1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00

Sicherung

This commit is contained in:
Werner Koch 1998-06-09 15:14:06 +00:00
parent ef75fa1802
commit 1ece02aa54
33 changed files with 704 additions and 766 deletions

View file

@ -1,3 +1,8 @@
Mon Jun 8 22:23:37 1998 Werner Koch (wk@isil.d.shuttle.de)
* seckey-cert.c (do_check): Removed cipher constants
(protect_secret_key): Ditto.
Fri May 29 10:00:28 1998 Werner Koch (wk@isil.d.shuttle.de)
* trustdb.c (query_trust_info): New.

View file

@ -64,8 +64,6 @@ target_triplet = @target@
CATALOGS = @CATALOGS@
CATOBJEXT = @CATOBJEXT@
CC = @CC@
CIPHER_EXTRA_DIST = @CIPHER_EXTRA_DIST@
CIPHER_EXTRA_OBJS = @CIPHER_EXTRA_OBJS@
CPP = @CPP@
DATADIRNAME = @DATADIRNAME@
G10_LOCALEDIR = @G10_LOCALEDIR@

View file

@ -575,6 +575,7 @@ build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
switch( type ) {
case SIGSUBPKT_SIG_CREATED:
case SIGSUBPKT_PRIV_ADD_SIG:
hashed = 1; break;
default: hashed = 0; break;
}

View file

@ -319,6 +319,7 @@ list_one( const char *name, int secret )
if( opt.with_colons )
printf(":%02x:", sig->sig_class );
putchar('\n');
/* FIXME: check or list other sigs here (subpkt PRIV_ADD_SIG)*/
}
}
if( !any ) {/* oops, no user id */

View file

@ -234,7 +234,8 @@ typedef enum {
SIGSUBPKT_PRIMARY_UID =25, /* primary user id */
SIGSUBPKT_POLICY =26, /* policy URL */
SIGSUBPKT_KEY_FLAGS =27, /* key flags */
SIGSUBPKT_SIGNERS_UID =28 /* signer's user id */
SIGSUBPKT_SIGNERS_UID =28, /* signer's user id */
SIGSUBPKT_PRIV_ADD_SIG =101 /* signatur is also valid for this uid */
} sigsubpkttype_t;

View file

@ -615,6 +615,7 @@ parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n )
: type == SIGSUBPKT_POLICY ? "policy URL"
: type == SIGSUBPKT_KEY_FLAGS ? "key flags"
: type == SIGSUBPKT_SIGNERS_UID ? "signer's user id"
: type == SIGSUBPKT_PRIV_ADD_SIG? "signs additional user id"
: "?");
}
else if( type == reqtype )
@ -636,6 +637,13 @@ parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n )
if( n < 8 )
break;
return buffer;
case SIGSUBPKT_PRIV_ADD_SIG:
/* because we use private data, we check the GNUPG marker */
if( n < 24 )
break;
if( buffer[0] != 'G' || buffer[1] != 'P' || buffer[2] != 'G' )
return NULL;
return buffer+3;
default: BUG(); /* not yet needed */
}
log_error("subpacket of type %d too short\n", type);

View file

@ -127,7 +127,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
{ rc = G10ERR_WRONG_SECKEY; goto leave; }
break;
case CIPHER_ALGO_BLOWFISH:
case CIPHER_ALGO_CAST:
case CIPHER_ALGO_CAST5:
if( dek->keylen != 16 )
{ rc = G10ERR_WRONG_SECKEY; goto leave; }
break;

