2011-01-31 18:19:14 +01:00
|
|
|
/* openpgp-oids.c - OID helper for OpenPGP
|
|
|
|
* Copyright (C) 2011 Free Software Foundation, Inc.
|
2013-11-15 08:59:45 +01:00
|
|
|
* Copyright (C) 2013 Werner Koch
|
2011-01-31 18:19:14 +01:00
|
|
|
*
|
|
|
|
* This file is part of GnuPG.
|
|
|
|
*
|
Change license for some files in common to LGPLv3+/GPLv2+.
Having the LGPL on the common GnuPG code helps to share code
between GnuPG and related projects (like GPGME and Libassuan). This
is good for interoperability and to reduces bugs.
* common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
* common/b64enc.c, common/convert.c, common/dns-cert.c
* common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
* common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
* common/helpfile.c, common/homedir.c, common/http.c, common/http.h
* common/i18n.c, common/init.c, common/init.h, common/iobuf.c
* common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
* common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
* common/percent.c, common/pka.c, common/pka.h, common/session-env.c
* common/session-env.h, common/sexp-parse.h, common/sexputil.c
* common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
* common/ssh-utils.h, common/sysutils.c, common/sysutils.h
* common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
* common/userids.c, common/userids.h, common/xasprintf.c: Change
license to LGPLv3+/GPLv2+/
2012-04-20 15:43:06 +02:00
|
|
|
* This file is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of either
|
2011-01-31 18:19:14 +01:00
|
|
|
*
|
Change license for some files in common to LGPLv3+/GPLv2+.
Having the LGPL on the common GnuPG code helps to share code
between GnuPG and related projects (like GPGME and Libassuan). This
is good for interoperability and to reduces bugs.
* common/asshelp.c, common/asshelp.h, common/asshelp2.c, common/b64dec.c
* common/b64enc.c, common/convert.c, common/dns-cert.c
* common/dns-cert.h common/exechelp-posix.c, common/exechelp-w32.c
* common/exechelp-w32ce.c, common/exechelp.h, common/get-passphrase.c
* common/get-passphrase.h, common/gettime.c, common/gpgrlhelp.c
* common/helpfile.c, common/homedir.c, common/http.c, common/http.h
* common/i18n.c, common/init.c, common/init.h, common/iobuf.c
* common/iobuf.h, common/localename.c, common/membuf.c, common/membuf.h
* common/miscellaneous.c, common/openpgp-oid.c, common/openpgpdefs.h
* common/percent.c, common/pka.c, common/pka.h, common/session-env.c
* common/session-env.h, common/sexp-parse.h, common/sexputil.c
* common/signal.c, common/srv.c, common/srv.h, common/ssh-utils.c
* common/ssh-utils.h, common/sysutils.c, common/sysutils.h
* common/tlv.c, common/tlv.h, common/ttyio.c, common/ttyio.h
* common/userids.c, common/userids.h, common/xasprintf.c: Change
license to LGPLv3+/GPLv2+/
2012-04-20 15:43:06 +02:00
|
|
|
* - the GNU Lesser General Public License as published by the Free
|
|
|
|
* Software Foundation; either version 3 of the License, or (at
|
|
|
|
* your option) any later version.
|
|
|
|
*
|
|
|
|
* or
|
|
|
|
*
|
|
|
|
* - the GNU General Public License as published by the Free
|
|
|
|
* Software Foundation; either version 2 of the License, or (at
|
|
|
|
* your option) any later version.
|
|
|
|
*
|
|
|
|
* or both in parallel, as here.
|
|
|
|
*
|
|
|
|
* This file is distributed in the hope that it will be useful,
|
2011-01-31 18:19:14 +01:00
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License
|
2016-11-05 12:02:19 +01:00
|
|
|
* along with this program; if not, see <https://www.gnu.org/licenses/>.
