5c3f75ec |
1 | /* -*-c-*- |
2 | * |
3 | * $Id: cc-sig.c,v 1.1 2004/04/17 09:58:37 mdw Exp $ |
4 | * |
5 | * Catcrypt signatures |
6 | * |
7 | * (c) 2004 Straylight/Edgeware |
8 | */ |
9 | |
10 | /*----- Licensing notice --------------------------------------------------* |
11 | * |
12 | * This file is part of Catacomb. |
13 | * |
14 | * Catacomb is free software; you can redistribute it and/or modify |
15 | * it under the terms of the GNU Library General Public License as |
16 | * published by the Free Software Foundation; either version 2 of the |
17 | * License, or (at your option) any later version. |
18 | * |
19 | * Catacomb is distributed in the hope that it will be useful, |
20 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
21 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
22 | * GNU Library General Public License for more details. |
23 | * |
24 | * You should have received a copy of the GNU Library General Public |
25 | * License along with Catacomb; if not, write to the Free |
26 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, |
27 | * MA 02111-1307, USA. |
28 | */ |
29 | |
30 | /*----- Header files ------------------------------------------------------*/ |
31 | |
32 | #include <stdlib.h> |
33 | |
34 | #include <mLib/report.h> |
35 | |
36 | #include "rand.h" |
37 | #include "sha.h" |
38 | #include "has160.h" |
39 | |
40 | #include "ec.h" |
41 | #include "ec-keys.h" |
42 | #include "dh.h" |
43 | #include "gdsa.h" |
44 | #include "gkcdsa.h" |
45 | #include "rsa.h" |
46 | |
47 | #include "cc.h" |
48 | |
49 | /*----- Main code ---------------------------------------------------------*/ |
50 | |
51 | /* --- RSA PKCS1 --- */ |
52 | |
53 | typedef struct rsap1_sigctx { |
54 | sig s; |
55 | rsa_privctx rp; |
56 | pkcs1 p1; |
57 | } rsap1_sigctx; |
58 | |
59 | static sig *rsap1_siginit(key *k, void *kd, const gchash *hc) |
60 | { |
61 | rsap1_sigctx *rs = CREATE(rsap1_sigctx); |
62 | rsa_privcreate(&rs->rp, kd, &rand_global); |
63 | rs->p1.r = &rand_global; |
64 | rs->p1.ep = hc->name; |
65 | rs->p1.epsz = strlen(hc->name) + 1; |
66 | rs->s.h = 0; |
67 | return (&rs->s); |
68 | } |
69 | |
70 | static int rsap1_sigdoit(sig *s, dstr *d) |
71 | { |
72 | rsap1_sigctx *rs = (rsap1_sigctx *)s; |
73 | size_t n; |
74 | mp *m = rsa_sign(&rs->rp, MP_NEW, |
75 | GH_DONE(s->h, 0), GH_CLASS(s->h)->hashsz, |
76 | pkcs1_sigencode, &rs->p1); |
77 | if (!m) return (-1); |
78 | n = mp_octets(rs->rp.rp->n); dstr_ensure(d, n); mp_storeb(m, d->buf, n); |
79 | d->len += n; mp_drop(m); |
80 | return (0); |
81 | } |
82 | |
83 | static const char *rsa_lengthcheck(mp *n) |
84 | { |
85 | if (mp_bits(n) < 1024) return ("key too short"); |
86 | return (0); |
87 | } |
88 | |
89 | static const char *rsap1_sigcheck(sig *s) |
