static int process_secret_key(PullFilter *pkt, PGP_PubKey **pk_p, const uint8 *key, int key_len) { int res; int hide_type; int cipher_algo; int bs; uint8 iv[512]; PullFilter *pf_decrypt = NULL, *pf_key; PGP_CFB *cfb = NULL; PGP_S2K s2k; PGP_PubKey *pk; /* first read public key part */ res = _pgp_read_public_key(pkt, &pk); if (res < 0) return res; /* * is secret key encrypted? */ GETBYTE(pkt, hide_type); if (hide_type == HIDE_SHA1 || hide_type == HIDE_CKSUM) { if (key == NULL) return PXE_PGP_NEED_SECRET_PSW; GETBYTE(pkt, cipher_algo); res = pgp_s2k_read(pkt, &s2k); if (res < 0) return res; res = pgp_s2k_process(&s2k, cipher_algo, key, key_len); if (res < 0) return res; bs = pgp_get_cipher_block_size(cipher_algo); if (bs == 0) { px_debug("unknown cipher algo=%d", cipher_algo); return PXE_PGP_UNSUPPORTED_CIPHER; } res = pullf_read_fixed(pkt, bs, iv); if (res < 0) return res; /* * create decrypt filter */ res = pgp_cfb_create(&cfb, cipher_algo, s2k.key, s2k.key_len, 0, iv); if (res < 0) return res; res = pullf_create(&pf_decrypt, &pgp_decrypt_filter, cfb, pkt); if (res < 0) return res; pf_key = pf_decrypt; } else if (hide_type == HIDE_CLEAR) { pf_key = pkt; } else { px_debug("unknown hide type"); return PXE_PGP_KEYPKT_CORRUPT; } /* read secret key */ switch (pk->algo) { case PGP_PUB_RSA_SIGN: case PGP_PUB_RSA_ENCRYPT: case PGP_PUB_RSA_ENCRYPT_SIGN: res = pgp_mpi_read(pkt, &pk->sec.rsa.d); if (res < 0) break; res = pgp_mpi_read(pkt, &pk->sec.rsa.p); if (res < 0) break; res = pgp_mpi_read(pkt, &pk->sec.rsa.q); if (res < 0) break; res = pgp_mpi_read(pkt, &pk->sec.rsa.u); if (res < 0) break; break; case PGP_PUB_ELG_ENCRYPT: res = pgp_mpi_read(pf_key, &pk->sec.elg.x); break; case PGP_PUB_DSA_SIGN: res = pgp_mpi_read(pf_key, &pk->sec.dsa.x); break; default: px_debug("unknown public algo: %d", pk->algo); res = PXE_PGP_KEYPKT_CORRUPT; } /* read checksum / sha1 */ if (res >= 0) { if (hide_type == HIDE_SHA1) res = check_key_sha1(pf_key, pk); else res = check_key_cksum(pf_key, pk); } if (res >= 0) res = pgp_expect_packet_end(pf_key); if (pf_decrypt) pullf_free(pf_decrypt); if (cfb) pgp_cfb_free(cfb); if (res < 0) pgp_key_free(pk); else *pk_p = pk; return res; }
int pgp_parse_pubenc_sesskey(PGP_Context *ctx, PullFilter *pkt) { int ver; int algo; int res; uint8 key_id[8]; PGP_PubKey *pk; uint8 *msg; int msglen; PGP_MPI *m; pk = ctx->pub_key; if (pk == NULL) { px_debug("no pubkey?"); return PXE_BUG; } GETBYTE(pkt, ver); if (ver != 3) { px_debug("unknown pubenc_sesskey pkt ver=%d", ver); return PXE_PGP_CORRUPT_DATA; } /* * check if keyid's match - user-friendly msg */ res = pullf_read_fixed(pkt, 8, key_id); if (res < 0) return res; if (memcmp(key_id, any_key, 8) != 0 && memcmp(key_id, pk->key_id, 8) != 0) { px_debug("key_id's does not match"); return PXE_PGP_WRONG_KEY; } /* * Decrypt */ GETBYTE(pkt, algo); switch (algo) { case PGP_PUB_ELG_ENCRYPT: res = decrypt_elgamal(pk, pkt, &m); break; case PGP_PUB_RSA_ENCRYPT: case PGP_PUB_RSA_ENCRYPT_SIGN: res = decrypt_rsa(pk, pkt, &m); break; default: res = PXE_PGP_UNKNOWN_PUBALGO; } if (res < 0) return res; /* * extract message */ msg = check_eme_pkcs1_v15(m->data, m->bytes); if (msg == NULL) { px_debug("check_eme_pkcs1_v15 failed"); res = PXE_PGP_WRONG_KEY; goto out; } msglen = m->bytes - (msg - m->data); res = control_cksum(msg, msglen); if (res < 0) goto out; /* * got sesskey */ ctx->cipher_algo = *msg; ctx->sess_key_len = msglen - 3; memcpy(ctx->sess_key, msg + 1, ctx->sess_key_len); out: pgp_mpi_free(m); if (res < 0) return res; return pgp_expect_packet_end(pkt); }