diff --git a/ChangeLog b/ChangeLog index b056fcf11..4cb043e34 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Mon May 11 10:21:31 1998 Werner Koch (wk@isil.d.shuttle.de) + + * configure.in (PRINTABLE_OS_NAME): Linux is now GNU/Linux + Tue Apr 14 19:08:05 1998 Werner Koch (wk@isil.d.shuttle.de) * [all files]: Applied Matthew Skala's typo and grammar fixes. diff --git a/NEWS b/NEWS index 6d40bb91f..6966f23ed 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,18 @@ +Noteworthy changes in version 0.2.18 +------------------------------------ + + * splitted cipher/random.c, add new option "--disable-dev-random" + to configure to support the development of a random source for + other systems. Prepared sourcefiles rand-unix.c, rand-w32.c + and rand-dummy.c (which is used to allow compilation on systems + without a random source). + + * fixed a small bug in the key generation (it was possible that 48 bits + of a key were not taken from the random pool) + + * Add key generation for DSA (signature only) + + Noteworthy changes in version 0.2.17 ------------------------------------ diff --git a/THANKS b/THANKS index 5078c657e..210b39bf9 100644 --- a/THANKS +++ b/THANKS @@ -4,14 +4,17 @@ code. Here is a list of those people. Help me keep it complete and free of errors. Anand Kumria wildfire@progsoc.uts.edu.au +Charles Levert charles@comm.polymtl.ca Daniel Eisenbud eisenbud@cs.swarthmore.edu Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de Ed Boraas ecxjo@esperanto.org Ernst Molitor ernst.molitor@uni-bonn.de Hendrik Buschkamp buschkamp@rheumanet.org +Ian McKellar imckellar@harvestroad.com.au James Troup J.J.Troup@scm.brad.ac.uk Jean-loup Gailly gzip@prep.ai.mit.edu Jens Bachem bachem@rrz.uni-koeln.de +Jörg Schilling schilling@fokus.gmd.de Marco d'Itri md@linux.it Mark Adler madler@alumni.caltech.edu Martin Schulte schulte@thp.uni-koeln.de diff --git a/TODO b/TODO index 78f6a1470..3355678e3 100644 --- a/TODO +++ b/TODO @@ -20,16 +20,16 @@ record, as it does not belong to the pubkey record? * add an option to create a new user id. - Make it possible to chnage the signature class of the self-signatures, - which can then be used to chnage the displayed order of user-ids: + Make it possible to change the signature class of the self-signatures, + which can then be used to change the displayed order of user-ids: Put the user-id with a self-signature of class 0x13 always on top of the displayed list (needs changes in the user-id-from-keyid functions). * enhance --sign-key, so that multiple-user-ids can be signed - (use the new classes 0x14..17) - - * support these multi-user-id-sigs in trustdb. + (use the new classes 0x14..17), partly implemented, but I think we + should better make use of notation data - for now we allow only one + user id. * add an option to re-create a public key from a secret key. Think about a backup system of only the secret part of the secret key. @@ -41,11 +41,10 @@ * change the misleading usage of public key certificate to public key data or something like this. - * fix the problems with "\v" in gettext + * fix the problems with "\v" in gettext. Add nice formatting stuff to + argparse.c * replace getkey.c#enum_secret_keys - * add readline support (but how can we allcoate it in secure memory?) - - * add a testcase for --print-mds + * add readline support (Must enhance libreadline) diff --git a/acconfig.h b/acconfig.h index 39dcd63f3..dfdcdec81 100644 --- a/acconfig.h +++ b/acconfig.h @@ -63,7 +63,11 @@ #undef HAVE_U16_TYPEDEF #undef HAVE_U32_TYPEDEF - +/* One of the following macros is defined to select which of + * the cipher/rand-xxxx.c should be used */ +#undef USE_RAND_DUMMY +#undef USE_RAND_UNIX +#undef USE_RAND_W32 /* defined if we have a /dev/random and /dev/urandom */ #undef HAVE_DEV_RANDOM @@ -74,23 +78,7 @@ #undef HAVE_RSA_CIPHER + @BOTTOM@ - -/* The AC_CHECK_SIZEOF() fails for some machines. - * we provide some fallback values here */ -#if !SIZEOF_UNSIGNED_SHORT - #undef SIZEOF_UNSIGNED_SHORT - #define SIZEOF_UNSIGNED_SHORT 2 -#endif -#if !SIZEOF_UNSIGNED_INT - #undef SIZEOF_UNSIGNED_INT - #define SIZEOF_UNSIGNED_INT 4 -#endif -#if !SIZEOF_UNSIGNED_LONG - #undef SIZEOF_UNSIGNED_LONG - #define SIZEOF_UNSIGNED_LONG 4 -#endif - - #endif /*G10_CONFIG_H*/ diff --git a/checks/Makefile.am b/checks/Makefile.am index 8de908cca..b00dd1aab 100644 --- a/checks/Makefile.am +++ b/checks/Makefile.am @@ -1,6 +1,6 @@ ## Process this file with automake to create Makefile.in -TESTS = version.test \ +TESTS = version.test mds.test \ decrypt.test decrypt-dsa.test \ sigs.test sigs-dsa.test \ encrypt.test encrypt-dsa.test \ diff --git a/checks/mds.test b/checks/mds.test new file mode 100755 index 000000000..fe5622c35 --- /dev/null +++ b/checks/mds.test @@ -0,0 +1,32 @@ +#!/bin/sh + +. defs.inc || exit 3 + +test_one () { + if [ "$(grep $1 y | sed -e 's/.*=[ ]\(.*\)/\1/' -e 's/ //g')" != "$2" ]; then + failed="$failed $1" + fi +} + +failed="" + +#info Checking message digests +echo -n "" | ./run-gpgm --print-mds >y +test_one "MD5" "D41D8CD98F00B204E9800998ECF8427E" +test_one "SHA1" "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709" +test_one "RMD160" "9C1185A5C5E9FC54612808977EE8F548B2258D31" +test_one "TIGER" "24F0130C63AC933216166E76B1BB925FF373DE2D49584E7A" + +[ "$failed" != "" ] && error "$failed failed for empty string" + +echo -n "abcdefghijklmnopqrstuvwxyz" | ./run-gpgm --print-mds >y +test_one "MD5" "C3FCD3D76192E4007DFB496CCA67E13B" +test_one "SHA1" "32D10C7B8CF96570CA04CE37F2A19D84240D3A89" +test_one "RMD160" "F71C27109C692C1B56BBDCEB5B9D2865B3708DBC" +test_one "TIGER" "307DE5EE72A414172A0355CCBF120404E9EE7BF32F60110B" + + +[ "$failed" != "" ] && error "$failed failed for a..z" + +exit 0 + diff --git a/cipher/ChangeLog b/cipher/ChangeLog index ae96007a1..3babcbc90 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,12 @@ +Fri May 8 18:07:44 1998 Werner Koch (wk@isil.d.shuttle.de) + + * rand-internal.h, rand-unix.c, rand-w32.c, rand_dummy.c: New + * random.c: Moved system specific functions to rand-****.c + +Fri May 8 14:01:17 1998 Werner Koch (wk@isil.d.shuttle.de) + + * random.c (fast_random_poll): add call to gethrtime. + Tue May 5 21:28:55 1998 Werner Koch (wk@isil.d.shuttle.de) * elgamal.c (elg_generate): choosing x was not correct, could diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 3e8885b6a..13b9d0aad 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -18,6 +18,10 @@ libcipher_a_SOURCES = cipher.c \ primegen.c \ random.h \ random.c \ + rand-internal.h \ + rand-unix.c \ + rand-w32.c \ + rand-dummy.c \ rmd.h \ rmd160.c \ tiger.h \ diff --git a/cipher/Makefile.in b/cipher/Makefile.in index 52bfc4667..21169bfc4 100644 --- a/cipher/Makefile.in +++ b/cipher/Makefile.in @@ -109,6 +109,10 @@ libcipher_a_SOURCES = cipher.c \ primegen.c \ random.h \ random.c \ + rand-internal.h \ + rand-unix.c \ + rand-w32.c \ + rand-dummy.c \ rmd.h \ rmd160.c \ tiger.h \ @@ -135,8 +139,8 @@ CPPFLAGS = @CPPFLAGS@ LDFLAGS = @LDFLAGS@ LIBS = @LIBS@ libcipher_a_OBJECTS = cipher.o blowfish.o cast5.o elgamal.o md5.o \ -primegen.o random.o rmd160.o tiger.o sha1.o dsa.o md.o misc.o \ -smallprime.o +primegen.o random.o rand-unix.o rand-w32.o rand-dummy.o rmd160.o \ +tiger.o sha1.o dsa.o md.o misc.o smallprime.o AR = ar CFLAGS = @CFLAGS@ COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) @@ -150,8 +154,8 @@ TAR = tar GZIP = --best DEP_FILES = .deps/blowfish.P .deps/cast5.P .deps/cipher.P .deps/dsa.P \ .deps/elgamal.P .deps/md.P .deps/md5.P .deps/misc.P .deps/primegen.P \ -.deps/random.P .deps/rmd160.P .deps/sha1.P .deps/smallprime.P \ -.deps/tiger.P +.deps/rand-dummy.P .deps/rand-unix.P .deps/rand-w32.P .deps/random.P \ +.deps/rmd160.P .deps/sha1.P .deps/smallprime.P .deps/tiger.P SOURCES = $(libcipher_a_SOURCES) OBJECTS = $(libcipher_a_OBJECTS) diff --git a/cipher/md.c b/cipher/md.c index 0536fc2fe..87e66d995 100644 --- a/cipher/md.c +++ b/cipher/md.c @@ -93,6 +93,8 @@ md_close(MD_HANDLE a) { if( !a ) return; + if( a->debug ) + md_stop_debug(a); m_free(a); } @@ -255,3 +257,29 @@ md_asn_oid( int algo, size_t *asnlen, size_t *mdlen ) } +void +md_start_debug( MD_HANDLE md, const char *suffix ) +{ + static int index=0; + char buf[25]; + + if( md->debug ) { + log_debug("Oops: md debug already started\n"); + return; + } + index++; + sprintf(buf, "dbgmd-%05d.%.10s", index, suffix ); + md->debug = fopen(buf, "w"); + if( !md->debug ) + log_debug("md debug: can't open %s\n", buf ); +} + +void +md_stop_debug( MD_HANDLE md ) +{ + if( md->debug ) { + fclose(md->debug); + md->debug = NULL; + } +} + diff --git a/cipher/md.h b/cipher/md.h index 3bad06182..e55a99ee0 100644 --- a/cipher/md.h +++ b/cipher/md.h @@ -65,6 +65,8 @@ byte *md_read( MD_HANDLE a, int algo ); int md_get_algo( MD_HANDLE a ); int md_digest_length( int algo ); const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen ); +void md_start_debug( MD_HANDLE a, const char *suffix ); +void md_stop_debug( MD_HANDLE a ); #define md_is_secure(a) ((a)->secure) #endif /*G10_MD_H*/ diff --git a/cipher/rand-dummy.c b/cipher/rand-dummy.c new file mode 100644 index 000000000..3e7a42573 --- /dev/null +++ b/cipher/rand-dummy.c @@ -0,0 +1,128 @@ +/* rand-dummy.c - INSECURE dummy random device + * Copyright (C) 1998 Free Software Foundation, Inc. + * + * This file is part of GNUPG. + * + * GNUPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_GETHRTIME + #include +#endif +#ifndef HAVE_GETTIMEOFTIME + #include +#endif +#ifdef HAVE_GETRUSAGE + #include +#endif +#include +#include +#include +#include "util.h" +#include "ttyio.h" +#include "i18n.h" +#include "rand-internal.h" +#ifdef USE_RAND_DUMMY /* a dummy random file so we can do some tests */ + + +#ifndef RAND_MAX /* for SunOS */ + #define RAND_MAX 32767 +#endif + +#if __GNUC__ + #warning Using the insecure dummy random device +#endif + +void +random_poll() +{ + char buf[POOLSIZE/5]; + read_random_source( buf, POOLSIZE/5, 1 ); /* read dummy data */ + add_randomness( buf, POOLSIZE/5, 2); + memset( buf, 0, POOLSIZE/5); +} + + +void +fast_random_poll() +{ + #if HAVE_GETHRTIME + { hrtime_t tv; + tv = gethrtime(void); + add_randomness( &tv, sizeof(tv), 1 ); + } + #elif HAVE_GETTIMEOFTIME + { struct timeval tv; + if( gettimeofday( &tv, NULL ) ) + BUG(); + add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 ); + add_randomness( &tv.tv_usec, sizeof(tv.tv_usec), 1 ); + } + #else /* use times */ + { struct tms buf; + times( &buf ); + add_randomness( &buf, sizeof buf, 1 ); + } + #endif + #ifdef HAVE_GETRUSAGE + { struct rusage buf; + if( getrusage( RUSAGE_SELF, &buf ) ) + BUG(); + add_randomness( &buf, sizeof buf, 1 ); + memset( &buf, 0, sizeof buf ); + } + #endif +} + + + +void +read_random_source( byte *buffer, size_t length, int level ) +{ + static int initialized=0; + + if( !initialized ) { + log_info(_("warning: using insecure random number generator!!\n")); + tty_printf(_("The random number generator is only a kludge to let\n" + "it compile - it is in no way a strong RNG!\n\n" + "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n\n")); + initialized=1; + #ifdef HAVE_RAND + srand(make_timestamp()*getpid()); + #else + srandom(make_timestamp()*getpid()); + #endif + } + + #ifdef HAVE_RAND + while( length-- ) + *buffer++ = ((unsigned)(1 + (int) (256.0*rand()/(RAND_MAX+1.0)))-1); + #else + while( length-- ) + *buffer++ = ((unsigned)(1 + (int) (256.0*random()/(RAND_MAX+1.0)))-1); + #endif +} + + +#endif /* USE_RAND_DUMMY */ diff --git a/cipher/rand-internal.h b/cipher/rand-internal.h new file mode 100644 index 000000000..e1e137871 --- /dev/null +++ b/cipher/rand-internal.h @@ -0,0 +1,53 @@ +/* rand-internal.h - header to glue the random functions + * Copyright (C) 1998 Free Software Foundation, Inc. + * + * This file is part of GNUPG. + * + * GNUPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_RAND_INTERNAL_H +#define G10_RAND_INTERNAL_H + +/* For now we use the DUMMY random generator if we do not have + * the real random device */ +#ifndef HAVE_DEV_RANDOM + #define USE_RAND_DUMMY 1 + #undef USE_RAND_UNIX + #undef USE_RAND_W32 +#endif + + + +#include "random.h" + +#define BLOCKLEN 64 /* hash this amount of bytes */ +#define DIGESTLEN 20 /* into a digest of this length (rmd160) */ +/* poolblocks is the number of digests which make up the pool + * and poolsize must be a multiple of the digest length + * to make the AND operations faster, the size should also be + * a multiple of ulong + */ +#define POOLBLOCKS 30 +#define POOLSIZE (POOLBLOCKS*DIGESTLEN) +#if (POOLSIZE % SIZEOF_UNSIGNED_LONG) + #error Please make sure that poolsize is a multiple of ulong +#endif +#define POOLWORDS (POOLSIZE / SIZEOF_UNSIGNED_LONG) + + +void read_random_source( byte *buffer, size_t length, int level ); + + +#endif /*G10_RAND_INTERNAL_H*/ diff --git a/cipher/rand-unix.c b/cipher/rand-unix.c new file mode 100644 index 000000000..a0f19d824 --- /dev/null +++ b/cipher/rand-unix.c @@ -0,0 +1,203 @@ +/* rand-unix.c - raw random number generator for unix like OSes + * Copyright (C) 1998 Free Software Foundation, Inc. + * + * This file is part of GNUPG. + * + * GNUPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_GETHRTIME + #include +#endif +#ifndef HAVE_GETTIMEOFTIME + #include +#endif +#ifdef HAVE_GETRUSAGE + #include +#endif +#include +#include +#include +#include "util.h" +#include "rmd.h" +#include "ttyio.h" +#include "i18n.h" +#include "rand-internal.h" +#ifdef USE_RAND_UNIX /* This file is only for real systems */ + + +void +random_poll() +{ + char buf[POOLSIZE/5]; + read_random_source( buf, POOLSIZE/5, 1 ); /* read /dev/urandom */ + add_randomness( buf, POOLSIZE/5, 2); + memset( buf, 0, POOLSIZE/5); +} + + +void +fast_random_poll() +{ + #if HAVE_GETHRTIME + { hrtime_t tv; + tv = gethrtime(void); + add_randomness( &tv, sizeof(tv), 1 ); + } + #elif HAVE_GETTIMEOFTIME + { struct timeval tv; + if( gettimeofday( &tv, NULL ) ) + BUG(); + add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 ); + add_randomness( &tv.tv_usec, sizeof(tv.tv_usec), 1 ); + } + #else /* use times */ + { struct tms buf; + times( &buf ); + add_randomness( &buf, sizeof buf, 1 ); + } + #endif + #ifdef HAVE_GETRUSAGE + { struct rusage buf; + if( getrusage( RUSAGE_SELF, &buf ) ) + BUG(); + add_randomness( &buf, sizeof buf, 1 ); + memset( &buf, 0, sizeof buf ); + } + #endif +} + + +#ifdef HAVE_DEV_RANDOM /* we have the /dev/random device */ + +/**************** + * Used to open the Linux /dev/random device + */ +static int +open_device( const char *name, int minor ) +{ + int fd; + struct stat sb; + + fd = open( name, O_RDONLY ); + if( fd == -1 ) + log_fatal("can't open %s: %s\n", name, strerror(errno) ); + if( fstat( fd, &sb ) ) + log_fatal("stat() off %s failed: %s\n", name, strerror(errno) ); + #if defined(__sparc__) && defined(__linux__) + #warning something is wrong with UltraPenguin /dev/random + #else + if( !S_ISCHR(sb.st_mode) ) + log_fatal("invalid random device!