90 | { |
91 | rsap1_sigctx *rs = (rsap1_sigctx *)s; |
92 | const char *e; |
93 | if ((e = rsa_lengthcheck(rs->rp.rp->n)) != 0) return (e); |
94 | return (0); |
95 | } |
96 | |
97 | static void rsap1_sigdestroy(sig *s) |
98 | { |
99 | rsap1_sigctx *rs = (rsap1_sigctx *)s; |
100 | rsa_privdestroy(&rs->rp); |
101 | DESTROY(rs); |
102 | } |
103 | |
104 | static const sigops rsap1_sig = { |
105 | rsa_privfetch, sizeof(rsa_priv), |
106 | rsap1_siginit, rsap1_sigdoit, rsap1_sigcheck, rsap1_sigdestroy |
107 | }; |
108 | |
109 | typedef struct rsap1_vrfctx { |
110 | sig s; |
111 | rsa_pubctx rp; |
112 | pkcs1 p1; |
113 | } rsap1_vrfctx; |
114 | |
115 | static sig *rsap1_vrfinit(key *k, void *kd, const gchash *hc) |
116 | { |
117 | rsap1_vrfctx *rv = CREATE(rsap1_vrfctx); |
118 | rsa_pubcreate(&rv->rp, kd); |
119 | rv->p1.r = &rand_global; |
120 | rv->p1.ep = hc->name; |
121 | rv->p1.epsz = strlen(hc->name) + 1; |
122 | rv->s.h = 0; |
123 | return (&rv->s); |
124 | } |
125 | |
126 | static int rsap1_vrfdoit(sig *s, dstr *d) |
127 | { |
128 | rsap1_vrfctx *rv = (rsap1_vrfctx *)s; |
129 | mp *m = mp_loadb(MP_NEW, d->buf, d->len); |
130 | int rc = rsa_verify(&rv->rp, m, |
131 | GH_DONE(s->h, 0), GH_CLASS(s->h)->hashsz, |
132 | 0, pkcs1_sigdecode, &rv->p1); |
133 | mp_drop(m); |
134 | return (rc); |
135 | } |
136 | |
137 | static const char *rsap1_vrfcheck(sig *s) |
138 | { |
139 | rsap1_vrfctx *rv = (rsap1_vrfctx *)s; |
140 | const char *e; |
141 | if ((e = rsa_lengthcheck(rv->rp.rp->n)) != 0) return (e); |
142 | return (0); |
143 | } |
144 | |
145 | static void rsap1_vrfdestroy(sig *s) |
146 | { |
147 | rsap1_vrfctx *rv = (rsap1_vrfctx *)s; |
148 | rsa_pubdestroy(&rv->rp); |
149 | DESTROY(rv); |
150 | } |
151 | |
152 | static const sigops rsap1_vrf = { |
153 | rsa_pubfetch, sizeof(rsa_pub), |
154 | rsap1_vrfinit, rsap1_vrfdoit, rsap1_vrfcheck, rsap1_vrfdestroy |
155 | }; |
156 | |
157 | /* --- RSA PSS --- */ |
158 | |
159 | static const gccipher *getmgf(key *k, const gchash *hc) |
160 | { |
161 | dstr d = DSTR_INIT; |
162 | const gccipher *gc; |
163 | const char *mm; |
164 | |
165 | if ((mm = key_getattr(0, k, "mgf")) == 0) { |
166 | dstr_putf(&d, "%s-mgf", hc->name); |
167 | mm = d.buf; |
168 | } |
169 | if ((gc = gcipher_byname(mm)) == 0) |
170 | die(EXIT_FAILURE, "unknown encryption scheme `%s'", mm); |
171 | dstr_destroy(&d); |
172 | return (gc); |
173 | } |
174 | |
175 | typedef struct rsapss_sigctx { |
176 | sig s; |
177 | rsa_privctx rp; |
178 | pss p; |
179 | } rsapss_sigctx; |
180 | |
181 | static sig *rsapss_siginit(key *k, void *kd, const gchash *hc) |
182 | { |
183 | rsapss_sigctx *rs = CREATE(rsapss_sigctx); |
184 | rsa_privcreate(&rs->rp, kd, &rand_global); |
185 | rs->p.r = &rand_global; |
186 | rs->p.cc = getmgf(k, hc); |
