Changeset 304

Timestamp:

11/24/05 09:53:05

Author:

ben

Message:

Create secret keys from scratch, partially implemented plaintext signing.

Files:

• openpgpsdk/trunk/configure (modified) (1 diff)
• openpgpsdk/trunk/examples/Makefile.template (modified) (4 diffs)
• openpgpsdk/trunk/examples/common.c (modified) (1 diff)
• openpgpsdk/trunk/examples/common.h (modified) (1 diff)
• openpgpsdk/trunk/examples/create-signed-key.c (modified) (3 diffs)
• openpgpsdk/trunk/include/openpgpsdk/create.h (modified) (2 diffs)
• openpgpsdk/trunk/include/openpgpsdk/crypto.h (modified) (1 diff)
• openpgpsdk/trunk/include/openpgpsdk/signature.h (modified) (3 diffs)
• openpgpsdk/trunk/include/openpgpsdk/types.h (modified) (1 diff)
• openpgpsdk/trunk/src/create.c (modified) (5 diffs)
• openpgpsdk/trunk/src/packet-parse.c (modified) (1 diff)
• openpgpsdk/trunk/src/signature.c (modified) (4 diffs)

openpgpsdk/trunk/configure

@@ -38 +38 @@
-              $Subst{INCLUDES}.=" -I $loc/include";
-              $Subst{CRYPTO_LIBS}="$loc/lib/libcrypto.a";
+              # assume developer version if library isn't in .../lib
-              $Subst{CRYPTO_LIBS}="$loc/libcrypto.a"
-                  if !-f $Subst{CRYPTO_LIBS};

openpgpsdk/trunk/examples/Makefile.template

@@ -9 +9 @@
-
-all: Makefile lib .depend packet-dump verify create-key create-signed-key \
-
+ sign-detached
-
-
+ test-verify-armoured test-create-key
-
-lib:
@@ -30 +30 @@
-create-signed-key: create-signed-key.o $(LIBDEPS)
-        $(CC) $(LDFLAGS) -o create-signed-key create-signed-key.o $(LIBS)
+
+sign-detached: sign-detached.o $(LIBDEPS)
+        $(CC) $(LDFLAGS) -o sign-detached sign-detached.o $(LIBS)
-
-tags:
@@ -51 +54 @@
-# tests
-
+SCRATCH=../scratch
+
+$(SCRATCH):
+        mkdir $(SCRATCH)
+
-test-dump: packet-dump
-        ./packet-dump < ../test/dsa-public-key-2118CF83.raw
@@ -65 +73 @@
-        ./verify2 -a ../test/rsa-public-key-2719AF35.raw ../test/clearsign.txt
-
+test-create-key: $(SCRATCH)
+        ./create-signed-key "A Test Key" $(SCRATCH)/key.sec $(SCRATCH)/key.pub
+
-include .depend

openpgpsdk/trunk/examples/common.c

@@ -19 +19 @@
-    }
-    
-
+secret_
-    {
-    ops_reader_fd_arg_t arg;

openpgpsdk/trunk/examples/common.h

@@ -1 +1 @@
-#include <openpgpsdk/packet-parse.h>
-
-
+secret_

openpgpsdk/trunk/examples/create-signed-key.c

@@ -4 +4 @@
-#include <openpgpsdk/signature.h>
-#include <openpgpsdk/packet-parse.h>
+#include <openssl/rsa.h>
-#include <stdio.h>
-#include <fcntl.h>
-#include <string.h>
-
+
+
+
-
-/*
@@ -23 +26 @@
-    unsigned char keyid[OPS_KEY_ID_SIZE];
-    unsigned char *user_id; /* not const coz we use _fast_ */
-
-
+
+
+
+
+
-
-
-
+
-        {
-
+
+
-        exit(1);
-        }
-
-
-
+
+
+
+
+
+
+
+
+
-
-    ops_init();
-
-
-
+
+
+
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-    info.writer=ops_writer_fd;
-    info.arg=&arg;
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-
-    ops_fast_create_user_id(&id,user_id);
-    ops_write_struct_user_id(&id,&info);
-
-
+
+
-    ops_signature_add_creation_time(&sig,time(NULL));
-
-->
+.
-    ops_signature_add_issuer_key_id(&sig,keyid);
-
@@ -60 +97 @@
-    ops_signature_hashed_subpackets_end(&sig);
-
-
-
-
+
-
-    ops_finish();
-
+    close(arg.fd);
+
-    return 0;
-    }