\n" ); + #endif + return fd; +} + + +void +read_random_source( byte *buffer, size_t length, int level ) +{ + static int fd_urandom = -1; + static int fd_random = -1; + int fd; + int n; + int warn=0; + + if( level == 2 ) { + if( fd_random == -1 ) + fd_random = open_device( "/dev/random", 8 ); + fd = fd_random; + } + else { + /* fixme: we should use a simpler one for level 0, + * because reading from /dev/urandom removes entropy + * and the next read on /dev/random may have to wait */ + if( fd_urandom == -1 ) + fd_urandom = open_device( "/dev/urandom", 9 ); + fd = fd_urandom; + } + + + do { + fd_set rfds; + struct timeval tv; + int rc; + + FD_ZERO(&rfds); + FD_SET(fd, &rfds); + tv.tv_sec = 3; + tv.tv_usec = 0; + if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) { + if( !warn ) + tty_printf( _( +"\n" +"Not enough random bytes available. Please do some other work to give\n" +"the OS a chance to collect more entropy! (Need %d more bytes)\n"), length ); + warn = 1; + continue; + } + else if( rc == -1 ) { + tty_printf("select() error: %s\n", strerror(errno)); + continue; + } + + assert( length < 500 ); + do { + n = read(fd, buffer, length ); + if( n >= 0 && n > length ) { + log_error("bogus read from random device (n=%d)\n", n ); + n = length; + } + } while( n == -1 && errno == EINTR ); + if( n == -1 ) + log_fatal("read error on random device: %s\n", strerror(errno) ); + assert( n <= length ); + buffer += n; + length -= n; + } while( length ); +} + +#else /* not HAVE_DEV_RANDOM */ + + +/**************** + * The real random data collector for Unix. + * this function runs in a loop, waiting for commands from ctrl_fd + * and normally starts a collection process, which outputs random + * bytes to out_fd. + * + * Commands understand from ctrl_fd are single character: + * 'Q' = Quit the loop + * 'S' = Start a new collection process + */ +static void +collector( FILE *ctrlfp, FILE *outfp ) +{ + + + +} + +#endif /* no HAVE_DEV_RANDOM */ +#endif /* USE_RAND_UNIX */ diff --git a/cipher/rand-w32.c b/cipher/rand-w32.c new file mode 100644 index 000000000..c96e04eba --- /dev/null +++ b/cipher/rand-w32.c @@ -0,0 +1,54 @@ +/* rand-w32.c - Windoze32 and NT random device + * Copyright (C) 1998 Free Software Foundation, Inc. + * + * This file is part of GNUPG. + * + * GNUPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GNUPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "util.h" +#include "rmd.h" +#include "ttyio.h" +#include "i18n.h" +#include "rand-internal.h" +#ifdef USE_RAND_W32 /* this file is only for Mingw32 */ + + +#error To be written + +void +random_poll() +{ +} + + +void +fast_random_poll() +{ +} + +#endif /* USE_RAND_W32 */ diff --git a/cipher/random.c b/cipher/random.c index 53c625ffe..ea6b90806 100644 --- a/cipher/random.c +++ b/cipher/random.c @@ -20,12 +20,9 @@ /**************** - * How it works: - * - * See Peter Gutmann's Paper: "Software Generation of Practically - * Strong Random Numbers" - * - * fixme! + * This random number generator is modelled after the one described + * in Peter Gutmann's Paper: "Software Generation of Practically + * Strong Random Numbers". */ @@ -34,38 +31,14 @@ #include #include #include -#include -#include -#include -#ifndef HAVE_GETTIMEOFTIME - #include -#endif -#ifdef HAVE_GETRUSAGE - #include -#endif #include -#include -#include #include "util.h" -#include "random.h" #include "rmd.h" #include "ttyio.h" #include "i18n.h" +#include "rand-internal.h" -#define BLOCKLEN 64 /* hash this amount of bytes */ -#define DIGESTLEN 20 /* into a digest of this length (rmd160) */ -/* poolblocks is the number of digests which make up the pool - * and poolsize must be a multiple of the digest length - * to make the AND operations faster, the size should also be - * a multiple of ulong - */ -#define POOLBLOCKS 30 -#define POOLSIZE (POOLBLOCKS*DIGESTLEN) -#if (POOLSIZE % SIZEOF_UNSIGNED_LONG) - #error Please make sure that poolsize is a multiple of ulong -#endif -#define POOLWORDS (POOLSIZE / SIZEOF_UNSIGNED_LONG) #if SIZEOF_UNSIGNED_LONG == 8 #define ADD_VALUE 0xa5a5a5a5a5a5a5a5 #elif SIZEOF_UNSIGNED_LONG == 4 @@ -96,9 +69,7 @@ static int secure_alloc; static int quick_test; - static void read_pool( byte *buffer, size_t length, int level ); -static void read_dev_random( byte *buffer, size_t length, int level ); static void @@ -120,13 +91,14 @@ secure_random_alloc() secure_alloc = 1; } + int quick_random_gen( int onoff ) { int last = quick_test; if( onoff != -1 ) quick_test = onoff; - #ifndef HAVE_DEV_RANDOM + #ifdef USE_RAND_DUMMY last = 1; /* insecure RNG */ #endif return last; @@ -240,7 +212,7 @@ read_pool( byte *buffer, size_t length, int level ) if( length >= POOLSIZE ) BUG(); /* not allowed */ if( !level ) { /* read simple random bytes */ - read_dev_random( buffer, length, level ); + read_random_source( buffer, length, level ); return; } @@ -255,7 +227,7 @@ read_pool( byte *buffer, size_t length, int level ) if( needed > POOLSIZE ) BUG(); p = m_alloc_secure( needed ); - read_dev_random( p, needed, 2 ); /* read /dev/random */ + read_random_source( p, needed, 2 ); /* read /dev/random */ add_randomness( p, needed, 3); m_free(p); pool_balance += needed; @@ -306,7 +278,8 @@ add_randomness( const void *buffer, size_t length, int source ) while( length-- ) { rndpool[pool_writepos++] = *((byte*)buffer)++; if( pool_writepos >= POOLSIZE ) { - pool_filled = 1; + if( source > 1 ) + pool_filled = 1; pool_writepos = 0; mix_pool(rndpool); just_mixed = !length; @@ -316,166 +289,3 @@ add_randomness( const void *buffer, size_t length, int source ) -/******************** - * FIXME: move these functions to rand_unix.c - */ - -void -random_poll() -{ - char buf[POOLSIZE/5]; - read_dev_random( buf, POOLSIZE/5, 1 ); /* read /dev/urandom */ - add_randomness( buf, POOLSIZE/5, 2); - memset( buf, 0, POOLSIZE/5); -} - - -void -fast_random_poll() -{ - #ifdef HAVE_GETTIMEOFTIME - { struct timeval tv; - if( gettimeofday( &tv, NULL ) ) - BUG(); - add_randomness( &tv.tv_sec, sizeof(tv.tv_sec), 1 ); - add_randomness( &tv.tv_usec, sizeof(tv.tv_usec), 1 ); - } - #else /* use times */ - { struct tms buf; - times( &buf ); - add_randomness( &buf, sizeof buf, 1 ); - } - #endif - #ifdef HAVE_GETRUSAGE - { struct rusage buf; - if( getrusage( RUSAGE_SELF, &buf ) ) - BUG(); - add_randomness( &buf, sizeof buf, 1 ); - memset( &buf, 0, sizeof buf ); - } - #endif -} - - -#ifdef HAVE_DEV_RANDOM - -static int -open_device( const char *name, int minor ) -{ - int fd; - struct stat sb; - - fd = open( name, O_RDONLY ); - if( fd == -1 ) - log_fatal("can't open %s: %s\n", name, strerror(errno) ); - if( fstat( fd, &sb ) ) - log_fatal("stat() off %s failed: %s\n", name, strerror(errno) ); - #if defined(__sparc__) && defined(__linux__) - #warning something is wrong with UltraPenguin /dev/random - #else - if( !S_ISCHR(sb.st_mode) ) - log_fatal("invalid random device!