53 | 53 |
multi_precision_integer("RSA e");
|
54 | 54 |
}
|
55 | 55 |
|
|
56 |
/* added: 2021-11-11
|
|
57 |
* Reference: draft-ietf-openpgp-crypto-refresh-04 (10/2021);section 9.2 ECC Curves for OpenPGP
|
|
58 |
* https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-04.html
|
|
59 |
* Note (2021-11-25): actual ECC curve hex OID padded to 10 to match incoming oid array length
|
|
60 |
* so that memcmp will work properly (compare two values of the same size)
|
|
61 |
*/
|
|
62 |
private unsigned char BrainPool256r1_OID[10]={0x2B,0x24,0x3,0x3,0x2,0x8,0x1,0x1,0x7,0};
|
|
63 |
private unsigned char NIST_P256_OID[10]={0x2A,0x86,0x48,0xCE,0x3D,0x3,0x1,0x7,0,0};
|
|
64 |
private unsigned char NIST_P384_OID[10]={0x2B,0x81,0x04,0x00,0x22,0,0,0,0,0};
|
|
65 |
private unsigned char NIST_P521_OID[10]={0x2B,0x81,0x04,0x00,0x23,0,0,0,0,0};
|
|
66 |
private unsigned char Ed25519_OID[10]={0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x0F,0x01,0};
|
|
67 |
private unsigned char Ed448_OID[10]={0x2B,0x65,0x71,0,0,0,0,0,0,0};
|
|
68 |
private unsigned char Curve25519_OID[10]={0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x05,0x01};
|
|
69 |
private unsigned char X448_OID[10]={0x2B,0x65,0x6F,0,0,0,0,0,0,0};
|
|
70 |
|
|
71 |
private unsigned char oid_input_HEX[10]={0,0,0,0,0,0,0,0,0,0};
|
|
72 |
#define oid_input_HEX_size sizeof(oid_input_HEX)
|
|
73 |
private size_t oidLEN;
|
|
74 |
private int FoundECC=NO;
|
|
75 |
private int jj;
|
|
76 |
|
|
77 |
private struct {
|
|
78 |
const unsigned char *oidhex;
|
|
79 |
const char *name;
|
|
80 |
const char *oidstring;
|
|
81 |
const int expectedBits;
|
|
82 |
} ELLIP_CURVES[] = {
|
|
83 |
{NIST_P256_OID,"NIST P-256","0x2A 86 48 CE 3D 03 01 07",515},
|
|
84 |
{NIST_P384_OID,"NIST P-384","0x2B 81 04 00 22",771},
|
|
85 |
{NIST_P521_OID,"NIST P-521","0x2B 81 04 00 23",1059},
|
|
86 |
{Ed25519_OID,"Ed25519","0x2B 06 01 04 01 DA 47 0F 01",263},
|
|
87 |
{Ed448_OID,"Ed448","0x2B 65 71",463},
|
|
88 |
{Curve25519_OID,"Curve25519","0x2B 06 01 04 01 97 55 01 05 01",263},
|
|
89 |
{X448_OID,"X448","0x2B 65 6F",445},
|
|
90 |
{BrainPool256r1_OID,"brainpoolP256r1","0x2B 24 03 03 02 08 01 01 07",515}
|
|
91 |
};
|
|
92 |
#define ELLIP_CURVES_NUM 8
|
|
93 |
|
|
94 |
/* end 2021-11-11 */
|
|
95 |
|
|
96 |
|
56 | 97 |
private void
|
57 | 98 |
new_Public_Key_Packet(int len)
|
58 | 99 |
{
|
|
78 | 119 |
multi_precision_integer("DSA g");
|
79 | 120 |
multi_precision_integer("DSA y");
|
80 | 121 |
break;
|
|
122 |
case 18:/*ECDH*/
|
|
123 |
oidLEN = Getc();
|
|
124 |
