PostgreSQL Source Code git master
pgp-pubdec.c
Go to the documentation of this file.
1/*
2 * pgp-pubdec.c
3 * Decrypt public-key encrypted session key.
4 *
5 * Copyright (c) 2005 Marko Kreen
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * contrib/pgcrypto/pgp-pubdec.c
30 */
31#include "postgres.h"
32
33#include "pgp.h"
34#include "px.h"
35
36/*
37 * padded msg = 02 || PS || 00 || M
38 * PS - pad bytes
39 * M - msg
40 */
41static uint8 *
43{
44 uint8 *data_end = data + len;
45 uint8 *p = data;
46 int rnd = 0;
47
48 if (len < 1 + 8 + 1)
49 return NULL;
50
51 if (*p++ != 2)
52 return NULL;
53
54 while (p < data_end && *p)
55 {
56 p++;
57 rnd++;
58 }
59
60 if (p == data_end)
61 return NULL;
62 if (*p != 0)
63 return NULL;
64 if (rnd < 8)
65 return NULL;
66 return p + 1;
67}
68
69/*
70 * secret message: 1 byte algo, sesskey, 2 byte cksum
71 * ignore algo in cksum
72 */
73static int
74control_cksum(uint8 *msg, int msglen)
75{
76 int i;
77 unsigned my_cksum,
78 got_cksum;
79
80 if (msglen < 3)
81 return PXE_PGP_WRONG_KEY;
82
83 my_cksum = 0;
84 for (i = 1; i < msglen - 2; i++)
85 my_cksum += msg[i];
86 my_cksum &= 0xFFFF;
87 got_cksum = ((unsigned) (msg[msglen - 2]) << 8) + msg[msglen - 1];
88 if (my_cksum != got_cksum)
89 {
90 px_debug("pubenc cksum failed");
91 return PXE_PGP_WRONG_KEY;
92 }
93 return 0;
94}
95
96static int
98{
99 int res;
100 PGP_MPI *c1 = NULL;
101 PGP_MPI *c2 = NULL;
102
103 if (pk->algo != PGP_PUB_ELG_ENCRYPT)
104 return PXE_PGP_WRONG_KEY;
105
106 /* read elgamal encrypted data */
107 res = pgp_mpi_read(pkt, &c1);
108 if (res < 0)
109 goto out;
110 res = pgp_mpi_read(pkt, &c2);
111 if (res < 0)
112 goto out;
113
114 /* decrypt */
115 res = pgp_elgamal_decrypt(pk, c1, c2, m_p);
116
117out:
118 pgp_mpi_free(c1);
119 pgp_mpi_free(c2);
120 return res;
121}
122
123static int
125{
126 int res;
127 PGP_MPI *c;
128
129 if (pk->algo != PGP_PUB_RSA_ENCRYPT
131 return PXE_PGP_WRONG_KEY;
132
133 /* read rsa encrypted data */
134 res = pgp_mpi_read(pkt, &c);
135 if (res < 0)
136 return res;
137
138 /* decrypt */
139 res = pgp_rsa_decrypt(pk, c, m_p);
140
142 return res;
143}
144
145/* key id is missing - user is expected to try all keys */
146static const uint8
147 any_key[] = {0, 0, 0, 0, 0, 0, 0, 0};
148
149int
151{
152 int ver;
153 int algo;
154 int res;
155 uint8 key_id[8];
156 PGP_PubKey *pk;
157 uint8 *msg;
158 int msglen;
159 PGP_MPI *m;
160
161 pk = ctx->pub_key;
162 if (pk == NULL)
163 {
164 px_debug("no pubkey?");
165 return PXE_BUG;
166 }
167
168 GETBYTE(pkt, ver);
169 if (ver != 3)
170 {
171 px_debug("unknown pubenc_sesskey pkt ver=%d", ver);
173 }
174
175 /*
176 * check if keyid's match - user-friendly msg
177 */
178 res = pullf_read_fixed(pkt, 8, key_id);
179 if (res < 0)
180 return res;
