📄 pgpkeymisc.c
字号:
i = pgpBnGetPlain(bn, buf, size);
if (i >= 0 && checksump) {
for (t = 0; t < (unsigned)i; t++)
*checksump += buf[t];
}
return i;
}
if (size < 2)
return 0;
if (old) {
/* Length it bits is not encrypted */
PGPCFBSync(cfb);
if (checksump)
*checksump += (unsigned)buf[0] + buf[1];
t = ((unsigned)buf[0] << 8) + buf[1];
} else {
/* Length in bits is encrypted */
pgpCFBDecryptInternal(cfb, buf, 2, tmp );
if (checksump)
*checksump += (unsigned)tmp[0] + tmp[1];
t = ((unsigned)tmp[0] << 8) + tmp[1];
}
buf += 2;
t = (t+7)/8;
if (size < t+2)
return 0;
/*
* Descrypt and convert in pieces. It's done from the
* most-significnt end to force allocation of the result
* number all at once rather than reallocating it bit by bit.
*/
size = t;
while (size) {
l = size < sizeof(tmp) ? size : sizeof(tmp);
pgpCFBDecryptInternal(cfb, buf, l, tmp);
size -= l;
buf += l;
if (bnInsertBigBytes(bn, tmp, size, l) < 0) {
pgpClearMemory( tmp, sizeof(tmp));
return kPGPError_OutOfMemory;
}
/* Checksum */
if (checksump) {
do {
*checksump += tmp[--l];
} while (l);
}
}
pgpClearMemory( tmp, sizeof(tmp));
return (int)t+2;
}
/*
* Read the 2-byte simple checksum (as computed above) from the
* buffer for comparison. Old-style is unencrypted, new-style is
* encrypted.
*/
unsigned
pgpChecksumGet(PGPByte const *buf, PGPCFBContext *cfb, int old)
{
PGPByte tmp[2];
unsigned checksum;
if (old || !cfb) {
checksum = ((unsigned)buf[0] << 8) + buf[1];
} else {
pgpCFBDecryptInternal(cfb, buf, 2, tmp);
checksum = ((unsigned)tmp[0] << 8) + tmp[1];
pgpClearMemory( tmp, 2);
}
return checksum;
}
/*
* Convert an MPI to a big-endian byte buffer, with a length prefix.
* Returns number of bytes put into buffer.
*/
unsigned
pgpBnPutPlain(BigNum const *bn, PGPByte *buf)
{
unsigned t;
t = bnBits(bn);
buf[0] = (PGPByte)(t>>8 & 255);
buf[1] = (PGPByte)(t & 255);
t = (t+7)/8;
bnExtractBigBytes(bn, buf+2, 0, t);
return t+2;
}
/*
* Convert an MPI to a big-endian byte buffer. PGP format uses a
* length prefix.
* Returns number of bytes put into buffer.
*/
unsigned
pgpBnPutFormatted(BigNum const *bn, PGPByte *buf,
unsigned modbytes, PGPPublicKeyMessageFormat format)
{
unsigned extra = 0;
if (format == kPGPPublicKeyMessageFormat_PGP) {
return pgpBnPutPlain( bn, buf );
}
if (format == kPGPPublicKeyMessageFormat_X509) {
/* Insert integer prefix in DER encoding */
PGPUInt32 lenlen;
PGPUInt32 len;
if (bnBits(bn) == 8*modbytes)
modbytes += 1;
len = modbytes;
*buf++ = X509_TAG_INTEGER;
++extra;
lenlen = pgpBnX509LenLen(len);
if (--lenlen == 0) {
*buf++ = len;
++extra;
} else {
*buf++ = 0x80 | lenlen;
++extra;
len <<= 8 * (4-lenlen);
while (lenlen--) {
*buf++ = (PGPByte)(len >> 24);
++extra;
len <<= 8;
}
}
}
bnExtractBigBytes(bn, buf, 0, modbytes);
return modbytes + extra;
}
/*
* Helper function for ChangeLock.
* Convert an MPI to a big-endian byte buffer, with optional encryption and
* checksums. Accepts cfb == NULL to mean "unencrypted".
* Returns number of bytes put into buffer.
*/
unsigned
pgpBnPut(BigNum const *bn, PGPByte *buf,
PGPCFBContext *cfb, unsigned *checksump, int old)
{
unsigned t, u;
t = pgpBnPutPlain(bn, buf);
if (checksump)
for (u = 0; u < t; u++)
*checksump += buf[u];
if (cfb) {
if (old) {
PGPCFBSync(cfb);
pgpCFBEncryptInternal(cfb, buf+2, t-2, buf+2);
} else {
pgpCFBEncryptInternal(cfb, buf, t, buf);
}
}
return t;
}
/*
* Write the 2-byte simple checksum (as computed above) to the
* buffer for comparison. Old-style is unencrypted, new-style is
* encrypted.
*/
void
pgpChecksumPut(unsigned checksum, PGPByte *buf, PGPCFBContext *cfb,
int old)
{
buf[0] = (PGPByte)(checksum>>8 & 255);
buf[1] = (PGPByte)(checksum & 255);
if (cfb && !old)
pgpCFBEncryptInternal(cfb, buf, 2, buf);
}
/*
* Generate a random bignum of the specified length, with the given
* high and low 8 bits. "High" is merged into the high 8 bits of the
* number. For example, set it to 0x80 to ensure that the number is
* exactly "bits" bits long (i.e. 2^(bits-1) <= bn < 2^bits).
