Author: Pekka Riikonen <priikone@silcnet.org>
- Copyright (C) 1997 - 2007 Pekka Riikonen
+ Copyright (C) 1997 - 2008 Pekka Riikonen
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
GNU General Public License for more details.
*/
-/* $Id$ */
-#include "silc.h"
+#include "silccrypto.h"
#include "silcpk_i.h"
#include "silcpkcs1_i.h"
#include "dsa.h"
#ifdef SILC_DIST_SSH
#include "silcssh_pkcs.h"
#endif /* SILC_DIST_SSH */
+#ifdef SILC_DIST_PGP
+#include "silcpgp_pkcs.h"
+#endif /* SILC_DIST_PGP */
#ifndef SILC_SYMBIAN
/* Dynamically registered list of PKCS. */
},
#endif /* SILC_DIST_SSH */
+#ifdef SILC_DIST_PGP
+ /* OpenPGP PKCS */
+ {
+ SILC_PKCS_OPENPGP,
+ silc_pkcs_pgp_get_algorithm,
+ silc_pkcs_pgp_import_public_key_file,
+ silc_pkcs_pgp_import_public_key,
+ silc_pkcs_pgp_export_public_key_file,
+ silc_pkcs_pgp_export_public_key,
+ silc_pkcs_pgp_public_key_bitlen,
+ silc_pkcs_pgp_public_key_copy,
+ silc_pkcs_pgp_public_key_compare,
+ silc_pkcs_pgp_public_key_free,
+ silc_pkcs_pgp_import_private_key_file,
+ silc_pkcs_pgp_import_private_key,
+ silc_pkcs_pgp_export_private_key_file,
+ silc_pkcs_pgp_export_private_key,
+ silc_pkcs_pgp_private_key_bitlen,
+ silc_pkcs_pgp_private_key_free,
+ silc_pkcs_pgp_encrypt,
+ silc_pkcs_pgp_decrypt,
+ silc_pkcs_pgp_sign,
+ silc_pkcs_pgp_verify,
+ },
+#endif /* SILC_DIST_PGP */
+
{
0, NULL, NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL, NULL
silc_pkcs1_verify
},
- /* DSS */
+ /* DSS, FIPS186-3 */
{
"dsa",
"dss",
silc_dsa_verify
},
+ /* DSS, FIPS186-2 */
+ {
+ "dsa",
+ "dss-fips186-2",
+ "sha1",
+ silc_dsa_generate_key,
+ silc_dsa_import_public_key,
+ silc_dsa_export_public_key,
+ silc_dsa_public_key_bitlen,
+ silc_dsa_public_key_copy,
+ silc_dsa_public_key_compare,
+ silc_dsa_public_key_free,
+ silc_dsa_import_private_key,
+ silc_dsa_export_private_key,
+ silc_dsa_private_key_bitlen,
+ silc_dsa_private_key_free,
+ silc_dsa_encrypt,
+ silc_dsa_decrypt,
+ silc_dsa_sign,
+ silc_dsa_verify
+ },
+
#ifdef SILC_DIST_SSH
- /* PKCS #1, Version 1.5 without hash OIDs, SSH2 style public keys */
+ /* PKCS #1, SSH2 style public keys */
{
"rsa",
"ssh",
silc_pkcs1_verify
},
- /* DSS, SSH2 style public keys */
+ /* DSS FIPS186-2, SSH2 style public keys */
{
"dsa",
"ssh",
- "sha1",
- silc_dsa_generate_key,
+ "sha1,sha224,sha256,sha384,sha512",
+ silc_dsa_fips186_2_generate_key,
silc_ssh_dsa_import_public_key,
silc_ssh_dsa_export_public_key,
silc_dsa_public_key_bitlen,
},
#endif /* SILC_DIST_SSH */
+#ifdef SILC_DIST_PGP
+ /* PKCS #1, OpenPGP style public keys */
+ {
+ "rsa",
+ "openpgp",
+ "sha1",
+ silc_pkcs1_generate_key,
+ silc_pgp_rsa_import_public_key,
+ silc_pgp_rsa_export_public_key,
+ silc_pkcs1_public_key_bitlen,
+ silc_pkcs1_public_key_copy,
+ silc_pkcs1_public_key_compare,
+ silc_pkcs1_public_key_free,
+ silc_pgp_rsa_import_private_key,
+ silc_pgp_rsa_export_private_key,
+ silc_pkcs1_private_key_bitlen,
+ silc_pkcs1_private_key_free,
+ silc_pkcs1_encrypt,
+ silc_pkcs1_decrypt,
+ silc_pkcs1_sign,
+ silc_pkcs1_verify
+ },
+
+ /* DSS, OpenPGP style public keys */
+ {
+ "dsa",
+ "openpgp",
+ "sha1,sha224,sha256,sha384,sha512",
+ silc_dsa_generate_key,
+ silc_pgp_dsa_import_public_key,
+ silc_pgp_dsa_export_public_key,
+ silc_dsa_public_key_bitlen,
+ silc_dsa_public_key_copy,
+ silc_dsa_public_key_compare,
+ silc_dsa_public_key_free,
