PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
pgp-pubdec.c
Go to the documentation of this file.
1 /*
2  * pgp-pubdec.c
3  * Decrypt public-key encrypted session key.
4  *
5  * Copyright (c) 2005 Marko Kreen
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  * notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * contrib/pgcrypto/pgp-pubdec.c
30  */
31 #include "postgres.h"
32 
33 #include "px.h"
34 #include "pgp.h"
35 
36 /*
37  * padded msg = 02 || PS || 00 || M
38  * PS - pad bytes
39  * M - msg
40  */
41 static uint8 *
42 check_eme_pkcs1_v15(uint8 *data, int len)
43 {
44  uint8 *data_end = data + len;
45  uint8 *p = data;
46  int rnd = 0;
47 
48  if (len < 1 + 8 + 1)
49  return NULL;
50 
51  if (*p++ != 2)
52  return NULL;
53 
54  while (p < data_end && *p)
55  {
56  p++;
57  rnd++;
58  }
59 
60  if (p == data_end)
61  return NULL;
62  if (*p != 0)
63  return NULL;
64  if (rnd < 8)
65  return NULL;
66  return p + 1;
67 }
68 
69 /*
70  * secret message: 1 byte algo, sesskey, 2 byte cksum
71  * ignore algo in cksum
72  */
73 static int
74 control_cksum(uint8 *msg, int msglen)
75 {
76  int i;
77  unsigned my_cksum,
78  got_cksum;
79 
80  if (msglen < 3)
81  return PXE_PGP_WRONG_KEY;
82 
83  my_cksum = 0;
84  for (i = 1; i < msglen - 2; i++)
85  my_cksum += msg[i];
86  my_cksum &= 0xFFFF;
87  got_cksum = ((unsigned) (msg[msglen - 2]) << 8) + msg[msglen - 1];
88  if (my_cksum != got_cksum)
89  {
90  px_debug("pubenc cksum failed");
91  return PXE_PGP_WRONG_KEY;
92  }
93  return 0;
94 }
95 
96 static int
98 {
99  int res;
100  PGP_MPI *c1 = NULL;
101  PGP_MPI *c2 = NULL;
102 
103  if (pk->algo != PGP_PUB_ELG_ENCRYPT)
104  return PXE_PGP_WRONG_KEY;
105 
106  /* read elgamal encrypted data */
107  res = pgp_mpi_read(pkt, &c1);
108  if (res < 0)
109  goto out;
110  res = pgp_mpi_read(pkt, &c2);
111  if (res < 0)
112  goto out;
113 
114  /* decrypt */
115  res = pgp_elgamal_decrypt(pk, c1, c2, m_p);
116 
117 out:
118  pgp_mpi_free(c1);
119  pgp_mpi_free(c2);
120  return res;
121 }
122 
123 static int
125 {
126  int res;
127  PGP_MPI *c;
128 
129  if (pk->algo != PGP_PUB_RSA_ENCRYPT
130  && pk->algo != PGP_PUB_RSA_ENCRYPT_SIGN)
131  return PXE_PGP_WRONG_KEY;
132 
133  /* read rsa encrypted data */
134  res = pgp_mpi_read(pkt, &c);
135  if (res < 0)
136  return res;
137 
138  /* decrypt */
139  res = pgp_rsa_decrypt(pk, c, m_p);
140 
141  pgp_mpi_free(c);
142  return res;
143 }
144 
145 /* key id is missing - user is expected to try all keys */
146 static const uint8
147  any_key[] = {0, 0, 0, 0, 0, 0, 0, 0};
148 
149 int
151 {
152  int ver;
153  int algo;
154  int res;
155  uint8 key_id[8];
156  PGP_PubKey *pk;
157  uint8 *msg;
158  int msglen;
159  PGP_MPI *m;
160 
161  pk = ctx->pub_key;
162  if (pk == NULL)
163  {
164  px_debug("no pubkey?");
165  return PXE_BUG;
166  }
167 
168  GETBYTE(pkt, ver);
169  if (ver != 3)
170  {
171  px_debug("unknown pubenc_sesskey pkt ver=%d", ver);