openpgpsdk/trunk/include/openpgpsdk/create.h

@@ -46 +46 @@
-typedef struct ops_create_info ops_create_info_t;
-
-
-/** \ingroup Create
- * needed for signature creation
- */
-typedef struct
-    {
-    ops_packet_writer_t *writer; /*!< The writer function */
-    void *arg;  /*!< Arguments for the writer function */
-    ops_hash_t hash; 
-    ops_signature_t sig; 
-    ops_memory_t mem; 
-    ops_create_info_t info; /*!< how to do the writing */
-    unsigned hashed_count_offset;
-    unsigned hashed_data_length;
-    unsigned unhashed_count_offset;
-    } ops_create_signature_t;
-
-ops_boolean_t ops_write(const void *src,unsigned length,
-                        ops_create_info_t *opt);
@@ -90 +73 @@
-ops_boolean_t ops_write_user_id(const unsigned char *user_id,ops_create_info_t *opt);
-
+void ops_create_rsa_secret_key(ops_secret_key_t *key,const BIGNUM *p,
+                               const BIGNUM *q,const BIGNUM *d,
+                               const BIGNUM *u,const BIGNUM *n,
+                               const BIGNUM *e);
+void ops_fast_create_rsa_secret_key(ops_secret_key_t *key,time_t time,
+                                    BIGNUM *p,BIGNUM *q,BIGNUM *d,BIGNUM *u,
+                                    BIGNUM *n,BIGNUM *e);
+ops_boolean_t ops_write_struct_secret_key(const ops_secret_key_t *key,
+                                          ops_create_info_t *info);
+
-#endif

openpgpsdk/trunk/include/openpgpsdk/crypto.h

@@ -9 +9 @@
-
-#define OPS_MAX_HASH    64
-
-/** ops_hash_t */
-typedef struct _ops_hash_t ops_hash_t;
-
-typedef void ops_hash_init_t(ops_hash_t *hash);

openpgpsdk/trunk/include/openpgpsdk/signature.h

@@ -5 +5 @@
-#include "util.h"
-#include "create.h"
+
+/** \ingroup Create
+ * needed for signature creation
+ */
+typedef struct
+    {
+    ops_packet_writer_t *writer; /*!< The writer function */
+    void *arg;  /*!< Arguments for the writer function */
+    ops_hash_t hash; 
+    ops_signature_t sig; 
+    ops_memory_t mem; 
+    ops_create_info_t info; /*!< how to do the writing */
+    unsigned hashed_count_offset;
+    unsigned hashed_data_length;
+    unsigned unhashed_count_offset;
+    } ops_create_signature_t;
-
-ops_boolean_t
@@ -22 +38 @@
-                         const ops_signature_t *sig,
-                         const ops_public_key_t *signer);
-
-
-
+
+
+
+
+
+
+
+
+
-void ops_signature_hashed_subpackets_end(ops_create_signature_t *sig);
-void ops_write_signature(ops_create_signature_t *sig,ops_public_key_t *key,
@@ -33 +55 @@
-void ops_signature_add_primary_user_id(ops_create_signature_t *sig,
-                                       ops_boolean_t primary);
-

openpgpsdk/trunk/include/openpgpsdk/types.h

@@ -24 +24 @@
-/** ops_content_tag_t */
-typedef enum ops_content_tag_t ops_content_tag_t;
+
+/** ops_hash_t */
+typedef struct _ops_hash_t ops_hash_t;
-
-/** 

