diff options
Diffstat (limited to 'plugins/MirOTR/Libgcrypt/cipher/ac.c')
-rw-r--r-- | plugins/MirOTR/Libgcrypt/cipher/ac.c | 3301 |
1 files changed, 3301 insertions, 0 deletions
diff --git a/plugins/MirOTR/Libgcrypt/cipher/ac.c b/plugins/MirOTR/Libgcrypt/cipher/ac.c new file mode 100644 index 0000000000..ee9498b23d --- /dev/null +++ b/plugins/MirOTR/Libgcrypt/cipher/ac.c @@ -0,0 +1,3301 @@ +/* ac.c - Alternative interface for asymmetric cryptography. + Copyright (C) 2003, 2004, 2005, 2006 + 2007, 2008 Free Software Foundation, Inc. + + This file is part of Libgcrypt. + + Libgcrypt is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser general Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + Libgcrypt is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#include <config.h> +#include <errno.h> +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <stddef.h> + +#include "g10lib.h" +#include "cipher.h" +#include "mpi.h" + + + +/* At the moment the ac interface is a wrapper around the pk + interface, but this might change somewhen in the future, depending + on how many people prefer the ac interface. */ + +/* Mapping of flag numbers to the according strings as it is expected + for S-expressions. */ +static struct number_string +{ + int number; + const char *string; +} ac_flags[] = + { + { GCRY_AC_FLAG_NO_BLINDING, "no-blinding" }, + }; + +/* The positions in this list correspond to the values contained in + the gcry_ac_key_type_t enumeration list. */ +static const char *ac_key_identifiers[] = + { + "private-key", + "public-key" + }; + +/* These specifications are needed for key-pair generation; the caller + is allowed to pass additional, algorithm-specific `specs' to + gcry_ac_key_pair_generate. This list is used for decoding the + provided values according to the selected algorithm. */ +struct gcry_ac_key_generate_spec +{ + int algorithm; /* Algorithm for which this flag is + relevant. */ + const char *name; /* Name of this flag. */ + size_t offset; /* Offset in the cipher-specific spec + structure at which the MPI value + associated with this flag is to be + found. */ +} ac_key_generate_specs[] = + { + { GCRY_AC_RSA, "rsa-use-e", offsetof (gcry_ac_key_spec_rsa_t, e) }, + { 0 } + }; + +/* Handle structure. */ +struct gcry_ac_handle +{ + int algorithm; /* Algorithm ID associated with this + handle. */ + const char *algorithm_name; /* Name of the algorithm. */ + unsigned int flags; /* Flags, not used yet. */ + gcry_module_t module; /* Reference to the algorithm + module. */ +}; + +/* A named MPI value. */ +typedef struct gcry_ac_mpi +{ + char *name; /* Self-maintained copy of name. */ + gcry_mpi_t mpi; /* MPI value. */ + unsigned int flags; /* Flags. */ +} gcry_ac_mpi_t; + +/* A data set, that is simply a list of named MPI values. */ +struct gcry_ac_data +{ + gcry_ac_mpi_t *data; /* List of named values. */ + unsigned int data_n; /* Number of values in DATA. */ +}; + +/* A single key. */ +struct gcry_ac_key +{ + gcry_ac_data_t data; /* Data in native ac structure. */ + gcry_ac_key_type_t type; /* Type of the key. */ +}; + +/* A key pair. */ +struct gcry_ac_key_pair +{ + gcry_ac_key_t public; + gcry_ac_key_t secret; +}; + + + +/* + * Functions for working with data sets. + */ + +/* Creates a new, empty data set and store it in DATA. */ +gcry_error_t +_gcry_ac_data_new (gcry_ac_data_t *data) +{ + gcry_ac_data_t data_new; + gcry_error_t err; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + data_new = gcry_malloc (sizeof (*data_new)); + if (! data_new) + { + err = gcry_error_from_errno (errno); + goto out; + } + + data_new->data = NULL; + data_new->data_n = 0; + *data = data_new; + err = 0; + + out: + + return err; +} + +/* Destroys all the entries in DATA, but not DATA itself. */ +static void +ac_data_values_destroy (gcry_ac_data_t data) +{ + unsigned int i; + + for (i = 0; i < data->data_n; i++) + if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC) + { + gcry_mpi_release (data->data[i].mpi); + gcry_free (data->data[i].name); + } +} + +/* Destroys the data set DATA. */ +void +_gcry_ac_data_destroy (gcry_ac_data_t data) +{ + if (data) + { + ac_data_values_destroy (data); + gcry_free (data->data); + gcry_free (data); + } +} + +/* This function creates a copy of the array of named MPIs DATA_MPIS, + which is of length DATA_MPIS_N; the copy is stored in + DATA_MPIS_CP. */ +static gcry_error_t +ac_data_mpi_copy (gcry_ac_mpi_t *data_mpis, unsigned int data_mpis_n, + gcry_ac_mpi_t **data_mpis_cp) +{ + gcry_ac_mpi_t *data_mpis_new; + gcry_error_t err; + unsigned int i; + gcry_mpi_t mpi; + char *label; + + data_mpis_new = gcry_malloc (sizeof (*data_mpis_new) * data_mpis_n); + if (! data_mpis_new) + { + err = gcry_error_from_errno (errno); + goto out; + } + memset (data_mpis_new, 0, sizeof (*data_mpis_new) * data_mpis_n); + + err = 0; + for (i = 0; i < data_mpis_n; i++) + { + /* Copy values. */ + + label = gcry_strdup (data_mpis[i].name); + mpi = gcry_mpi_copy (data_mpis[i].mpi); + if (! (label && mpi)) + { + err = gcry_error_from_errno (errno); + gcry_mpi_release (mpi); + gcry_free (label); + break; + } + + data_mpis_new[i].flags = GCRY_AC_FLAG_DEALLOC; + data_mpis_new[i].name = label; + data_mpis_new[i].mpi = mpi; + } + if (err) + goto out; + + *data_mpis_cp = data_mpis_new; + err = 0; + + out: + + if (err) + if (data_mpis_new) + { + for (i = 0; i < data_mpis_n; i++) + { + gcry_mpi_release (data_mpis_new[i].mpi); + gcry_free (data_mpis_new[i].name); + } + gcry_free (data_mpis_new); + } + + return err; +} + +/* Create a copy of the data set DATA and store it in DATA_CP. */ +gcry_error_t +_gcry_ac_data_copy (gcry_ac_data_t *data_cp, gcry_ac_data_t data) +{ + gcry_ac_mpi_t *data_mpis = NULL; + gcry_ac_data_t data_new; + gcry_error_t err; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + /* Allocate data set. */ + data_new = gcry_malloc (sizeof (*data_new)); + if (! data_new) + { + err = gcry_error_from_errno (errno); + goto out; + } + + err = ac_data_mpi_copy (data->data, data->data_n, &data_mpis); + if (err) + goto out; + + data_new->data_n = data->data_n; + data_new->data = data_mpis; + *data_cp = data_new; + + out: + + if (err) + gcry_free (data_new); + + return err; +} + +/* Returns the number of named MPI values inside of the data set + DATA. */ +unsigned int +_gcry_ac_data_length (gcry_ac_data_t data) +{ + return data->data_n; +} + + +/* Add the value MPI to DATA with the label NAME. If FLAGS contains + GCRY_AC_FLAG_COPY, the data set will contain copies of NAME + and MPI. If FLAGS contains GCRY_AC_FLAG_DEALLOC or + GCRY_AC_FLAG_COPY, the values contained in the data set will + be deallocated when they are to be removed from the data set. */ +gcry_error_t +_gcry_ac_data_set (gcry_ac_data_t data, unsigned int flags, + const char *name, gcry_mpi_t mpi) +{ + gcry_error_t err; + gcry_mpi_t mpi_cp; + char *name_cp; + unsigned int i; + + name_cp = NULL; + mpi_cp = NULL; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + if (flags & ~(GCRY_AC_FLAG_DEALLOC | GCRY_AC_FLAG_COPY)) + { + err = gcry_error (GPG_ERR_INV_ARG); + goto out; + } + + if (flags & GCRY_AC_FLAG_COPY) + { + /* Create copies. */ + + flags |= GCRY_AC_FLAG_DEALLOC; + name_cp = gcry_strdup (name); + mpi_cp = gcry_mpi_copy (mpi); + if (! (name_cp && mpi_cp)) + { + err = gcry_error_from_errno (errno); + goto out; + } + } + + /* Search for existing entry. */ + for (i = 0; i < data->data_n; i++) + if (! strcmp (name, data->data[i].name)) + break; + if (i < data->data_n) + { + /* An entry for NAME does already exist. */ + if (data->data[i].flags & GCRY_AC_FLAG_DEALLOC) + { + gcry_mpi_release (data->data[i].mpi); + gcry_free (data->data[i].name); + } + } + else + { + /* Create a new entry. */ + + gcry_ac_mpi_t *ac_mpis; + + ac_mpis = gcry_realloc (data->data, + sizeof (*data->data) * (data->data_n + 1)); + if (! ac_mpis) + { + err = gcry_error_from_errno (errno); + goto out; + } + + if (data->data != ac_mpis) + data->data = ac_mpis; + data->data_n++; + } + + data->data[i].name = name_cp ? name_cp : ((char *) name); + data->data[i].mpi = mpi_cp ? mpi_cp : mpi; + data->data[i].flags = flags; + err = 0; + + out: + + if (err) + { + gcry_mpi_release (mpi_cp); + gcry_free (name_cp); + } + + return err; +} + +/* Stores the value labelled with NAME found in the data set DATA in + MPI. The returned MPI value will be released in case + gcry_ac_data_set is used to associate the label NAME with a + different MPI value. */ +gcry_error_t +_gcry_ac_data_get_name (gcry_ac_data_t data, unsigned int flags, + const char *name, gcry_mpi_t *mpi) +{ + gcry_mpi_t mpi_return; + gcry_error_t err; + unsigned int i; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + if (flags & ~(GCRY_AC_FLAG_COPY)) + { + err = gcry_error (GPG_ERR_INV_ARG); + goto out; + } + + for (i = 0; i < data->data_n; i++) + if (! strcmp (name, data->data[i].name)) + break; + if (i == data->data_n) + { + err = gcry_error (GPG_ERR_NOT_FOUND); + goto out; + } + + if (flags & GCRY_AC_FLAG_COPY) + { + mpi_return = gcry_mpi_copy (data->data[i].mpi); + if (! mpi_return) + { + err = gcry_error_from_errno (errno); /* FIXME? */ + goto out; + } + } + else + mpi_return = data->data[i].mpi; + + *mpi = mpi_return; + err = 0; + + out: + + return err; +} + +/* Stores in NAME and MPI the named MPI value contained in the data + set DATA with the index IDX. NAME or MPI may be NULL. The + returned MPI value will be released in case gcry_ac_data_set is + used to associate the label NAME with a different MPI value. */ +gcry_error_t +_gcry_ac_data_get_index (gcry_ac_data_t data, unsigned int flags, + unsigned int idx, + const char **name, gcry_mpi_t *mpi) +{ + gcry_error_t err; + gcry_mpi_t mpi_cp; + char *name_cp; + + name_cp = NULL; + mpi_cp = NULL; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + if (flags & ~(GCRY_AC_FLAG_COPY)) + { + err = gcry_error (GPG_ERR_INV_ARG); + goto out; + } + + if (idx >= data->data_n) + { + err = gcry_error (GPG_ERR_INV_ARG); + goto out; + } + + if (flags & GCRY_AC_FLAG_COPY) + { + /* Return copies to the user. */ + if (name) + { + name_cp = gcry_strdup (data->data[idx].name); + if (! name_cp) + { + err = gcry_error_from_errno (errno); + goto out; + } + } + if (mpi) + { + mpi_cp = gcry_mpi_copy (data->data[idx].mpi); + if (! mpi_cp) + { + err = gcry_error_from_errno (errno); + goto out; + } + } + } + + if (name) + *name = name_cp ? name_cp : data->data[idx].name; + if (mpi) + *mpi = mpi_cp ? mpi_cp : data->data[idx].mpi; + err = 0; + + out: + + if (err) + { + gcry_mpi_release (mpi_cp); + gcry_free (name_cp); + } + + return err; +} + +/* Convert the data set DATA into a new S-Expression, which is to be + stored in SEXP, according to the identifiers contained in + IDENTIFIERS. */ +gcry_error_t +_gcry_ac_data_to_sexp (gcry_ac_data_t data, gcry_sexp_t *sexp, + const char **identifiers) +{ + gcry_sexp_t sexp_new; + gcry_error_t err; + char *sexp_buffer; + size_t sexp_buffer_n; + size_t identifiers_n; + const char *label; + gcry_mpi_t mpi; + void **arg_list; + size_t data_n; + unsigned int i; + + sexp_buffer_n = 1; + sexp_buffer = NULL; + arg_list = NULL; + err = 0; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + /* Calculate size of S-expression representation. */ + + i = 0; + if (identifiers) + while (identifiers[i]) + { + /* For each identifier, we add "(<IDENTIFIER>)". */ + sexp_buffer_n += 1 + strlen (identifiers[i]) + 1; + i++; + } + identifiers_n = i; + + if (! identifiers_n) + /* If there are NO identifiers, we still add surrounding braces so + that we have a list of named MPI value lists. Otherwise it + wouldn't be too much fun to process these lists. */ + sexp_buffer_n += 2; + + data_n = _gcry_ac_data_length (data); + for (i = 0; i < data_n; i++) + { + err = gcry_ac_data_get_index (data, 0, i, &label, NULL); + if (err) + break; + /* For each MPI we add "(<LABEL> %m)". */ + sexp_buffer_n += 1 + strlen (label) + 4; + } + if (err) + goto out; + + /* Allocate buffer. */ + + sexp_buffer = gcry_malloc (sexp_buffer_n); + if (! sexp_buffer) + { + err = gcry_error_from_errno (errno); + goto out; + } + + /* Fill buffer. */ + + *sexp_buffer = 0; + sexp_buffer_n = 0; + + /* Add identifiers: (<IDENTIFIER0>(<IDENTIFIER1>...)). */ + if (identifiers_n) + { + /* Add nested identifier lists as usual. */ + for (i = 0; i < identifiers_n; i++) + sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, "(%s", + identifiers[i]); + } + else + { + /* Add special list. */ + sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, "("); + } + + /* Add MPI list. */ + arg_list = gcry_malloc (sizeof (*arg_list) * (data_n + 1)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); + goto out; + } + for (i = 0; i < data_n; i++) + { + err = gcry_ac_data_get_index (data, 0, i, &label, &mpi); + if (err) + break; + sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, + "(%s %%m)", label); + arg_list[i] = &data->data[i].mpi; + } + if (err) + goto out; + + if (identifiers_n) + { + /* Add closing braces for identifier lists as usual. */ + for (i = 0; i < identifiers_n; i++) + sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, ")"); + } + else + { + /* Add closing braces for special list. */ + sexp_buffer_n += sprintf (sexp_buffer + sexp_buffer_n, ")"); + } + + /* Construct. */ + err = gcry_sexp_build_array (&sexp_new, NULL, sexp_buffer, arg_list); + if (err) + goto out; + + *sexp = sexp_new; + + out: + + gcry_free (sexp_buffer); + gcry_free (arg_list); + + return err; +} + +/* Create a new data set, which is to be stored in DATA_SET, from the + S-Expression SEXP, according to the identifiers contained in + IDENTIFIERS. */ +gcry_error_t +_gcry_ac_data_from_sexp (gcry_ac_data_t *data_set, gcry_sexp_t sexp, + const char **identifiers) +{ + gcry_ac_data_t data_set_new; + gcry_error_t err; + gcry_sexp_t sexp_cur; + gcry_sexp_t sexp_tmp; + gcry_mpi_t mpi; + char *string; + const char *data; + size_t data_n; + size_t sexp_n; + unsigned int i; + int skip_name; + + data_set_new = NULL; + sexp_cur = sexp; + sexp_tmp = NULL; + string = NULL; + mpi = NULL; + err = 0; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + /* Process S-expression/identifiers. */ + + if (identifiers) + { + for (i = 0; identifiers[i]; i++) + { + /* Next identifier. Extract first data item from + SEXP_CUR. */ + data = gcry_sexp_nth_data (sexp_cur, 0, &data_n); + + if (! ((data_n == strlen (identifiers[i])) + && (! strncmp (data, identifiers[i], data_n)))) + { + /* Identifier mismatch -> error. */ + err = gcry_error (GPG_ERR_INV_SEXP); + break; + } + + /* Identifier matches. Now we have to distinguish two + cases: + + (i) we are at the last identifier: + leave loop + + (ii) we are not at the last identifier: + extract next element, which is supposed to be a + sublist. */ + + if (! identifiers[i + 1]) + /* Last identifier. */ + break; + else + { + /* Not the last identifier, extract next sublist. */ + + sexp_tmp = gcry_sexp_nth (sexp_cur, 1); + if (! sexp_tmp) + { + /* Missing sublist. */ + err = gcry_error (GPG_ERR_INV_SEXP); + break; + } + + /* Release old SEXP_CUR, in case it is not equal to the + original SEXP. */ + if (sexp_cur != sexp) + gcry_sexp_release (sexp_cur); + + /* Make SEXP_CUR point to the new current sublist. */ + sexp_cur = sexp_tmp; + sexp_tmp = NULL; + } + } + if (err) + goto out; + + if (i) + { + /* We have at least one identifier in the list, this means + the the list of named MPI values is prefixed, this means + that we need to skip the first item (the list name), when + processing the MPI values. */ + skip_name = 1; + } + else + { + /* Since there is no identifiers list, the list of named MPI + values is not prefixed with a list name, therefore the + offset to use is zero. */ + skip_name = 0; + } + } + else + /* Since there is no identifiers list, the list of named MPI + values is not prefixed with a list name, therefore the offset + to use is zero. */ + skip_name = 0; + + /* Create data set from S-expression data. */ + + err = gcry_ac_data_new (&data_set_new); + if (err) + goto out; + + /* Figure out amount of named MPIs in SEXP_CUR. */ + if (sexp_cur) + sexp_n = gcry_sexp_length (sexp_cur) - skip_name; + else + sexp_n = 0; + + /* Extracte the named MPIs sequentially. */ + for (i = 0; i < sexp_n; i++) + { + /* Store next S-Expression pair, which is supposed to consist of + a name and an MPI value, in SEXP_TMP. */ + + sexp_tmp = gcry_sexp_nth (sexp_cur, i + skip_name); + if (! sexp_tmp) + { + err = gcry_error (GPG_ERR_INV_SEXP); + break; + } + + /* Extract name from current S-Expression pair. */ + data = gcry_sexp_nth_data (sexp_tmp, 0, &data_n); + string = gcry_malloc (data_n + 1); + if (! string) + { + err = gcry_error_from_errno (errno); + break; + } + memcpy (string, data, data_n); + string[data_n] = 0; + + /* Extract MPI value. */ + mpi = gcry_sexp_nth_mpi (sexp_tmp, 1, 0); + if (! mpi) + { + err = gcry_error (GPG_ERR_INV_SEXP); /* FIXME? */ + break; + } + + /* Store named MPI in data_set_new. */ + err = gcry_ac_data_set (data_set_new, GCRY_AC_FLAG_DEALLOC, string, mpi); + if (err) + break; + +/* gcry_free (string); */ + string = NULL; +/* gcry_mpi_release (mpi); */ + mpi = NULL; + + gcry_sexp_release (sexp_tmp); + sexp_tmp = NULL; + } + if (err) + goto out; + + *data_set = data_set_new; + + out: + + if (sexp_cur != sexp) + gcry_sexp_release (sexp_cur); + gcry_sexp_release (sexp_tmp); + gcry_mpi_release (mpi); + gcry_free (string); + + if (err) + gcry_ac_data_destroy (data_set_new); + + return err; +} + + +static void +_gcry_ac_data_dump (const char *prefix, gcry_ac_data_t data) +{ + unsigned char *mpi_buffer; + size_t mpi_buffer_n; + unsigned int data_n; + gcry_error_t err; + const char *name; + gcry_mpi_t mpi; + unsigned int i; + + if (! data) + return; + + if (fips_mode ()) + return; + + mpi_buffer = NULL; + + data_n = _gcry_ac_data_length (data); + for (i = 0; i < data_n; i++) + { + err = gcry_ac_data_get_index (data, 0, i, &name, &mpi); + if (err) + { + log_error ("failed to dump data set"); + break; + } + + err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &mpi_buffer, &mpi_buffer_n, mpi); + if (err) + { + log_error ("failed to dump data set"); + break; + } + + log_printf ("%s%s%s: %s\n", + prefix ? prefix : "", + prefix ? ": " : "" + , name, mpi_buffer); + + gcry_free (mpi_buffer); + mpi_buffer = NULL; + } + + gcry_free (mpi_buffer); +} + +/* Dump the named MPI values contained in the data set DATA to + Libgcrypt's logging stream. */ +void +gcry_ac_data_dump (const char *prefix, gcry_ac_data_t data) +{ + _gcry_ac_data_dump (prefix, data); +} + +/* Destroys any values contained in the data set DATA. */ +void +_gcry_ac_data_clear (gcry_ac_data_t data) +{ + ac_data_values_destroy (data); + gcry_free (data->data); + data->data = NULL; + data->data_n = 0; +} + + + +/* + * Implementation of `ac io' objects. + */ + +/* Initialize AC_IO according to MODE, TYPE and the variable list of + arguments AP. The list of variable arguments to specify depends on + the given TYPE. */ +void +_gcry_ac_io_init_va (gcry_ac_io_t *ac_io, + gcry_ac_io_mode_t mode, gcry_ac_io_type_t type, va_list ap) +{ + memset (ac_io, 0, sizeof (*ac_io)); + + if (fips_mode ()) + return; + + gcry_assert ((mode == GCRY_AC_IO_READABLE) || (mode == GCRY_AC_IO_WRITABLE)); + gcry_assert ((type == GCRY_AC_IO_STRING) || (type == GCRY_AC_IO_STRING)); + + ac_io->mode = mode; + ac_io->type = type; + + switch (mode) + { + case GCRY_AC_IO_READABLE: + switch (type) + { + case GCRY_AC_IO_STRING: + ac_io->io.readable.string.data = va_arg (ap, unsigned char *); + ac_io->io.readable.string.data_n = va_arg (ap, size_t); + break; + + case GCRY_AC_IO_CALLBACK: + ac_io->io.readable.callback.cb = va_arg (ap, gcry_ac_data_read_cb_t); + ac_io->io.readable.callback.opaque = va_arg (ap, void *); + break; + } + break; + case GCRY_AC_IO_WRITABLE: + switch (type) + { + case GCRY_AC_IO_STRING: + ac_io->io.writable.string.data = va_arg (ap, unsigned char **); + ac_io->io.writable.string.data_n = va_arg (ap, size_t *); + break; + + case GCRY_AC_IO_CALLBACK: + ac_io->io.writable.callback.cb = va_arg (ap, gcry_ac_data_write_cb_t); + ac_io->io.writable.callback.opaque = va_arg (ap, void *); + break; + } + break; + } +} + +/* Initialize AC_IO according to MODE, TYPE and the variable list of + arguments. The list of variable arguments to specify depends on + the given TYPE. */ +void +_gcry_ac_io_init (gcry_ac_io_t *ac_io, + gcry_ac_io_mode_t mode, gcry_ac_io_type_t type, ...) +{ + va_list ap; + + va_start (ap, type); + _gcry_ac_io_init_va (ac_io, mode, type, ap); + va_end (ap); +} + + +/* Write to the IO object AC_IO BUFFER_N bytes from BUFFER. Return + zero on success or error code. */ +static gcry_error_t +_gcry_ac_io_write (gcry_ac_io_t *ac_io, unsigned char *buffer, size_t buffer_n) +{ + gcry_error_t err; + + gcry_assert (ac_io->mode == GCRY_AC_IO_WRITABLE); + err = 0; + + switch (ac_io->type) + { + case GCRY_AC_IO_STRING: + { + unsigned char *p; + + if (*ac_io->io.writable.string.data) + { + p = gcry_realloc (*ac_io->io.writable.string.data, + *ac_io->io.writable.string.data_n + buffer_n); + if (! p) + err = gcry_error_from_errno (errno); + else + { + if (*ac_io->io.writable.string.data != p) + *ac_io->io.writable.string.data = p; + memcpy (p + *ac_io->io.writable.string.data_n, buffer, buffer_n); + *ac_io->io.writable.string.data_n += buffer_n; + } + } + else + { + if (gcry_is_secure (buffer)) + p = gcry_malloc_secure (buffer_n); + else + p = gcry_malloc (buffer_n); + if (! p) + err = gcry_error_from_errno (errno); + else + { + memcpy (p, buffer, buffer_n); + *ac_io->io.writable.string.data = p; + *ac_io->io.writable.string.data_n = buffer_n; + } + } + } + break; + + case GCRY_AC_IO_CALLBACK: + err = (*ac_io->io.writable.callback.cb) (ac_io->io.writable.callback.opaque, + buffer, buffer_n); + break; + } + + return err; +} + +/* Read *BUFFER_N bytes from the IO object AC_IO into BUFFER; NREAD + bytes have already been read from the object; on success, store the + amount of bytes read in *BUFFER_N; zero bytes read means EOF. + Return zero on success or error code. */ +static gcry_error_t +_gcry_ac_io_read (gcry_ac_io_t *ac_io, + unsigned int nread, unsigned char *buffer, size_t *buffer_n) +{ + gcry_error_t err; + + gcry_assert (ac_io->mode == GCRY_AC_IO_READABLE); + err = 0; + + switch (ac_io->type) + { + case GCRY_AC_IO_STRING: + { + size_t bytes_available; + size_t bytes_to_read; + size_t bytes_wanted; + + bytes_available = ac_io->io.readable.string.data_n - nread; + bytes_wanted = *buffer_n; + + if (bytes_wanted > bytes_available) + bytes_to_read = bytes_available; + else + bytes_to_read = bytes_wanted; + + memcpy (buffer, ac_io->io.readable.string.data + nread, bytes_to_read); + *buffer_n = bytes_to_read; + err = 0; + break; + } + + case GCRY_AC_IO_CALLBACK: + err = (*ac_io->io.readable.callback.cb) + (ac_io->io.readable.callback.opaque, buffer, buffer_n); + break; + } + + return err; +} + +/* Read all data available from the IO object AC_IO into newly + allocated memory, storing an appropriate pointer in *BUFFER and the + amount of bytes read in *BUFFER_N. Return zero on success or error + code. */ +static gcry_error_t +_gcry_ac_io_read_all (gcry_ac_io_t *ac_io, unsigned char **buffer, size_t *buffer_n) +{ + unsigned char *buffer_new; + size_t buffer_new_n; + unsigned char buf[BUFSIZ]; + size_t buf_n; + unsigned char *p; + gcry_error_t err; + + buffer_new = NULL; + buffer_new_n = 0; + + while (1) + { + buf_n = sizeof (buf); + err = _gcry_ac_io_read (ac_io, buffer_new_n, buf, &buf_n); + if (err) + break; + + if (buf_n) + { + p = gcry_realloc (buffer_new, buffer_new_n + buf_n); + if (! p) + { + err = gcry_error_from_errno (errno); + break; + } + + if (buffer_new != p) + buffer_new = p; + + memcpy (buffer_new + buffer_new_n, buf, buf_n); + buffer_new_n += buf_n; + } + else + break; + } + if (err) + goto out; + + *buffer_n = buffer_new_n; + *buffer = buffer_new; + + out: + + if (err) + gcry_free (buffer_new); + + return err; +} + +/* Read data chunks from the IO object AC_IO until EOF, feeding them + to the callback function CB. Return zero on success or error + code. */ +static gcry_error_t +_gcry_ac_io_process (gcry_ac_io_t *ac_io, + gcry_ac_data_write_cb_t cb, void *opaque) +{ + unsigned char buffer[BUFSIZ]; + unsigned int nread; + size_t buffer_n; + gcry_error_t err; + + nread = 0; + + while (1) + { + buffer_n = sizeof (buffer); + err = _gcry_ac_io_read (ac_io, nread, buffer, &buffer_n); + if (err) + break; + if (buffer_n) + { + err = (*cb) (opaque, buffer, buffer_n); + if (err) + break; + nread += buffer_n; + } + else + break; + } + + return err; +} + + + +/* + * Functions for converting data between the native ac and the + * S-expression structure used by the pk interface. + */ + +/* Extract the S-Expression DATA_SEXP into DATA under the control of + TYPE and NAME. This function assumes that S-Expressions are of the + following structure: + + (IDENTIFIER [...] + (ALGORITHM <list of named MPI values>)) */ +static gcry_error_t +ac_data_extract (const char *identifier, const char *algorithm, + gcry_sexp_t sexp, gcry_ac_data_t *data) +{ + gcry_error_t err; + gcry_sexp_t value_sexp; + gcry_sexp_t data_sexp; + size_t data_sexp_n; + gcry_mpi_t value_mpi; + char *value_name; + const char *data_raw; + size_t data_raw_n; + gcry_ac_data_t data_new; + unsigned int i; + + value_sexp = NULL; + data_sexp = NULL; + value_name = NULL; + value_mpi = NULL; + data_new = NULL; + + /* Verify that the S-expression contains the correct identifier. */ + data_raw = gcry_sexp_nth_data (sexp, 0, &data_raw_n); + if ((! data_raw) || strncmp (identifier, data_raw, data_raw_n)) + { + err = gcry_error (GPG_ERR_INV_SEXP); + goto out; + } + + /* Extract inner S-expression. */ + data_sexp = gcry_sexp_find_token (sexp, algorithm, 0); + if (! data_sexp) + { + err = gcry_error (GPG_ERR_INV_SEXP); + goto out; + } + + /* Count data elements. */ + data_sexp_n = gcry_sexp_length (data_sexp); + data_sexp_n--; + + /* Allocate new data set. */ + err = _gcry_ac_data_new (&data_new); + if (err) + goto out; + + /* Iterate through list of data elements and add them to the data + set. */ + for (i = 0; i < data_sexp_n; i++) + { + /* Get the S-expression of the named MPI, that contains the name + and the MPI value. */ + value_sexp = gcry_sexp_nth (data_sexp, i + 1); + if (! value_sexp) + { + err = gcry_error (GPG_ERR_INV_SEXP); + break; + } + + /* Extract the name. */ + data_raw = gcry_sexp_nth_data (value_sexp, 0, &data_raw_n); + if (! data_raw) + { + err = gcry_error (GPG_ERR_INV_SEXP); + break; + } + + /* Extract the MPI value. */ + value_mpi = gcry_sexp_nth_mpi (value_sexp, 1, GCRYMPI_FMT_USG); + if (! value_mpi) + { + err = gcry_error (GPG_ERR_INTERNAL); /* FIXME? */ + break; + } + + /* Duplicate the name. */ + value_name = gcry_malloc (data_raw_n + 1); + if (! value_name) + { + err = gcry_error_from_errno (errno); + break; + } + strncpy (value_name, data_raw, data_raw_n); + value_name[data_raw_n] = 0; + + err = _gcry_ac_data_set (data_new, GCRY_AC_FLAG_DEALLOC, value_name, value_mpi); + if (err) + break; + + gcry_sexp_release (value_sexp); + value_sexp = NULL; + value_name = NULL; + value_mpi = NULL; + } + if (err) + goto out; + + /* Copy out. */ + *data = data_new; + + out: + + /* Deallocate resources. */ + if (err) + { + _gcry_ac_data_destroy (data_new); + gcry_mpi_release (value_mpi); + gcry_free (value_name); + gcry_sexp_release (value_sexp); + } + gcry_sexp_release (data_sexp); + + return err; +} + +/* Construct an S-expression from the DATA and store it in + DATA_SEXP. The S-expression will be of the following structure: + + (IDENTIFIER [(flags [...])] + (ALGORITHM <list of named MPI values>)) */ +static gcry_error_t +ac_data_construct (const char *identifier, int include_flags, + unsigned int flags, const char *algorithm, + gcry_ac_data_t data, gcry_sexp_t *sexp) +{ + unsigned int data_length; + gcry_sexp_t sexp_new; + gcry_error_t err; + size_t sexp_format_n; + char *sexp_format; + void **arg_list; + unsigned int i; + + arg_list = NULL; + sexp_new = NULL; + sexp_format = NULL; + + /* We build a list of arguments to pass to + gcry_sexp_build_array(). */ + data_length = _gcry_ac_data_length (data); + arg_list = gcry_malloc (sizeof (*arg_list) * (data_length * 2)); + if (! arg_list) + { + err = gcry_error_from_errno (errno); + goto out; + } + + /* Fill list with MPIs. */ + for (i = 0; i < data_length; i++) + { + char **nameaddr = &data->data[i].name; + + arg_list[(i * 2) + 0] = nameaddr; + arg_list[(i * 2) + 1] = &data->data[i].mpi; + } + + /* Calculate size of format string. */ + sexp_format_n = (3 + + (include_flags ? 7 : 0) + + (algorithm ? (2 + strlen (algorithm)) : 0) + + strlen (identifier)); + + for (i = 0; i < data_length; i++) + /* Per-element sizes. */ + sexp_format_n += 6; + + if (include_flags) + /* Add flags. */ + for (i = 0; i < DIM (ac_flags); i++) + if (flags & ac_flags[i].number) + sexp_format_n += strlen (ac_flags[i].string) + 1; + + /* Done. */ + sexp_format = gcry_malloc (sexp_format_n); + if (! sexp_format) + { + err = gcry_error_from_errno (errno); + goto out; + } + + /* Construct the format string. */ + + *sexp_format = 0; + strcat (sexp_format, "("); + strcat (sexp_format, identifier); + if (include_flags) + { + strcat (sexp_format, "(flags"); + for (i = 0; i < DIM (ac_flags); i++) + if (flags & ac_flags[i].number) + { + strcat (sexp_format, " "); + strcat (sexp_format, ac_flags[i].string); + } + strcat (sexp_format, ")"); + } + if (algorithm) + { + strcat (sexp_format, "("); + strcat (sexp_format, algorithm); + } + for (i = 0; i < data_length; i++) + strcat (sexp_format, "(%s%m)"); + if (algorithm) + strcat (sexp_format, ")"); + strcat (sexp_format, ")"); + + /* Create final S-expression. */ + err = gcry_sexp_build_array (&sexp_new, NULL, sexp_format, arg_list); + if (err) + goto out; + + *sexp = sexp_new; + + out: + + /* Deallocate resources. */ + gcry_free (sexp_format); + gcry_free (arg_list); + if (err) + gcry_sexp_release (sexp_new); + + return err; +} + + + +/* + * Handle management. + */ + +/* Creates a new handle for the algorithm ALGORITHM and stores it in + HANDLE. FLAGS is not used yet. */ +gcry_error_t +_gcry_ac_open (gcry_ac_handle_t *handle, + gcry_ac_id_t algorithm, unsigned int flags) +{ + gcry_ac_handle_t handle_new; + const char *algorithm_name; + gcry_module_t module; + gcry_error_t err; + + *handle = NULL; + module = NULL; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + /* Get name. */ + algorithm_name = _gcry_pk_aliased_algo_name (algorithm); + if (! algorithm_name) + { + err = gcry_error (GPG_ERR_PUBKEY_ALGO); + goto out; + } + + /* Acquire reference to the pubkey module. */ + err = _gcry_pk_module_lookup (algorithm, &module); + if (err) + goto out; + + /* Allocate. */ + handle_new = gcry_malloc (sizeof (*handle_new)); + if (! handle_new) + { + err = gcry_error_from_errno (errno); + goto out; + } + + /* Done. */ + handle_new->algorithm = algorithm; + handle_new->algorithm_name = algorithm_name; + handle_new->flags = flags; + handle_new->module = module; + *handle = handle_new; + + out: + + /* Deallocate resources. */ + if (err) + _gcry_pk_module_release (module); + + return err; +} + + +/* Destroys the handle HANDLE. */ +void +_gcry_ac_close (gcry_ac_handle_t handle) +{ + /* Release reference to pubkey module. */ + if (handle) + { + _gcry_pk_module_release (handle->module); + gcry_free (handle); + } +} + + + +/* + * Key management. + */ + +/* Initialize a key from a given data set. */ +/* FIXME/Damn: the argument HANDLE is not only unnecessary, it is + completely WRONG here. */ +gcry_error_t +_gcry_ac_key_init (gcry_ac_key_t *key, gcry_ac_handle_t handle, + gcry_ac_key_type_t type, gcry_ac_data_t data) +{ + gcry_ac_data_t data_new; + gcry_ac_key_t key_new; + gcry_error_t err; + + (void)handle; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + /* Allocate. */ + key_new = gcry_malloc (sizeof (*key_new)); + if (! key_new) + { + err = gcry_error_from_errno (errno); + goto out; + } + + /* Copy data set. */ + err = _gcry_ac_data_copy (&data_new, data); + if (err) + goto out; + + /* Done. */ + key_new->data = data_new; + key_new->type = type; + *key = key_new; + + out: + + if (err) + /* Deallocate resources. */ + gcry_free (key_new); + + return err; +} + + +/* Generates a new key pair via the handle HANDLE of NBITS bits and + stores it in KEY_PAIR. In case non-standard settings are wanted, a + pointer to a structure of type gcry_ac_key_spec_<algorithm>_t, + matching the selected algorithm, can be given as KEY_SPEC. + MISC_DATA is not used yet. */ +gcry_error_t +_gcry_ac_key_pair_generate (gcry_ac_handle_t handle, unsigned int nbits, + void *key_spec, + gcry_ac_key_pair_t *key_pair, + gcry_mpi_t **misc_data) +{ + gcry_sexp_t genkey_sexp_request; + gcry_sexp_t genkey_sexp_reply; + gcry_ac_data_t key_data_secret; + gcry_ac_data_t key_data_public; + gcry_ac_key_pair_t key_pair_new; + gcry_ac_key_t key_secret; + gcry_ac_key_t key_public; + gcry_sexp_t key_sexp; + gcry_error_t err; + char *genkey_format; + size_t genkey_format_n; + void **arg_list; + size_t arg_list_n; + unsigned int i; + unsigned int j; + + (void)misc_data; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + key_data_secret = NULL; + key_data_public = NULL; + key_secret = NULL; + key_public = NULL; + genkey_format = NULL; + arg_list = NULL; + genkey_sexp_request = NULL; + genkey_sexp_reply = NULL; + key_sexp = NULL; + + /* Allocate key pair. */ + key_pair_new = gcry_malloc (sizeof (struct gcry_ac_key_pair)); + if (! key_pair_new) + { + err = gcry_error_from_errno (errno); + goto out; + } + + /* Allocate keys. */ + key_secret = gcry_malloc (sizeof (*key_secret)); + if (! key_secret) + { + err = gcry_error_from_errno (errno); + goto out; + } + key_public = gcry_malloc (sizeof (*key_public)); + if (! key_public) + { + err = gcry_error_from_errno (errno); + goto out; + } + + /* Calculate size of the format string, that is used for creating + the request S-expression. */ + genkey_format_n = 22; + + /* Respect any relevant algorithm specific commands. */ + if (key_spec) + for (i = 0; i < DIM (ac_key_generate_specs); i++) + if (handle->algorithm == ac_key_generate_specs[i].algorithm) + genkey_format_n += 6; + + /* Create format string. */ + genkey_format = gcry_malloc (genkey_format_n); + if (! genkey_format) + { + err = gcry_error_from_errno (errno); + goto out; + } + + /* Fill format string. */ + *genkey_format = 0; + strcat (genkey_format, "(genkey(%s(nbits%d)"); + if (key_spec) + for (i = 0; i < DIM (ac_key_generate_specs); i++) + if (handle->algorithm == ac_key_generate_specs[i].algorithm) + strcat (genkey_format, "(%s%m)"); + strcat (genkey_format, "))"); + + /* Build list of argument pointers, the algorithm name and the nbits + are always needed. */ + arg_list_n = 2; + + /* Now the algorithm specific arguments. */ + if (key_spec) + for (i = 0; i < DIM (ac_key_generate_specs); i++) + if (handle->algorithm == ac_key_generate_specs[i].algorithm) + arg_list_n += 2; + + /* Allocate list. */ + arg_list = gcry_malloc (sizeof (*arg_list) * arg_list_n); + if (! arg_list) + { + err = gcry_error_from_errno (errno); + goto out; + } + + arg_list[0] = (void *) &handle->algorithm_name; + arg_list[1] = (void *) &nbits; + if (key_spec) + for (j = 2, i = 0; i < DIM (ac_key_generate_specs); i++) + if (handle->algorithm == ac_key_generate_specs[i].algorithm) + { + /* Add name of this specification flag and the + according member of the spec strucuture. */ + arg_list[j++] = (void *)(&ac_key_generate_specs[i].name); + arg_list[j++] = (void *) + (((char *) key_spec) + + ac_key_generate_specs[i].offset); + /* FIXME: above seems to suck. */ + } + + /* Construct final request S-expression. */ + err = gcry_sexp_build_array (&genkey_sexp_request, + NULL, genkey_format, arg_list); + if (err) + goto out; + + /* Perform genkey operation. */ + err = gcry_pk_genkey (&genkey_sexp_reply, genkey_sexp_request); + if (err) + goto out; + + key_sexp = gcry_sexp_find_token (genkey_sexp_reply, "private-key", 0); + if (! key_sexp) + { + err = gcry_error (GPG_ERR_INTERNAL); + goto out; + } + err = ac_data_extract ("private-key", handle->algorithm_name, + key_sexp, &key_data_secret); + if (err) + goto out; + + gcry_sexp_release (key_sexp); + key_sexp = gcry_sexp_find_token (genkey_sexp_reply, "public-key", 