Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/netpgp/dist/src/lib adding initial suppo...



details:   https://anonhg.NetBSD.org/src/rev/6e39c29d22d0
branches:  trunk
changeset: 369642:6e39c29d22d0
user:      jhigh <jhigh%NetBSD.org@localhost>
date:      Fri Aug 26 19:18:38 2022 +0000

description:
adding initial support for ECDSA (19) to netpgp. tested using p256/sha256, p384/sha384, and p521/sha512

diffstat:

 crypto/external/bsd/netpgp/dist/src/lib/create.c         |    7 +-
 crypto/external/bsd/netpgp/dist/src/lib/crypto.h         |   10 +
 crypto/external/bsd/netpgp/dist/src/lib/misc.c           |   86 ++++++++-
 crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h      |    4 +
 crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c |  151 ++++++++++++++-
 crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c   |   43 ++++-
 crypto/external/bsd/netpgp/dist/src/lib/packet-print.c   |   13 +-
 crypto/external/bsd/netpgp/dist/src/lib/packet-show.c    |    4 +-
 crypto/external/bsd/netpgp/dist/src/lib/packet.h         |   26 ++-
 crypto/external/bsd/netpgp/dist/src/lib/signature.c      |   84 ++++++++-
 crypto/external/bsd/netpgp/dist/src/lib/version.h        |    2 +-
 11 files changed, 418 insertions(+), 12 deletions(-)

diffs (truncated from 754 to 300 lines):

diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/create.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/create.c  Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/create.c  Fri Aug 26 19:18:38 2022 +0000
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.38 2010/11/15 08:03:39 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.39 2022/08/26 19:18:38 jhigh Exp $");
 #endif
 
 #include <sys/types.h>
@@ -250,6 +250,11 @@
                        pgp_write_mpi(output, key->key.dsa.g) &&
                        pgp_write_mpi(output, key->key.dsa.y);
 
+       case PGP_PKA_ECDSA:
+               return pgp_write(output, &key->key.ecdsa.len, 1) && 
+                       pgp_write(output, key->key.ecdsa.oid, key->key.ecdsa.len) &&
+                       pgp_write_mpi(output, key->key.ecdsa.p);
+
        case PGP_PKA_RSA:
        case PGP_PKA_RSA_ENCRYPT_ONLY:
        case PGP_PKA_RSA_SIGN_ONLY:
diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/crypto.h
--- a/crypto/external/bsd/netpgp/dist/src/lib/crypto.h  Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/crypto.h  Fri Aug 26 19:18:38 2022 +0000
@@ -58,7 +58,9 @@
 #include "memory.h"
 #include "packet-parse.h"
 
+#include <openssl/evp.h>
 #include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
 
 #define PGP_MIN_HASH_SIZE      16
 
@@ -119,6 +121,10 @@
                        const pgp_dsa_sig_t *,
                        const pgp_dsa_pubkey_t *);
 
+unsigned pgp_ecdsa_verify(const uint8_t *, size_t,
+                         const pgp_ecdsa_sig_t *,
+                         const pgp_ecdsa_pubkey_t *);
+
 int pgp_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t,
                        const pgp_rsa_pubkey_t *);
 int pgp_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t,
@@ -214,6 +220,10 @@
                                const pgp_dsa_seckey_t *,
                                const pgp_dsa_pubkey_t *);
 
+ECDSA_SIG *pgp_ecdsa_sign(uint8_t *, unsigned,
+                         const pgp_ecdsa_seckey_t *,
+                         const pgp_ecdsa_pubkey_t *);
+
 int openssl_read_pem_seckey(const char *, pgp_key_t *, const char *, int);
 
 /** pgp_reader_t */
diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/misc.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/misc.c    Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/misc.c    Fri Aug 26 19:18:38 2022 +0000
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: misc.c,v 1.43 2020/04/18 19:27:48 jhigh Exp $");
+__RCSID("$NetBSD: misc.c,v 1.44 2022/08/26 19:18:38 jhigh Exp $");
 #endif
 