+ silc_pgp_dsa_import_private_key,
+ silc_pgp_dsa_export_private_key,
+ silc_dsa_private_key_bitlen,
+ silc_dsa_private_key_free,
+ silc_dsa_encrypt,
+ silc_dsa_decrypt,
+ silc_dsa_sign,
+ silc_dsa_verify
+ },
+#endif /* SILC_DIST_PGP */
+
{
NULL, NULL, NULL, NULL,
NULL, NULL, NULL, NULL,
if (!public_key)
return FALSE;
- pkcs = silc_pkcs_find_pkcs(type);
- public_key->pkcs = (SilcPKCSObject *)pkcs;
- if (!public_key->pkcs) {
- silc_free(public_key);
- return FALSE;
- }
+ if (type == SILC_PKCS_ANY) {
+ /* Try loading all types until one succeeds. */
+ for (type = SILC_PKCS_SILC; type <= SILC_PKCS_SPKI; type++) {
+ pkcs = (SilcPKCSObject *)silc_pkcs_find_pkcs(type);
+ if (!pkcs)
+ continue;
- /* Import the PKCS public key */
- if (!pkcs->import_public_key(pkcs, NULL, key, key_len,
- &public_key->public_key,
- &public_key->alg)) {
- silc_free(public_key);
- return FALSE;
- }
+ /* Import the PKCS public key */
+ if (pkcs->import_public_key(pkcs, NULL, key, key_len,
+ &public_key->public_key,
+ &public_key->alg)) {
+ public_key->pkcs = (SilcPKCSObject *)pkcs;
+ *ret_public_key = public_key;
+ return TRUE;
+ }
+ }
+ } else {
+ pkcs = silc_pkcs_find_pkcs(type);
+ public_key->pkcs = (SilcPKCSObject *)pkcs;
+ if (!public_key->pkcs) {
+ silc_free(public_key);
+ return FALSE;
+ }
- *ret_public_key = public_key;
+ /* Import the PKCS public key */
+ if (pkcs->import_public_key(pkcs, NULL, key, key_len,
+ &public_key->public_key,
+ &public_key->alg)) {
+ *ret_public_key = public_key;
+ return TRUE;
+ }
+ }
- return TRUE;
+ silc_free(public_key);
+ return FALSE;
}
/* Frees the public key */
}
/* Import the PKCS private key */
- if (!pkcs->import_private_key(pkcs, NULL, key, key_len,
+ if (!pkcs->import_private_key(pkcs, NULL, NULL, 0, key, key_len,
&private_key->private_key,
&private_key->alg)) {
silc_free(private_key);
silc_free(private_key);
}
+/* PKCS operation context */
+typedef struct {
+ unsigned char *dst;
+ SilcUInt32 *dst_len;
+ SilcUInt32 dst_size;
+ SilcBool result;
+} SilcPKCSOperation;
+
+/* Encrypt, decrypt, sign callback */
+
+static void silc_pkcs_op_cb(SilcBool success,
+ const unsigned char *data,
+ SilcUInt32 data_len, void *context)
+{
+ SilcPKCSOperation *ctx = context;
+
+ ctx->result = success;
+
+ if (!success)
+ return;
+
+ if (data_len > ctx->dst_size) {
+ ctx->result = FALSE;
+ return;
+ }
+
+ memcpy(ctx->dst, data, data_len);
+ if (ctx->dst_len)
+ *ctx->dst_len = data_len;
+}
+
+/* Verify callback */
+
+static void silc_pkcs_verify_cb(SilcBool success, void *context)
+{
+ SilcPKCSOperation *ctx = context;
+ ctx->result = success;
+}
+
/* Encrypts */
-SilcAsyncOperation silc_pkcs_encrypt(SilcPublicKey public_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcRng rng,
- SilcPKCSEncryptCb encrypt_cb,
- void *context)
+SilcBool silc_pkcs_encrypt(SilcPublicKey public_key,
+ unsigned char *src, SilcUInt32 src_len,
+ unsigned char *dst, SilcUInt32 dst_size,
+ SilcUInt32 *dst_len, SilcRng rng)
+{
+ SilcPKCSOperation ctx;
+
+ ctx.dst = dst;
+ ctx.dst_size = dst_size;
+ ctx.dst_len = dst_len;
+
+ public_key->pkcs->encrypt(public_key->pkcs,
+ public_key->public_key, src, src_len,
+ rng, silc_pkcs_op_cb, &ctx);
+
+ return ctx.result;
+}
+
+/* Encrypts, async */
+
+SilcAsyncOperation
+silc_pkcs_encrypt_async(SilcPublicKey public_key,