|
2011-01-31 18:19:14 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <ctype.h>
|
|
|
|
#include <assert.h>
|
|
|
|
|
|
|
|
#include "util.h"
|
2016-06-02 15:10:52 +02:00
|
|
|
#include "openpgpdefs.h"
|
2011-01-31 18:19:14 +01:00
|
|
|
|
2014-09-02 12:10:19 +02:00
|
|
|
/* A table with all our supported OpenPGP curves. */
|
|
|
|
static struct {
|
|
|
|
const char *name; /* Standard name. */
|
|
|
|
const char *oidstr; /* IETF formatted OID. */
|
2015-03-06 10:46:40 +01:00
|
|
|
unsigned int nbits; /* Nominal bit length of the curve. */
|
2014-09-02 12:10:19 +02:00
|
|
|
const char *alias; /* NULL or alternative name of the curve. */
|
2016-06-02 15:10:52 +02:00
|
|
|
int pubkey_algo; /* Required OpenPGP algo or 0 for ECDSA/ECDH. */
|
2014-09-02 12:10:19 +02:00
|
|
|
} oidtable[] = {
|
|
|
|
|
2016-06-02 15:10:52 +02:00
|
|
|
{ "Curve25519", "1.3.6.1.4.1.3029.1.5.1", 255, "cv25519", PUBKEY_ALGO_ECDH },
|
|
|
|
{ "Ed25519", "1.3.6.1.4.1.11591.15.1", 255, "ed25519", PUBKEY_ALGO_EDDSA },
|
2014-09-02 12:10:19 +02:00
|
|
|
|
|
|
|
{ "NIST P-256", "1.2.840.10045.3.1.7", 256, "nistp256" },
|
|
|
|
{ "NIST P-384", "1.3.132.0.34", 384, "nistp384" },
|
|
|
|
{ "NIST P-521", "1.3.132.0.35", 521, "nistp521" },
|
|
|
|
|
|
|
|
{ "brainpoolP256r1", "1.3.36.3.3.2.8.1.1.7", 256 },
|
|
|
|
{ "brainpoolP384r1", "1.3.36.3.3.2.8.1.1.11", 384 },
|
|
|
|
{ "brainpoolP512r1", "1.3.36.3.3.2.8.1.1.13", 512 },
|
|
|
|
|
|
|
|
{ "secp256k1", "1.3.132.0.10", 256 },
|
|
|
|
|
|
|
|
{ NULL, NULL, 0}
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2013-11-15 08:59:45 +01:00
|
|
|
/* The OID for Curve Ed25519 in OpenPGP format. */
|
|
|
|
static const char oid_ed25519[] =
|
2014-04-08 04:59:39 +02:00
|
|
|
{ 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xda, 0x47, 0x0f, 0x01 };
|
2013-11-15 08:59:45 +01:00
|
|
|
|
2015-08-06 10:00:41 +02:00
|
|
|
/* The OID for Curve25519 in OpenPGP format. */
|
2016-08-25 15:16:32 +02:00
|
|
|
static const char oid_cv25519[] =
|
2015-08-06 10:00:41 +02:00
|
|
|
{ 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01 };
|
|
|
|
|
2020-02-10 00:31:07 +01:00
|
|
|
/* A table to store keyalgo strings like "rsa2048 or "ed25519" so that
|
|
|
|
* we do not need to allocate them. This is currently a simple array
|
|
|
|
* but may eventually be changed to a fast data structure. Noet that
|
|
|
|
* unknown algorithms are stored with (NBITS,CURVE) set to (0,NULL). */
|
|
|
|
struct keyalgo_string_s
|
|
|
|
{
|
|
|
|
enum gcry_pk_algos algo; /* Mandatory. */
|
|
|
|
unsigned int nbits; /* Size for classical algos. */
|
|
|
|
char *curve; /* Curvename (OID) or NULL. */
|
|
|
|
char *name; /* Allocated name. */
|
|
|
|
};
|
|
|
|
static struct keyalgo_string_s *keyalgo_strings; /* The table. */
|
|
|
|
static size_t keyalgo_strings_size; /* Allocated size. */
|
|
|
|
static size_t keyalgo_strings_used; /* Used size. */
|
|
|
|
|
2013-11-15 08:59:45 +01:00
|
|
|
|
2011-01-31 18:19:14 +01:00
|
|
|
/* Helper for openpgp_oid_from_str. */
|
|
|
|
static size_t
|
|
|
|
make_flagged_int (unsigned long value, char *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
int more = 0;
|
|
|
|
int shift;
|
|
|
|
|
|
|
|
/* fixme: figure out the number of bits in an ulong and start with
|
|
|
|
that value as shift (after making it a multiple of 7) a more
|
|
|
|
straigtforward implementation is to do it in reverse order using
|
|
|
|
a temporary buffer - saves a lot of compares */
|
|
|
|
for (more=0, shift=28; shift > 0; shift -= 7)
|
|
|
|
{
|
|
|
|
if (more || value >= (1<<shift))
|
|
|
|
{
|
|
|
|
buf[buflen++] = 0x80 | (value >> shift);
|
|
|
|
value -= (value >> shift) << shift;
|
|
|
|
more = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
buf[buflen++] = value;
|
|
|
|
return buflen;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Convert the OID given in dotted decimal form in STRING to an DER
|
|
|
|
* encoding and store it as an opaque value at R_MPI. The format of
|
|
|
|
* the DER encoded is not a regular ASN.1 object but the modified
|
|
|
|
* format as used by OpenPGP for the ECC curve description. On error
|
|
|
|
* the function returns and error code an NULL is stored at R_BUG.
