Add full Camellia support.

* configure.ac: Remove Camellia restriction. * gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia restriction. * misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and openpgp_cipher_get_algo_blklen to wrap around the corresponding gcry_* functions, but pass the algorithm number through map_cipher_openpgp_to_gcry. This is needed in case the gcry algorithm number doesn't match the OpenPGP number (c.f. Camellia). * encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c, seskey.c, passphrase.c, seckey-cert.c: Use new openpgp_cipher_* macros here.
2025-04-17 15:44:34 +02:00 · 2009-06-05 14:11:03 +00:00 · 2009-06-05 14:11:03 +00:00 · 047d97e95e
commit 047d97e95e
parent 6f287d4e3f
14 changed files with 72 additions and 92 deletions
--- a/4
+++ b/4
@ -1,3 +1,7 @@
 2009-06-05  David Shaw  <dshaw@jabberwocky.com>
 	* configure.ac: Remove Camellia restriction.
 2009-04-01  Werner Koch  <wk@g10code.com>
 	* configure.ac: Test for fsync.
--- a/configure.ac
+++ b/configure.ac
@ -74,7 +74,6 @@ have_adns=no
 use_bzip2=yes
 use_exec=yes
 disable_keyserver_path=no
 use_camellia=no
 GNUPG_BUILD_PROGRAM(gpg, yes)
@ -174,22 +173,6 @@ AC_ARG_ENABLE(bzip2,
   use_bzip2=$enableval)
 AC_MSG_RESULT($use_bzip2)
 # Check whether testing support for Camellia has been requested
 AC_MSG_CHECKING([whether to enable the CAMELLIA cipher for gpg])
 AC_ARG_ENABLE(camellia,
   AC_HELP_STRING([--enable-camellia],[enable the CAMELLIA cipher for gpg]),
   use_camellia=$enableval)
 AC_MSG_RESULT($use_camellia)
 if test x"$use_camellia" = xyes ; then
   AC_DEFINE(USE_CAMELLIA,1,[Define to include the CAMELLIA cipher into gpg])
   AC_MSG_WARN([[
 ***
 *** The Camellia cipher for gpg is for testing only and 
 *** is NOT for production use!
 ***]])
 fi
 # Configure option to allow or disallow execution of external
 # programs, like a photo viewer.
 AC_MSG_CHECKING([whether to enable external program execution])
@ -1489,10 +1472,3 @@ echo "
                 gpg-check-pattern will not be build.
 "
 fi
 if test  x"$use_camellia" = xyes ; then
  echo
  echo "WARNING: The Camellia cipher for gpg is for testing only"
  echo "         and is NOT for production use!"
  echo
 fi
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,19 @@
 2009-06-05  David Shaw  <dshaw@jabberwocky.com>
 	* gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia
 	restriction.
 	* misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for
 	openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and
 	openpgp_cipher_get_algo_blklen to wrap around the corresponding
 	gcry_* functions, but pass the algorithm number through
 	map_cipher_openpgp_to_gcry.  This is needed in case the gcry
 	algorithm number doesn't match the OpenPGP number (c.f. Camellia).
 	* encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c,
 	seskey.c, passphrase.c, seckey-cert.c: Use new openpgp_cipher_*
 	macros here.
 2009-06-02  Werner Koch  <wk@g10code.com>
 	* card-util.c (get_manufacturer): Add new manufacturer.
--- a/g10/cipher.c
+++ b/g10/cipher.c
@ -1,6 +1,6 @@
 /* cipher.c - En-/De-ciphering filter
 * Copyright (C) 1998, 1999, 2000, 2001, 2003,
- *               2006 Free Software Foundation, Inc.
