security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

See ChangeLog: Mon May 17 21:54:43 CEST 1999 Werner Koch

Browse source
This commit is contained in:
Werner Koch 1999-05-17 20:03:24 +00:00
parent a1dcec76c1
commit 3983f30bd2
24 changed files with 378 additions and 182 deletions
Download patch file Download diff file Expand all files Collapse all files

16
g10/ChangeLog
View file

@ -1,3 +1,19 @@
Mon May 17 21:54:43 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* parse-packet.c (parse_encrypted): Support for PKT_ENCRYPTED_MDC.
* build-packet.c (do_encrypted_mdc): Ditto.
* cipher.c (write_header): Add mdc hashing.
(cipher_filter): write out the hash.
* mainproc.c (do_proc_packets): Add PKT_ENCRYPTED_MDC.
* encr-data.c (decrypt_data): Add mdc hashing.
(mdc_decode_filter): New.
* parse-packet.c (parse_sig_subpkt): Fixed stupid bug for subpkt
length calculation
(parse_signature): Fixed even more stupid bug.
Sat May 8 19:28:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* build-packet.c (do_signature): Removed MDC hack.

28
g10/build-packet.c
View file

@ -43,6 +43,7 @@ static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc );
static u32 calc_plaintext( PKT_plaintext *pt );
static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt );
static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed );
static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed );
static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd );
static int do_signature( IOBUF out, int ctb, PKT_signature *sig );
static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops );
@ -74,7 +75,8 @@ build_packet( IOBUF out, PACKET *pkt )
switch( pkt->pkttype ) {
case PKT_OLD_COMMENT: pkt->pkttype = PKT_COMMENT; break;
case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break;
case PKT_ENCRYPTED: new_ctb = pkt->pkt.encrypted->new_ctb; break;
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break;
case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break;
default: break;
}
@ -110,6 +112,9 @@ build_packet( IOBUF out, PACKET *pkt )
case PKT_ENCRYPTED:
rc = do_encrypted( out, ctb, pkt->pkt.encrypted );
break;
case PKT_ENCRYPTED_MDC:
rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted );
break;
case PKT_COMPRESSED:
rc = do_compressed( out, ctb, pkt->pkt.compressed );
break;
@ -171,7 +176,7 @@ write_fake_data( IOBUF out, MPI a )
void *p;
p = mpi_get_opaque( a, &i );
iobuf_write( a, p, i );
iobuf_write( out, p, i );
}
}
@ -508,6 +513,24 @@ do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed )
return rc;
}
static int
do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed )
{
int rc = 0;
u32 n;
assert( ed->mdc_method );
n = ed->len ? (ed->len + 10) : 0;
write_header(out, ctb, n );
iobuf_put(out, 1 ); /* version */
iobuf_put(out, ed->mdc_method );
/* This is all. The caller has to write the real data */
return rc;
}
static int
do_compressed( IOBUF out, int ctb, PKT_compressed *cd )
{
@ -560,6 +583,7 @@ find_subpkt( byte *buffer, sigsubpkttype_t reqtype,
if( buflen < 2 )
break;
n = (( n - 192 ) << 8) + *buffer + 192;
buffer++;
buflen--;
}
if( buflen < n )

25
g10/cipher.c
View file

@ -46,12 +46,18 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
byte temp[18];
unsigned blocksize;
unsigned nprefix;
int use_mdc = opt.force_mdc;
memset( &ed, 0, sizeof ed );
ed.len = cfx->datalen;
ed.new_ctb = !ed.len && !opt.rfc1991;
if( use_mdc ) {
ed.mdc_method = DIGEST_ALGO_SHA1;
cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 );
md_start_debug( cfx->mdc_hash, "mdccreat" );
}
init_packet( &pkt );
pkt.pkttype = PKT_ENCRYPTED;
pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
pkt.pkt.encrypted = &ed;
if( build_packet( a, &pkt ))
log_bug("build_packet(ENCR_DATA) failed\n");
@ -68,6 +74,8 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen );
cipher_setiv( cfx->cipher_hd, NULL, 0 );
/* log_hexdump( "prefix", temp, nprefix+2 ); */
if( cfx->mdc_hash )
md_write( cfx->mdc_hash, temp, nprefix+2 );
cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2);
cipher_sync( cfx->cipher_hd );
iobuf_write(a, temp, nprefix+2);
@ -75,6 +83,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
}
/****************
* This filter is used to en/de-cipher data with a conventional algorithm
*/
@ -94,11 +103,23 @@ cipher_filter( void *opaque, int control,
if( !cfx->header ) {
write_header( cfx, a );
}
if( cfx->mdc_hash )
md_write( cfx->mdc_hash, buf, size );
cipher_encrypt( cfx->cipher_hd, buf, buf, size);
if( iobuf_write( a, buf, size ) )
rc = G10ERR_WRITE_FILE;
}
else if( control == IOBUFCTRL_FREE ) {
if( cfx->mdc_hash ) {
byte *hash;
int hashlen = md_digest_length( md_get_algo( cfx->mdc_hash ) );
md_final( cfx->mdc_hash );
hash = md_read( cfx->mdc_hash, 0 );
cipher_encrypt( cfx->cipher_hd, hash, hash, hashlen );
if( iobuf_write( a, hash, hashlen ) )
rc = G10ERR_WRITE_FILE;
md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL;
}
cipher_close(cfx->cipher_hd);
}
else if( control == IOBUFCTRL_DESC ) {
@ -108,5 +129,3 @@ cipher_filter( void *opaque, int control,
}

