security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Activity

Add full Camellia support. 

* configure.ac: Remove Camellia restriction.

* gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia
restriction.

* misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for
openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and
openpgp_cipher_get_algo_blklen to wrap around the corresponding gcry_*
functions, but pass the algorithm number through
map_cipher_openpgp_to_gcry.  This is needed in case the gcry algorithm
number doesn't match the OpenPGP number (c.f. Camellia).

* encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c, seskey.c,
passphrase.c, seckey-cert.c: Use new openpgp_cipher_* macros here.
This commit is contained in:
David Shaw 2009-06-05 14:11:03 +00:00
parent 6f287d4e3f
commit 047d97e95e
14 changed files with 72 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,3 +1,7 @@
2009-06-05 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Remove Camellia restriction.
2009-04-01 Werner Koch <wk@g10code.com>
* configure.ac: Test for fsync.

24
configure.ac
View File

@ -74,7 +74,6 @@ have_adns=no
use_bzip2=yes
use_exec=yes
disable_keyserver_path=no
use_camellia=no
GNUPG_BUILD_PROGRAM(gpg, yes)
@ -174,22 +173,6 @@ AC_ARG_ENABLE(bzip2,
use_bzip2=$enableval)
AC_MSG_RESULT($use_bzip2)
# Check whether testing support for Camellia has been requested
AC_MSG_CHECKING([whether to enable the CAMELLIA cipher for gpg])
AC_ARG_ENABLE(camellia,
AC_HELP_STRING([--enable-camellia],[enable the CAMELLIA cipher for gpg]),
use_camellia=$enableval)
AC_MSG_RESULT($use_camellia)
if test x"$use_camellia" = xyes ; then
AC_DEFINE(USE_CAMELLIA,1,[Define to include the CAMELLIA cipher into gpg])
AC_MSG_WARN([[
***
*** The Camellia cipher for gpg is for testing only and
*** is NOT for production use!
***]])
fi
# Configure option to allow or disallow execution of external
# programs, like a photo viewer.
AC_MSG_CHECKING([whether to enable external program execution])
@ -1489,10 +1472,3 @@ echo "
gpg-check-pattern will not be build.
"
fi
if test x"$use_camellia" = xyes ; then
echo
echo "WARNING: The Camellia cipher for gpg is for testing only"
echo " and is NOT for production use!"
echo
fi

16
g10/ChangeLog
View File

@ -1,3 +1,19 @@
2009-06-05 David Shaw <dshaw@jabberwocky.com>
* gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia
restriction.
* misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for
openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and
openpgp_cipher_get_algo_blklen to wrap around the corresponding
gcry_* functions, but pass the algorithm number through
map_cipher_openpgp_to_gcry. This is needed in case the gcry
algorithm number doesn't match the OpenPGP number (c.f. Camellia).
* encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c,
seskey.c, passphrase.c, seckey-cert.c: Use new openpgp_cipher_*
macros here.
2009-06-02 Werner Koch <wk@g10code.com>
* card-util.c (get_manufacturer): Add new manufacturer.

16
g10/cipher.c
View File

@ -1,6 +1,6 @@
/* cipher.c - En-/De-ciphering filter
* Copyright (C) 1998, 1999, 2000, 2001, 2003,
* 2006 Free Software Foundation, Inc.
* 2006, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -49,7 +49,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
unsigned int blocksize;
unsigned int nprefix;
blocksize = gcry_cipher_get_algo_blklen (cfx->dek->algo);
blocksize = openpgp_cipher_get_algo_blklen (cfx->dek->algo);
if ( blocksize < 8 || blocksize > 16 )
log_fatal("unsupported blocksize %u\n", blocksize );
@ -81,12 +81,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
temp[nprefix] = temp[nprefix-2];
temp[nprefix+1] = temp[nprefix-1];
print_cipher_algo_note( cfx->dek->algo );
err = gcry_cipher_open (&cfx->cipher_hd,
cfx->dek->algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| ((cfx->dek->use_mdc || cfx->dek->algo >= 100)?
0 : GCRY_CIPHER_ENABLE_SYNC)));
err = openpgp_cipher_open (&cfx->cipher_hd,
cfx->dek->algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| ((cfx->dek->use_mdc || cfx->dek->algo >= 100)?
0 : GCRY_CIPHER_ENABLE_SYNC)));
if (err) {
/* We should never get an error here cause we already checked,
* that the algorithm is available. */