|
|
|
|
* Note that scanning STRING stops at the first white space
|
|
|
|
* character. */
|
|
|
|
gpg_error_t
|
|
|
|
openpgp_oid_from_str (const char *string, gcry_mpi_t *r_mpi)
|
|
|
|
{
|
|
|
|
unsigned char *buf;
|
|
|
|
size_t buflen;
|
|
|
|
unsigned long val1, val;
|
|
|
|
const char *endp;
|
|
|
|
int arcno;
|
|
|
|
|
|
|
|
*r_mpi = NULL;
|
|
|
|
|
|
|
|
if (!string || !*string)
|
|
|
|
return gpg_error (GPG_ERR_INV_VALUE);
|
|
|
|
|
|
|
|
/* We can safely assume that the encoded OID is shorter than the string. */
|
|
|
|
buf = xtrymalloc (1 + strlen (string) + 2);
|
|
|
|
if (!buf)
|
|
|
|
return gpg_error_from_syserror ();
|
|
|
|
/* Save the first byte for the length. */
|
|
|
|
buflen = 1;
|
|
|
|
|
|
|
|
val1 = 0; /* Avoid compiler warning. */
|
|
|
|
arcno = 0;
|
|
|
|
do {
|
|
|
|
arcno++;
|
|
|
|
val = strtoul (string, (char**)&endp, 10);
|
|
|
|
if (!digitp (string) || !(*endp == '.' || !*endp))
|
|
|
|
{
|
|
|
|
xfree (buf);
|
|
|
|
return gpg_error (GPG_ERR_INV_OID_STRING);
|
|
|
|
}
|
|
|
|
if (*endp == '.')
|
|
|
|
string = endp+1;
|
|
|
|
|
|
|
|
if (arcno == 1)
|
|
|
|
{
|
|
|
|
if (val > 2)
|
2017-04-28 03:06:33 +02:00
|
|
|
break; /* Not allowed, error caught below. */
|
2011-01-31 18:19:14 +01:00
|
|
|
val1 = val;
|
|
|
|
}
|
|
|
|
else if (arcno == 2)
|
|
|
|
{ /* Need to combine the first two arcs in one octet. */
|
|
|
|
if (val1 < 2)
|
|
|
|
{
|
|
|
|
if (val > 39)
|
|
|
|
{
|
|
|
|
xfree (buf);
|
|
|
|
return gpg_error (GPG_ERR_INV_OID_STRING);
|
|
|
|
}
|
|
|
|
buf[buflen++] = val1*40 + val;
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
val += 80;
|
|
|
|
buflen = make_flagged_int (val, buf, buflen);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
buflen = make_flagged_int (val, buf, buflen);
|
|
|
|
}
|
|
|
|
} while (*endp == '.');
|
|
|
|
|
|
|
|
if (arcno == 1 || buflen < 2 || buflen > 254 )
|
|
|
|
{ /* It is not possible to encode only the first arc. */
|
|
|
|
xfree (buf);
|
|
|
|
return gpg_error (GPG_ERR_INV_OID_STRING);
|
|
|
|
}
|
|
|
|
|
|
|
|
*buf = buflen - 1;
|
|
|
|
*r_mpi = gcry_mpi_set_opaque (NULL, buf, buflen * 8);
|
|
|
|
if (!*r_mpi)
|
|
|
|
{
|
|
|
|
xfree (buf);
|
|
|
|
return gpg_error_from_syserror ();
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-01-29 18:19:05 +01:00
|
|
|
/* Return a malloced string representation of the OID in the buffer
|
|
|
|
* (BUF,LEN). In case of an error NULL is returned and ERRNO is set.