1
g10/encode.c
View file

@ -64,6 +64,7 @@ encode_store( const char *filename )
}
static int
encode_simple( const char *filename, int mode )
{

117
g10/encr-data.c
View file

@ -34,13 +34,18 @@
static int decode_filter( void *opaque, int control, IOBUF a,
byte *buf, size_t *ret_len);
static int mdc_decode_filter( void *opaque, int control, IOBUF a,
byte *buf, size_t *ret_len);
typedef struct {
CIPHER_HANDLE cipher_hd;
MD_HANDLE mdc_hash;
char defer[20];
int defer_filled;
int eof_seen;
} decode_filter_ctx_t;
/****************
* Decrypt the data, specified by ED with the key DEK.
*/
@ -49,11 +54,12 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
{
decode_filter_ctx_t dfx;
byte *p;
int rc, c, i;
int rc=0, c, i;
byte temp[32];
unsigned blocksize;
unsigned nprefix;
memset( &dfx, 0, sizeof dfx );
if( opt.verbose ) {
const char *s = cipher_algo_to_string( dek->algo );
if( s )
@ -62,7 +68,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
log_info(_("encrypted with unknown algorithm %d\n"), dek->algo );
}
if( (rc=check_cipher_algo(dek->algo)) )
return rc;
goto leave;
blocksize = cipher_get_blocksize(dek->algo);
if( !blocksize || blocksize > 16 )
log_fatal("unsupported blocksize %u\n", blocksize );
@ -70,14 +76,18 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
if( ed->len && ed->len < (nprefix+2) )
BUG();
if( ed->mdc_method )
dfx.mdc_hash = md_open( ed->mdc_method, 0 );
dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
/* log_hexdump( "thekey", dek->key, dek->keylen );*/
rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
if( rc == G10ERR_WEAK_KEY )
log_info(_("WARNING: message was encrypted with "
"a weak key in the symmetric cipher.\n"));
else if( rc )
else if( rc ) {
log_error("key setup failed: %s\n", g10_errstr(rc) );
goto leave;
}
cipher_setiv( dfx.cipher_hd, NULL, 0 );
@ -97,18 +107,108 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
temp[i] = c;
}
cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2);
if( dfx.mdc_hash )
md_write( dfx.mdc_hash, temp, nprefix+2 );
cipher_sync( dfx.cipher_hd );
p = temp;
/* log_hexdump( "prefix", temp, nprefix+2 ); */
if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
cipher_close(dfx.cipher_hd);
return G10ERR_BAD_KEY;
rc = G10ERR_BAD_KEY;
goto leave;
}
iobuf_push_filter( ed->buf, decode_filter, &dfx );
if( ed->mdc_method )
iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx );
else
iobuf_push_filter( ed->buf, decode_filter, &dfx );
proc_packets( procctx, ed->buf);
ed->buf = NULL;
if( ed->mdc_method && dfx.eof_seen == 2 )
rc = G10ERR_INVALID_PACKET;
else if( ed->mdc_method ) { /* check the mdc */
int datalen = md_digest_length( ed->mdc_method );
md_final( dfx.mdc_hash );
if( datalen != 20
|| memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) )
rc = G10ERR_BAD_SIGN;
log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);
log_hexdump("MDC message :", dfx.defer, 20);
}
leave:
cipher_close(dfx.cipher_hd);
return 0;
md_close( dfx.mdc_hash );
return rc;
}
/* I think we should merge this with cipher_filter */
static int
mdc_decode_filter( void *opaque, int control, IOBUF a,
byte *buf, size_t *ret_len)
{
decode_filter_ctx_t *dfx = opaque;
size_t n, size = *ret_len;
int rc = 0;
int c;
if( control == IOBUFCTRL_UNDERFLOW && dfx->eof_seen ) {
*ret_len = 0;
rc = -1;
}
else if( control == IOBUFCTRL_UNDERFLOW ) {
assert(a);
assert( size > 40 );
/* get at least 20 bytes and put it somewhere ahead in the buffer */
for(n=20; n < 40 ; n++ ) {
if( (c = iobuf_get(a)) == -1 )
break;
buf[n] = c;
}
if( n == 40 ) {
/* we have enough stuff - flush the deferred stuff */
/* (we have asserted that the buffer is large enough */
if( !dfx->defer_filled ) /* the first time */
memcpy(buf, buf+20, 20 );
else
memcpy(buf, dfx->defer, 20 );
/* now fill up */
for(; n < size; n++ ) {
if( (c = iobuf_get(a)) == -1 )
break;
buf[n] = c;
}
/* move the last 20 bytes back to the defer buffer */
/* (okay, we are wasting 20 bytes of supplied buffer) */
n -= 20;
memcpy( dfx->defer, buf+n, 20 );
dfx->defer_filled = 1;
}
else if( !dfx->defer_filled ) { /* eof seen buf empty defer */
/* this is very bad because there is an incomplete hash */
n -= 20;
memcpy(buf, buf+20, n );
dfx->eof_seen = 2; /* eof with incomplete hash */
}
else { /* eof seen */
memcpy(buf, dfx->defer, 20 );
n -= 20;
memcpy( dfx->defer, buf+n, 20 );
dfx->eof_seen = 1; /* normal eof */
}
if( n ) {
cipher_decrypt( dfx->cipher_hd, buf, buf, n);
md_write( dfx->mdc_hash, buf, n );
}
else {
assert( dfx->eof_seen );
rc = -1; /* eof */
}
*ret_len = n;
}
else if( control == IOBUFCTRL_DESC ) {
*(char**)buf = "mdc_decode_filter";
}
return rc;
}
static int
@ -139,4 +239,3 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
return rc;
}

