, &nbytes, mpi->mpi) != 0) {
return -1;
}
return nbytes;
}
unsigned char* modPow(unsigned char* x, unsigned char* y, unsigned char* z){
size_t scanned;
unsigned char *result;
gcry_mpi_t a = gcry_mpi_new(0);
gcry_mpi_t b = gcry_mpi_new(0);
gcry_mpi_t c = gcry_mpi_new(0);
gcry_mpi_scan(&a, GCRYMPI_FMT_HEX, x, 0, &scanned);
gcry_mpi_scan(&b, GCRYMPI_FMT_HEX, y, 0, &scanned);
gcry_mpi_scan(&c, GCRYMPI_FMT_HEX, z, 0, &scanned);
gcry_mpi_powm(a, a, b, c);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, &result, NULL, a);
return result;
}
static void
print_mpi (gcry_mpi_t a)
{
gpg_error_t err;
char *buf;
void *bufaddr = &buf;
err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, bufaddr, NULL, a);
if (err)
fprintf (stderr, "[error printing number: %s]\n", gpg_strerror (err));
else
{
fputs (buf, stdout);
gcry_free (buf);
}
}
static void
print_mpi_2 (const char *text, const char *text2, gcry_mpi_t a)
{
gcry_error_t err;
char *buf;
void *bufaddr = &buf;
err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, bufaddr, NULL, a);
if (err)
fprintf (stderr, "%s%s: [error printing number: %s]\n",
text, text2? text2:"", gpg_strerror (err));
else
{
fprintf (stderr, "%s%s: %s\n", text, text2? text2:"", buf);
gcry_free (buf);
}
}
static void
show_mpi (const char *prefix, gcry_mpi_t a)
{
char *buf;
void *bufaddr = &buf;
gcry_error_t rc;
fprintf (stderr, "%s: ", PGM);
if (prefix)
fputs (prefix, stderr);
rc = gcry_mpi_aprint (GCRYMPI_FMT_HEX, bufaddr, NULL, a);
if (rc)
fprintf (stderr, "[error printing number: %s]\n", gpg_strerror (rc));
else
{
fprintf (stderr, "%s\n", buf);
gcry_free (buf);
}
}
static gboolean
dsa_subject_public_key_from_private (GNode *key_asn,
const GckAttribute *ap,
const GckAttribute *aq,
const GckAttribute *ag,
const GckAttribute *ax)
{
gcry_mpi_t mp, mq, mg, mx, my;
size_t n_buffer;
gcry_error_t gcry;
unsigned char *buffer;
gcry = gcry_mpi_scan (&mp, GCRYMPI_FMT_USG, ap->value, ap->length, NULL);
g_return_val_if_fail (gcry == 0, FALSE);
gcry = gcry_mpi_scan (&mq, GCRYMPI_FMT_USG, aq->value, aq->length, NULL);
g_return_val_if_fail (gcry == 0, FALSE);
gcry = gcry_mpi_scan (&mg, GCRYMPI_FMT_USG, ag->value, ag->length, NULL);
g_return_val_if_fail (gcry == 0, FALSE);
gcry = gcry_mpi_scan (&mx, GCRYMPI_FMT_USG, ax->value, ax->length, NULL);
g_return_val_if_fail (gcry == 0, FALSE);
/* Calculate the public part from the private */
my = gcry_mpi_snew (gcry_mpi_get_nbits (mx));
g_return_val_if_fail (my, FALSE);
gcry_mpi_powm (my, mg, mx, mp);
gcry = gcry_mpi_aprint (GCRYMPI_FMT_STD, &buffer, &n_buffer, my);
g_return_val_if_fail (gcry == 0, FALSE);
egg_asn1x_take_integer_as_raw (key_asn, g_bytes_new_with_free_func (buffer, n_buffer,
gcry_free, buffer));
gcry_mpi_release (mp);
gcry_mpi_release (mq);
gcry_mpi_release (mg);
gcry_mpi_release (mx);
gcry_mpi_release (my);
return TRUE;
}
static GVariant *
request_open_session_aes (SecretSession *session)
{
gcry_error_t gcry;
gcry_mpi_t base;
unsigned char *buffer;
size_t n_buffer;
GVariant *argument;
g_assert (session->prime == NULL);
g_assert (session->privat == NULL);
g_assert (session->publi == NULL);
egg_libgcrypt_initialize ();
/* Initialize our local parameters and values */
if (!egg_dh_default_params ("ietf-ike-grp-modp-1024",
&session->prime, &base))
g_return_val_if_reached (NULL);
#if 0
g_printerr ("\n lib prime: ");
gcry_mpi_dump (session->prime);
g_printerr ("\n lib base: ");
gcry_mpi_dump (base);
g_printerr ("\n");
#endif
if (!egg_dh_gen_pair (session->prime, base, 0,
&session->publi, &session->privat))
g_return_val_if_reached (NULL);
gcry_mpi_release (base);
gcry = gcry_mpi_aprint (GCRYMPI_FMT_USG, &buffer, &n_buffer, session->publi);
g_return_val_if_fail (gcry == 0, NULL);
argument = g_variant_new_from_data (G_VARIANT_TYPE ("ay"),
buffer, n_buffer, TRUE,
gcry_free, buffer);
return g_variant_new ("(sv)", ALGORITHMS_AES, argument);
}
static char *
gcry_prikey2jwk (gcry_sexp_t * pubkey)
{
assert (NULL != pubkey);
gcry_error_t rc = -1;
gcry_sexp_t sexp_q;
gcry_mpi_t mpi_q;
unsigned char *raw_q;
size_t size_q;
size_t d_b64_len;
char *d_b64 = NULL;
if (NULL == (sexp_q = gcry_sexp_find_token(*pubkey, "d", 0)))
goto OUT;