\n" ); - #endif - return fd; -} - - -static void -read_dev_random( byte *buffer, size_t length, int level ) -{ - static int fd_urandom = -1; - static int fd_random = -1; - int fd; - int n; - int warn=0; - - if( level == 2 && !quick_test ) { - if( fd_random == -1 ) - fd_random = open_device( "/dev/random", 8 ); - fd = fd_random; - } - else { - /* fixme: we should use a simpler one for level 0, - * because reading from /dev/urandom removes entropy - * and the next read on /dev/random may have to wait */ - if( fd_urandom == -1 ) - fd_urandom = open_device( "/dev/urandom", 9 ); - fd = fd_urandom; - } - - - do { - fd_set rfds; - struct timeval tv; - int rc; - - FD_ZERO(&rfds); - FD_SET(fd, &rfds); - tv.tv_sec = 3; - tv.tv_usec = 0; - if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) ) { - if( !warn ) - tty_printf( _( -"\n" -"Not enough random bytes available. Please do some other work to give\n" -"the OS a chance to collect more entropy! (Need %d more bytes)\n"), length ); - warn = 1; - continue; - } - else if( rc == -1 ) { - tty_printf("select() error: %s\n", strerror(errno)); - continue; - } - - assert( length < 500 ); - do { - n = read(fd, buffer, length ); - if( n >= 0 && n > length ) { - log_error("bogus read from random device (n=%d)\n", n ); - n = length; - } - } while( n == -1 && errno == EINTR ); - if( n == -1 ) - log_fatal("read error on random device: %s\n", strerror(errno) ); - assert( n <= length ); - buffer += n; - length -= n; - } while( length ); -} - -#else /* not HAVE_DEV_RANDOM */ - - -#ifndef RAND_MAX /* for SunOS */ - #define RAND_MAX 32767 -#endif - -static void -read_dev_random( byte *buffer, size_t length, int level ) -{ - static int initialized=0; - - if( !initialized ) { - log_info(_("warning: using insecure random number generator!!\n")); - tty_printf(_("The random number generator is only a kludge to let\n" - "it compile - it is in no way a strong RNG!\n\n" - "DON'T USE ANY DATA GENERATED BY THIS PROGRAM!!\n\n")); - initialized=1; - #ifdef HAVE_RAND - srand(make_timestamp()*getpid()); - #else - srandom(make_timestamp()*getpid()); - #endif - } - - #ifdef HAVE_RAND - while( length-- ) - *buffer++ = ((unsigned)(1 + (int) (256.0*rand()/(RAND_MAX+1.0)))-1); - #else - while( length-- ) - *buffer++ = ((unsigned)(1 + (int) (256.0*random()/(RAND_MAX+1.0)))-1); - #endif -} - -#endif - diff --git a/cipher/random.h b/cipher/random.h index c45c9831b..d93e5b766 100644 --- a/cipher/random.h +++ b/cipher/random.h @@ -32,7 +32,7 @@ void add_randomness( const void *buffer, size_t length, int source ); /*-- the next two functions are implemented by all the system - specific source files rand_xxxx.s --*/ + specific source files rand-xxxx.c --*/ void random_poll(void); void fast_random_poll(void); diff --git a/config.h.in b/config.h.in index f06532ba8..24525d8e6 100644 --- a/config.h.in +++ b/config.h.in @@ -112,6 +112,11 @@ #undef HAVE_U16_TYPEDEF #undef HAVE_U32_TYPEDEF +/* One of the following macros is defined to select which of + * the cipher/rand-xxxx.c should be used */ +#undef USE_RAND_DUMMY +#undef USE_RAND_UNIX +#undef USE_RAND_W32 /* defined if we have a /dev/random and /dev/urandom */ #undef HAVE_DEV_RANDOM @@ -145,6 +150,9 @@ /* Define if you have the getcwd function. */ #undef HAVE_GETCWD +/* Define if you have the gethrtime function. */ +#undef HAVE_GETHRTIME + /* Define if you have the getpagesize function. */ #undef HAVE_GETPAGESIZE @@ -154,6 +162,9 @@ /* Define if you have the gettimeofday function. */ #undef HAVE_GETTIMEOFDAY +/* Define if you have the memmove function. */ +#undef HAVE_MEMMOVE + /* Define if you have the mlock function. */ #undef HAVE_MLOCK @@ -229,21 +240,4 @@ /* Define if you have the i library (-li). */ #undef HAVE_LIBI - -/* The AC_CHECK_SIZEOF() fails for some machines. - * we provide some fallback values here */ -#if !SIZEOF_UNSIGNED_SHORT - #undef SIZEOF_UNSIGNED_SHORT - #define SIZEOF_UNSIGNED_SHORT 2 -#endif -#if !SIZEOF_UNSIGNED_INT - #undef SIZEOF_UNSIGNED_INT - #define SIZEOF_UNSIGNED_INT 4 -#endif -#if !SIZEOF_UNSIGNED_LONG - #undef SIZEOF_UNSIGNED_LONG - #define SIZEOF_UNSIGNED_LONG 4 -#endif - - #endif /*G10_CONFIG_H*/ diff --git a/configure.in b/configure.in index d0c8fcf99..245f91e05 100644 --- a/configure.in +++ b/configure.in @@ -27,9 +27,13 @@ AC_SUBST(PACKAGE) AC_DEFINE_UNQUOTED(VERSION, "$VERSION") AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE") +AC_ARG_ENABLE(dev-random, +[ --disable-dev-random disable the use of dev random], + try_dev_random=$enableval, try_dev_random=yes) + AC_MSG_CHECKING([whether memory debugging is requested]) AC_ARG_ENABLE(m-debug, -[ --enable-m-debug enable debugging of memory allocation], +[ --enable-m-debug enable debugging of memory allocation], use_m_debug=$enableval, use_m_debug=no) AC_MSG_RESULT($use_m_debug) if test "$use_m_debug" = yes; then @@ -81,16 +85,28 @@ case "${target}" in CPP="i386--mingw32-gcc -E" RANLIB="i386--mingw32-ranlib" ac_cv_have_dev_random=no - PRINTABLE_OS_NAME="MingW32" + AC_DEFINE(USE_RAND_W32) ;; *) AC_PROG_RANLIB AC_PROG_INSTALL AC_PROG_CC AC_PROG_CPP - PRINTABLE_OS_NAME=`uname -s || echo "Unknown"` + AC_DEFINE(USE_RAND_UNIX) ;; esac + +case "${target}" in + i386--mingw32) + PRINTABLE_OS_NAME="MingW32" + ;; + *-linux*) + PRINTABLE_OS_NAME="GNU/Linux" + ;; + *) + PRINTABLE_OS_NAME=`uname -s || echo "Unknown"` + ;; +esac AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME") dnl Checks for libraries. @@ -132,18 +148,24 @@ fi dnl Checks for library functions. AC_FUNC_VPRINTF AC_CHECK_FUNCS(strerror stpcpy strlwr tcgetattr rand strtoul mlock mmap) -AC_CHECK_FUNCS(gettimeofday getrusage) - - +AC_CHECK_FUNCS(memmove gettimeofday getrusage gethrtime) dnl check whether we have a random device +if test "$try_dev_random" = yes ; then AC_CACHE_CHECK(for random device, ac_cv_have_dev_random, [if test -c /dev/random && test -c /dev/urandom ; then ac_cv_have_dev_random=yes; else ac_cv_have_dev_random=no; fi]) if test "$ac_cv_have_dev_random" = yes; then AC_DEFINE(HAVE_DEV_RANDOM) fi +else + AC_MSG_CHECKING(for random device) + ac_cv_have_dev_random=no + AC_MSG_RESULT(has been disabled) +fi + + dnl setup assembler stuff diff --git a/g10/ChangeLog