openpgpsdk/trunk/src/create.c

@@ -8 +8 @@
-
-/*
-1 if OK, otherwise 0
-
-in
-       
-
-->arg
+true if OK, otherwise false
+
+ops_boolean_
+               
+
+
-    }
-
@@ -202 +202 @@
-    /* not reached */
-    return 0;
+    }
+
+static unsigned secret_key_length(const ops_secret_key_t *key)
+    {
+    int l;
+
+    switch(key->public_key.algorithm)
+        {
+    case OPS_PKA_RSA:
+        l=mpi_length(key->key.rsa.d)+mpi_length(key->key.rsa.p)
+            +mpi_length(key->key.rsa.q)+mpi_length(key->key.rsa.u);
+        break;
+
+    default:
+        assert(!"unknown key algorithm");
+        }
+
+    return l+public_key_length(&key->public_key);
-    }
-
@@ -223 +241 @@
-/* Note that we support v3 keys here because they're needed for
- * for verification - the writer doesn't allow them, though */
-in
-
+ops_boolean_
+        
-    {
-    if(!(ops_write_scalar(key->version,1,info)
@@ -264 +282 @@
-    }
-
+static void push_secret_key_checksum_writer(ops_create_info_t *info)
+    {
+    OPS_USED(info);
+    // XXX: push a SHA-1 checksum writer (and change s2k to 254).
+    }
+
+static ops_boolean_t pop_secret_key_checksum_writer(ops_create_info_t *info)
+    {
+    // XXX: actually write a SHA-1 checksum, but for now, dummy...
+    return ops_write_scalar(0,2,info);
+    }
+
+
+/* Note that we support v3 keys here because they're needed for
+ * for verification - the writer doesn't allow them, though */
+static ops_boolean_t write_secret_key_body(const ops_secret_key_t *key,
+                                           ops_create_info_t *info)
+    {
+    if(!write_public_key_body(&key->public_key,info))
+        return ops_false;
+
+    if(!ops_write_scalar(key->s2k_usage,1,info))
+        return ops_false;
+    
+    // XXX: for now, no secret key encryption, so s2k == 0
+    assert(key->s2k_usage == OPS_S2K_NONE);
+
+    push_secret_key_checksum_writer(info);
+
+    switch(key->public_key.algorithm)
+        {
+        //    case OPS_PKA_DSA:
+        //      return ops_write_mpi(key->key.dsa.x,info);
+
+    case OPS_PKA_RSA:
+    case OPS_PKA_RSA_ENCRYPT_ONLY:
+    case OPS_PKA_RSA_SIGN_ONLY:
+        if(!ops_write_mpi(key->key.rsa.d,info)
+           || !ops_write_mpi(key->key.rsa.p,info)
+           || !ops_write_mpi(key->key.rsa.q,info)
+           || !ops_write_mpi(key->key.rsa.u,info))
+            return ops_false;
+        break;
+
+        //    case OPS_PKA_ELGAMAL:
+        //      return ops_write_mpi(key->key.elgamal.x,info);
+
+    default:
+        assert(0);
+        break;
+        }
+
+    return pop_secret_key_checksum_writer(info);
+    }
+
+
-/**
- * \ingroup Create
@@ -338 +412 @@
-        ops_memory_make_packet(out,OPS_PTAG_CT_PUBLIC_KEY);
-    }
+
+/**
+ * \ingroup Create
+ *
+ * Create an RSA secret key structure. If a parameter is marked as
+ * [OPTIONAL], then it can be omitted and will be calculated from
+ * other parameters - or, in the case of e, will default to 0x10001.
+ *
+ * Parameters are _not_ copied, so will be freed if the structure is
+ * freed.
+ *
+ * \param key The key structure to be initialised.
+ * \param e The RSA parameter d (=e^-1 mod (p-1)(q-1)) [OPTIONAL]
+ * \param p The RSA parameter p
+ * \param q The RSA parameter q (q > p)
+ * \param u The RSA parameter u (=p^-1 mod q) [OPTIONAL]
+ * \param n The RSA public parameter n (=p*q) [OPTIONAL]
+ * \param e The RSA public parameter e */
+
+void ops_fast_create_rsa_secret_key(ops_secret_key_t *key,time_t time,
+                                    BIGNUM *d,BIGNUM *p,BIGNUM *q,BIGNUM *u,
+                                    BIGNUM *n,BIGNUM *e)
+    {
+    ops_fast_create_rsa_public_key(&key->public_key,time,n,e);
+
+    // XXX: calculate optionals
+    key->key.rsa.d=d;
+    key->key.rsa.p=p;
+    key->key.rsa.q=q;
+    key->key.rsa.u=u;
+
+    key->s2k_usage=OPS_S2K_NONE;
+
+    // XXX: sanity check and add errors...
+    }
+
+/**
+ * \ingroup Create
+ *
+ * Writes a secret key.
+ *
+ * \param key The secret key
+ * \param info
+ * \return success
+ */
+ops_boolean_t ops_write_struct_secret_key(const ops_secret_key_t *key,
+                                          ops_create_info_t *info)
+    {
+    assert(key->public_key.version == 4);
+
+    return ops_write_ptag(OPS_PTAG_CT_SECRET_KEY,info)
+        && ops_write_length(1+4+1+1+secret_key_length(key)+2,info)
+        && write_secret_key_body(key,info);
+    }