if (NULL == (mpi_q = gcry_sexp_nth_mpi (sexp_q, 1, GCRYMPI_FMT_USG)))
goto FREE_Q;
rc = gcry_mpi_aprint(GCRYMPI_FMT_USG, &raw_q, &size_q, mpi_q);
if (rc)
goto FREE_MPI_Q;
if (0 == (d_b64_len = base64url_encode_alloc (raw_q, size_q, &d_b64)))
goto FREE_MPI_Q;
gcry_free (raw_q);
FREE_MPI_Q:
gcry_mpi_release (mpi_q);
FREE_Q:
gcry_sexp_release (sexp_q);
OUT:
return d_b64;
}
static int
test_sub (void)
{
gcry_mpi_t one;
gcry_mpi_t two;
gcry_mpi_t result;
unsigned char* pc;
gcry_mpi_scan(&one, GCRYMPI_FMT_USG, ones, sizeof(ones), NULL);
gcry_mpi_scan(&two, GCRYMPI_FMT_USG, twos, sizeof(twos), NULL);
result = gcry_mpi_new(0);
gcry_mpi_sub(result, two, one);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
if (debug)
gcry_log_debug ("Result of two minus one:\n%s\n", pc);
gcry_free(pc);
gcry_mpi_release(one);
gcry_mpi_release(two);
gcry_mpi_release(result);
return 1;
}
static int
test_mul (void)
{
gcry_mpi_t two;
gcry_mpi_t three;
gcry_mpi_t result;
unsigned char* pc;
gcry_mpi_scan(&two, GCRYMPI_FMT_USG, twos, sizeof(twos), NULL);
gcry_mpi_scan(&three, GCRYMPI_FMT_USG, threes, sizeof(threes), NULL);
result = gcry_mpi_new(0);
gcry_mpi_mul(result, two, three);
gcry_mpi_aprint(GCRYMPI_FMT_HEX, &pc, NULL, result);
if (verbose)
printf("Result of two mul three:\n%s\n", pc);
gcry_free(pc);
gcry_mpi_release(two);
gcry_mpi_release(three);
gcry_mpi_release(result);
return 1;
}
gpg_error_t cmd_genkey (assuan_context_t ctx, char *line)
{
gpg_err_code_t error = GPG_ERR_GENERAL;
pkcs11h_certificate_id_t cert_id = NULL;
gcry_mpi_t n_mpi = NULL;
gcry_mpi_t e_mpi = NULL;
unsigned char *n_hex = NULL;
unsigned char *e_hex = NULL;
char *n_resp = strdup ("n ");
char *e_resp = strdup ("e ");
unsigned char *blob = NULL;
char *serial = NULL;
char *key = NULL;
size_t blob_size;
char timestamp[100] = {0};
while (*line != '\x0' && !isdigit (*line)) {
if (*line == '-') {
static const char *ts = "--timestamp=";
char *p = line;
while (*line != '\x0' && !isspace (*line)) {
line++;
}
line++;
if (!strncmp (p, ts, strlen (ts))) {
p += strlen (ts);
sprintf (timestamp, "%d", (int)isotime2epoch (p));
}
}
else {
line++;
}
}
if (*line == '\x0') {
error = GPG_ERR_INV_DATA;
goto cleanup;
}
if (strlen (timestamp) == 0) {
sprintf (timestamp, "%d", (int)time (NULL));
}
if (
(error = _get_certificate_by_name (
ctx,
NULL,
atoi(line),
&cert_id,
&key
)) != GPG_ERR_NO_ERROR
) {
goto cleanup;
}
if (
(error = assuan_write_status (
ctx,
"KEY-FPR",
key
)) != GPG_ERR_NO_ERROR ||
(error = assuan_write_status(
ctx,
"KEY-CREATED-AT",
timestamp
)) != GPG_ERR_NO_ERROR
) {
goto cleanup;
}
if ((error = get_serial_of_tokenid(cert_id->token_id, &serial)) != GPG_ERR_NO_ERROR) {
goto cleanup;
}
if (
(error = assuan_write_status (
ctx,
"SERIALNO",
serial
)) != GPG_ERR_NO_ERROR ||
(error = get_cert_blob (
ctx,
cert_id,
&blob,
&blob_size
)) != GPG_ERR_NO_ERROR ||
(error = keyutil_get_cert_mpi (
blob,
blob_size,
&n_mpi,
&e_mpi
)) != GPG_ERR_NO_ERROR
) {
goto cleanup;
}
if (
gcry_mpi_aprint (
GCRYMPI_FMT_HEX,
&n_hex,
NULL,
n_mpi
) ||
gcry_mpi_aprint (
GCRYMPI_FMT_HEX,
&e_hex,
NULL,
e_mpi
)
) {
error = GPG_ERR_BAD_KEY;
goto cleanup;
}
if (
!encoding_strappend (&n_resp, (char *)n_hex) ||
!encoding_strappend (&e_resp, (char *)e_hex)
) {
error = GPG_ERR_ENOMEM;
goto cleanup;
}
if (
(error = assuan_write_status(
ctx,
"KEY-DATA",
n_resp
)) != GPG_ERR_NO_ERROR
) {
goto cleanup;
}
if (
(error = assuan_write_status(
ctx,
"KEY-DATA",
e_resp
)) != GPG_ERR_NO_ERROR
) {
goto cleanup;
}
error = GPG_ERR_NO_ERROR;
cleanup:
if (n_mpi != NULL) {
gcry_mpi_release (n_mpi);
n_mpi = NULL;
}
if (e_mpi != NULL) {
gcry_mpi_release (e_mpi);
e_mpi = NULL;
}
if (n_hex != NULL) {
gcry_free (n_hex);
n_hex = NULL;
}
if (e_hex != NULL) {
gcry_free (e_hex);
e_hex = NULL;
}
if (n_resp != NULL) {
free (n_resp);
n_resp = NULL;
}
if (e_resp != NULL) {
free (e_resp);
e_resp = NULL;
}
if (blob != NULL) {
free (blob);
blob = NULL;
}
if (cert_id != NULL) {
pkcs11h_certificate_freeCertificateId (cert_id);
cert_id = NULL;
}
if (serial != NULL) {
free(serial);
serial = NULL;
}
return gpg_error (error);
}
GNUNET_NETWORK_STRUCT_END
/**
* Deterministically (!) create a hostkey using only the
* given HashCode as input to the PRNG.