|
|
|
|
* As per OpenPGP spec the first byte of the buffer is the length of
|
|
|
|
* the rest; the function performs a consistency check. */
|
2011-01-31 18:19:14 +01:00
|
|
|
char *
|
2019-01-29 18:19:05 +01:00
|
|
|
openpgp_oidbuf_to_str (const unsigned char *buf, size_t len)
|
2011-01-31 18:19:14 +01:00
|
|
|
{
|
|
|
|
char *string, *p;
|
|
|
|
int n = 0;
|
|
|
|
unsigned long val, valmask;
|
|
|
|
|
|
|
|
valmask = (unsigned long)0xfe << (8 * (sizeof (valmask) - 1));
|
|
|
|
/* The first bytes gives the length; check consistency. */
|
2019-01-29 18:19:05 +01:00
|
|
|
|
|
|
|
if (!len || buf[0] != len -1)
|
2011-01-31 18:19:14 +01:00
|
|
|
{
|
|
|
|
gpg_err_set_errno (EINVAL);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
/* Skip length byte. */
|
2019-01-29 18:19:05 +01:00
|
|
|
len--;
|
2011-01-31 18:19:14 +01:00
|
|
|
buf++;
|
|
|
|
|
|
|
|
/* To calculate the length of the string we can safely assume an
|
|
|
|
upper limit of 3 decimal characters per byte. Two extra bytes
|
|
|
|
account for the special first octect */
|
2019-01-29 18:19:05 +01:00
|
|
|
string = p = xtrymalloc (len*(1+3)+2+1);
|
2011-01-31 18:19:14 +01:00
|
|
|
if (!string)
|
|
|
|
return NULL;
|
2019-01-29 18:19:05 +01:00
|
|
|
if (!len)
|
2011-01-31 18:19:14 +01:00
|
|
|
{
|
|
|
|
*p = 0;
|
|
|
|
return string;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (buf[0] < 40)
|
|
|
|
p += sprintf (p, "0.%d", buf[n]);
|
|
|
|
else if (buf[0] < 80)
|
|
|
|
p += sprintf (p, "1.%d", buf[n]-40);
|
|
|
|
else {
|
|
|
|
val = buf[n] & 0x7f;
|
2019-01-29 18:19:05 +01:00
|
|
|
while ( (buf[n]&0x80) && ++n < len )
|
2011-01-31 18:19:14 +01:00
|
|
|
{
|
|
|
|
if ( (val & valmask) )
|
|
|
|
goto badoid; /* Overflow. */
|
|
|
|
val <<= 7;
|
|
|
|
val |= buf[n] & 0x7f;
|
|
|
|
}
|
2014-11-25 11:58:56 +01:00
|
|
|
if (val < 80)
|
|
|
|
goto badoid;
|
2011-01-31 18:19:14 +01:00
|
|
|
val -= 80;
|
|
|
|
sprintf (p, "2.%lu", val);
|
|
|
|
p += strlen (p);
|
|
|
|
}
|
2019-01-29 18:19:05 +01:00
|
|
|
for (n++; n < len; n++)
|
2011-01-31 18:19:14 +01:00
|
|
|
{
|
|
|
|
val = buf[n] & 0x7f;
|
2019-01-29 18:19:05 +01:00
|
|
|
while ( (buf[n]&0x80) && ++n < len )
|
2011-01-31 18:19:14 +01:00
|
|
|
{
|
|
|
|
if ( (val & valmask) )
|
|
|
|
goto badoid; /* Overflow. */
|
|
|
|
val <<= 7;
|
|
|
|
val |= buf[n] & 0x7f;
|
|
|
|
}
|
|
|
|
sprintf (p, ".%lu", val);
|
|
|
|
p += strlen (p);
|
|
|
|
}
|
|
|
|
|
|
|
|
*p = 0;
|
|
|
|
return string;
|
|
|
|
|
|
|
|
badoid:
|
|
|
|
/* Return a special OID (gnu.gnupg.badoid) to indicate the error
|
|
|
|
case. The OID is broken and thus we return one which can't do
|
|
|
|
any harm. Formally this does not need to be a bad OID but an OID
|
|
|
|
with an arc that can't be represented in a 32 bit word is more
|
|
|
|
than likely corrupt. */
|
|
|
|
xfree (string);
|
|
|
|
return xtrystrdup ("1.3.6.1.4.1.11591.2.12242973");
|
|
|
|
}
|
2013-11-15 08:59:45 +01:00
|
|
|
|
|
|
|
|
2019-01-29 18:19:05 +01:00
|
|
|
/* Return a malloced string representation of the OID in the opaque
|
|
|
|
* MPI A. In case of an error NULL is returned and ERRNO is set. */
|
|
|
|
char *
|
|
|
|
openpgp_oid_to_str (gcry_mpi_t a)
|
|
|
|
{
|
|
|
|
const unsigned char *buf;
|
|
|
|
unsigned int lengthi;
|
|
|
|
|
|
|
|
if (!a
|
|
|
|
