security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-02 12:01:32 +01:00
Code Activity

fixed last passphrase bug

Browse Source
This commit is contained in:
Werner Koch 1998-05-03 19:35:33 +00:00
parent 1d4718a1a6
commit 2cd12c5c8f
13 changed files with 60 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
NEWS
View File

@ -1,3 +1,16 @@
Noteworthy changes in version 0.2.??
------------------------------------
* Comment packets are now of private type 61.
* passphrase code still used a 160 bit blowfish key, add a
silly workaround. Please change your passphrase again - sorry.
* Conventional encryption now uses a type 3 packet to describe the
used algorithms.
Noteworthy changes in version 0.2.16
------------------------------------

2
TODO
View File

@ -49,5 +49,3 @@
* add multi-user-id-sigs handling to import.c
* add tag 3 packet support to "-c"

5
g10/ChangeLog
View File

@ -1,3 +1,8 @@
Sun May 3 17:50:26 1998 Werner Koch (wk@isil.d.shuttle.de)
* packet.h (PKT_OLD_COMMENT): New name for type 16.
* parse-packet.c (parse_comment): Now uses type 61
Fri May 1 12:44:39 1998 Werner Koch,mobil,,, (wk@tobold)
* packet.h (count): Chnaged s2k count from byte to u32.

4
g10/build-packet.c
View File

@ -68,6 +68,8 @@ build_packet( IOBUF out, PACKET *pkt )
if( DBG_PACKET )
log_debug("build_packet() type=%d\n", pkt->pkttype );
if( pkt->pkttype == PKT_OLD_COMMENT )
pkt->pkttype = PKT_COMMENT;
assert( pkt->pkt.generic );
if( pkt->pkttype > 15 ) /* new format */
ctb = 0xc0 | (pkt->pkttype & 0x3f);
@ -109,7 +111,7 @@ build_packet( IOBUF out, PACKET *pkt )
break;
case PKT_RING_TRUST:
default:
log_bug("invalid packet type in build_packet()");
log_bug("invalid packet type in build_packet()\n");
break;
}

2
g10/keydb.h
View File

@ -97,7 +97,7 @@ int build_skc_list( STRLIST locusr, SKC_LIST *ret_skc_list,
/*-- passphrase.h --*/
void set_passphrase_fd( int fd );
int get_passphrase_fd(void);
DEK *get_passphrase_hash( u32 *keyid, char *text, STRING2KEY *s2k );
DEK *get_passphrase_hash( u32 *keyid, int cipher_algo, STRING2KEY *s2k );
int make_dek_from_passphrase( DEK *dek, int mode, STRING2KEY *s2k );
/*-- getkey.c --*/

2
g10/keygen.c
View File

@ -532,7 +532,7 @@ generate_keypair()
for(;;) {
dek->algo = CIPHER_ALGO_BLOWFISH;
s2k->mode = 1;
s2k->hash_algo = DIGESTA_ALGO_RMD160;
s2k->hash_algo = DIGEST_ALGO_RMD160;
rc = make_dek_from_passphrase( dek , 2, s2k );
if( rc == -1 ) {
m_free(dek); dek = NULL;

5
g10/ks-proto.c
View File

@ -25,15 +25,16 @@
#include "util.h"
#include "ks-proto.h"
#if 0
/****************
* Read a protocol line
*/
static int
read_line( FILE *fp )
{
return -1;
}
#endif

3
g10/packet.h
View File

@ -49,7 +49,8 @@ typedef enum {
PKT_RING_TRUST =12, /* keyring trust packet */
PKT_USER_ID =13, /* user id packet */
PKT_PUBKEY_SUBCERT=14, /* subkey certificate (OpenPGP) */
PKT_COMMENT =16 /* new comment packet (OpenPGP) */
PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */
PKT_COMMENT =61 /* new comment packet (private) */
} pkttype_t;
typedef struct packet_struct PACKET;

10
g10/parse-packet.c
View File

@ -303,6 +303,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
case PKT_USER_ID:
rc = parse_user_id(inp, pkttype, pktlen, pkt );
break;
case PKT_OLD_COMMENT:
case PKT_COMMENT:
rc = parse_comment(inp, pkttype, pktlen, pkt);
break;
@ -838,10 +839,10 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
version = iobuf_get_noeof(inp); pktlen--;
if( pkttype == PKT_PUBKEY_SUBCERT && version == '#' ) {
/* early versions of G10 use old comments packets; luckily all those
* comments are started by a hash */
/* early versions of G10 use old PGP comments packets;
* luckily all those comments are started by a hash */
if( list_mode ) {
printf(":old comment packet: \"" );
printf(":rfc1991 comment packet: \"" );
for( ; pktlen; pktlen-- ) {
int c;
c = iobuf_get_noeof(inp);
@ -1267,7 +1268,8 @@ parse_comment( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
if( list_mode ) {
int n = packet->pkt.comment->len;
printf(":comment packet: \"");
printf(":%scomment packet: \"", pkttype == PKT_OLD_COMMENT?
"OpenPGP draft " : "" );
for(p=packet->pkt.comment->data; n; p++, n-- ) {
if( *p >= ' ' && *p <= 'z' )
putchar(*p);