+ *               2006, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -49,7 +49,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
    unsigned int blocksize;
    unsigned int nprefix;
-    blocksize = gcry_cipher_get_algo_blklen (cfx->dek->algo);
+    blocksize = openpgp_cipher_get_algo_blklen (cfx->dek->algo);
    if ( blocksize < 8 || blocksize > 16 )
 	log_fatal("unsupported blocksize %u\n", blocksize );
@ -81,12 +81,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
    temp[nprefix] = temp[nprefix-2];
    temp[nprefix+1] = temp[nprefix-1];
    print_cipher_algo_note( cfx->dek->algo );
-    err = gcry_cipher_open (&cfx->cipher_hd, 
+    err = openpgp_cipher_open (&cfx->cipher_hd, 
-                            cfx->dek->algo,
+			       cfx->dek->algo,
-                            GCRY_CIPHER_MODE_CFB,
+			       GCRY_CIPHER_MODE_CFB,
-                            (GCRY_CIPHER_SECURE
+			       (GCRY_CIPHER_SECURE
-                             | ((cfx->dek->use_mdc || cfx->dek->algo >= 100)?
+				| ((cfx->dek->use_mdc || cfx->dek->algo >= 100)?
-                                0 : GCRY_CIPHER_ENABLE_SYNC)));
+				   0 : GCRY_CIPHER_ENABLE_SYNC)));
    if (err) {
 	/* We should never get an error here cause we already checked,
 	 * that the algorithm is available.  */
--- a/g10/encode.c
+++ b/g10/encode.c
@ -1,6 +1,6 @@
 /* encode.c - encode data
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
- *               2006 Free Software Foundation, Inc.
+ *               2006, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -86,7 +86,7 @@ encode_seskey( DEK *dek, DEK **seskey, byte *enckey )
    /* We only pass already checked values to the following fucntion,
       thus we consider any failure as fatal.  */
-    if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
+    if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
      BUG ();
    if (gcry_cipher_setkey (hd, dek->key, dek->keylen))
      BUG ();
@ -142,7 +142,7 @@ use_mdc(PK_LIST pk_list,int algo)
  /* Last try.  Use MDC for the modern ciphers. */
-  if (gcry_cipher_get_algo_blklen (algo) != 8)
+  if (openpgp_cipher_get_algo_blklen (algo) != 8)
    return 1;
  if (opt.verbose)
@ -237,7 +237,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
 	  {
 	    DEK *dek = NULL;
-            seskeylen = gcry_cipher_get_algo_keylen (default_cipher_algo ());
+            seskeylen = openpgp_cipher_get_algo_keylen (default_cipher_algo ());
            encode_seskey( cfx.dek, &dek, enckey );
            xfree( cfx.dek ); cfx.dek = dek;
 	  }
@ -411,7 +411,7 @@ setup_symkey(STRING2KEY **symkey_s2k,DEK **symkey_dek)
 static int
 write_symkey_enc(STRING2KEY *symkey_s2k,DEK *symkey_dek,DEK *dek,IOBUF out)
 {
-  int rc, seskeylen = gcry_cipher_get_algo_keylen (dek->algo);
+  int rc, seskeylen = openpgp_cipher_get_algo_keylen (dek->algo);
  PKT_symkey_enc *enc;
  byte enckey[33];
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@ -1,6 +1,6 @@
 /* encr-data.c -  process an encrypted data packet
 * Copyright (C) 1998, 1999, 2000, 2001, 2005,
- *               2006 Free Software Foundation, Inc.
+ *               2006, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -98,7 +98,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
  rc = openpgp_cipher_test_algo (dek->algo);
  if (rc)
    goto leave;
-  blocksize = gcry_cipher_get_algo_blklen (dek->algo);
+  blocksize = openpgp_cipher_get_algo_blklen (dek->algo);
  if ( !blocksize || blocksize > 16 )
    log_fatal ("unsupported blocksize %u\n", blocksize );
  nprefix = blocksize;
@ -113,11 +113,11 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
        gcry_md_start_debug (dfx->mdc_hash, "checkmdc");
    }
-  rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo,
+  rc = openpgp_cipher_open (&dfx->cipher_hd, dek->algo,
-                         GCRY_CIPHER_MODE_CFB,
+			    GCRY_CIPHER_MODE_CFB,
-                         (GCRY_CIPHER_SECURE
+			    (GCRY_CIPHER_SECURE
-                          | ((ed->mdc_method || dek->algo >= 100)?
+			     | ((ed->mdc_method || dek->algo >= 100)?
