Module Name: src
Committed By: jhigh
Date: Fri Aug 26 19:18:38 UTC 2022
Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: create.c crypto.h misc.c
netpgpsdk.h openssl_crypto.c packet-parse.c packet-print.c
packet-show.c packet.h signature.c version.h
Log Message:
adding initial support for ECDSA (19) to netpgp. tested using p256/sha256,
p384/sha384, and p521/sha512
To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 \
src/crypto/external/bsd/netpgp/dist/src/lib/create.c \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
cvs rdiff -u -r1.30 -r1.31 \
src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h
cvs rdiff -u -r1.43 -r1.44 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h
cvs rdiff -u -r1.34 -r1.35 \
src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
cvs rdiff -u -r1.53 -r1.54 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c
cvs rdiff -u -r1.32 -r1.33 \
src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
cvs rdiff -u -r1.47 -r1.48 \
src/crypto/external/bsd/netpgp/dist/src/lib/version.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.38 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.39
--- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.38 Mon Nov 15 08:03:39 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c Fri Aug 26 19:18:38 2022
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: create.c,v 1.38 2010/11/15 08:03:39 agc Exp $");
+__RCSID("$NetBSD: create.c,v 1.39 2022/08/26 19:18:38 jhigh Exp $");
#endif
#include <sys/types.h>
@@ -250,6 +250,11 @@ write_pubkey_body(const pgp_pubkey_t *ke
pgp_write_mpi(output, key->key.dsa.g) &&
pgp_write_mpi(output, key->key.dsa.y);
+ case PGP_PKA_ECDSA:
+ return pgp_write(output, &key->key.ecdsa.len, 1) &&
+ pgp_write(output, key->key.ecdsa.oid, key->key.ecdsa.len) &&
+ pgp_write_mpi(output, key->key.ecdsa.p);
+
case PGP_PKA_RSA:
case PGP_PKA_RSA_ENCRYPT_ONLY:
case PGP_PKA_RSA_SIGN_ONLY:
Index: src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.38 src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.39
--- src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.38 Mon Feb 5 23:56:01 2018
+++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c Fri Aug 26 19:18:38 2022
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: signature.c,v 1.38 2018/02/05 23:56:01 christos Exp $");
+__RCSID("$NetBSD: signature.c,v 1.39 2022/08/26 19:18:38 jhigh Exp $");
#endif
#include <sys/types.h>
@@ -265,6 +265,56 @@ dsa_sign(pgp_hash_t *hash,
return 1;
}
+static int
+ecdsa_sign(pgp_hash_t *hash,
+ const pgp_ecdsa_pubkey_t *ecdsa,
+ const pgp_ecdsa_seckey_t *secdsa,
+ pgp_output_t *output)
+{
+ unsigned hashsize;
+ unsigned t;
+ uint8_t hashbuf[NETPGP_BUFSIZ];
+ ECDSA_SIG *ecdsasig;
+ const BIGNUM *r, *s;
+
+ hashsize = ecdsa_hashsize(ecdsa);
+
+ if (hashsize == -1) {
+ return 0;
+ }
+
+ t = hash->finish(hash, &hashbuf[0]);
+
+ if (t != hashsize) {
+ (void) fprintf(stderr, "ecdsa_sign: hashfinish %d not %d\n", t, hashsize);
+ return 0;
+ }
+
+ pgp_write(output, &hashbuf[0], 2);
+
+ /* write signature to buf */
+ ecdsasig = pgp_ecdsa_sign(hashbuf, hashsize, secdsa, ecdsa);
+
+ if (ecdsasig == NULL) {
+ (void) fprintf(stderr, "ecdsa_sign: invalid ecdsa sig\n");
+ return 0;
+ }
+