|| !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE)
|
|
|
|
|| !(buf = gcry_mpi_get_opaque (a, &lengthi)))
|
|
|
|
{
|
|
|
|
gpg_err_set_errno (EINVAL);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
buf = gcry_mpi_get_opaque (a, &lengthi);
|
|
|
|
return openpgp_oidbuf_to_str (buf, (lengthi+7)/8);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Return true if (BUF,LEN) represents the OID for Ed25519. */
|
|
|
|
int
|
|
|
|
openpgp_oidbuf_is_ed25519 (const void *buf, size_t len)
|
|
|
|
{
|
|
|
|
return (buf && len == DIM (oid_ed25519)
|
|
|
|
&& !memcmp (buf, oid_ed25519, DIM (oid_ed25519)));
|
|
|
|
}
|
|
|
|
|
2013-11-15 08:59:45 +01:00
|
|
|
|
|
|
|
/* Return true if A represents the OID for Ed25519. */
|
|
|
|
int
|
|
|
|
openpgp_oid_is_ed25519 (gcry_mpi_t a)
|
|
|
|
{
|
|
|
|
const unsigned char *buf;
|
|
|
|
unsigned int nbits;
|
|
|
|
|
|
|
|
if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
buf = gcry_mpi_get_opaque (a, &nbits);
|
2019-01-29 18:19:05 +01:00
|
|
|
return openpgp_oidbuf_is_ed25519 (buf, (nbits+7)/8);
|
2013-11-15 08:59:45 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-01-29 18:19:05 +01:00
|
|
|
/* Return true if (BUF,LEN) represents the OID for Curve25519. */
|
|
|
|
int
|
|
|
|
openpgp_oidbuf_is_cv25519 (const void *buf, size_t len)
|
|
|
|
{
|
|
|
|
return (buf && len == DIM (oid_cv25519)
|
|
|
|
&& !memcmp (buf, oid_cv25519, DIM (oid_cv25519)));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Return true if the MPI A represents the OID for Curve25519. */
|
2015-08-06 10:00:41 +02:00
|
|
|
int
|
2016-08-25 15:16:32 +02:00
|
|
|
openpgp_oid_is_cv25519 (gcry_mpi_t a)
|
2015-08-06 10:00:41 +02:00
|
|
|
{
|
|
|
|
const unsigned char *buf;
|
|
|
|
unsigned int nbits;
|
|
|
|
|
|
|
|
if (!a || !gcry_mpi_get_flag (a, GCRYMPI_FLAG_OPAQUE))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
buf = gcry_mpi_get_opaque (a, &nbits);
|
2019-01-29 18:19:05 +01:00
|
|
|
return openpgp_oidbuf_is_cv25519 (buf, (nbits+7)/8);
|
2015-08-06 10:00:41 +02:00
|
|
|
}
|
|
|
|
|
2013-11-15 08:59:45 +01:00
|
|
|
|
|
|
|
/* Map the Libgcrypt ECC curve NAME to an OID. If R_NBITS is not NULL
|
|
|
|
store the bit size of the curve there. Returns NULL for unknown
|
2020-02-11 14:38:03 +01:00
|
|
|
curve names. If R_ALGO is not NULL and a specific ECC algorithm is
|
|
|
|
required for this curve its OpenPGP algorithm number is stored
|
|
|
|
there; otherwise 0 is stored which indicates that ECDSA or ECDH can
|
|
|
|
be used. */
|
2013-11-15 08:59:45 +01:00
|
|
|
const char *
|
2020-02-11 14:38:03 +01:00
|
|
|
openpgp_curve_to_oid (const char *name, unsigned int *r_nbits, int *r_algo)
|
2013-11-15 08:59:45 +01:00
|
|
|
{
|
2014-09-02 12:10:19 +02:00
|
|
|
int i;
|
2013-11-15 08:59:45 +01:00
|
|
|
unsigned int nbits = 0;
|
2014-09-02 12:10:19 +02:00
|
|
|
const char *oidstr = NULL;
|
2020-02-11 14:38:03 +01:00
|
|
|
int algo = 0;
|
2013-11-15 08:59:45 +01:00
|
|
|
|
2014-09-02 12:10:19 +02:00
|
|
|
if (name)
|
2013-10-22 14:26:53 +02:00
|
|
|
{
|
2014-09-02 12:10:19 +02:00
|
|
|
for (i=0; oidtable[i].name; i++)
|
|
|
|
if (!strcmp (oidtable[i].name, name)
|
|
|
|
|| (oidtable[i].alias && !strcmp (oidtable[i].alias, name)))
|
|
|
|
{
|
|
|
|
oidstr = oidtable[i].oidstr;
|
|
|
|