0); + if (! key_sexp) + { + err = gcry_error (GPG_ERR_INTERNAL); + goto out; + } + err = ac_data_extract ("public-key", handle->algorithm_name, + key_sexp, &key_data_public); + if (err) + goto out; + + /* Done. */ + + key_secret->type = GCRY_AC_KEY_SECRET; + key_secret->data = key_data_secret; + key_public->type = GCRY_AC_KEY_PUBLIC; + key_public->data = key_data_public; + key_pair_new->secret = key_secret; + key_pair_new->public = key_public; + *key_pair = key_pair_new; + + out: + + /* Deallocate resources. */ + + gcry_free (genkey_format); + gcry_free (arg_list); + gcry_sexp_release (genkey_sexp_request); + gcry_sexp_release (genkey_sexp_reply); + gcry_sexp_release (key_sexp); + if (err) + { + _gcry_ac_data_destroy (key_data_secret); + _gcry_ac_data_destroy (key_data_public); + gcry_free (key_secret); + gcry_free (key_public); + gcry_free (key_pair_new); + } + + return err; +} + +/* Returns the key of type WHICH out of the key pair KEY_PAIR. */ +gcry_ac_key_t +_gcry_ac_key_pair_extract (gcry_ac_key_pair_t key_pair, + gcry_ac_key_type_t which) +{ + gcry_ac_key_t key; + + if (fips_mode ()) + return NULL; + + switch (which) + { + case GCRY_AC_KEY_SECRET: + key = key_pair->secret; + break; + + case GCRY_AC_KEY_PUBLIC: + key = key_pair->public; + break; + + default: + key = NULL; + break; + } + + return key; +} + +/* Destroys the key KEY. */ +void +_gcry_ac_key_destroy (gcry_ac_key_t key) +{ + unsigned int i; + + if (key) + { + if (key->data) + { + for (i = 0; i < key->data->data_n; i++) + { + if (key->data->data[i].mpi) + gcry_mpi_release (key->data->data[i].mpi); + if (key->data->data[i].name) + gcry_free (key->data->data[i].name); + } + gcry_free (key->data->data); + gcry_free (key->data); + } + gcry_free (key); + } +} + +/* Destroys the key pair KEY_PAIR. */ +void +_gcry_ac_key_pair_destroy (gcry_ac_key_pair_t key_pair) +{ + if (key_pair) + { + gcry_ac_key_destroy (key_pair->secret); + gcry_ac_key_destroy (key_pair->public); + gcry_free (key_pair); + } +} + +/* Returns the data set contained in the key KEY. */ +gcry_ac_data_t +_gcry_ac_key_data_get (gcry_ac_key_t key) +{ + if (fips_mode ()) + return NULL; + return key->data; +} + +/* Verifies that the key KEY is sane via HANDLE. */ +gcry_error_t +_gcry_ac_key_test (gcry_ac_handle_t handle, gcry_ac_key_t key) +{ + gcry_sexp_t key_sexp; + gcry_error_t err; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + key_sexp = NULL; + err = ac_data_construct (ac_key_identifiers[key->type], 0, 0, + handle->algorithm_name, key->data, &key_sexp); + if (err) + goto out; + + err = gcry_pk_testkey (key_sexp); + + out: + + gcry_sexp_release (key_sexp); + + return gcry_error (err); +} + +/* Stores the number of bits of the key KEY in NBITS via HANDLE. */ +gcry_error_t +_gcry_ac_key_get_nbits (gcry_ac_handle_t handle, + gcry_ac_key_t key, unsigned int *nbits) +{ + gcry_sexp_t key_sexp; + gcry_error_t err; + unsigned int n; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + key_sexp = NULL; + + err = ac_data_construct (ac_key_identifiers[key->type], + 0, 0, handle->algorithm_name, key->data, &key_sexp); + if (err) + goto out; + + n = gcry_pk_get_nbits (key_sexp); + if (! n) + { + err = gcry_error (GPG_ERR_PUBKEY_ALGO); + goto out; + } + + *nbits = n; + + out: + + gcry_sexp_release (key_sexp); + + return err; +} + +/* Writes the 20 byte long key grip of the key KEY to KEY_GRIP via + HANDLE. */ +gcry_error_t +_gcry_ac_key_get_grip (gcry_ac_handle_t handle, + gcry_ac_key_t key, unsigned char *key_grip) +{ + gcry_sexp_t key_sexp; + gcry_error_t err; + unsigned char *ret; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + key_sexp = NULL; + err = ac_data_construct (ac_key_identifiers[key->type], 0, 0, + handle->algorithm_name, key->data, &key_sexp); + if (err) + goto out; + + ret = gcry_pk_get_keygrip (key_sexp, key_grip); + if (! ret) + { + err = gcry_error (GPG_ERR_INV_OBJ); + goto out; + } + + err = 0; + + out: + + gcry_sexp_release (key_sexp); + + return err; +} + + + + +/* + * Functions performing cryptographic operations. + */ + +/* Encrypts the plain text MPI value DATA_PLAIN with the key public + KEY under the control of the flags FLAGS and stores the resulting + data set into DATA_ENCRYPTED. */ +gcry_error_t +_gcry_ac_data_encrypt (gcry_ac_handle_t handle, + unsigned int flags, + gcry_ac_key_t key, + gcry_mpi_t data_plain, + gcry_ac_data_t *data_encrypted) +{ + gcry_ac_data_t data_encrypted_new; + gcry_ac_data_t data_value; + gcry_sexp_t sexp_request; + gcry_sexp_t sexp_reply; + gcry_sexp_t sexp_key; + gcry_error_t err; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + data_encrypted_new = NULL; + sexp_request = NULL; + sexp_reply = NULL; + data_value = NULL; + sexp_key = NULL; + + if (key->type != GCRY_AC_KEY_PUBLIC) + { + err = gcry_error (GPG_ERR_WRONG_KEY_USAGE); + goto out; + } + + err = ac_data_construct (ac_key_identifiers[key->type], 0, 0, + handle->algorithm_name, key->data, &sexp_key); + if (err) + goto out; + + err = _gcry_ac_data_new (&data_value); + if (err) + goto out; + + err = _gcry_ac_data_set (data_value, 0, "value", data_plain); + if (err) + goto out; + + err = ac_data_construct ("data", 1, flags, handle->algorithm_name, + data_value, &sexp_request); + if (err) + goto out; + + /* FIXME: error vs. errcode? */ + + err = gcry_pk_encrypt (&sexp_reply, sexp_request, sexp_key); + if (err) + goto out; + + /* Extract data. */ + err = ac_data_extract ("enc-val", handle->algorithm_name, + sexp_reply, &data_encrypted_new); + if (err) + goto out; + + *data_encrypted = data_encrypted_new; + + out: + + /* Deallocate resources. */ + + gcry_sexp_release (sexp_request); + gcry_sexp_release (sexp_reply); + gcry_sexp_release (sexp_key); + _gcry_ac_data_destroy (data_value); + + return err; +} + +/* Decrypts the encrypted data contained in the data set + DATA_ENCRYPTED with the secret key KEY under the control of the + flags FLAGS and stores the resulting plain text MPI value in + DATA_PLAIN. */ +gcry_error_t +_gcry_ac_data_decrypt (gcry_ac_handle_t handle, + unsigned int flags, + gcry_ac_key_t key, + gcry_mpi_t *data_plain, + gcry_ac_data_t data_encrypted) +{ + gcry_mpi_t data_decrypted; + gcry_sexp_t sexp_request; + gcry_sexp_t sexp_reply; + gcry_sexp_t sexp_value; + gcry_sexp_t sexp_key; + gcry_error_t err; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + sexp_request = NULL; + sexp_reply = NULL; + sexp_value = NULL; + sexp_key = NULL; + + if (key->type != GCRY_AC_KEY_SECRET) + { + err = gcry_error (GPG_ERR_WRONG_KEY_USAGE); + goto out; + } + + err = ac_data_construct (ac_key_identifiers[key->type], 0, 0, + handle->algorithm_name, key->data, &sexp_key); + if (err) + goto out; + + /* Create S-expression from data. */ + err = ac_data_construct ("enc-val", 1, flags, handle->algorithm_name, + data_encrypted, &sexp_request); + if (err) + goto out; + + /* Decrypt. */ + err = gcry_pk_decrypt (&sexp_reply, sexp_request, sexp_key); + if (err) + goto out; + + /* Extract plain text. */ + sexp_value = gcry_sexp_find_token (sexp_reply, "value", 0); + if (! sexp_value) + { + /* FIXME? */ + err = gcry_error (GPG_ERR_GENERAL); + goto out; + } + + data_decrypted = gcry_sexp_nth_mpi (sexp_value, 1, GCRYMPI_FMT_USG); + if (! data_decrypted) + { + err = gcry_error (GPG_ERR_GENERAL); + goto out; + } + + *data_plain = data_decrypted; + + out: + + /* Deallocate resources. */ + gcry_sexp_release (sexp_request); + gcry_sexp_release (sexp_reply); + gcry_sexp_release (sexp_value); + gcry_sexp_release (sexp_key); + + return gcry_error (err); + +} + +/* Signs the data contained in DATA with the secret key KEY and stores + the resulting signature data set in DATA_SIGNATURE. */ +gcry_error_t +_gcry_ac_data_sign (gcry_ac_handle_t handle, + gcry_ac_key_t key, + gcry_mpi_t data, + gcry_ac_data_t *data_signature) +{ + gcry_ac_data_t data_signed; + gcry_ac_data_t data_value; + gcry_sexp_t sexp_request; + gcry_sexp_t sexp_reply; + gcry_sexp_t sexp_key; + gcry_error_t err; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + data_signed = NULL; + data_value = NULL; + sexp_request = NULL; + sexp_reply = NULL; + sexp_key = NULL; + + if (key->type != GCRY_AC_KEY_SECRET) + { + err = gcry_error (GPG_ERR_WRONG_KEY_USAGE); + goto out; + } + + err = ac_data_construct (ac_key_identifiers[key->type], 0, 0, + handle->algorithm_name, key->data, &sexp_key); + if (err) + goto out; + + err = _gcry_ac_data_new (&data_value); + if (err) + goto out; + + err = _gcry_ac_data_set (data_value, 0, "value", data); + if (err) + goto out; + + /* Create S-expression holding the data. */ + err = ac_data_construct ("data", 1, 0, NULL, data_value, &sexp_request); + if (err) + goto out; + + /* Sign. */ + err = gcry_pk_sign (&sexp_reply, sexp_request, sexp_key); + if (err) + goto out; + + /* Extract data. */ + err = ac_data_extract ("sig-val", handle->algorithm_name, + sexp_reply, &data_signed); + if (err) + goto out; + + /* Done. */ + *data_signature = data_signed; + + out: + + gcry_sexp_release (sexp_request); + gcry_sexp_release (sexp_reply); + gcry_sexp_release (sexp_key); + _gcry_ac_data_destroy (data_value); + + return gcry_error (err); +} + + +/* Verifies that the signature contained in the data set + DATA_SIGNATURE is indeed the result of signing the data contained + in DATA with the secret key belonging to the public key KEY. */ +gcry_error_t +_gcry_ac_data_verify (gcry_ac_handle_t handle, + gcry_ac_key_t key, + gcry_mpi_t data, + gcry_ac_data_t data_signature) +{ + gcry_sexp_t sexp_signature; + gcry_ac_data_t data_value; + gcry_sexp_t sexp_data; + gcry_sexp_t sexp_key; + gcry_error_t err; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + sexp_signature = NULL; + data_value = NULL; + sexp_data = NULL; + sexp_key = NULL; + + err = ac_data_construct ("public-key", 0, 0, + handle->algorithm_name, key->data, &sexp_key); + if (err) + goto out; + + if (key->type != GCRY_AC_KEY_PUBLIC) + { + err = gcry_error (GPG_ERR_WRONG_KEY_USAGE); + goto out; + } + + /* Construct S-expression holding the signature data. */ + err = ac_data_construct ("sig-val", 1, 0, handle->algorithm_name, + data_signature, &sexp_signature); + if (err) + goto out; + + err = _gcry_ac_data_new (&data_value); + if (err) + goto out; + + err = _gcry_ac_data_set (data_value, 0, "value", data); + if (err) + goto out; + + /* Construct S-expression holding the data. */ + err = ac_data_construct ("data", 1, 0, NULL, data_value, &sexp_data); + if (err) + goto out; + + /* Verify signature. */ + err = gcry_pk_verify (sexp_signature, sexp_data, sexp_key); + + out: + + gcry_sexp_release (sexp_signature); + gcry_sexp_release (sexp_data); + gcry_sexp_release (sexp_key); + _gcry_ac_data_destroy (data_value); + + return gcry_error (err); +} + + + + +/* + * Implementation of encoding methods (em). + */ + +/* Type for functions that encode or decode (hence the name) a + message. */ +typedef gcry_error_t (*gcry_ac_em_dencode_t) (unsigned int flags, + void *options, + gcry_ac_io_t *ac_io_read, + gcry_ac_io_t *ac_io_write); + +/* Fill the buffer BUFFER which is BUFFER_N bytes long with non-zero + random bytes of random level LEVEL. */ +static void +em_randomize_nonzero (unsigned char *buffer, size_t buffer_n, + gcry_random_level_t level) +{ + unsigned char *buffer_rand; + unsigned int buffer_rand_n; + unsigned int zeros; + unsigned int i; + unsigned int j; + + for (i = 0; i < buffer_n; i++) + buffer[i] = 0; + + do + { + /* Count zeros. */ + for (i = zeros = 0; i < buffer_n; i++) + if (! buffer[i]) + zeros++; + + if (zeros) + { + /* Get random bytes. */ + buffer_rand_n = zeros + (zeros / 128); + buffer_rand = gcry_random_bytes_secure (buffer_rand_n, level); + + /* Substitute zeros with non-zero random bytes. */ + for (i = j = 0; zeros && (i < buffer_n) && (j < buffer_rand_n); i++) + if (! buffer[i]) + { + while ((j < buffer_rand_n) && (! buffer_rand[j])) + j++; + if (j < buffer_rand_n) + { + buffer[i] = buffer_rand[j++]; + zeros--; + } + else + break; + } + gcry_free (buffer_rand); + } + } + while (zeros); +} + +/* Encode a message according to the Encoding Method for Encryption + `PKCS-V1_5' (EME-PKCS-V1_5). */ +static gcry_error_t +eme_pkcs_v1_5_encode (unsigned int flags, void *opts, + gcry_ac_io_t *ac_io_read, + gcry_ac_io_t *ac_io_write) +{ + gcry_ac_eme_pkcs_v1_5_t *options; + gcry_error_t err; + unsigned char *buffer; + unsigned char *ps; + unsigned char *m; + size_t m_n; + unsigned int ps_n; + unsigned int k; + + (void)flags; + + options = opts; + buffer = NULL; + m = NULL; + + err = _gcry_ac_io_read_all (ac_io_read, &m, &m_n); + if (err) + goto out; + + /* Figure out key length in bytes. */ + k = options->key_size / 8; + + if (m_n > k - 11) + { + /* Key is too short for message. */ + err = gcry_error (GPG_ERR_TOO_SHORT); + goto out; + } + + /* According to this encoding method, the first byte of the encoded + message is zero. This byte will be lost anyway, when the encoded + message is to be converted into an MPI, that's why we skip + it. */ + + /* Allocate buffer. */ + buffer = gcry_malloc (k - 1); + if (! buffer) + { + err = gcry_error_from_errno (errno); + goto out; + } + + /* Generate an octet string PS of length k - mLen - 3 consisting + of pseudorandomly generated nonzero octets. The length of PS + will be at least eight octets. */ + ps_n = k - m_n - 3; + ps = buffer + 1; + em_randomize_nonzero (ps, ps_n, GCRY_STRONG_RANDOM); + + /* Concatenate PS, the message M, and other padding to form an + encoded message EM of length k octets as: + + EM = 0x00 || 0x02 || PS || 0x00 || M. */ + + buffer[0] = 0x02; + buffer[ps_n + 1] = 0x00; + memcpy (buffer + ps_n + 2, m, m_n); + + err = _gcry_ac_io_write (ac_io_write, buffer, k - 1); + + out: + + gcry_free (buffer); + gcry_free (m); + + return err; +} + +/* Decode a message according to the Encoding Method for Encryption + `PKCS-V1_5' (EME-PKCS-V1_5). */ +static gcry_error_t +eme_pkcs_v1_5_decode (unsigned int flags, void *opts, + gcry_ac_io_t *ac_io_read, + gcry_ac_io_t *ac_io_write) +{ + gcry_ac_eme_pkcs_v1_5_t *options; + unsigned char *buffer; + unsigned char *em; + size_t em_n; + gcry_error_t err; + unsigned int i; + unsigned int k; + + (void)flags; + + options = opts; + buffer = NULL; + em = NULL; + + err = _gcry_ac_io_read_all (ac_io_read, &em, &em_n); + if (err) + goto out; + + /* Figure out key size. */ + k = options->key_size / 8; + + /* Search for zero byte. */ + for (i = 0; (i < em_n) && em[i]; i++); + + /* According to this encoding method, the first byte of the encoded + message should be zero. This byte is lost. */ + + if (! ((em_n >= 10) + && (em_n == (k - 1)) + && (em[0] == 0x02) + && (i < em_n) + && ((i - 1) >= 8))) + { + err = gcry_error (GPG_ERR_DECRYPT_FAILED); + goto out; + } + + i++; + buffer = gcry_malloc (em_n - i); + if (! buffer) + { + err = gcry_error_from_errno (errno); + goto out; + } + + memcpy (buffer, em + i, em_n - i); + err = _gcry_ac_io_write (ac_io_write, buffer, em_n - i); + + out: + + gcry_free (buffer); + gcry_free (em); + + return err; +} + +static gcry_error_t +emsa_pkcs_v1_5_encode_data_cb (void *opaque, + unsigned char *buffer, size_t buffer_n) +{ + gcry_md_hd_t md_handle; + + md_handle = opaque; + gcry_md_write (md_handle, buffer, buffer_n); + + return 0; +} + + +/* Encode a message according to the Encoding Method for Signatures + with Appendix `PKCS-V1_5' (EMSA-PKCS-V1_5). */ +static gcry_error_t +emsa_pkcs_v1_5_encode (unsigned int flags, void *opts, + gcry_ac_io_t *ac_io_read, + gcry_ac_io_t *ac_io_write) +{ + gcry_ac_emsa_pkcs_v1_5_t *options; + gcry_error_t err; + gcry_md_hd_t md; + unsigned char *t; + size_t t_n; + unsigned char *h; + size_t h_n; + unsigned char *ps; + size_t ps_n; + unsigned char *buffer; + size_t buffer_n; + unsigned char asn[100]; /* FIXME, always enough? */ + size_t asn_n; + unsigned int i; + + (void)flags; + + options = opts; + buffer = NULL; + md = NULL; + ps = NULL; + t = NULL; + + /* Create hashing handle and get the necessary information. */ + err = gcry_md_open (&md, options->md, 0); + if (err) + goto out; + + asn_n = DIM (asn); + err = gcry_md_algo_info (options->md, GCRYCTL_GET_ASNOID, asn, &asn_n); + if (err) + goto out; + + h_n = gcry_md_get_algo_dlen (options->md); + + err = _gcry_ac_io_process (ac_io_read, emsa_pkcs_v1_5_encode_data_cb, md); + if (err) + goto out; + + h = gcry_md_read (md, 0); + + /* Encode the algorithm ID for the hash function and the hash value + into an ASN.1 value of type DigestInfo with the Distinguished + Encoding Rules (DER), where the type DigestInfo has the syntax: + + DigestInfo ::== SEQUENCE { + digestAlgorithm AlgorithmIdentifier, + digest OCTET STRING + } + + The first field identifies the hash function and the second + contains the hash value. Let T be the DER encoding of the + DigestInfo value and let tLen be the length in octets of T. */ + + t_n = asn_n + h_n; + t = gcry_malloc (t_n); + if (! t) + { + err = gcry_error_from_errno (errno); + goto out; + } + + for (i = 0; i < asn_n; i++) + t[i] = asn[i]; + for (i = 0; i < h_n; i++) + t[asn_n + i] = h[i]; + + /* If emLen < tLen + 11, output "intended encoded message length + too short" and stop. */ + if (options->em_n < t_n + 11) + { + err = gcry_error (GPG_ERR_TOO_SHORT); + goto out; + } + + /* Generate an octet string PS consisting of emLen - tLen - 3 octets + with hexadecimal value 0xFF. The length of PS will be at least 8 + octets. */ + ps_n = options->em_n - t_n - 3; + ps = gcry_malloc (ps_n); + if (! ps) + { + err = gcry_error_from_errno (errno); + goto out; + } + for (i = 0; i < ps_n; i++) + ps[i] = 0xFF; + + /* Concatenate PS, the DER encoding T, and other padding to form the + encoded message EM as: + + EM = 0x00 || 0x01 || PS || 0x00 || T. */ + + buffer_n = ps_n + t_n + 3; + buffer = gcry_malloc (buffer_n); + if (! buffer) + { + err = gcry_error_from_errno (errno); + goto out; + } + + buffer[0] = 0x00; + buffer[1] = 0x01; + for (i = 0; i < ps_n; i++) + buffer[2 + i] = ps[i]; + buffer[2 + ps_n] = 0x00; + for (i = 0; i < t_n; i++) + buffer[3 + ps_n + i] = t[i]; + + err = _gcry_ac_io_write (ac_io_write, buffer, buffer_n); + + out: + + gcry_md_close (md); + + gcry_free (buffer); + gcry_free (ps); + gcry_free (t); + + return err; +} + +/* `Actions' for data_dencode(). */ +typedef enum dencode_action + { + DATA_ENCODE, + DATA_DECODE, + } +dencode_action_t; + +/* Encode or decode a message according to the the encoding method + METHOD; ACTION specifies wether the message that is contained in + BUFFER_IN and of length BUFFER_IN_N should be encoded or decoded. + The resulting message will be stored in a newly allocated buffer in + BUFFER_OUT and BUFFER_OUT_N. */ +static gcry_error_t +ac_data_dencode (gcry_ac_em_t method, dencode_action_t action, + unsigned int flags, void *options, + gcry_ac_io_t *ac_io_read, + gcry_ac_io_t *ac_io_write) +{ + struct + { + gcry_ac_em_t method; + gcry_ac_em_dencode_t encode; + gcry_ac_em_dencode_t decode; + } methods[] = + { + { GCRY_AC_EME_PKCS_V1_5, + eme_pkcs_v1_5_encode, eme_pkcs_v1_5_decode }, + { GCRY_AC_EMSA_PKCS_V1_5, + emsa_pkcs_v1_5_encode, NULL }, + }; + size_t methods_n; + gcry_error_t err; + unsigned int i; + + methods_n = sizeof (methods) / sizeof (*methods); + + for (i = 0; i < methods_n; i++) + if (methods[i].method == method) + break; + if (i == methods_n) + { + err = gcry_error (GPG_ERR_NOT_FOUND); /* FIXME? */ + goto out; + } + + err = 0; + switch (action) + { + case DATA_ENCODE: + if (methods[i].encode) + /* FIXME? */ + err = (*methods[i].encode) (flags, options, ac_io_read, ac_io_write); + break; + + case DATA_DECODE: + if (methods[i].decode) + /* FIXME? */ + err = (*methods[i].decode) (flags, options, ac_io_read, ac_io_write); + break; + + default: + err = gcry_error (GPG_ERR_INV_ARG); + break; + } + + out: + + return err; +} + +/* Encode a message according to the encoding method METHOD. OPTIONS + must be a pointer to a method-specific structure + (gcry_ac_em*_t). */ +gcry_error_t +_gcry_ac_data_encode (gcry_ac_em_t method, + unsigned int flags, void *options, + gcry_ac_io_t *ac_io_read, + gcry_ac_io_t *ac_io_write) +{ + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + return ac_data_dencode (method, DATA_ENCODE, flags, options, + ac_io_read, ac_io_write); +} + +/* Dencode a message according to the encoding method METHOD. OPTIONS + must be a pointer to a method-specific structure + (gcry_ac_em*_t). */ +gcry_error_t +_gcry_ac_data_decode (gcry_ac_em_t method, + unsigned int flags, void *options, + gcry_ac_io_t *ac_io_read, + gcry_ac_io_t *ac_io_write) +{ + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + return ac_data_dencode (method, DATA_DECODE, flags, options, + ac_io_read, ac_io_write); +} + +/* Convert an MPI into an octet string. */ +void +_gcry_ac_mpi_to_os (gcry_mpi_t mpi, unsigned char *os, size_t os_n) +{ + unsigned long digit; + gcry_mpi_t base; + unsigned int i; + unsigned int n; + gcry_mpi_t m; + gcry_mpi_t d; + + if (fips_mode ()) + return; + + base = gcry_mpi_new (0); + gcry_mpi_set_ui (base, 256); + + n = 0; + m = gcry_mpi_copy (mpi); + while (gcry_mpi_cmp_ui (m, 0)) + { + n++; + gcry_mpi_div (m, NULL, m, base, 0); + } + + gcry_mpi_set (m, mpi); + d = gcry_mpi_new (0); + for (i = 0; (i < n) && (i < os_n); i++) + { + gcry_mpi_mod (d, m, base); + _gcry_mpi_get_ui (d, &digit); + gcry_mpi_div (m, NULL, m, base, 0); + os[os_n - i - 1] = (digit & 0xFF); + } + + for (; i < os_n; i++) + os[os_n - i - 1] = 0; + + gcry_mpi_release (base); + gcry_mpi_release (d); + gcry_mpi_release (m); +} + +/* Convert an MPI into an newly allocated octet string. */ +gcry_error_t +_gcry_ac_mpi_to_os_alloc (gcry_mpi_t mpi, unsigned char **os, size_t *os_n) +{ + unsigned char *buffer; + size_t buffer_n; + gcry_error_t err; + unsigned int nbits; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + nbits = gcry_mpi_get_nbits (mpi); + buffer_n = (nbits + 7) / 8; + buffer = gcry_malloc (buffer_n); + if (! buffer) + { + err = gcry_error_from_errno (errno); + goto out; + } + + _gcry_ac_mpi_to_os (mpi, buffer, buffer_n); + *os = buffer; + *os_n = buffer_n; + err = 0; + + out: + + return err; +} + + +/* Convert an octet string into an MPI. */ +void +_gcry_ac_os_to_mpi (gcry_mpi_t mpi, unsigned char *os, size_t os_n) +{ + unsigned int i; + gcry_mpi_t xi; + gcry_mpi_t x; + gcry_mpi_t a; + + if (fips_mode ()) + return; + + a = gcry_mpi_new (0); + gcry_mpi_set_ui (a, 1); + x = gcry_mpi_new (0); + gcry_mpi_set_ui (x, 0); + xi = gcry_mpi_new (0); + + for (i = 0; i < os_n; i++) + { + gcry_mpi_mul_ui (xi, a, os[os_n - i - 1]); + gcry_mpi_add (x, x, xi); + gcry_mpi_mul_ui (a, a, 256); + } + + gcry_mpi_release (xi); + gcry_mpi_release (a); + + gcry_mpi_set (mpi, x); + gcry_mpi_release (x); /* FIXME: correct? */ +} + + + +/* + * Implementation of Encryption Schemes (ES) and Signature Schemes + * with Appendix (SSA). + */ + +/* Schemes consist of two things: encoding methods and cryptographic + primitives. + + Since encoding methods are accessible through a common API with + method-specific options passed as an anonymous struct, schemes have + to provide functions that construct this method-specific structure; + this is what the functions of type `gcry_ac_dencode_prepare_t' are + there for. */ + +typedef gcry_error_t (*gcry_ac_dencode_prepare_t) (gcry_ac_handle_t handle, + gcry_ac_key_t key, + void *opts, + void *opts_em); + +/* The `dencode_prepare' function for ES-PKCS-V1_5. */ +static gcry_error_t +ac_es_dencode_prepare_pkcs_v1_5 (gcry_ac_handle_t handle, gcry_ac_key_t key, + void *opts, void *opts_em) +{ + gcry_ac_eme_pkcs_v1_5_t *options_em; + unsigned int nbits; + gcry_error_t err; + + (void)opts; + + err = _gcry_ac_key_get_nbits (handle, key, &nbits); + if (err) + goto out; + + options_em = opts_em; + options_em->key_size = nbits; + + out: + + return err; +} + +/* The `dencode_prepare' function for SSA-PKCS-V1_5. */ +static gcry_error_t +ac_ssa_dencode_prepare_pkcs_v1_5 (gcry_ac_handle_t handle, gcry_ac_key_t key, + void *opts, void *opts_em) +{ + gcry_ac_emsa_pkcs_v1_5_t *options_em; + gcry_ac_ssa_pkcs_v1_5_t *options; + gcry_error_t err; + unsigned int k; + + options_em = opts_em; + options = opts; + + err = _gcry_ac_key_get_nbits (handle, key, &k); + if (err) + goto out; + + k = (k + 7) / 8; + options_em->md = options->md; + options_em->em_n = k; + + out: + + return err; +} + +/* Type holding the information about each supported + Encryption/Signature Scheme. */ +typedef struct ac_scheme +{ + gcry_ac_scheme_t scheme; + gcry_ac_em_t scheme_encoding; + gcry_ac_dencode_prepare_t dencode_prepare; + size_t options_em_n; +} ac_scheme_t; + +/* List of supported Schemes. */ +static ac_scheme_t ac_schemes[] = + { + { GCRY_AC_ES_PKCS_V1_5, GCRY_AC_EME_PKCS_V1_5, + ac_es_dencode_prepare_pkcs_v1_5, + sizeof (gcry_ac_eme_pkcs_v1_5_t) }, + { GCRY_AC_SSA_PKCS_V1_5, GCRY_AC_EMSA_PKCS_V1_5, + ac_ssa_dencode_prepare_pkcs_v1_5, + sizeof (gcry_ac_emsa_pkcs_v1_5_t) } + }; + +/* Lookup a scheme by it's ID. */ +static ac_scheme_t * +ac_scheme_get (gcry_ac_scheme_t scheme) +{ + ac_scheme_t *ac_scheme; + unsigned int i; + + for (i = 0; i < DIM (ac_schemes); i++) + if (scheme == ac_schemes[i].scheme) + break; + if (i == DIM (ac_schemes)) + ac_scheme = NULL; + else + ac_scheme = ac_schemes + i; + + return ac_scheme; +} + +/* Prepares the encoding/decoding by creating an according option + structure. */ +static gcry_error_t +ac_dencode_prepare (gcry_ac_handle_t handle, gcry_ac_key_t key, void *opts, + ac_scheme_t scheme, void **opts_em) +{ + gcry_error_t err; + void *options_em; + + options_em = gcry_malloc (scheme.options_em_n); + if (! options_em) + { + err = gcry_error_from_errno (errno); + goto out; + } + + err = (*scheme.dencode_prepare) (handle, key, opts, options_em); + if (err) + goto out; + + *opts_em = options_em; + + out: + + if (err) + free (options_em); + + return err; +} + +/* Convert a data set into a single MPI; currently, this is only + supported for data sets containing a single MPI. */ +static gcry_error_t +ac_data_set_to_mpi (gcry_ac_data_t data, gcry_mpi_t *mpi) +{ + gcry_error_t err; + gcry_mpi_t mpi_new; + unsigned int elems; + + elems = _gcry_ac_data_length (data); + + if (elems != 1) + { + /* FIXME: I guess, we should be more flexible in this respect by + allowing the actual encryption/signature schemes to implement + this conversion mechanism. */ + err = gcry_error (GPG_ERR_CONFLICT); + goto out; + } + + err = _gcry_ac_data_get_index (data, GCRY_AC_FLAG_COPY, 0, NULL, &mpi_new); + if (err) + goto out; + + *mpi = mpi_new; + + out: + + return err; +} + +/* Encrypts the plain text message contained in M, which is of size + M_N, with the public key KEY_PUBLIC according to the Encryption + Scheme SCHEME_ID. HANDLE is used for accessing the low-level + cryptographic primitives. If OPTS is not NULL, it has to be an + anonymous structure specific to the chosen scheme (gcry_ac_es_*_t). + The encrypted message will be stored in C and C_N. */ +gcry_error_t +_gcry_ac_data_encrypt_scheme (gcry_ac_handle_t handle, + gcry_ac_scheme_t scheme_id, + unsigned int flags, void *opts, + gcry_ac_key_t key, + gcry_ac_io_t *io_message, + gcry_ac_io_t *io_cipher) +{ + gcry_error_t err; + gcry_ac_io_t io_em; + unsigned char *em; + size_t em_n; + gcry_mpi_t mpi_plain; + gcry_ac_data_t