+ /* convert and write the sig out to memory */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ ECDSA_SIG_get0(ecdsasig, &r, &s);
+#else
+ r = ecdsasig->r;
+ s = ecdsasig->s;
+#endif
+ pgp_write_mpi(output, r);
+ pgp_write_mpi(output, s);
+
+ ECDSA_SIG_free(ecdsasig);
+
+ return 1;
+}
+
static unsigned
rsa_verify(pgp_hash_alg_t type,
const uint8_t *hash,
@@ -430,6 +480,12 @@ pgp_check_sig(const uint8_t *hash, unsig
&signer->key.dsa);
break;
+ case PGP_PKA_ECDSA:
+ ret = pgp_ecdsa_verify(hash, length,
+ &sig->info.sig.ecdsa,
+ &signer->key.ecdsa);
+ break;
+
case PGP_PKA_RSA:
ret = rsa_verify(sig->info.hash_alg, hash, length,
&sig->info.sig.rsa,
@@ -764,6 +820,14 @@ pgp_write_sig(pgp_output_t *output,
}
break;
+ case PGP_PKA_ECDSA:
+ if (seckey->key.ecdsa.x == NULL) {
+ (void) fprintf(stderr, "pgp_write_sig: null ecdsa.x\n");
+ return 0;
+ }
+
+ break;
+
default:
(void) fprintf(stderr, "Unsupported algorithm %d\n",
seckey->pubkey.alg);
@@ -817,6 +881,15 @@ pgp_write_sig(pgp_output_t *output,
}
break;
+ case PGP_PKA_ECDSA:
+ if (!ecdsa_sign(&sig->hash, &key->key.ecdsa, &seckey->key.ecdsa,
+ sig->output)) {
+ (void) fprintf(stderr,
+ "pgp_write_sig: ecdsa_sign failure\n");
+ return 0;
+ }
+ break;
+
default:
(void) fprintf(stderr, "Unsupported algorithm %d\n",
seckey->pubkey.alg);
@@ -972,7 +1045,14 @@ pgp_sign_file(pgp_io_t *io,
fd_out = 0;
/* find the hash algorithm */
- hash_alg = pgp_str_to_hash_alg(hashname);
+ switch (seckey->pubkey.alg) {
+ case PGP_PKA_ECDSA:
+ hash_alg = ecdsa_hashalg(&seckey->pubkey.key.ecdsa);
+ break;
+ default:
+ hash_alg = pgp_str_to_hash_alg(hashname);
+ }
+
if (hash_alg == PGP_HASH_UNKNOWN) {
(void) fprintf(io->errs,
"pgp_sign_file: unknown hash algorithm: \"%s\"\n",
Index: src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.30 src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.31
--- src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h:1.30 Mon Nov 29 04:20:12 2010
+++ src/crypto/external/bsd/netpgp/dist/src/lib/crypto.h Fri Aug 26 19:18:38 2022
@@ -58,7 +58,9 @@
#include "memory.h"
#include "packet-parse.h"
+#include <openssl/evp.h>
#include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
#define PGP_MIN_HASH_SIZE 16
@@ -119,6 +121,10 @@ unsigned pgp_dsa_verify(const uint8_t *,
const pgp_dsa_sig_t *,
const pgp_dsa_pubkey_t *);
+unsigned pgp_ecdsa_verify(const uint8_t *, size_t,
+ const pgp_ecdsa_sig_t *,
+ const pgp_ecdsa_pubkey_t *);
+
int pgp_rsa_public_decrypt(uint8_t *, const uint8_t *, size_t,
const pgp_rsa_pubkey_t *);
int pgp_rsa_public_encrypt(uint8_t *, const uint8_t *, size_t,
@@ -214,6 +220,10 @@ DSA_SIG *pgp_dsa_sign(uint8_t *, unsigne
const pgp_dsa_seckey_t *,
const pgp_dsa_pubkey_t *);
+ECDSA_SIG *pgp_ecdsa_sign(uint8_t *, unsigned,
+ const pgp_ecdsa_seckey_t *,
+ const pgp_ecdsa_pubkey_t *);
+
int openssl_read_pem_seckey(const char *, pgp_key_t *, const char *, int);
/** pgp_reader_t */
Index: src/crypto/external/bsd/netpgp/dist/src/lib/misc.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.43 src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.44
--- src/crypto/external/bsd/netpgp/dist/src/lib/misc.c:1.43 Sat Apr 18 19:27:48 2020
+++ src/crypto/external/bsd/netpgp/dist/src/lib/misc.c Fri Aug 26 19:18:38 2022
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: misc.c,v 1.43 2020/04/18 19:27:48 jhigh Exp $");