1
g10/filter.h
View file

@ -76,6 +76,7 @@ typedef struct {
u32 datalen;
CIPHER_HANDLE cipher_hd;
int header;
MD_HANDLE mdc_hash;
} cipher_filter_context_t;

49
g10/mainproc.c
View file

@ -1,4 +1,4 @@
/* mainproc.c - handle packets
/* maPPPPinproc.c - handle packets
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
@ -44,7 +44,7 @@
*/
typedef struct mainproc_context *CTX;
struct mainproc_context {
struct mainproc_context *anchor;
struct mainproc_context *anchor; /* may be useful in the future */
PKT_public_key *last_pubkey;
PKT_secret_key *last_seckey;
PKT_user_id *last_user_id;
@ -60,7 +60,6 @@ struct mainproc_context {
IOBUF iobuf; /* used to get the filename etc. */
int trustletter; /* temp usage in list_node */
ulong local_id; /* ditto */
int is_encrypted; /* used to check the MDC */
};
@ -229,7 +228,6 @@ proc_encrypted( CTX c, PACKET *pkt )
int result = 0;
/*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
c->is_encrypted = 1;
if( !c->dek && !c->last_was_session_key ) {
/* assume this is old conventional encrypted data */
c->dek = passphrase_to_dek( NULL,
@ -247,6 +245,12 @@ proc_encrypted( CTX c, PACKET *pkt )
write_status( STATUS_DECRYPTION_OKAY );
if( opt.verbose > 1 )
log_info(_("decryption okay\n"));
if( pkt->pkt.encrypted->mdc_method )
write_status( STATUS_GOODMDC );
}
else if( result == G10ERR_BAD_SIGN ) {
log_error(_("WARNING: encrypted message has been manipulated!\n"));
write_status( STATUS_BADMDC );
}
else {
write_status( STATUS_DECRYPTION_FAILED );
@ -259,6 +263,7 @@ proc_encrypted( CTX c, PACKET *pkt )
}
static void
proc_plaintext( CTX c, PACKET *pkt )
{
@ -353,16 +358,6 @@ proc_compressed( CTX c, PACKET *pkt )
c->last_was_session_key = 0;
}
static int
is_encrypted( CTX c )
{
for( ; c; c = c->anchor ) {
if( c->is_encrypted )
return 1;
}
return 0;
}
/****************
* check the signature
* Returns: 0 = valid signature or an error code
@ -763,7 +758,8 @@ do_proc_packets( CTX c, IOBUF a )
switch( pkt->pkttype ) {
case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
case PKT_ENCRYPTED: proc_encrypted( c, pkt ); break;
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
default: newpkt = 0; break;
}
@ -776,6 +772,7 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_SYMKEY_ENC:
case PKT_PUBKEY_ENC:
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC:
rc = G10ERR_UNEXPECTED;
goto leave;
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
@ -795,7 +792,8 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
case PKT_ENCRYPTED: proc_encrypted( c, pkt ); break;
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
@ -818,7 +816,8 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break;
case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break;
case PKT_ENCRYPTED: proc_encrypted( c, pkt ); break;
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break;
case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break;
case PKT_COMPRESSED: proc_compressed( c, pkt ); break;
case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break;
@ -855,22 +854,6 @@ do_proc_packets( CTX c, IOBUF a )
}
#if 0 /* old MDC hack code preserved to reuse the messages later */
if( !rc ) {
if( opt.verbose )
log_info(_("encrypted message is valid\n"));
write_status( STATUS_GOODMDC );
}
else if( rc == G10ERR_BAD_SIGN ) {
log_error(_("WARNING: encrypted message has been manipulated!\n"));
write_status( STATUS_BADMDC );
}
else {
write_status( STATUS_ERRMDC );
log_error(_("Can't check MDC: %s\n"), g10_errstr(rc) );
}
#endif
static int
check_sig_and_print( CTX c, KBNODE node )
{