10
g10/encode.c
View File

@ -1,6 +1,6 @@
/* encode.c - encode data
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
* 2006 Free Software Foundation, Inc.
* 2006, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -86,7 +86,7 @@ encode_seskey( DEK *dek, DEK **seskey, byte *enckey )
/* We only pass already checked values to the following fucntion,
thus we consider any failure as fatal. */
if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
BUG ();
if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
BUG ();
@ -142,7 +142,7 @@ use_mdc(PK_LIST pk_list,int algo)
/* Last try. Use MDC for the modern ciphers. */
if (gcry_cipher_get_algo_blklen (algo) != 8)
if (openpgp_cipher_get_algo_blklen (algo) != 8)
return 1;
if (opt.verbose)
@ -237,7 +237,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
{
DEK *dek = NULL;
seskeylen = gcry_cipher_get_algo_keylen (default_cipher_algo ());
seskeylen = openpgp_cipher_get_algo_keylen (default_cipher_algo ());
encode_seskey( cfx.dek, &dek, enckey );
xfree( cfx.dek ); cfx.dek = dek;
}
@ -411,7 +411,7 @@ setup_symkey(STRING2KEY **symkey_s2k,DEK **symkey_dek)
static int
write_symkey_enc(STRING2KEY *symkey_s2k,DEK *symkey_dek,DEK *dek,IOBUF out)
{
int rc, seskeylen = gcry_cipher_get_algo_keylen (dek->algo);
int rc, seskeylen = openpgp_cipher_get_algo_keylen (dek->algo);
PKT_symkey_enc *enc;
byte enckey[33];

14
g10/encr-data.c
View File

@ -1,6 +1,6 @@
/* encr-data.c - process an encrypted data packet
* Copyright (C) 1998, 1999, 2000, 2001, 2005,
* 2006 Free Software Foundation, Inc.
* 2006, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -98,7 +98,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
rc = openpgp_cipher_test_algo (dek->algo);
if (rc)
goto leave;
blocksize = gcry_cipher_get_algo_blklen (dek->algo);
blocksize = openpgp_cipher_get_algo_blklen (dek->algo);
if ( !blocksize || blocksize > 16 )
log_fatal ("unsupported blocksize %u\n", blocksize );
nprefix = blocksize;
@ -113,11 +113,11 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
gcry_md_start_debug (dfx->mdc_hash, "checkmdc");
}
rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| ((ed->mdc_method || dek->algo >= 100)?
0 : GCRY_CIPHER_ENABLE_SYNC)));
rc = openpgp_cipher_open (&dfx->cipher_hd, dek->algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| ((ed->mdc_method || dek->algo >= 100)?
0 : GCRY_CIPHER_ENABLE_SYNC)));
if (rc)
{
/* We should never get an error here cause we already checked

12
g10/gpg.c
View File

@ -1,6 +1,6 @@
/* gpg.c - The GnuPG utility (main for gpg)
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
* 2006, 2007, 2008 Free Software Foundation, Inc.
* 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -2963,15 +2963,6 @@ main (int argc, char **argv)
log_set_prefix (NULL, 1|2|4);
}
#ifdef USE_CAMELLIA
/* We better also print a runtime warning if people build it with
support for Camellia (which is not yet defined by OpenPGP). */
log_info ("WARNING: This version has been built with support for the "
"Camellia cipher.\n");
log_info (" It is for testing only and is NOT for production "
"use!\n");
#endif
/* Older Libgcrypts fail with an assertion during DSA key
generation. Better disable DSA2 entirely. */
if (opt.flags.dsa2 && !gcry_check_version ("1.4.0") )
@ -4323,4 +4314,3 @@ add_keyserver_url( const char *string, int which )
if(critical)
sl->flags |= 1;
}

6
g10/main.h
View File

@ -1,6 +1,6 @@
/* main.h
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008 Free Software Foundation, Inc.
* 2008, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -82,6 +82,10 @@ u16 checksum( byte *p, unsigned n );
u16 checksum_mpi( gcry_mpi_t a );
u32 buffer_to_u32( const byte *buffer );
const byte *get_session_marker( size_t *rlen );
int map_cipher_openpgp_to_gcry (int algo);
#define openpgp_cipher_open(_a,_b,_c,_d) gcry_cipher_open((_a),map_cipher_openpgp_to_gcry((_b)),(_c),(_d))
#define openpgp_cipher_get_algo_keylen(_a) gcry_cipher_get_algo_keylen(map_cipher_openpgp_to_gcry((_a)))
#define openpgp_cipher_get_algo_blklen(_a) gcry_cipher_get_algo_blklen(map_cipher_openpgp_to_gcry((_a)))
int openpgp_cipher_blocklen (int algo);
int openpgp_cipher_test_algo( int algo );
const char *openpgp_cipher_algo_name (int algo);