172  return PXE_PGP_CORRUPT_DATA;
173  }
174 
175  /*
176  * check if keyid's match - user-friendly msg
177  */
178  res = pullf_read_fixed(pkt, 8, key_id);
179  if (res < 0)
180  return res;
181  if (memcmp(key_id, any_key, 8) != 0
182  && memcmp(key_id, pk->key_id, 8) != 0)
183  {
184  px_debug("key_id's does not match");
185  return PXE_PGP_WRONG_KEY;
186  }
187 
188  /*
189  * Decrypt
190  */
191  GETBYTE(pkt, algo);
192  switch (algo)
193  {
194  case PGP_PUB_ELG_ENCRYPT:
195  res = decrypt_elgamal(pk, pkt, &m);
196  break;
197  case PGP_PUB_RSA_ENCRYPT:
199  res = decrypt_rsa(pk, pkt, &m);
200  break;
201  default:
203  }
204  if (res < 0)
205  return res;
206 
207  /*
208  * extract message
209  */
210  msg = check_eme_pkcs1_v15(m->data, m->bytes);
211  if (msg == NULL)
212  {
213  px_debug("check_eme_pkcs1_v15 failed");
214  res = PXE_PGP_WRONG_KEY;
215  goto out;
216  }
217  msglen = m->bytes - (msg - m->data);
218 
219  res = control_cksum(msg, msglen);
220  if (res < 0)
221  goto out;
222 
223  /*
224  * got sesskey
225  */
226  ctx->cipher_algo = *msg;
227  ctx->sess_key_len = msglen - 3;
228  memcpy(ctx->sess_key, msg + 1, ctx->sess_key_len);
229 
230 out:
231  pgp_mpi_free(m);
232  if (res < 0)
233  return res;
234  return pgp_expect_packet_end(pkt);
235 }
#define PXE_PGP_CORRUPT_DATA
Definition: px.h:82
int cipher_algo
Definition: pgp.h:144
uint8 * data
Definition: pgp.h:181
int pullf_read_fixed(PullFilter *src, int len, uint8 *dst)
Definition: mbuf.c:317
unsigned char uint8
Definition: c.h:263
#define PXE_PGP_WRONG_KEY
Definition: px.h:95
int pgp_parse_pubenc_sesskey(PGP_Context *ctx, PullFilter *pkt)
Definition: pgp-pubdec.c:150
int bytes
Definition: pgp.h:183
uint8 sess_key[PGP_MAX_KEY]
Definition: pgp.h:171
#define GETBYTE(x, i)
Definition: hstore_gist.c:32
static int control_cksum(uint8 *msg, int msglen)
Definition: pgp-pubdec.c:74
char * c
static const uint8 any_key[]
Definition: pgp-pubdec.c:147
#define PXE_BUG
Definition: px.h:74
Definition: pgp.h:179
int pgp_mpi_read(PullFilter *src, PGP_MPI **mpi)
Definition: pgp-mpi.c:80
int pgp_mpi_free(PGP_MPI *mpi)
Definition: pgp-mpi.c:70
int pgp_expect_packet_end(PullFilter *pkt)
Definition: pgp-decrypt.c:1075
static uint8 * check_eme_pkcs1_v15(uint8 *data, int len)
Definition: pgp-pubdec.c:42
static int decrypt_elgamal(PGP_PubKey *pk, PullFilter *pkt, PGP_MPI **m_p)
Definition: pgp-pubdec.c:97
#define NULL
Definition: c.h:226
unsigned sess_key_len
Definition: pgp.h:172
void px_debug(const char *fmt,...)
Definition: px.c:160
uint8 key_id[8]
Definition: pgp.h:235
#define PXE_PGP_UNKNOWN_PUBALGO
Definition: px.h:94
int pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *_c1, PGP_MPI *_c2, PGP_MPI **msg_p)
uint8 algo
Definition: pgp.h:190
int pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *_c, PGP_MPI **m_p)
int i
PGP_PubKey * pub_key
Definition: pgp.h:164
static int decrypt_rsa(PGP_PubKey *pk, PullFilter *pkt, PGP_MPI **m_p)
Definition: pgp-pubdec.c:124