search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
check for either iconv or libiconv.
[gnutls.git] / lib / opencdk / pubkey.c
blob492a0f2ef3066de6020bf9547fa908f6db4b4552
1 /* pubkey.c - Public key API
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
3 *
4 * Author: Timo Schulz
5 *
6 * This file is part of OpenCDK.
7 *
8 * The OpenCDK library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26 #include <gnutls_int.h>
27 #include <gnutls_datum.h>
28 #include <gnutls_pk.h>
29 #include <gnutls_sig.h>
30 #include <x509/common.h>
31 #include "opencdk.h"
32 #include "main.h"
33 #include "packet.h"
34
35 /* This function gets the signature parameters and encodes
36 * them into a way for _gnutls_pk_verify to use.
37 */
38 static cdk_error_t
39 sig_to_datum (gnutls_datum_t * r_sig, cdk_pkt_signature_t sig)
40 {
41 int err;
42 cdk_error_t rc;
43
44 if (!r_sig || !sig)
45 return CDK_Inv_Value;
46
47 rc = 0;
48 if (is_RSA (sig->pubkey_algo))
49 {
50 err = _gnutls_mpi_dprint (sig->mpi[0], r_sig);
51 if (err < 0)
52 rc = map_gnutls_error (err);
53 }
54 else if (is_DSA (sig->pubkey_algo))
55 {
56 err = _gnutls_encode_ber_rs (r_sig, sig->mpi[0], sig->mpi[1]);
57 if (err < 0)
58 rc = map_gnutls_error (err);
59 }
60 else
61 rc = CDK_Inv_Algo;
62 return rc;
63 }
64
65 /**
66 * cdk_pk_verify:
67 * @pk: the public key
68 * @sig: signature
69 * @md: the message digest
70 *
71 * Verify the signature in @sig and compare it with the message digest in @md.
72 **/
73 cdk_error_t
74 cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig, const byte * md)
75 {
76 gnutls_datum_t s_sig = { NULL, 0}, di = {NULL, 0};
77 byte *encmd = NULL;
78 size_t enclen;
79 cdk_error_t rc;
80 int ret, algo;
81 unsigned int i;
82 gnutls_pk_params_st params;
83
84 if (!pk || !sig || !md)
85 {
86 gnutls_assert ();
87 return CDK_Inv_Value;
88 }
89
90 if (is_DSA (pk->pubkey_algo))
91 algo = GNUTLS_PK_DSA;
92 else if (is_RSA (pk->pubkey_algo))
93 algo = GNUTLS_PK_RSA;
94 else
95 {
96 gnutls_assert ();
97 return CDK_Inv_Value;
98 }
99
100 rc = sig_to_datum (&s_sig, sig);
101 if (rc)
102 {
103 gnutls_assert ();
104 goto leave;
105 }
106
107 rc = _gnutls_set_datum (&di, md, _gnutls_hash_get_algo_len (sig->digest_algo));
108 if (rc < 0)
109 {
110 rc = gnutls_assert_val(CDK_Out_Of_Core);
111 goto leave;
112 }
113
114 rc = pk_prepare_hash (algo, sig->digest_algo, &di);
115 if (rc < 0)
116 {
117 rc = gnutls_assert_val(CDK_General_Error);
118 goto leave;
119 }
120
121 params.params_nr = cdk_pk_get_npkey (pk->pubkey_algo);
122 for (i = 0; i < params.params_nr; i++)
123 params.params[i] = pk->mpi[i];
124 params.flags = 0;
125 ret = _gnutls_pk_verify (algo, &di, &s_sig, &params);
126
127 if (ret < 0)
128 {
129 gnutls_assert ();
130 rc = map_gnutls_error (ret);
131 goto leave;
132 }
133
134 rc = 0;
135
136 leave:
137 _gnutls_free_datum (&s_sig);
138 _gnutls_free_datum (&di);
139 cdk_free (encmd);
140 return rc;
141 }
142
143
144 /**
145 * cdk_pk_get_nbits:
146 * @pk: the public key
147 *
148 * Return the length of the public key in bits.
