security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

Verify created signatures.

Browse Source
This commit is contained in:
Werner Koch 2001-03-24 16:29:31 +00:00
parent f3b2ef0b93
commit 3b866e74a8
11 changed files with 73 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
TODO
View File

@ -1,4 +1,7 @@
* Check that no secret temporary results are stored in the result parameter
of the mpi functions. We have already done this for mpi-mul.c
* Dlopen does not yet work under W32. * Dlopen does not yet work under W32.
* check whether we can remove all the expire stuff in trustdb because this * check whether we can remove all the expire stuff in trustdb because this
@ -42,6 +45,8 @@
* Add an is_valid flag to each user ID. * Add an is_valid flag to each user ID.
* Make --pipemode work.
Scheduled for 1.1 Scheduled for 1.1
----------------- -----------------
* David C Niemi pointed out that the code for --no-default-keyring does not * David C Niemi pointed out that the code for --no-default-keyring does not

4
doc/ChangeLog
View File

@ -1,3 +1,7 @@
2001-03-23 Werner Koch <wk@gnupg.org>
* DETAILS: New status UNEXPECTED.
2001-03-13 Werner Koch <wk@gnupg.org> 2001-03-13 Werner Koch <wk@gnupg.org>
* gpg.sgml: Described --fixed-list-mode. * gpg.sgml: Described --fixed-list-mode.

5
doc/DETAILS
View File

@ -119,6 +119,11 @@ more arguments in future versions.
3 - Invalid packet found, this may indicate a non OpenPGP message. 3 - Invalid packet found, this may indicate a non OpenPGP message.
You may see more than one of these status lines. You may see more than one of these status lines.
UNEXPECTED <what>
Unexpected data has been encountered
0 - not further specified 1
TRUST_UNDEFINED TRUST_UNDEFINED
TRUST_NEVER TRUST_NEVER
TRUST_MARGINAL TRUST_MARGINAL

9
g10/ChangeLog
View File

@ -1,3 +1,12 @@
2001-03-24 Werner Koch <wk@gnupg.org>
* sign.c (do_sign): Verify the signature right after creation.
2001-03-23 Werner Koch <wk@gnupg.org>
* status.c, status.h (STATUS_UNEXPECTED): New.
* mainproc.c (do_proc_packets): And emit it here.
2001-03-21 Werner Koch <wk@gnupg.org> 2001-03-21 Werner Koch <wk@gnupg.org>
* status.c: Add sys/types.h so that it runs on Ultrix. Reported * status.c: Add sys/types.h so that it runs on Ultrix. Reported

2
g10/mainproc.c
View File

@ -1067,6 +1067,7 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_PUBKEY_ENC: case PKT_PUBKEY_ENC:
case PKT_ENCRYPTED: case PKT_ENCRYPTED:
case PKT_ENCRYPTED_MDC: case PKT_ENCRYPTED_MDC:
write_status_text( STATUS_UNEXPECTED, "0" );
rc = G10ERR_UNEXPECTED; rc = G10ERR_UNEXPECTED;
goto leave; goto leave;
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;
@ -1082,6 +1083,7 @@ do_proc_packets( CTX c, IOBUF a )
case PKT_PUBLIC_KEY: case PKT_PUBLIC_KEY:
case PKT_SECRET_KEY: case PKT_SECRET_KEY:
case PKT_USER_ID: case PKT_USER_ID:
write_status_text( STATUS_UNEXPECTED, "0" );
rc = G10ERR_UNEXPECTED; rc = G10ERR_UNEXPECTED;
goto leave; goto leave;
case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break;

2
g10/pipemode.c
View File

@ -108,7 +108,7 @@ pipemode_filter( void *opaque, int control,
/* FIXME: we have to make sure that we have a large enough /* FIXME: we have to make sure that we have a large enough
* buffer for a control packet even after we already read * buffer for a control packet even after we already read
* something. The easest way to do this is probably by ungetting * something. The easest way to do this is probably by ungetting
* the control sequenceand and returning the buffer we have * the control sequence and returning the buffer we have
* already assembled */ * already assembled */
int c = iobuf_get (a); int c = iobuf_get (a);
if (c == -1) { if (c == -1) {