181 if (memcmp(key_id, any_key, 8) != 0
182 && memcmp(key_id, pk->key_id, 8) != 0)
183 {
184 px_debug("key_id's does not match");
185 return PXE_PGP_WRONG_KEY;
186 }
187
188 /*
189 * Decrypt
190 */
191 GETBYTE(pkt, algo);
192 switch (algo)
193 {
195 res = decrypt_elgamal(pk, pkt, &m);
196 break;
199 res = decrypt_rsa(pk, pkt, &m);
200 break;
201 default:
203 }
204 if (res < 0)
205 return res;
206
207 /*
208 * extract message
209 */
210 msg = check_eme_pkcs1_v15(m->data, m->bytes);
211 if (msg == NULL)
212 {
213 px_debug("check_eme_pkcs1_v15 failed");
215 goto out;
216 }
217 msglen = m->bytes - (msg - m->data);
218
219 res = control_cksum(msg, msglen);
220 if (res < 0)
221 goto out;
222
223 /*
224 * got sesskey
225 */
226 ctx->cipher_algo = *msg;
227 ctx->sess_key_len = msglen - 3;
228 memcpy(ctx->sess_key, msg + 1, ctx->sess_key_len);
229
230out:
231 pgp_mpi_free(m);
232 if (res < 0)
233 return res;
234 return pgp_expect_packet_end(pkt);
235}
uint8_t uint8
Definition: c.h:486
#define GETBYTE(x, i)
Definition: hstore_gist.c:40
int i
Definition: isn.c:72
int pullf_read_fixed(PullFilter *src, int len, uint8 *dst)
Definition: mbuf.c:301
const void size_t len
const void * data
int pgp_expect_packet_end(PullFilter *pkt)
Definition: pgp-decrypt.c:1078
int pgp_rsa_decrypt(PGP_PubKey *pk, PGP_MPI *_c, PGP_MPI **m_p)
int pgp_elgamal_decrypt(PGP_PubKey *pk, PGP_MPI *_c1, PGP_MPI *_c2, PGP_MPI **msg_p)
int pgp_mpi_free(PGP_MPI *mpi)
Definition: pgp-mpi.c:70
int pgp_mpi_read(PullFilter *src, PGP_MPI **mpi)
Definition: pgp-mpi.c:80
static int decrypt_rsa(PGP_PubKey *pk, PullFilter *pkt, PGP_MPI **m_p)
Definition: pgp-pubdec.c:124
static const uint8 any_key[]
Definition: pgp-pubdec.c:147
static int decrypt_elgamal(PGP_PubKey *pk, PullFilter *pkt, PGP_MPI **m_p)
Definition: pgp-pubdec.c:97
int pgp_parse_pubenc_sesskey(PGP_Context *ctx, PullFilter *pkt)
Definition: pgp-pubdec.c:150
static uint8 * check_eme_pkcs1_v15(uint8 *data, int len)
Definition: pgp-pubdec.c:42
static int control_cksum(uint8 *msg, int msglen)
Definition: pgp-pubdec.c:74
@ PGP_PUB_RSA_ENCRYPT_SIGN
Definition: pgp.h:68
@ PGP_PUB_RSA_ENCRYPT
Definition: pgp.h:69
@ PGP_PUB_ELG_ENCRYPT
Definition: pgp.h:71
char * c
void px_debug(const char *fmt,...)
Definition: px.c:149
#define PXE_BUG
Definition: px.h:58
#define PXE_PGP_WRONG_KEY
Definition: px.h:80
#define PXE_PGP_CORRUPT_DATA
Definition: px.h:67
#define PXE_PGP_UNKNOWN_PUBALGO
Definition: px.h:79
unsigned sess_key_len
Definition: pgp.h:172
PGP_PubKey * pub_key
Definition: pgp.h:164
int cipher_algo
Definition: pgp.h:144
uint8 sess_key[PGP_MAX_KEY]
Definition: pgp.h:171
Definition: pgp.h:180
int bytes
Definition: pgp.h:183
uint8 * data
Definition: pgp.h:181
uint8 key_id[8]
Definition: pgp.h:235
uint8 algo
Definition: pgp.h:190