149 * The meaning of length is actually the size of the 'prime'
150 * object in the key. For RSA keys the modulus, for ElG/DSA
151 * the size of the public prime.
152 **/
153 int
154 cdk_pk_get_nbits (cdk_pubkey_t pk)
155 {
156 if (!pk || !pk->mpi[0])
157 return 0;
158 return _gnutls_mpi_get_nbits (pk->mpi[0]);
159 }
160
161
162 /**
163 * cdk_pk_get_npkey:
164 * @algo: The public key algorithm.
165 *
166 * Return the number of multiprecison integer forming an public
167 * key with the given algorithm.
168 */
169 int
170 cdk_pk_get_npkey (int algo)
171 {
172 if (is_RSA (algo))
173 return RSA_PUBLIC_PARAMS;
174 else if (is_DSA (algo))
175 return DSA_PUBLIC_PARAMS;
176 else if (is_ELG (algo))
177 return 3;
178 else
179 {
180 gnutls_assert ();
181 return 0;
182 }
183 }
184
185
186 /**
187 * cdk_pk_get_nskey:
188 * @algo: the public key algorithm
189 *
190 * Return the number of multiprecision integers forming an
191 * secret key with the given algorithm.
192 **/
193 int
194 cdk_pk_get_nskey (int algo)
195 {
196 int ret;
197
198 if (is_RSA (algo))
199 ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */
200 else if (is_DSA (algo))
201 ret = DSA_PRIVATE_PARAMS;
202 else if (is_ELG (algo))
203 ret = 4;
204 else
205 {
206 gnutls_assert ();
207 return 0;
208 }
209
210 ret -= cdk_pk_get_npkey (algo);
211 return ret;
212 }
213
214
215 /**
216 * cdk_pk_get_nbits:
217 * @algo: the public key algorithm
218 *
219 * Return the number of MPIs a signature consists of.
220 **/
221 int
222 cdk_pk_get_nsig (int algo)
223 {
224 if (is_RSA (algo))
225 return 1;
226 else if (is_DSA (algo))
227 return 2;
228 else
229 return 0;
230 }
231
232
233 /**
234 * cdk_pk_get_nenc:
235 * @algo: the public key algorithm
236 *
237 * Return the number of MPI's the encrypted data consists of.
238 **/
239 int
240 cdk_pk_get_nenc (int algo)
241 {
242 if (is_RSA (algo))
243 return 1;
244 else if (is_ELG (algo))
245 return 2;
246 else
247 return 0;
248 }
249
250
251 int
252 _cdk_pk_algo_usage (int algo)
253 {
254 int usage;
255
256 /* The ElGamal sign+encrypt algorithm is not supported any longer. */
257 switch (algo)
258 {
259 case CDK_PK_RSA:
260 usage = CDK_KEY_USG_SIGN | CDK_KEY_USG_ENCR;
261 break;
262 case CDK_PK_RSA_E:
263 usage = CDK_KEY_USG_ENCR;
264 break;
265 case CDK_PK_RSA_S:
266 usage = CDK_KEY_USG_SIGN;
267 break;
268 case CDK_PK_ELG_E:
269 usage = CDK_KEY_USG_ENCR;
270 break;
271 case CDK_PK_DSA:
272 usage = CDK_KEY_USG_SIGN;
273 break;
274 default:
275 usage = 0;
276 }
277 return usage;
278 }
279
280 /* You can use a NULL buf to get the output size only
281 */
282 static cdk_error_t
283 mpi_to_buffer (bigint_t a, byte * buf, size_t buflen,
284 size_t * r_nwritten, size_t * r_nbits)
285 {
286 size_t nbits;
287 int err;
288
289 if (!a || !r_nwritten)
290 {
291 gnutls_assert ();
292 return CDK_Inv_Value;
293 }
294
295 nbits = _gnutls_mpi_get_nbits (a);
296 if (r_nbits)
297 *r_nbits = nbits;
298
299 if (r_nwritten)
300 *r_nwritten = (nbits + 7) / 8 + 2;
301
302 if ((nbits + 7) / 8 + 2 > buflen)
303 return CDK_Too_Short;
304
305 *r_nwritten = buflen;
306 err = _gnutls_mpi_print (a, buf, r_nwritten);
307 if (err < 0)
308 {
309 gnutls_assert ();
310 return map_gnutls_error (err);
311 }
312
313 return 0;
314 }
315
316
317 /**
318 * cdk_pk_get_mpi:
319 * @pk: public key
320 * @idx: index of the MPI to retrieve
321 * @buf: buffer to hold the raw data
322 * @r_nwritten: output how large the raw data is
323 * @r_nbits: size of the MPI in bits.
