From 3c7368a33d5fe4f7e865e5e320d2d628db4f845b Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 9 Apr 1998 11:19:09 +0000 Subject: [PATCH] new release --- INSTALL | 7 +- NEWS | 2 +- README | 9 +- TODO | 13 +- VERSION | 2 +- checks/defs.inc | 6 +- g10/ChangeLog | 12 + g10/Makefile.am | 1 + g10/Makefile.in | 22 +- g10/import.c | 7 +- g10/main.h | 9 +- g10/rsa.c | 2 +- g10/seckey-cert.c | 350 +++++++++-------------- g10/sign.c | 686 +--------------------------------------------- include/mpi.h | 1 + mpi/ChangeLog | 4 + mpi/mpicoder.c | 20 +- po/ChangeLog | 4 + po/it.po | 217 ++++++++------- 19 files changed, 324 insertions(+), 1050 deletions(-) diff --git a/INSTALL b/INSTALL index 352035609..374e3be03 100644 --- a/INSTALL +++ b/INSTALL @@ -7,6 +7,9 @@ Configure options for GNUPG --with-included-zlib Forces usage of the local zlib sources. Default is to use the (shared) library of the system. +--with-included-gettext Forces usage of the local gettext sources instead of. + the one provided by your system. + --disable-nls Disable NLS support (See ABOUT-NLS) --enable-m-debug Compile with the integrated malloc debugging stuff. @@ -26,8 +29,8 @@ Configure options for GNUPG Problems ======== -If you have compile problems, use the configure options "--with-zlib" and -"--disable-nls" (See ABOUT-NLS). +If you have compile problems, try the configure options "--with-included-zlib" +or "--disable-nls" (See ABOUT-NLS). I cant check all assembler files; so if you have problems assembling them (or the program crashes), simply delete the files in the mpi/ directory. diff --git a/NEWS b/NEWS index e2861de38..6d0200a11 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,7 @@ Noteworthy changes in version 0.2.15 * CAST5 works (using the PGP's special CFB mode). - * Now more PGP 5 compatible. + * Again somewhat more PGP 5 compatible. * Some new test cases diff --git a/README b/README index 664c8a320..e1bc05f63 100644 --- a/README +++ b/README @@ -2,7 +2,7 @@ GNUPG - The GNU Privacy Guard ------------------------------- - THIS IS ALPHA SOFTWARE, EXPECT BUGS AND UNIMPLEMENTED STUFF. + THIS IS ALPHA SOFTWARE, YOU MAY ENCOUNTER SOOME BUGS. On a Linux box (version 2.x.x, alpha or x86 CPU) it should work reliable. You may create your key on such a machine and @@ -19,7 +19,6 @@ verify new releases. Because you verified the tar file containing this file here, you can be sure that the above fingerprint is correct. - Please subscribe to g10@net.lut.ac.uk by sending a mail with the word "subscribe" in the body to "g10-request@net.lut.ac.uk". @@ -31,7 +30,6 @@ the United States until Sep 20, 2000). I'm sorry about this, but this is the world we have created (e.g. by using proprietary software). - Because the OpenPGP standard is still a draft, GNUPG is not yet compatible to it (or PGP 5) - but it will. The data structures used are compatible with PGP 2.x, so it can parse an list such files @@ -215,7 +213,7 @@ "01AB3FED1347A5612" "0x234AABBCC34567C4" - * By a fingerprint (not yet implemented): + * By a fingerprint: "1234343434343434C434343434343434" "123434343434343C3434343434343734349A3434" @@ -268,7 +266,8 @@ ----------- GNUPG returns with an exit status of 1 if in batch mode and a bad signature has been detected or 2 or higher for all other errors. You should parse - stderr to get detailed informations about the errors. + stderr or the output of the fd specified with --status-fd to get detailed + informations about the errors. Esoteric commands diff --git a/TODO b/TODO index a6d5b59ef..0b5d9cfe7 100644 --- a/TODO +++ b/TODO @@ -9,8 +9,6 @@ * enable a SIGSEGV handler while using zlib functions - * complete cipher/cast.c -- have to use the PGP CFBug - * key generation for dsa and subpacket support. * Burn the buffers used by fopen(), or use read(2). @@ -32,11 +30,8 @@ them to your key and because the user id which is signed by others has also be signed by you, all user-ids are bound together. - * add an option to re-create a public key from a secret key - - * cleanup mainproc.c, much stuff is duplicated. - - * remove key management stuff from sign.c. + * add an option to re-create a public key from a secret key. Think about + a backup system of only the secret part of the secret key. * add fingerprint/keyid hashing. We need a new field in PKC to flag that we may have a cached signature for this (and use the address @@ -45,11 +40,7 @@ * change the misleading usage of public key certificate to public key data or something like this. - * seckey_cert.c: merge all the check funtions into one. - * fix the problems with "\v" in gettext * replace getkey.c#enum_secret_keys - - diff --git a/VERSION b/VERSION index ebe5042ff..b005e307c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.2.14b +0.2.15 diff --git a/checks/defs.inc b/checks/defs.inc index fe602a145..aedd4b6f1 100755 --- a/checks/defs.inc +++ b/checks/defs.inc @@ -19,10 +19,8 @@ dsa_usrname2="0xCB879DE9" dsa_keyrings="--keyring ./pubring.pkr --secret-keyring ./secring.skr" -#plain_files="plain-1 plain-2 plain-3" -plain_files="plain-1" -#data_files="data-500 data-9000 data-32000 data-80000" -data_files="data-500" +plain_files="plain-1 plain-2 plain-3" +data_files="data-500 data-9000 data-32000 data-80000" exp_files="" diff --git a/g10/ChangeLog b/g10/ChangeLog index 94617fcc6..792dae02b 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,15 @@ +Thu Apr 9 11:35:22 1998 Werner Koch (wk@isil.d.shuttle.de) + + * seckey-cert.c (do_check): New; combines all the check functions + into one. + + * sign.c: removed all key management functions + * keyedit.c: New. + +Thu Apr 9 09:49:36 1998 Werner Koch (wk@isil.d.shuttle.de) + + * import.c (chk_self_sigs): Changed an error message. + Wed Apr 8 16:19:39 1998 Werner Koch (wk@isil.d.shuttle.de) * packet.h: packet structs now uses structs from the pubkey, diff --git a/g10/Makefile.am b/g10/Makefile.am index ba9ca29df..0f693226d 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -45,6 +45,7 @@ common_source = \ status.c \ status.h \ sign.c \ + keyedit.c \ plaintext.c \ encr-data.c \ encode.c \ diff --git a/g10/Makefile.in b/g10/Makefile.in index b2a106c2b..4b37cc030 100644 --- a/g10/Makefile.in +++ b/g10/Makefile.in @@ -137,6 +137,7 @@ common_source = \ status.c \ status.h \ sign.c \ + keyedit.c \ plaintext.c \ encr-data.c \ encode.c \ @@ -174,9 +175,9 @@ gpg_OBJECTS = g10.o build-packet.o compress.o free-packet.o getkey.o \ pkclist.o skclist.o ringedit.o kbnode.o mainproc.o armor.o mdfilter.o \ textfilter.o cipher.o elg.o dsa.o rsa.o misc.o openfile.o keyid.o \ trustdb.o parse-packet.o passphrase.o pubkey-enc.o seckey-cert.o \ -seskey.o import.o export.o comment.o status.o sign.o plaintext.o \ -encr-data.o encode.o revoke.o keylist.o sig-check.o signal.o verify.o \ -decrypt.o keygen.o +seskey.o import.o export.o comment.o status.o sign.o keyedit.o \ +plaintext.o encr-data.o encode.o revoke.o keylist.o sig-check.o \ +signal.o verify.o decrypt.o keygen.o gpg_LDADD = $(LDADD) gpg_DEPENDENCIES = ../cipher/libcipher.a ../mpi/libmpi.a \ ../util/libutil.a @@ -186,8 +187,8 @@ getkey.o pkclist.o skclist.o ringedit.o kbnode.o mainproc.o armor.o \ mdfilter.o