9
g10/packet.h
View file

@ -46,7 +46,8 @@ typedef enum {
PKT_USER_ID =13, /* user id packet */
PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */
PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */
PKT_COMMENT =61 /* new comment packet (private) */
PKT_COMMENT =61, /* new comment packet (private) */
PKT_ENCRYPTED_MDC =62, /* test: encrypted data with MDC */
} pkttype_t;
typedef struct packet_struct PACKET;
@ -166,7 +167,8 @@ typedef struct {
typedef struct {
u32 len; /* length of encrypted data */
byte new_ctb;
byte new_ctb; /* uses a new CTB */
byte mdc_method; /* test: > 0: this is is an encrypted_mdc packet */
IOBUF buf; /* IOBUF reference */
} PKT_encrypted;
@ -180,6 +182,7 @@ typedef struct {
char name[1];
} PKT_plaintext;
/* combine all packets into a union */
struct packet_struct {
pkttype_t pkttype;
@ -194,7 +197,7 @@ struct packet_struct {
PKT_comment *comment; /* PKT_COMMENT */
PKT_user_id *user_id; /* PKT_USER_ID */
PKT_compressed *compressed; /* PKT_COMPRESSED */
PKT_encrypted *encrypted; /* PKT_ENCRYPTED */
PKT_encrypted *encrypted; /* PKT_ENCRYPTED[_MDC] */
PKT_plaintext *plaintext; /* PKT_PLAINTEXT */
} pkt;
};

30
g10/parse-packet.c
View file

@ -71,7 +71,6 @@ static int parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
static int parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet, int new_ctb);
static unsigned short
read_16(IOBUF inp)
{
@ -432,6 +431,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
rc = parse_compressed(inp, pkttype, pktlen, pkt, new_ctb );
break;
case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC:
rc = parse_encrypted(inp, pkttype, pktlen, pkt, new_ctb );
break;
default:
@ -852,6 +852,7 @@ parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n )
if( buflen < 2 )
goto too_short;
n = (( n - 192 ) << 8) + *buffer + 192;
buffer++;
buflen--;
}
if( buflen < n )
@ -966,7 +967,7 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
}
if( n ) {
sig->hashed_data = m_alloc( n + 2 );
sig->hashed_data[0] = n << 8;
sig->hashed_data[0] = n >> 8;
sig->hashed_data[1] = n;
if( iobuf_read(inp, sig->hashed_data+2, n ) != n ) {
log_error("premature eof while reading hashed signature data\n");
@ -983,7 +984,7 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
}
if( n ) {
sig->unhashed_data = m_alloc( n + 2 );
sig->unhashed_data[0] = n << 8;
sig->unhashed_data[0] = n >> 8;
sig->unhashed_data[1] = n;
if( iobuf_read(inp, sig->unhashed_data+2, n ) != n ) {
log_error("premature eof while reading unhashed signature data\n");
@ -1536,6 +1537,25 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
ed->len = pktlen;
ed->buf = NULL;
ed->new_ctb = new_ctb;
ed->mdc_method = 0;
if( pkttype == PKT_ENCRYPTED_MDC ) {
/* test: this is the new encrypted_mdc packet */
/* fixme: add some pktlen sanity checks */
int version, method;
version = iobuf_get_noeof(inp); pktlen--;
if( version != 1 ) {
log_error("encrypted_mdc packet with unknown version %d\n",
version);
goto leave;
}
method = iobuf_get_noeof(inp); pktlen--;
if( method != DIGEST_ALGO_SHA1 ) {
log_error("encrypted_mdc does not use SHA1 method\n" );
goto leave;
}
ed->mdc_method = method;
}
if( pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */
log_error("packet(%d) too short\n", pkttype);
skip_rest(inp, pktlen);
@ -1546,6 +1566,8 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
printf(":encrypted data packet:\n\tlength: %lu\n", pktlen);
else
printf(":encrypted data packet:\n\tlength: unknown\n");
if( ed->mdc_method )
printf("\tmdc_method: %d\n", ed->mdc_method );
}
ed->buf = inp;
@ -1555,5 +1577,3 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
return 0;
}