*/
static struct KskRsaPrivateKeyBinaryEncoded *
makeKblockKeyInternal (const struct GNUNET_HashCode * hc)
{
KBlock_secret_key sk;
struct GNUNET_HashCode hx;
unsigned char *pbu[6];
gcry_mpi_t *pkv[6];
size_t sizes[6];
struct KskRsaPrivateKeyBinaryEncoded *retval;
int i;
size_t size;
hx = *hc;
generate_kblock_key (&sk, 1024, /* at least 10x as fast than 2048 bits
* -- we simply cannot afford 2048 bits
* even on modern hardware, and especially
* not since clearly a dictionary attack
* will still be much cheaper
* than breaking a 1024 bit RSA key.
* If an adversary can spend the time to
* break a 1024 bit RSA key just to forge
* a signature -- SO BE IT. [ CG, 6/2005 ] */
&hx);
pkv[0] = &sk.n;
pkv[1] = &sk.e;
pkv[2] = &sk.d;
pkv[3] = &sk.p;
pkv[4] = &sk.q;
pkv[5] = &sk.u;
size = sizeof (struct KskRsaPrivateKeyBinaryEncoded);
for (i = 0; i < 6; i++)
{
gcry_mpi_aprint (GCRYMPI_FMT_STD, &pbu[i], &sizes[i], *pkv[i]);
size += sizes[i];
}
GNUNET_assert (size < 65536);
retval = GNUNET_malloc (size);
retval->len = htons (size);
i = 0;
retval->sizen = htons (sizes[0]);
memcpy (&((char *) &retval[1])[i], pbu[0], sizes[0]);
i += sizes[0];
retval->sizee = htons (sizes[1]);
memcpy (&((char *) &retval[1])[i], pbu[1], sizes[1]);
i += sizes[1];
retval->sized = htons (sizes[2]);
memcpy (&((char *) &retval[1])[i], pbu[2], sizes[2]);
i += sizes[2];
/* swap p and q! */
retval->sizep = htons (sizes[4]);
memcpy (&((char *) &retval[1])[i], pbu[4], sizes[4]);
i += sizes[4];
retval->sizeq = htons (sizes[3]);
memcpy (&((char *) &retval[1])[i], pbu[3], sizes[3]);
i += sizes[3];
retval->sizedmp1 = htons (0);
retval->sizedmq1 = htons (0);
memcpy (&((char *) &retval[1])[i], pbu[5], sizes[5]);
for (i = 0; i < 6; i++)
{
gcry_mpi_release (*pkv[i]);
free (pbu[i]);
}
return retval;
}
static uint8_t*
sig2sigbuf (const gcry_sexp_t *sig, uint8_t **out, size_t *rs_len)
{
assert (NULL != sig);
assert (NULL != out);
gcry_error_t rc = -1;
gcry_sexp_t sexp_r, sexp_s;
gcry_mpi_t mpi_r, mpi_s;
unsigned char *raw_r, *raw_s;
size_t size_r, size_s;
uint8_t *rs;
if (NULL == (sexp_r = gcry_sexp_find_token(*sig, "r", 0)))
goto OUT;
if (NULL == (sexp_s = gcry_sexp_find_token(*sig, "s", 0)))
goto FREE_R;
if (NULL == (mpi_r = gcry_sexp_nth_mpi (sexp_r, 1, GCRYMPI_FMT_USG)))
goto FREE_S;
if (NULL == (mpi_s = gcry_sexp_nth_mpi (sexp_s, 1, GCRYMPI_FMT_USG)))
goto FREE_MPI_R;
rc = gcry_mpi_aprint(GCRYMPI_FMT_USG, &raw_r, &size_r, mpi_r);
if (rc)
goto FREE_MPI_S;
rc = gcry_mpi_aprint(GCRYMPI_FMT_USG, &raw_s, &size_s, mpi_s);
if (rc)
goto FREE_RAW_R;
rs = malloc (size_r+size_s);
memset (rs, 0, size_r+size_s);
memcpy (rs, raw_r, size_r);
memcpy (rs+size_r, raw_s, size_s);
*rs_len = size_r + size_s;
rc = 0;
gcry_free (raw_s);
FREE_RAW_R:
gcry_free (raw_r);
FREE_MPI_S:
gcry_mpi_release (mpi_s);
FREE_MPI_R:
gcry_mpi_release (mpi_r);
FREE_S:
gcry_sexp_release (sexp_s);
FREE_R:
gcry_sexp_release (sexp_r);
OUT:
if (rc == 0)
return rs;
else
return NULL;
}
unsigned char *crypto_decrypt_signature(crypto_ctx *ctx,
const unsigned char *sig_data,
size_t sig_len,
size_t *out_len,
unsigned int padding,
crypto_error **error)
{
unsigned char *buf = NULL, *rec_hash = NULL;
gnutls_datum_t n = { NULL, 0 }, e = { NULL, 0 };
int err, algo;
gcry_sexp_t key = NULL, sig = NULL, decrypted = NULL, child = NULL;
gcry_mpi_t n_mpi = NULL, e_mpi = NULL, sig_mpi = NULL, dec_mpi = NULL;
size_t buf_len = 0, hash_len = 0;
if (!ctx) {
crypto_error_set(error, 1, 0, "invalid crypto context");
return NULL;
}
if (!ctx->num) {
crypto_error_set(error, 1, 0, "no certificates in the stack");
return NULL;
}
algo = gnutls_x509_crt_get_pk_algorithm(ctx->stack[ctx->num - 1], NULL);
if (algo != GNUTLS_PK_RSA) {
crypto_error_set(error, 1, 0, "certificate public key algorithm not RSA");
return NULL;
}
err = gnutls_x509_crt_get_pk_rsa_raw(ctx->stack[ctx->num - 1], &n, &e);
if (err != GNUTLS_E_SUCCESS) {
crypto_error_set(error, 1, 0, "error getting certificate public key");
return NULL;
}
err = gcry_mpi_scan(&n_mpi, GCRYMPI_FMT_USG, n.data, n.size, NULL);
if (err) {
crypto_error_set(error, 1, 0, "invalid RSA key 'n' format");
goto out;
}
err = gcry_mpi_scan(&e_mpi, GCRYMPI_FMT_USG, e.data, e.size, NULL);
if (err) {
crypto_error_set(error, 1, 0, "invalid RSA key 'e' format");