b/g10/ChangeLog index e69f10865..33316355e 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,29 @@ +Wed May 13 11:48:27 1998 Werner Koch (wk@isil.d.shuttle.de) + + * build-packet.c (do_signature): Support for v4 pakets. + * keyedit.c (make_keysig_packet): Ditto. + * build-packet.c (build_sig_subpkt_from_sig): New. + (build_sig_subpkt): New. + + * elg.c (g10_elg_sign): removed keyid_from_skc. + * dsa.c (g10_dsa_sign): Ditto. + * rsa.c (g10_rsa_sign): Ditto. + * keyedit.c (make_keysig_packet): Add call to keyid_from_skc + + * sign.c (clearsign_file): Support for v4 signatures. + (sign_file): Ditto. + +Wed May 6 09:31:24 1998 Werner Koch (wk@isil.d.shuttle.de) + + * parse-packet.c (do_parse): add support for 5 byte length leader. + (parse_subpkt): Ditto. + * build-packet.c (write_new_header): Ditto. + + * packet.h (SIGSUBPKT_): New constants. + * parse-packet.c (parse_sig_subpkt): Changed name, made global, + and arg to return packet length, chnaged all callers + + Tue May 5 22:11:59 1998 Werner Koch (wk@isil.d.shuttle.de) * keygen.c (gen_dsa): New. diff --git a/g10/build-packet.c b/g10/build-packet.c index da6e413ac..1d4e05871 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -225,11 +225,11 @@ hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc ) int rc = 0; int c; IOBUF a = iobuf_temp(); - #if 0 + #if 1 FILE *fp = fopen("dump.pkc", "a"); int i=0; - fprintf(fp, "\nHashing PKC:\n"); + fprintf(fp, "\nHashing PKC (v%d):\n", pkc->version); #endif /* build the packet */ @@ -239,7 +239,7 @@ hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc ) if( (rc = build_packet( a, &pkt )) ) log_fatal("build public_cert for hashing failed: %s\n", g10_errstr(rc)); while( (c=iobuf_get(a)) != -1 ) { - #if 0 + #if 1 fprintf( fp," %02x", c ); if( (++i == 24) ) { putc('\n', fp); @@ -248,7 +248,7 @@ hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc ) #endif md_putc( md, c ); } - #if 0 + #if 1 putc('\n', fp); fclose(fp); #endif @@ -480,6 +480,169 @@ do_compressed( IOBUF out, int ctb, PKT_compressed *cd ) } + +/**************** + * Find a subpacket of type REQTYPE in BUFFER and a return a pointer + * to the first byte of that subpacket data. + * And return the length of the packet in RET_N and the number of + * header bytes in RET_HLEN (length header and type byte). + */ +byte * +find_subpkt( byte *buffer, sigsubpkttype_t reqtype, + size_t *ret_hlen, size_t *ret_n ) +{ + int buflen; + sigsubpkttype_t type; + byte *bufstart; + size_t n; + + if( !buffer ) + return NULL; + buflen = (*buffer << 8) | buffer[1]; + buffer += 2; + for(;;) { + if( !buflen ) + return NULL; /* end of packets; not found */ + bufstart = buffer; + n = *buffer++; buflen--; + if( n == 255 ) { + if( buflen < 4 ) + break; + n = (buffer[0] << 24) | (buffer[1] << 16) + | (buffer[2] << 8) | buffer[3]; + buffer += 4; + buflen -= 4; + } + else if( n >= 192 ) { + if( buflen < 2 ) + break; + n = (( n - 192 ) << 8) + *buffer + 192; + buflen--; + } + if( buflen < n ) + break; + type = *buffer & 0x7f; + if( type == reqtype ) { + buffer++; + n--; + if( n > buflen ) + break; + if( ret_hlen ) + *ret_hlen = buffer - bufstart; + if( ret_n ) + *ret_n = n; + return buffer; + } + buffer += n; buflen -=n; + } + + log_error("find_subpkt: buffer shorter than subpacket\n"); + return NULL; +} + + +/**************** + * Create or update a signature subpacket for SIG of TYPE. + * This functions know, where to put the data (hashed or unhashed). + * The function may move data from the unhased part to the hashed one. + * Note: All pointers into sig->[un]hashed are not valid after a call + * to this function. The data to but into the subpaket should be + * in buffer with a length of buflen. + */ +void +build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type, + const byte *buffer, size_t buflen ) +{ + + byte *data; + size_t hlen, dlen; + int found, hashed, realloced; + size_t n, n0; + + if( (data = find_subpkt( sig->hashed_data, type, &hlen, &dlen )) ) + found = 1; + else if( (data = find_subpkt( sig->unhashed_data, type, &hlen, &dlen ))) + found = 2; + else + found = 0; + + if( found ) + log_bug("build_sig_packet: update nyi\n"); + if( buflen+1 >= 192 ) + log_bug("build_sig_packet: long subpackets are nyi\n"); + + switch( type ) { + case SIGSUBPKT_SIG_CREATED: + hashed = 1; break; + default: hashed = 0; break; + } + + if( hashed ) { + n0 = sig->hashed_data ? ((*sig->hashed_data << 8) + | sig->hashed_data[1]) : 0; + n = n0 + 1 + 1 + buflen; /* length, type, buffer */ + realloced = !!sig->hashed_data; + data = sig->hashed_data ? m_realloc( sig->hashed_data, n+2 ) + : m_alloc( n+2 ); + } + else { + n0 = sig->unhashed_data ? ((*sig->unhashed_data << 8) + | sig->unhashed_data[1]) : 0; + n = n0 + 1 + 1 + buflen; /* length, type, buffer */ + realloced = !!sig->unhashed_data; + data = sig->unhashed_data ? m_realloc( sig->unhashed_data, n+2 ) + : m_alloc( n+2 ); + } + + data[n0+0] = (n >> 8) & 0xff; + data[n0+1] = n & 0xff; + data[n0+2] = buflen+1; + data[n0+3] = type; + memcpy(data+n0+4, buffer, buflen ); + + if( hashed ) { + if( !realloced ) + m_free(sig->hashed_data); + sig->hashed_data = data; + } + else { + if( !realloced ) + m_free(sig->unhashed_data); + sig->unhashed_data = data; + } +} + + +/**************** + * Put all the required stuff from SIG into subpackets of sig. + */ +void +build_sig_subpkt_from_sig( PKT_signature *sig ) +{ + u32 u; + byte buf[8]; + + u = sig->keyid[0]; + buf[0] = (u >> 24) & 0xff; + buf[1] = (u >> 16) & 0xff; + buf[2] = (u >> 8) & 0xff; + buf[3] = u & 0xff; + u = sig->keyid[1]; + buf[4] = (u >> 24) & 0xff; + buf[5] = (u >> 16) & 0xff; + buf[6] = (u >> 8) & 0xff; + buf[7] = u & 0xff; + build_sig_subpkt( sig, SIGSUBPKT_ISSUER, buf, 8 ); + + u = sig->timestamp; + buf[0] = (u >> 24) & 0xff; + buf[1] = (u >> 16) & 0xff; + buf[2] = (u >> 8) & 0xff; + buf[3] = u & 0xff; + build_sig_subpkt( sig, SIGSUBPKT_SIG_CREATED, buf, 4 ); +} + + static int do_signature( IOBUF out, int ctb, PKT_signature *sig ) { @@ -501,8 +664,20 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig ) iobuf_put(a, sig->pubkey_algo ); iobuf_put(a, sig->digest_algo ); if( sig->version >= 4 ) { - /* fixme: write v4 subpackets here */ - log_error("WARNING: note writing of v4 subpackets is not implemented\n"); + size_t n; + /* timestamp and keyid must have been packed into the + * subpackets prior to the call of this function, because + * these subpackets are hashed */ + n = sig->hashed_data?((sig->hashed_data[0]<<8) + |sig->hashed_data[1]) :0; + write_16(a, n); + if( n ) + iobuf_write( a, sig->hashed_data+2, n ); + n = sig->unhashed_data?