-                             0 : GCRY_CIPHER_ENABLE_SYNC)));
+				0 : GCRY_CIPHER_ENABLE_SYNC)));
  if (rc)
    {
      /* We should never get an error here cause we already checked
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -1,6 +1,6 @@
 /* gpg.c - The GnuPG utility (main for gpg)
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
- *               2006, 2007, 2008 Free Software Foundation, Inc.
+ *               2006, 2007, 2008, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -2963,15 +2963,6 @@ main (int argc, char **argv)
        log_set_prefix (NULL, 1|2|4);
      }
 #ifdef USE_CAMELLIA    
    /* We better also print a runtime warning if people build it with
       support for Camellia (which is not yet defined by OpenPGP). */
    log_info ("WARNING: This version has been built with support for the "
              "Camellia cipher.\n");
    log_info ("         It is for testing only and is NOT for production "
              "use!\n");
 #endif
    /* Older Libgcrypts fail with an assertion during DSA key
       generation.  Better disable DSA2 entirely. */
    if (opt.flags.dsa2 && !gcry_check_version ("1.4.0") )
@ -4323,4 +4314,3 @@ add_keyserver_url( const char *string, int which )
  if(critical)
    sl->flags |= 1;    
 }
--- a/g10/main.h
+++ b/g10/main.h
@ -1,6 +1,6 @@
 /* main.h
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- *               2008 Free Software Foundation, Inc.
+ *               2008, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -82,6 +82,10 @@ u16 checksum( byte *p, unsigned n );
 u16 checksum_mpi( gcry_mpi_t a );
 u32 buffer_to_u32( const byte *buffer );
 const byte *get_session_marker( size_t *rlen );
 int map_cipher_openpgp_to_gcry (int algo);
 #define openpgp_cipher_open(_a,_b,_c,_d) gcry_cipher_open((_a),map_cipher_openpgp_to_gcry((_b)),(_c),(_d))
 #define openpgp_cipher_get_algo_keylen(_a) gcry_cipher_get_algo_keylen(map_cipher_openpgp_to_gcry((_a)))
 #define openpgp_cipher_get_algo_blklen(_a) gcry_cipher_get_algo_blklen(map_cipher_openpgp_to_gcry((_a)))
 int openpgp_cipher_blocklen (int algo);
 int openpgp_cipher_test_algo( int algo );
 const char *openpgp_cipher_algo_name (int algo);
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@ -1,6 +1,6 @@
 /* mainproc.c - handle packets
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- *               2008 Free Software Foundation, Inc.
+ *               2008, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -233,7 +233,7 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen )
      return G10ERR_BAD_KEY;
    }
-  if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
+  if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
      BUG ();
  if (gcry_cipher_setkey ( hd, dek->key, dek->keylen ))
    BUG ();
--- a/g10/misc.c
+++ b/g10/misc.c
@ -1,6 +1,6 @@
 /* misc.c - miscellaneous functions
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
- *               2008 Free Software Foundation, Inc.
+ *               2008, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -340,7 +340,7 @@ print_digest_algo_note( int algo )
 /* Map OpenPGP algo numbers to those used by Libgcrypt.  We need to do
   this for algorithms we implemented in Libgcrypt after they become
   part of OpenPGP.  */
-static int
+int
 map_cipher_openpgp_to_gcry (int algo)
 {
  switch (algo)
@ -400,15 +400,6 @@ openpgp_cipher_test_algo( int algo )
  if ( algo < 0 || algo > 110 || algo == 5 || algo == 6 )
    return gpg_error (GPG_ERR_CIPHER_ALGO);
  /* Camellia is not yet defined for OpenPGP thus only allow it if
     requested.  */
 #ifndef USE_CAMELLIA
  if (algo == CIPHER_ALGO_CAMELLIA128 
      || algo == CIPHER_ALGO_CAMELLIA192
      || algo == CIPHER_ALGO_CAMELLIA256)
    return gpg_error (GPG_ERR_CIPHER_ALGO);
 #endif
  return gcry_cipher_test_algo (map_cipher_openpgp_to_gcry (algo));
 }
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@ -1,6 +1,6 @@
 /* passphrase.c -  Get a passphrase
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- *               2005, 2006, 2007 Free Software Foundation, Inc.