+ unsigned char *src, SilcUInt32 src_len,
+ SilcRng rng,
+ SilcPKCSEncryptCb encrypt_cb,
+ void *context)
{
return public_key->pkcs->encrypt(public_key->pkcs,
public_key->public_key, src, src_len,
/* Decrypts */
-SilcAsyncOperation silc_pkcs_decrypt(SilcPrivateKey private_key,
- unsigned char *src, SilcUInt32 src_len,
- SilcPKCSDecryptCb decrypt_cb,
- void *context)
+SilcBool silc_pkcs_decrypt(SilcPrivateKey private_key,
+ unsigned char *src, SilcUInt32 src_len,
+ unsigned char *dst, SilcUInt32 dst_size,
+ SilcUInt32 *dst_len)
+{
+ SilcPKCSOperation ctx;
+
+ ctx.dst = dst;
+ ctx.dst_size = dst_size;
+ ctx.dst_len = dst_len;
+
+ private_key->pkcs->decrypt(private_key->pkcs,
+ private_key->private_key, src, src_len,
+ silc_pkcs_op_cb, &ctx);
+
+ return ctx.result;
+}
+
+/* Decrypts, async */
+
+SilcAsyncOperation
+silc_pkcs_decrypt_async(SilcPrivateKey private_key,
+ unsigned char *src, SilcUInt32 src_len,
+ SilcPKCSDecryptCb decrypt_cb,
+ void *context)
{
return private_key->pkcs->decrypt(private_key->pkcs,
private_key->private_key, src, src_len,
/* Generates signature */
-SilcAsyncOperation silc_pkcs_sign(SilcPrivateKey private_key,
- unsigned char *src,
- SilcUInt32 src_len,
- SilcBool compute_hash,
- SilcHash hash,
- SilcRng rng,
- SilcPKCSSignCb sign_cb,
- void *context)
+SilcBool silc_pkcs_sign(SilcPrivateKey private_key,
+ unsigned char *src, SilcUInt32 src_len,
+ unsigned char *dst, SilcUInt32 dst_size,
+ SilcUInt32 *dst_len, SilcBool compute_hash,
+ SilcHash hash, SilcRng rng)
+{
+ SilcPKCSOperation ctx;
+
+ ctx.dst = dst;
+ ctx.dst_size = dst_size;
+ ctx.dst_len = dst_len;
+
+ private_key->pkcs->sign(private_key->pkcs,
+ private_key->private_key, src, src_len,
+ compute_hash, hash, rng,
+ silc_pkcs_op_cb, &ctx);
+
+ return ctx.result;
+}
+
+/* Generates signature, async */
+
+SilcAsyncOperation silc_pkcs_sign_async(SilcPrivateKey private_key,
+ unsigned char *src,
+ SilcUInt32 src_len,
+ SilcBool compute_hash,
+ SilcHash hash,
+ SilcRng rng,
+ SilcPKCSSignCb sign_cb,
+ void *context)
{
return private_key->pkcs->sign(private_key->pkcs,
private_key->private_key, src, src_len,
/* Verifies signature */
-SilcAsyncOperation silc_pkcs_verify(SilcPublicKey public_key,
- unsigned char *signature,
- SilcUInt32 signature_len,
- unsigned char *data,
- SilcUInt32 data_len,
- SilcHash hash,
- SilcRng rng,
- SilcPKCSVerifyCb verify_cb,
- void *context)
+SilcBool silc_pkcs_verify(SilcPublicKey public_key,
+ unsigned char *signature,
+ SilcUInt32 signature_len,
+ unsigned char *data,
+ SilcUInt32 data_len,
+ SilcBool compute_hash,
+ SilcHash hash)
+{
+ SilcPKCSOperation ctx;
+
+ public_key->pkcs->verify(public_key->pkcs,
+ public_key->public_key, signature,
+ signature_len, data, data_len,
+ compute_hash, hash, NULL,
+ silc_pkcs_verify_cb, &ctx);
+
+ return ctx.result;
+}
+
+/* Verifies signature, async */
+
+SilcAsyncOperation silc_pkcs_verify_async(SilcPublicKey public_key,
+ unsigned char *signature,
+ SilcUInt32 signature_len,
+ unsigned char *data,
+ SilcUInt32 data_len,
+ SilcBool compute_hash,
+ SilcHash hash,
+ SilcPKCSVerifyCb verify_cb,
+ void *context)
{
return public_key->pkcs->verify(public_key->pkcs,
public_key->public_key, signature,
- signature_len, data, data_len, hash, rng,
+ signature_len, data, data_len,
+ compute_hash, hash, NULL,
verify_cb, context);
}