View file

@ -49,112 +49,106 @@ do_check( PKT_secret_cert *cert )
PKT_secret_cert *save_cert;
char save_iv[8];
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH160:
case CIPHER_ALGO_BLOWFISH:
case CIPHER_ALGO_CAST:
keyid_from_skc( cert, keyid );
dek = passphrase_to_dek( keyid, cert->protect.algo,
&cert->protect.s2k, 0 );
cipher_hd = cipher_open( cert->protect.algo,
CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
save_cert = copy_secret_cert( NULL, cert );
memcpy(save_iv, cert->protect.iv, 8 );
cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL:
case PUBKEY_ALGO_ELGAMAL_E:
buffer = mpi_get_secure_buffer( cert->d.elg.x, &nbytes, NULL );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.elg.x, buffer, nbytes, 0 );
csum = checksum_mpi( cert->d.elg.x );
m_free( buffer );
break;
case PUBKEY_ALGO_DSA:
buffer = mpi_get_secure_buffer( cert->d.dsa.x, &nbytes, NULL );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.dsa.x, buffer, nbytes, 0 );
csum = checksum_mpi( cert->d.dsa.x );
m_free( buffer );
break;
#ifdef HAVE_RSA_CIPHER
case PUBKEY_ALGO_RSA:
case PUBKEY_ALGO_RSA_E:
case PUBKEY_ALGO_RSA_S:
csum = 0;
#define X(a) do { \
buffer = mpi_get_secure_buffer( cert->d.rsa.##a, \
&nbytes, NULL ); \
csum += checksum_u16( nbytes*8 ); \
cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); \
csum += checksum( buffer, nbytes ); \
mpi_set_buffer(cert->d.rsa.##a, buffer, nbytes, 0 ); \
m_free( buffer ); \
} while(0)
X(d);
X(p);
X(q);
X(u);
#undef X
break;
#endif /* HAVE_RSA_CIPHER */
if( cert->protect.algo == CIPHER_ALGO_NONE )
BUG();
if( check_cipher_algo( cert->protect.algo ) )
return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
keyid_from_skc( cert, keyid );
dek = passphrase_to_dek( keyid, cert->protect.algo,
&cert->protect.s2k, 0 );
cipher_hd = cipher_open( cert->protect.algo,
CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen );
cipher_setiv( cipher_hd, NULL );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
save_cert = copy_secret_cert( NULL, cert );
memcpy(save_iv, cert->protect.iv, 8 );
cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL:
case PUBKEY_ALGO_ELGAMAL_E:
buffer = mpi_get_secure_buffer( cert->d.elg.x, &nbytes, NULL );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.elg.x, buffer, nbytes, 0 );
csum = checksum_mpi( cert->d.elg.x );
m_free( buffer );
break;
case PUBKEY_ALGO_DSA:
buffer = mpi_get_secure_buffer( cert->d.dsa.x, &nbytes, NULL );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.dsa.x, buffer, nbytes, 0 );
csum = checksum_mpi( cert->d.dsa.x );
m_free( buffer );
break;
#ifdef HAVE_RSA_CIPHER
case PUBKEY_ALGO_RSA:
case PUBKEY_ALGO_RSA_E:
case PUBKEY_ALGO_RSA_S:
csum = 0;
#define X(a) do { \
buffer = mpi_get_secure_buffer( cert->d.rsa.##a, \
&nbytes, NULL ); \
csum += checksum_u16( nbytes*8 ); \
cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); \
csum += checksum( buffer, nbytes ); \
mpi_set_buffer(cert->d.rsa.##a, buffer, nbytes, 0 ); \
m_free( buffer ); \
} while(0)
X(d);
X(p);
X(q);
X(u);
#undef X
break;
#endif /* HAVE_RSA_CIPHER */
default: BUG();
default: BUG();
}
cipher_close( cipher_hd );
/* now let's see whether we have used the right passphrase */
if( csum != cert->csum ) {
if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
/* very bad kludge to work around an early bug */
csum -= checksum_u16( mpi_get_nbits(cert->d.elg.x) );
nbytes = mpi_get_nlimbs(cert->d.elg.x) * 4;
csum += checksum_u16( nbytes*8 );
if( !opt.batch && csum == cert->csum )
log_info("Probably you have an old key - use "
"\"--change-passphrase\" to convert.\n");
}
cipher_close( cipher_hd );