187 | rs->p.ch = hc; |
188 | rs->p.ssz = hc->hashsz; |
189 | rsa_privdestroy(&rs->rp); |
190 | return (&rs->s); |
191 | } |
192 | |
193 | static int rsapss_sigdoit(sig *s, dstr *d) |
194 | { |
195 | rsapss_sigctx *rs = (rsapss_sigctx *)s; |
196 | size_t n; |
197 | mp *m = rsa_sign(&rs->rp, MP_NEW, |
198 | GH_DONE(s->h, 0), GH_CLASS(s->h)->hashsz, |
199 | pss_encode, &rs->p); |
200 | if (!m) return (-1); |
201 | n = mp_octets(rs->rp.rp->n); dstr_ensure(d, n); mp_storeb(m, d->buf, n); |
202 | d->len += n; mp_drop(m); |
203 | return (0); |
204 | } |
205 | |
206 | static const char *rsapss_sigcheck(sig *s) |
207 | { |
208 | rsapss_sigctx *rs = (rsapss_sigctx *)s; |
209 | const char *e; |
210 | if ((e = rsa_lengthcheck(rs->rp.rp->n)) != 0) return (e); |
211 | return (0); |
212 | } |
213 | |
214 | static void rsapss_sigdestroy(sig *s) |
215 | { |
216 | rsapss_sigctx *rs = (rsapss_sigctx *)s; |
217 | rsa_privdestroy(&rs->rp); |
218 | DESTROY(rs); |
219 | } |
220 | |
221 | static const sigops rsapss_sig = { |
222 | rsa_privfetch, sizeof(rsa_priv), |
223 | rsapss_siginit, rsapss_sigdoit, rsapss_sigcheck, rsapss_sigdestroy |
224 | }; |
225 | |
226 | typedef struct rsapss_vrfctx { |
227 | sig s; |
228 | rsa_pubctx rp; |
229 | pss p; |
230 | } rsapss_vrfctx; |
231 | |
232 | static sig *rsapss_vrfinit(key *k, void *kd, const gchash *hc) |
233 | { |
234 | rsapss_vrfctx *rv = CREATE(rsapss_vrfctx); |
235 | rsa_pubcreate(&rv->rp, kd); |
236 | rv->p.r = &rand_global; |
237 | rv->p.cc = getmgf(k, hc); |
238 | rv->p.ch = hc; |
239 | rv->p.ssz = hc->hashsz; |
240 | return (&rv->s); |
241 | } |
242 | |
243 | static int rsapss_vrfdoit(sig *s, dstr *d) |
244 | { |
245 | rsapss_vrfctx *rv = (rsapss_vrfctx *)s; |
246 | mp *m = mp_loadb(MP_NEW, d->buf, d->len); |
247 | int rc = rsa_verify(&rv->rp, m, |
248 | GH_DONE(s->h, 0), GH_CLASS(s->h)->hashsz, |
249 | 0, pss_decode, &rv->p); |
250 | mp_drop(m); |
251 | return (rc); |
252 | } |
253 | |
254 | static const char *rsapss_vrfcheck(sig *s) |
255 | { |
256 | rsapss_vrfctx *rv = (rsapss_vrfctx *)s; |
257 | const char *e; |
258 | if ((e = rsa_lengthcheck(rv->rp.rp->n)) != 0) return (e); |
259 | return (0); |
260 | } |
261 | |
262 | static void rsapss_vrfdestroy(sig *s) |
263 | { |
264 | rsapss_vrfctx *rv = (rsapss_vrfctx *)s; |
265 | rsa_pubdestroy(&rv->rp); |
266 | DESTROY(rv); |
267 | } |
268 | |
269 | static const sigops rsapss_vrf = { |
270 | rsa_pubfetch, sizeof(rsa_pub), |
271 | rsapss_vrfinit, rsapss_vrfdoit, rsapss_vrfcheck, rsapss_vrfdestroy |
272 | }; |
273 | |
274 | /* --- DSA and ECDSA --- */ |
275 | |
276 | typedef struct dsa_sigctx { |
277 | sig s; |
278 | gdsa g; |
279 | } dsa_sigctx; |
280 | |
281 | static void dsa_initcommon(dsa_sigctx *ds, const gchash *hc, |