textfilter.o cipher.o elg.o dsa.o rsa.o misc.o openfile.o \ keyid.o trustdb.o parse-packet.o passphrase.o pubkey-enc.o \ seckey-cert.o seskey.o import.o export.o comment.o status.o sign.o \ -plaintext.o encr-data.o encode.o revoke.o keylist.o sig-check.o \ -signal.o +keyedit.o plaintext.o encr-data.o encode.o revoke.o keylist.o \ +sig-check.o signal.o gpgm_DEPENDENCIES = g10maint.o ../cipher/libcipher.a ../mpi/libmpi.a \ ../util/libutil.a gpgm_LDFLAGS = @@ -195,8 +196,9 @@ gpgd_OBJECTS = gpgd.o build-packet.o compress.o free-packet.o getkey.o \ pkclist.o skclist.o ringedit.o kbnode.o mainproc.o armor.o mdfilter.o \ textfilter.o cipher.o elg.o dsa.o rsa.o misc.o openfile.o keyid.o \ trustdb.o parse-packet.o passphrase.o pubkey-enc.o seckey-cert.o \ -seskey.o import.o export.o comment.o status.o sign.o plaintext.o \ -encr-data.o encode.o revoke.o keylist.o sig-check.o signal.o +seskey.o import.o export.o comment.o status.o sign.o keyedit.o \ +plaintext.o encr-data.o encode.o revoke.o keylist.o sig-check.o \ +signal.o gpgd_LDADD = $(LDADD) gpgd_DEPENDENCIES = ../cipher/libcipher.a ../mpi/libmpi.a \ ../util/libutil.a @@ -215,9 +217,9 @@ DEP_FILES = .deps/armor.P .deps/build-packet.P .deps/cipher.P \ .deps/comment.P .deps/compress.P .deps/dearmor.P .deps/decrypt.P \ .deps/dsa.P .deps/elg.P .deps/encode.P .deps/encr-data.P .deps/export.P \ .deps/free-packet.P .deps/g10.P .deps/getkey.P .deps/gpgd.P \ -.deps/import.P .deps/kbnode.P .deps/keygen.P .deps/keyid.P \ -.deps/keylist.P .deps/mainproc.P .deps/mdfilter.P .deps/misc.P \ -.deps/openfile.P .deps/parse-packet.P .deps/passphrase.P \ +.deps/import.P .deps/kbnode.P .deps/keyedit.P .deps/keygen.P \ +.deps/keyid.P .deps/keylist.P .deps/mainproc.P .deps/mdfilter.P \ +.deps/misc.P .deps/openfile.P .deps/parse-packet.P .deps/passphrase.P \ .deps/pkclist.P .deps/plaintext.P .deps/pubkey-enc.P .deps/revoke.P \ .deps/ringedit.P .deps/rsa.P .deps/seckey-cert.P .deps/seskey.P \ .deps/sig-check.P .deps/sign.P .deps/signal.P .deps/skclist.P \ diff --git a/g10/import.c b/g10/import.c index 8e4a54710..874fa8520 100644 --- a/g10/import.c +++ b/g10/import.c @@ -501,8 +501,11 @@ chk_self_sigs( const char *fname, KBNODE keyblock, } rc = check_key_signature( keyblock, n, NULL); if( rc ) { - log_error("%s: key %08lX, invalid self-signature\n", - fname, (ulong)keyid[1]); + log_error( rc == G10ERR_PUBKEY_ALGO ? + "%s: key %08lX, unsupported public key algorithm\n": + "%s: key %08lX, invalid self-signature\n", + fname, (ulong)keyid[1]); + unode->flag |= 2; /* mark as invalid */ } unode->flag |= 1; /* mark that user-id checked */ diff --git a/g10/main.h b/g10/main.h index 82f2373d7..4450849d6 100644 --- a/g10/main.h +++ b/g10/main.h @@ -54,17 +54,20 @@ int encrypt_filter( void *opaque, int control, /*-- sign.c --*/ +int complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md ); int sign_file( STRLIST filenames, int detached, STRLIST locusr, int encrypt, STRLIST remusr, const char *outfile ); int clearsign_file( const char *fname, STRLIST locusr, const char *outfile ); + +/*-- sig-check.c --*/ +int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ); + +/*-- keyedit.c --*/ int sign_key( const char *username, STRLIST locusr ); int edit_keysigs( const char *username ); int delete_key( const char *username, int secure ); int change_passphrase( const char *username ); -/*-- sig-check.c --*/ -int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ); - /*-- keygen.c --*/ void generate_keypair(void); diff --git a/g10/rsa.c b/g10/rsa.c index ceba3fd1f..edecdfb1c 100644 --- a/g10/rsa.c +++ b/g10/rsa.c @@ -1,4 +1,4 @@ -/* rsa.c +/* rsa.c - glue code for RSA cipher * Copyright (C) 1998 Free Software Foundation, Inc. * * This file is part of GNUPG. diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index d0e10b528..942303fa9 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -34,19 +34,19 @@ static int -check_elg( PKT_secret_cert *cert ) +do_check( PKT_secret_cert *cert ) { byte *buffer; u16 csum=0; int res; unsigned nbytes; - u32 keyid[2]; - char save_iv[8]; if( cert->is_protected ) { /* remove the protection */ DEK *dek = NULL; - MPI test_x; + u32 keyid[2]; CIPHER_HANDLE cipher_hd=NULL; + PKT_secret_cert *save_cert; + char save_iv[8]; switch( cert->protect.algo ) { case CIPHER_ALGO_NONE: BUG(); break; @@ -64,63 +64,137 @@ check_elg( PKT_secret_cert *cert ) cipher_setkey( cipher_hd, dek->key, dek->keylen ); cipher_setiv( cipher_hd, NULL ); m_free(dek); /* pw is in secure memory, so m_free() burns it */ + save_cert = copy_secret_cert( NULL, cert ); memcpy(save_iv, cert->protect.iv, 8 ); cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 ); - mpi_set_secure(cert->d.elg.x ); - /*fixme: maybe it is better to set the buffer secure with a - * new get_buffer_secure() function */ - buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL ); - cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); - test_x = mpi_alloc_secure( mpi_get_nlimbs(cert->d.elg.x) ); - mpi_set_buffer( test_x, buffer, nbytes, 0 ); - csum = checksum_mpi( test_x ); - m_free( buffer ); + switch( cert->pubkey_algo ) { + case PUBKEY_ALGO_ELGAMAL: + buffer = mpi_get_secure_buffer( cert->d.elg.x, &nbytes, NULL ); + cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); + mpi_set_buffer( cert->d.elg.x, buffer, nbytes, 0 ); + csum = checksum_mpi( cert->d.elg.x ); + m_free( buffer ); + break; + case PUBKEY_ALGO_DSA: + buffer = mpi_get_secure_buffer( cert->d.dsa.x, &nbytes, NULL ); + cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); + mpi_set_buffer( cert->d.dsa.x, buffer, nbytes, 0 ); + csum = checksum_mpi( cert->d.dsa.x ); + m_free( buffer ); + break; + #ifdef HAVE_RSA_CIPHER + case PUBKEY_ALGO_RSA: + csum = 0; + #define X(a) do { \ + buffer = mpi_get_secure_buffer( cert->d.rsa.##a, \ + &nbytes, NULL ); \ + csum += checksum_u16( nbytes*8 ); \ + cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); \ + csum += checksum( buffer, nbytes ); \ + mpi_set_buffer(cert->d.rsa.##a, buffer, nbytes, 0 ); \ + m_free( buffer ); \ + } while(0) + X(d); + X(p); + X(q); + X(u); + #undef X + break; + #endif /* HAVE_RSA_CIPHER */ + + default: BUG(); + } cipher_close( cipher_hd ); /* now let's see wether we have used the right passphrase */ if( csum != cert->csum ) { - /* very bad kludge to work around an early bug */ - csum -= checksum_u16( mpi_get_nbits(test_x) ); - nbytes = mpi_get_nlimbs(test_x) * 4; - csum += checksum_u16( nbytes*8 ); + if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) { + /* very bad kludge to work around an early bug */ + csum -= checksum_u16( mpi_get_nbits(cert->d.elg.x) ); + nbytes = mpi_get_nlimbs(cert->d.elg.x) * 4; + csum += checksum_u16( nbytes*8 ); + if( !opt.batch && csum == cert->csum ) + log_info("Probably you have an old key - use " + "\"--change-passphrase\" to convert.