nbits = oidtable[i].nbits;
|
2020-02-11 14:38:03 +01:00
|
|
|
algo = oidtable[i].pubkey_algo;
|
2014-09-02 12:10:19 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (!oidtable[i].name)
|
|
|
|
{
|
|
|
|
/* If not found assume the input is already an OID and check
|
|
|
|
whether we support it. */
|
|
|
|
for (i=0; oidtable[i].name; i++)
|
|
|
|
if (!strcmp (name, oidtable[i].oidstr))
|
|
|
|
{
|
|
|
|
oidstr = oidtable[i].oidstr;
|
|
|
|
nbits = oidtable[i].nbits;
|
2020-02-11 14:38:03 +01:00
|
|
|
algo = oidtable[i].pubkey_algo;
|
2014-09-02 12:10:19 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2014-01-15 07:00:24 +01:00
|
|
|
}
|
2013-11-15 08:59:45 +01:00
|
|
|
|
|
|
|
if (r_nbits)
|
|
|
|
*r_nbits = nbits;
|
2020-02-11 14:38:03 +01:00
|
|
|
if (r_algo)
|
|
|
|
*r_algo = algo;
|
2013-11-15 08:59:45 +01:00
|
|
|
return oidstr;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-02-10 00:31:07 +01:00
|
|
|
/* Map an OpenPGP OID to the Libgcrypt curve name. Returns NULL for
|
|
|
|
* unknown curve names. Unless CANON is set we prefer an alias name
|
|
|
|
* here which is more suitable for printing. */
|
2013-11-15 08:59:45 +01:00
|
|
|
const char *
|
2015-08-06 09:44:03 +02:00
|
|
|
openpgp_oid_to_curve (const char *oidstr, int canon)
|
2013-11-15 08:59:45 +01:00
|
|
|
{
|
2014-09-02 12:10:19 +02:00
|
|
|
int i;
|
|
|
|
|
|
|
|
if (!oidstr)
|
2015-07-08 08:05:06 +02:00
|
|
|
return NULL;
|
2014-09-02 12:10:19 +02:00
|
|
|
|
|
|
|
for (i=0; oidtable[i].name; i++)
|
|
|
|
if (!strcmp (oidtable[i].oidstr, oidstr))
|
2015-08-06 09:44:03 +02:00
|
|
|
return !canon && oidtable[i].alias? oidtable[i].alias : oidtable[i].name;
|
2014-09-02 12:10:19 +02:00
|
|
|
|
2015-07-08 08:05:06 +02:00
|
|
|
return NULL;
|
2013-11-15 08:59:45 +01:00
|
|
|
}
|
2015-03-10 15:26:02 +01:00
|
|
|
|
|
|
|
|
2020-02-10 00:31:07 +01:00
|
|
|
/* Map an OpenPGP OID, name or alias to the Libgcrypt curve name.
|
|
|
|
* Returns NULL for unknown curve names. Unless CANON is set we
|
|
|
|
* prefer an alias name here which is more suitable for printing. */
|
|
|
|
const char *
|
|
|
|
openpgp_oid_or_name_to_curve (const char *oidname, int canon)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (!oidname)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
for (i=0; oidtable[i].name; i++)
|
|
|
|
if (!strcmp (oidtable[i].oidstr, oidname)
|
|
|
|
|| !strcmp (oidtable[i].name, oidname)
|
|
|
|
|| (oidtable[i].alias &&!strcmp (oidtable[i].alias, oidname)))
|
|
|
|
return !canon && oidtable[i].alias? oidtable[i].alias : oidtable[i].name;
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-03-10 15:26:02 +01:00
|
|
|
/* Return true if the curve with NAME is supported. */
|
|
|
|
static int
|
|
|
|
curve_supported_p (const char *name)
|
|
|
|
{
|
|
|
|
int result = 0;
|
|
|
|
gcry_sexp_t keyparms;
|
|
|
|
|
|
|
|
if (!gcry_sexp_build (&keyparms, NULL, "(public-key(ecc(curve %s)))", name))
|
|
|
|
{
|
|
|
|
result = !!gcry_pk_get_curve (keyparms, 0, NULL);
|
|
|
|
gcry_sexp_release (keyparms);
|
|
|
|
}
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Enumerate available and supported OpenPGP curves. The caller needs
|
|
|
|
to set the integer variable at ITERP to zero and keep on calling
|
2015-11-16 12:41:46 +01:00
|
|
|
this function until NULL is returned. */
