PostgreSQL Source Code  git master
pgp-mpi-openssl.c
Go to the documentation of this file.
1 /*
2  * pgp-mpi-openssl.c
3  * OpenPGP MPI functions using OpenSSL BIGNUM code.
4  *
5  * Copyright (c) 2005 Marko Kreen
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  * notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * contrib/pgcrypto/pgp-mpi-openssl.c
30  */
31 #include "postgres.h"
32 
33 #include <openssl/bn.h>
34 
35 #include "pgp.h"
36 #include "px.h"
37 
38 static BIGNUM *
40 {
41  BIGNUM *bn = BN_bin2bn(n->data, n->bytes, NULL);
42 
43  if (!bn)
44  return NULL;
45  if (BN_num_bits(bn) != n->bits)
46  {
47  px_debug("mpi_to_bn: bignum conversion failed: mpi=%d, bn=%d",
48  n->bits, BN_num_bits(bn));
49  BN_clear_free(bn);
50  return NULL;
51  }
52  return bn;
53 }
54 
55 static PGP_MPI *
56 bn_to_mpi(BIGNUM *bn)
57 {
58  int res;
59  PGP_MPI *n;
60 
61  res = pgp_mpi_alloc(BN_num_bits(bn), &n);
62  if (res < 0)
63  return NULL;
64 
65  if (BN_num_bytes(bn) != n->bytes)
66  {
67  px_debug("bn_to_mpi: bignum conversion failed: bn=%d, mpi=%d",
68  BN_num_bytes(bn), n->bytes);
69  pgp_mpi_free(n);
70  return NULL;
71  }
72  BN_bn2bin(bn, n->data);
73  return n;
74 }
75 
76 /*
77  * Decide the number of bits in the random component k
78  *
79  * It should be in the same range as p for signing (which
80  * is deprecated), but can be much smaller for encrypting.
81  *
82  * Until I research it further, I just mimic gpg behaviour.
83  * It has a special mapping table, for values <= 5120,
84  * above that it uses 'arbitrary high number'. Following
85  * algorithm hovers 10-70 bits above gpg values. And for
86  * larger p, it uses gpg's algorithm.
87  *
88  * The point is - if k gets large, encryption will be
89  * really slow. It does not matter for decryption.
90  */
91 static int
92 decide_k_bits(int p_bits)
93 {
94  if (p_bits <= 5120)
95  return p_bits / 10 + 160;
96  else
97  return (p_bits / 8 + 200) * 3 / 2;
98 }
99 
100 int
102  PGP_MPI **c1_p, PGP_MPI **c2_p)
103 {
104  int res = PXE_PGP_MATH_FAILED;
105  int k_bits;
106  BIGNUM *m = mpi_to_bn(_m);
107  BIGNUM *p = mpi_to_bn(pk->pub.elg.p);
108  BIGNUM *g = mpi_to_bn(pk->pub.elg.g);
109  BIGNUM *y = mpi_to_bn(pk->pub.elg.y);
110  BIGNUM *k = BN_new();
111  BIGNUM *yk = BN_new();
112  BIGNUM *c1 = BN_new();
113  BIGNUM *c2 = BN_new();
114  BN_CTX *tmp = BN_CTX_new();
115 
116  if (!m || !p || !g || !y || !k || !yk || !c1 || !c2 || !tmp)
117  goto err;
118 
119  /*
120  * generate k
121  */
122  k_bits = decide_k_bits(BN_num_bits(p));
123  if (!BN_rand(k, k_bits, 0, 0))
124  goto err;
125 
126  /*
127  * c1 = g^k c2 = m * y^k
128  */
129  if (!BN_mod_exp(c1, g, k, p, tmp))
130  goto err;
131  if (!BN_mod_exp(yk, y, k, p, tmp))
132  goto err;
133  if (!BN_mod_mul(c2, m, yk, p, tmp))
134  goto err;
135 
136  /* result */
137  *c1_p = bn_to_mpi(c1);
138  *c2_p = bn_to_mpi(c2);
139  if (*c1_p && *c2_p)
140  res = 0;
141 err:
142  if (tmp)
143  BN_CTX_free(tmp);
144  if (c2)
145  BN_clear_free(c2);
146  if (c1)
147  BN_clear_free(c1);
148  if (yk)
149  BN_clear_free(yk);
150  if (k)
151  BN_clear_free(k);
152  if (y)
153  BN_clear_free(y);
154  if (g)
155  BN_clear_free(g);
156  if (p)
157  BN_clear_free(p);
158  if (m)
159  BN_clear_free(m);
160  return res;
161 }
162 
163 int
165  PGP_MPI **msg_p)
166 {
167  int res = PXE_PGP_MATH_FAILED;