\n"); + } if( csum != cert->csum ) { - mpi_free(test_x); + copy_secret_cert( cert, save_cert ); + free_secret_cert( save_cert ); memcpy( cert->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } - if( !opt.batch ) + } + + switch( cert->pubkey_algo ) { + case PUBKEY_ALGO_ELGAMAL: + res = elg_check_secret_key( &cert->d.elg ); + break; + case PUBKEY_ALGO_DSA: + res = dsa_check_secret_key( &cert->d.dsa ); + break; + #ifdef HAVE_RSA_CIPHER + case PUBKEY_ALGO_RSA: + res = rsa_check_secret_key( &cert->d.rsa ); + break; + #endif + default: BUG(); + } + if( !res ) { + copy_secret_cert( cert, save_cert ); + free_secret_cert( save_cert ); + memcpy( cert->protect.iv, save_iv, 8 ); + return G10ERR_BAD_PASS; + } + free_secret_cert( save_cert ); + cert->is_protected = 0; + break; + + default: + return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */ + } + } + else { /* not protected */ + switch( cert->pubkey_algo ) { + case PUBKEY_ALGO_ELGAMAL: + csum = checksum_mpi( cert->d.elg.x ); + break; + case PUBKEY_ALGO_DSA: + csum = checksum_mpi( cert->d.dsa.x ); + break; + #ifdef HAVE_RSA_CIPHER + case PUBKEY_ALGO_RSA: + csum =0; + buffer = mpi_get_buffer( cert->d.rsa.rsa_d, &nbytes, NULL ); + csum += checksum_u16( nbytes*8 ); + csum += checksum( buffer, nbytes ); + m_free( buffer ); + buffer = mpi_get_buffer( cert->d.rsa.rsa_p, &nbytes, NULL ); + csum += checksum_u16( nbytes*8 ); + csum += checksum( buffer, nbytes ); + m_free( buffer ); + buffer = mpi_get_buffer( cert->d.rsa.rsa_q, &nbytes, NULL ); + csum += checksum_u16( nbytes*8 ); + csum += checksum( buffer, nbytes ); + m_free( buffer ); + buffer = mpi_get_buffer( cert->d.rsa.rsa_u, &nbytes, NULL ); + csum += checksum_u16( nbytes*8 ); + csum += checksum( buffer, nbytes ); + m_free( buffer ); + break; + #endif + default: BUG(); + } + if( csum != cert->csum ) { + if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) { + /* very bad kludge to work around an early bug */ + csum -= checksum_u16( mpi_get_nbits(cert->d.elg.x) ); + nbytes = mpi_get_nlimbs(cert->d.elg.x) * 4; + csum += checksum_u16( nbytes*8 ); + if( !opt.batch && csum == cert->csum ) log_info("Probably you have an old key - use " "\"--change-passphrase\" to convert.\n"); } - - mpi_swap( cert->d.elg.x, test_x ); - res = elg_check_secret_key( &cert->d.elg ); - mpi_swap( cert->d.elg.x, test_x ); - if( !res ) { - mpi_free(test_x); - memcpy( cert->protect.iv, save_iv, 8 ); - return G10ERR_BAD_PASS; - } - mpi_set(cert->d.elg.x, test_x); - mpi_free(test_x); - cert->is_protected = 0; - break; - - default: - return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */ - } - } - else { /* not protected */ - csum = checksum_mpi( cert->d.elg.x ); - if( csum != cert->csum ) { - /* very bad kludge to work around an early bug */ - csum -= checksum_u16( mpi_get_nbits(cert->d.elg.x) ); - nbytes = mpi_get_nlimbs(cert->d.elg.x) * 4; - csum += checksum_u16( nbytes*8 ); if( csum != cert->csum ) return G10ERR_CHECKSUM; - if( !opt.batch ) - log_info("Probably you have an old key - use " - "\"--change-passphrase\" to convert.\n"); } } @@ -128,171 +202,6 @@ check_elg( PKT_secret_cert *cert ) } -static int -check_dsa( PKT_secret_cert *cert ) -{ - byte *buffer; - u16 csum=0; - int res; - unsigned nbytes; - u32 keyid[2]; - char save_iv[8]; - - if( cert->is_protected ) { /* remove the protection */ - DEK *dek = NULL; - MPI test_x; - CIPHER_HANDLE cipher_hd=NULL; - - switch( cert->protect.algo ) { - case CIPHER_ALGO_NONE: BUG(); break; - case CIPHER_ALGO_BLOWFISH: - case CIPHER_ALGO_CAST: - keyid_from_skc( cert, keyid ); - if( cert->protect.s2k == 1 || cert->protect.s2k == 3 ) - dek = get_passphrase_hash( keyid, NULL, - cert->protect.salt ); - else - dek = get_passphrase_hash( keyid, NULL, NULL ); - - cipher_hd = cipher_open( cert->protect.algo, - CIPHER_MODE_AUTO_CFB, 1); - cipher_setkey( cipher_hd, dek->key, dek->keylen ); - cipher_setiv( cipher_hd, NULL ); - m_free(dek); /* pw is in secure memory, so m_free() burns it */ - memcpy(save_iv, cert->protect.iv, 8 ); - cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 ); - mpi_set_secure(cert->d.dsa.x ); - /*fixme: maybe it is better to set the buffer secure with a - * new get_buffer_secure() function */ - buffer = mpi_get_buffer( cert->d.dsa.x, &nbytes, NULL ); - cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); - test_x = mpi_alloc_secure( mpi_get_nlimbs(cert->d.dsa.x) ); - mpi_set_buffer( test_x, buffer, nbytes, 0 ); - csum = checksum_mpi( test_x ); - m_free( buffer ); - cipher_close( cipher_hd ); - /* now let's see wether we have used the right passphrase */ - if( csum != cert->csum ) { - mpi_free(test_x); - memcpy( cert->protect.iv, save_iv, 8 ); - return G10ERR_BAD_PASS; - } - - mpi_swap( cert->d.dsa.x, test_x ); - res = dsa_check_secret_key( &cert->d.dsa ); - mpi_swap( cert->d.dsa.x, test_x ); - if( !res ) { - mpi_free(test_x); - memcpy( cert->protect.iv, save_iv, 8 ); - return G10ERR_BAD_PASS; - } - mpi_set(cert->d.dsa.x, test_x); - mpi_free(test_x); - cert->is_protected = 0; - break; - - default: - return G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ - } - } - else { /* not protected */ - csum = checksum_mpi( cert->d.dsa.x ); - if( csum != cert->csum ) - return G10ERR_CHECKSUM; - } - - return 0; -} - - - -#ifdef HAVE_RSA_CIPHER -/**************** - * FIXME: fix checksum stuff - */ -static int -check_rsa( PKT_secret_cert *cert ) -{ - byte *buffer; - u16 csum=0; - int res; - unsigned nbytes; - u32 keyid[2]; - - if( cert->is_protected ) { /* remove the protection */ - DEK *dek = NULL; - BLOWFISH_context *blowfish_ctx=NULL; - - switch( cert->protect.algo ) { - /* FIXME: use test variables to check for the correct key */ - case CIPHER_ALGO_NONE: BUG(); break; - case CIPHER_ALGO_BLOWFISH: - keyid_from_skc( cert, keyid ); - dek = get_passphrase_hash( keyid, NULL, NULL ); - blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx ); - blowfish_setkey( blowfish_ctx, dek->key, dek->keylen ); - m_free(dek); /* pw is in secure memory, so m_free() burns it */ - blowfish_setiv( blowfish_ctx, NULL ); - blowfish_decode_cfb( blowfish_ctx, cert->protect.iv, - cert->protect.iv, 8 ); - csum = 0; - #define X(a) do { \ - mpi_set_secure(cert->d.rsa.rsa_##a); \ - buffer = mpi_get_buffer( cert->d.rsa.rsa_##a, &nbytes, NULL );\ - csum += checksum_u16( nbytes*8 ); \ - blowfish_decode_cfb( blowfish_ctx, buffer, buffer, nbytes ); \ - csum += checksum( buffer, nbytes ); \ - mpi_set_buffer(cert->d.rsa.rsa_##a, buffer, nbytes, 0 ); \ - m_free( buffer ); \ - } while(0) - X(d); - X(p); - X(q); - X(u); - #undef X - cert->is_protected = 0; - m_free( blowfish_ctx ); - /* now let's see wether we have used the right passphrase */ - if( csum != cert->csum ) - return G10ERR_BAD_PASS; - - res = rsa_check_secret_key( &cert->d.rsa ); - if( !res ) - return G10ERR_BAD_PASS; - break; - - default: - return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */ - } - } - else { /* not protected */ - csum =0; - buffer = mpi_get_buffer( cert->d.rsa.rsa_d, &nbytes, NULL ); - csum += checksum_u16( nbytes*8 ); - csum += checksum( buffer, nbytes ); - m_free( buffer ); - buffer = mpi_get_buffer( cert->d.rsa.rsa_p, &nbytes, NULL ); - csum += checksum_u16( nbytes*8 ); - csum += checksum( buffer, nbytes ); - m_free( buffer ); - buffer = mpi_get_buffer( cert->d.rsa.rsa_q, &nbytes, NULL ); - csum += checksum_u16( nbytes*8 ); - csum += checksum( buffer, nbytes ); - m_free( buffer ); - buffer = mpi_get_buffer( cert->d.rsa.rsa_u, &nbytes, NULL ); - csum += checksum_u16( nbytes*8 ); - csum += checksum( buffer, nbytes ); - m_free( buffer ); - if( csum != cert->csum ) - return G10ERR_CHECKSUM; - } - - return 0; -} -#endif /*HAVE_RSA_CIPHER*/ - - - /**************** * Check the secret key certificate @@ -307,16 +216,13 @@ check_secret_key( PKT_secret_cert *cert ) for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) { if( i ) log_error("Invalid passphrase; please try again ...