Abstract RSA/DSA private key file reading and RSA/DSA signing, and

implement them in openssl/libgcrypt layer.
2007-01-23 08:22:54 +00:00
parent 0d9a7e3c2e
commit 51b9ff0f16
5 changed files with 589 additions and 129 deletions
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -35,18 +35,39 @@
 * OF SUCH DAMAGE.
 */

-#include "libgcrypt.h"
+#include "libssh2_priv.h"
+#include <string.h>

 int _libssh2_rsa_new(libssh2_rsa_ctx **rsa,
 		     const unsigned char *edata,
 		     unsigned long elen,
 		     const unsigned char *ndata,
-		     unsigned long nlen)
+		     unsigned long nlen,
+		     const unsigned char *ddata,
+		     unsigned long dlen,
+		     const unsigned char *pdata,
+		     unsigned long plen,
+		     const unsigned char *qdata,
+		     unsigned long qlen,
+		     const unsigned char *e1data,
+		     unsigned long e1len,
+		     const unsigned char *e2data,
+		     unsigned long e2len,
+		     const unsigned char *coeffdata,
+		     unsigned long coefflen)
 {
 	int rc;

-	rc = gcry_sexp_build (rsa, NULL, "(public-key(rsa(n%b)(e%b)))",
-			      nlen, ndata, elen, edata);
+	if (ddata) {
+		rc = gcry_sexp_build
+			(rsa, NULL,
+			 "(private-key(rsa(n%b)(e%b)(d%b)(p%b)(q%b)(u%b)))",
+			 nlen, ndata, elen, edata, dlen, ddata, plen, pdata,
+			 qlen, qdata, coefflen, coeffdata);
+	} else {
+		rc = gcry_sexp_build (rsa, NULL, "(public-key(rsa(n%b)(e%b)))",
+				      nlen, ndata, elen, edata);
+	}
 	if (rc)
 	{
 		*rsa = NULL;
@@ -72,15 +93,13 @@ int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
 	rc = gcry_sexp_build (&s_hash, NULL,
 			      "(data (flags pkcs1) (hash sha1 %b))",
 			      SHA_DIGEST_LENGTH, hash);
-	if (rc != 0)
-	{
+	if (rc != 0) {
 		return -1;
 	}

 	rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s %b)))",
 			      sig_len, sig);
-	if (rc != 0)
-	{
+	if (rc != 0) {
 		gcry_sexp_release (s_hash);
 		return -1;
 	}
@@ -100,15 +119,24 @@ int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx,
 		     const unsigned char *g,
 		     unsigned long g_len,
 		     const unsigned char *y,
-		     unsigned long y_len)
+		     unsigned long y_len,
+		     const unsigned char *x,
+		     unsigned long x_len)
 {
 	int rc;

-	rc = gcry_sexp_build (dsactx, NULL,
-			      "(public-key(dsa(p%b)(q%b)(g%b)(y%b)))",
-			      p_len, p, q_len, q, g_len, g, y_len, y);
-	if (rc)
-	{
+	if (x_len) {
+		rc = gcry_sexp_build
+			(dsactx, NULL,
+			 "(private-key(dsa(p%b)(q%b)(g%b)(y%b)(x%b)))",
+			 p_len, p, q_len, q, g_len, g, y_len, y, x_len, x);
+	} else {
+		rc = gcry_sexp_build (dsactx, NULL,
+				      "(public-key(dsa(p%b)(q%b)(g%b)(y%b)))",
+				      p_len, p, q_len, q, g_len, g, y_len, y);
+	}
+
+	if (rc) {
 		*dsactx = NULL;
 		return -1;
 	}
@@ -116,6 +144,291 @@ int _libssh2_dsa_new(libssh2_dsa_ctx **dsactx,
 	return 0;
 }

