This commit is contained in:
Werner Koch 1998-03-03 08:43:28 +00:00
parent b13e238a19
commit 0eb5aa6cfd
19 changed files with 226 additions and 264 deletions

12
NEWS
View File

@ -1,3 +1,15 @@
Noteworthy changes in version 0.2.11
------------------------------------
* GPG now asks for a recipient's name if option "-r" is not used.
* If there is no good trust path, the program asks whether to use
the public keys anyway.
* "--delete-key" works for public keys. What semantics shall I use
when there is a secret key too? Delete the secret key or leave him
and auto-regenerate the public key, netxt time the secret key is used?
Noteworthy changes in version 0.2.10
------------------------------------

View File

@ -1 +1 @@
0.2.10
0.2.11

View File

@ -1,3 +1,11 @@
Mon Mar 2 19:21:46 1998 Werner Koch (wk@isil.d.shuttle.de)
* gost.c, gost.h: Removed because they did only conatin trash.
Sun Mar 1 16:42:29 1998 Werner Koch (wk@isil.d.shuttle.de)
* random.c (fill_buffer): removed error message if n == -1.
Fri Feb 27 16:39:34 1998 Werner Koch (wk@isil.d.shuttle.de)
* md.c (md_enable): No init if called twice.

View File

@ -10,8 +10,6 @@ libcipher_a_SOURCES = blowfish.c \
blowfish.h \
elgamal.c \
elgamal.h \
gost.c \
gost.h \
md5.c \
md5.h \
primegen.c \

View File

@ -101,8 +101,6 @@ libcipher_a_SOURCES = blowfish.c \
blowfish.h \
elgamal.c \
elgamal.h \
gost.c \
gost.h \
md5.c \
md5.h \
primegen.c \
@ -130,8 +128,8 @@ DEFS = @DEFS@ -I. -I$(srcdir) -I..
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
libcipher_a_OBJECTS = blowfish.o elgamal.o gost.o md5.o primegen.o \
random.o rmd160.o sha1.o dsa.o md.o misc.o smallprime.o
libcipher_a_OBJECTS = blowfish.o elgamal.o md5.o primegen.o random.o \
rmd160.o sha1.o dsa.o md.o misc.o smallprime.o
AR = ar
CFLAGS = @CFLAGS@
COMPILE = $(CC) $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS)
@ -143,9 +141,9 @@ DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
TAR = tar
GZIP = --best
DEP_FILES = .deps/blowfish.P .deps/dsa.P .deps/elgamal.P .deps/gost.P \
.deps/md.P .deps/md5.P .deps/misc.P .deps/primegen.P .deps/random.P \
.deps/rmd160.P .deps/sha1.P .deps/smallprime.P
DEP_FILES = .deps/blowfish.P .deps/dsa.P .deps/elgamal.P .deps/md.P \
.deps/md5.P .deps/misc.P .deps/primegen.P .deps/random.P .deps/rmd160.P \
.deps/sha1.P .deps/smallprime.P
SOURCES = $(libcipher_a_SOURCES)
OBJECTS = $(libcipher_a_OBJECTS)