 #include <sys/types.h>
@@ -96,6 +96,18 @@
 #define vsnprintf _vsnprintf
 #endif
 
+struct ecdsa_map {
+       char    *sname;
+       int     nid;
+       int     bits;
+       int     len;
+       uint8_t oid[8];
+} ecdsa_map[] = {
+       { "P-256", NID_X9_62_prime256v1, 256, 8, {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07} },
+       { "P-384", NID_secp384r1, 384, 5, {0x2B, 0x81, 0x04,  0x00,  0x22} },
+       { "P-521", NID_secp521r1, 521, 5, {0x2B, 0x81, 0x04, 0x00, 0x23} },
+       { NULL, 0, 0, 0, {0} }
+};
 
 typedef struct {
        pgp_keyring_t           *keyring;
@@ -1364,3 +1376,75 @@
        }
        return n;
 }
+
+int
+ecdsa_nid(const pgp_ecdsa_pubkey_t * pub)
+{
+       int i;
+
+       for (i = 0; ecdsa_map[i].sname; i++ ) {
+               if (pub->len == ecdsa_map[i].len) {
+                       if (memcmp(pub->oid, ecdsa_map[i].oid, pub->len) == 0) {
+                               return ecdsa_map[i].nid;
+                       }
+               }
+       }
+       return -1;
+}
+
+int
+ecdsa_numbits(const pgp_ecdsa_pubkey_t * pub)
+{
+       int i;
+
+       for (i = 0; ecdsa_map[i].sname; i++ ) {
+               if (pub->len == ecdsa_map[i].len) {
+                       if (memcmp(pub->oid, ecdsa_map[i].oid, pub->len) == 0) {
+                               return ecdsa_map[i].bits;
+                       }
+               }
+       }
+       return -1;
+}
+
+int
+ecdsa_hashsize(const pgp_ecdsa_pubkey_t * pub)
+{
+       int bits;
+
+       bits = ecdsa_numbits(pub);
+
+       if (bits == -1) {
+               return -1;
+       }
+
+       return (bits/8) - (bits%8);
+}
+
+pgp_hash_alg_t
+ecdsa_hashalg(const pgp_ecdsa_pubkey_t * pub)
+{
+       int nid;
+
+       if (pub == NULL) {
+               return PGP_HASH_UNKNOWN;
+       }
+
+       nid = ecdsa_nid(pub);
+
+       switch (nid) {
+               case NID_X9_62_prime256v1:
+                       return PGP_HASH_SHA256;
+
+               case NID_secp384r1:
+                       return PGP_HASH_SHA384;
+
+               case NID_secp521r1:
+                       return PGP_HASH_SHA512;
+
+               default:
+                       (void) fprintf(stderr, "ecdsa_hashalg: unknown NID\n");
+       }
+
+       return PGP_HASH_UNKNOWN;
+}
diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h
--- a/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h       Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h       Fri Aug 26 19:18:38 2022 +0000
@@ -74,5 +74,9 @@
 int netpgp_strcasecmp(const char *, const char *);
 char *netpgp_strdup(const char *);
 
+int ecdsa_numbits(const pgp_ecdsa_pubkey_t *);
+int ecdsa_nid(const pgp_ecdsa_pubkey_t *);
+pgp_hash_alg_t ecdsa_hashalg(const pgp_ecdsa_pubkey_t *);
+int ecdsa_hashsize(const pgp_ecdsa_pubkey_t *);
 
 #endif
diff -r a1844342c436 -r 6e39c29d22d0 crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
--- a/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c  Fri Aug 26 11:03:53 2022 +0000
+++ b/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c  Fri Aug 26 19:18:38 2022 +0000
@@ -57,7 +57,7 @@
 