((sig->unhashed_data[0]<<8) + |sig->unhashed_data[1]) :0; + write_16(a, n); + if( n ) + iobuf_write( a, sig->unhashed_data+2, n ); } iobuf_put(a, sig->digest_start[0] ); iobuf_put(a, sig->digest_start[1] ); @@ -674,8 +849,18 @@ write_new_header( IOBUF out, int ctb, u32 len, int hdrlen ) if( iobuf_put( out, (len % 256) ) ) return -1; } - else - log_bug("need a partial header to code a length %lu\n", (ulong)len); + else { + if( iobuf_put( out, 0xff ) ) + return -1; + if( iobuf_put( out, (len >> 24)&0xff ) ) + return -1; + if( iobuf_put( out, (len >> 16)&0xff ) ) + return -1; + if( iobuf_put( out, (len >> 8)&0xff ) ) + return -1; + if( iobuf_put( out, len & 0xff ) ) + return -1; + } } return 0; } diff --git a/g10/dsa.c b/g10/dsa.c index e8620ab25..9bcb013a5 100644 --- a/g10/dsa.c +++ b/g10/dsa.c @@ -47,7 +47,6 @@ g10_dsa_sign( PKT_secret_cert *skc, PKT_signature *sig, digest_algo = md_get_algo(md); dp = md_read( md, digest_algo ); - keyid_from_skc( skc, sig->keyid ); sig->digest_algo = digest_algo; sig->digest_start[0] = dp[0]; sig->digest_start[1] = dp[1]; diff --git a/g10/elg.c b/g10/elg.c index 2ced92723..cca66d565 100644 --- a/g10/elg.c +++ b/g10/elg.c @@ -73,7 +73,6 @@ g10_elg_sign( PKT_secret_cert *skc, PKT_signature *sig, digest_algo = md_get_algo(md); dp = md_read( md, digest_algo ); - keyid_from_skc( skc, sig->keyid ); sig->digest_algo = digest_algo; sig->digest_start[0] = dp[0]; sig->digest_start[1] = dp[1]; diff --git a/g10/gpgd.c b/g10/gpgd.c index bc80721d3..010b319b9 100644 --- a/g10/gpgd.c +++ b/g10/gpgd.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include "util.h" diff --git a/g10/keyedit.c b/g10/keyedit.c index a475ed813..271e26d46 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -191,8 +191,10 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all ) else if( node->flag & 4 ) tty_printf("The signature could not be checked!\n"); - if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) + if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { + tty_printf("Skipped self-signature\n"); continue; /* do not remove self-signatures */ + } answer = tty_get("\nRemove this signature? "); tty_kill_prompt(); @@ -348,8 +350,7 @@ sign_key( const char *username, STRLIST locusr ) rc = make_keysig_packet( &sig, pkc, node->pkt->pkt.user_id, skc_rover->skc, - 0x10, - DIGEST_ALGO_RMD160 ); + 0x10, 0 ); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc)); goto leave; @@ -684,6 +685,7 @@ change_passphrase( const char *username ) * Create a signature packet for the given public key certificate * and the user id and return it in ret_sig. User signature class SIGCLASS * user-id is not used (and may be NULL if sigclass is 0x20) + * If digest_algo is 0 the function selects an appropriate one. */ int make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc, @@ -695,25 +697,75 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc, MD_HANDLE md; assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x20 ); + if( !digest_algo ) { + switch( skc->pubkey_algo ) { + case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break; + case PUBKEY_ALGO_RSA_S: + case PUBKEY_ALGO_RSA: digest_algo = DIGEST_ALGO_MD5; break; + default: digest_algo = DIGEST_ALGO_RMD160; break; + } + } md = md_open( digest_algo, 0 ); + md_start_debug( md, "make" ); /* hash the public key certificate and the user id */ hash_public_cert( md, pkc ); - if( sigclass != 0x20 ) + if( sigclass != 0x20 ) { + if( skc->version >=4 ) { + byte buf[5]; + buf[0] = 0xb4; /* indicates a userid packet */ + buf[1] = uid->len >> 24; /* always use 4 length bytes */ + buf[2] = uid->len >> 16; + buf[3] = uid->len >> 8; + buf[4] = uid->len; + md_write( md, buf, 5 ); + } md_write( md, uid->name, uid->len ); + } /* and make the signature packet */ sig = m_alloc_clear( sizeof *sig ); + sig->version = skc->version; + keyid_from_skc( skc, sig->keyid ); sig->pubkey_algo = skc->pubkey_algo; + sig->digest_algo = digest_algo; sig->timestamp = make_timestamp(); sig->sig_class = sigclass; + if( sig->version >= 4 ) { + build_sig_subpkt_from_sig( sig ); + md_putc( md, sig->version ); + } md_putc( md, sig->sig_class ); - { u32 a = sig->timestamp; + if( sig->version < 4 ) { + u32 a = sig->timestamp; md_putc( md, (a >> 24) & 0xff ); md_putc( md, (a >> 16) & 0xff ); md_putc( md, (a >> 8) & 0xff ); md_putc( md, a & 0xff ); } + else { + byte buf[6]; + size_t n; + + md_putc( md, sig->pubkey_algo ); + md_putc( md, sig->digest_algo ); + if( sig->hashed_data ) { + n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; + md_write( md, sig->hashed_data, n+2 ); + n += 6; + } + else + n = 6; + /* add some magic */ + buf[0] = sig->version; + buf[1] = 0xff; + buf[2] = n >> 24; /* hmmm, n is only 16 bit, so tthis is always 0 */ + buf[3] = n >> 16; + buf[4] = n >> 8; + buf[5] = n; + md_write( md, buf, 6 ); + + } md_final(md); rc = complete_sig( sig, skc, md ); diff --git a/g10/keygen.c b/g10/keygen.c index 771dcb36c..b6894ab79 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -79,7 +79,7 @@ write_selfsig( KBNODE root, KBNODE pub_root, PKT_secret_cert *skc ) pkc = node->pkt->pkt.public_cert; /* and make the signature */ - rc = make_keysig_packet( &sig, pkc, uid, skc, 0x13, DIGEST_ALGO_RMD160 ); + rc = make_keysig_packet( &sig, pkc, uid, skc, 0x13, 0 ); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc) ); return rc; @@ -290,7 +290,7 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, /* don't know whether it makes sense to have the factors, so for now * we store them in the secret keyring (but they are not secret) * p = 2 * q * f1 * f2 * ... * fn - * We store only f1 to f_n-1 - fn can be calculated because p and q + * We store only f1 to f_n-1; fn can be calculated because p and q * are known. */ pkt = m_alloc_clear(sizeof *pkt); diff --git a/g10/packet.h b/g10/packet.h index 4f3efec9b..463cf53f2 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -211,6 +211,33 @@ struct packet_struct { (a)->pkt.generic = NULL; \ } while(0) +typedef enum { + SIGSUBPKT_LIST_UNHASHED=-2, + SIGSUBPKT_LIST_HASHED =-1, + SIGSUBPKT_NONE = 0, + SIGSUBPKT_SIG_CREATED = 2, /* signature creation time */ + SIGSUBPKT_SIG_EXPIRE = 3, /* signature expiration time */ + SIGSUBPKT_EXPORTABLE = 4, /* exportable */ + SIGSUBPKT_TRUST = 5, /* trust signature */ + SIGSUBPKT_REGEXP = 6, /* regular expression */ + SIGSUBPKT_REVOCABLE = 7, /* revocable */ + SIGSUBPKT_KEY_EXPIRE = 9, /* key expiration time */ + SIGSUBPKT_ARR =10, /* additional recipient request */ + SIGSUBPKT_PREF_SYM =11, /* preferred symmetric algorithms */ + SIGSUBPKT_REV_KEY =12, /* revocation key */ + SIGSUBPKT_ISSUER =16, /* issuer key ID */ + SIGSUBPKT_NOTATION =20, /* notation data */ + SIGSUBPKT_PREF_HASH =21, /* preferred hash algorithms */ + SIGSUBPKT_PREF_COMPR =22, /* preferred compression algorithms */ + SIGSUBPKT_KS_FLAGS =23, /* key server preferences */ + SIGSUBPKT_PREF_KS =24, /* preferred key server */ + SIGSUBPKT_PRIMARY_UID =25, /* primary user id */ + SIGSUBPKT_POLICY =26, /* policy URL */ + SIGSUBPKT_KEY_FLAGS =27, /* key flags */ + SIGSUBPKT_SIGNERS_UID =28 /* signer's user id */ +} sigsubpkttype_t; + + /*-- mainproc.c --*/ int proc_packets( IOBUF a ); int proc_signature_packets( IOBUF a, STRLIST signedfiles ); @@ -224,11 +251,15 @@ int parse_packet( IOBUF inp, PACKET *ret_pkt); int copy_all_packets( IOBUF inp, IOBUF out ); int copy_some_packets( IOBUF inp, IOBUF