* "Low" is merged into the low 8 bits. For example, set it to
* 1 to ensure that you generate an odd number.
*/
int
pgpBnGenRand(BigNum *bn, PGPRandomContext const *rc,
unsigned bits, PGPByte high, PGPByte low, unsigned effective)
{
unsigned char buf[64];
unsigned bytes;
unsigned l;
int err;
bnSetQ(bn, 0);
/* Get high random bits */
bytes = (bits+7) / 8;
l = bytes < sizeof(buf) ? bytes : sizeof(buf);
pgpRandomGetBytesEntropy(rc, buf, l, effective);
/* Mask off excess high bits */
buf[0] &= 255 >> (-(int)bits & 7);
/* Merge in specified high bits */
buf[0] |= high >> (-(int)bits & 7);
if (bits & 7)
buf[1] |= high << (bits & 7);
for (;;) {
bytes -= l;
if (!bytes) /* Last word - merge in low bits */
buf[l-1] |= low;
err = bnInsertBigBytes(bn, buf, bytes, l);
if (!bytes || err < 0)
break;
l = bytes < sizeof(buf) ? bytes : sizeof(buf);
pgpRandomGetBytesEntropy(rc, buf, l, 0);
}
/* Burn and return */
pgpClearMemory( buf, sizeof(buf));
return err;
}
/*
* Parse a buffer containing n mpi format numbers (two bytes of length in bits,
* followed by data). Make sure data is well formed and doesn't exceed
* buffer length. Take n pointers to offsets where the n numbers start
* (pointers may be null but must not be left off arg list).
* Return offset past last value, or negative for error.
*/
int
pgpBnParse(PGPByte const *buf, unsigned size, int n, ...)
{
va_list ap;
unsigned nb;
unsigned off;
unsigned *poff;
va_start (ap, n);
if (size < 2U*n)
return kPGPError_KeyPacketTruncated;
off = 0;
while (n--) {
poff = va_arg(ap, unsigned *);
nb = ((unsigned)buf[0+off] << 8) + buf[1+off];
if (!nb || buf[2+off] >> ((nb-1) & 7) != 1)
return kPGPError_MalformedKeyComponent; /* Bad bit length */
nb = (nb+7)/8;
/* Need nb+2 bytes for this, plus 2*n for remainder */
if (size-off < nb + 2 + 2*n)
return kPGPError_KeyPacketTruncated;
if (poff)
*poff = off;
off += nb+2;
}
va_end (ap);
return off;
}
/*
* Given a cipher algorithm descriptor in (buf,len) and a passphrase,
* initialize the passed-in PGPCFBContext pointer and return the
* number of bytes of descriptor used, or <0 on error. (In which
* case *cfbp is NULL.) If hashedPhrase is true, the passphrase has
* already been hashed using the s2k object and we use it literally
* as the key.
*/
int
pgpCipherSetup(
PGPByte const *buf, unsigned len, char const *phrase, size_t plen,
PGPBoolean hashedPhrase, PGPEnv const *env, PGPCFBContext **cfbp)
{
PGPCipherVTBL const *cipher;
PGPStringToKey *s2k;
unsigned alg;
int alglen;
PGPByte key[PGP_CIPHER_MAXKEYSIZE];
PGPContextRef context = pgpenvGetContext( env );
/* Sanity check on lengths, otherwise we take forever */
pgpAssert( plen < 0x10000U );
pgpAssert( len < 0x10000U );
/* First things first, in case of error... */
*cfbp = NULL;
if (len < 1)
return kPGPError_KeyPacketTruncated;
alg = buf[0] & 255;
if (!alg) /* The key isn't encrypted; just read it in */
return 1;
if (alg == 255) {
/* New style, with a separate string-to-key */
if (len == 1)
return kPGPError_KeyPacketTruncated;
alg = buf[1];
alglen = pgpS2Kdecode(&s2k, env, buf+2, len-2);
if (alglen < 0)
return alglen;
alglen += 2;
if (len < (unsigned)alglen)
return kPGPError_KeyPacketTruncated;
} else {
/* Old-style string-to-key */
s2k = pgpS2Ksimple(env, pgpHashByNumber(kPGPHashAlgorithm_MD5));
if (!s2k)
return kPGPError_OutOfMemory;
alglen = 1;
}
/* Okay now, do the conversion */
cipher = pgpCipherGetVTBL( (PGPCipherAlgorithm)alg);
if (!cipher) {
pgpS2Kdestroy(s2k);
return kPGPError_BadCipherNumber;
}
if (len < alglen + cipher->blocksize) {
pgpS2Kdestroy(s2k);
return kPGPError_KeyPacketTruncated;
}
*cfbp = pgpCFBCreate( PGPGetContextMemoryMgr( context ), cipher);
if (!*cfbp) {
pgpS2Kdestroy(s2k);
return kPGPError_OutOfMemory;
}
pgpAssert(cipher->keysize <= sizeof(key));
if (hashedPhrase) {
pgpCopyMemory (phrase, key, plen);
} else {
pgpStringToKey(s2k, phrase, plen, key, cipher->keysize);
}
PGPInitCFB(*cfbp, key, buf + alglen);
pgpClearMemory( key, sizeof(key));
pgpS2Kdestroy(s2k);
return alglen + cipher->blocksize;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -