diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 3d9a5cb93..e68ee19fc 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -99,4 +99,9 @@ rndlinux: $(srcdir)/rndlinux.c rndegd: $(srcdir)/rndegd.c $(COMPILE) $(DYNLINK_MOD_CFLAGS) -o rndegd $(srcdir)/rndegd.c +# We need to have a better system for selection which modules +# to compile. For now this works. +rndw32: $(srcdir)/rndw32.c + echo "#!/bin/sh" >rndw32 + echo "Not usable as a module" >>rndw32 diff --git a/cipher/cipher.c b/cipher/cipher.c index 990671fc5..7224ab69d 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -362,6 +362,7 @@ cipher_open( int algo, int mode, int secure ) if( algo == CIPHER_ALGO_DUMMY ) hd->mode = CIPHER_MODE_DUMMY; else if( mode == CIPHER_MODE_AUTO_CFB ) { + #warning Remove this code and the AUTO:CFB macro. if( algo >= 100 ) hd->mode = CIPHER_MODE_CFB; else diff --git a/cipher/rndw32.c b/cipher/rndw32.c new file mode 100644 index 000000000..032d666ad --- /dev/null +++ b/cipher/rndw32.c @@ -0,0 +1,265 @@ +/* rndw32.c - interface to the Winseed DLL + * Copyright (C) 1999 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ + +#include +#include +#include +#include +#include +#include + +#include + +#include "types.h" +#include "util.h" +#include "dynload.h" + + +#ifdef IS_MODULE + #define _(a) (a) +#else + #include "i18n.h" +#endif + + +#define WIN32_SLOW_SEEDER 0 +#define WIN32_FAST_SEEDER 1 + +#define PCP_SUCCESS 0 +#define PCP_NULL_POINTER 1 +#define PCP_SEEDER_FAILED 2 +#define PCP_SEEDER_NO_MEM 3 +#define PCP_SEEDER_TOO_SMALL 4 +#define PCP_DLL_LOAD_FAILED 5 +#define PCP_UNKNOWN_PLATFORM 6 +#define PCP_ERROR_VERSION 7 +#define PCP_DLL_FUNC 8 +#define PCP_UNKNOWN_SEEDER_TYPE 9 + +typedef void *WIN32_SEEDER; + +static WIN32_SEEDER (WINAPI *create_instance)( byte type, unsigned int *reason); +static void (WINAPI *delete_instance)( WIN32_SEEDER that ); +static unsigned int (WINAPI *get_internal_seed_size)( WIN32_SEEDER that ); +static void (WINAPI *set_internal_seed_size)( WIN32_SEEDER that, + unsigned int new_size); +static unsigned int (WINAPI *get_expected_seed_size)( WIN32_SEEDER that); +static unsigned int (WINAPI *get_seed)( WIN32_SEEDER that, byte *buffer, + unsigned int *desired_length); + +static WIN32_SEEDER slow_seeder, fast_seeder; +static byte *entropy_buffer; +static size_t entropy_buffer_size; + +static char *entropy_dll; + +/**************** + * Load and initialize the winseed DLL + * NOTE: winseed is not part of the GnuPG distribution. It should be available + * at the GNU crypto FTP server site. + * We do not load the DLL on demand to have a better control over the + * location of the library. + */ +static void +load_and_init_winseed( void ) +{ + int hInstance; + void *addr; + unsigned int reason = 0; + unsigned int n1, n2; + const char *dllname = entropy_dll? entropy_dll : "c:/gnupg/entropy.dll"; + + hInstance = LoadLibrary( dllname ); + if( !hInstance ) + goto failure; + if( !(addr = GetProcAddress( hInstance, "WS_create_instance" )) ) + goto failure; + create_instance = addr; + if( !(addr = GetProcAddress( hInstance, "WS_delete_instance" )) ) + goto failure; + delete_instance = addr; + if( !(addr = GetProcAddress( hInstance, "WS_get_internal_seed_size" )) ) + goto failure; + get_internal_seed_size = addr; + if( !(addr = GetProcAddress( hInstance, "WS_set_internal_seed_size" )) ) + goto failure; + set_internal_seed_size = addr; + if( !(addr = GetProcAddress( hInstance, "WS_get_expected_seed_size" )) ) + goto failure; + get_expected_seed_size = addr; + if( !