324 *
325 * Return the MPI with the given index of the public key.
326 **/
327 cdk_error_t
328 cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
329 byte * buf, size_t buflen, size_t * r_nwritten,
330 size_t * r_nbits)
331 {
332 if (!pk || !r_nwritten)
333 return CDK_Inv_Value;
334
335 if ((ssize_t) idx > cdk_pk_get_npkey (pk->pubkey_algo))
336 return CDK_Inv_Value;
337 return mpi_to_buffer (pk->mpi[idx], buf, buflen, r_nwritten, r_nbits);
338 }
339
340
341 /**
342 * cdk_sk_get_mpi:
343 * @sk: secret key
344 * @idx: index of the MPI to retrieve
345 * @buf: buffer to hold the raw data
346 * @r_nwritten: output length of the raw data
347 * @r_nbits: length of the MPI data in bits.
348 *
349 * Return the MPI of the given secret key with the
350 * index @idx. It is important to check if the key
351 * is protected and thus no real MPI data will be returned then.
352 **/
353 cdk_error_t
354 cdk_sk_get_mpi (cdk_pkt_seckey_t sk, size_t idx,
355 byte * buf, size_t buflen, size_t * r_nwritten,
356 size_t * r_nbits)
357 {
358 if (!sk || !r_nwritten)
359 return CDK_Inv_Value;
360
361 if ((ssize_t) idx > cdk_pk_get_nskey (sk->pubkey_algo))
362 return CDK_Inv_Value;
363 return mpi_to_buffer (sk->mpi[idx], buf, buflen, r_nwritten, r_nbits);
364 }
365
366
367 static u16
368 checksum_mpi (bigint_t m)
369 {
370 byte buf[MAX_MPI_BYTES + 2];
371 size_t nread;
372 unsigned int i;
373 u16 chksum = 0;
374
375 if (!m)
376 return 0;
377 nread = DIM (buf);
378 if (_gnutls_mpi_print_pgp (m, buf, &nread) < 0)
379 return 0;
380 for (i = 0; i < nread; i++)
381 chksum += buf[i];
382 return chksum;
383 }
384
385 /**
386 * cdk_pk_from_secret_key:
387 * @sk: the secret key
388 * @ret_pk: the new public key
389 *
390 * Create a new public key from a secret key.
391 **/
392 cdk_error_t
393 cdk_pk_from_secret_key (cdk_pkt_seckey_t sk, cdk_pubkey_t * ret_pk)
394 {
395 if (!sk)
396 return CDK_Inv_Value;
397 return _cdk_copy_pubkey (ret_pk, sk->pk);
398 }
399
400
401 int
402 _cdk_sk_get_csum (cdk_pkt_seckey_t sk)
403 {
404 u16 csum = 0, i;
405
406 if (!sk)
407 return 0;
408 for (i = 0; i < cdk_pk_get_nskey (sk->pubkey_algo); i++)
409 csum += checksum_mpi (sk->mpi[i]);
410 return csum;
411 }
412
413
414 /**
415 * cdk_pk_get_fingerprint:
416 * @pk: the public key
417 * @fpr: the buffer to hold the fingerprint
418 *
419 * Return the fingerprint of the given public key.
420 * The buffer must be at least 20 octets.