+__RCSID("$NetBSD: misc.c,v 1.44 2022/08/26 19:18:38 jhigh Exp $");
#endif
#include <sys/types.h>
@@ -96,6 +96,18 @@ __RCSID("$NetBSD: misc.c,v 1.43 2020/04/
#define vsnprintf _vsnprintf
#endif
+struct ecdsa_map {
+ char *sname;
+ int nid;
+ int bits;
+ int len;
+ uint8_t oid[8];
+} ecdsa_map[] = {
+ { "P-256", NID_X9_62_prime256v1, 256, 8, {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07} },
+ { "P-384", NID_secp384r1, 384, 5, {0x2B, 0x81, 0x04, 0x00, 0x22} },
+ { "P-521", NID_secp521r1, 521, 5, {0x2B, 0x81, 0x04, 0x00, 0x23} },
+ { NULL, 0, 0, 0, {0} }
+};
typedef struct {
pgp_keyring_t *keyring;
@@ -1364,3 +1376,75 @@ netpgp_strcasecmp(const char *s1, const
}
return n;
}
+
+int
+ecdsa_nid(const pgp_ecdsa_pubkey_t * pub)
+{
+ int i;
+
+ for (i = 0; ecdsa_map[i].sname; i++ ) {
+ if (pub->len == ecdsa_map[i].len) {
+ if (memcmp(pub->oid, ecdsa_map[i].oid, pub->len) == 0) {
+ return ecdsa_map[i].nid;
+ }
+ }
+ }
+ return -1;
+}
+
+int
+ecdsa_numbits(const pgp_ecdsa_pubkey_t * pub)
+{
+ int i;
+
+ for (i = 0; ecdsa_map[i].sname; i++ ) {
+ if (pub->len == ecdsa_map[i].len) {
+ if (memcmp(pub->oid, ecdsa_map[i].oid, pub->len) == 0) {
+ return ecdsa_map[i].bits;
+ }
+ }
+ }
+ return -1;
+}
+
+int
+ecdsa_hashsize(const pgp_ecdsa_pubkey_t * pub)
+{
+ int bits;
+
+ bits = ecdsa_numbits(pub);
+
+ if (bits == -1) {
+ return -1;
+ }
+
+ return (bits/8) - (bits%8);
+}
+
+pgp_hash_alg_t
+ecdsa_hashalg(const pgp_ecdsa_pubkey_t * pub)
+{
+ int nid;
+
+ if (pub == NULL) {
+ return PGP_HASH_UNKNOWN;
+ }
+
+ nid = ecdsa_nid(pub);
+
+ switch (nid) {
+ case NID_X9_62_prime256v1:
+ return PGP_HASH_SHA256;
+
+ case NID_secp384r1:
+ return PGP_HASH_SHA384;
+
+ case NID_secp521r1:
+ return PGP_HASH_SHA512;
+
+ default:
+ (void) fprintf(stderr, "ecdsa_hashalg: unknown NID\n");
+ }
+
+ return PGP_HASH_UNKNOWN;
+}
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.43 src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.44
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c:1.43 Wed Jul 28 22:31:45 2021
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-print.c Fri Aug 26 19:18:38 2022
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-print.c,v 1.43 2021/07/28 22:31:45 jhigh Exp $");
+__RCSID("$NetBSD: packet-print.c,v 1.44 2022/08/26 19:18:38 jhigh Exp $");
#endif
#include <string.h>
@@ -325,6 +325,8 @@ numkeybits(const pgp_pubkey_t *pubkey)
default:
return 0;
}
+ case PGP_PKA_ECDSA:
+ return ecdsa_numbits(&pubkey->key.ecdsa);
case PGP_PKA_ELGAMAL:
return BN_num_bytes(pubkey->key.elgamal.y) * 8;
default:
@@ -659,7 +661,9 @@ pgp_print_pubkey(const pgp_pubkey_t *pub
print_bn(0, "g", pubkey->key.dsa.g);
print_bn(0, "y", pubkey->key.dsa.y);
break;
-
+ case PGP_PKA_ECDSA:
+ print_bn(0, "p", pubkey->key.ecdsa.p);
+ break;
case PGP_PKA_RSA:
case PGP_PKA_RSA_ENCRYPT_ONLY:
case PGP_PKA_RSA_SIGN_ONLY:
@@ -974,6 +978,11 @@ pgp_print_packet(pgp_printstate_t *print
print_bn(print->indent, "s", content->sig.info.sig.dsa.s);
break;
+ case PGP_PKA_ECDSA:
+ print_bn(print->indent, "r", content->sig.info.sig.ecdsa.r);
+ print_bn(print->indent, "s", content->sig.info.sig.ecdsa.s);
+ break;
+
case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
print_bn(print->indent, "r", content->sig.info.sig.elgamal.r);