(addr = GetProcAddress( hInstance, "WS_get_seed" )) ) + goto failure; + get_seed = addr; + + /* we have all the functions - init the system */ + slow_seeder = create_instance( WIN32_SLOW_SEEDER, &reason); + if( !slow_seeder ) { + g10_log_fatal("error creating winseed slow seeder: rc=%u\n", reason ); + goto failure; + } + fast_seeder = create_instance( WIN32_FAST_SEEDER, &reason); + if( !fast_seeder ) { + g10_log_fatal("error creating winseed fast seeder: rc=%u\n", reason ); + goto failure; + } + g10_log_info("slow and fast seeders created.\n"); + n1 = get_internal_seed_size( slow_seeder ); + g10_log_info("slow buffer size=%u\n", n1); + n2 = get_internal_seed_size( fast_seeder ); + g10_log_info("fast buffer size=%u\n", n2); + + entropy_buffer_size = n1 > n2? n1: n2; + entropy_buffer = m_alloc( entropy_buffer_size ); + g10_log_info("using a buffer of size=%u\n", entropy_buffer_size ); + + return; + + failure: + g10_log_fatal("error loading winseed DLL `%s'\n", dllname ); +} + + + + + +/* Note: we always use the highest level. + * TO boost the performance we may want to add some + * additional code for level 1 + */ +static int +gather_random( void (*add)(const void*, size_t, int), int requester, + size_t length, int level ) +{ + unsigned int result; + unsigned int nbytes; + + if( !slow_seeder ) + load_and_init_winseed(); + + /* Our estimation on how much entropy we should use is very vague. + * Winseed delivers some amount of entropy on each slow poll and + * we add it to our random pool. Depending on the required quality + * level we adjust the requested length so that for higer quality + * we make sure to add more entropy to our pool. However, as we don't + * like to waste any entropy collected by winseed, we always add + * at least everything we got from winseed. + */ + if( level > 1 ) + length *= 100; + else if( level > 0 ) + length *= 10; + + for(;;) { + nbytes = entropy_buffer_size; + result = get_seed( slow_seeder, entropy_buffer, &nbytes); + if( result ) { + g10_log_fatal("rndw32: get_seed(slow) failed: rc=%u\n", result); + return -1; /* actually never reached */ + } + g10_log_info("rndw32: slow poll level %d, need %u, got %u\n", + level, (unsigned int)length, (unsigned int)nbytes ); + (*add)( entropy_buffer, nbytes, requester ); + if( length <= nbytes ) + return 0; /* okay */ + length -= nbytes; + g10_log_info("rndw32: need more\n"); + } +} + +static int +gather_random_fast( void (*add)(const void*, size_t, int), int requester ) +{ + unsigned int result; + unsigned int nbytes; + + if( !fast_seeder ) + load_and_init_winseed(); + + /* winseed delivers a constant ammount of entropy for a fast + * poll. We can simply use this and add it to the pool; no need + * a loop like it is used in the slow poll */ + nbytes = entropy_buffer_size; + result = get_seed( fast_seeder, entropy_buffer, &nbytes); + if( result ) { + g10_log_fatal("rndw32: get_seed(fast) failed: rc=%u\n", result); + return -1; /* actually never reached */ + } + /*g10_log_info("rndw32: fast poll got %u\n", (unsigned int)nbytes );*/ + (*add)( entropy_buffer, nbytes, requester ); + return 0; +} + + + +#ifndef IS_MODULE +static +#endif +const char * const gnupgext_version = "RNDW32 ($Revision$)"; + +static struct { + int class; + int version; + void *func; +} func_table[] = { + { 40, 1, gather_random }, + { 41, 1, gather_random_fast }, +}; + + +#ifndef IS_MODULE +static +#endif +void * +gnupgext_enum_func( int what, int *sequence, int *class, int *vers ) +{ + void *ret; + int i = *sequence; + + do { + if ( i >= DIM(func_table) || i < 0 ) { + return NULL; + } + *class = func_table[i].class; + *vers = func_table[i].version; + ret = func_table[i].func; + i++; + } while ( what && what != *class ); + + *sequence = i; + return ret; +} + +#ifdef USE_STATIC_RNDW32 +void +rndw32_set_dll_name( const char *name ) +{ + entropy_dll = m_strdup( name ); +} +#endif + +#ifndef IS_MODULE +void +rndw32_constructor(void) +{ + register_internal_cipher_extension( gnupgext_version, + gnupgext_enum_func ); +} +#endif + diff --git a/g10/ChangeLog