421 * This function should be considered deprecated and
422 * the new cdk_pk_to_fingerprint() should be used whenever
423 * possible to avoid overflows.
424 **/
425 cdk_error_t
426 cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
427 {
428 digest_hd_st hd;
429 int md_algo;
430 int dlen = 0;
431 int err;
432
433 if (!pk || !fpr)
434 return CDK_Inv_Value;
435
436 if (pk->version < 4 && is_RSA (pk->pubkey_algo))
437 md_algo = GNUTLS_DIG_MD5; /* special */
438 else
439 md_algo = GNUTLS_DIG_SHA1;
440 dlen = _gnutls_hash_get_algo_len (md_algo);
441 err = _gnutls_hash_init (&hd, md_algo);
442 if (err < 0)
443 {
444 gnutls_assert ();
445 return map_gnutls_error (err);
446 }
447 _cdk_hash_pubkey (pk, &hd, 1);
448 _gnutls_hash_deinit (&hd, fpr);
449 if (dlen == 16)
450 memset (fpr + 16, 0, 4);
451 return 0;
452 }
453
454
455 /**
456 * cdk_pk_to_fingerprint:
457 * @pk: the public key
458 * @fprbuf: buffer to save the fingerprint
459 * @fprbuflen: buffer size
460 * @r_nout: actual length of the fingerprint.
461 *
462 * Calculate a fingerprint of the given key and
463 * return it in the given byte array.
464 **/
465 cdk_error_t
466 cdk_pk_to_fingerprint (cdk_pubkey_t pk,
467 byte * fprbuf, size_t fprbuflen, size_t * r_nout)
468 {
469 size_t key_fprlen;
470 cdk_error_t err;
471
472 if (!pk)
473 return CDK_Inv_Value;
474
475 if (pk->version < 4)
476 key_fprlen = 16;
477 else
478 key_fprlen = 20;
479
480 /* Only return the required buffer size for the fingerprint. */
481 if (!fprbuf && !fprbuflen && r_nout)
482 {
483 *r_nout = key_fprlen;
484 return 0;
485 }
486
487 if (!fprbuf || key_fprlen > fprbuflen)
488 return CDK_Too_Short;
489
490 err = cdk_pk_get_fingerprint (pk, fprbuf);
491 if (r_nout)
492 *r_nout = key_fprlen;
493
494 return err;
495 }
496
497
498 /**
499 * cdk_pk_fingerprint_get_keyid:
500 * @fpr: the key fingerprint
501 * @fprlen: the length of the fingerprint
502 *
503 * Derive the key ID from the key fingerprint.
504 * For version 3 keys, this is not working.
505 **/
506 u32
507 cdk_pk_fingerprint_get_keyid (const byte * fpr, size_t fprlen, u32 * keyid)
508 {
509 u32 lowbits = 0;
510
511 /* In this case we say the key is a V3 RSA key and we can't
512 use the fingerprint to get the keyid. */
513 if (fpr && fprlen == 16)
514 {
515 keyid[0] = 0;
516 keyid[1] = 0;
517 return 0;
518 }
519 else if (keyid && fpr)
520 {
521 keyid[0] = _cdk_buftou32 (fpr + 12);
522 keyid[1] = _cdk_buftou32 (fpr + 16);
523 lowbits = keyid[1];
524 }
525 else if (fpr)
526 lowbits = _cdk_buftou32 (fpr + 16);
527 return lowbits;
528 }
529
530
531 /**
532 * cdk_pk_get_keyid:
533 * @pk: the public key
534 * @keyid: buffer to store the key ID
535 *
536 * Calculate the key ID of the given public key.