print_bn(print->indent, "s", content->sig.info.sig.elgamal.s);
Index: src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h:1.12 src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h:1.13
--- src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h:1.12 Fri Feb 21 01:55:10 2014
+++ src/crypto/external/bsd/netpgp/dist/src/lib/netpgpsdk.h Fri Aug 26 19:18:38 2022
@@ -74,5 +74,9 @@ void netpgp_log(const char *, ...) __pri
int netpgp_strcasecmp(const char *, const char *);
char *netpgp_strdup(const char *);
+int ecdsa_numbits(const pgp_ecdsa_pubkey_t *);
+int ecdsa_nid(const pgp_ecdsa_pubkey_t *);
+pgp_hash_alg_t ecdsa_hashalg(const pgp_ecdsa_pubkey_t *);
+int ecdsa_hashsize(const pgp_ecdsa_pubkey_t *);
#endif
Index: src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.34 src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.35
--- src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c:1.34 Mon Feb 5 23:56:01 2018
+++ src/crypto/external/bsd/netpgp/dist/src/lib/openssl_crypto.c Fri Aug 26 19:18:38 2022
@@ -57,7 +57,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: openssl_crypto.c,v 1.34 2018/02/05 23:56:01 christos Exp $");
+__RCSID("$NetBSD: openssl_crypto.c,v 1.35 2022/08/26 19:18:38 jhigh Exp $");
#endif
#ifdef HAVE_OPENSSL_DSA_H
@@ -87,6 +87,7 @@ __RCSID("$NetBSD: openssl_crypto.c,v 1.3
#include "readerwriter.h"
#include "netpgpdefs.h"
#include "netpgpdigest.h"
+#include "netpgpsdk.h"
#include "packet.h"
static void
@@ -223,6 +224,103 @@ takeDSA(const DSA *odsa, pgp_dsa_seckey_
sk->x = BN_dup(x);
}
+static ECDSA_SIG *
+makeECDSADSA_SIG(const pgp_ecdsa_sig_t *sig)
+{
+ ECDSA_SIG *osig;
+ BIGNUM *r, *s;
+
+ osig = ECDSA_SIG_new();
+ r = BN_dup(sig->r);
+ s = BN_dup(sig->s);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ ECDSA_SIG_set0(osig, r, s);
+#else
+ BN_free(osig->r);
+ BN_free(osig->s);
+ osig->r = r;
+ osig->s = s;
+#endif
+
+ return osig;
+}
+
+static EC_KEY *
+makeECDSA(const pgp_ecdsa_pubkey_t *ecdsa, const pgp_ecdsa_seckey_t *sececdsa)
+{
+ EC_KEY *key;
+ BIGNUM *x;
+ BIGNUM *y;
+ EC_GROUP *group;
+ EC_POINT *pub_key;
+ EC_POINT *point;
+ int nid;
+
+ key = EC_KEY_new();
+ x = BN_new();
+ y = BN_new();
+
+ nid = ecdsa_nid(ecdsa);
+ if (nid == -1) {
+ (void) fprintf(stderr,"makeECDSA: failed to determine NID\n");
+ return 0;
+ }
+
+ group = EC_GROUP_new_by_curve_name(nid);
+ if (group == NULL) {
+ (void) fprintf(stderr,"makeECDSA: failed to get group for specified NID\n");
+ return 0;
+ }
+
+ pub_key = EC_POINT_new(group);
+ if (pub_key == NULL) {
+ (void) fprintf(stderr,"makeECDSA: failed to alloc point\n");
+ return 0;
+ }
+
+ point = EC_POINT_bn2point(group, ecdsa->p, NULL, NULL);
+ if (point == NULL) {
+ (void) fprintf(stderr,"makeECDSA: failed to conv BN to point\n");
+ return 0;
+ }
+
+
+ if ((EC_POINT_get_affine_coordinates(group, point, x, y, NULL)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to get coordinates from point\n");
+ return 0;
+ }
+
+ if ((EC_POINT_set_affine_coordinates(group, pub_key, x, y, NULL)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to set coordinates from point\n");
+ return 0;
+ }
+
+ if ((EC_KEY_set_group(key, group)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to set group for key\n");