 #if defined(__NetBSD__)
 __COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: openssl_crypto.c,v 1.34 2018/02/05 23:56:01 christos Exp $");
+__RCSID("$NetBSD: openssl_crypto.c,v 1.35 2022/08/26 19:18:38 jhigh Exp $");
 #endif
 
 #ifdef HAVE_OPENSSL_DSA_H
@@ -87,6 +87,7 @@
 #include "readerwriter.h"
 #include "netpgpdefs.h"
 #include "netpgpdigest.h"
+#include "netpgpsdk.h"
 #include "packet.h"
 
 static void
@@ -223,6 +224,103 @@
        sk->x = BN_dup(x);
 }
 
+static ECDSA_SIG *
+makeECDSADSA_SIG(const pgp_ecdsa_sig_t *sig)
+{
+       ECDSA_SIG        *osig;
+       BIGNUM         *r, *s; 
+
+       osig = ECDSA_SIG_new();
+       r = BN_dup(sig->r);
+       s = BN_dup(sig->s);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+       ECDSA_SIG_set0(osig, r, s);
+#else 
+       BN_free(osig->r);
+       BN_free(osig->s);
+       osig->r = r;
+       osig->s = s;
+#endif
+
+       return osig;
+}
+
+static EC_KEY * 
+makeECDSA(const pgp_ecdsa_pubkey_t *ecdsa, const pgp_ecdsa_seckey_t *sececdsa)
+{
+       EC_KEY          *key;
+       BIGNUM          *x;
+       BIGNUM          *y;
+       EC_GROUP        *group;
+       EC_POINT        *pub_key;
+       EC_POINT        *point;
+       int nid;
+
+       key = EC_KEY_new();
+       x = BN_new();
+       y = BN_new();
+
+       nid = ecdsa_nid(ecdsa);
+       if (nid == -1) {
+               (void) fprintf(stderr,"makeECDSA: failed to determine NID\n");
+               return 0;
+       }
+
+       group = EC_GROUP_new_by_curve_name(nid);
+       if (group == NULL) {
+               (void) fprintf(stderr,"makeECDSA: failed to get group for specified NID\n");
+               return 0;
+       }
+
+       pub_key = EC_POINT_new(group);
+       if (pub_key == NULL) {
+               (void) fprintf(stderr,"makeECDSA: failed to alloc point\n");
+               return 0;
+       }
+
+       point = EC_POINT_bn2point(group, ecdsa->p, NULL, NULL);
+       if (point == NULL) {
+               (void) fprintf(stderr,"makeECDSA: failed to conv BN to point\n");
+               return 0;
+       }
+
+
+       if ((EC_POINT_get_affine_coordinates(group, point, x, y, NULL)) == 0) {
+               (void) fprintf(stderr,"makeECDSA: failed to get coordinates from point\n");
+               return 0;
+       }
+
+       if ((EC_POINT_set_affine_coordinates(group, pub_key, x, y, NULL)) == 0) {
+               (void) fprintf(stderr,"makeECDSA: failed to set coordinates from point\n");
+               return 0;
+       }
+
+       if ((EC_KEY_set_group(key, group)) == 0) {
+               (void) fprintf(stderr,"makeECDSA: failed to set group for key\n");
+               return 0;
+       }
+
+       if ((EC_KEY_set_public_key(key, pub_key)) == 0) {
+               (void) fprintf(stderr,"makeECDSA: failed to set pubkey for key\n");
+               return 0;
+       }
+
+       if (sececdsa) {
+               if ((EC_KEY_set_private_key(key, sececdsa->x)) == 0) {
+                       (void) fprintf(stderr,"makeECDSA: failed to set seckey for key\n");
+                       return 0;
+               }
+
+               if ((EC_POINT_mul(group, pub_key, sececdsa->x, NULL, NULL, NULL)) == 0) {
+                       (void) fprintf(stderr,"makeECDSA: failed to calculate generator\n");
+                       return 0;
+               }
+       }
+
+       return key;
+}
+



Home | Main Index | Thread Index | Old Index