|
2015-03-10 15:26:02 +01:00
|
|
|
const char *
|
|
|
|
openpgp_enum_curves (int *iterp)
|
|
|
|
{
|
|
|
|
int idx = *iterp;
|
|
|
|
|
|
|
|
while (idx >= 0 && idx < DIM (oidtable) && oidtable[idx].name)
|
|
|
|
{
|
|
|
|
if (curve_supported_p (oidtable[idx].name))
|
|
|
|
{
|
|
|
|
*iterp = idx + 1;
|
|
|
|
return oidtable[idx].alias? oidtable[idx].alias : oidtable[idx].name;
|
|
|
|
}
|
|
|
|
idx++;
|
|
|
|
}
|
|
|
|
*iterp = idx;
|
|
|
|
return NULL;
|
|
|
|
}
|
2016-06-02 15:10:52 +02:00
|
|
|
|
|
|
|
|
2016-12-02 19:43:36 +01:00
|
|
|
/* Return the Libgcrypt name for the gpg curve NAME if supported. If
|
|
|
|
* R_ALGO is not NULL the required OpenPGP public key algo or 0 is
|
|
|
|
* stored at that address. If R_NBITS is not NULL the nominal bitsize
|
|
|
|
* of the curves is stored there. NULL is returned if the curve is
|
|
|
|
* not supported. */
|
2016-06-02 15:10:52 +02:00
|
|
|
const char *
|
2016-12-02 19:43:36 +01:00
|
|
|
openpgp_is_curve_supported (const char *name, int *r_algo,
|
|
|
|
unsigned int *r_nbits)
|
2016-06-02 15:10:52 +02:00
|
|
|
{
|
|
|
|
int idx;
|
|
|
|
|
|
|
|
if (r_algo)
|
|
|
|
*r_algo = 0;
|
2016-12-02 19:43:36 +01:00
|
|
|
if (r_nbits)
|
|
|
|
*r_nbits = 0;
|
2016-06-02 15:10:52 +02:00
|
|
|
for (idx = 0; idx < DIM (oidtable) && oidtable[idx].name; idx++)
|
|
|
|
{
|
2016-10-24 04:20:14 +02:00
|
|
|
if ((!strcmp (name, oidtable[idx].name)
|
|
|
|
|| (oidtable[idx].alias && !strcmp (name, (oidtable[idx].alias))))
|
2016-06-02 15:10:52 +02:00
|
|
|
&& curve_supported_p (oidtable[idx].name))
|
|
|
|
{
|
|
|
|
if (r_algo)
|
|
|
|
*r_algo = oidtable[idx].pubkey_algo;
|
2016-12-02 19:43:36 +01:00
|
|
|
if (r_nbits)
|
|
|
|
*r_nbits = oidtable[idx].nbits;
|
2016-06-02 15:10:52 +02:00
|
|
|
return oidtable[idx].name;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
2020-02-10 00:31:07 +01:00
|
|
|
|
|
|
|
|
|
|
|
/* Map an OpenPGP public key algorithm number to the one used by
|
|
|
|
* Libgcrypt. Returns 0 for unknown gcry algorithm. */
|
|
|
|
enum gcry_pk_algos
|
|
|
|
map_openpgp_pk_to_gcry (pubkey_algo_t algo)
|
|
|
|
{
|
|
|
|
switch (algo)
|
|
|
|
{
|
|
|
|
case PUBKEY_ALGO_EDDSA: return GCRY_PK_EDDSA;
|
|
|
|
case PUBKEY_ALGO_ECDSA: return GCRY_PK_ECDSA;
|
|
|
|
case PUBKEY_ALGO_ECDH: return GCRY_PK_ECDH;
|
|
|
|
default: return algo < 110 ? (enum gcry_pk_algos)algo : 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Return a string describing the public key algorithm and the
|
|
|
|
* keysize. For elliptic curves the function prints the name of the
|
|
|
|
* curve because the keysize is a property of the curve. ALGO is the
|
|
|
|
* Gcrypt algorithmj number, curve is either NULL or give the PID of
|
|
|
|
* the curve, NBITS is either 0 or the size of the algorithms for RSA
|
|
|
|
* etc. The returned string is taken from permanent table. Examples
|
|
|
|
* for the output are:
|
|
|
|
*
|
|
|
|
* "rsa3072" - RSA with 3072 bit
|
|
|
|
* "elg1024" - Elgamal with 1024 bit
|
|
|
|
* "ed25519" - ECC using the curve Ed25519.
|
|
|
|
* "E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
|
|
|
|
* "E_1.3.6.1.4.1.11591.2.12242973" - ECC with a bogus OID.
|
|
|
|
* "unknown_N" - Unknown OpenPGP algorithm N.
|
|
|
|
* If N is > 110 this is a gcrypt algo.