goto out;
}
err = gcry_sexp_build(&key, NULL, "(public-key (rsa (n %m) (e %m)))", n_mpi, e_mpi);
if (err) {
crypto_error_set(error, 1, 0, "could not create public-key expression");
goto out;
}
err = gcry_mpi_scan(&sig_mpi, GCRYMPI_FMT_USG, sig_data, sig_len, NULL);
if (err) {
crypto_error_set(error, 1, 0, "invalid signature format");
goto out;
}
err = gcry_sexp_build(&sig, NULL, "(data (flags raw) (value %m))", sig_mpi);
if (err) {
crypto_error_set(error, 1, 0, "could not create signature expression");
goto out;
}
/* encrypt is equivalent to public key decryption for RSA keys */
err = gcry_pk_encrypt(&decrypted, sig, key);
if (err) {
crypto_error_set(error, 1, 0, "could not decrypt signature");
goto out;
}
child = gcry_sexp_find_token(decrypted, "a", 1);
if (!child) {
crypto_error_set(error, 1, 0, "could not get decrypted signature result");
goto out;
}
dec_mpi = gcry_sexp_nth_mpi(child, 1, GCRYMPI_FMT_USG);
gcry_sexp_release(child);
if (!dec_mpi) {
crypto_error_set(error, 1, 0, "could not get decrypted signature result");
goto out;
}
gcry_mpi_aprint(GCRYMPI_FMT_USG, &buf, &buf_len, dec_mpi);
if (!buf) {
crypto_error_set(error, 1, 0, "could not get extract decrypted signature");
goto out;
}
switch (padding) {
case CRYPTO_PAD_NONE:
rec_hash = buf;
hash_len = buf_len;
buf = NULL;
*out_len = (int) hash_len;
break;
case CRYPTO_PAD_PKCS1:
rec_hash = check_pkcs1_padding(buf, buf_len, &hash_len, error);
if (!rec_hash) {
crypto_error_set(error, 1, 0, "could not get extract decrypted padded signature");
goto out;
}
*out_len = (int) hash_len;
break;
default:
crypto_error_set(error, 1, 0, "unknown padding mechanism %d", padding);
break;
}
out:
if (buf)
free(buf);
if (dec_mpi)
gcry_mpi_release(dec_mpi);
if (decrypted)
gcry_sexp_release(decrypted);
if (key)
gcry_sexp_release(key);
if (sig)
gcry_sexp_release(sig);
if (sig_mpi)
gcry_mpi_release(sig_mpi);
if (n_mpi)
gcry_mpi_release(n_mpi);
if (e_mpi)
gcry_mpi_release(e_mpi);
if (n.data)
gcry_free(n.data);
if (e.data)
gcry_free(e.data);
return rec_hash;
}
/****************
* Protect the secret key with the passphrase from DEK
*/
int
protect_secret_key( PKT_secret_key *sk, DEK *dek )
{
int i,j, rc = 0;
byte *buffer;
size_t nbytes;
u16 csum;
if( !dek )
return 0;
if( !sk->is_protected ) { /* okay, apply the protection */
gcry_cipher_hd_t cipher_hd=NULL;
if ( openpgp_cipher_test_algo ( sk->protect.algo ) ) {
/* Unsupport protection algorithm. */
rc = gpg_error (GPG_ERR_CIPHER_ALGO);
}
else {
print_cipher_algo_note( sk->protect.algo );
if ( openpgp_cipher_open (&cipher_hd, sk->protect.algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| (sk->protect.algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC))) )
BUG();
if ( gcry_cipher_setkey ( cipher_hd, dek->key, dek->keylen ) )
log_info(_("WARNING: Weak key detected"
" - please change passphrase again.\n"));
sk->protect.ivlen = openpgp_cipher_get_algo_blklen (sk->protect.algo);
assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
BUG(); /* yes, we are very careful */
gcry_create_nonce (sk->protect.iv, sk->protect.ivlen);
gcry_cipher_setiv (cipher_hd, sk->protect.iv, sk->protect.ivlen);
if( sk->version >= 4 ) {
byte *bufarr[PUBKEY_MAX_NSKEY];
size_t narr[PUBKEY_MAX_NSKEY];
unsigned int nbits[PUBKEY_MAX_NSKEY];
int ndata=0;
byte *p, *data;
for (j=0, i = pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++, j++ )
{
assert (!gcry_mpi_get_flag (sk->skey[i],
GCRYMPI_FLAG_OPAQUE));
if (gcry_mpi_aprint (GCRYMPI_FMT_USG, bufarr+j,
narr+j, sk->skey[i]))
BUG();
nbits[j] = gcry_mpi_get_nbits (sk->skey[i]);
ndata += narr[j] + 2;
}
for ( ; j < PUBKEY_MAX_NSKEY; j++ )
bufarr[j] = NULL;
ndata += opt.simple_sk_checksum? 2 : 20; /* for checksum */
data = xmalloc_secure( ndata );
p = data;
for(j=0; j < PUBKEY_MAX_NSKEY && bufarr[j]; j++ ) {
p[0] = nbits[j] >> 8 ;
p[1] = nbits[j];
p += 2;
memcpy(p, bufarr[j], narr[j] );
p += narr[j];
xfree(bufarr[j]);
}
if (opt.simple_sk_checksum) {
log_info (_("generating the deprecated 16-bit checksum"
" for secret key protection\n"));
csum = checksum( data, ndata-2);
sk->csum = csum;
*p++ = csum >> 8;
*p++ = csum;
sk->protect.sha1chk = 0;
}
else {
/* Return the Secure Shell type fingerprint for KEY using digest ALGO.