data_encrypted; + gcry_mpi_t mpi_encrypted; + unsigned char *buffer; + size_t buffer_n; + void *opts_em; + ac_scheme_t *scheme; + + (void)flags; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + data_encrypted = NULL; + mpi_encrypted = NULL; + mpi_plain = NULL; + opts_em = NULL; + buffer = NULL; + em = NULL; + + scheme = ac_scheme_get (scheme_id); + if (! scheme) + { + err = gcry_error (GPG_ERR_NO_ENCRYPTION_SCHEME); + goto out; + } + + if (key->type != GCRY_AC_KEY_PUBLIC) + { + err = gcry_error (GPG_ERR_WRONG_KEY_USAGE); + goto out; + } + + err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em); + if (err) + goto out; + + _gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE, + GCRY_AC_IO_STRING, &em, &em_n); + + err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em, + io_message, &io_em); + if (err) + goto out; + + mpi_plain = gcry_mpi_snew (0); + gcry_ac_os_to_mpi (mpi_plain, em, em_n); + + err = _gcry_ac_data_encrypt (handle, 0, key, mpi_plain, &data_encrypted); + if (err) + goto out; + + err = ac_data_set_to_mpi (data_encrypted, &mpi_encrypted); + if (err) + goto out; + + err = _gcry_ac_mpi_to_os_alloc (mpi_encrypted, &buffer, &buffer_n); + if (err) + goto out; + + err = _gcry_ac_io_write (io_cipher, buffer, buffer_n); + + out: + + gcry_ac_data_destroy (data_encrypted); + gcry_mpi_release (mpi_encrypted); + gcry_mpi_release (mpi_plain); + gcry_free (opts_em); + gcry_free (buffer); + gcry_free (em); + + return err; +} + +/* Decryptes the cipher message contained in C, which is of size C_N, + with the secret key KEY_SECRET according to the Encryption Scheme + SCHEME_ID. Handle is used for accessing the low-level + cryptographic primitives. If OPTS is not NULL, it has to be an + anonymous structure specific to the chosen scheme (gcry_ac_es_*_t). + The decrypted message will be stored in M and M_N. */ +gcry_error_t +_gcry_ac_data_decrypt_scheme (gcry_ac_handle_t handle, + gcry_ac_scheme_t scheme_id, + unsigned int flags, void *opts, + gcry_ac_key_t key, + gcry_ac_io_t *io_cipher, + gcry_ac_io_t *io_message) +{ + gcry_ac_io_t io_em; + gcry_error_t err; + gcry_ac_data_t data_encrypted; + unsigned char *em; + size_t em_n; + gcry_mpi_t mpi_encrypted; + gcry_mpi_t mpi_decrypted; + void *opts_em; + ac_scheme_t *scheme; + char *elements_enc; + size_t elements_enc_n; + unsigned char *c; + size_t c_n; + + (void)flags; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + data_encrypted = NULL; + mpi_encrypted = NULL; + mpi_decrypted = NULL; + elements_enc = NULL; + opts_em = NULL; + em = NULL; + c = NULL; + + scheme = ac_scheme_get (scheme_id); + if (! scheme) + { + err = gcry_error (GPG_ERR_NO_ENCRYPTION_SCHEME); + goto out; + } + + if (key->type != GCRY_AC_KEY_SECRET) + { + err = gcry_error (GPG_ERR_WRONG_KEY_USAGE); + goto out; + } + + err = _gcry_ac_io_read_all (io_cipher, &c, &c_n); + if (err) + goto out; + + mpi_encrypted = gcry_mpi_snew (0); + gcry_ac_os_to_mpi (mpi_encrypted, c, c_n); + + err = _gcry_pk_get_elements (handle->algorithm, &elements_enc, NULL); + if (err) + goto out; + + elements_enc_n = strlen (elements_enc); + if (elements_enc_n != 1) + { + /* FIXME? */ + err = gcry_error (GPG_ERR_CONFLICT); + goto out; + } + + err = _gcry_ac_data_new (&data_encrypted); + if (err) + goto out; + + err = _gcry_ac_data_set (data_encrypted, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, + elements_enc, mpi_encrypted); + if (err) + goto out; + + err = _gcry_ac_data_decrypt (handle, 0, key, &mpi_decrypted, data_encrypted); + if (err) + goto out; + + err = _gcry_ac_mpi_to_os_alloc (mpi_decrypted, &em, &em_n); + if (err) + goto out; + + err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em); + if (err) + goto out; + + _gcry_ac_io_init (&io_em, GCRY_AC_IO_READABLE, + GCRY_AC_IO_STRING, em, em_n); + + err = _gcry_ac_data_decode (scheme->scheme_encoding, 0, opts_em, + &io_em, io_message); + if (err) + goto out; + + out: + + _gcry_ac_data_destroy (data_encrypted); + gcry_mpi_release (mpi_encrypted); + gcry_mpi_release (mpi_decrypted); + free (elements_enc); + gcry_free (opts_em); + gcry_free (em); + gcry_free (c); + + return err; +} + + +/* Signs the message contained in M, which is of size M_N, with the + secret key KEY according to the Signature Scheme SCHEME_ID. Handle + is used for accessing the low-level cryptographic primitives. If + OPTS is not NULL, it has to be an anonymous structure specific to + the chosen scheme (gcry_ac_ssa_*_t). The signed message will be + stored in S and S_N. */ +gcry_error_t +_gcry_ac_data_sign_scheme (gcry_ac_handle_t handle, + gcry_ac_scheme_t scheme_id, + unsigned int flags, void *opts, + gcry_ac_key_t key, + gcry_ac_io_t *io_message, + gcry_ac_io_t *io_signature) +{ + gcry_ac_io_t io_em; + gcry_error_t err; + gcry_ac_data_t data_signed; + unsigned char *em; + size_t em_n; + gcry_mpi_t mpi; + void *opts_em; + unsigned char *buffer; + size_t buffer_n; + gcry_mpi_t mpi_signed; + ac_scheme_t *scheme; + + (void)flags; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + data_signed = NULL; + mpi_signed = NULL; + opts_em = NULL; + buffer = NULL; + mpi = NULL; + em = NULL; + + if (key->type != GCRY_AC_KEY_SECRET) + { + err = gcry_error (GPG_ERR_WRONG_KEY_USAGE); + goto out; + } + + scheme = ac_scheme_get (scheme_id); + if (! scheme) + { + /* FIXME: adjust api of scheme_get in respect to err codes. */ + err = gcry_error (GPG_ERR_NO_SIGNATURE_SCHEME); + goto out; + } + + err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em); + if (err) + goto out; + + _gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE, + GCRY_AC_IO_STRING, &em, &em_n); + + err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em, + io_message, &io_em); + if (err) + goto out; + + mpi = gcry_mpi_new (0); + _gcry_ac_os_to_mpi (mpi, em, em_n); + + err = _gcry_ac_data_sign (handle, key, mpi, &data_signed); + if (err) + goto out; + + err = ac_data_set_to_mpi (data_signed, &mpi_signed); + if (err) + goto out; + + err = _gcry_ac_mpi_to_os_alloc (mpi_signed, &buffer, &buffer_n); + if (err) + goto out; + + err = _gcry_ac_io_write (io_signature, buffer, buffer_n); + + out: + + _gcry_ac_data_destroy (data_signed); + gcry_mpi_release (mpi_signed); + gcry_mpi_release (mpi); + gcry_free (opts_em); + gcry_free (buffer); + gcry_free (em); + + return err; +} + +/* Verifies that the signature contained in S, which is of length S_N, + is indeed the result of signing the message contained in M, which + is of size M_N, with the secret key belonging to the public key + KEY_PUBLIC. If OPTS is not NULL, it has to be an anonymous + structure (gcry_ac_ssa_*_t) specific to the Signature Scheme, whose + ID is contained in SCHEME_ID. */ +gcry_error_t +_gcry_ac_data_verify_scheme (gcry_ac_handle_t handle, + gcry_ac_scheme_t scheme_id, + unsigned int flags, void *opts, + gcry_ac_key_t key, + gcry_ac_io_t *io_message, + gcry_ac_io_t *io_signature) +{ + gcry_ac_io_t io_em; + gcry_error_t err; + gcry_ac_data_t data_signed; + unsigned char *em; + size_t em_n; + void *opts_em; + gcry_mpi_t mpi_signature; + gcry_mpi_t mpi_data; + ac_scheme_t *scheme; + char *elements_sig; + size_t elements_sig_n; + unsigned char *s; + size_t s_n; + + (void)flags; + + if (fips_mode ()) + return gpg_error (GPG_ERR_NOT_SUPPORTED); + + mpi_signature = NULL; + elements_sig = NULL; + data_signed = NULL; + mpi_data = NULL; + opts_em = NULL; + em = NULL; + s = NULL; + + if (key->type != GCRY_AC_KEY_PUBLIC) + { + err = gcry_error (GPG_ERR_WRONG_KEY_USAGE); + goto out; + } + + scheme = ac_scheme_get (scheme_id); + if (! scheme) + { + err = gcry_error (GPG_ERR_NO_SIGNATURE_SCHEME); + goto out; + } + + err = ac_dencode_prepare (handle, key, opts, *scheme, &opts_em); + if (err) + goto out; + + _gcry_ac_io_init (&io_em, GCRY_AC_IO_WRITABLE, + GCRY_AC_IO_STRING, &em, &em_n); + + err = _gcry_ac_data_encode (scheme->scheme_encoding, 0, opts_em, + io_message, &io_em); + if (err) + goto out; + + mpi_data = gcry_mpi_new (0); + _gcry_ac_os_to_mpi (mpi_data, em, em_n); + + err = _gcry_ac_io_read_all (io_signature, &s, &s_n); + if (err) + goto out; + + mpi_signature = gcry_mpi_new (0); + _gcry_ac_os_to_mpi (mpi_signature, s, s_n); + + err = _gcry_pk_get_elements (handle->algorithm, NULL, &elements_sig); + if (err) + goto out; + + elements_sig_n = strlen (elements_sig); + if (elements_sig_n != 1) + { + /* FIXME? */ + err = gcry_error (GPG_ERR_CONFLICT); + goto out; + } + + err = _gcry_ac_data_new (&data_signed); + if (err) + goto out; + + err = _gcry_ac_data_set (data_signed, GCRY_AC_FLAG_COPY | GCRY_AC_FLAG_DEALLOC, + elements_sig, mpi_signature); + if (err) + goto out; + + gcry_mpi_release (mpi_signature); + mpi_signature = NULL; + + err = _gcry_ac_data_verify (handle, key, mpi_data, data_signed); + + out: + + _gcry_ac_data_destroy (data_signed); + gcry_mpi_release (mpi_signature); + gcry_mpi_release (mpi_data); + free (elements_sig); + gcry_free (opts_em); + gcry_free (em); + gcry_free (s); + + return err; +} + + +/* + * General functions. + */ + +gcry_err_code_t +_gcry_ac_init (void) +{ + if (fips_mode ()) + return GPG_ERR_NOT_SUPPORTED; + + return 0; +} |