282 | const char *ktag) |
283 | { |
284 | ds->g.r = &rand_global; |
285 | ds->g.h = hc; |
286 | ds->g.u = MP_NEW; |
287 | ds->s.h = 0; |
288 | } |
289 | |
290 | static dsa_sigctx *dsa_doinit(key *k, const gprime_param *gp, |
291 | mp *y, const gchash *hc) |
292 | { |
293 | dsa_sigctx *ds = CREATE(dsa_sigctx); |
294 | dstr t = DSTR_INIT; |
295 | |
296 | key_fulltag(k, &t); |
297 | if ((ds->g.g = group_prime(gp)) == 0) |
298 | die(EXIT_FAILURE, "bad prime group in key `%s'", t.buf); |
299 | ds->g.p = G_CREATE(ds->g.g); |
300 | if (G_FROMINT(ds->g.g, ds->g.p, y)) |
301 | die(EXIT_FAILURE, "bad public key in key `%s'", t.buf); |
302 | dsa_initcommon(ds, hc, t.buf); |
303 | dstr_destroy(&t); |
304 | return (ds); |
305 | } |
306 | |
307 | static dsa_sigctx *ecdsa_doinit(key *k, const char *cstr, |
308 | ec *y, const gchash *hc) |
309 | { |
310 | dsa_sigctx *ds = CREATE(dsa_sigctx); |
311 | ec_info ei; |
312 | const char *e; |
313 | dstr t = DSTR_INIT; |
314 | |
315 | key_fulltag(k, &t); |
316 | if ((e = ec_getinfo(&ei, cstr)) != 0) |
317 | die(EXIT_FAILURE, "bad curve in key `%s': %s", t.buf, e); |
318 | ds->g.g = group_ec(&ei); |
319 | ds->g.p = G_CREATE(ds->g.g); |
320 | if (G_FROMEC(ds->g.g, ds->g.p, y)) |
321 | die(EXIT_FAILURE, "bad public key in key `%s'", t.buf); |
322 | dsa_initcommon(ds, hc, t.buf); |
323 | dstr_destroy(&t); |
324 | return (ds); |
325 | } |
326 | |
327 | static sig *dsa_siginit(key *k, void *kd, const gchash *hc) |
328 | { |
329 | dh_priv *dp = kd; |
330 | dsa_sigctx *ds = dsa_doinit(k, &dp->dp, dp->y, hc); |
331 | ds->g.u = MP_COPY(dp->x); |
332 | return (&ds->s); |
333 | } |
334 | |
335 | static sig *ecdsa_siginit(key *k, void *kd, const gchash *hc) |
336 | { |
337 | ec_priv *ep = kd; |
338 | dsa_sigctx *ds = ecdsa_doinit(k, ep->cstr, &ep->p, hc); |
339 | ds->g.u = MP_COPY(ep->x); |
340 | return (&ds->s); |
341 | } |
342 | |
343 | static int dsa_sigdoit(sig *s, dstr *d) |
344 | { |
345 | dsa_sigctx *ds = (dsa_sigctx *)s; |
346 | gdsa_sig ss = GDSA_SIG_INIT; |
347 | size_t n = mp_octets(ds->g.g->r); |
348 | |
349 | gdsa_sign(&ds->g, &ss, GH_DONE(ds->s.h, 0), 0); |
350 | dstr_ensure(d, 2 * n); |
351 | mp_storeb(ss.r, d->buf, n); |
352 | mp_storeb(ss.s, d->buf + n, n); |
353 | d->len += 2 * n; |
354 | mp_drop(ss.r); mp_drop(ss.s); |
355 | return (0); |
356 | } |
357 | |
358 | static const char *dsa_sigcheck(sig *s) |
359 | { |
360 | dsa_sigctx *ds = (dsa_sigctx *)s; |
361 | const char *e; |
362 | if ((e = G_CHECK(ds->g.g, &rand_global)) != 0) |
363 | return (0); |
364 | if (group_check(ds->g.g, ds->g.p)) |
365 | return ("public key not in subgroup"); |
366 | return (0); |
367 | } |
368 | |
369 | static void dsa_sigdestroy(sig *s) |
370 | { |
371 | dsa_sigctx *ds = (dsa_sigctx *)s; |
372 | G_DESTROY(ds->g.g, ds->g.p); |