+ return 0;
+ }
+
+ if ((EC_KEY_set_public_key(key, pub_key)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to set pubkey for key\n");
+ return 0;
+ }
+
+ if (sececdsa) {
+ if ((EC_KEY_set_private_key(key, sececdsa->x)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to set seckey for key\n");
+ return 0;
+ }
+
+ if ((EC_POINT_mul(group, pub_key, sececdsa->x, NULL, NULL, NULL)) == 0) {
+ (void) fprintf(stderr,"makeECDSA: failed to calculate generator\n");
+ return 0;
+ }
+ }
+
+ return key;
+}
+
static void
test_seckey(const pgp_seckey_t *seckey)
{
@@ -587,6 +685,36 @@ pgp_dsa_verify(const uint8_t *hash, size
return (unsigned)ret;
}
+unsigned
+pgp_ecdsa_verify(const uint8_t *hash, size_t hash_length,
+ const pgp_ecdsa_sig_t *sig,
+ const pgp_ecdsa_pubkey_t *ecdsa)
+{
+ unsigned qlen;
+ ECDSA_SIG *osig = makeECDSADSA_SIG(sig);
+ EC_KEY *oecdsa = makeECDSA(ecdsa, NULL);
+ int ret;
+
+ if (pgp_get_debug_level(__FILE__)) {
+ hexdump(stderr, "input hash", hash, hash_length);
+ }
+
+ ret = ECDSA_do_verify(hash, (int)hash_length, osig, oecdsa);
+
+ if (pgp_get_debug_level(__FILE__)) {
+ (void) fprintf(stderr, "ret=%d\n", ret);
+ }
+
+ if (ret <= 0) {
+ (void) fprintf(stderr, "pgp_ecdsa_verify: ECDSA verification failed\n");
+ return 0;
+ }
+
+ ECDSA_SIG_free(osig);
+
+ return (unsigned)ret;
+}
+
/**
\ingroup Core_Crypto
\brief Recovers message digest from the signature
@@ -916,6 +1044,27 @@ pgp_dsa_sign(uint8_t *hashbuf,
return dsasig;
}
+ECDSA_SIG *
+pgp_ecdsa_sign(uint8_t *hashbuf,
+ unsigned hashsize,
+ const pgp_ecdsa_seckey_t *sececdsa,
+ const pgp_ecdsa_pubkey_t *pubecdsa)
+{
+ ECDSA_SIG * ecdsasig;
+ EC_KEY * eckey = makeECDSA(pubecdsa, sececdsa);
+
+ ecdsasig = ECDSA_do_sign(hashbuf, (int)hashsize, eckey);
+
+ if (ecdsasig == NULL) {
+ printf("do_sign returned null\n");
+ return 0;
+ }
+
+ EC_KEY_free(eckey);
+
+ return ecdsasig;
+}
+
int
openssl_read_pem_seckey(const char *f, pgp_key_t *key, const char *type, int verbose)
{
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.53 src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.54
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.53 Wed Oct 14 05:19:41 2020
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Fri Aug 26 19:18:38 2022
@@ -58,7 +58,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-parse.c,v 1.53 2020/10/14 05:19:41 jhigh Exp $");
+__RCSID("$NetBSD: packet-parse.c,v 1.54 2022/08/26 19:18:38 jhigh Exp $");
#endif
#include <sys/types.h>
@@ -940,6 +940,11 @@ sig_free(pgp_sig_t *sig)
free_BN(&sig->info.sig.dsa.s);
break;
+ case PGP_PKA_ECDSA:
+ free_BN(&sig->info.sig.ecdsa.r);
+ free_BN(&sig->info.sig.ecdsa.s);
+ break;
+
case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
free_BN(&sig->info.sig.elgamal.r);
free_BN(&sig->info.sig.elgamal.s);
@@ -1176,6 +1181,10 @@ pgp_pubkey_free(pgp_pubkey_t *p)
free_BN(&p->key.dsa.y);
break;
+ case PGP_PKA_ECDSA:
+ free_BN(&p->key.ecdsa.p);
+ break;
+
case PGP_PKA_ELGAMAL:
case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
free_BN(&p->key.elgamal.p);
@@ -1245,6 +1254,14 @@ parse_pubkey_data(pgp_pubkey_t *key, pgp
}
break;
+ case PGP_PKA_ECDSA:
+ if (!limread(&key->key.ecdsa.len, 1, region, stream) ||
+ !limread(key->key.ecdsa.oid, key->key.ecdsa.len, region, stream) ||