for(jj=0;jj<oidLEN;jj++){oid_input_HEX[jj]=Getc();}
|
|
125 |
for(jj=0;jj<ELLIP_CURVES_NUM;jj++){
|
|
126 |
if(memcmp(ELLIP_CURVES[jj].oidhex,oid_input_HEX,oid_input_HEX_size) == 0){
|
|
127 |
FoundECC=YES;
|
|
128 |
break;
|
|
129 |
}
|
|
130 |
}
|
|
131 |
if(FoundECC){
|
|
132 |
printf("\tElliptic Curve - ");
|
|
133 |
printf("%s (%s)\n",ELLIP_CURVES[jj].name,ELLIP_CURVES[jj].oidstring);
|
|
134 |
}
|
|
135 |
else{
|
|
136 |
printf("\tunknown(elliptic curve - ");
|
|
137 |
for(jj=0;jj<oidLEN;jj++){
|
|
138 |
printf("%02hhu,%02x ",oid_input_HEX[jj],oid_input_HEX[jj]);
|
|
139 |
}
|
|
140 |
puts(")");
|
|
141 |
}
|
|
142 |
multi_precision_integer("ECDH Q");
|
|
143 |
/* note - what follows is most of what the "draft-ietf-openpgp-crypto-refresh-04"
|
|
144 |
* specifies for "13.5 EC DH Algorithm (ECDH)" minus the following:
|
|
145 |
* a) 'one-octet public key algorithm ID defined in Section 9.1'
|
|
146 |
* b) '20 octets representing the UTF-8 encoding of the string "Anonymous Sender"'
|
|
147 |
* c) '20 octets representing a recipient encryption subkey or a primary key fingerprint'
|
|
148 |
* The end result is consonant with GnuPG-2.3.3 "list-packets" output in fields/bytes,
|
|
149 |
* though gpg-2.3.3 displays "pkey[2]" [32 bits]" where the supposed KDF parameters exist.
|
|
150 |
*/
|
|
151 |
unsigned int KDFparmsSize,KDFbits,KDFhashID,KDFsymAlgoID;
|
|
152 |
KDFparmsSize=Getc();/*don't display*/
|
|
153 |
KDFbits=(KDFparmsSize + 1)*8;
|
|
154 |
Getc();/*bypass supposed KDF constant */
|
|
155 |
KDFhashID=Getc();
|
|
156 |
KDFsymAlgoID=Getc();
|
|
157 |
printf("\tECDH KDF params(%d bits) - ...\n",KDFbits);
|
|
158 |
printf("\t\t%s ","KDFhashID: ");
|
|
159 |
hash_algs(KDFhashID);
|
|
160 |
printf("\t\t%s ","KDFsymAlgoID: ");
|
|
161 |
sym_algs(KDFsymAlgoID);
|
|
162 |
break;
|
|
163 |
case 19:/*ECDSA*/
|
|
164 |
oidLEN = Getc();
|
|
165 |
for(jj=0;jj<oidLEN;jj++){oid_input_HEX[jj]=Getc();}
|
|
166 |
for(jj=0;jj<ELLIP_CURVES_NUM;jj++){
|
|
167 |
if(memcmp(ELLIP_CURVES[jj].oidhex,oid_input_HEX,oid_input_HEX_size) == 0){
|
|
168 |
FoundECC=YES;
|
|
169 |
break;
|
|
170 |
}
|
|
171 |
}
|
|
172 |
if(FoundECC){
|
|
173 |
printf("\tElliptic Curve - ");
|
|
174 |
printf("%s (%s)\n",ELLIP_CURVES[jj].name,ELLIP_CURVES[jj].oidstring);
|
|
175 |
}
|
|
176 |
else{
|
|
177 |
printf("\tunknown(elliptic curve - ");
|
|
178 |
for(jj=0;jj<oidLEN;jj++){
|
|
179 |
printf("%02hhu,%02x ",oid_input_HEX[jj],oid_input_HEX[jj]);
|
|
180 |
}
|
|
181 |
puts(")");
|
|
182 |
}
|
|
183 |
multi_precision_integer("ECDSA Q");
|
|
184 |
break;
|
|