373 | mp_drop(ds->g.u); |
374 | G_DESTROYGROUP(ds->g.g); |
375 | } |
376 | |
377 | static const sigops dsa_sig = { |
378 | dh_privfetch, sizeof(dh_priv), |
379 | dsa_siginit, dsa_sigdoit, dsa_sigcheck, dsa_sigdestroy |
380 | }; |
381 | |
382 | static const sigops ecdsa_sig = { |
383 | ec_privfetch, sizeof(ec_priv), |
384 | ecdsa_siginit, dsa_sigdoit, dsa_sigcheck, dsa_sigdestroy |
385 | }; |
386 | |
387 | static sig *dsa_vrfinit(key *k, void *kd, const gchash *hc) |
388 | { |
389 | dh_pub *dp = kd; |
390 | dsa_sigctx *ds = dsa_doinit(k, &dp->dp, dp->y, hc); |
391 | return (&ds->s); |
392 | } |
393 | |
394 | static sig *ecdsa_vrfinit(key *k, void *kd, const gchash *hc) |
395 | { |
396 | ec_pub *ep = kd; |
397 | dsa_sigctx *ds = ecdsa_doinit(k, ep->cstr, &ep->p, hc); |
398 | return (&ds->s); |
399 | } |
400 | |
401 | static int dsa_vrfdoit(sig *s, dstr *d) |
402 | { |
403 | dsa_sigctx *ds = (dsa_sigctx *)s; |
404 | gdsa_sig ss; |
405 | size_t n = d->len/2; |
406 | int rc; |
407 | |
408 | ss.r = mp_loadb(MP_NEW, d->buf, n); |
409 | ss.s = mp_loadb(MP_NEW, d->buf + n, d->len - n); |
410 | rc = gdsa_verify(&ds->g, &ss, GH_DONE(ds->s.h, 0)); |
411 | mp_drop(ss.r); mp_drop(ss.s); |
412 | return (rc); |
413 | } |
414 | |
415 | static const sigops dsa_vrf = { |
416 | dh_pubfetch, sizeof(dh_pub), |
417 | dsa_vrfinit, dsa_vrfdoit, dsa_sigcheck, dsa_sigdestroy |
418 | }; |
419 | |
420 | static const sigops ecdsa_vrf = { |
421 | ec_pubfetch, sizeof(ec_pub), |
422 | ecdsa_vrfinit, dsa_vrfdoit, dsa_sigcheck, dsa_sigdestroy |
423 | }; |
424 | |
425 | /* --- KCDSA and ECKCDSA --- */ |
426 | |
427 | static void kcdsa_privkey(dsa_sigctx *ds, mp *x) |
428 | { ds->g.u = mp_modinv(MP_NEW, x, ds->g.g->r); } |
429 | |
430 | static void kcdsa_sethash(dsa_sigctx *ds, const gchash *hc) |
431 | { ds->s.h = gkcdsa_beginhash(&ds->g); } |
432 | |
433 | static sig *kcdsa_siginit(key *k, void *kd, const gchash *hc) |
434 | { |
435 | dh_priv *dp = kd; |
436 | dsa_sigctx *ds = dsa_doinit(k, &dp->dp, dp->y, hc); |
437 | kcdsa_privkey(ds, dp->x); |
438 | kcdsa_sethash(ds, hc); |
439 | return (&ds->s); |
440 | } |
441 | |
442 | static sig *eckcdsa_siginit(key *k, void *kd, const gchash *hc) |
443 | { |
444 | ec_priv *ep = kd; |
445 | dsa_sigctx *ds = ecdsa_doinit(k, ep->cstr, &ep->p, hc); |
446 | kcdsa_privkey(ds, ep->x); |
447 | kcdsa_sethash(ds, hc); |
448 | return (&ds->s); |
449 | } |
450 | |
451 | static int kcdsa_sigdoit(sig *s, dstr *d) |
452 | { |
453 | dsa_sigctx *ds = (dsa_sigctx *)s; |
454 | gkcdsa_sig ss = GKCDSA_SIG_INIT; |
455 | size_t hsz = ds->g.h->hashsz, n = mp_octets(ds->g.g->r); |
456 | |
457 | gkcdsa_sign(&ds->g, &ss, GH_DONE(ds->s.h, 0), 0); |
458 | dstr_ensure(d, hsz + n); |
459 | memcpy(d->buf, ss.r, hsz); |