|
|
|
|
*/
|
|
|
|
const char *
|
|
|
|
get_keyalgo_string (enum gcry_pk_algos algo,
|
|
|
|
unsigned int nbits, const char *curve)
|
|
|
|
{
|
|
|
|
const char *prefix;
|
|
|
|
int i;
|
|
|
|
char *name, *curvebuf;
|
|
|
|
|
|
|
|
switch (algo)
|
|
|
|
{
|
|
|
|
case GCRY_PK_RSA: prefix = "rsa"; break;
|
|
|
|
case GCRY_PK_ELG: prefix = "elg"; break;
|
|
|
|
case GCRY_PK_DSA: prefix = "dsa"; break;
|
|
|
|
case GCRY_PK_ECC:
|
|
|
|
case GCRY_PK_ECDH:
|
|
|
|
case GCRY_PK_ECDSA:
|
|
|
|
case GCRY_PK_EDDSA: prefix = ""; break;
|
|
|
|
default: prefix = NULL; break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (prefix && *prefix && nbits)
|
|
|
|
{
|
|
|
|
for (i=0; i < keyalgo_strings_used; i++)
|
|
|
|
{
|
|
|
|
if (keyalgo_strings[i].algo == algo
|
|
|
|
&& keyalgo_strings[i].nbits
|
|
|
|
&& keyalgo_strings[i].nbits == nbits)
|
|
|
|
return keyalgo_strings[i].name;
|
|
|
|
}
|
|
|
|
/* Not yet in the table - add it. */
|
|
|
|
name = xasprintf ("%s%u", prefix, nbits);
|
|
|
|
nbits = nbits? nbits : 1; /* No nbits - oops - use 1 instead. */
|
|
|
|
curvebuf = NULL;
|
|
|
|
}
|
|
|
|
else if (prefix && !*prefix)
|
|
|
|
{
|
|
|
|
const char *curvename;
|
|
|
|
|
|
|
|
for (i=0; i < keyalgo_strings_used; i++)
|
|
|
|
{
|
|
|
|
if (keyalgo_strings[i].algo == algo
|
2022-05-05 09:04:28 +02:00
|
|
|
&& keyalgo_strings[i].curve && curve
|
2020-02-10 00:31:07 +01:00
|
|
|
&& !strcmp (keyalgo_strings[i].curve, curve))
|
|
|
|
return keyalgo_strings[i].name;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Not yet in the table - add it. */
|
|
|
|
curvename = openpgp_oid_or_name_to_curve (curve, 0);
|
|
|
|
if (curvename)
|
|
|
|
name = xasprintf ("%s", curvename);
|
|
|
|
else if (curve)
|
|
|
|
name = xasprintf ("E_%s", curve);
|
|
|
|
else
|
|
|
|
name = xasprintf ("E_error");
|
|
|
|
nbits = 0;
|
2022-05-05 09:04:28 +02:00
|
|
|
curvebuf = curve? xstrdup (curve) : NULL;
|
2020-02-10 00:31:07 +01:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
for (i=0; i < keyalgo_strings_used; i++)
|
|
|
|
{
|
|
|
|
if (keyalgo_strings[i].algo == algo
|
|
|
|
&& !keyalgo_strings[i].nbits
|
|
|
|
&& !keyalgo_strings[i].curve)
|
|
|
|
return keyalgo_strings[i].name;
|
|
|
|
}
|
|
|
|
/* Not yet in the table - add it. */
|
|
|
|
name = xasprintf ("unknown_%u", (unsigned int)algo);
|
|
|
|
nbits = 0;
|
|
|
|
curvebuf = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Store a new entry. This is a loop because of a possible nPth
|
|
|
|
* thread switch during xrealloc. */
|
|
|
|
while (keyalgo_strings_used >= keyalgo_strings_size)
|
|
|
|
{
|
|
|
|
keyalgo_strings_size += 10;
|
|
|
|
if (keyalgo_strings_size > 1024*1024)
|
|
|
|
log_fatal ("%s: table getting too large - possible DoS\n", __func__);
|
|
|
|
keyalgo_strings = xrealloc (keyalgo_strings, (keyalgo_strings_size
|
|
|
|
* sizeof *keyalgo_strings));
|
|
|
|
}
|
|
|
|
keyalgo_strings[keyalgo_strings_used].algo = algo;
|
|
|
|
keyalgo_strings[keyalgo_strings_used].nbits = nbits;
|
|
|
|
keyalgo_strings[keyalgo_strings_used].curve = curvebuf;
|
|
|
|
keyalgo_strings[keyalgo_strings_used].name = name;
|
|
|
|
keyalgo_strings_used++;
|
|
|
|
|
|
|
|
return name; /* Note that this is in the table. */
|
|
|
|
}
|