Changeset 136

Timestamp:

05/20/05 13:44:25

Author:

ben

Message:

Partial signature code, prior to refactor for verification.

Files:

• openpgpsdk/trunk/examples/Makefile.template (modified) (2 diffs)
• openpgpsdk/trunk/examples/create-signed-key.c (added)
• openpgpsdk/trunk/include/create.h (modified) (3 diffs)
• openpgpsdk/trunk/include/crypto.h (modified) (2 diffs)
• openpgpsdk/trunk/include/memory.h (modified) (2 diffs)
• openpgpsdk/trunk/include/packet.h (modified) (1 diff)
• openpgpsdk/trunk/include/signature.h (modified) (2 diffs)
• openpgpsdk/trunk/ref/draft-ietf-openpgp-rfc2440bis-12-comments.txt (modified) (1 diff)
• openpgpsdk/trunk/src/build.c (modified) (1 diff)
• openpgpsdk/trunk/src/create.c (modified) (3 diffs)
• openpgpsdk/trunk/src/memory.c (modified) (3 diffs)
• openpgpsdk/trunk/src/openssl_crypto.c (modified) (1 diff)
• openpgpsdk/trunk/src/signature.c (modified) (4 diffs)

openpgpsdk/trunk/examples/Makefile.template

@@ -8 +8 @@
-LIBS=$(LIBDEPS) -lcrypto -lz $(DM_LIB)
-
-
+ create-signed-key
-
-packet-dump: packet-dump.o $(LIBDEPS)
@@ -18 +18 @@
-create-key: create-key.o $(LIBDEPS)
-        $(CC) $(LDFLAGS) -o create-key create-key.o $(LIBS)
+
+create-signed-key: create-signed-key.o $(LIBDEPS)
+        $(CC) $(LDFLAGS) -o create-signed-key create-signed-key.o $(LIBS)
-
-tags:

openpgpsdk/trunk/include/create.h

@@ -2 +2 @@
- */
-
+#ifndef OPS_CREATE_H
+#define OPS_CREATE_H
+
-#include "types.h"
-#include "packet.h"
+#include "crypto.h"
+#include "memory.h"
-
-enum ops_writer_ret_t
@@ -22 +27 @@
-    } ops_create_options_t;
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
-ops_boolean_t ops_write(const void *src,unsigned length,
-                        ops_create_options_t *opt);
+ops_boolean_t ops_write_length(unsigned length,ops_create_options_t *opt);
+ops_boolean_t ops_write_ptag(ops_content_tag_t tag,ops_create_options_t *opt);
+ops_boolean_t ops_write_scalar(unsigned n,unsigned length,
+                               ops_create_options_t *opt);
-
+void ops_fast_create_rsa_public_key(ops_public_key_t *key,time_t time,
+                                    BIGNUM *n,BIGNUM *e);
+void ops_create_rsa_public_key(ops_public_key_t *key,time_t time,
+                               const BIGNUM *n,const BIGNUM *e);
-ops_boolean_t ops_write_struct_public_key(const ops_public_key_t *key,
-                                          ops_create_options_t *opt);
@@ -33 +57 @@
-                                       ops_create_options_t *opt);
-
+void ops_fast_create_user_id(ops_user_id_t *id,char *user_id);
-ops_boolean_t ops_write_struct_user_id(ops_user_id_t *id,
-                                       ops_create_options_t *opt);
-ops_boolean_t ops_write_user_id(const char *user_id,ops_create_options_t *opt);
+
+#endif

openpgpsdk/trunk/include/crypto.h

@@ -4 +4 @@
-#include "util.h"
-#include "packet.h"
+
+#ifndef OPS_CRYPTO_H
+#define OPS_CRYPTO_H
-
-#define OPS_MAX_HASH    20
@@ -34 +37 @@
-int ops_rsa_public_decrypt(unsigned char *out,const unsigned char *in,
-                           size_t length,const ops_rsa_public_key_t *rsa);
+int ops_rsa_private_encrypt(unsigned char *out,const unsigned char *in,
+                            size_t length,const ops_rsa_secret_key_t *rsa);
+
+#endif