16
g10/passphrase.c
View File

@ -33,7 +33,7 @@
static int pwfd = -1;
static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k );
static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create );
void
set_passphrase_fd( int fd )
@ -54,7 +54,7 @@ get_passphrase_fd()
* Returns: m_alloced md5 passphrase hash; caller must free
*/
DEK *
get_passphrase_hash( u32 *keyid, char *text, byte *salt )
get_passphrase_hash( u32 *keyid, int cipher_algo, STRING2KEY *s2k )
{
char *pw;
DEK *dek;
@ -97,9 +97,8 @@ get_passphrase_hash( u32 *keyid, char *text, byte *salt )
tty_kill_prompt();
}
dek = m_alloc_secure( sizeof *dek );
dek->algo = CIPHER_ALGO_BLOWFISH; /* fixme: allow others ciphers */
if( hash_passphrase( dek, pw, salt ) )
log_bug("get_passphrase_hash\n");
dek->algo = cipher_algo;
hash_passphrase( dek, pw, s2k, 0 );
m_free(pw); /* is allocated in secure memory, so it will be burned */
return dek;
}
@ -146,20 +145,19 @@ static void
hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
{
MD_HANDLE md;
int rc = 0;
assert( s2k->hash_algo );
dek->keylen = 0;
md = md_open( s2k->hash_algo, 1);
if( s2k->mode == 1 || s2k->mode == 4 ) {
if( create )
randomize_buffer(&s2k->salt, 8, 1);
randomize_buffer(s2k->salt, 8, 1);
md_write( md, s2k->salt, 8 );
}
md_write( md, pw, strlen(pw) );
md_final( md );
dek->keylen = cipher_get_keylen( dek->algo );
assert(dek->keylen > 0 && dek->keylen < DIM(dek->key) );
dek->keylen = cipher_get_keylen( dek->algo ) / 8;
assert(dek->keylen > 0 && dek->keylen <= DIM(dek->key) );
memcpy( dek->key, md_read(md,0), dek->keylen );
md_close(md);
}

6
g10/ringedit.c
View File

@ -673,11 +673,13 @@ keyring_enum( KBPOS *kbpos, KBNODE *ret_root, int skipsigs )
default:
/* skip pakets at the beginning of a keyring, until we find
* a start packet; issue a warning if it is not a comment */
if( !root && pkt->pkttype != PKT_COMMENT )
if( !root && pkt->pkttype != PKT_COMMENT
&& pkt->pkttype != PKT_OLD_COMMENT )
log_info("keyring_enum: skipped packet of type %d\n",
pkt->pkttype );
if( !root || (skipsigs && ( pkt->pkttype == PKT_SIGNATURE
||pkt->pkttype == PKT_COMMENT )) ) {
||pkt->pkttype == PKT_COMMENT
||pkt->pkttype == PKT_OLD_COMMENT )) ) {
init_packet(pkt);
break;
}

21
g10/seckey-cert.c
View File

@ -54,12 +54,8 @@ do_check( PKT_secret_cert *cert )
case CIPHER_ALGO_BLOWFISH:
case CIPHER_ALGO_CAST:
keyid_from_skc( cert, keyid );
if( cert->protect.s2k.mode == 1 || cert->protect.s2k.mode == 4 )
dek = get_passphrase_hash( keyid, NULL,
cert->protect.s2k.salt );
else
dek = get_passphrase_hash( keyid, NULL, NULL );
dek = get_passphrase_hash( keyid, cert->protect.algo,
&cert->protect.s2k );
cipher_hd = cipher_open( cert->protect.algo,
CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen );
@ -216,11 +212,22 @@ check_secret_key( PKT_secret_cert *cert )
for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) {
if( i )
log_error("Invalid passphrase; please try again ...\n");
log_error("Invalid passphrase; please try again ...\n\n");
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL:
case PUBKEY_ALGO_DSA:
rc = do_check( cert );
if( rc == G10ERR_BAD_PASS && cert->is_protected
&& cert->protect.algo == CIPHER_ALGO_BLOWFISH ) {
/* Workaround for a bug in 0.2.16 which still used
* a 160 bit key for BLOWFISH. */
log_info("trying workaround for 0.2.16 passphrase bug ...\n");
cert->protect.algo = CIPHER_ALGO_BLOWFISH160;
rc = do_check( cert );
if( rc )
rc = G10ERR_BAD_PASS;
cert->protect.algo = CIPHER_ALGO_BLOWFISH;
}
break;
default: rc = G10ERR_PUBKEY_ALGO;
}

1
g10/sign.c
View File

@ -406,6 +406,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
else {
const char *s = digest_algo_to_string(opt.def_digest_algo);
assert(s);
iobuf_writestr(out, "Hash: " );
iobuf_writestr(out, s );
iobuf_writestr(out, "\n\n" );
}