View File

@ -30,280 +30,47 @@
#include "types.h"
#include "gost.h"
static u16
mul_inv( u16 x )
{
u16 t0, t1;
u16 q, y;
if( x < 2 )
return x;
t1 = 0x10001L / x;
y = 0x10001L % x;
if( y == 1 )
return (1-t1) & 0xffff;
t0 = 1;
do {
q = x / y;
x = x % y;
t0 += q * t1;
if( x == 1 )
return t0;
q = y / x;
y = y % x;
t1 += q * t0;
} while( y != 1 );
return (1-t1) & 0xffff;
}
static void
expand_key( byte *userkey, u16 *ek )
{
int i,j;
for(j=0; j < 8; j++ ) {
ek[j] = (*userkey << 8) + userkey[1];
userkey += 2;
}
for(i=0; j < GOST_KEYLEN; j++ ) {
i++;
ek[i+7] = ek[i&7] << 9 | ek[(i+1)&7] >> 7;
ek += i & 8;
i &= 7;
}
}
static void
invert_key( u16 *ek, u16 dk[GOST_KEYLEN] )
{
int i;
u16 t1, t2, t3;
u16 temp[GOST_KEYLEN];
u16 *p = temp + GOST_KEYLEN;
t1 = mul_inv( *ek++ );
t2 = -*ek++;
t3 = -*ek++;
*--p = mul_inv( *ek++ );
*--p = t3;
*--p = t2;
*--p = t1;
for(i=0; i < GOST_ROUNDS-1; i++ ) {
t1 = *ek++;
*--p = *ek++;
*--p = t1;
t1 = mul_inv( *ek++ );
t2 = -*ek++;
t3 = -*ek++;
*--p = mul_inv( *ek++ );
*--p = t3;
*--p = t2;
*--p = t1;
}
t1 = *ek++;
*--p = *ek++;
*--p = t1;
t1 = mul_inv( *ek++ );
t2 = -*ek++;
t3 = -*ek++;
*--p = mul_inv( *ek++ );
*--p = t3;
*--p = t2;
*--p = t1;
memcpy(dk, temp, sizeof(temp) );
memset(temp, 0, sizeof(temp) ); /* burn temp */
}
static void
cipher( byte *inbuf, byte *outbuf, u16 *key )
{
u16 x1, x2, x3,x4, s2, s3;
u16 *in, *out;
int r = GOST_ROUNDS;
#define MUL(x,y) \
do {u16 _t16; u32 _t32; \
if( (_t16 = (y)) ) { \
if( (x = (x)&0xffff) ) { \
_t32 = (u32)x * _t16; \
x = _t32 & 0xffff; \
_t16 = _t32 >> 16; \
x = ((x)-_t16) + (x<_t16?1:0); \
} \
else { \
x = 1 - _t16; \
} \
} \
else { \
x = 1 - x; \
} \
} while(0)
in = (u16*)inbuf;
x1 = *in++;
x2 = *in++;
x3 = *in++;
x4 = *in;
#ifdef LITTLE_ENDIAN_HOST
x1 = (x1>>8) | (x1<<8);
x2 = (x2>>8) | (x2<<8);
x3 = (x3>>8) | (x3<<8);
x4 = (x4>>8) | (x4<<8);
#endif
do {
MUL(x1, *key++);
x2 += *key++;
x3 += *key++;
MUL(x4, *key++ );
s3 = x3;
x3 ^= x1;
MUL(x3, *key++);
s2 = x2;
x2 ^=x4;
x2 += x3;
MUL(x2, *key++);
x3 += x2;
x1 ^= x2;
x4 ^= x3;
x2 ^= s3;
x3 ^= s2;
} while( --r );
MUL(x1, *key++);
x3 += *key++;
x2 += *key++;
MUL(x4, *key);
out = (u16*)outbuf;
#ifdef LITTLE_ENDIAN_HOST
*out++ = (x1>>8) | (x1<<8);
*out++ = (x3>>8) | (x3<<8);
*out++ = (x2>>8) | (x2<<8);
*out = (x4>>8) | (x4<<8);
#else
*out++ = x1;
*out++ = x3;
*out++ = x2;
*out = x4;
#endif
#undef MUL
}
#error don't use this
void
gost_setkey( GOST_context *c, byte *key )
{
expand_key( key, c->ek );
invert_key( c->ek, c->dk );
}
void
gost_setiv( GOST_context *c, byte *iv )
{
memcpy( c->iv, iv, GOST_BLOCKSIZE );
}
void
gost_encode( GOST_context *c, byte *outbuf, byte *inbuf, unsigned nblocks )
{
unsigned n;
for(n=0; n < nblocks; n++ ) {
cipher( inbuf, outbuf, c->ek );
inbuf += 8;
outbuf += 8;
}
}
void
gost_decode( GOST_context *c, byte *outbuf, byte *inbuf, unsigned nblocks )
{
unsigned n;
for(n=0; n < nblocks; n++ ) {
cipher( inbuf, outbuf, c->dk );
inbuf += 8;
outbuf += 8;
}
}
static void
cfbshift( byte *iv, byte *buf, unsigned count)
{
unsigned n;
if( count ) {
for( n = GOST_BLOCKSIZE - count; n; n--, iv++ )
*iv = iv[count];
for( ; count; count-- )
*iv++ = *buf++;
}
}
/****************
* FIXME: Make use of bigger chunks
*/
static void
xorblock( byte *out, byte *a, byte *b, unsigned count )
{
for( ; count ; count--, a++, b++ )
*out++ = *a ^ *b ;
}
void
gost_encode_cfb( GOST_context *c, byte *outbuf, byte *inbuf, unsigned nbytes)
{
byte temp[GOST_BLOCKSIZE];
while( nbytes >= GOST_BLOCKSIZE ) {
cipher( c->iv, temp, c->ek );
xorblock( outbuf, inbuf, temp, GOST_BLOCKSIZE);
cfbshift( c->iv, outbuf, GOST_BLOCKSIZE );
nbytes -= GOST_BLOCKSIZE;
inbuf += GOST_BLOCKSIZE;
outbuf += GOST_BLOCKSIZE;
}
if( nbytes ) {
cipher( c->iv, temp, c->ek );
xorblock( outbuf, inbuf, temp, nbytes );
cfbshift( c->iv, outbuf, nbytes );
}
}
void
gost_decode_cfb( GOST_context *c, byte *outbuf, byte *inbuf, unsigned nbytes)
{
byte temp[GOST_BLOCKSIZE];
while( nbytes >= GOST_BLOCKSIZE ) {
cipher( c->iv, temp, c->ek );
cfbshift( c->iv, inbuf, GOST_BLOCKSIZE );
xorblock( outbuf, inbuf, temp, GOST_BLOCKSIZE);
nbytes -= GOST_BLOCKSIZE;
inbuf += GOST_BLOCKSIZE;
outbuf += GOST_BLOCKSIZE;
}
if( nbytes ) {
cipher( c->iv, temp, c->ek );
cfbshift( c->iv, inbuf, nbytes );
xorblock( outbuf, inbuf, temp, nbytes );
}
}