out, ulong stopoff ); int skip_some_packets( IOBUF inp, unsigned n ); +const byte *parse_sig_subpkt( const byte *buffer, int reqtype, size_t *ret_n ); /*-- build-packet.c --*/ int build_packet( IOBUF inp, PACKET *pkt ); u32 calc_packet_length( PACKET *pkt ); void hash_public_cert( MD_HANDLE md, PKT_public_cert *pkc ); +void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type, + const byte *buffer, size_t buflen ); +void build_sig_subpkt_from_sig( PKT_signature *sig ); /*-- free-packet.c --*/ void free_symkey_enc( PKT_symkey_enc *enc ); diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 76e1a7a35..14d4c7b1c 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -197,7 +197,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, { int rc, c, ctb, pkttype, lenbytes; unsigned long pktlen; - byte hdr[5]; + byte hdr[8]; int hdrlen; int pgp3 = 0; @@ -233,8 +233,17 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, hdr[hdrlen++] = c; pktlen += c + 192; } + else if( c < 255 ) { + pktlen = (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 24; + pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 16; + pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8; + if( (c = iobuf_get(inp)) == -1 ) { + log_error("%s: 4 byte length invalid\n", iobuf_where(inp) ); + return G10ERR_INVALID_PACKET; + } + pktlen |= (hdr[hdrlen++] = c ); + } else { /* partial body length */ - pktlen = 1 << (c & 0x1f); log_debug("partial body length of %lu bytes\n", pktlen ); iobuf_set_partial_block_mode(inp, pktlen); pktlen = 0;/* to indicate partial length */ @@ -543,20 +552,32 @@ parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) } -static const byte * -parse_subpkt( const byte *buffer, int reqtype ) +const byte * +parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n ) { - int buflen = (*buffer << 8) | buffer[1]; + int buflen; int type; int critical; size_t n; + if( !buffer ) + return NULL; + buflen = (*buffer << 8) | buffer[1]; buffer += 2; for(;;) { if( !buflen ) return NULL; /* end of packets; not found */ n = *buffer++; buflen--; - if( n >= 192 ) { + if( n == 255 ) { + if( buflen < 4 ) + goto too_short; + n = (buffer[0] << 24) | (buffer[1] << 16) + | (buffer[2] << 8) | buffer[3]; + buffer += 4; + buflen -= 4; + + } + else if( n >= 192 ) { if( buflen < 2 ) goto too_short; n = (( n - 192 ) << 8) + *buffer + 192; @@ -573,27 +594,27 @@ parse_subpkt( const byte *buffer, int reqtype ) critical = 0; if( reqtype < 0 ) { /* list packets */ printf("\t%ssubpacket %d of length %u (%s)\n", - reqtype == -1 ? "hashed ":"", type, (unsigned)n, - type == 2 ? "signature creation time" - : type == 3 ? "signature expiration time" - : type == 4 ? "exportable" - : type == 5 ? "trust signature" - : type == 6 ? "regular expression" - : type == 7 ? "revocable" - : type == 9 ? "key expiration time" - : type ==10 ? "additional recipient request" - : type ==11 ? "preferred symmetric algorithms" - : type ==12 ? "revocation key" - : type ==16 ? "issuer key ID" - : type ==20 ? "notation data" - : type ==21 ? "preferred hash algorithms" - : type ==22 ? "preferred compression algorithms" - : type ==23 ? "key server preferences" - : type ==24 ? "preferred key server" - : type ==25 ? "primary user id" - : type ==26 ? "policy URL" - : type ==27 ? "key flags" - : type ==28 ? "signer's user id" + reqtype == SIGSUBPKT_LIST_HASHED ? "hashed ":"", type, (unsigned)n, + type == SIGSUBPKT_SIG_CREATED ? "signature creation time" + : type == SIGSUBPKT_SIG_EXPIRE ? "signature expiration time" + : type == SIGSUBPKT_EXPORTABLE ? "exportable" + : type == SIGSUBPKT_TRUST ? "trust signature" + : type == SIGSUBPKT_REGEXP ? "regular expression" + : type == SIGSUBPKT_REVOCABLE ? "revocable" + : type == SIGSUBPKT_KEY_EXPIRE ? "key expiration time" + : type == SIGSUBPKT_ARR ? "additional recipient request" + : type == SIGSUBPKT_PREF_SYM ? "preferred symmetric algorithms" + : type == SIGSUBPKT_REV_KEY ? "revocation key" + : type == SIGSUBPKT_ISSUER ? "issuer key ID" + : type == SIGSUBPKT_NOTATION ? "notation data" + : type == SIGSUBPKT_PREF_HASH ? "preferred hash algorithms" + : type == SIGSUBPKT_PREF_COMPR ? "preferred compression algorithms" + : type == SIGSUBPKT_KS_FLAGS ? "key server preferences" + : type == SIGSUBPKT_PREF_KS ? "preferred key server" + : type == SIGSUBPKT_PRIMARY_UID ? "primary user id" + : type == SIGSUBPKT_POLICY ? "policy URL" + : type == SIGSUBPKT_KEY_FLAGS ? "key flags" + : type == SIGSUBPKT_SIGNERS_UID ? "signer's user id" : "?"); } else if( type == reqtype ) @@ -604,29 +625,17 @@ parse_subpkt( const byte *buffer, int reqtype ) n--; if( n > buflen ) goto too_short; + if( ret_n ) + *ret_n = n; switch( type ) { - case 2: /* signature creation time */ + case SIGSUBPKT_SIG_CREATED: if( n < 4 ) break; return buffer; - case 16:/* issuer key ID */ + case SIGSUBPKT_ISSUER:/* issuer key ID */ if( n < 8 ) break; return buffer; - case 3: /* signature expiration time */ - case 4: /* exportable */ - case 5: /* trust signature */ - case 6: /* regular expression */ - case 7: /* revocable */ - case 9: /* key expiration time */ - case 10:/* additional recipient request */ - case 11:/* preferred symmetric algorithms */ - case 12:/* revocation key */ - case 20:/* notation data */ - case 21:/* preferred hash algorithms */ - case 22:/* preferred compression algorithms */ - case 23:/* key server preferences */ - case 24:/* preferred key server */ default: BUG(); /* not yet needed */ } log_error("subpacket of type %d too short\n", type); @@ -718,12 +727,12 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, if( is_v4 ) { /*extract required information */ const byte *p; - p = parse_subpkt( sig->hashed_data, 2 ); + p = parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_SIG_CREATED, NULL ); if( !p ) log_error("signature packet without timestamp\n"); else sig->timestamp = buffer_to_u32(p); - p = parse_subpkt( sig->unhashed_data, 16 ); + p = parse_sig_subpkt( sig->unhashed_data, SIGSUBPKT_ISSUER, NULL ); if( !p ) log_error("signature packet without keyid\n"); else { @@ -742,8 +751,8 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, sig->digest_algo, sig->digest_start[0], sig->digest_start[1] ); if( is_v4 ) { - parse_subpkt( sig->hashed_data, -1 ); - parse_subpkt( sig->unhashed_data, -2 ); + parse_sig_subpkt( sig->hashed_data, SIGSUBPKT_LIST_HASHED, NULL ); + parse_sig_subpkt( sig->unhashed_data,SIGSUBPKT_LIST_UNHASHED, NULL); } } if( is_ELGAMAL(sig->pubkey_algo) ) { diff --git a/g10/revoke.c b/g10/revoke.c index ca511bcc2..68f51e810 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -159,7 +159,7 @@ gen_revoke( const char *uname ) /* create it */ - rc = make_keysig_packet( &sig, pkc, NULL, skc, 0x20, DIGEST_ALGO_RMD160); + rc = make_keysig_packet( &sig, pkc, NULL, skc, 0x20, 0); if( rc ) { log_error("make_keysig_packet failed: %s\n", g10_errstr(rc)); goto leave; diff --git a/g10/rsa.c b/g10/rsa.c index 251f6198c..36e0ef246 100644 --- a/g10/rsa.c +++ b/g10/rsa.c @@ -71,7 +71,6 @@ g10_rsa_sign( PKT_secret_cert *skc, PKT_signature *sig, digest_algo = md_get_algo(md); dp = md_read( md, digest_algo ); - keyid_from_skc( skc, sig->keyid ); sig->digest_algo = digest_algo; sig->digest_start[0] = dp[0]; sig->digest_start[1] = dp[1]; diff --git a/g10/sig-check.c b/g10/sig-check.c index 1af891d44..0d93240df 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -134,6 +134,7 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest ) md_write( digest, buf, 6 ); } md_final( digest ); + result = mpi_alloc( (md_digest_length(sig->digest_algo) +BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ); mpi_set_buffer( result, md_read(digest, sig->digest_algo), @@ -344,6 +345,7 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) keyid_from_pkc( pkc, keyid ); md = md_open( algo, 0 ); + md_start_debug(md, "check"); hash_public_cert( md, pkc ); hash_uid_node( unode, md, sig ); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { diff --git a/g10/sign.c b/g10/sign.c index 4dbb8aee1..aa9704e97 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -266,19 +266,51 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, skc = skc_rover->skc; /* build the signature packet */ + /* fixme: this code is partly duplicated in make_keysig_packet */ sig = m_alloc_clear( sizeof *sig ); + sig->version = skc->version; + keyid_from_skc( skc, sig->keyid ); sig->pubkey_algo = skc->pubkey_algo; sig->timestamp = make_timestamp(); sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00; md = md_copy( mfx.md ); + + if( sig->version >= 4 ) { + build_sig_subpkt_from_sig( sig ); + md_putc( md, sig->version ); + } md_putc( md, sig->sig_class ); - { u32 a = sig->timestamp; + if( sig->version < 4 ) { + u32 a = sig->timestamp; md_putc( md, (a >> 24) & 0xff ); md_putc( md, (a >> 16) & 0xff ); md_putc( md, (a >> 8) & 0xff ); md_putc( md, a & 0xff ); } + else { + byte buf[6]; + size_t n; + + md_putc( md, sig->pubkey_algo ); + md_putc( md, sig->digest_algo ); + if( sig->hashed_data ) { + n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; + md_write( md, sig->hashed_data, n+2 ); + n += 6; + } + else + n = 6; + /* add some magic */ + buf[0] = sig->version; + buf[1] = 0xff; + buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */ + buf[3] = n >> 16; + buf[4] = n >> 8; + buf[5] = n; + md_write( md, buf, 6 ); + + } md_final( md ); if( is_ELGAMAL(sig->pubkey_algo) ) @@ -431,19 +463,50 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) skc = skc_rover->skc; /* build the signature packet */ + /* fixme: this code is duplicated above */ sig = m_alloc_clear( sizeof *sig ); + sig->version = skc->version; + keyid_from_skc( skc, sig->keyid ); sig->pubkey_algo = skc->pubkey_algo; sig->timestamp = make_timestamp(); sig->sig_class = 0x01; md = md_copy( textmd ); + if( sig->version >= 4 ) { + build_sig_subpkt_from_sig( sig ); + md_putc( md, sig->version ); + } md_putc( md, sig->sig_class ); - { u32 a = sig->timestamp; + if( sig->version < 4 ) { + u32 a = sig->timestamp; md_putc( md, (a >> 24) & 0xff ); md_putc( md, (a >> 16) & 0xff ); md_putc( md, (a >> 8) & 0xff ); md_putc( md, a & 0xff ); } + else { + byte buf[6]; + size_t n; + + md_putc( md, sig->pubkey_algo ); + md_putc( md, sig->digest_algo ); + if( sig->hashed_data ) { + n = (sig->hashed_data[0] << 8) | sig->hashed_data[1]; + md_write( md, sig->hashed_data, n+2 ); + n += 6; + } + else + n = 6; + /* add some magic */ + buf[0] = sig->version; + buf[1] = 0xff; + buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */ + buf[3] = n >> 16; + buf[4] = n >> 8; + buf[5] = n; + md_write( md, buf, 6 ); + + } md_final( md ); if( is_ELGAMAL(sig->pubkey_algo) ) diff --git a/g10/trustdb.c b/g10/trustdb.c index f36314b3e..07ae19b9b 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -24,8 +24,8 @@ #include #include #include -#include #include +#include #include #include diff --git a/include/errors.h b/include/errors.h index 7f60b8715..dc7486598 100644 --- a/include/errors.h +++ b/include/errors.h @@ -62,4 +62,9 @@ #define G10ERR_TIME_CONFLICT 40 #define G10ERR_WR_PUBKEY_ALGO 41 /* unusabe pubkey algo */ + +#ifndef HAVE_STRERROR +char *strerror( int n ); +#endif + #endif /*G10_ERRORS_H*/ diff --git a/include/types.h b/include/types.h index 41adbbbd8..543cbad62 100644 --- a/include/types.h +++ b/include/types.h @@ -21,6 +21,23 @@ #ifndef G10_TYPES_H #define G10_TYPES_H + +/* The AC_CHECK_SIZEOF() in configure fails for some machines. + * we provide some fallback values here */ +#if !SIZEOF_UNSIGNED_SHORT + #undef SIZEOF_UNSIGNED_SHORT + #define SIZEOF_UNSIGNED_SHORT 2 +#endif +#if !SIZEOF_UNSIGNED_INT + #undef SIZEOF_UNSIGNED_INT + #define SIZEOF_UNSIGNED_INT 4 +#endif +#if !SIZEOF_UNSIGNED_LONG + #undef SIZEOF_UNSIGNED_LONG + #define SIZEOF_UNSIGNED_LONG 4 +#endif + + #include diff --git a/include/util.h b/include/util.h index c56cc1991..5fcce6063 100644 --- a/include/util.h +++ b/include/util.h @@ -134,6 +134,10 @@ char *strlwr(char *a); #ifndef HAVE_STRTOUL #define strtoul(a,b,c) ((unsigned long)strtol((a),(b),(c))) #endif +#ifndef HAVE_MEMMOVE + #define memmove(d, s, n) bcopy((s), (d), (n)) +#endif + /******** some macros ************/ #ifndef STR diff --git a/mpi/ChangeLog b/mpi/ChangeLog index a39884d8d..86d7413b2 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,7 @@ +Wed May 13 11:04:29 1998 Werner Koch (wk@isil.d.shuttle.de) + + * config.links: Add support for MIPS + Thu Apr 9 11:31:36 1998 Werner Koch (wk@isil.d.shuttle.de) * mpicoder.c (mpi_get_secure_buffer): New. diff --git a/mpi/config.links b/mpi/config.links index fe9bda1c2..699ca8580 100644 --- a/mpi/config.links +++ b/mpi/config.links @@ -70,6 +70,14 @@ case "${target}" in path="sparc32" mpi_extra_modules="udiv" ;; + mips[34]*-*-* | mips*-*-irix6*) + echo '/* configured for MIPS3 */' >>./mpi/asm-syntax.h + path="mips3" + ;; + mips*-*-*) + echo '/* configured for MIPS2 */' >>./mpi/asm-syntax.h + path="mips2" + ;; # Motorola 68k configurations. Let m68k mean 68020-68040. # mc68000 or mc68060 configurations need to be specified explicitly diff --git a/util/ChangeLog b/util/ChangeLog index 31312c7eb..23d284b1a 100644 --- a/util/ChangeLog +++ b/util/ChangeLog @@ -1,3 +1,7 @@ +Fri May 8 17:06:49 1998 Werner Koch (wk@isil.d.shuttle.de) + + * errors.c (strerror): New if !HAVE_STRERROR + Mon May 4 19:48:03 1998 Werner Koch (wk@isil.d.shuttle.de) * iobuf.c (iobuf_read): Code is now faster. diff --git a/util/errors.c b/util/errors.c index 4436e78c0..b71ff4f49 100644 --- a/util/errors.c +++ b/util/errors.c @@ -25,6 +25,21 @@ #include "errors.h" +#ifndef HAVE_STRERROR +char * +strerror( int n ) +{ + extern char *sys_errlist[]; + extern int sys_nerr; + static char buf[15]; + + if( n >= 0 && n < sys_nerr ) + return sys_errlist[n]; + strcpy( buf, "Unknown error" ); + return buf; +} +#endif /* !HAVE_STRERROR */ + const char * g10_errstr( int err ) { diff --git a/util/iobuf.c b/util/iobuf.c index 1578d565b..d43fad9ba 100644 --- a/util/iobuf.c +++ b/util/iobuf.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include