openpgpsdk/trunk/include/memory.h

@@ -1 +1 @@
-/** \file
- */
-
-#ifndef OPS_MEMORY_H
-#define OPS_MEMORY_H
-
-#include <sys/types.h>
-#include <openssl/bn.h>
-#include "packet.h"
+
+#ifndef OPS_MEMORY_H
+#define OPS_MEMORY_H
-
-typedef struct 
@@ -20 +20 @@
-void ops_memory_add(ops_memory_t *mem,const unsigned char *src,size_t length);
-void ops_memory_add_int(ops_memory_t *mem,unsigned n,size_t length);
+void ops_memory_place_int(ops_memory_t *mem,unsigned offset,unsigned n,
+                          size_t length);
-void ops_memory_add_mpi(ops_memory_t *out,const BIGNUM *bn);
-void ops_memory_make_packet(ops_memory_t *out,ops_content_tag_t tag);
-void ops_memory_release(ops_memory_t *mem);
-
+ops_writer_ret_t ops_writer_memory(const unsigned char *src,unsigned length,
+                                   ops_writer_flags_t flags,void *arg_);
+
-#endif

openpgpsdk/trunk/include/packet.h

@@ -276 +276 @@
-    ops_public_key_union_t      key;            /*!< Public Key Parameters */
-    } ops_public_key_t;
+
+typedef struct
+    {
+    BIGNUM *d;
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *u;
+    } ops_rsa_secret_key_t;
+
+typedef struct
+    {
+    ops_rsa_secret_key_t rsa;
+    } ops_secret_key_union_t;
+
+typedef struct
+    {
+    ops_secret_key_union_t key;
+    } ops_secret_key_t;
-
-/** Symmetric Key Algorithm Numbers.

openpgpsdk/trunk/include/signature.h

@@ -4 +4 @@
-#include "packet.h"
-#include "util.h"
+#include "create.h"
-
-ops_boolean_t
@@ -17 +18 @@
-                           const ops_public_key_t *signer,
-                           const unsigned char *raw_packet);
+void ops_signature_start(ops_create_signature_t *sig,
+                         const ops_public_key_t *key,
+                         const ops_user_id_t *id);
+void ops_signature_hashed_subpackets_end(ops_create_signature_t *sig);
+void ops_signature_end(ops_create_signature_t *sig,ops_public_key_t *key,
+                       ops_secret_key_t *skey);
+void ops_signature_add_creation_time(ops_create_signature_t *sig,time_t when);
+void ops_signature_add_issuer_key_id(ops_create_signature_t *sig,
+                                     const unsigned char keyid[OPS_KEY_ID_SIZE]);
+void ops_signature_add_primary_user_id(ops_create_signature_t *sig,
+                                       ops_boolean_t primary);
+

openpgpsdk/trunk/ref/draft-ietf-openpgp-rfc2440bis-12-comments.txt

@@ -61 +61 @@
-wording.
-
+------
+
+5.2.3.5 Issuer
+
+should be:
+
+5.2.3.5 Issuer key ID
+
+A tiny point, I know, but it made it hard to find.
+
+Key algorithms ... these are used in various contexts, and there's a
+list in 9.1 - some of these are clearly unsuitable in some contexts -
+for example, one would not expect to see RSA Ecnrpyt-Only (3) in a
+signature. But I can't find any language saying anything about
+this. Are there any rules?
+

openpgpsdk/trunk/src/build.c

@@ -45 +45 @@
-    }
-
+// XXX: this should be refactored into a write
-void ops_build_public_key(ops_memory_t *out,const ops_public_key_t *key,
-                          ops_boolean_t make_packet)

openpgpsdk/trunk/src/create.c

@@ -72 +72 @@
-    }
-
+// XXX: the general idea of _fast_ is that it doesn't copy stuff
+// the safe (i.e. non _fast_) version will, and so will also need to
+// be freed.
+void ops_fast_create_user_id(ops_user_id_t *id,char *user_id)
+    {
+    id->user_id=user_id;;
+    }
+
-ops_boolean_t ops_write_struct_user_id(ops_user_id_t *id,
-                                       ops_create_options_t *opt)
@@ -107 +115 @@
-    }
-
+void ops_fast_create_rsa_public_key(ops_public_key_t *key,time_t time,
+                                    BIGNUM *n,BIGNUM *e)
+    {
+    key->version=4;
+    key->creation_time=time;
+    key->algorithm=OPS_PKA_RSA;
+    key->key.rsa.n=n;
+    key->key.rsa.e=e;
+    }
+
-ops_boolean_t ops_write_struct_public_key(const ops_public_key_t *key,
-                                          ops_create_options_t *opt)
@@ -139 +157 @@
-    ops_public_key_t key;
-
-
-
-
-
-
+
+
-    return ops_write_struct_public_key(&key,opt);
-    }