+ !limread_mpi(&key->key.ecdsa.p, region, stream)) {
+ return 0;
+ }
+ break;
+
case PGP_PKA_RSA:
case PGP_PKA_RSA_ENCRYPT_ONLY:
case PGP_PKA_RSA_SIGN_ONLY:
@@ -1496,6 +1513,13 @@ parse_v3_sig(pgp_region_t *region,
}
break;
+ case PGP_PKA_ECDSA:
+ if (!limread_mpi(&pkt.u.sig.info.sig.ecdsa.r, region, stream) ||
+ !limread_mpi(&pkt.u.sig.info.sig.ecdsa.s, region, stream)) {
+ return 0;
+ }
+ break;
+
case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region,
stream) ||
@@ -2035,6 +2059,13 @@ parse_v4_sig(pgp_region_t *region, pgp_s
}
break;
+ case PGP_PKA_ECDSA:
+ if (!limread_mpi(&pkt.u.sig.info.sig.ecdsa.r, region, stream) ||
+ !limread_mpi(&pkt.u.sig.info.sig.ecdsa.s, region, stream)) {
+ return 0;
+ }
+ break;
+
case PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN:
if (!limread_mpi(&pkt.u.sig.info.sig.elgamal.r, region,
stream) ||
@@ -2322,6 +2353,10 @@ pgp_seckey_free(pgp_seckey_t *key)
free_BN(&key->key.dsa.x);
break;
+ case PGP_PKA_ECDSA:
+ free_BN(&key->key.ecdsa.x);
+ break;
+
default:
(void) fprintf(stderr,
"pgp_seckey_free: Unknown algorithm: %d (%s)\n",
@@ -2632,6 +2667,12 @@ parse_seckey(pgp_region_t *region, pgp_s
}
break;
+ case PGP_PKA_ECDSA:
+ if (!limread_mpi(&pkt.u.seckey.key.ecdsa.x, region, stream)) {
+ ret = 0;
+ }
+ break;
+
case PGP_PKA_ELGAMAL:
if (!limread_mpi(&pkt.u.seckey.key.elgamal.x, region, stream)) {
ret = 0;
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c:1.22 src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c:1.23
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c:1.22 Wed Jul 28 22:31:45 2021
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-show.c Fri Aug 26 19:18:38 2022
@@ -60,7 +60,7 @@
#if defined(__NetBSD__)
__COPYRIGHT("@(#) Copyright (c) 2009 The NetBSD Foundation, Inc. All rights reserved.");
-__RCSID("$NetBSD: packet-show.c,v 1.22 2021/07/28 22:31:45 jhigh Exp $");
+__RCSID("$NetBSD: packet-show.c,v 1.23 2022/08/26 19:18:38 jhigh Exp $");
#endif
#include <stdlib.h>
@@ -218,7 +218,7 @@ static pgp_map_t pubkey_alg_map[] =
{PGP_PKA_ELGAMAL, "Elgamal (Encrypt-Only)"},
{PGP_PKA_DSA, "DSA"},
{PGP_PKA_RESERVED_ELLIPTIC_CURVE, "Reserved for Elliptic Curve"},
- {PGP_PKA_RESERVED_ECDSA, "Reserved for ECDSA"},
+ {PGP_PKA_ECDSA, "ECDSA"},
{PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN, "Reserved (formerly Elgamal Encrypt or Sign"},
{PGP_PKA_RESERVED_DH, "Reserved for Diffie-Hellman (X9.42)"},
{PGP_PKA_PRIVATE00, "Private/Experimental"},
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.32 src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.33
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet.h:1.32 Wed Oct 14 05:19:41 2020
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet.h Fri Aug 26 19:18:38 2022
@@ -348,7 +348,7 @@ typedef enum {
PGP_PKA_DSA = 17, /* DSA (Digital Signature Algorithm) */
PGP_PKA_RESERVED_ELLIPTIC_CURVE = 18, /* Reserved for Elliptic
* Curve */
- PGP_PKA_RESERVED_ECDSA = 19, /* Reserved for ECDSA */
+ PGP_PKA_ECDSA = 19, /* ECDSA */
PGP_PKA_ELGAMAL_ENCRYPT_OR_SIGN = 20, /* Deprecated. */
PGP_PKA_RESERVED_DH = 21, /* Reserved for Diffie-Hellman
* (X9.42, as defined for
@@ -378,6 +378,16 @@ typedef struct {
* with x being the secret) */
} pgp_dsa_pubkey_t;
+/** Structure to hold one ECDSA public key params.
