From 52139a60cf68661e5023810dbc36a97101948258 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 13 Sep 1999 08:56:45 +0000 Subject: [PATCH] See ChangeLog: Mon Sep 13 10:55:14 CEST 1999 Werner Koch --- BUGS | 1 + THOUGHTS | 31 ++++++++++++++++++++++++++++--- VERSION | 2 +- cipher/ChangeLog | 6 ++++++ cipher/Makefile.am | 1 + cipher/bithelp.h | 41 +++++++++++++++++++++++++++++++++++++++++ cipher/md5.c | 10 ++++------ cipher/rmd160.c | 19 ++++--------------- cipher/sha1.c | 19 +++---------------- doc/FAQ | 16 ++++++++-------- doc/OpenPGP | 2 +- g10/ChangeLog | 7 +++++++ g10/signal.c | 22 ++++++++++++++-------- util/secmem.c | 10 ++++++++++ 14 files changed, 129 insertions(+), 58 deletions(-) create mode 100644 cipher/bithelp.h diff --git a/BUGS b/BUGS index 4a588d33e..81fdcf1bd 100644 --- a/BUGS +++ b/BUGS @@ -47,6 +47,7 @@ and after about half a day in the rsync snapshots. [ *] #23 1999-09-03 0.9.11 Only the first signature of a cleartext sig seems to be verified. Can't fix it in 1.0 because the code is semi-frozen. + HMMM: Can't reprodude the bug here - it just works. Check wehther [ *] #24 1999-09-05 0.9.11 Does not link libc and libz expect when removing all "-lc -lz" except diff --git a/THOUGHTS b/THOUGHTS index dbd53b246..aa33e0ee1 100644 --- a/THOUGHTS +++ b/THOUGHTS @@ -1,5 +1,12 @@ +How often have we to do a key lookup by mailaddress?. +can this be accomplished by an external program? + +What about using S-Exp to describe the interface to the ciphers instead +of simply iterating over them. This way we can easy register a name which +can be used as the "hintstr" for --load-extension. + EGD ==== Oh, and on embedding egd into the gpg package: I think if you just unpack it @@ -48,8 +55,8 @@ From: Matthew Skala ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 +============================== +[ "-->" indicates a comment by me (wk) ] Hi Werner.. @@ -83,11 +90,16 @@ extension mechanisms in GPG should be enough to try various ways later on. 1) pass an argument string to loadable extension modules (maybe gpg --load-extension foofish=arg1,arg2,arg3 ?) + --> could also be achived by S-Exps + 2) allow multiple instances of the same extension module (presumably with different arguments) + --> set an alias name when loading them 3) allow extension modules to use stdin/stdout/stderr as normal (probably already in there), for giving feedback to the user, or possibly asking them for a password of some sort + --> there should really be some kind of callback mechanism. + 4) have an extension to provide secret keys: It looks like most of the hooks for this are already in place, it just @@ -97,6 +109,9 @@ extension mechanisms in GPG should be enough to try various ways later on. an argument. When the keyblock resource is asked to enumerate its keys, it runs the external program (first with a "0" argument, then a "1", and so on until the program reports that no more keys are available). The external +--> better use a cookie: This way we are also stateless but have a more + general interface. + program returns one (possibly armored) secret key block each time. The program might have some kind of special protocol to talk to the storage device. One thing that comes to mind is to simply include a random number @@ -108,6 +123,8 @@ extension mechanisms in GPG should be enough to try various ways later on. much processing power and IO is available on the device. But the same extension module should be able to handle as complex a scheme as one could wish. + --> authenticate the session on startup, using DH and the mentioned + cookie/screen/keyboard authentication. The current keyblock-resource interface would work fine, although it might be more convenient if a resource could be asked for a key by id @@ -118,10 +135,13 @@ extension mechanisms in GPG should be enough to try various ways later on. to fetch by id (which would require it to fall back to the other keyblock resources if it failed), the user's device might be asked to release the key even though some other secret key was the one needed. + --> Right. 5) have an extension to perform a secret-key operation without the actual secret key material + --> Define a clear interface to do this and in the first step write + a daemon which does exactly this. basically something to indicate that any decrypt or sign operations that occur for a specific keyid should call the extension module instead. The @@ -221,12 +241,17 @@ DJGPP Don't use symlinks but try to do the preprocessing in the config-links script. DJPGG has problems to distinguish betwen .s and .S becaus the FAT filesystem is not case sensitive (Mark Elbrecht). - +Well, it runs only on one architecture and therefor it might be possible +to add a special case for it, completely bypassing the symlink autselection +trick. Special procmail addresses ========================== * foo+bar@example.net: Try to match the address without the "+bar". Should be done by the MUA, but maybe we can do this. + --> Yep. Another reason to utilize a directory service or something + else for keylookup. + Suggested things which I will not do: diff --git a/VERSION b/VERSION index 3eefcb9dd..8ce8b88c0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.0 +1.0.0a diff --git a/cipher/ChangeLog b/cipher/ChangeLog index 6ad5648d7..584a75571 100644 --- a/cipher/ChangeLog +++ b/cipher/ChangeLog @@ -1,3 +1,9 @@ +Mon Sep 13 10:51:29 CEST 1999 Werner Koch + + + * bithelp.h: New. + * rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h + Tue Sep 7 16:23:36 CEST 1999 Werner Koch diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 5680a4e9a..4b2ef2e3d 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -39,6 +39,7 @@ libcipher_la_SOURCES = cipher.c \ md.c \ dynload.c \ dynload.h \ + bithelp.h \ des.c \ des.h \ twofish.c \ diff --git a/cipher/bithelp.h b/cipher/bithelp.h new file mode 100644 index 000000000..188db168a --- /dev/null +++ b/cipher/bithelp.h @@ -0,0 +1,41 @@ +/* bithelp.h - Some bit manipulation helpers + * Copyright (C) 1999 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA + */ +#ifndef G10_BITHELP_H +#define G10_BITHELP_H + + +/**************** + * Rotate a 32 bit integer by n bytes + */ +#if defined(__GNUC__) && defined(__i386__) +static inline u32 +rol( u32 x, int n) +{ + __asm__("roll %%cl,%0" + :"=r" (x) + :"0" (x),"c" (n)); + return x; +} +#else + #define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) ) +#endif + + +#endif /*G10_BITHELP_H*/ diff --git a/cipher/md5.c b/cipher/md5.c index 035eaf11b..bb930d042 100644 --- a/cipher/md5.c +++ b/cipher/md5.c @@ -37,6 +37,8 @@ #include "memory.h" #include "dynload.h" +#include "bithelp.h" + typedef struct { u32 A,B,C,D; /* chaining variables */ @@ -104,15 +106,11 @@ transform( MD5_CONTEXT *ctx, byte *data ) do \ { \ a += FF (b, c, d) + (*cwp++) + T; \ - CYCLIC (a, s); \ + a = rol(a, s); \ a += b; \ } \ while (0) - /* It is unfortunate that C does not provide an operator for - cyclic rotation. Hope the C compiler is smart enough. */ -#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s))) - /* Before we start, one word about the strange constants. They are defined in RFC 1321 as @@ -142,7 +140,7 @@ transform( MD5_CONTEXT *ctx, byte *data ) do \ { \ a += f (b, c, d) + correct_words[k] + T; \ - CYCLIC (a, s); \ + a = rol(a, s); \ a += b; \ } \ while (0) diff --git a/cipher/rmd160.c b/cipher/rmd160.c index e8771883a..ecd65b35d 100644 --- a/cipher/rmd160.c +++ b/cipher/rmd160.c @@ -29,6 +29,8 @@ #include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */ #include "dynload.h" +#include "bithelp.h" + /********************************* * RIPEMD-160 is not patented, see (as of 25.10.97) * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html @@ -153,19 +155,6 @@ rmd160_init( RMD160_CONTEXT *hd ) } -#if defined(__GNUC__) && defined(__i386__) -static inline u32 -rol(int n, u32 x) -{ - __asm__("roll %%cl,%0" - :"=r" (x) - :"0" (x),"c" (n)); - return x; -} -#else - #define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) ) -#endif - /**************** * Transform the message X which consists of 16 32-bit-words @@ -218,8 +207,8 @@ transform( RMD160_CONTEXT *hd, byte *data ) #define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) ) #define F4(x,y,z) ( (x) ^ ((y) | ~(z)) ) #define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \ - a = rol(s,t) + e; \ - c = rol(10,c); \ + a = rol(t,s) + e; \ + c = rol(c,10); \ } while(0) /* left lane */ diff --git a/cipher/sha1.c b/cipher/sha1.c index 04bdbac98..40ad62f1f 100644 --- a/cipher/sha1.c +++ b/cipher/sha1.c @@ -39,6 +39,7 @@ #include "util.h" #include "memory.h" #include "dynload.h" +#include "bithelp.h" typedef struct { @@ -49,20 +50,6 @@ typedef struct { } SHA1_CONTEXT; -#if defined(__GNUC__) && defined(__i386__) -static inline u32 -rol(int n, u32 x) -{ - __asm__("roll %%cl,%0" - :"=r" (x) - :"0" (x),"c" (n)); - return x; -} -#else - #define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) ) -#endif - - void @@ -123,11 +110,11 @@ transform( SHA1_CONTEXT *hd, byte *data ) ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \ , (x[i&0x0f] = (tm << 1) | (tm >> 31)) ) -#define R(a,b,c,d,e,f,k,m) do { e += rol( 5, a ) \ +#define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \ + f( b, c, d ) \ + k \ + m; \ - b = rol( 30, b ); \ + b = rol( b, 30 ); \ } while(0) R( a, b, c, d, e, F1, K1, x[ 0] ); R( e, a, b, c, d, F1, K1, x[ 1] ); diff --git a/doc/FAQ b/doc/FAQ index aa8e0c4d7..0bb9b0368 100644 --- a/doc/FAQ +++ b/doc/FAQ @@ -232,7 +232,7 @@ abbreviated -o) is an option that takes a filename. The option's argument must follow immediately after the option itself, otherwise gpg doesn't know which option