The length of the fingerprint is returned at R_LEN and the
fingerprint itself at R_FPR. In case of a error code is returned
and NULL stored at R_FPR. */
static gpg_error_t
get_fingerprint (gcry_sexp_t key, int algo,
void **r_fpr, size_t *r_len, int as_string)
{
gpg_error_t err;
gcry_sexp_t list = NULL;
gcry_sexp_t l2 = NULL;
const char *s;
char *name = NULL;
int idx;
const char *elems;
gcry_md_hd_t md = NULL;
int blobmode = 0;
*r_fpr = NULL;
*r_len = 0;
/* Check that the first element is valid. */
list = gcry_sexp_find_token (key, "public-key", 0);
if (!list)
list = gcry_sexp_find_token (key, "private-key", 0);
if (!list)
list = gcry_sexp_find_token (key, "protected-private-key", 0);
if (!list)
list = gcry_sexp_find_token (key, "shadowed-private-key", 0);
if (!list)
{
err = gpg_err_make (default_errsource, GPG_ERR_UNKNOWN_SEXP);
goto leave;
}
l2 = gcry_sexp_cadr (list);
gcry_sexp_release (list);
list = l2;
l2 = NULL;
name = gcry_sexp_nth_string (list, 0);
if (!name)
{
err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
goto leave;
}
err = gcry_md_open (&md, algo, 0);
if (err)
goto leave;
switch (gcry_pk_map_name (name))
{
case GCRY_PK_RSA:
elems = "en";
gcry_md_write (md, "\0\0\0\x07ssh-rsa", 11);
break;
case GCRY_PK_DSA:
elems = "pqgy";
gcry_md_write (md, "\0\0\0\x07ssh-dss", 11);
break;
case GCRY_PK_ECC:
if (is_eddsa (list))
{
elems = "q";
blobmode = 1;
/* For now there is just one curve, thus no need to switch
on it. */
gcry_md_write (md, "\0\0\0\x0b" "ssh-ed25519", 15);
}
else
{
/* We only support the 3 standard curves for now. It is
just a quick hack. */
elems = "q";
gcry_md_write (md, "\0\0\0\x13" "ecdsa-sha2-nistp", 20);
l2 = gcry_sexp_find_token (list, "curve", 0);
if (!l2)
elems = "";
else
{
gcry_free (name);
name = gcry_sexp_nth_string (l2, 1);
gcry_sexp_release (l2);
l2 = NULL;
if (!name)
elems = "";
else if (!strcmp (name, "NIST P-256")||!strcmp (name, "nistp256"))
gcry_md_write (md, "256\0\0\0\x08nistp256", 15);
else if (!strcmp (name, "NIST P-384")||!strcmp (name, "nistp384"))
gcry_md_write (md, "384\0\0\0\x08nistp384", 15);
else if (!strcmp (name, "NIST P-521")||!strcmp (name, "nistp521"))
gcry_md_write (md, "521\0\0\0\x08nistp521", 15);
else
elems = "";
}
if (!*elems)
err = gpg_err_make (default_errsource, GPG_ERR_UNKNOWN_CURVE);
}
break;
default:
elems = "";
err = gpg_err_make (default_errsource, GPG_ERR_PUBKEY_ALGO);
break;
}
if (err)
goto leave;
for (idx = 0, s = elems; *s; s++, idx++)
{
l2 = gcry_sexp_find_token (list, s, 1);
if (!l2)
{
err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
goto leave;
}
if (blobmode)
{
const char *blob;
size_t bloblen;
unsigned char lenbuf[4];
blob = gcry_sexp_nth_data (l2, 1, &bloblen);
if (!blob)
{
err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
goto leave;
}
blob++;
bloblen--;
lenbuf[0] = bloblen >> 24;
lenbuf[1] = bloblen >> 16;
lenbuf[2] = bloblen >> 8;
lenbuf[3] = bloblen;
gcry_md_write (md, lenbuf, 4);
gcry_md_write (md, blob, bloblen);
}
else
{
gcry_mpi_t a;
unsigned char *buf;
size_t buflen;
a = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (l2);
l2 = NULL;
if (!a)
{
err = gpg_err_make (default_errsource, GPG_ERR_INV_SEXP);
goto leave;
}
err = gcry_mpi_aprint (GCRYMPI_FMT_SSH, &buf, &buflen, a);
gcry_mpi_release (a);
if (err)
goto leave;
gcry_md_write (md, buf, buflen);
gcry_free (buf);
}
}
/* decrypts the RSA encrypted text read from the XML file,
* and saves the AES key and the other needed info
* uses libgcrypt for decryption
*/
int AESKey::decryptRSA( string s_cipher_text_b64 )
{
RSAKey rsa_key( this->p_demux );
unsigned char *ps_cipher_text = NULL;
unsigned char *ps_plain_text = NULL;
gcry_mpi_t cipher_text_mpi = NULL;
gcry_sexp_t cipher_text_sexp = NULL;
gcry_sexp_t plain_text_sexp = NULL;
gcry_mpi_t plain_text_mpi = NULL;
gcry_sexp_t tmp_sexp = NULL;
gcry_error_t err;
size_t length;
int i_ret = VLC_EGENERIC;
/* get RSA private key file path */
if( rsa_key.setPath() )
goto end;
/* read private key from file */
if( rsa_key.readPEM() )
goto end;
/* remove spaces and newlines from encoded cipher text
* (usually added for indentation in XML files)
* */
try
{
s_cipher_text_b64.erase( remove_if( s_cipher_text_b64.begin(), s_cipher_text_b64.end(), static_cast<int(*)(int)>(isspace) ),
