contrib/pgcrypto/pgp-pubdec.c

   1 /*
   2  * pgp-pubdec.c
   3  *        Decrypt public-key encrypted session key.
   4  *
   5  * Copyright (c) 2005 Marko Kreen
   6  * All rights reserved.
   7  *
   8  * Redistribution and use in source and binary forms, with or without
   9  * modification, are permitted provided that the following conditions
  10  * are met:
  11  * 1. Redistributions of source code must retain the above copyright
  12  *        notice, this list of conditions and the following disclaimer.
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *        notice, this list of conditions and the following disclaimer in the
  15  *        documentation and/or other materials provided with the distribution.
  16  *
  17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  27  * SUCH DAMAGE.
  28  *
  29  * contrib/pgcrypto/pgp-pubdec.c
  30  */
  31 #include "postgres.h"
  32
  33 #include "pgp.h"
  34 #include "px.h"
  35
  36 /*
  37  * padded msg = 02 || PS || 00 || M
  38  * PS - pad bytes
  39  * M - msg
  40  */
  41 static uint8 *
  42 check_eme_pkcs1_v15(uint8 *data, int len)
  43 {
  44         uint8      *data_end = data + len;
  45         uint8      *p = data;
  46         int                     rnd = 0;
  47
  48         if (len < 1 + 8 + 1)
  49                 return NULL;
  50
  51         if (*p++ != 2)
  52                 return NULL;
  53
  54         while (p < data_end && *p)
  55         {
  56                 p++;
  57                 rnd++;
  58         }
  59
  60         if (p == data_end)
  61                 return NULL;
  62         if (*p != 0)
  63                 return NULL;
  64         if (rnd < 8)
  65                 return NULL;
  66         return p + 1;
  67 }
  68
  69 /*
  70  * secret message: 1 byte algo, sesskey, 2 byte cksum
  71  * ignore algo in cksum
  72  */
  73 static int
  74 control_cksum(uint8 *msg, int msglen)
  75 {
  76         int                     i;
  77         unsigned        my_cksum,
  78                                 got_cksum;
  79
  80         if (msglen < 3)
  81                 return PXE_PGP_WRONG_KEY;
  82
  83         my_cksum = 0;
  84         for (i = 1; i < msglen - 2; i++)
  85                 my_cksum += msg[i];
  86         my_cksum &= 0xFFFF;
  87         got_cksum = ((unsigned) (msg[msglen - 2]) << 8) + msg[msglen - 1];
  88         if (my_cksum != got_cksum)
  89         {
  90                 px_debug("pubenc cksum failed");
  91                 return PXE_PGP_WRONG_KEY;
  92         }
  93         return 0;
  94 }
  95
  96 static int
  97 decrypt_elgamal(PGP_PubKey *pk, PullFilter *pkt, PGP_MPI **m_p)
  98 {
  99         int                     res;
 100         PGP_MPI    *c1 = NULL;
 101         PGP_MPI    *c2 = NULL;
 102
 103         if (pk->algo != PGP_PUB_ELG_ENCRYPT)
 104                 return PXE_PGP_WRONG_KEY;
 105
 106         /* read elgamal encrypted data */
 107         res = pgp_mpi_read(pkt, &c1);
 108         if (res < 0)
 109                 goto out;
 110         res = pgp_mpi_read(pkt, &c2);
 111         if (res < 0)
 112                 goto out;
 113
 114         /* decrypt */
 115         res = pgp_elgamal_decrypt(pk, c1, c2, m_p);
 116
 117 out:
 118         pgp_mpi_free(c1);
 119         pgp_mpi_free(c2);
 120         return res;
 121 }
 122
 123 static int
 124 decrypt_rsa(PGP_PubKey *pk, PullFilter *pkt, PGP_MPI **m_p)
 125 {
 126         int                     res;
 127         PGP_MPI    *c;
 128
 129         if (pk->algo != PGP_PUB_RSA_ENCRYPT
 130                 && pk->algo != PGP_PUB_RSA_ENCRYPT_SIGN)
 131                 return PXE_PGP_WRONG_KEY;
 132
 133         /* read rsa encrypted data */
 134         res = pgp_mpi_read(pkt, &c);
 135         if (res < 0)
 136                 return res;
 137
 138         /* decrypt */
 139         res = pgp_rsa_decrypt(pk, c, m_p);
 140
 141         pgp_mpi_free(c);
 142         return res;
 143 }
 144
 145 /* key id is missing - user is expected to try all keys */
 146 static const uint8
 147                         any_key[] = {0, 0, 0, 0, 0, 0, 0, 0};
 148
 149 int
 150 pgp_parse_pubenc_sesskey(PGP_Context *ctx, PullFilter *pkt)
 151 {
 152         int                     ver;
 153         int                     algo;
 154         int                     res;
 155         uint8           key_id[8];
 156         PGP_PubKey *pk;
 157         uint8      *msg;
 158         int                     msglen;
 159         PGP_MPI    *m;
 160
 161         pk = ctx->pub_key;
 162         if (pk == NULL)
 163         {
 164                 px_debug("no pubkey?");
 165                 return PXE_BUG;
 166         }
 167
 168         GETBYTE(pkt, ver);
 169         if (ver != 3)
 170         {
 171                 px_debug("unknown pubenc_sesskey pkt ver=%d", ver);
 172                 return PXE_PGP_CORRUPT_DATA;
 173         }
 174
 175         /*
 176          * check if keyid's match - user-friendly msg
 177          */
 178         res = pullf_read_fixed(pkt, 8, key_id);
 179         if (res < 0)
 180                 return res;
 181         if (memcmp(key_id, any_key, 8) != 0
 182                 && memcmp(key_id, pk->key_id, 8) != 0)
 183         {
 184                 px_debug("key_id's does not match");
 185                 return PXE_PGP_WRONG_KEY;
 186         }
 187
 188         /*
 189          * Decrypt
 190          */
 191         GETBYTE(pkt, algo);
 192         switch (algo)
 193         {
 194                 case PGP_PUB_ELG_ENCRYPT:
 195                         res = decrypt_elgamal(pk, pkt, &m);
 196                         break;
 197                 case PGP_PUB_RSA_ENCRYPT:
 198                 case PGP_PUB_RSA_ENCRYPT_SIGN:
 199                         res = decrypt_rsa(pk, pkt, &m);
 200                         break;
 201                 default:
 202                         res = PXE_PGP_UNKNOWN_PUBALGO;
 203         }
 204         if (res < 0)
 205                 return res;
 206
 207         /*
 208          * extract message
 209          */
 210         msg = check_eme_pkcs1_v15(m->data, m->bytes);
 211         if (msg == NULL)
 212         {
 213                 px_debug("check_eme_pkcs1_v15 failed");
 214                 res = PXE_PGP_WRONG_KEY;
 215                 goto out;
 216         }
 217         msglen = m->bytes - (msg - m->data);
 218
 219         res = control_cksum(msg, msglen);
 220         if (res < 0)
 221                 goto out;
 222
 223         /*
 224          * got sesskey
 225          */
 226         ctx->cipher_algo = *msg;
 227         ctx->sess_key_len = msglen - 3;
 228         memcpy(ctx->sess_key, msg + 1, ctx->sess_key_len);
 229
 230 out:
 231         pgp_mpi_free(m);
 232         if (res < 0)
 233                 return res;
 234         return pgp_expect_packet_end(pkt);
 235 }