the argument is supposed to go with. As an option, --output and - its filename must come before the command. The --remote-user (-r) option takes + its filename must come before the command. The --recipient (-r) option takes a name or keyid to encrypt the message to, which must come right after the -r argument. The --encrypt (or -e) command comes after all the options followed by the file you wish to encrypt. So use @@ -241,22 +241,22 @@ If you write the options out in full, it is easier to read - gpg --remote-user alice --output secret.txt --encrypt test.txt + gpg --recipient alice --output secret.txt --encrypt test.txt If you're saving it in a file called ".txt" then you'd probably expect to see ASCII-armored text in there, so you need to add the --armor (-a) option, which doesn't take any arguments. - gpg --armor --remote-user alice --output secret.txt --encrypt test.txt + gpg --armor --recipient alice --output secret.txt --encrypt test.txt If you imagine square brackets around the optional parts, it becomes a bit clearer: - gpg [--armor] [--remote-user alice] [--output secret.txt] --encrypt test.txt + gpg [--armor] [--recipient alice] [--output secret.txt] --encrypt test.txt The optional parts can be rearranged any way you want. - gpg --output secret.txt --remote-user alice --armor --encrypt test.txt + gpg --output secret.txt --recipient alice --armor --encrypt test.txt If your filename begins with a hyphen (e.g. "-a.txt"), gnupg assumes this is an option and may complain. To avoid this you have either to use @@ -282,8 +282,7 @@ other keys. "validity", or calculated trust, is a value which says how much GnuPG thinks a key is valid (that it really belongs to the one who claims to be the owner of the key). - For more see the chapter "The Web of Trust" in the - Manual [gpg: Oops: Internal error: manual not found - sorry] + For more see the chapter "The Web of Trust" in the Manual Q: How do I interpret some of the informational outputs? A: While checking the validity of a key, GnuPG sometimes prints @@ -340,5 +339,6 @@ A: There is a script in the tools directory to help you: After you have imported the PGP keyring you can give this command: $ lspgpot pgpkeyring | gpg --import-ownertrust - + where pgpkeyring is the original keyring and not the GnuPG one you + might have created in the first step. diff --git a/doc/OpenPGP b/doc/OpenPGP index 148032ad9..c73eee4f8 100644 --- a/doc/OpenPGP +++ b/doc/OpenPGP @@ -1,7 +1,7 @@ GnuPG and OpenPGP ================= - See RFC2440 for a description of OpenPGP. I have an annotated version + See RFC2440 for a description of OpenPGP. We have an annotated version of this RFC online: http://www.gnupg.org/rfc2440.html diff --git a/g10/ChangeLog b/g10/ChangeLog index 05423c26e..97c8b515a 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,10 @@ +Mon Sep 13 10:51:29 CEST 1999 Werner Koch + + + * signal.c (got_fatal_signal): Print message using write(2) and + only for development versions. + + Mon Sep 6 19:59:08 CEST 1999 Werner Koch * tdbio.c (tdbio_set_dbname): Use mkdir macro diff --git a/g10/signal.c b/g10/signal.c index 728f4054f..6ed23e5a0 100644 --- a/g10/signal.c +++ b/g10/signal.c @@ -1,5 +1,5 @@ /* signal.c - signal handling - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -39,28 +39,34 @@ static volatile int caught_fatal_sig = 0; static volatile int caught_sigusr1 = 0; static const char * -signal_name( int signum ) +get_signal_name( int signum ) { #if defined(SYS_SIGLIST_DECLARED) && defined(NSIG) return (signum >= 0 && signum < NSIG) ? sys_siglist[signum] : "?"; #else - static char buf[20]; - sprintf(buf, "signal %d", signum ); - return buf; + return "some signal"; #endif } + static RETSIGTYPE got_fatal_signal( int sig ) { + const char *s; + if( caught_fatal_sig ) raise( sig ); caught_fatal_sig = 1; - fprintf( stderr, "\n%s: %s caught ... exiting\n", - log_get_name(), signal_name(sig) ); secmem_term(); - exit( 8 ); + #ifdef IS_DEVELOPMENT_VERSION + write(2, "\n", 1 ); + s = log_get_name(); if( s ) write(2, s, strlen(s) ); + write(2, ": ", 2 ); + s = get_signal_name(sig); write(2, s, strlen(s) ); + write(2, " caught ... exiting\n", 21 ); + #endif + exit(8); /* Hmmm, for some reasons rais2e does not work */ } diff --git a/util/secmem.c b/util/secmem.c index 8796e6faf..3f253d6db 100644 --- a/util/secmem.c +++ b/util/secmem.c @@ -370,6 +370,16 @@ m_is_secure( const void *p ) return p >= pool && p < (void*)((char*)pool+poolsize); } + + +/**************** + * Warning: This code might be called by an interrupt handler + * and frankly, thre should really be such a handler, + * to make sure that the memory is wiped out. + * We hope that the OS wipes out mlocked memory after + * receiving a SIGKILL - it really should do so, otherwise + * there is no chance to get the secure memory cleaned. + */ void secmem_term() {