security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

Finished ECC integration.

Browse source 
Wrote the ChangeLog 2011-01-13 entry for Andrey's orginal work modulo
the cleanups I did in the last week.  Adjusted my own ChangeLog
entries to be consistent with that entry.

Nuked quite some trailing spaces; again sorry for that, I will better
take care of not saving them in the future.  "git diff -b" is useful
to read the actual changes ;-).

The ECC-INTEGRATION-2-1 branch can be closed now.
This commit is contained in:
Werner Koch 2011-02-03 16:31:42 +01:00
parent 20f429f735
commit 0b5bcb40cf
11 changed files with 336 additions and 292 deletions
Download patch file Download diff file Expand all files Collapse all files

165
agent/protect.c
View file

@ -1,6 +1,6 @@
/* protect.c - Un/Protect a secret key
* Copyright (C) 1998, 1999, 2000, 2001, 2002,
* 2003, 2007, 2009 Free Software Foundation, Inc.
* 2003, 2007, 2009, 2011 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -85,14 +85,14 @@ calibrate_get_time (struct calibrate_time_s *data)
#ifdef HAVE_W32_SYSTEM
# ifdef HAVE_W32CE_SYSTEM
GetThreadTimes (GetCurrentThread (),
# else
# else
GetProcessTimes (GetCurrentProcess (),
# endif
&data->creation_time, &data->exit_time,
&data->kernel_time, &data->user_time);
#else
struct tms tmp;
times (&tmp);
data->ticks = tmp.tms_utime;
#endif
@ -103,12 +103,12 @@ static unsigned long
calibrate_elapsed_time (struct calibrate_time_s *starttime)
{
struct calibrate_time_s stoptime;
calibrate_get_time (&stoptime);
#ifdef HAVE_W32_SYSTEM
{
unsigned long long t1, t2;
t1 = (((unsigned long long)starttime->kernel_time.dwHighDateTime << 32)
+ starttime->kernel_time.dwLowDateTime);
t1 += (((unsigned long long)starttime->user_time.dwHighDateTime << 32)
@ -145,7 +145,7 @@ calibrate_s2k_count_one (unsigned long count)
/* Measure the time we need to do the hash operations and deduce an
S2K count which requires about 100ms of time. */
S2K count which requires about 100ms of time. */
static unsigned long
calibrate_s2k_count (void)
{
@ -197,7 +197,7 @@ get_standard_s2k_count (void)
/* Calculate the MIC for a private key or shared secret S-expression.
SHA1HASH should point to a 20 byte buffer. This function is
suitable for all algorithms. */
static int
static int
calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
{
const unsigned char *hash_begin, *hash_end;
@ -211,13 +211,13 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
if (smatch (&s, n, "private-key"))
is_shared_secret = 0;
else if (smatch (&s, n, "shared-secret"))
is_shared_secret = 1;
else
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
hash_begin = s;
@ -226,7 +226,7 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s += n; /* Skip the algorithm name. */
}
@ -235,18 +235,18 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s += n;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s += n;
if ( *s != ')' )
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s++;
}
if (*s != ')')
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s++;
hash_end = s;
@ -269,7 +269,7 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
(d #046129F..[some bytes not shown]..81#)
(p #00e861b..[some bytes not shown]..f1#)
(q #00f7a7c..[some bytes not shown]..61#)
(u #304559a..[some bytes not shown]..9b#)
(u #304559a..[some bytes not shown]..9b#)
the returned block is the S-Expression:
@ -277,7 +277,7 @@ calculate_mic (const unsigned char *plainkey, unsigned char *sha1hash)
*/
static int
do_encryption (const unsigned char *protbegin, size_t protlen,
do_encryption (const unsigned char *protbegin, size_t protlen,
const char *passphrase, const unsigned char *sha1hash,
unsigned char **result, size_t *resultlen)
{