460 | mp_storeb(ss.s, d->buf + hsz, n); |
461 | d->len += hsz + n; |
462 | xfree(ss.r); mp_drop(ss.s); |
463 | return (0); |
464 | } |
465 | |
466 | static const sigops kcdsa_sig = { |
467 | dh_privfetch, sizeof(dh_priv), |
468 | kcdsa_siginit, kcdsa_sigdoit, dsa_sigcheck, dsa_sigdestroy |
469 | }; |
470 | |
471 | static const sigops eckcdsa_sig = { |
472 | ec_privfetch, sizeof(ec_priv), |
473 | eckcdsa_siginit, kcdsa_sigdoit, dsa_sigcheck, dsa_sigdestroy |
474 | }; |
475 | |
476 | static sig *kcdsa_vrfinit(key *k, void *kd, const gchash *hc) |
477 | { |
478 | dh_pub *dp = kd; |
479 | dsa_sigctx *ds = dsa_doinit(k, &dp->dp, dp->y, hc); |
480 | kcdsa_sethash(ds, hc); |
481 | return (&ds->s); |
482 | } |
483 | |
484 | static sig *eckcdsa_vrfinit(key *k, void *kd, const gchash *hc) |
485 | { |
486 | ec_pub *ep = kd; |
487 | dsa_sigctx *ds = ecdsa_doinit(k, ep->cstr, &ep->p, hc); |
488 | kcdsa_sethash(ds, hc); |
489 | return (&ds->s); |
490 | } |
491 | |
492 | static int kcdsa_vrfdoit(sig *s, dstr *d) |
493 | { |
494 | dsa_sigctx *ds = (dsa_sigctx *)s; |
495 | gkcdsa_sig ss; |
496 | size_t hsz = ds->g.h->hashsz, n = d->len - hsz; |
497 | int rc; |
498 | |
499 | if (d->len < hsz) |
500 | return (-1); |
501 | ss.r = (octet *)d->buf; |
502 | ss.s = mp_loadb(MP_NEW, d->buf + hsz, n); |
503 | rc = gkcdsa_verify(&ds->g, &ss, GH_DONE(ds->s.h, 0)); |
504 | mp_drop(ss.s); |
505 | return (rc); |
506 | } |
507 | |
508 | static const sigops kcdsa_vrf = { |
509 | dh_pubfetch, sizeof(dh_pub), |
510 | kcdsa_vrfinit, kcdsa_vrfdoit, dsa_sigcheck, dsa_sigdestroy |
511 | }; |
512 | |
513 | static const sigops eckcdsa_vrf = { |
514 | ec_pubfetch, sizeof(ec_pub), |
515 | eckcdsa_vrfinit, kcdsa_vrfdoit, dsa_sigcheck, dsa_sigdestroy |
516 | }; |
517 | |
518 | /* --- The switch table --- */ |
519 | |
520 | static const struct sigtab { |
521 | const char *name; |
522 | const sigops *signops; |
523 | const sigops *verifyops; |
524 | const gchash *ch; |
525 | } sigtab[] = { |
526 | { "rsapkcs1", &rsap1_sig, &rsap1_vrf, &sha }, |
527 | { "rsapss", &rsapss_sig, &rsapss_vrf, &sha }, |
528 | { "dsa", &dsa_sig, &dsa_vrf, &sha }, |
529 | { "ecdsa", &ecdsa_sig, &ecdsa_vrf, &sha }, |
530 | { "kcdsa", &kcdsa_sig, &kcdsa_vrf, &has160 }, |
531 | { "eckcdsa", &eckcdsa_sig, &eckcdsa_vrf, &has160 }, |
532 | { 0, 0, 0 } |
533 | }; |
534 | |
535 | /* --- @getsig@ --- * |
536 | * |
537 | * Arguments: @key *k@ = the key to load |
538 | * @const char *app@ = application name |
539 | * @int wantpriv@ = nonzero if we want to sign |
540 | * |
541 | * Returns: A signature-making thing. |
542 | * |
543 | * Use: Loads a key and starts hashing. |
544 | */ |
545 | |
546 | sig *getsig(key *k, const char *app, int wantpriv) |
547 | { |
548 | const char *salg, *halg = 0; |
549 | dstr d = DSTR_INIT; |