openpgpsdk/trunk/src/memory.c

@@ -3 +3 @@
-
-#include "memory.h"
+#include "create.h"
-#include <stdlib.h>
-#include <string.h>
@@ -56 +57 @@
-    }
-
+void ops_memory_place_int(ops_memory_t *mem,unsigned offset,unsigned n,
+                          size_t length)
+    {
+    assert(mem->allocated >= offset+length);
+    
+    while(length--)
+        mem->buf[offset++]=n >> (length*8);
+    }
+
-void ops_memory_add_mpi(ops_memory_t *out,const BIGNUM *bn)
-    {
@@ -72 +82 @@
-    mem->buf=NULL;
-    }
+
+ops_writer_ret_t ops_writer_memory(const unsigned char *src,unsigned length,
+                                   ops_writer_flags_t flags,void *arg_)
+    {
+    ops_memory_t *mem=arg_;
+
+    ops_memory_add(mem,src,length);
+    return OPS_W_OK;
+    }
+

openpgpsdk/trunk/src/openssl_crypto.c

@@ -118 +118 @@
-    }
-
+int ops_rsa_private_encrypt(unsigned char *out,const unsigned char *in,
+                            size_t length,const ops_rsa_secret_key_t *rsa)
+    {
+    RSA *orsa;
+    int n;
+
+    orsa=RSA_new();
+    orsa->d=rsa->d;
+    orsa->p=rsa->p;
+    orsa->q=rsa->q;
+
+    n=RSA_private_encrypt(length,in,out,orsa,RSA_NO_PADDING);
+
+    orsa->d=orsa->p=orsa->q=NULL;
+    RSA_free(orsa);
+
+    return n;
+    }
+
-void ops_crypto_init()
-    {

openpgpsdk/trunk/src/signature.c

@@ -6 +6 @@
-#include "memory.h"
-#include "build.h"
+#include "create.h"
-#include <assert.h>
-#include <string.h>
@@ -15 +16 @@
-static unsigned char prefix_sha1[]={ 0x30,0x21,0x30,0x09,0x06,0x05,0x2b,0x0E,
-                                     0x03,0x02,0x1A,0x05,0x00,0x04,0x14 };
+
+static void rsa_sign(ops_hash_t *hash,const ops_rsa_public_key_t *rsa,
+                     const ops_rsa_secret_key_t *srsa)
+    {
+    unsigned char hashbuf[8192];
+    unsigned char sigbuf[8192];
+    unsigned keysize;
+    unsigned hashsize;
+    unsigned n;
+    unsigned t;
+
+    // XXX: we assume hash is sha-1 for now
+    hashsize=20+sizeof prefix_sha1;
+
+    keysize=(BN_num_bits(rsa->n)+7)/8;
+    assert(keysize <= sizeof hashbuf);
+    assert(10+hashsize <= keysize);
+
+    hashbuf[0]=1;
+    for(n=1 ; n < keysize-hashsize-2 ; ++n)
+        hashbuf[n]=0xff;
+    hashbuf[n++]=0;
+
+    memcpy(&hashbuf[n],prefix_sha1,sizeof prefix_sha1);
+    n+=sizeof prefix_sha1;
+
+    t=hash->finish(hash,&hashbuf[n]);
+    assert(t == 20);
+    n+=t;
+
+    ops_rsa_private_encrypt(sigbuf,hashbuf,keysize,srsa);
+    }
-
-static ops_boolean_t rsa_verify(ops_hash_algorithm_t type,
@@ -42 +75 @@
-    hexdump(hashbuf,n);
-
+    // XXX: why is there a leading 0? The first byte should be 1...
+    // XXX: because the decrypt should use keysize and not sigsize?
-    if(hashbuf[0] != 0 || hashbuf[1] != 1)
-        return ops_false;
@@ -201 +236 @@
-    }
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+