25
g10/sign.c
View File

@ -132,6 +132,27 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
digest_algo, mpi_get_nbits(sk->skey[0]), 0 ); digest_algo, mpi_get_nbits(sk->skey[0]), 0 );
rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey ); rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey );
mpi_free(frame); mpi_free(frame);
if (!rc) {
/* check that the signature verification worked and nothing is
* fooling us e.g. by a bug in the signature create
* code or by deliberately introduced faults. */
PKT_public_key *pk = m_alloc_clear (sizeof *pk);
if( get_pubkey( pk, sig->keyid ) )
rc = G10ERR_NO_PUBKEY;
else {
frame = encode_md_value (pk->pubkey_algo, md,
sig->digest_algo,
mpi_get_nbits(pk->pkey[0]), 0);
rc = pubkey_verify (pk->pubkey_algo, frame, sig->data, pk->pkey,
NULL, NULL );
mpi_free (frame);
}
if (rc)
log_error (_("checking created signature failed: %s\n"),
g10_errstr (rc));
free_public_key (pk);
}
if( rc ) if( rc )
log_error(_("signing failed: %s\n"), g10_errstr(rc) ); log_error(_("signing failed: %s\n"), g10_errstr(rc) );
else { else {
@ -154,10 +175,6 @@ complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md )
if( !(rc=check_secret_key( sk, 0 )) ) if( !(rc=check_secret_key( sk, 0 )) )
rc = do_sign( sk, sig, md, 0 ); rc = do_sign( sk, sig, md, 0 );
/* fixme: should we check whether the signature is okay?
* maybe by using an option */
return rc; return rc;
} }

1
g10/status.c
View File

@ -139,6 +139,7 @@ get_status_string ( int no )
case STATUS_END_STREAM : s = "END_STREAM"; break; case STATUS_END_STREAM : s = "END_STREAM"; break;
case STATUS_KEY_CREATED : s = "KEY_CREATED"; break; case STATUS_KEY_CREATED : s = "KEY_CREATED"; break;
case STATUS_USERID_HINT : s = "USERID_HINT"; break; case STATUS_USERID_HINT : s = "USERID_HINT"; break;
case STATUS_UNEXPECTED : s = "UNEXPECTED"; break;
default: s = "?"; break; default: s = "?"; break;
} }
return s; return s;

2
g10/status.h
View File

@ -89,7 +89,7 @@
#define STATUS_END_STREAM 57 #define STATUS_END_STREAM 57
#define STATUS_KEY_CREATED 58 #define STATUS_KEY_CREATED 58
#define STATUS_USERID_HINT 59 #define STATUS_USERID_HINT 59
#define STATUS_UNEXPECTED 60
/*-- status.c --*/ /*-- status.c --*/
void set_status_fd ( int fd ); void set_status_fd ( int fd );

5
mpi/ChangeLog
View File

@ -1,3 +1,8 @@
2001-03-24 Werner Koch <wk@gnupg.org>
* mpi-mul.c (mpi_mul): Make sure that secret temporary results are
not stored in w. Suggested by Florian Weimer.
2001-03-18 Werner Koch <wk@gnupg.org> 2001-03-18 Werner Koch <wk@gnupg.org>
* config.links (mpi_sflags): Use i386 code for i386. According to * config.links (mpi_sflags): Use i386 code for i386. According to

21
mpi/mpi-mul.c
View File

@ -120,6 +120,7 @@ mpi_mul( MPI w, MPI u, MPI v)
int assign_wp=0; int assign_wp=0;
mpi_ptr_t tmp_limb=NULL; mpi_ptr_t tmp_limb=NULL;
if( u->nlimbs < v->nlimbs ) { /* Swap U and V. */ if( u->nlimbs < v->nlimbs ) { /* Swap U and V. */
usize = v->nlimbs; usize = v->nlimbs;
usign = v->sign; usign = v->sign;
@ -145,7 +146,15 @@ mpi_mul( MPI w, MPI u, MPI v)
/* Ensure W has space enough to store the result. */ /* Ensure W has space enough to store the result. */
wsize = usize + vsize; wsize = usize + vsize;
if( w->alloced < wsize ) { if ( !mpi_is_secure (w) && (mpi_is_secure (u) || mpi_is_secure (v)) ) {
/* w is not allocated in secure space but u or v is. To make sure
* that no temporray results are stored in w, we temporary use
* a newly allocated limb space for w */
wp = mpi_alloc_limb_space( wsize, 1 );
assign_wp = 2; /* mark it as 2 so that we can later copy it back to
* mormal memory */
}
else if( w->alloced < wsize ) {
if( wp == up || wp == vp ) { if( wp == up || wp == vp ) {
wp = mpi_alloc_limb_space( wsize, mpi_is_secure(w) ); wp = mpi_alloc_limb_space( wsize, mpi_is_secure(w) );
assign_wp = 1; assign_wp = 1;
@ -180,8 +189,16 @@ mpi_mul( MPI w, MPI u, MPI v)
wsize -= cy? 0:1; wsize -= cy? 0:1;
} }
if( assign_wp ) if( assign_wp ) {
if (assign_wp == 2) {
/* copy the temp wp from secure memory back to normal memory */
mpi_ptr_t tmp_wp = mpi_alloc_limb_space (wsize, 0);
MPN_COPY (tmp_wp, wp, wsize);
mpi_free_limb_space (wp);
wp = tmp_wp;
}
mpi_assign_limb_space( w, wp, wsize ); mpi_assign_limb_space( w, wp, wsize );
}
w->nlimbs = wsize; w->nlimbs = wsize;
w->sign = sign_product; w->sign = sign_product;
if( tmp_limb ) if( tmp_limb )