+ *               2005, 2006, 2007, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -61,7 +61,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
  int pwlen = strlen(pw);
  assert ( s2k->hash_algo );
-  dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
+  dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
  if ( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) )
    BUG();
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@ -1,6 +1,6 @@
 /* pubkey-enc.c -  public key encoded packet handling
 * Copyright (C) 1998, 1999, 2000, 2001, 2002,
- *               2006  Free Software Foundation, Inc.
+ *               2006, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -251,7 +251,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
 	dek->algo = 0;
 	goto leave;
    }
-    if ( dek->keylen != gcry_cipher_get_algo_keylen (dek->algo) ) {
+    if ( dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo) ) {
 	rc = GPG_ERR_WRONG_SECKEY;
 	goto leave;
    }
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@ -1,6 +1,6 @@
 /* seckey-cert.c -  secret key certificate packet handling
 * Copyright (C) 1998, 1999, 2000, 2001, 2002,
- *               2006  Free Software Foundation, Inc.
+ *               2006, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -86,11 +86,11 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode,
 	    return G10ERR_GENERAL;
-	err = gcry_cipher_open (&cipher_hd, sk->protect.algo,
+	err = openpgp_cipher_open (&cipher_hd, sk->protect.algo,
-                                GCRY_CIPHER_MODE_CFB,
+				   GCRY_CIPHER_MODE_CFB,
-                                (GCRY_CIPHER_SECURE
+				   (GCRY_CIPHER_SECURE
-                                 | (sk->protect.algo >= 100 ?
+				    | (sk->protect.algo >= 100 ?
-                                    0 : GCRY_CIPHER_ENABLE_SYNC)));
+				       0 : GCRY_CIPHER_ENABLE_SYNC)));
        if (err)
          log_fatal ("cipher open failed: %s\n", gpg_strerror (err) );
@ -351,16 +351,16 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
 	else {
 	    print_cipher_algo_note( sk->protect.algo );
-	    if ( gcry_cipher_open (&cipher_hd, sk->protect.algo,
+	    if ( openpgp_cipher_open (&cipher_hd, sk->protect.algo,
-                                   GCRY_CIPHER_MODE_CFB,
+				      GCRY_CIPHER_MODE_CFB,
-                                   (GCRY_CIPHER_SECURE
+				      (GCRY_CIPHER_SECURE
-                                    | (sk->protect.algo >= 100 ?
+				       | (sk->protect.algo >= 100 ?
-                                       0 : GCRY_CIPHER_ENABLE_SYNC))) )
+					  0 : GCRY_CIPHER_ENABLE_SYNC))) )
              BUG();
 	    if ( gcry_cipher_setkey ( cipher_hd, dek->key, dek->keylen ) )
 		log_info(_("WARNING: Weak key detected"
 			   " - please change passphrase again.\n"));
-	    sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo);
+	    sk->protect.ivlen = openpgp_cipher_get_algo_blklen (sk->protect.algo);
 	    assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
 	    if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
 		BUG(); /* yes, we are very careful */
@ -471,4 +471,3 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
    }
    return rc;
 }
--- a/g10/seskey.c
+++ b/g10/seskey.c
@ -1,6 +1,6 @@
 /* seskey.c -  make sesssion keys etc.
 * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004,
- *               2006 Free Software Foundation, Inc.
+ *               2006, 2009 Free Software Foundation, Inc.
 *
 * This file is part of GnuPG.
 *
@ -40,12 +40,12 @@ make_session_key( DEK *dek )
    gcry_cipher_hd_t chd;
    int i, rc;
-    dek->keylen = gcry_cipher_get_algo_keylen (dek->algo);
+    dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo);
-    if (gcry_cipher_open (&chd, dek->algo, GCRY_CIPHER_MODE_CFB,
+    if (openpgp_cipher_open (&chd, dek->algo, GCRY_CIPHER_MODE_CFB,
-                          (GCRY_CIPHER_SECURE
+			     (GCRY_CIPHER_SECURE
-                           | (dek->algo >= 100 ?
+			      | (dek->algo >= 100 ?
-                              0 : GCRY_CIPHER_ENABLE_SYNC))) )
+				 0 : GCRY_CIPHER_ENABLE_SYNC))) )
      BUG();
    gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM );
    for (i=0; i < 16; i++ )