+ *
+ * \see RFC6637 9
+ */
+typedef struct {
+ uint8_t len;
+ uint8_t oid[8];
+ BIGNUM *p;
+} pgp_ecdsa_pubkey_t;
+
/** Structure to hold an RSA public key.
*
* \see RFC4880 5.5.2
@@ -422,6 +432,7 @@ typedef struct {
pgp_pubkey_alg_t alg; /* Public Key Algorithm type */
union {
pgp_dsa_pubkey_t dsa; /* A DSA public key */
+ pgp_ecdsa_pubkey_t ecdsa; /* An ECDSA public key */
pgp_rsa_pubkey_t rsa; /* An RSA public key */
pgp_elgamal_pubkey_t elgamal; /* An ElGamal public key */
} key; /* Public Key Parameters */
@@ -441,6 +452,11 @@ typedef struct {
BIGNUM *x;
} pgp_dsa_seckey_t;
+/** pgp_ecdsa_seckey_t */
+typedef struct {
+ BIGNUM *x;
+} pgp_ecdsa_seckey_t;
+
/** pgp_elgamal_seckey_t */
typedef struct {
BIGNUM *x;
@@ -542,6 +558,7 @@ typedef struct pgp_seckey_t {
union {
pgp_rsa_seckey_t rsa;
pgp_dsa_seckey_t dsa;
+ pgp_ecdsa_seckey_t ecdsa;
pgp_elgamal_seckey_t elgamal;
} key;
unsigned checksum;
@@ -599,6 +616,12 @@ typedef struct pgp_dsa_sig_t {
BIGNUM *s; /* DSA value s */
} pgp_dsa_sig_t;
+/** Struct to hold params of an ECDSA signature */
+typedef struct pgp_ecdsa_sig_t {
+ BIGNUM *r; /* ECDSA value r */
+ BIGNUM *s; /* ECDSA value s */
+} pgp_ecdsa_sig_t;
+
/** pgp_elgamal_signature_t */
typedef struct pgp_elgamal_sig_t {
BIGNUM *r;
@@ -625,6 +648,7 @@ typedef struct pgp_sig_info_t {
union {
pgp_rsa_sig_t rsa; /* An RSA Signature */
pgp_dsa_sig_t dsa; /* A DSA Signature */
+ pgp_ecdsa_sig_t ecdsa; /* An ECDSA Signature */
pgp_elgamal_sig_t elgamal; /* deprecated */
pgp_data_t unknown; /* private or experimental */
} sig; /* signature params */
Index: src/crypto/external/bsd/netpgp/dist/src/lib/version.h
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.47 src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.48
--- src/crypto/external/bsd/netpgp/dist/src/lib/version.h:1.47 Fri Feb 21 01:55:10 2014
+++ src/crypto/external/bsd/netpgp/dist/src/lib/version.h Fri Aug 26 19:18:38 2022
@@ -58,7 +58,7 @@
#endif
/* development versions have .99 suffix */
-#define NETPGP_BASE_VERSION "3.99.17"
+#define NETPGP_BASE_VERSION "3.99.18"
#define NETPGP_VERSION_CAT(a, b) "NetPGP portable " a "/[" b "]"
#define NETPGP_VERSION_STRING \