168  BIGNUM *c1 = mpi_to_bn(_c1);
169  BIGNUM *c2 = mpi_to_bn(_c2);
170  BIGNUM *p = mpi_to_bn(pk->pub.elg.p);
171  BIGNUM *x = mpi_to_bn(pk->sec.elg.x);
172  BIGNUM *c1x = BN_new();
173  BIGNUM *div = BN_new();
174  BIGNUM *m = BN_new();
175  BN_CTX *tmp = BN_CTX_new();
176 
177  if (!c1 || !c2 || !p || !x || !c1x || !div || !m || !tmp)
178  goto err;
179 
180  /*
181  * m = c2 / (c1^x)
182  */
183  if (!BN_mod_exp(c1x, c1, x, p, tmp))
184  goto err;
185  if (!BN_mod_inverse(div, c1x, p, tmp))
186  goto err;
187  if (!BN_mod_mul(m, c2, div, p, tmp))
188  goto err;
189 
190  /* result */
191  *msg_p = bn_to_mpi(m);
192  if (*msg_p)
193  res = 0;
194 err:
195  if (tmp)
196  BN_CTX_free(tmp);
197  if (m)
198  BN_clear_free(m);
199  if (div)
200  BN_clear_free(div);
201  if (c1x)
202  BN_clear_free(c1x);
203  if (x)
204  BN_clear_free(x);
205  if (p)
206  BN_clear_free(p);
207  if (c2)
208  BN_clear_free(c2);
209  if (c1)
210  BN_clear_free(c1);
211  return res;
212 }
213 
214 int
216 {
217  int res = PXE_PGP_MATH_FAILED;
218  BIGNUM *m = mpi_to_bn(_m);
219  BIGNUM *e = mpi_to_bn(pk->pub.rsa.e);
220  BIGNUM *n = mpi_to_bn(pk->pub.rsa.n);
221  BIGNUM *c = BN_new();
222  BN_CTX *tmp = BN_CTX_new();
223 
224  if (!m || !e || !n || !c || !tmp)
225  goto err;
226 
227  /*
228  * c = m ^ e
229  */
230  if (!BN_mod_exp(c, m, e, n, tmp))
231  goto err;
232 
233  *c_p = bn_to_mpi(c);
234  if (*c_p)
235  res = 0;
236 err:
237  if (tmp)
238  BN_CTX_free(tmp);
239  if (c)
240  BN_clear_free(c);
241  if (n)
242  BN_clear_free(n);
243  if (e)
244  BN_clear_free(e);
245  if (m)
246  BN_clear_free(m);
247  return res;
248 }
249 
250 int
252 {
253  int res = PXE_PGP_MATH_FAILED;
254  BIGNUM *c = mpi_to_bn(_c);
255  BIGNUM *d = mpi_to_bn(pk->sec.rsa.d);
256  BIGNUM *n = mpi_to_bn(pk->pub.rsa.n);
257  BIGNUM *m = BN_new();
258  BN_CTX *tmp = BN_CTX_new();
259 
260  if (!m || !d || !n || !c || !tmp)
261  goto err;
262 
263  /*
264  * m = c ^ d
265  */
266  if (!BN_mod_exp(m, c, d, n, tmp))
267  goto err;
268 
269  *m_p = bn_to_mpi(m);
270  if (*m_p)
271  res = 0;
272 err:
273  if (tmp)
274  BN_CTX_free(tmp);
275  if (m)
276  BN_clear_free(m);
277  if (n)
278  BN_clear_free(n);
279  if (d)
280  BN_clear_free(d);
281  if (c)
282  BN_clear_free(c);
283  return res;
284 }
void err(int eval, const char *fmt,...)
Definition: err.c:43
int y
Definition: isn.c:71
int x
Definition: isn.c:70
int pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *_c, PGP_MPI **m_p)
int pgp_elgamal_encrypt(PGP_PubKey *pk, PGP_MPI *_m, PGP_MPI **c1_p, PGP_MPI **c2_p)
int pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *_c1, PGP_MPI *_c2, PGP_MPI **msg_p)
static int decide_k_bits(int p_bits)
static BIGNUM * mpi_to_bn(PGP_MPI *n)
static PGP_MPI * bn_to_mpi(BIGNUM *bn)
int pgp_rsa_encrypt(PGP_PubKey *pk, PGP_MPI *_m, PGP_MPI **c_p)
int pgp_mpi_alloc(int bits, PGP_MPI **mpi)
Definition: pgp-mpi.c:37
int pgp_mpi_free(PGP_MPI *mpi)
Definition: pgp-mpi.c:70
char * c
e
Definition: preproc-init.c:82
void px_debug(const char *fmt,...)
Definition: px.c:149
#define PXE_PGP_MATH_FAILED
Definition: px.h:76
Definition: pgp.h:180
int bits
Definition: pgp.h:182
int bytes
Definition: pgp.h:183
uint8 * data
Definition: pgp.h:181
struct PGP_PubKey::@0::@3 rsa
struct PGP_PubKey::@0::@2 elg
union PGP_PubKey::@1 sec
union PGP_PubKey::@0 pub