/* now let's see whether we have used the right passphrase */
if( csum != cert->csum ) {
if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
/* very bad kludge to work around an early bug */
csum -= checksum_u16( mpi_get_nbits(cert->d.elg.x) );
nbytes = mpi_get_nlimbs(cert->d.elg.x) * 4;
csum += checksum_u16( nbytes*8 );
if( !opt.batch && csum == cert->csum )
log_info("Probably you have an old key - use "
"\"--change-passphrase\" to convert.\n");
}
if( csum != cert->csum ) {
copy_secret_cert( cert, save_cert );
free_secret_cert( save_cert );
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
}
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL_E:
case PUBKEY_ALGO_ELGAMAL:
res = elg_check_secret_key( &cert->d.elg );
break;
case PUBKEY_ALGO_DSA:
res = dsa_check_secret_key( &cert->d.dsa );
break;
#ifdef HAVE_RSA_CIPHER
case PUBKEY_ALGO_RSA:
case PUBKEY_ALGO_RSA_E:
case PUBKEY_ALGO_RSA_S:
res = rsa_check_secret_key( &cert->d.rsa );
break;
#endif
default: BUG();
}
if( !res ) {
copy_secret_cert( cert, save_cert );
free_secret_cert( save_cert );
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
free_secret_cert( save_cert );
cert->is_protected = 0;
break;
default:
return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */
}
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL_E:
case PUBKEY_ALGO_ELGAMAL:
res = elg_check_secret_key( &cert->d.elg );
break;
case PUBKEY_ALGO_DSA:
res = dsa_check_secret_key( &cert->d.dsa );
break;
#ifdef HAVE_RSA_CIPHER
case PUBKEY_ALGO_RSA:
case PUBKEY_ALGO_RSA_E:
case PUBKEY_ALGO_RSA_S:
res = rsa_check_secret_key( &cert->d.rsa );
break;
#endif
default: BUG();
}
if( !res ) {
copy_secret_cert( cert, save_cert );
free_secret_cert( save_cert );
memcpy( cert->protect.iv, save_iv, 8 );
return G10ERR_BAD_PASS;
}
free_secret_cert( save_cert );
cert->is_protected = 0;
}
else { /* not protected */
switch( cert->pubkey_algo ) {
@ -320,11 +314,9 @@ protect_secret_key( PKT_secret_cert *cert, DEK *dek )
if( !cert->is_protected ) { /* okay, apply the protection */
CIPHER_HANDLE cipher_hd=NULL;
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH160:
case CIPHER_ALGO_BLOWFISH:
case CIPHER_ALGO_CAST:
if( check_cipher_algo( cert->protect.algo ) )
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
else {
cipher_hd = cipher_open( cert->protect.algo,
CIPHER_MODE_AUTO_CFB, 1 );
cipher_setkey( cipher_hd, dek->key, dek->keylen );
@ -333,11 +325,6 @@ protect_secret_key( PKT_secret_cert *cert, DEK *dek )
if( !do_protect( &cipher_encrypt, cipher_hd, cert ) )
cert->is_protected = 1;
cipher_close( cipher_hd );
break;
default:
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
break;
}
}
return rc;

View file

@ -319,38 +319,6 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
rc = G10ERR_SIG_CLASS;
}
}
else if( sig->sig_class >= 0x14 && sig->sig_class <= 0x17 ) {
/* a gnupg extension: calculate the signature over all
* preceding userids */
KBNODE unode = find_prev_kbnode( root, node, PKT_USER_ID );
u32 keyid[2];
int any = 0;
keyid_from_pkc( pkc, keyid );
md = md_open( algo, 0 );
hash_public_cert( md, pkc );
for( unode=root->next; unode && unode != node; unode = unode->next ) {
if( unode->pkt->pkttype == PKT_USER_ID ) {
hash_uid_node( unode, md, sig );
any++;
}
}
if( any ) {
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
if( is_selfsig )
*is_selfsig = 1;
rc = do_check( pkc, sig, md );
}
else
rc = signature_check( sig, md );
}
else {
log_error("no user id for key signature packet\n");
rc = G10ERR_SIG_CLASS;
}
md_close(md);
}
else {
KBNODE unode = find_prev_kbnode( root, node, PKT_USER_ID );