\n"); - if( cert->pubkey_algo == PUBKEY_ALGO_ELGAMAL ) - rc = check_elg( cert ); - else if( cert->pubkey_algo == PUBKEY_ALGO_DSA ) - rc = check_dsa( cert ); - #ifdef HAVE_RSA_CIPHER - else if( cert->pubkey_algo == PUBKEY_ALGO_RSA ) - rc = check_rsa( cert ); - #endif - else - rc = G10ERR_PUBKEY_ALGO; + switch( cert->pubkey_algo ) { + case PUBKEY_ALGO_ELGAMAL: + case PUBKEY_ALGO_DSA: + rc = do_check( cert ); + break; + default: rc = G10ERR_PUBKEY_ALGO; + } if( get_passphrase_fd() != -1 ) break; } diff --git a/g10/sign.c b/g10/sign.c index 7e7921034..0fffc5f0b 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -39,9 +39,7 @@ - - -static int +int complete_sig( PKT_signature *sig, PKT_secret_cert *skc, MD_HANDLE md ) { int rc=0; @@ -468,685 +466,3 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) - -static void -show_fingerprint( PKT_public_cert *pkc ) -{ - byte *array, *p; - size_t i, n; - - p = array = fingerprint_from_pkc( pkc, &n ); - tty_printf(" Fingerprint:"); - if( n == 20 ) { - for(i=0; i < n ; i++, i++, p += 2 ) { - if( i == 10 ) - tty_printf(" "); - tty_printf(" %02X%02X", *p, p[1] ); - } - } - else { - for(i=0; i < n ; i++, p++ ) { - if( i && !(i%8) ) - tty_printf(" "); - tty_printf(" %02X", *p ); - } - } - tty_printf("\n"); - m_free(array); -} - - -/**************** - * Ask wether the user is willing to sign the key. Return true if so. - */ -static int -sign_it_p( PKT_public_cert *pkc, PKT_user_id *uid ) -{ - char *answer; - int yes; - - tty_printf("\nAre you really sure that you want so sign this key:\n\n" - "%4u%c/%08lX %s ", - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - (ulong)keyid_from_pkc( pkc, NULL ), - datestr_from_pkc( pkc ) ); - tty_print_string( uid->name, uid->len ); - tty_printf("\n"); - show_fingerprint(pkc); - tty_printf("\n"); - answer = tty_get("Sign this key? "); - tty_kill_prompt(); - yes = answer_is_yes(answer); - m_free(answer); - return yes; -} - - -/**************** - * Check the keysigs and set the flags to indicate errors. - * Usage of nodes flag bits: - * Bit 0 = bad signature - * 1 = no public key - * 2 = other error - * Returns true if error found. - */ -static int -check_all_keysigs( KBNODE keyblock ) -{ - KBNODE kbctx; - KBNODE node; - int rc; - int inv_sigs = 0; - int no_key = 0; - int oth_err = 0; - - for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { - if( node->pkt->pkttype == PKT_SIGNATURE - && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) { - PKT_signature *sig = node->pkt->pkt.signature; - int sigrc; - - tty_printf("sig"); - switch( (rc = check_key_signature( keyblock, node,NULL)) ) { - case 0: node->flag = 0; sigrc = '!'; break; - case G10ERR_BAD_SIGN: inv_sigs++; node->flag = 1; sigrc = '-'; break; - case G10ERR_NO_PUBKEY: no_key++; node->flag = 2; sigrc = '?'; break; - default: oth_err++; node->flag = 4; sigrc = '%'; break; - } - tty_printf("%c %08lX %s ", - sigrc, sig->keyid[1], datestr_from_sig(sig)); - if( sigrc == '%' ) - tty_printf("[%s] ", g10_errstr(rc) ); - else if( sigrc == '?' ) - ; - else { - size_t n; - char *p = get_user_id( sig->keyid, &n ); - tty_print_string( p, n > 40? 40 : n ); - m_free(p); - } - tty_printf("\n"); - /* FIXME: update the trustdb */ - } - } - if( inv_sigs ) - tty_printf("%d bad signatures\n", inv_sigs ); - if( no_key ) - tty_printf("No public key for %d signatures\n", no_key ); - if( oth_err ) - tty_printf("%d signatures not checked due to errors\n", oth_err ); - return inv_sigs || no_key || oth_err; -} - - -/**************** - * Ask and remove invalid signatures are to be removed. - */ -static int -remove_keysigs( KBNODE keyblock, u32 *keyid, int all ) -{ - KBNODE kbctx; - KBNODE node; - char *answer; - int yes; - int count; - - count = 0; - for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { - if( ((node->flag & 7) || all ) - && node->pkt->pkttype == PKT_SIGNATURE - && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) { - PKT_signature *sig = node->pkt->pkt.signature; - - if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { - /* fixme: skip self-sig */ - } - - tty_printf("\n \"%08lX %s ", - sig->keyid[1], datestr_from_sig(sig)); - if( node->flag & 6 ) - tty_printf("[User name not available] "); - else { - size_t n; - char *p = get_user_id( sig->keyid, &n ); - tty_print_string( p, n ); - m_free(p); - } - tty_printf("\"\n"); - if( node->flag & 1 ) - tty_printf("This is a BAD signature!\n"); - else if( node->flag & 2 ) - tty_printf("Public key not available.\n"); - else if( node->flag & 4 ) - tty_printf("The signature could not be checked!\n"); - - if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) - continue; /* do not remove self-signatures */ - - answer = tty_get("\nRemove this signature? "); - tty_kill_prompt(); - if( answer_is_yes(answer) ) { - node->flag |= 128; /* use bit 7 to mark this node */ - count++; - } - m_free(answer); - } - } - - if( !count ) - return 0; /* nothing to remove */ - answer = tty_get("Do you really want to remove the selected signatures? "); - tty_kill_prompt(); - yes = answer_is_yes(answer); - m_free(answer); - if( !yes ) - return 0; - - for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 1)) ; ) { - if( node->flag & 128) - delete_kbnode(node ); - } - - return 1; -} - - -/**************** - * This functions signs the key of USERNAME with all users listed in - * LOCUSR. If LOCUSR is NULL the default secret certificate will - * be used. This works on all keyrings, so there is no armor or - * compress stuff here. - */ -int -sign_key( const char *username, STRLIST locusr ) -{ - md_filter_context_t mfx; - int rc = 0; - SKC_LIST skc_list = NULL; - SKC_LIST skc_rover = NULL; - KBNODE keyblock = NULL; - KBNODE kbctx, node; - KBPOS kbpos; - PKT_public_cert *pkc; - u32 pkc_keyid[2]; - char *answer; - - memset( &mfx, 0, sizeof mfx); - - /* search the userid */ - rc = find_keyblock_byname( &kbpos, username ); - if( rc ) { - log_error("user '%s' not found\n", username ); - goto leave; - } - - /* build a list of all signators */ - rc=build_skc_list( locusr, &skc_list, 0, 1 ); - if( rc ) - goto leave; - - - /* read the keyblock */ - rc = read_keyblock( &kbpos, &keyblock ); - if( rc ) { - log_error("error reading the certificate: %s\n", g10_errstr(rc) ); - goto leave; - } - - /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, PKT_PUBLIC_CERT ); - if( !node ) { - log_error("Oops; public key not found anymore!\n"); - rc = G10ERR_GENERAL; - goto leave; - } - - pkc = node->pkt->pkt.public_cert; - keyid_from_pkc( pkc, pkc_keyid ); - log_info("Checking signatures of this public key certificate:\n"); - tty_printf("pub %4u%c/%08lX %s ", - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - pkc_keyid[1], datestr_from_pkc(pkc) ); - { - size_t n; - char *p = get_user_id( pkc_keyid, &n ); - tty_print_string( p, n > 40? 