550 | dstr t = DSTR_INIT; |
551 | char *p = 0; |
552 | const char *q; |
553 | sig *s; |
554 | size_t n; |
555 | const struct sigtab *st; |
556 | const sigops *so; |
557 | const gchash *ch; |
558 | void *kd; |
559 | int e; |
560 | key_packdef *kp; |
561 | |
562 | /* --- Setup stuff --- */ |
563 | |
564 | key_fulltag(k, &t); |
565 | |
566 | /* --- Get the signature algorithm --- * |
567 | * |
568 | * Take the attribute if it's there; otherwise use the key type. |
569 | */ |
570 | |
571 | n = strlen(app); |
572 | if ((q = key_getattr(0, k, "sig")) != 0) { |
573 | dstr_puts(&d, q); |
574 | p = d.buf; |
575 | } else if (strncmp(k->type, app, n) == 0 && k->type[n] == '-') { |
576 | dstr_puts(&d, k->type); |
577 | p = d.buf + n + 1; |
578 | } else |
579 | die(EXIT_FAILURE, "no signature algorithm for key `%s'", t.buf); |
580 | |
581 | /* --- Grab the hash algorithm --- * |
582 | * |
583 | * Grab it from the signature algorithm if it's there. But override that |
584 | * from the attribute. |
585 | */ |
586 | |
587 | salg = p; |
588 | if ((p = strchr(p, '/')) != 0) { |
589 | *p++ = 0; |
590 | halg = p; |
591 | } |
592 | if ((q = key_getattr(0, k, "hash")) != 0) |
593 | halg = q; |
594 | |
595 | /* --- Look up the algorithms in the table --- */ |
596 | |
597 | for (st = sigtab; st->name; st++) { |
598 | if (strcmp(st->name, salg) == 0) |
599 | goto s_found; |
600 | } |
601 | die(EXIT_FAILURE, "signature algorithm `%s' not found in key `%s'", |
602 | salg, t.buf); |
603 | s_found:; |
604 | if (!halg) |
605 | ch = st->ch; |
606 | else { |
607 | if ((ch = ghash_byname(halg)) == 0) { |
608 | die(EXIT_FAILURE, "hash algorithm `%s' not found in key `%s'", |
609 | halg, t.buf); |
610 | } |
611 | } |
612 | so = wantpriv ? st->signops : st->verifyops; |
613 | |
614 | /* --- Load the key --- */ |
615 | |
616 | kd = xmalloc(so->kdsz); |
617 | kp = key_fetchinit(so->kf, 0, kd); |
618 | if ((e = key_fetch(kp, k)) != 0) |
619 | die(EXIT_FAILURE, "error fetching key `%s': %s", t.buf, key_strerror(e)); |
620 | s = so->init(k, kd, ch); |
621 | if (!s->h) |
622 | s->h = GH_INIT(ch); |
623 | s->kp = kp; |
624 | s->ops = so; |
625 | s->kd = kd; |
626 | |
627 | /* --- Free stuff up --- */ |
628 | |
629 | dstr_destroy(&d); |
630 | dstr_destroy(&t); |
631 | return (s); |
632 | } |
633 | |
634 | /* --- @freesig@ --- * |
635 | * |
636 | * Arguments: @sig *s@ = signature-making thing |
637 | * |
638 | * Returns: --- |
639 | * |
640 | * Use: Frees up a signature-making thing |
641 | */ |
642 | |
643 | void freesig(sig *s) |
644 | { |
645 | GH_DESTROY(s->h); |
646 | key_fetchdone(s->kp); |
647 | xfree(s->kd); |
648 | s->ops->destroy(s); |
649 | } |
650 | |
651 | /*----- That's all, folks -------------------------------------------------*/ |