s_cipher_text_b64.end() );
}
catch( ... )
{
msg_Err( this->p_demux, "error while handling string" );
goto end;
}
/* decode cipher from BASE64 to binary */
if( ! ( length = vlc_b64_decode_binary( &ps_cipher_text, s_cipher_text_b64.c_str() ) ) )
{
msg_Err( this->p_demux, "could not decode cipher from Base64" );
goto end;
}
/* initialize libgcrypt */
vlc_gcrypt_init ();
/* create S-expression for ciphertext */
if( ( err = gcry_mpi_scan( &cipher_text_mpi, GCRYMPI_FMT_USG, ps_cipher_text, 256, NULL ) ) )
{
msg_Err( this->p_demux, "could not scan MPI from cipher text: %s", gcry_strerror( err ) );
goto end;
}
if( ( err = gcry_sexp_build( &cipher_text_sexp, NULL, "(enc-val(flags oaep)(rsa(a %m)))", cipher_text_mpi ) ) )
{
msg_Err( this->p_demux, "could not build S-expression for cipher text: %s", gcry_strerror( err ) );
goto end;
}
/* decrypt */
if( ( err = gcry_pk_decrypt( &plain_text_sexp, cipher_text_sexp, rsa_key.priv_key ) ) )
{
msg_Err( this->p_demux, "error while decrypting RSA encrypted info: %s", gcry_strerror( err ) );
goto end;
}
/* extract plain-text from S-expression */
if( ! ( tmp_sexp = gcry_sexp_find_token( plain_text_sexp, "value", 0 ) ) )
/* when using padding flags, the decrypted S-expression is of the form
* "(value <plaintext>)", where <plaintext> is an MPI */
{
msg_Err( this->p_demux, "decrypted text is in an unexpected form; decryption may have failed" );
goto end;
}
/* we could have used the gcry_sexp_nth_data to get the data directly,
* but as that function is newly introduced (libgcrypt v1.6),
* we prefer compatibility, even though that means passing the data through an MPI first */
if( ! ( plain_text_mpi = gcry_sexp_nth_mpi( tmp_sexp, 1, GCRYMPI_FMT_USG ) ) )
{
msg_Err( this->p_demux, "could not extract MPI from decrypted S-expression" );
goto end;
}
if( ( err = gcry_mpi_aprint( GCRYMPI_FMT_USG, &ps_plain_text, &length, plain_text_mpi ) ) )
{
msg_Err( this->p_demux, "error while extracting plain text from MPI: %s", gcry_strerror( err ) );
goto end;
}
/* interpret the plaintext data */
switch( length )
{
case 138: /* SMPTE DCP */
if( this->extractInfo( ps_plain_text, true ) )
goto end;
break;
case 134: /* Interop DCP */
if( this->extractInfo( ps_plain_text, false ) )
goto end;
break;
case -1:
msg_Err( this->p_demux, "could not decrypt" );
goto end;
default:
msg_Err( this->p_demux, "CipherValue field length does not match SMPTE nor Interop standards" );
goto end;
}
i_ret = VLC_SUCCESS;
end:
free( ps_cipher_text );
gcry_mpi_release( cipher_text_mpi );
gcry_sexp_release( cipher_text_sexp );
gcry_sexp_release( plain_text_sexp );
gcry_mpi_release( plain_text_mpi );
gcry_sexp_release( tmp_sexp );
gcry_free( ps_plain_text );
return i_ret;
}
static int
get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
{
int rc;
gcry_mpi_t plain_dek = NULL;
byte *frame = NULL;
unsigned int n;
size_t nframe;
u16 csum, csum2;
int card = 0;
if (sk->is_protected && sk->protect.s2k.mode == 1002)
{ /* Note, that we only support RSA for now. */
#ifdef ENABLE_CARD_SUPPORT
unsigned char *rbuf;
size_t rbuflen;
char *snbuf;
unsigned char *indata = NULL;
size_t indatalen;
snbuf = serialno_and_fpr_from_sk (sk->protect.iv, sk->protect.ivlen, sk);
if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &indata, &indatalen, enc->data[0]))
BUG ();
rc = agent_scd_pkdecrypt (snbuf, indata, indatalen, &rbuf, &rbuflen);
xfree (snbuf);
xfree (indata);
if (rc)
goto leave;
frame = rbuf;
nframe = rbuflen;
card = 1;
#else
rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
goto leave;
#endif /*!ENABLE_CARD_SUPPORT*/
}
else
{
rc = pk_decrypt (sk->pubkey_algo, &plain_dek, enc->data, sk->skey );
if( rc )
goto leave;
if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &frame, &nframe, plain_dek))
BUG();
gcry_mpi_release (plain_dek); plain_dek = NULL;
}
/* Now get the DEK (data encryption key) from the frame
*
* Old versions encode the DEK in in this format (msb is left):
*
* 0 1 DEK(16 bytes) CSUM(2 bytes) 0 RND(n bytes) 2
*
* Later versions encode the DEK like this:
*
* 0 2 RND(n bytes) 0 A DEK(k bytes) CSUM(2 bytes)
*
* (mpi_get_buffer already removed the leading zero).
*
* RND are non-zero randow bytes.