40 : n ); - m_free(p); - tty_printf("\n"); - } - - clear_kbnode_flags( keyblock ); - if( check_all_keysigs( keyblock ) ) { - if( !opt.batch ) { - /* ask wether we really should do anything */ - answer = tty_get("To you want to remove some of the invalid sigs? "); - tty_kill_prompt(); - if( answer_is_yes(answer) ) - remove_keysigs( keyblock, pkc_keyid, 0 ); - m_free(answer); - } - } - - /* check wether we have already signed it */ - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - u32 akeyid[2]; - - keyid_from_skc( skc_rover->skc, akeyid ); - for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { - if( node->pkt->pkttype == PKT_SIGNATURE - && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) { - if( akeyid[0] == node->pkt->pkt.signature->keyid[0] - && akeyid[1] == node->pkt->pkt.signature->keyid[1] ) { - log_info("Already signed by keyid %08lX\n", - (ulong)akeyid[1] ); - skc_rover->mark = 1; - } - } - } - } - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - if( !skc_rover->mark ) - break; - } - if( !skc_rover ) { - log_info("Nothing to sign\n"); - goto leave; - } - - /* Loop over all signers and all user ids and sign */ - for( skc_rover = skc_list; skc_rover; skc_rover = skc_rover->next ) { - if( skc_rover->mark ) - continue; - for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { - if( node->pkt->pkttype == PKT_USER_ID ) { - if( sign_it_p( pkc, node->pkt->pkt.user_id ) ) { - PACKET *pkt; - PKT_signature *sig; - - rc = make_keysig_packet( &sig, pkc, - node->pkt->pkt.user_id, - skc_rover->skc, - 0x10, - DIGEST_ALGO_RMD160 ); - if( rc ) { - log_error("make_keysig_packet failed: %s\n", g10_errstr(rc)); - goto leave; - } - - pkt = m_alloc_clear( sizeof *pkt ); - pkt->pkttype = PKT_SIGNATURE; - pkt->pkt.signature = sig; - insert_kbnode( node, new_kbnode(pkt), PKT_USER_ID ); - } - } - } - } - - rc = update_keyblock( &kbpos, keyblock ); - if( rc ) { - log_error("update_keyblock failed: %s\n", g10_errstr(rc) ); - goto leave; - } - - leave: - release_kbnode( keyblock ); - release_skc_list( skc_list ); - md_close( mfx.md ); - return rc; -} - - - -int -edit_keysigs( const char *username ) -{ - int rc = 0; - KBNODE keyblock = NULL; - KBNODE node; - KBPOS kbpos; - PKT_public_cert *pkc; - u32 pkc_keyid[2]; - - /* search the userid */ - rc = find_keyblock_byname( &kbpos, username ); - if( rc ) { - log_error("%s: user not found\n", username ); - goto leave; - } - - /* read the keyblock */ - rc = read_keyblock( &kbpos, &keyblock ); - if( rc ) { - log_error("%s: certificate read problem: %s\n", username, g10_errstr(rc) ); - goto leave; - } - - /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, PKT_PUBLIC_CERT ); - if( !node ) { - log_error("Oops; public key not found anymore!\n"); - rc = G10ERR_GENERAL; - goto leave; - } - - pkc = node->pkt->pkt.public_cert; - keyid_from_pkc( pkc, pkc_keyid ); - log_info("Checking signatures of this public key certificate:\n"); - tty_printf("pub %4u%c/%08lX %s ", - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - pkc_keyid[1], datestr_from_pkc(pkc) ); - { - size_t n; - char *p = get_user_id( pkc_keyid, &n ); - tty_print_string( p, n > 40? 40 : n ); - m_free(p); - tty_printf("\n"); - } - - clear_kbnode_flags( keyblock ); - check_all_keysigs( keyblock ); - if( remove_keysigs( keyblock, pkc_keyid, 1 ) ) { - rc = update_keyblock( &kbpos, keyblock ); - if( rc ) { - log_error("update_keyblock failed: %s\n", g10_errstr(rc) ); - goto leave; - } - } - - leave: - release_kbnode( keyblock ); - return rc; -} - - -/**************** - * Delete a public or secret key from a keyring. - */ -int -delete_key( const char *username, int secret ) -{ - int rc = 0; - KBNODE keyblock = NULL; - KBNODE node; - KBPOS kbpos; - PKT_public_cert *pkc = NULL; - PKT_secret_cert *skc = NULL; - u32 keyid[2]; - int okay=0; - - /* search the userid */ - rc = secret? find_secret_keyblock_byname( &kbpos, username ) - : find_keyblock_byname( &kbpos, username ); - if( rc ) { - log_error("%s: user not found\n", username ); - goto leave; - } - - /* read the keyblock */ - rc = read_keyblock( &kbpos, &keyblock ); - if( rc ) { - log_error("%s: read problem: %s\n", username, g10_errstr(rc) ); - goto leave; - } - - /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, secret? PKT_SECRET_CERT:PKT_PUBLIC_CERT ); - if( !node ) { - log_error("Oops; key not found anymore!\n"); - rc = G10ERR_GENERAL; - goto leave; - } - - if( secret ) { - skc = node->pkt->pkt.secret_cert; - keyid_from_skc( skc, keyid ); - } - else { - pkc = node->pkt->pkt.public_cert; - keyid_from_pkc( pkc, keyid ); - rc = seckey_available( keyid ); - if( !rc ) { - log_error(_( - "there is a secret key for this public key!\n")); - log_info(_( - "use option \"--delete-secret-key\" to delete it first.\n")); - rc = -1; - } - else if( rc != G10ERR_NO_SECKEY ) - log_error("%s: get secret key: %s\n", username, g10_errstr(rc) ); - else - rc = 0; - } - - if( rc ) - rc = 0; - else if( opt.batch && secret ) - log_error(_("can't do that in batch-mode\n")); - else if( opt.batch && opt.answer_yes ) - okay++; - else if( opt.batch ) - log_error(_("can't do that in batch-mode without \"--yes\"\n")); - else { - char *p; - size_t n; - - if( secret ) - tty_printf("sec %4u%c/%08lX %s ", - nbits_from_skc( skc ), - pubkey_letter( skc->pubkey_algo ), - keyid[1], datestr_from_skc(skc) ); - else - tty_printf("pub %4u%c/%08lX %s ", - nbits_from_pkc( pkc ), - pubkey_letter( pkc->pubkey_algo ), - keyid[1], datestr_from_pkc(pkc) ); - p = get_user_id( keyid, &n ); - tty_print_string( p, n ); - m_free(p); - tty_printf("\n\n"); - - p = tty_get(_("Delete this key from the keyring? ")); - tty_kill_prompt(); - if( secret && answer_is_yes(p)) { - /* I think it is not required to check a passphrase; if - * the user is so stupid to let others access his secret keyring - * (and has no backup) - it is up him to read some very - * basic texts about security. - */ - m_free(p); - p = tty_get(_("This is a secret key! - really delete? ")); - } - if( answer_is_yes(p) ) - okay++; - m_free(p); - } - - - if( okay ) { - rc = delete_keyblock( &kbpos ); - if( rc ) { - log_error("delete_keyblock failed: %s\n", g10_errstr(rc) ); - goto leave; - } - } - - leave: - release_kbnode( keyblock ); - return rc; -} - - -int -change_passphrase( const char *username ) -{ - int rc = 0; - KBNODE keyblock = NULL; - KBNODE node; - KBPOS kbpos; - PKT_secret_cert *skc; - u32 skc_keyid[2]; - char *answer; - int changed=0; - - /* search the userid */ - rc = find_secret_keyblock_byname( &kbpos, username ); - if( rc ) { - log_error("secret key for user '%s' not found\n", username ); - goto leave; - } - - /* read the keyblock */ - rc = read_keyblock( &kbpos, &keyblock ); - if( rc ) { - log_error("error reading the certificate: %s\n", g10_errstr(rc) ); - goto leave; - } - - /* get the keyid from the keyblock */ - node = find_kbnode( keyblock, PKT_SECRET_CERT ); - if( !node ) { - log_error("Oops; secret key not found anymore!