4
g10/mainproc.c
View File

@ -1,6 +1,6 @@
/* mainproc.c - handle packets
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008 Free Software Foundation, Inc.
* 2008, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -233,7 +233,7 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
return G10ERR_BAD_KEY;
}
if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
BUG ();
if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
BUG ();

13
g10/misc.c
View File

@ -1,6 +1,6 @@
/* misc.c - miscellaneous functions
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
* 2008 Free Software Foundation, Inc.
* 2008, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -340,7 +340,7 @@ print_digest_algo_note( int algo )
/* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do
this for algorithms we implemented in Libgcrypt after they become
part of OpenPGP. */
static int
int
map_cipher_openpgp_to_gcry (int algo)
{
switch (algo)
@ -400,15 +400,6 @@ openpgp_cipher_test_algo( int algo )
if ( algo < 0 || algo > 110 || algo == 5 || algo == 6 )
return gpg_error (GPG_ERR_CIPHER_ALGO);
/* Camellia is not yet defined for OpenPGP thus only allow it if
requested. */
#ifndef USE_CAMELLIA
if (algo == CIPHER_ALGO_CAMELLIA128
|| algo == CIPHER_ALGO_CAMELLIA192
|| algo == CIPHER_ALGO_CAMELLIA256)
return gpg_error (GPG_ERR_CIPHER_ALGO);
#endif
return gcry_cipher_test_algo (map_cipher_openpgp_to_gcry (algo));
}

4
g10/passphrase.c
View File

@ -1,6 +1,6 @@
/* passphrase.c - Get a passphrase
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2005, 2006, 2007 Free Software Foundation, Inc.
* 2005, 2006, 2007, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -61,7 +61,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
int pwlen = strlen(pw);
assert ( s2k->hash_algo );
dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
if ( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) )
BUG();

4
g10/pubkey-enc.c
View File

@ -1,6 +1,6 @@
/* pubkey-enc.c - public key encoded packet handling
* Copyright (C) 1998, 1999, 2000, 2001, 2002,
* 2006 Free Software Foundation, Inc.
* 2006, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -251,7 +251,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
dek->algo = 0;
goto leave;
}
if ( dek->keylen != gcry_cipher_get_algo_keylen (dek->algo) ) {
if ( dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo) ) {
rc = GPG_ERR_WRONG_SECKEY;
goto leave;
}

25
g10/seckey-cert.c
View File

@ -1,6 +1,6 @@
/* seckey-cert.c - secret key certificate packet handling
* Copyright (C) 1998, 1999, 2000, 2001, 2002,
* 2006 Free Software Foundation, Inc.
* 2006, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -86,11 +86,11 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
return G10ERR_GENERAL;
err = gcry_cipher_open (&cipher_hd, sk->protect.algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| (sk->protect.algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC)));
err = openpgp_cipher_open (&cipher_hd, sk->protect.algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| (sk->protect.algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC)));
if (err)
log_fatal ("cipher open failed: %s\n", gpg_strerror (err) );
@ -351,16 +351,16 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
else {
print_cipher_algo_note( sk->protect.algo );
if ( gcry_cipher_open (&cipher_hd, sk->protect.algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| (sk->protect.algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC))) )
if ( openpgp_cipher_open (&cipher_hd, sk->protect.algo,
GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| (sk->protect.algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC))) )
BUG();
if ( gcry_cipher_setkey ( cipher_hd, dek->key, dek->keylen ) )
log_info(_("WARNING: Weak key detected"
" - please change passphrase again.\n"));
sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo);
sk->protect.ivlen = openpgp_cipher_get_algo_blklen (sk->protect.algo);
assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
BUG(); /* yes, we are very careful */
@ -471,4 +471,3 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
}
return rc;
}

12
g10/seskey.c
View File

@ -1,6 +1,6 @@
/* seskey.c - make sesssion keys etc.
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
* 2006 Free Software Foundation, Inc.
* 2006, 2009 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -40,12 +40,12 @@ make_session_key( DEK *dek )
gcry_cipher_hd_t chd;
int i, rc;
dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
if (gcry_cipher_open (&chd, dek->algo, GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| (dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC))) )
if (openpgp_cipher_open (&chd, dek->algo, GCRY_CIPHER_MODE_CFB,
(GCRY_CIPHER_SECURE
| (dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC))) )
BUG();
gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
for (i=0; i < 16; i++ )