View File

@ -36,7 +36,6 @@ static struct { const char *name; int algo;} cipher_names[] = {
{ "SAFER_SK128", CIPHER_ALGO_SAFER_SK128 },
{ "DES_SK", CIPHER_ALGO_DES_SK },
{ "BLOWFISH", CIPHER_ALGO_BLOWFISH },
{ "GOST", CIPHER_ALGO_GOST },
{NULL} };
static struct { const char *name; int algo;} pubkey_names[] = {

View File

@ -157,7 +157,7 @@ fill_buffer( byte *buffer, size_t length, int level )
assert( length < 200 );
do {
n = read(fd, buffer, length );
if( n > length ) {
if( n >= 0 && n > length ) {
log_error("bogus read from random device (n=%d)\n", n );
n = length;
}

View File

@ -1,3 +1,23 @@
Mon Mar 2 21:23:48 1998 Werner Koch (wk@isil.d.shuttle.de)
* pkc_list.c (build_pkc_list): Add interactive input of user ID.
Mon Mar 2 20:54:05 1998 Werner Koch (wk@isil.d.shuttle.de)
* pkclist.c (do_we_trust_pre): New.
(add_ownertrust): Add message.
* trustdb.c (enum_trust_web): Quick fix.
Mon Mar 2 13:50:53 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (main): New action aDeleteKey
* sign.c (delete_key): New.
Sun Mar 1 16:38:58 1998 Werner Koch (wk@isil.d.shuttle.de)
* trustdb.c (do_check): No returns TRUST_UNDEFINED instead of
eof error.
Fri Feb 27 18:14:03 1998 Werner Koch (wk@isil.d.shuttle.de)
* armor.c (find_header): Removed trailing CR on headers.

View File

@ -120,7 +120,7 @@ static ARGPARSE_OPTS opts[] = {
enum cmd_values { aNull = 0,
aSym, aStore, aEncr, aKeygen, aSign, aSignEncr,
aSignKey, aClearsign, aListPackets, aEditSig,
aSignKey, aClearsign, aListPackets, aEditSig, aDeleteKey,
aKMode, aKModeC, aChangePass, aImport,
aExport, aCheckKeys, aGenRevoke,
aNOP };
@ -416,6 +416,7 @@ main( int argc, char **argv )
case 501: opt.answer_yes = 1; break;
case 502: opt.answer_no = 1; break;
case 503: set_cmd( &cmd, aKeygen); break;
case 505: set_cmd( &cmd, aDeleteKey); break;
case 506: set_cmd( &cmd, aSignKey); break;
case 507: set_cmd( &cmd, aStore); break;
case 508: set_cmd( &cmd, aCheckKeys);
@ -612,6 +613,14 @@ main( int argc, char **argv )
log_error("%s: edit signature failed: %s\n", fname_print, g10_errstr(rc) );
break;
case aDeleteKey:
if( argc != 1 )
wrong_args(_("--delete-key username"));
/* note: fname is the user id! */
if( (rc = delete_key(fname)) )
log_error("%s: delete key failed: %s\n", fname_print, g10_errstr(rc) );
break;
case aChangePass: /* Chnage the passphrase */
if( argc > 1 ) /* no arg: use default, 1 arg use this one */
wrong_args(_("--change-passphrase [username]"));