537 **/
538 u32
539 cdk_pk_get_keyid (cdk_pubkey_t pk, u32 * keyid)
540 {
541 u32 lowbits = 0;
542 byte buf[24];
543
544 if (pk && (!pk->keyid[0] || !pk->keyid[1]))
545 {
546 if (pk->version < 4 && is_RSA (pk->pubkey_algo))
547 {
548 byte p[MAX_MPI_BYTES];
549 size_t n;
550
551 n = MAX_MPI_BYTES;
552 _gnutls_mpi_print (pk->mpi[0], p, &n);
553 pk->keyid[0] =
554 p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | p[n - 5];
555 pk->keyid[1] =
556 p[n - 4] << 24 | p[n - 3] << 16 | p[n - 2] << 8 | p[n - 1];
557 }
558 else if (pk->version == 4)
559 {
560 cdk_pk_get_fingerprint (pk, buf);
561 pk->keyid[0] = _cdk_buftou32 (buf + 12);
562 pk->keyid[1] = _cdk_buftou32 (buf + 16);
563 }
564 }
565 lowbits = pk ? pk->keyid[1] : 0;
566 if (keyid && pk)
567 {
568 keyid[0] = pk->keyid[0];
569 keyid[1] = pk->keyid[1];
570 }
571
572 return lowbits;
573 }
574
575
576 /**
577 * cdk_sk_get_keyid:
578 * @sk: the secret key
579 * @keyid: buffer to hold the key ID
580 *
581 * Calculate the key ID of the secret key, actually the public key.
582 **/
583 u32
584 cdk_sk_get_keyid (cdk_pkt_seckey_t sk, u32 * keyid)
585 {
586 u32 lowbits = 0;
587
588 if (sk && sk->pk)
589 {
590 lowbits = cdk_pk_get_keyid (sk->pk, keyid);
591 sk->keyid[0] = sk->pk->keyid[0];
592 sk->keyid[1] = sk->pk->keyid[1];
593 }
594
595 return lowbits;
596 }
597
598
599 /**
600 * cdk_sig_get_keyid:
601 * @sig: the signature
602 * @keyid: buffer to hold the key ID
603 *
604 * Retrieve the key ID from the given signature.
605 **/
606 u32
607 cdk_sig_get_keyid (cdk_pkt_signature_t sig, u32 * keyid)
608 {
609 u32 lowbits = sig ? sig->keyid[1] : 0;
610
611 if (keyid && sig)
612 {
613 keyid[0] = sig->keyid[0];
614 keyid[1] = sig->keyid[1];
615 }
616 return lowbits;
617 }
618
619
620 /* Return the key ID from the given packet.
621 If this is not possible, 0 is returned */
622 u32
623 _cdk_pkt_get_keyid (cdk_packet_t pkt, u32 * keyid)
624 {
625 u32 lowbits;
626
627 if (!pkt)
628 return 0;
629
630 switch (pkt->pkttype)
631 {
632 case CDK_PKT_PUBLIC_KEY:
633 case CDK_PKT_PUBLIC_SUBKEY:
634 lowbits = cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
635 break;
636
637 case CDK_PKT_SECRET_KEY:
638 case CDK_PKT_SECRET_SUBKEY:
639 lowbits = cdk_sk_get_keyid (pkt->pkt.secret_key, keyid);
640 break;
641
642 case CDK_PKT_SIGNATURE:
643 lowbits = cdk_sig_get_keyid (pkt->pkt.signature, keyid);
644 break;
645
646 default:
647 lowbits = 0;
648 break;
649 }
650
651 return lowbits;
652 }
653
654
655 /* Get the fingerprint of the packet if possible. */
656 cdk_error_t
657 _cdk_pkt_get_fingerprint (cdk_packet_t pkt, byte * fpr)
658 {
659 if (!pkt || !fpr)
660 return CDK_Inv_Value;
661
662 switch (pkt->pkttype)
663 {
664 case CDK_PKT_PUBLIC_KEY:
665 case CDK_PKT_PUBLIC_SUBKEY:
666 return cdk_pk_get_fingerprint (pkt->pkt.public_key, fpr);
667
668 case CDK_PKT_SECRET_KEY:
669 case CDK_PKT_SECRET_SUBKEY:
670 return cdk_pk_get_fingerprint (pkt->pkt.secret_key->pk, fpr);
671
672 default:
673 return CDK_Inv_Mode;
674 }
675 return 0;
676 }
Implementation of the SSL/TLS protocol