\n"); - rc = G10ERR_GENERAL; - goto leave; - } - - skc = node->pkt->pkt.secret_cert; - keyid_from_skc( skc, skc_keyid ); - tty_printf("sec %4u%c/%08lX %s ", - nbits_from_skc( skc ), - pubkey_letter( skc->pubkey_algo ), - skc_keyid[1], datestr_from_skc(skc) ); - { - size_t n; - char *p = get_user_id( skc_keyid, &n ); - tty_print_string( p, n ); - m_free(p); - tty_printf("\n"); - } - - clear_kbnode_flags( keyblock ); - switch( is_secret_key_protected( skc ) ) { - case -1: - rc = G10ERR_PUBKEY_ALGO; - break; - case 0: - tty_printf("This key is not protected.\n"); - break; - default: - tty_printf("Key is protected.\n"); - rc = check_secret_key( skc ); - break; - } - - if( rc ) - tty_printf("Can't edit this key: %s\n", g10_errstr(rc)); - else { - DEK *dek = m_alloc_secure( sizeof *dek + 8 ); - byte *salt = (byte*)dek + sizeof( *dek ); - - tty_printf( "Enter the new passphrase for this secret key.\n\n" ); - - for(;;) { - dek->algo = CIPHER_ALGO_BLOWFISH; - randomize_buffer(salt, 8, 1); - rc = make_dek_from_passphrase( dek , 2, salt ); - if( rc == -1 ) { - rc = 0; - tty_printf( "You don't want a passphrase -" - " this is probably a *bad* idea!\n\n"); - answer = tty_get("Do you really want to do this? "); - tty_kill_prompt(); - if( answer_is_yes(answer) ) - changed++; - m_free(answer); - break; - } - else if( rc == G10ERR_PASSPHRASE ) { - tty_printf("passphrase not correctly repeated; try again.\n"); - } - else if( rc ) { - m_free(dek); dek = NULL; - log_error("Error getting the passphrase: %s\n", g10_errstr(rc)); - break; - } - else { /* okay */ - skc->protect.algo = CIPHER_ALGO_BLOWFISH; - skc->protect.s2k = 1; - skc->protect.hash = DIGEST_ALGO_RMD160; - memcpy(skc->protect.salt, salt, 8); - randomize_buffer(skc->protect.iv, 8, 1); - rc = protect_secret_key( skc, dek ); - if( rc ) - log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); - else - changed++; - break; - } - } - m_free(dek); - } - - - if( changed ) { - rc = update_keyblock( &kbpos, keyblock ); - if( rc ) { - log_error("update_keyblock failed: %s\n", g10_errstr(rc) ); - goto leave; - } - } - - leave: - release_kbnode( keyblock ); - return rc; -} - - -/**************** - * Create a signature packet for the given public key certificate - * and the user id and return it in ret_sig. User signature class SIGCLASS - * user-id is not used (and may be NULL if sigclass is 0x20) - */ -int -make_keysig_packet( PKT_signature **ret_sig, PKT_public_cert *pkc, - PKT_user_id *uid, PKT_secret_cert *skc, - int sigclass, int digest_algo ) -{ - PKT_signature *sig; - int rc=0; - MD_HANDLE md; - - assert( (sigclass >= 0x10 && sigclass <= 0x13) || sigclass == 0x20 ); - md = md_open( digest_algo, 0 ); - - /* hash the public key certificate and the user id */ - hash_public_cert( md, pkc ); - if( sigclass != 0x20 ) - md_write( md, uid->name, uid->len ); - /* and make the signature packet */ - sig = m_alloc_clear( sizeof *sig ); - sig->pubkey_algo = skc->pubkey_algo; - sig->timestamp = make_timestamp(); - sig->sig_class = sigclass; - - md_putc( md, sig->sig_class ); - { u32 a = sig->timestamp; - md_putc( md, (a >> 24) & 0xff ); - md_putc( md, (a >> 16) & 0xff ); - md_putc( md, (a >> 8) & 0xff ); - md_putc( md, a & 0xff ); - } - md_final(md); - - rc = complete_sig( sig, skc, md ); - - md_close( md ); - if( rc ) - free_seckey_enc( sig ); - else - *ret_sig = sig; - return rc; -} - diff --git a/include/mpi.h b/include/mpi.h index feb915a2b..9a151291c 100644 --- a/include/mpi.h +++ b/include/mpi.h @@ -99,6 +99,7 @@ int mpi_fromstr(MPI val, const char *str); int mpi_print( FILE *fp, MPI a, int mode ); u32 mpi_get_keyid( MPI a, u32 *keyid ); byte *mpi_get_buffer( MPI a, unsigned *nbytes, int *sign ); +byte *mpi_get_secure_buffer( MPI a, unsigned *nbytes, int *sign ); void mpi_set_buffer( MPI a, const byte *buffer, unsigned nbytes, int sign ); /*-- mpi-add.c --*/ diff --git a/mpi/ChangeLog b/mpi/ChangeLog index 0a967df48..a39884d8d 100644 --- a/mpi/ChangeLog +++ b/mpi/ChangeLog @@ -1,3 +1,7 @@ +Thu Apr 9 11:31:36 1998 Werner Koch (wk@isil.d.shuttle.de) + + * mpicoder.c (mpi_get_secure_buffer): New. + Wed Apr 8 09:44:33 1998 Werner Koch (wk@isil.d.shuttle.de) * config.links: Applied small fix from Ulf Möller. diff --git a/mpi/mpicoder.c b/mpi/mpicoder.c index 9362aff65..a4b1c2095 100644 --- a/mpi/mpicoder.c +++ b/mpi/mpicoder.c @@ -268,8 +268,8 @@ mpi_get_keyid( MPI a, u32 *keyid ) * set to zero if the value of A is zero. If sign is not NULL, it will * be set to the sign of the A. */ -byte * -mpi_get_buffer( MPI a, unsigned *nbytes, int *sign ) +static byte * +do_get_buffer( MPI a, unsigned *nbytes, int *sign, int force_secure ) { byte *p, *buffer; mpi_limb_t alimb; @@ -278,7 +278,8 @@ mpi_get_buffer( MPI a, unsigned *nbytes, int *sign ) if( sign ) *sign = a->sign; *nbytes = a->nlimbs * BYTES_PER_MPI_LIMB; - p = buffer = a->secure ? m_alloc_secure( *nbytes) : m_alloc( *nbytes ); + p = buffer = force_secure || a->secure ? m_alloc_secure( *nbytes) + : m_alloc( *nbytes ); for(i=a->nlimbs-1; i >= 0; i-- ) { alimb = a->d[i]; @@ -310,6 +311,19 @@ mpi_get_buffer( MPI a, unsigned *nbytes, int *sign ) return buffer; } + +byte * +mpi_get_buffer( MPI a, unsigned *nbytes, int *sign ) +{ + return do_get_buffer( a, nbytes, sign, 0 ); +} + +byte * +mpi_get_secure_buffer( MPI a, unsigned *nbytes, int *sign ) +{ + return do_get_buffer( a, nbytes, sign, 1 ); +} + /**************** * Use BUFFER to update MPI. */ diff --git a/po/ChangeLog b/po/ChangeLog index a2f4c5494..154882698 100644 --- a/po/ChangeLog +++ b/po/ChangeLog @@ -1,3 +1,7 @@ +Thu Apr 9 10:03:14 1998 Werner Koch (wk@isil.d.shuttle.de) + + * it.po: New version from Marco + Fri Mar 13 09:43:19 1998 Werner Koch (wk@isil.d.shuttle.de) * it.po: New diff --git a/po/it.po b/po/it.po index 4a3644956..2d0dbb902 100644 --- a/po/it.po +++ b/po/it.po @@ -1,5 +1,6 @@ msgid "" msgstr "" +"POT-Creation-Date: 1998-03-12 23:23+0100\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Date: 1998-03-07 12:16:14+0100\n" "From: Marco d'Itri \n" @@ -12,6 +13,7 @@ msgid "Warning: using insecure memory!\n" msgstr "Attenzione: si sta usando memoria insicura!\n" #: cipher/random.c:419 +#, c-format msgid "" "\n" "Not enough random bytes available. Please do some other work to give\n" @@ -19,7 +21,7 @@ msgid "" msgstr "" "\n" "Non ci sono abbastanza byte casuali disponibili. Per favore fai\n" -"qualche altro lavoro per dare al sistema operativo un'occasione per\n" +"qualche altro lavoro per dare al sistema operativo la possibilità di\n" "raccogliere altra entropia! (Servono ancora %d byte)\n" #: cipher/random.c:459 @@ -41,7 +43,7 @@ msgstr "" "NON USARE ALCUN DATO GENERATO DA QUESTO PROGRAMMA!!