185 |
case 22:/*EdDSA*/
|
|
186 |
oidLEN = Getc();
|
|
187 |
for(jj=0;jj<oidLEN;jj++){oid_input_HEX[jj]=Getc();}
|
|
188 |
for(jj=0;jj<ELLIP_CURVES_NUM;jj++){
|
|
189 |
if(memcmp(ELLIP_CURVES[jj].oidhex,oid_input_HEX,oid_input_HEX_size) == 0){
|
|
190 |
FoundECC=YES;
|
|
191 |
break;
|
|
192 |
}
|
|
193 |
}
|
|
194 |
if(FoundECC){
|
|
195 |
printf("\tElliptic Curve - ");
|
|
196 |
printf("%s (%s)\n",ELLIP_CURVES[jj].name,ELLIP_CURVES[jj].oidstring);
|
|
197 |
}
|
|
198 |
else{
|
|
199 |
printf("\tunknown(elliptic curve - ");
|
|
200 |
for(jj=0;jj<oidLEN;jj++){
|
|
201 |
printf("%02hhu,%02x ",oid_input_HEX[jj],oid_input_HEX[jj]);
|
|
202 |
}
|
|
203 |
puts(")");
|
|
204 |
}
|
|
205 |
multi_precision_integer("EdDSA Q");
|
|
206 |
break;
|
81 | 207 |
default:
|
82 | 208 |
printf("\tUnknown public key(pub %d)\n", PUBLIC);
|
83 | 209 |
skip(len - 5);
|
|
134 | 260 |
break;
|
135 | 261 |
}
|
136 | 262 |
}
|
|
263 |
|
|
264 |
/*
|
|
265 |
* 2021-11-29: added cases 18,19,22 (copied from Public key)
|
|
266 |
*/
|
137 | 267 |
|
138 | 268 |
private void
|
139 | 269 |
plain_Secret_Key(int len)
|
|
168 | 298 |
case 17:
|
169 | 299 |
multi_precision_integer("DSA x");
|
170 | 300 |
break;
|
|
301 |
case 18:/*ECDH*/
|
|
302 |
oidLEN = Getc();
|
|
303 |
for(jj=0;jj<oidLEN;jj++){oid_input_HEX[jj]=Getc();}
|
|
304 |
for(jj=0;jj<ELLIP_CURVES_NUM;jj++){
|
|
305 |
if(memcmp(ELLIP_CURVES[jj].oidhex,oid_input_HEX,oid_input_HEX_size) == 0){
|
|
306 |
FoundECC=YES;
|
|
307 |
break;
|
|
308 |
}
|
|
309 |
}
|
|
310 |
if(FoundECC){
|
|
311 |
printf("\tElliptic Curve - ");
|
|
312 |
printf("%s (%s)\n",ELLIP_CURVES[jj].name,ELLIP_CURVES[jj].oidstring);
|
|
313 |
}
|
|
314 |
else{
|
|
315 |
printf("\tunknown(elliptic curve - ");
|
|
316 |
for(jj=0;jj<oidLEN;jj++){
|
|
317 |
printf("%02hhu,%02x ",oid_input_HEX[jj],oid_input_HEX[jj]);
|
|
318 |
}
|
|
319 |
puts(")");
|
|
320 |
}
|
|
321 |
multi_precision_integer("ECDH Q");
|
|
322 |
/* note - what follows is most of what the "draft-ietf-openpgp-crypto-refresh-04"
|
|
323 |
* specifies for "13.5 EC DH Algorithm (ECDH)" minus the following:
|
|
324 |
* a) 'one-octet public key algorithm ID defined in Section 9.1'
|
|
325 |
* b) '20 octets representing the UTF-8 encoding of the string "Anonymous Sender"'
|
|
326 |
* c) '20 octets representing a recipient encryption subkey or a primary key fingerprint'
|
|
327 |
* The end result is consonant with GnuPG-2.3.3 "list-packets" output in fields/bytes,
|
|
328 |
* though gpg-2.3.3 displays "pkey[2]" [32 bits]" where the supposed KDF parameters exist.