View File

@ -53,6 +53,7 @@ int sign_file( STRLIST filenames, int detached, STRLIST locusr,
int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
int sign_key( const char *username, STRLIST locusr );
int edit_keysigs( const char *username );
int delete_key( const char *username );
int change_passphrase( const char *username );
/*-- sig-check.c --*/

View File

@ -153,11 +153,12 @@ _("Could not find a valid trust path to the key. Lets see, wether we\n"
rc = 0;
enum_trust_web( &context, NULL ); /* close */
if( !any )
tty_printf(_("No ownertrust values changed.\n\n") );
return rc? rc : any? 0:-1;
}
/****************
* Check wether we can trust this pkc which has a trustlevel of TRUSTLEVEL
* Returns: true if we trust.
@ -218,7 +219,7 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
return do_we_trust( pkc, trustlevel );
}
}
return 0; /* no */
return 0; /* no FIXME: add "Proceed anyway?" */
case TRUST_NEVER:
log_info("We do NOT trust this key\n");
@ -250,6 +251,32 @@ do_we_trust( PKT_public_cert *pkc, int trustlevel )
}
/****************
* wrapper arounf do_we_trust, so we can ask wether to use the
* key anyway.
*/
static int
do_we_trust_pre( PKT_public_cert *pkc, int trustlevel )
{
int rc = do_we_trust( pkc, trustlevel );
if( !opt.batch && !rc ) {
char *answer;
tty_printf(_(
"It is NOT certain, that the key belongs to his owner.\n"
"If you *really* know what you are doing, you may answer\n"
"the next question with yes\n\n") );
answer = tty_get("Use this key anyway? ");
tty_kill_prompt();
if( answer_is_yes(answer) )
rc = 1;
m_free(answer);
}
return rc;
}
void
release_pkc_list( PKC_LIST pkc_list )
@ -267,14 +294,56 @@ int
build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list )
{
PKC_LIST pkc_list = NULL;
int rc;
PKT_public_cert *pkc=NULL;
int rc=0;
if( !remusr ) { /* ask!!! */
log_bug("ask for public key nyi\n");
if( !remusr && !opt.batch ) { /* ask */
char *answer=NULL;
tty_printf(_(
"You did not specify a user ID. (you may use \"-r\")\n\n"));
for(;;) {
rc = 0;
m_free(answer);
answer = tty_get(_("Enter the user ID: "));
trim_spaces(answer);
tty_kill_prompt();
if( !*answer )
break;
if( pkc )
free_public_cert( pkc );
pkc = m_alloc_clear( sizeof *pkc );
rc = get_pubkey_byname( pkc, answer );
if( rc )
tty_printf("No such user ID.\n");
else if( !(rc=check_pubkey_algo(pkc->pubkey_algo)) ) {
int trustlevel;
rc = check_trust( pkc, &trustlevel );
if( rc ) {
log_error("error checking pkc of '%s': %s\n",
answer, g10_errstr(rc) );
}
else if( do_we_trust_pre( pkc, trustlevel ) ) {
PKC_LIST r;
r = m_alloc( sizeof *r );
r->pkc = pkc; pkc = NULL;
r->next = pkc_list;
r->mark = 0;
pkc_list = r;
break;
}
}
}
m_free(answer);
if( pkc ) {
free_public_cert( pkc );
pkc = NULL;
}
}
else {
for(; remusr; remusr = remusr->next ) {
PKT_public_cert *pkc;
pkc = m_alloc_clear( sizeof *pkc );
if( (rc = get_pubkey_byname( pkc, remusr->d )) ) {
@ -290,7 +359,7 @@ build_pkc_list( STRLIST remusr, PKC_LIST *ret_pkc_list )
log_error("error checking pkc of '%s': %s\n",
remusr->d, g10_errstr(rc) );
}
else if( do_we_trust( pkc, trustlevel ) ) {
else if( do_we_trust_pre( pkc, trustlevel ) ) {
/* note: do_we_trust may have changed the trustlevel */
PKC_LIST r;

View File

@ -195,7 +195,7 @@ check_rsa( PKT_secret_cert *cert )
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
keyid_from_skc( cert, keyid );
dek = get_passphrase_hash( keyid, NULL );
dek = get_passphrase_hash( keyid, NULL, NULL );
blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
m_free(dek); /* pw is in secure memory, so m_free() burns it */