+int _libssh2_rsa_new_private (libssh2_rsa_ctx **rsa,
+			      LIBSSH2_SESSION *session,
+			      FILE *fp,
+			      unsigned const char *passphrase)
+{
+	char *data, *save_data;
+	unsigned int datalen;
+	int err;
+	char *n, *e, *d, *p, *q, *e1, *e2, *coeff;
+	unsigned int nlen, elen, dlen, plen, qlen, e1len, e2len, coefflen;
+
+	err = _libssh2_pem_parse (session,
+				  "-----BEGIN RSA PRIVATE KEY-----",
+				  "-----END RSA PRIVATE KEY-----",
+				  fp, &data, &datalen);
+	if (err) {
+		return -1;
+	}
+
+	save_data = data;
+
+	if (_libssh2_pem_decode_sequence (&data, &datalen)) {
+		return -1;
+	}
+/* First read Version field (should be 0). */
+	err = _libssh2_pem_decode_integer (&data, &datalen, &n, &nlen);
+	if (err != 0 || (nlen != 1 && *n != '\0')) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &n, &nlen);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &e, &elen);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &d, &dlen);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &p, &plen);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &q, &qlen);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &e1, &e1len);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &e2, &e2len);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &coeff, &coefflen);
+	if (err != 0) {
+		return -1;
+	}
+
+	if (_libssh2_rsa_new (rsa, n, nlen, e, elen, d, dlen, p, plen,
+			      q, qlen, e1, e1len, e2, e2len,
+			      coeff, coefflen)) {
+		return -1;
+	}
+
+	LIBSSH2_FREE (session, save_data);
+
+	return 0;
+}
+
+int _libssh2_dsa_new_private (libssh2_dsa_ctx **dsa,
+			      LIBSSH2_SESSION *session,
+			      FILE *fp,
+			      unsigned const char *passphrase)
+{
+	char *data, *save_data;
+	unsigned int datalen;
+	int err;
+	char *p, *q, *g, *y, *x;
+	unsigned int plen, qlen, glen, ylen, xlen;
+
+	err = _libssh2_pem_parse (session,
+				  "-----BEGIN DSA PRIVATE KEY-----",
+				  "-----END DSA PRIVATE KEY-----",
+				  fp, &data, &datalen);
+	if (err) {
+		return -1;
+	}
+
+	save_data = data;
+
+	if (_libssh2_pem_decode_sequence (&data, &datalen)) {
+		return -1;
+	}
+
+/* First read Version field (should be 0). */
+	err = _libssh2_pem_decode_integer (&data, &datalen, &p, &plen);
+	if (err != 0 || (plen != 1 && *p != '\0')) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &p, &plen);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &q, &qlen);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &g, &glen);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &y, &ylen);
+	if (err != 0) {
+		return -1;
+	}
+
+	err = _libssh2_pem_decode_integer (&data, &datalen, &x, &xlen);
+	if (err != 0) {
+		return -1;
+	}
+
+	if (datalen != 0) {
+		return -1;
+	}
+
+	if (_libssh2_dsa_new (dsa, p, plen, q, qlen,
+			      g, glen, y, ylen, x, xlen)) {
+		return -1;
+	}
+
+	LIBSSH2_FREE (session, save_data);
+
+	return 0;
+}
+
+int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION *session,
+			   libssh2_dsa_ctx *rsactx,
+			   const unsigned char *hash,
+			   unsigned long hash_len,
+			   unsigned char **signature,
+			   unsigned long *signature_len)
+{
+	gcry_sexp_t sig_sexp;
+	gcry_sexp_t data;
+	int rc;
+	const char *tmp;
+	size_t size;
+
+	if (hash_len != SHA_DIGEST_LENGTH)
+	{
+		return -1;
+	}
+
+	rc = gcry_sexp_build (&data, NULL,
+			      "(data (flags pkcs1) (hash sha1 %b))",
+			      hash_len, hash);
+	if (rc != 0) {
+		return -1;
+	}
+
+	rc = gcry_pk_sign (&sig_sexp, data, rsactx);
+
+	gcry_sexp_release (data);
+
+	if (rc != 0) {
+		return -1;
+	}
+
+	data = gcry_sexp_find_token(sig_sexp, "s", 0);
+	if (!data) {
+		return -1;
+	}
+
+	tmp = gcry_sexp_nth_data(data, 1, &size);
+	if (!tmp) {
+		return -1;
+	}
+
+	if (tmp[0] == '\0') {
+		tmp++;
+		size--;
+	}
+
+	*signature = LIBSSH2_ALLOC(session, size);
+	memcpy (*signature, tmp, size);
+	*signature_len = size;
+
+	return rc;
+}
+
+int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx *dsactx,
+			   const unsigned char *hash,
+			   unsigned long hash_len,
+			   unsigned char *sig)
+{
+	unsigned char zhash[SHA_DIGEST_LENGTH+1];
+	gcry_sexp_t sig_sexp;
+	gcry_sexp_t data;
+	int rc;
+	const char *tmp;
+	size_t size;
+
+	if (hash_len != SHA_DIGEST_LENGTH)
+	{
+		return -1;
+	}
+
+	memcpy (zhash + 1, hash, hash_len);
+	zhash[0] = 0;
+
+	rc = gcry_sexp_build (&data, NULL, "(data (value %b))",
+			      hash_len + 1, zhash);
+	if (rc != 0) {
+		return -1;
+	}
+
+	rc = gcry_pk_sign (&sig_sexp, data, dsactx);
+
+	gcry_sexp_release (data);
+
+	if (rc != 0) {
+		return -1;
+	}
+
+
+	data = gcry_sexp_find_token(sig_sexp, "r", 0);
+	if (!data) {
+		return -1;
+	}
+
+	tmp = gcry_sexp_nth_data(data, 1, &size);
+	if (!tmp) {
+		return -1;
+	}
+
+	if (tmp[0] == '\0') {
+		tmp++;
+		size--;
+	}
+
+	if (size != 20) {
+		return -1;
+	}
+
+	memcpy (sig, tmp, 20);
+
+	data = gcry_sexp_find_token(sig_sexp,"s",0);
+	if (!data) {
+		return -1;
+	}
+
+	tmp = gcry_sexp_nth_data(data, 1, &size);
+	if (!tmp) {
+		return -1;
+	}
+
+	if (tmp[0] == '\0') {
+		tmp++;
+		size--;
+	}
+
+	if (size != 20) {
+		return -1;
+	}
+
+	memcpy (sig + 20, tmp, 20);
+
+	return rc;
+}