|
|
329 |
*/
|
|
330 |
unsigned int KDFparmsSize,KDFbits,KDFhashID,KDFsymAlgoID;
|
|
331 |
KDFparmsSize=Getc();/*don't display*/
|
|
332 |
KDFbits=(KDFparmsSize + 1)*8;
|
|
333 |
Getc();/*bypass supposed KDF constant */
|
|
334 |
KDFhashID=Getc();
|
|
335 |
KDFsymAlgoID=Getc();
|
|
336 |
printf("\tECDH KDF params(%d bits) - ...\n",KDFbits);
|
|
337 |
printf("\t\t%s ","KDFhashID: ");
|
|
338 |
hash_algs(KDFhashID);
|
|
339 |
printf("\t\t%s ","KDFsymAlgoID: ");
|
|
340 |
sym_algs(KDFsymAlgoID);
|
|
341 |
break;
|
|
342 |
case 19:/*ECDSA*/
|
|
343 |
oidLEN = Getc();
|
|
344 |
for(jj=0;jj<oidLEN;jj++){oid_input_HEX[jj]=Getc();}
|
|
345 |
for(jj=0;jj<ELLIP_CURVES_NUM;jj++){
|
|
346 |
if(memcmp(ELLIP_CURVES[jj].oidhex,oid_input_HEX,oid_input_HEX_size) == 0){
|
|
347 |
FoundECC=YES;
|
|
348 |
break;
|
|
349 |
}
|
|
350 |
}
|
|
351 |
if(FoundECC){
|
|
352 |
printf("\tElliptic Curve - ");
|
|
353 |
printf("%s (%s)\n",ELLIP_CURVES[jj].name,ELLIP_CURVES[jj].oidstring);
|
|
354 |
}
|
|
355 |
else{
|
|
356 |
printf("\tunknown(elliptic curve - ");
|
|
357 |
for(jj=0;jj<oidLEN;jj++){
|
|
358 |
printf("%02hhu,%02x ",oid_input_HEX[jj],oid_input_HEX[jj]);
|
|
359 |
}
|
|
360 |
puts(")");
|
|
361 |
}
|
|
362 |
multi_precision_integer("ECDSA Q");
|
|
363 |
break;
|
|
364 |
case 22:/*EdDSA*/
|
|
365 |
oidLEN = Getc();
|
|
366 |
for(jj=0;jj<oidLEN;jj++){oid_input_HEX[jj]=Getc();}
|
|
367 |
for(jj=0;jj<ELLIP_CURVES_NUM;jj++){
|
|
368 |
if(memcmp(ELLIP_CURVES[jj].oidhex,oid_input_HEX,oid_input_HEX_size) == 0){
|
|
369 |
FoundECC=YES;
|
|
370 |
break;
|
|
371 |
}
|
|
372 |
}
|
|
373 |
if(FoundECC){
|
|
374 |
printf("\tElliptic Curve - ");
|
|
375 |
printf("%s (%s)\n",ELLIP_CURVES[jj].name,ELLIP_CURVES[jj].oidstring);
|
|
376 |
}
|
|
377 |
else{
|
|
378 |
printf("\tunknown(elliptic curve - ");
|
|
379 |
for(jj=0;jj<oidLEN;jj++){
|
|
380 |
printf("%02hhu,%02x ",oid_input_HEX[jj],oid_input_HEX[jj]);
|
|
381 |
}
|
|
382 |
puts(")");
|
|
383 |
}
|
|
384 |
multi_precision_integer("EdDSA Q");
|
|
385 |
break;
|
|
386 |
|
171 | 387 |
default:
|
172 | 388 |
printf("\tUnknown secret key(pub %d)\n", PUBLIC);
|
173 | 389 |
skip(len - 2);
|
|
184 | 400 |
}
|
185 | 401 |
}
|
186 | 402 |
|
|
403 |
/*
|
|
404 |
* 2021-11-29: Added cases 18,19,20
|
|
405 |
*/
|
187 | 406 |
private void
|
188 | 407 |
encrypted_Secret_Key(int len, int sha1)
|
189 | 408 |
{
|
|
220 | 439 |
case 17:
|
221 | 440 |
printf("\tEncrypted DSA x\n");
|
222 | 441 |
break;
|
|
442 |
case 18:
|
|
443 |
printf("\tEncrypted ECDH x\n");
|
|
444 |
break;
|
|
445 |
case 19:
|
|
446 |
printf("\tEncrypted ECDSA x\n");
|
|
447 |
break;
|
|
448 |
case 22:
|
|
449 |
printf("\tEncrypted EdDSA x\n");
|
|
450 |
break;
|
223 | 451 |
default:
|
224 | 452 |
printf("\tUnknown encrypted key(pub %d)\n", PUBLIC);
|
225 | 453 |
break;
|