\n" "\n" -#: g10/g10.c:56 +#: g10/g10.c:57 msgid "" "\\vCommands:\n" " " @@ -49,103 +51,103 @@ msgstr "" "\\vComandi:\n" " " -#: g10/g10.c:59 +#: g10/g10.c:60 msgid "make a signature" msgstr "fai una firma" -#: g10/g10.c:60 -msgid "make a clear text signature" -msgstr "fai una firma al testo in chiaro" - #: g10/g10.c:61 +msgid "make a clear text signature" +msgstr "fai una firma mantenendo il testo in chiaro" + +#: g10/g10.c:62 msgid "make a detached signature" msgstr "fai una firma separata" -#: g10/g10.c:62 +#: g10/g10.c:63 msgid "encrypt data" msgstr "cifra dati" -#: g10/g10.c:63 +#: g10/g10.c:64 msgid "encryption only with symmetric cipher" msgstr "cifra solo con un cifrario simmetrico" -#: g10/g10.c:64 -msgid "store only" -msgstr "immagazzina solo" - #: g10/g10.c:65 +msgid "store only" +msgstr "immagazzina soltanto" + +#: g10/g10.c:66 msgid "decrypt data (default)" msgstr "decifra dati (predefinito)" -#: g10/g10.c:66 +#: g10/g10.c:67 msgid "verify a signature" msgstr "verifica una firma" -#: g10/g10.c:68 +#: g10/g10.c:69 msgid "list keys" msgstr "elenca le chiavi" -#: g10/g10.c:69 +#: g10/g10.c:70 msgid "list keys and signatures" msgstr "elenca le chiavi e le firme" -#: g10/g10.c:70 +#: g10/g10.c:71 msgid "check key signatures" msgstr "controlla le firme delle chiavi" -#: g10/g10.c:71 +#: g10/g10.c:72 msgid "list keys and fingerprints" msgstr "elenca le chiavi e le impronte digitali" -#: g10/g10.c:73 +#: g10/g10.c:74 msgid "generate a new key pair" msgstr "genera una nuova coppia di chiavi" -#: g10/g10.c:74 +#: g10/g10.c:75 msgid "make a signature on a key in the keyring" msgstr "firma una chiave nel portachiavi" -#: g10/g10.c:75 -msgid "remove key from the public keyring" -msgstr "rimuovi una chiave dal portachiavi pubblico" - #: g10/g10.c:76 +msgid "remove key from the public keyring" +msgstr "rimuove una chiave dal portachiavi pubblico" + +#: g10/g10.c:77 msgid "edit a key signature" msgstr "modifica la firma di una chiave" -#: g10/g10.c:77 +#: g10/g10.c:78 msgid "change the passphrase of your secret keyring" msgstr "cambia la passphrase del tuo portachiavi segreto" -#: g10/g10.c:78 +#: g10/g10.c:79 msgid "generate a revocation certificate" msgstr "genera un certificato di revoca" -#: g10/g10.c:80 +#: g10/g10.c:81 msgid "export keys" msgstr "esporta delle chiavi" -#: g10/g10.c:81 +#: g10/g10.c:82 msgid "import/merge keys" msgstr "importa/aggiungi delle chiavi" -#: g10/g10.c:82 +#: g10/g10.c:83 msgid "list only the sequence of packets" msgstr "elenca solo la sequenza dei pacchetti" -#: g10/g10.c:84 +#: g10/g10.c:85 msgid "De-Armor a file or stdin" msgstr "rimuovi l'armatura a un file o a stdin" -#: g10/g10.c:85 +#: g10/g10.c:86 msgid "En-Armor a file or stdin" msgstr "crea l'armatura a un file o a stdin" -#: g10/g10.c:86 +#: g10/g10.c:87 msgid "print all message digests" msgstr "stampa tutti i message digests" -#: g10/g10.c:91 +#: g10/g10.c:92 msgid "" "\\v\n" "Options:\n" @@ -155,99 +157,99 @@ msgstr "" "Opzioni:\n" " " -#: g10/g10.c:94 +#: g10/g10.c:95 msgid "create ascii armored output" msgstr "crea un output ascii con armatura" -#: g10/g10.c:95 +#: g10/g10.c:96 msgid "use this user-id to sign or decrypt" msgstr "usa questo user-id per firmare o decifrare" -#: g10/g10.c:96 +#: g10/g10.c:97 msgid "use this user-id for encryption" msgstr "usa questo user-id per cifrare" -#: g10/g10.c:97 +#: g10/g10.c:98 msgid "set compress level (0 disables)" msgstr "imposta il livello di compressione (0 disabilita)" -#: g10/g10.c:98 +#: g10/g10.c:99 msgid "use canonical text mode" msgstr "usa il modo testo canonico" -#: g10/g10.c:100 -msgid "use as output file" -msgstr "usa come un file di output" - #: g10/g10.c:101 +msgid "use as output file" +msgstr "usa come file di output" + +#: g10/g10.c:102 msgid "verbose" msgstr "prolisso" -#: g10/g10.c:102 -msgid "don't make any changes" +#: g10/g10.c:103 +msgid "do not make any changes" msgstr "non fare cambiamenti" -#: g10/g10.c:103 +#: g10/g10.c:104 msgid "batch mode: never ask" msgstr "modo batch: non fare domande" -#: g10/g10.c:104 -msgid "assume yes on most questions" -msgstr "assumi \"si\" a quasi tutte le domande" - #: g10/g10.c:105 +msgid "assume yes on most questions" +msgstr "assumi \"sì\" a quasi tutte le domande" + +#: g10/g10.c:106 msgid "assume no on most questions" msgstr "assumi \"no\" a quasi tutte le domande" -#: g10/g10.c:106 -msgid "add this keyring to the list of keyrings" -msgstr "aggiungi questo portachiavi alla lista dei portachiavi" - #: g10/g10.c:107 +msgid "add this keyring to the list of keyrings" +msgstr "aggiungi questo portachiavi alla lista" + +#: g10/g10.c:108 msgid "add this secret keyring to the list" msgstr "aggiungi questo portachiavi segreto alla lista" -#: g10/g10.c:108 +#: g10/g10.c:109 msgid "read options from file" msgstr "leggi le opzioni dal file" -#: g10/g10.c:110 -msgid "set debugging flags" -msgstr "imposa i flag di debugging" - #: g10/g10.c:111 +msgid "set debugging flags" +msgstr "imposta i flag di debugging" + +#: g10/g10.c:112 msgid "enable full debugging" msgstr "abilita il debugging completo" -#: g10/g10.c:112 +#: g10/g10.c:113 msgid "write status info to this fd" msgstr "scrivi le informazioni di stato su questo fd" -#: g10/g10.c:113 +#: g10/g10.c:114 msgid "do not write comment packets" msgstr "non scrivere pacchetti di commento" -#: g10/g10.c:114 +#: g10/g10.c:115 msgid "(default is 1)" msgstr "(predefinito è 1)" -#: g10/g10.c:115 +#: g10/g10.c:116 msgid "(default is 3)" msgstr "(predefinito è 3)" -#: g10/g10.c:117 +#: g10/g10.c:118 msgid "select default cipher algorithm" msgstr "seleziona l'algoritmo di cifratura predefinito" -#: g10/g10.c:118 +#: g10/g10.c:119 msgid "select default puplic key algorithm" msgstr "seleziona l'algoritmo a chiave pubblica predefinito" -#: g10/g10.c:119 +#: g10/g10.c:120 msgid "select default message digest algorithm" msgstr "seleziona l'algoritmo di message digest predefinito" -#: g10/g10.c:123 +#: g10/g10.c:124 msgid "" "\\v\n" "Examples:\n" @@ -262,7 +264,7 @@ msgstr "" "Esempi:\n" "\n" " -se -r Bob [file] firma e cifra per l'utente Bob\n" -" -sat [file] fai una firma al testo in chiaro\n" +" -sat [file] fai una firma mantenendo il testo in chiaro\n" " -sb [file] fai una firma separata\n" " -k [userid] mostra le chiavi\n" " -kc [userid] mostra le impronte digitali\n" @@ -330,18 +332,22 @@ msgid "marginals-needed must be greater than 1\n" msgstr "marginals-needed deve essere maggiore di 1\n" #: g10/g10.c:450 +#, c-format msgid "note: no default option file '%s'\n" msgstr "nota: nessun file con opzioni predefinite '%s'\n" #: g10/g10.c:454 +#, c-format msgid "option file '%s': %s\n" msgstr "file con opzioni predefinite '%s': %s\n" #: g10/g10.c:461 +#, c-format msgid "reading options from '%s'\n" msgstr "lettura delle opzioni da '%s'\n" #: g10/g10.c:657 +#, c-format msgid "failed to initialize the TrustDB: %s\n" msgstr "inizializzazione del TrustDB fallita: %s\n" @@ -349,10 +355,9 @@ msgstr "inizializzazione del TrustDB fallita: %s\n" msgid "--store [filename]" msgstr "--store [nomefile]" -#. encrypt the given file only with the symmetric cipher #: g10/g10.c:671 msgid "--symmetric [filename]" -msgstr " [nomefile]" +msgstr "--symmetric [nomefile]" #: g10/g10.c:679 msgid "--encrypt [filename]" @@ -366,7 +371,6 @@ msgstr "--sign [nomefile]" msgid "--sign --encrypt [filename]" msgstr "--sign --encrypt [nomefile]" -#. make a clearsig #: g10/g10.c:719 msgid "--clearsign [filename]" msgstr "--clearsign [nomefile]" @@ -391,12 +395,14 @@ msgstr "" msgid "--delete-key username" msgstr "" +#. Change the passphrase #. no arg: use default, 1 arg use this one #: g10/g10.c:766 msgid "--change-passphrase [username]" msgstr "" #: g10/g10.c:787 +#, c-format msgid "can't open %s: %s\n" msgstr "impossibile aprire '%s': %s\n" @@ -409,24 +415,27 @@ msgid "--gen-key" msgstr "" #: g10/g10.c:845 +#, c-format msgid "dearmoring failed: %s\n" msgstr "rimozione dell'armatura fallita: %s\n" #: g10/g10.c:853 +#, c-format msgid "enarmoring failed: %s\n" msgstr "creazione dell'armatura fallita: %s\n" -#. fixme: g10maint should to regular maintenace tasks here #: g10/g10.c:934 msgid "[filename]" msgstr "[nomefile]" #: g10/g10.c:936 +#, c-format msgid "can't open '%s'\n" msgstr "impossibile aprire '%s'" # #### Md ??? #: g10/pkclist.c:65 +#, c-format msgid "" "No ownertrust defined for %lu:\n" "%4u%c/%08lX %s \"" @@ -451,9 +460,9 @@ msgid "" msgstr "" "\"\n" "\n" -"Per favore decidi fino a quanto hai fiducia di questo utente perchè\n" -"firmi correttamente le chiavi di altri utenti (guardando il suo\n" -"passaporto, controllando le impronte digitali da diverse fonti ...)