30 #if defined( USE_PGP ) || defined( USE_PGPKEYS )
41 const long mpiDataStartPos = stell( stream ) +
UINT16_SIZE;
48 minLength <= maxLength && \
63 status = readInteger16Ubits( stream, NULL, &dummy, minLength,
67 mpiLength = stell( stream ) - mpiDataStartPos;
68 status = sMemGetDataBlockAbs( stream, mpiDataStartPos, &mpiDataPtr,
72 mpiDataPtr, mpiLength );
102 assert(
isWritePtr( bytesToChecksum,
sizeof(
int ) ) );
109 *bytesToChecksum = 0;
111 sMemConnect( &stream, data, dataLength );
112 status = pgpReadDecryptMPI( &stream, iCryptContext,
117 *bytesToChecksum = stell( &stream );
118 sMemDisconnect( &stream );
122 status = pgpReadDecryptMPI( &stream, iCryptContext,
125 status = pgpReadDecryptMPI( &stream, iCryptContext,
128 status = pgpReadDecryptMPI( &stream, iCryptContext,
131 *bytesToChecksum = stell( &stream );
132 sMemDisconnect( &stream );
140 static
int checkKeyIntegrity(
IN_BUFFER( dataLength )
const void *data,
142 const int dataLength,
156 status = getObjectLength( data, dataLength, &length );
185 padPtr = (
const BYTE * ) data + length;
186 padSize = blockSize - ( length & ( blockSize - 1 ) );
188 length + padSize > dataLength )
190 for( i = 0; i < padSize; i++ )
192 if( padPtr[ i ] != padSize )
199 #if defined( USE_PGP ) || defined( USE_PGPKEYS )
202 static
int checkPgp2KeyIntegrity(
IN_BUFFER( dataLength )
const void *data,
209 int checksum = 0, storedChecksum, i,
status;
225 checksum += keyData[ i ];
229 sMemConnect( &stream, keyData + keyDataLength, dataLength - keyDataLength );
230 status = storedChecksum = readUint16( &stream );
231 sMemDisconnect( &stream );
238 static
int checkOpenPgpKeyIntegrity(
IN_BUFFER( dataLength )
const void *data,
243 const BYTE *hashValuePtr;
256 hashValuePtr = (
const BYTE * ) data + dataLength - hashSize;
260 dataLength - hashSize );
261 if( !compareDataConstTime( hashValue, hashValuePtr, hashSize ) )
282 static
int privateKeyWrap(
STDC_UNUSED void *dummy,
299 if( mechanismInfo->wrappedData != NULL )
301 memset( mechanismInfo->wrappedData, 0,
302 mechanismInfo->wrappedDataLength );
306 sMemNullOpen( &stream );
307 status = exportPrivateKeyData( &stream, mechanismInfo->keyContext,
308 formatType,
"private_key", 11 );
310 payloadSize = stell( &stream );
311 sMemClose( &stream );
319 padSize =
roundUp( payloadSize + 1, blockSize ) - payloadSize;
321 ENSURES( !( ( payloadSize + padSize ) & ( blockSize - 1 ) ) );
325 if( mechanismInfo->wrappedData == NULL )
327 mechanismInfo->wrappedDataLength = payloadSize + padSize;
334 if( payloadSize + padSize > mechanismInfo->wrappedDataLength )
338 sMemOpen( &stream, mechanismInfo->wrappedData,
339 mechanismInfo->wrappedDataLength );
340 status = exportPrivateKeyData( &stream, mechanismInfo->keyContext,
341 formatType,
"private_key", 11 );
342 sMemDisconnect( &stream );
345 BYTE startSample[ 8 + 8 ], endSample[ 8 + 8 ];
346 BYTE *dataPtr = mechanismInfo->wrappedData;
347 const void *dataEndPtr = dataPtr + payloadSize + padSize - 8;
352 memcpy( startSample, dataPtr, 8 );
353 memcpy( endSample, dataEndPtr, 8 );
356 for( i = 0; i < padSize; i++ )
357 dataPtr[ payloadSize + i ] =
intToByte( padSize );
360 mechanismInfo->wrappedData,
361 payloadSize + padSize );
367 ( !memcmp( startSample, dataPtr, 8 ) || \
368 !memcmp( endSample, dataEndPtr, 8 ) ) )
370 DEBUG_DIAG((
"Failed to encrypt private-key data" ));
379 zeroise( mechanismInfo->wrappedData,
380 mechanismInfo->wrappedDataLength );
383 mechanismInfo->wrappedDataLength = payloadSize + padSize;
389 static
int privateKeyUnwrap(
STDC_UNUSED void *dummy,
414 if( mechanismInfo->wrappedDataLength & ( blockSize - 1 ) )
422 if( ( status = krnlMemalloc( &buffer, \
423 mechanismInfo->wrappedDataLength ) ) !=
CRYPT_OK )
425 memcpy( buffer, mechanismInfo->wrappedData,
426 mechanismInfo->wrappedDataLength );
429 mechanismInfo->wrappedDataLength );
432 status = checkKeyIntegrity( buffer,
433 mechanismInfo->wrappedDataLength,
440 sMemConnect( &stream, buffer, mechanismInfo->wrappedDataLength );
441 status = importPrivateKeyData( &stream, mechanismInfo->keyContext,
443 sMemDisconnect( &stream );
445 zeroise( buffer, mechanismInfo->wrappedDataLength );
446 altStatus = krnlMemfree( &buffer );
471 int exportPrivateKeyPKCS8(
STDC_UNUSED void *dummy,
480 int importPrivateKeyPKCS8(
STDC_UNUSED void *dummy,
509 typedef enum { PRIVATEKEYPGP_WRAP_NONE, PRIVATEKEYPGP_WRAP_PGP2,
510 PRIVATEKEYPGP_WRAP_OPENPGP_OLD,
511 PRIVATEKEYPGP_WRAP_OPENPGP,
512 PRIVATEKEYPGP_WRAP_LAST } PRIVATEKEYPGP_WRAP_TYPE;
515 static
int privateKeyUnwrapPGP(
STDC_UNUSED void *dummy,
517 IN_ENUM( PRIVATEKEYPGP_WRAP ) \
518 const PRIVATEKEYPGP_WRAP_TYPE type )
528 REQUIRES( type > PRIVATEKEYPGP_WRAP_NONE && \
529 type < PRIVATEKEYPGP_WRAP_LAST );
540 if( ( status = krnlMemalloc( &buffer, \
541 mechanismInfo->wrappedDataLength ) ) !=
CRYPT_OK )
543 memcpy( buffer, mechanismInfo->wrappedData,
544 mechanismInfo->wrappedDataLength );
545 if( type == PRIVATEKEYPGP_WRAP_PGP2 )
547 status = pgp2DecryptKey( buffer, mechanismInfo->wrappedDataLength,
548 &bytesToChecksum, mechanismInfo->wrapContext,
556 mechanismInfo->wrappedDataLength );
560 zeroise( buffer, mechanismInfo->wrappedDataLength );
561 altStatus = krnlMemfree( &buffer );
568 if( type == PRIVATEKEYPGP_WRAP_PGP2 || \
569 type == PRIVATEKEYPGP_WRAP_OPENPGP_OLD )
576 if( type == PRIVATEKEYPGP_WRAP_OPENPGP_OLD )
577 bytesToChecksum = mechanismInfo->wrappedDataLength -
UINT16_SIZE;
578 status = checkPgp2KeyIntegrity( buffer, mechanismInfo->wrappedDataLength,
585 status = checkOpenPgpKeyIntegrity( buffer,
586 mechanismInfo->wrappedDataLength );
590 sMemConnect( &stream, buffer, mechanismInfo->wrappedDataLength );
591 status = importPrivateKeyData( &stream, mechanismInfo->keyContext,
593 sMemDisconnect( &stream );
597 zeroise( buffer, mechanismInfo->wrappedDataLength );
598 altStatus = krnlMemfree( &buffer );
610 return( privateKeyUnwrapPGP( dummy, mechanismInfo,
611 PRIVATEKEYPGP_WRAP_PGP2 ) );
615 int importPrivateKeyOpenPGPOld(
STDC_UNUSED void *dummy,
620 return( privateKeyUnwrapPGP( dummy, mechanismInfo,
621 PRIVATEKEYPGP_WRAP_OPENPGP_OLD ) );
625 int importPrivateKeyOpenPGP(
STDC_UNUSED void *dummy,
630 return( privateKeyUnwrapPGP( dummy, mechanismInfo,
631 PRIVATEKEYPGP_WRAP_OPENPGP ) );