@ -330,14 +330,14 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
{
unsigned char *key;
size_t keylen = PROT_CIPHER_KEYLEN;
key = gcry_malloc_secure (keylen);
if (!key)
rc = out_of_core ();
else
{
rc = hash_passphrase (passphrase, GCRY_MD_SHA1,
3, iv+2*blklen,
3, iv+2*blklen,
get_standard_s2k_count (), key, keylen);
if (!rc)
rc = gcry_cipher_setkey (hd, key, keylen);
@ -357,7 +357,7 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
p += 20;
*p++ = ')';
*p++ = ')';
memcpy (p, iv+blklen, blklen);
memcpy (p, iv+blklen, blklen);
p += blklen;
assert ( p - outbuf == outlen);
rc = gcry_cipher_encrypt (hd, outbuf, enclen, NULL, 0);
@ -375,7 +375,7 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
(protected openpgp-s2k3-sha1-aes-cbc
((sha1 salt no_of_iterations) 16byte_iv)
encrypted_octet_string)
in canoncical format of course. We use asprintf and %n modifier
and dummy values as placeholders. */
{
@ -385,7 +385,7 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
p = xtryasprintf
("(9:protected%d:%s((4:sha18:%n_8bytes_%u:%s)%d:%n%*s)%d:%n%*s)",
(int)strlen (modestr), modestr,
&saltpos,
&saltpos,
(unsigned int)strlen (countbuf), countbuf,
blklen, &ivpos, blklen, "",
enclen, &encpos, enclen, "");
@ -411,7 +411,7 @@ do_encryption (const unsigned char *protbegin, size_t protlen,
/* Protect the key encoded in canonical format in PLAINKEY. We assume
a valid S-Exp here. */
int
int
agent_protect (const unsigned char *plainkey, const char *passphrase,
unsigned char **result, size_t *resultlen)
{
@ -442,9 +442,9 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
if (!smatch (&s, n, "private-key"))
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
depth++;
@ -452,13 +452,13 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
for (infidx=0; protect_info[infidx].algo
&& !smatch (&s, n, protect_info[infidx].algo); infidx++)
;
if (!protect_info[infidx].algo)
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
prot_begin = prot_end = NULL;
for (i=0; (c=protect_info[infidx].parmlist[i]); i++)
@ -471,23 +471,23 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
if (n != 1 || c != *s)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s += n;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s +=n; /* skip value */
if (*s != ')')
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
depth--;
if (i == protect_info[infidx].prot_to)
prot_end = s;
s++;
}
if (*s != ')' || !prot_begin || !prot_end )
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
depth--;
hash_end = s;
s++;
@ -499,10 +499,10 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
assert (!depth);
real_end = s-1;
/* Hash the stuff. Because the timestamp_exp won't get protected,
we can't simply hash a continuous buffer but need to use several
md_writes. */
md_writes. */
rc = gcry_md_open (&md, GCRY_MD_SHA1, 0 );
if (rc)
return rc;
@ -555,8 +555,8 @@ agent_protect (const unsigned char *plainkey, const char *passphrase,
/* Do the actual decryption and check the return list for consistency. */
static int
do_decryption (const unsigned char *protected, size_t protectedlen,
const char *passphrase,
do_decryption (const unsigned char *protected, size_t protectedlen,
const char *passphrase,
const unsigned char *s2ksalt, unsigned long s2kcount,
const unsigned char *iv, size_t ivlen,
unsigned char **result)
@ -585,7 +585,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
{
unsigned char *key;
size_t keylen = PROT_CIPHER_KEYLEN;
key = gcry_malloc_secure (keylen);
if (!key)
rc = out_of_core ();
@ -633,7 +633,7 @@ do_decryption (const unsigned char *protected, size_t protectedlen,
calculation but then be removed. */
static int
merge_lists (const unsigned char *protectedkey,
size_t replacepos,
size_t replacepos,
const unsigned char *cleartext,