* A is the cipher algorithm
* DEK is the encryption key (session key) with length k
* CSUM
*/
if (DBG_CIPHER)
log_printhex ("DEK frame:", frame, nframe );
n=0;
if (!card)
{
if( n + 7 > nframe )
{ rc = G10ERR_WRONG_SECKEY; goto leave; }
if( frame[n] == 1 && frame[nframe-1] == 2 ) {
log_info(_("old encoding of the DEK is not supported\n"));
rc = G10ERR_CIPHER_ALGO;
goto leave;
}
if( frame[n] != 2 ) /* somethink is wrong */
{ rc = G10ERR_WRONG_SECKEY; goto leave; }
for(n++; n < nframe && frame[n]; n++ ) /* skip the random bytes */
;
n++; /* and the zero byte */
}
if( n + 4 > nframe )
{ rc = G10ERR_WRONG_SECKEY; goto leave; }
dek->keylen = nframe - (n+1) - 2;
dek->algo = frame[n++];
if( dek->algo == CIPHER_ALGO_IDEA )
write_status(STATUS_RSA_OR_IDEA);
rc = openpgp_cipher_test_algo (dek->algo);
if( rc ) {
if( !opt.quiet && gpg_err_code (rc) == GPG_ERR_CIPHER_ALGO ) {
log_info(_("cipher algorithm %d%s is unknown or disabled\n"),
dek->algo, dek->algo == CIPHER_ALGO_IDEA? " (IDEA)":"");
if(dek->algo==CIPHER_ALGO_IDEA)
idea_cipher_warn (0);
}
dek->algo = 0;
goto leave;
}
if ( dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo) ) {
rc = GPG_ERR_WRONG_SECKEY;
goto leave;
}
/* copy the key to DEK and compare the checksum */
csum = frame[nframe-2] << 8;
csum |= frame[nframe-1];
memcpy( dek->key, frame+n, dek->keylen );
for( csum2=0, n=0; n < dek->keylen; n++ )
csum2 += dek->key[n];
if( csum != csum2 ) {
rc = G10ERR_WRONG_SECKEY;
goto leave;
}
if( DBG_CIPHER )
log_printhex ("DEK is:", dek->key, dek->keylen );
/* check that the algo is in the preferences and whether it has expired */
{
PKT_public_key *pk = NULL;
KBNODE pkb = get_pubkeyblock (keyid);
if( !pkb ) {
rc = -1;
log_error("oops: public key not found for preference check\n");
}
else if(pkb->pkt->pkt.public_key->selfsigversion > 3
&& dek->algo != CIPHER_ALGO_3DES
&& !opt.quiet
&& !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo ))
log_info (_("WARNING: cipher algorithm %s not found in recipient"
" preferences\n"), openpgp_cipher_algo_name (dek->algo));
if (!rc) {
KBNODE k;
for (k=pkb; k; k = k->next) {
if (k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY){
u32 aki[2];
keyid_from_pk(k->pkt->pkt.public_key, aki);
if (aki[0]==keyid[0] && aki[1]==keyid[1]) {
pk = k->pkt->pkt.public_key;
break;
}
}
}
if (!pk)
BUG ();
if ( pk->expiredate && pk->expiredate <= make_timestamp() ) {
log_info(_("NOTE: secret key %s expired at %s\n"),
keystr(keyid), asctimestamp( pk->expiredate) );
}
}
if ( pk && pk->is_revoked ) {
log_info( _("NOTE: key has been revoked") );
log_printf ("\n");
show_revocation_reason( pk, 1 );
}
release_kbnode (pkb);
rc = 0;
}
leave:
gcry_mpi_release (plain_dek);
xfree (frame);
return rc;
}
static gpg_error_t
get_it (ctrl_t ctrl,
PKT_pubkey_enc *enc, DEK *dek, PKT_public_key *sk, u32 *keyid)
{
gpg_error_t err;
byte *frame = NULL;
unsigned int n;
size_t nframe;
u16 csum, csum2;
int padding;
gcry_sexp_t s_data;
char *desc;
char *keygrip;
byte fp[MAX_FINGERPRINT_LEN];
size_t fpn;
if (DBG_CLOCK)
log_clock ("decryption start");
/* Get the keygrip. */
err = hexkeygrip_from_pk (sk, &keygrip);
if (err)
goto leave;
/* Convert the data to an S-expression. */
if (sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL
|| sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E)
{
if (!enc->data[0] || !enc->data[1])
err = gpg_error (GPG_ERR_BAD_MPI);
else
err = gcry_sexp_build (&s_data, NULL, "(enc-val(elg(a%m)(b%m)))",
enc->data[0], enc->data[1]);
}
else if (sk->pubkey_algo == PUBKEY_ALGO_RSA
|| sk->pubkey_algo == PUBKEY_ALGO_RSA_E)
{
if (!enc->data[0])
err = gpg_error (GPG_ERR_BAD_MPI);
else
err = gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))",
enc->data[0]);
}
else if (sk->pubkey_algo == PUBKEY_ALGO_ECDH)
{
if (!enc->data[0] || !enc->data[1])
err = gpg_error (GPG_ERR_BAD_MPI);
else
err = gcry_sexp_build (&s_data, NULL, "(enc-val(ecdh(s%m)(e%m)))",
enc->data[1], enc->data[0]);
}
else
err = gpg_error (GPG_ERR_BUG);
if (err)
goto leave;
if (sk->pubkey_algo == PUBKEY_ALGO_ECDH)
{
fingerprint_from_pk (sk, fp, &fpn);
log_assert (fpn == 20);
}
/* Decrypt. */
desc = gpg_format_keydesc (ctrl, sk, FORMAT_KEYDESC_NORMAL, 1);
err = agent_pkdecrypt (NULL, keygrip,
desc, sk->keyid, sk->main_keyid, sk->pubkey_algo,
s_data, &frame, &nframe, &padding);
xfree (desc);
gcry_sexp_release (s_data);
if (err)
goto leave;
/* Now get the DEK (data encryption key) from the frame
*
* Old versions encode the DEK in this format (msb is left):
*
* 0 1 DEK(16 bytes) CSUM(2 bytes) 0 RND(n bytes) 2
*
* Later versions encode the DEK like this:
*
* 0 2 RND(n bytes) 0 A DEK(k bytes) CSUM(2 bytes)
*
* (mpi_get_buffer already removed the leading zero).