b/g10/ChangeLog index a614d0f25..32d5f36a4 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,13 @@ +Sat Sep 18 12:16:08 CEST 1999 Werner Koch + + + * filter.h: Changed cipher handle types to the the GCRY_xxx ones. + replaces include cipher by system header include gcrypt.h. + * cipher.c: replaced the cipher functions by the gcry_ ones. + Ditto for the md functions. + + * misc.c (map_gcry_rc): New. + Fri Sep 17 12:56:42 CEST 1999 Werner Koch diff --git a/g10/cipher.c b/g10/cipher.c index 0de2a9d90..e458a807c 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -44,40 +44,58 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) PACKET pkt; PKT_encrypted ed; byte temp[18]; - unsigned blocksize; + int blocksize; unsigned nprefix; int use_mdc = opt.force_mdc; + int rc; memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; ed.new_ctb = !ed.len && !opt.rfc1991; if( use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; - cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 ); - md_start_debug( cfx->mdc_hash, "mdccreat" ); + cfx->mdc_hash = gcry_md_open( DIGEST_ALGO_SHA1, 0 ); + /*md_start_debug( cfx->mdc_hash, "mdccreat" );*/ } init_packet( &pkt ); pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; pkt.pkt.encrypted = &ed; if( build_packet( a, &pkt )) log_bug("build_packet(ENCR_DATA) failed\n"); - blocksize = cipher_get_blocksize( cfx->dek->algo ); + blocksize = gcry_cipher_get_algo_blklen( cfx->dek->algo ); if( blocksize < 8 || blocksize > 16 ) - log_fatal("unsupported blocksize %u\n", blocksize ); + log_fatal("unsupported blocksize %d\n", blocksize ); nprefix = blocksize; randomize_buffer( temp, nprefix, 1 ); temp[nprefix] = temp[nprefix-2]; temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); - cfx->cipher_hd = cipher_open( cfx->dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); + if( gcry_cipher_open( &cfx->cipher_hd, + cfx->dek->algo, + CIPHER_MODE_CFB, + GCRY_CIPHER_SECURE + | (cfy->dek->algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC) ) + ) { + /* we should never get an error here cause we already checked, that + * the algorithm is available. */ + BUG(); + } + /* log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/ - cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); - cipher_setiv( cfx->cipher_hd, NULL, 0 ); + rc = gcry_cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); + if( !rc ) + rc = gcry_cipher_setiv( cfx->cipher_hd, NULL, 0 ); + if( rc ) + log_fatal("set key or IV failed: %s\n", gcry_strerror(rc) ); /* log_hexdump( "prefix", temp, nprefix+2 ); */ if( cfx->mdc_hash ) - md_write( cfx->mdc_hash, temp, nprefix+2 ); - cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2); - cipher_sync( cfx->cipher_hd ); + gcry_md_write( cfx->mdc_hash, temp, nprefix+2 ); + rc = cipher_encrypt( cfx->cipher_hd, temp, nprefix+2, NULL, 0 ); + if( !rc ) + rc = gcry_cipher_sync( cfx->cipher_hd ); + if( rc ) + log_fatal("encrypt failed: %s\n", gcry_strerror(rc) ); iobuf_write(a, temp, nprefix+2); cfx->header=1; } @@ -104,23 +122,26 @@ cipher_filter( void *opaque, int control, write_header( cfx, a ); } if( cfx->mdc_hash ) - md_write( cfx->mdc_hash, buf, size ); - cipher_encrypt( cfx->cipher_hd, buf, buf, size); + gcry_md_write( cfx->mdc_hash, buf, size ); + rc = gcry_cipher_encrypt( cfx->cipher_hd, buf, size, NULL, 0); + if( rc ) + log_fatal("encrypt failed: %s\n", gcry_strerror(rc) ); if( iobuf_write( a, buf, size ) ) rc = G10ERR_WRITE_FILE; } else if( control == IOBUFCTRL_FREE ) { if( cfx->mdc_hash ) { byte *hash; - int hashlen = md_digest_length( md_get_algo( cfx->mdc_hash ) ); - md_final( cfx->mdc_hash ); - hash = md_read( cfx->mdc_hash, 0 ); - cipher_encrypt( cfx->cipher_hd, hash, hash, hashlen ); + int hashlen = gcry_md_get_algo_dlen( gcry_md_get_algo( cfx->mdc_hash ) ); + hash = gcry_md_read( cfx->mdc_hash, 0 ); + rc = gcry_cipher_encrypt( cfx->cipher_hd, hash, hashlen, NULL, 0 ); + if( rc ) + log_fatal("encrypt failed: %s\n", gcry_strerror(rc) ); if( iobuf_write( a, hash, hashlen ) ) rc = G10ERR_WRITE_FILE; - md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL; + gcry_md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL; } - cipher_close(cfx->cipher_hd); + gcry_cipher_close(cfx->cipher_hd); } else if( control == IOBUFCTRL_DESC ) { *(char**)buf = "cipher_filter"; diff --git a/g10/encr-data.c b/g10/encr-data.c index 0593efe97..0b3accf56 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -23,6 +23,7 @@ #include #include #include +#include #include "util.h" #include "memory.h" #include "packet.h" @@ -38,8 +39,8 @@ static int mdc_decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len); typedef struct { - CIPHER_HANDLE cipher_hd; - MD_HANDLE mdc_hash; + GCRY_CIPHER_HD cipher_hd; + GCRY_MD_HD mdc_hash; char defer[20]; int defer_filled; int eof_seen; @@ -55,27 +56,28 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) decode_filter_ctx_t dfx; byte *p; int rc=0, c, i; + int algo_okay; byte temp[32]; - unsigned blocksize; + int blocksize; unsigned nprefix; memset( &dfx, 0, sizeof dfx ); - if( opt.verbose ) { - const char *s = cipher_algo_to_string( dek->algo ); - if( s ) - log_info(_("%s encrypted data\n"), s ); - else + if( gcry_cipher_test_algo( dek->algo ) ) { + if( opt.verbose ) log_info(_("encrypted with unknown algorithm %d\n"), dek->algo ); - } - if( (rc=check_cipher_algo(dek->algo)) ) + rc = G10ERR_CIPHER_ALGO; goto leave; - blocksize = cipher_get_blocksize(dek->algo); - if( !blocksize || blocksize > 16 ) + } + if( opt.verbose ) + log_info(_("%s encrypted data\n"), gcry_cipher_algo_name( dek->algo ) ); + + blocksize = gcry_cipher_get_blklen( dek->algo ); + if( blocksize < 1 || blocksize > 16 ) log_fatal("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; if( ed->len && ed->len < (nprefix+2) ) BUG(); - +--> We are currently working HERE!!!! if( ed->mdc_method ) dfx.mdc_hash = md_open( ed->mdc_method, 0 ); dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); diff --git a/g10/filter.h b/g10/filter.h index 86a8e45b8..02e4e2ed6 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -20,12 +20,13 @@ #ifndef G10_FILTER_H #define G10_FILTER_H +#include + #include "types.h" -#include "cipher.h" typedef struct { - MD_HANDLE md; /* catch all */ - MD_HANDLE md2; /* if we want to calculate an alternate hash */ + GCRY_MD_HD md; /* catch all */ + GCRY_MD_HD md2; /* if we want to calculate an alternate hash */ size_t maxbuf_size; } md_filter_context_t; @@ -76,9 +77,9 @@ typedef struct { typedef struct { DEK *dek; u32 datalen; - CIPHER_HANDLE cipher_hd; + GCRY_CIPHER_HD cipher_hd; int header; - MD_HANDLE mdc_hash; + GCRY_MD_HD mdc_hash; } cipher_filter_context_t; @@ -91,7 +92,7 @@ typedef struct { int truncated; /* number of truncated lines */ int not_dash_escaped; int escape_from; - MD_HANDLE md; + GCRY_MD_HD md; int pending_lf; int pending_esc; } text_filter_context_t; @@ -119,7 +120,7 @@ int cipher_filter( void *opaque, int control, /*-- textfilter.c --*/ int text_filter( void *opaque, int control, IOBUF chain, byte *buf, size_t *ret_len); -int copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md, +int copy_clearsig_text( IOBUF out, IOBUF inp, GCRY_MD_HD md, int escape_dash, int escape_from, int pgp2mode ); diff --git a/g10/misc.c b/g10/misc.c index 3f18183b5..61f104a01 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -253,3 +253,15 @@ print_digest_algo_note( int algo ) +/**************** + * Map errors retuned by libgcrypt to those used by GnuPG. + */ +int +map_gcry_rc( int rc ) +{ + switch( rc ) { + case 0: return 0; + default: return G10ERR_GENERAL; + } +} +