View File

@ -854,6 +854,84 @@ edit_keysigs( const char *username )
}
/****************
* Eine public key aus dem keyring entfernen.
*/
int
delete_key( const char *username )
{
int rc = 0;
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
PKT_public_cert *pkc;
u32 pkc_keyid[2];
int okay=0;
/* search the userid */
rc = find_keyblock_byname( &kbpos, username );
if( rc ) {
log_error("%s: user not found\n", username );
goto leave;
}
/* read the keyblock */
rc = read_keyblock( &kbpos, &keyblock );
if( rc ) {
log_error("%s: certificate read problem: %s\n", username, g10_errstr(rc) );
goto leave;
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_PUBLIC_CERT );
if( !node ) {
log_error("Oops; public key not found anymore!\n");
rc = G10ERR_GENERAL;
goto leave;
}
pkc = node->pkt->pkt.public_cert;
keyid_from_pkc( pkc, pkc_keyid );
if( opt.batch && opt.answer_yes )
okay++;
else if( opt.batch )
log_error("can't do that in batch-mode without \"--yes\"\n");
else {
char *p;
size_t n;
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pkc( pkc ),
pubkey_letter( pkc->pubkey_algo ),
pkc_keyid[1], datestr_from_pkc(pkc) );
p = get_user_id( pkc_keyid, &n );
tty_print_string( p, n );
m_free(p);
tty_printf("\n\n");
p = tty_get("Delete this key from the keyring? ");
tty_kill_prompt();
if( answer_is_yes(p) )
okay++;
m_free(p);
}
if( okay ) {
rc = delete_keyblock( &kbpos );
if( rc ) {
log_error("delete_keyblock failed: %s\n", g10_errstr(rc) );
goto leave;
}
}
leave:
release_kbnode( keyblock );
return rc;
}
int
change_passphrase( const char *username )
{

View File

@ -1421,12 +1421,9 @@ do_check( ulong pubkeyid, TRUSTREC *dr, unsigned *trustlevel )
if( !rc && !dr->r.dir.sigrec ) {
/* See wether this is our own key */
if( !qry_lid_table_flag( ultikey_table, pubkeyid, NULL ) ) {
if( !qry_lid_table_flag( ultikey_table, pubkeyid, NULL ) )
*trustlevel = tflags | TRUST_ULTIMATE;
return 0;
}
else
rc = -1;
return 0;
}
if( rc )
return rc; /* error while looking for sigrec or building sigrecs */
@ -1774,8 +1771,8 @@ enum_trust_web( void **context, ulong *lid )
if( !c ) { /* make a new context */
c = m_alloc_clear( sizeof *c );
*context = c;
if( *lid != last_trust_web_key )
log_bug("enum_trust_web: nyi\n");
if( *lid != last_trust_web_key && last_trust_web_key )
log_bug("enum_trust_web: nyi\n"); /* <--- FIXME */
c->tsl = last_trust_web_tslist;
c->index = 1;
}

View File

@ -33,7 +33,6 @@
#include "../cipher/rsa.h"
#endif
#include "../cipher/blowfish.h"
#include "../cipher/gost.h"
#include "../cipher/elgamal.h"
@ -46,7 +45,6 @@
#define CIPHER_ALGO_SAFER_SK128 6
#define CIPHER_ALGO_DES_SK 7
#define CIPHER_ALGO_BLOWFISH 42 /* blowfish 160 bit key (not in OpenPGP)*/
#define CIPHER_ALGO_GOST 43 /* (Not in OpenPGP) */
#define PUBKEY_ALGO_RSA 1
#define PUBKEY_ALGO_RSA_E 2 /* RSA encrypt only */

View File

@ -1,3 +1,7 @@
Mon Mar 2 19:29:00 1998 Werner Koch (wk@isil.d.shuttle.de)
* Makefile.am (DISTCLEANFILES): New
Thu Feb 26 06:48:54 1998 Werner Koch (wk@isil.d.shuttle.de)
* config.links (X86_BROKEN_ALIGN): Added for some systems.

View File

@ -6,6 +6,8 @@ CFLAGS += -O2
SUFFIXES = .S .s
EXTRA_DIST = config.links
DISTCLEANFILES = mpih-add1.S mpih-mul1.S mpih-mul2.S mpih-mul3.S \
mpih-shift.S mpih-sub1.S asm-syntax.h sysdep.h
noinst_LIBRARIES = libmpi.a

View File

@ -97,6 +97,8 @@ INCLUDES = -I$(top_srcdir)/include
SUFFIXES = .S .s
EXTRA_DIST = config.links
DISTCLEANFILES = mpih-add1.S mpih-mul1.S mpih-mul2.S mpih-mul3.S \
mpih-shift.S mpih-sub1.S asm-syntax.h sysdep.h
noinst_LIBRARIES = libmpi.a
# noinst_HEADERS =