?\n" +"Per favore decidi quanto hai fiducia di questo utente perchè firmi\n" +"correttamente le chiavi di altri utenti (guardando il suo passaporto,\n" +"controllando le impronte digitali da diverse fonti ...)?\n" "\n" " 1 = Non lo so\n" " 2 = NON mi fido\n" @@ -464,7 +473,7 @@ msgstr "" #: g10/pkclist.c:83 msgid "Your decision? " -msgstr "La tua decisione? " +msgstr "Cosa hai deciso? " #: g10/pkclist.c:90 msgid "" @@ -473,13 +482,14 @@ msgid "" "to do with the (implicitly created) web-of-certificates.\n" msgstr "" "È compito tuo assegnare qui un valore; questo valore non sarà mai esportato\n" -"ad alcuna terza persona. Ci serve per implementare la ragnatela-di-fiducia;\n" -"non ha nulla a che fare con la ragnatela-di-certificati (creata" +"ad alcuna terza persona. Serve per implementare la ragnatela-di-fiducia; " +"non\n" +"ha nulla a che fare con la ragnatela-di-certificati (creata " "implicitamente).\n" #: g10/pkclist.c:108 msgid "You will see a list of signators etc. here\n" -msgstr "Qui vedrai una lista di firmatari, ecc...\n" +msgstr "Qui vedrai una lista di firmatari, ecc.\n" #: g10/pkclist.c:132 msgid "" @@ -499,15 +509,15 @@ msgstr "" "Nessun valore di fiducia del proprietario modificato.\n" "\n" - #: g10/pkclist.c:267 msgid "" "It is NOT certain, that the key belongs to his owner.\n" "If you *really* know what you are doing, you may answer\n" "the next question with yes\n" "\n" -msgstr "NON è sicuro che la chiave appartenga al suo proprietario.\n" -"Se *veramente* sai cosa stai facendo, puoi rispondere si alla\n" +msgstr "" +"NON è sicuro che la chiave appartenga al suo proprietario.\n" +"Se *veramente* sai cosa stai facendo, puoi rispondere sì alla\n" "prossima domanda.\n" "\n" @@ -519,7 +529,6 @@ msgstr "" "Non hai specificato un user ID. (puoi usare \"-r\")\n" "\n" - #: g10/pkclist.c:308 msgid "Enter the user ID: " msgstr "Inserisci l'user ID: " @@ -548,17 +557,18 @@ msgstr " (3) RSA non pu #: g10/keygen.c:320 msgid "Your selection? (1,2,3) " -msgstr "La tua scelta? (1,2,3) " +msgstr "Cosa scegli? (1,2,3) " #: g10/keygen.c:322 msgid "Your selection? (1,2) " -msgstr "La tua scelta? (1,2) " +msgstr "Cosa scegli? (1,2) " #: g10/keygen.c:336 msgid "Sorry; DSA is not yet supported.\n" msgstr "Mi spiace, DSA non è gestito.\n" #: g10/keygen.c:349 +#, c-format msgid "" "About to generate a new %s keypair.\n" " minimum keysize is 768 bits\n" @@ -580,16 +590,15 @@ msgstr "DSA permette solo chiavi di dimensioni da 512 a 1024\n" #: g10/keygen.c:365 msgid "keysize too small; 768 is smallest value allowed.\n" -msgstr "le dimensioni della chiave sono troppo piccole; 768 è il\n" -"più piccolo valore permesso.\n" +msgstr "la chiave è troppo corta; 768 è il minimo valore permesso.\n" #: g10/keygen.c:367 msgid "" "Keysizes larger than 2048 are not suggested, because computations take " "REALLY long!\n" msgstr "" -"Chiavi di dimensioni maggiori di 2048 non sono consigliate, perchè i " -"calcoli sono VERAMENTE lunghi!\n" +"Chiavi più lunghe di 2048 non sono consigliate, perchè i calcoli sono " +"VERAMENTE lunghi!\n" #: g10/keygen.c:369 msgid "Are you sure, that you want this keysize? " @@ -599,14 +608,17 @@ msgstr "Sei sicuro che vuoi una chiave di queste dimensioni? " msgid "" "Okay, but keep in mind that your monitor and keyboard radiation is also very " "vulnerable to attacks!\n" -msgstr "Va bene, ma ricordati che anche le radiazioni emesse dal tuo monitor " -"e dalla tua tastiera sono molto vulnerabili ad attacchi!\n" +msgstr "" +"Va bene, ma ricordati che anche le radiazioni emesse dal tuo monitor e dalla " +"tua tastiera sono molto vulnerabili ad attacchi!\n" #: g10/keygen.c:383 +#, c-format msgid "Requested keysize is %u bits\n" msgstr "Le dimensioni della chiave richieste sono %u bit\n" #: g10/keygen.c:386 g10/keygen.c:390 +#, c-format msgid "rounded up to %u bits\n" msgstr "arrotondate a %u bit" @@ -616,14 +628,14 @@ msgid "" "You need a User-ID to identify your key; the software constructs the user " "id\n" "from Real Name, Comment and Email Address in this form:\n" -" \"Heinrich Heine (Der Dichter) \"\n" +" \"Heinrich Heine (Der Dichter) \"\n" "\n" msgstr "" "\n" "Ti serve un User ID per identificare la tua chiave; il software costruisce " "l'user id a partire da Nome e Cognome, Commento e Indirizzo di Email " -"indicati in questo modulo:\n" -" \"Heinrich Heine (Der Dichter) \"\n" +"indicati in questa forma:\n" +" \"Heinrich Heine (Der Dichter) \"\n" "\n" #: g10/keygen.c:409 @@ -648,7 +660,7 @@ msgstr "Indirizzo di Email: " #: g10/keygen.c:437 msgid "Not a valid email address\n" -msgstr "Non è un indirizzo di email valido\n" +msgstr "L'indirizzo di email non è valido\n" #: g10/keygen.c:445 msgid "Comment: " @@ -659,6 +671,7 @@ msgid "Invalid character in comment\n" msgstr "Carattere non valido nel commento\n" #: g10/keygen.c:471 +#, c-format msgid "" "You selected this USER-ID:\n" " \"%s\"\n" @@ -697,10 +710,12 @@ msgid "passphrase not correctly repeated; try again.\n" msgstr "passphrase non ripetuta correttamente; riprova.\n" #: g10/keygen.c:539 +#, c-format msgid "writing public certificate to '%s'\n" msgstr "scrittura del certificato pubblico in '%s'\n" #: g10/keygen.c:540 +#, c-format msgid "writing secret certificate to '%s'\n" msgstr "scrittura del certificato privato in '%s'\n" @@ -712,15 +727,17 @@ msgid "" "number generator a better chance to gain enough entropy.\n" msgstr "" "Dobbiamo generare un mucchio di byte casuali. È una buona idea eseguire\n" -"qualche altra azione (lavorare in un'altra finestra, muovere il mouse, usare\n" -"la rete e i dischi) durante la generazione dei numeri primi; questo da al\n" -"generatore di numeri casuali una maggiore possibilità di raccogliere\n" -"abbastanza entropia.\n" +"qualche altra azione (lavorare in un'altra finestra, muovere il mouse, " +"usare\n" +"la rete e i dischi) durante la generazione dei numeri primi; questo dà al\n" +"generatore di numeri casuali la possibilità di raccogliere abbastanza\n" +"entropia.\n" -#: g10/keygen.c:627 +#: g10/keygen.c:688 msgid "public and secret key created and signed.\n" msgstr "chiavi pubbliche e segrete create e firmate.\n" -#: g10/keygen.c:638 +#: g10/keygen.c:699 +#, c-format msgid "Key generation failed: %s\n" msgstr "Generazione della chiave fallita: %s\n"