unsigned char *sha1hash,
unsigned char **result, size_t *resultlen,
@ -644,7 +644,7 @@ merge_lists (const unsigned char *protectedkey,
const unsigned char *s;
const unsigned char *startpos, *endpos;
int i, rc;
*result = NULL;
*resultlen = 0;
*cutoff = 0;
@ -707,7 +707,7 @@ merge_lists (const unsigned char *protectedkey,
goto invalid_sexp;
n = snext (&s);
if (!smatch (&s, n, "sha1"))
goto invalid_sexp;
goto invalid_sexp;
n = snext (&s);
if (n != 20)
goto invalid_sexp;
@ -720,7 +720,7 @@ merge_lists (const unsigned char *protectedkey,
/* append the parameter list */
memcpy (p, startpos, endpos - startpos);
p += endpos - startpos;
/* Skip over the protected list element in the original list. */
s = protectedkey + replacepos;
assert (*s == '(');
@ -758,7 +758,7 @@ merge_lists (const unsigned char *protectedkey,
*cutoff = p - newlist;
memcpy (p, startpos, endpos - startpos);
p += endpos - startpos;
/* ready */
*result = newlist;
@ -781,14 +781,14 @@ merge_lists (const unsigned char *protectedkey,
/* Unprotect the key encoded in canonical format. We assume a valid
S-Exp here. If a protected-at item is available, its value will
be stored at protocted_at unless this is NULL. */
int
int
agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
gnupg_isotime_t protected_at,
gnupg_isotime_t protected_at,
unsigned char **result, size_t *resultlen)
{
int rc;
const unsigned char *s;
const unsigned char *protect_list;
const unsigned char *protect_list;
size_t n;
int infidx, i;
unsigned char sha1hash[20], sha1hash2[20];
@ -810,21 +810,21 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
if (!smatch (&s, n, "protected-private-key"))
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
for (infidx=0; protect_info[infidx].algo
&& !smatch (&s, n, protect_info[infidx].algo); infidx++)
;
if (!protect_info[infidx].algo)
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
/* See wether we have a protected-at timestamp. */
@ -859,7 +859,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
/* Now find the list with the protected information. Here is an
example for such a list:
(protected openpgp-s2k3-sha1-aes-cbc
(protected openpgp-s2k3-sha1-aes-cbc
((sha1 <salt> <count>) <Initialization_Vector>)
<encrypted_data>)
*/
@ -872,7 +872,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
if (smatch (&s, n, "protected"))
break;
s += n;
@ -884,7 +884,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
/* found */
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
if (!smatch (&s, n, "openpgp-s2k3-sha1-" PROT_CIPHER_STRING "-cbc"))
return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
if (*s != '(' || s[1] != '(')
@ -892,7 +892,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
s += 2;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
if (!smatch (&s, n, "sha1"))
return gpg_error (GPG_ERR_UNSUPPORTED_PROTECTION);
n = snext (&s);
@ -908,7 +908,7 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
is nothing we should worry about */
if (s[n] != ')' )
return gpg_error (GPG_ERR_INV_SEXP);
/* Old versions of gpg-agent used the funny floating point number in
a byte encoding as specified by OpenPGP. However this is not
needed and thus we now store it as a plain unsigned integer. We
@ -938,8 +938,8 @@ agent_unprotect (const unsigned char *protectedkey, const char *passphrase,
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
cleartext = NULL; /* Avoid cc warning. */
rc = do_decryption (s, n,
passphrase, s2ksalt, s2kcount,
@ -1014,7 +1014,7 @@ agent_private_key_type (const unsigned char *privatekey)
store this key in the caller provided buffer KEY. The caller must
provide an HASHALGO, a valid S2KMODE (see rfc-2440) and depending on
that mode an S2KSALT of 8 random bytes and an S2KCOUNT.
