3 * PGP related functions.
6 /* nettle, low-level cryptographics library
8 * Copyright (C) 2001, 2002 Niels Möller
10 * The nettle library is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU Lesser General Public License as published by
12 * the Free Software Foundation; either version 2.1 of the License, or (at your
13 * option) any later version.
15 * The nettle library is distributed in the hope that it will be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
17 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
18 * License for more details.
20 * You should have received a copy of the GNU Lesser General Public License
21 * along with the nettle library; see the file COPYING.LIB. If not, write to
22 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
42 pgp_put_uint32(struct nettle_buffer *buffer, uint32_t i)
44 uint8_t *p = nettle_buffer_space(buffer, 4);
53 pgp_put_uint16(struct nettle_buffer *buffer, unsigned i)
55 uint8_t *p = nettle_buffer_space(buffer, 2);
64 pgp_put_mpi(struct nettle_buffer *buffer, const mpz_t x)
66 unsigned bits = mpz_sizeinbase(x, 2);
67 unsigned octets = (bits + 7) / 8;
71 /* FIXME: What's the correct representation of zero? */
72 if (!pgp_put_uint16(buffer, bits))
75 p = nettle_buffer_space(buffer, octets);
80 nettle_mpz_get_str_256(octets, p, x);
86 pgp_put_string(struct nettle_buffer *buffer,
90 return nettle_buffer_write(buffer, length, s);
95 length_field(unsigned length)
97 if (length < PGP_LENGTH_TWO_OCTET)
99 else if (length < PGP_LENGTH_FOUR_OCTETS)
105 /* bodyLen = ((1st_octet - 192) << 8) + (2nd_octet) + 192
106 * ==> bodyLen - 192 + 192 << 8 = (1st_octet << 8) + (2nd_octet)
109 #define LENGTH_TWO_OFFSET (192 * 255)
112 pgp_put_length(struct nettle_buffer *buffer,
115 if (length < PGP_LENGTH_TWO_OCTETS)
116 return NETTLE_BUFFER_PUTC(buffer, length);
118 else if (length < PGP_LENGTH_FOUR_OCTETS)
119 return pgp_put_uint16(buffer, length + LENGTH_TWO_OFFSET);
121 return NETTLE_BUFFER_PUTC(buffer, 0xff) && pgp_put_uint32(buffer, length);
124 /* Uses the "new" packet format */
126 pgp_put_header(struct nettle_buffer *buffer,
127 unsigned tag, unsigned length)
131 return (NETTLE_BUFFER_PUTC(buffer, 0xC0 | tag)
132 && pgp_put_length(buffer, length));
135 /* FIXME: Should we abort or return error if the length and the field
136 * size don't match? */
138 pgp_put_header_length(struct nettle_buffer *buffer,
139 /* start of the header */
147 length = buffer->size - (start + 2);
148 assert(length < PGP_LENGTH_TWO_OCTETS);
149 buffer->contents[start + 1] = length;
152 length = buffer->size - (start + 3);
153 assert(length < PGP_LENGTH_FOUR_OCTETS
154 && length >= PGP_LENGTH_TWO_OCTETS);
155 WRITE_UINT16(buffer->contents + start + 1, length + LENGTH_TWO_OFFSET);
158 length = buffer->size - (start + 5);
159 WRITE_UINT32(buffer->contents + start + 2, length);
167 pgp_put_userid(struct nettle_buffer *buffer,
171 return (pgp_put_header(buffer, PGP_TAG_USERID, length)
172 && pgp_put_string(buffer, length, name));
176 pgp_sub_packet_start(struct nettle_buffer *buffer)
178 return nettle_buffer_space(buffer, 2) ? buffer->size : 0;
182 pgp_put_sub_packet(struct nettle_buffer *buffer,
187 return (pgp_put_length(buffer, length + 1)
188 && NETTLE_BUFFER_PUTC(buffer, type)
189 && pgp_put_string(buffer, length, data));
193 pgp_sub_packet_end(struct nettle_buffer *buffer, unsigned start)
198 assert(start <= buffer->size);
200 length = buffer->size - start;
201 WRITE_UINT32(buffer->contents + start - 2, length);
205 pgp_put_public_rsa_key(struct nettle_buffer *buffer,
206 const struct rsa_public_key *pub,
209 /* Public key packet, version 4 */
213 /* Size of packet is 16 + the size of e and n */
215 + nettle_mpz_sizeinbase_256_u(pub->n)