*
* RND are non-zero randow bytes.
* A is the cipher algorithm
* DEK is the encryption key (session key) with length k
* CSUM
*/
if (DBG_CRYPTO)
log_printhex (frame, nframe, "DEK frame:");
n = 0;
if (sk->pubkey_algo == PUBKEY_ALGO_ECDH)
{
gcry_mpi_t shared_mpi;
gcry_mpi_t decoded;
/* At the beginning the frame are the bytes of shared point MPI. */
err = gcry_mpi_scan (&shared_mpi, GCRYMPI_FMT_USG, frame, nframe, NULL);
if (err)
{
err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave;
}
err = pk_ecdh_decrypt (&decoded, fp, enc->data[1]/*encr data as an MPI*/,
shared_mpi, sk->pkey);
mpi_release (shared_mpi);
if(err)
goto leave;
xfree (frame);
err = gcry_mpi_aprint (GCRYMPI_FMT_USG, &frame, &nframe, decoded);
mpi_release (decoded);
if (err)
goto leave;
/* Now the frame are the bytes decrypted but padded session key. */
/* Allow double padding for the benefit of DEK size concealment.
Higher than this is wasteful. */
if (!nframe || frame[nframe-1] > 8*2 || nframe <= 8
|| frame[nframe-1] > nframe)
{
err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave;
}
nframe -= frame[nframe-1]; /* Remove padding. */
log_assert (!n); /* (used just below) */
}
else
{
if (padding)
{
if (n + 7 > nframe)
{
err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave;
}
if (frame[n] == 1 && frame[nframe - 1] == 2)
{
log_info (_("old encoding of the DEK is not supported\n"));
err = gpg_error (GPG_ERR_CIPHER_ALGO);
goto leave;
}
if (frame[n] != 2) /* Something went wrong. */
{
err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave;
}
for (n++; n < nframe && frame[n]; n++) /* Skip the random bytes. */
;
n++; /* Skip the zero byte. */
}
}
if (n + 4 > nframe)
{
err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave;
}
dek->keylen = nframe - (n + 1) - 2;
dek->algo = frame[n++];
err = openpgp_cipher_test_algo (dek->algo);
if (err)
{
if (!opt.quiet && gpg_err_code (err) == GPG_ERR_CIPHER_ALGO)
{
log_info (_("cipher algorithm %d%s is unknown or disabled\n"),
dek->algo,
dek->algo == CIPHER_ALGO_IDEA ? " (IDEA)" : "");
}
dek->algo = 0;
goto leave;
}
if (dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo))
{
err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave;
}
/* Copy the key to DEK and compare the checksum. */
csum = buf16_to_u16 (frame+nframe-2);
memcpy (dek->key, frame + n, dek->keylen);
for (csum2 = 0, n = 0; n < dek->keylen; n++)
csum2 += dek->key[n];
if (csum != csum2)
{
err = gpg_error (GPG_ERR_WRONG_SECKEY);
goto leave;
}
if (DBG_CLOCK)
log_clock ("decryption ready");
if (DBG_CRYPTO)
log_printhex (dek->key, dek->keylen, "DEK is:");
/* Check that the algo is in the preferences and whether it has
* expired. Also print a status line with the key's fingerprint. */
{
PKT_public_key *pk = NULL;
PKT_public_key *mainpk = NULL;
KBNODE pkb = get_pubkeyblock (ctrl, keyid);
if (!pkb)
{
err = -1;
log_error ("oops: public key not found for preference check\n");
}
else if (pkb->pkt->pkt.public_key->selfsigversion > 3
&& dek->algo != CIPHER_ALGO_3DES
&& !opt.quiet
&& !is_algo_in_prefs (pkb, PREFTYPE_SYM, dek->algo))
log_info (_("WARNING: cipher algorithm %s not found in recipient"
" preferences\n"), openpgp_cipher_algo_name (dek->algo));
if (!err)
{
kbnode_t k;
int first = 1;
for (k = pkb; k; k = k->next)
{
if (k->pkt->pkttype == PKT_PUBLIC_KEY
|| k->pkt->pkttype == PKT_PUBLIC_SUBKEY)
{
u32 aki[2];
if (first)
{
first = 0;
mainpk = k->pkt->pkt.public_key;
}
keyid_from_pk (k->pkt->pkt.public_key, aki);
if (aki[0] == keyid[0] && aki[1] == keyid[1])
{
pk = k->pkt->pkt.public_key;
break;
}
}
}
if (!pk)
BUG ();
if (pk->expiredate && pk->expiredate <= make_timestamp ())
{
log_info (_("Note: secret key %s expired at %s\n"),
keystr (keyid), asctimestamp (pk->expiredate));
}
}
if (pk && pk->flags.revoked)
{
log_info (_("Note: key has been revoked"));
log_printf ("\n");
show_revocation_reason (ctrl, pk, 1);
}
if (is_status_enabled () && pk && mainpk)
{
char pkhex[MAX_FINGERPRINT_LEN*2+1];
char mainpkhex[MAX_FINGERPRINT_LEN*2+1];
hexfingerprint (pk, pkhex, sizeof pkhex);
hexfingerprint (mainpk, mainpkhex, sizeof mainpkhex);
/* Note that we do not want to create a trustdb just for
* getting the ownertrust: If there is no trustdb there can't
* be ulitmately trusted key anyway and thus the ownertrust
* value is irrelevant. */
write_status_printf (STATUS_DECRYPTION_KEY, "%s %s %c",
pkhex, mainpkhex,
get_ownertrust_info (ctrl, mainpk, 1));
}
release_kbnode (pkb);
err = 0;
}
leave:
xfree (frame);
xfree (keygrip);
return err;
}