Returns an error code on failure. */
static int
hash_passphrase (const char *passphrase, int hashalgo,
@ -1034,7 +1034,7 @@ hash_passphrase (const char *passphrase, int hashalgo,
return gpg_error (GPG_ERR_INV_VALUE);
if ((s2kmode == 1 ||s2kmode == 3) && !s2ksalt)
return gpg_error (GPG_ERR_INV_VALUE);
rc = gcry_md_open (&md, hashalgo, GCRY_MD_FLAG_SECURE);
if (rc)
return rc;
@ -1068,7 +1068,7 @@ hash_passphrase (const char *passphrase, int hashalgo,
}
if (count < 8)
gcry_md_write (md, s2ksalt, count);
else
else
{
gcry_md_write (md, s2ksalt, 8);
count -= 8;
@ -1077,7 +1077,7 @@ hash_passphrase (const char *passphrase, int hashalgo,
}
else
gcry_md_write (md, passphrase, pwlen);
gcry_md_final (md);
i = gcry_md_get_algo_dlen (hashalgo);
if (i > keylen - used)
@ -1097,7 +1097,7 @@ s2k_hash_passphrase (const char *passphrase, int hashalgo,
unsigned int s2kcount,
unsigned char *key, size_t keylen)
{
return hash_passphrase (passphrase, hashalgo, s2kmode, s2ksalt,
return hash_passphrase (passphrase, hashalgo, s2kmode, s2ksalt,
(16ul + (s2kcount & 15)) << ((s2kcount >> 4) + 6),
key, keylen);
}
@ -1140,7 +1140,7 @@ make_shadow_info (const char *serialno, const char *idstring)
S-expression is returned in an allocated buffer RESULT will point
to. The input parameters are expected to be valid canonicalized
S-expressions */
int
int
agent_shadow_key (const unsigned char *pubkey,
const unsigned char *shadow_info,
unsigned char **result)
@ -1162,16 +1162,16 @@ agent_shadow_key (const unsigned char *pubkey,
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
if (!smatch (&s, n, "public-key"))
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
depth++;
s++;
n = snext (&s);
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s += n; /* skip over the algorithm name */
while (*s != ')')
@ -1181,15 +1181,15 @@ agent_shadow_key (const unsigned char *pubkey,
depth++;
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
s += n;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s +=n; /* skip value */
if (*s != ')')
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
depth--;
s++;
}
@ -1221,7 +1221,7 @@ agent_shadow_key (const unsigned char *pubkey,
/* Parse a canonical encoded shadowed key and return a pointer to the
inner list with the shadow_info */
int
int
agent_get_shadow_info (const unsigned char *shadowkey,
unsigned char const **shadow_info)
{
@ -1236,16 +1236,16 @@ agent_get_shadow_info (const unsigned char *shadowkey,
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
if (!smatch (&s, n, "shadowed-private-key"))
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
if (*s != '(')
return gpg_error (GPG_ERR_UNKNOWN_SEXP);
depth++;
s++;
n = snext (&s);
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s += n; /* skip over the algorithm name */
for (;;)
@ -1257,24 +1257,24 @@ agent_get_shadow_info (const unsigned char *shadowkey,
depth++;
s++;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
if (smatch (&s, n, "shadowed"))
break;
s += n;
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
s +=n; /* skip value */
if (*s != ')')
return gpg_error (GPG_ERR_INV_SEXP);
return gpg_error (GPG_ERR_INV_SEXP);
depth--;
s++;
}
/* Found the shadowed list, S points to the protocol */
n = snext (&s);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
if (!n)
return gpg_error (GPG_ERR_INV_SEXP);
if (smatch (&s, n, "t1-v1"))
{
if (*s != '(')
@ -1294,7 +1294,7 @@ agent_get_shadow_info (const unsigned char *shadowkey,
parameters addresses. If the serial number or the ID string is not
required, NULL may be passed for them. */
gpg_error_t
parse_shadow_info (const unsigned char *shadow_info,
parse_shadow_info (const unsigned char *shadow_info,
char **r_hexsn, char **r_idstr)
{
const unsigned char *s;
@ -1331,7 +1331,7 @@ parse_shadow_info (const unsigned char *shadow_info,
}
return gpg_error (GPG_ERR_INV_SEXP);
}
if (r_idstr)
{
*r_idstr = xtrymalloc (n+1);
@ -1350,4 +1350,3 @@ parse_shadow_info (const unsigned char *shadow_info,
return 0;
}