openpgpsdk/trunk/src/packet-parse.c

@@ -1683 +1683 @@
-        return 0;
-    C.secret_key.s2k_usage=c[0];
-0
+OPS_S2K_NONE
-
-    switch(C.secret_key.public_key.algorithm)

openpgpsdk/trunk/src/signature.c

@@ -127 +127 @@
-    }
-
+static void common_init_signature(ops_hash_t *hash,const ops_signature_t *sig)
+    {
+    ops_hash_any(hash,sig->hash_algorithm);
+    hash->init(hash);
+    }
+
-static void init_signature(ops_hash_t *hash,const ops_signature_t *sig,
-                           const ops_public_key_t *key)
-    {
-
-
+
-    hash_add_key(hash,key);
-    }
@@ -290 +295 @@
- * \ingroup Create
- *
-
+public key 
- * 
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-    // XXX: refactor with check (in several ways - check should probably
-    // use the buffered writer to construct packets (done), and also should
@@ -315 +321 @@
-    init_signature(&sig->hash,&sig->sig,key);
-
-    // \todo Fix this. user_id is UTF-8 so strlen may not work
-    ops_hash_add_int(&sig->hash,0xb4,1);
-    ops_hash_add_int(&sig->hash,strlen((char *)id->user_id),4);
@@ -335 +340 @@
-    sig->hashed_count_offset=sig->mem.length;
-    ops_write_scalar(0,2,&sig->info);
+    }
+
+/**
+ * \ingroup Create
+ *
+ * Create a V4 public key signature over some plaintext.
+ * 
+ * \param sig The signature structure to initialise
+ * \param id
+ * \param type
+ * \todo Expand description. Allow other hashes.
+ */
+void ops_signature_start_plaintext_signature(ops_create_signature_t *sig,
+                                             ops_hash_algorithm_t hash,
+                                             ops_sig_type_t type)
+    {
+    memset(sig,'\0',sizeof *sig);
+    // XXX: refactor with check (in several ways - check should probably
+    // use the buffered writer to construct packets (done), and also should
+    // share code for hash calculation)
+    sig->sig.version=OPS_SIG_V4;
+    sig->sig.hash_algorithm=hash;
+    sig->sig.type=type;
+
+    sig->hashed_data_length=-1;
+
+    common_init_signature(&sig->hash,&sig->sig);
+
+    // since this has subpackets and stuff, we have to buffer the whole
+    // thing to get counts before writing.
+    ops_memory_init(&sig->mem,100);
+    sig->info.writer=ops_writer_memory;
+    sig->info.arg=&sig->mem;
+
+    // write nearly up to the first subpacket
+    ops_write_scalar(sig->sig.version,1,&sig->info);
+    ops_write_scalar(sig->sig.type,1,&sig->info);
+    ops_write_scalar(sig->sig.key_algorithm,1,&sig->info);
+    ops_write_scalar(sig->sig.hash_algorithm,1,&sig->info);
+
+    // dummy hashed subpacket count
+    sig->hashed_count_offset=sig->mem.length;
+    ops_write_scalar(0,2,&sig->info);
+    }
+
+/**
+ * \ingroup Create
+ *
+ * Add plaintext data to a signature-to-be.
+ *
+ * \param sig The signature-to-be.
+ * \param buf The plaintext data.
+ * \param length The amount of plaintext data.
+ */
+void ops_signature_add_data(ops_create_signature_t *sig,const void *buf,
+                            size_t length)
+    {
+    sig->hash.add(&sig->hash,buf,length);
-    }
-