 int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,
 			     const unsigned char *sig,
@@ -133,15 +446,13 @@ int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx *dsactx,

 	rc = gcry_sexp_build (&s_hash, NULL, "(data(flags raw)(value %b))",
 			      SHA_DIGEST_LENGTH+1, hash);
-	if (rc != 0)
-	{
+	if (rc != 0) {
 		return -1;
 	}

 	rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(dsa(r %b)(s %b)))",
 			      20, sig, 20, sig + 20);
-	if (rc != 0)
-	{
+	if (rc != 0) {
 		gcry_sexp_release (s_hash);
 		return -1;
 	}
@@ -162,34 +473,30 @@ int _libssh2_cipher_init (_libssh2_cipher_ctx *h,
 	int mode = 0, err;
 	int keylen = gcry_cipher_get_algo_keylen (algo);

-	if (algo != GCRY_CIPHER_ARCFOUR)
-	{
+	if (algo != GCRY_CIPHER_ARCFOUR) {
 		mode = GCRY_CIPHER_MODE_CBC;
 	}

 	err = gcry_cipher_open (h, algo, mode, 0);
-	if (err)
-	{
+	if (err) {
 		return -1;
 	}

 	err = gcry_cipher_setkey (*h, secret, keylen);
-	if (err)
-	{
+	if (err) {
 		gcry_cipher_close (*h);
 		return -1;
 	}

-	if (algo != GCRY_CIPHER_ARCFOUR)
-	{
+	if (algo != GCRY_CIPHER_ARCFOUR) {
 		int blklen = gcry_cipher_get_algo_blklen (algo);
 		err = gcry_cipher_setiv (*h, iv, blklen);
-		if (err)
-		{
+		if (err) {
 			gcry_cipher_close (*h);
 			return -1;
 		}
 	}
+
 	return 0;
 }

@@ -205,13 +512,10 @@ int _libssh2_cipher_crypt(_libssh2_cipher_ctx *ctx,
 		blklen = 8;
 	}

-	if (encrypt)
-	{
+	if (encrypt) {
 		err = gcry_cipher_encrypt (*ctx, block, blklen,
 					   block, blklen);
-	}
-	else
-	{
+	} else {
 		err = gcry_cipher_decrypt (*ctx, block, blklen,
 					   block, blklen);
 	}