216 + nettle_mpz_sizeinbase_256_u(pub->e));
218 if (!pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY, length))
221 start = buffer->size;
223 if (! (pgp_put_header(buffer, PGP_TAG_PUBLIC_KEY,
224 /* Assume that we need two octets */
225 PGP_LENGTH_TWO_OCTETS)
226 && pgp_put_uint32(buffer, 4) /* Version */
227 && pgp_put_uint32(buffer, timestamp)/* Time stamp */
228 && pgp_put_uint32(buffer, PGP_RSA) /* Algorithm */
229 && pgp_put_mpi(buffer, pub->n)
230 && pgp_put_mpi(buffer, pub->e)) )
233 assert(buffer->size == start + length);
239 pgp_put_rsa_sha1_signature(struct nettle_buffer *buffer,
240 const struct rsa_private_key *key,
241 const uint8_t *keyid,
243 struct sha1_ctx *hash)
245 unsigned signature_start = buffer->size;
247 unsigned sub_packet_start;
252 /* Signature packet. The packet could reasonably be both smaller and
253 * larger than 192, so for simplicity we use the 4 octet header
256 if (! (pgp_put_header(buffer, PGP_TAG_SIGNATURE, PGP_LENGTH_FOUR_OCTETS)
257 && NETTLE_BUFFER_PUTC(buffer, 4) /* Version */
258 && NETTLE_BUFFER_PUTC(buffer, type)
259 /* Could also be PGP_RSA_SIGN */
260 && NETTLE_BUFFER_PUTC(buffer, PGP_RSA)
261 && NETTLE_BUFFER_PUTC(buffer, PGP_SHA1)
262 && pgp_put_uint16(buffer, 0))) /* Hashed subpacket length */
265 hash_end = buffer->size;
268 hash_end - signature_start,
269 buffer->contents + signature_start);
271 trailer[0] = 4; trailer[1] = 0xff;
272 WRITE_UINT32(trailer + 2, buffer->size - signature_start);
274 sha1_update(hash, sizeof(trailer), trailer);
277 struct sha1_ctx hcopy = *hash;
278 uint8_t *p = nettle_buffer_space(buffer, 2);
282 sha1_digest(&hcopy, 2, p);
285 /* One "sub-packet" field with the issuer keyid */
286 sub_packet_start = pgp_sub_packet_start(buffer);
287 if (!sub_packet_start)
290 if (pgp_put_sub_packet(buffer, PGP_SUBPACKET_ISSUER_KEY_ID, 8, keyid))
292 pgp_sub_packet_end(buffer, sub_packet_start);
297 if (!(rsa_sha1_sign(key, hash, s)
298 && pgp_put_mpi(buffer, s)))
305 pgp_put_header_length(buffer, signature_start, 4);
310 #define CRC24_INIT 0x0b704ceL
311 #define CRC24_POLY 0x1864cfbL
314 pgp_crc24(unsigned length, const uint8_t *data)
316 uint32_t crc = CRC24_INIT;
319 for (i = 0; i<length; i++)
322 crc ^= ((unsigned) (data[i]) << 16);
323 for (j = 0; j<8; j++)
330 assert(crc < 0x1000000);
335 #define WRITE(buffer, s) (nettle_buffer_write(buffer, strlen((s)), (s)))
337 /* 15 base 64 groups data per line */
338 #define BINARY_PER_LINE 45
339 #define TEXT_PER_LINE BASE64_ENCODE_LENGTH(BINARY_PER_LINE)
342 pgp_armor(struct nettle_buffer *buffer,
347 struct base64_encode_ctx ctx;
349 unsigned crc = pgp_crc24(length, data);
351 base64_encode_init(&ctx);
353 if (! (WRITE(buffer, "BEGIN PGP ")
354 && WRITE(buffer, tag)
355 && WRITE(buffer, "\nComment: Nettle\n\n")))
359 length >= BINARY_PER_LINE;
360 length -= BINARY_PER_LINE, data += BINARY_PER_LINE)
364 = nettle_buffer_space(buffer, TEXT_PER_LINE);
369 done = base64_encode_update(&ctx, p, BINARY_PER_LINE, data);
370 assert(done <= TEXT_PER_LINE);
372 /* FIXME: Create some official way to do this */
373 buffer->size -= (TEXT_PER_LINE - done);
375 if (!NETTLE_BUFFER_PUTC(buffer, '\n'))
381 unsigned text_size = BASE64_ENCODE_LENGTH(length)
382 + BASE64_ENCODE_FINAL_LENGTH;
386 = nettle_buffer_space(buffer, text_size);
390 done = base64_encode_update(&ctx, p, length, data);
391 done += base64_encode_final(&ctx, p + done);
393 /* FIXME: Create some official way to do this */
394 buffer->size -= (text_size - done);
396 if (!NETTLE_BUFFER_PUTC(buffer, '\n'))
400 if (!NETTLE_BUFFER_PUTC(buffer, '='))
404 uint8_t *p = nettle_buffer_space(buffer, 4);
407 base64_encode_group(p, crc);
410 return (WRITE(buffer, "\nBEGIN PGP ")
411 && WRITE(buffer, tag)
412 && NETTLE_BUFFER_PUTC(buffer, '\n'));