security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00
Code Activity

See ChangeLog: Mon Sep 13 10:55:14 CEST 1999 Werner Koch

Browse Source
This commit is contained in:
Werner Koch 1999-09-13 08:56:45 +00:00
parent d92e4db7fd
commit 52139a60cf
14 changed files with 129 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
BUGS
View File

@ -47,6 +47,7 @@ and after about half a day in the rsync snapshots.
[ *] #23 1999-09-03 <todd.brooks@yale.edu> 0.9.11 [ *] #23 1999-09-03 <todd.brooks@yale.edu> 0.9.11
Only the first signature of a cleartext sig seems to be verified. Only the first signature of a cleartext sig seems to be verified.
Can't fix it in 1.0 because the code is semi-frozen. Can't fix it in 1.0 because the code is semi-frozen.
HMMM: Can't reprodude the bug here - it just works. Check wehther
[ *] #24 1999-09-05 <marcus@yoyo.cc.monash.edu.au> 0.9.11 [ *] #24 1999-09-05 <marcus@yoyo.cc.monash.edu.au> 0.9.11
Does not link libc and libz expect when removing all "-lc -lz" except Does not link libc and libz expect when removing all "-lc -lz" except

31
THOUGHTS
View File

@ -1,5 +1,12 @@
How often have we to do a key lookup by mailaddress?.
can this be accomplished by an external program?
What about using S-Exp to describe the interface to the ciphers instead
of simply iterating over them. This way we can easy register a name which
can be used as the "hintstr" for --load-extension.
EGD EGD
==== ====
Oh, and on embedding egd into the gpg package: I think if you just unpack it Oh, and on embedding egd into the gpg package: I think if you just unpack it
@ -48,8 +55,8 @@ From: Matthew Skala <mskala@ansuz.sooke.bc.ca>
-----BEGIN PGP SIGNED MESSAGE----- ==============================
Hash: SHA1 [ "-->" indicates a comment by me (wk) ]
Hi Werner.. Hi Werner..
@ -83,11 +90,16 @@ extension mechanisms in GPG should be enough to try various ways later on.
1) pass an argument string to loadable extension modules (maybe 1) pass an argument string to loadable extension modules (maybe
gpg --load-extension foofish=arg1,arg2,arg3 ?) gpg --load-extension foofish=arg1,arg2,arg3 ?)
--> could also be achived by S-Exps
2) allow multiple instances of the same extension module (presumably with 2) allow multiple instances of the same extension module (presumably with
different arguments) different arguments)
--> set an alias name when loading them
3) allow extension modules to use stdin/stdout/stderr as normal (probably 3) allow extension modules to use stdin/stdout/stderr as normal (probably
already in there), for giving feedback to the user, or possibly asking them already in there), for giving feedback to the user, or possibly asking them
for a password of some sort for a password of some sort
--> there should really be some kind of callback mechanism.
4) have an extension to provide secret keys: 4) have an extension to provide secret keys:
It looks like most of the hooks for this are already in place, it just It looks like most of the hooks for this are already in place, it just
@ -97,6 +109,9 @@ extension mechanisms in GPG should be enough to try various ways later on.
an argument. When the keyblock resource is asked to enumerate its keys, it an argument. When the keyblock resource is asked to enumerate its keys, it
runs the external program (first with a "0" argument, then a "1", and so on runs the external program (first with a "0" argument, then a "1", and so on
until the program reports that no more keys are available). The external until the program reports that no more keys are available). The external
--> better use a cookie: This way we are also stateless but have a more
general interface.
program returns one (possibly armored) secret key block each time. The program returns one (possibly armored) secret key block each time. The
program might have some kind of special protocol to talk to the storage program might have some kind of special protocol to talk to the storage
device. One thing that comes to mind is to simply include a random number device. One thing that comes to mind is to simply include a random number
@ -108,6 +123,8 @@ extension mechanisms in GPG should be enough to try various ways later on.
much processing power and IO is available on the device. But the same much processing power and IO is available on the device. But the same
extension module should be able to handle as complex a scheme as one could extension module should be able to handle as complex a scheme as one could
wish. wish.
--> authenticate the session on startup, using DH and the mentioned
cookie/screen/keyboard authentication.
The current keyblock-resource interface would work fine, although it The current keyblock-resource interface would work fine, although it
might be more convenient if a resource could be asked for a key by id might be more convenient if a resource could be asked for a key by id
@ -118,10 +135,13 @@ extension mechanisms in GPG should be enough to try various ways later on.
to fetch by id (which would require it to fall back to the other keyblock to fetch by id (which would require it to fall back to the other keyblock
resources if it failed), the user's device might be asked to release the resources if it failed), the user's device might be asked to release the
key even though some other secret key was the one needed. key even though some other secret key was the one needed.
--> Right.
5) have an extension to perform a secret-key operation without the actual 5) have an extension to perform a secret-key operation without the actual
secret key material secret key material
--> Define a clear interface to do this and in the first step write
a daemon which does exactly this.
basically something to indicate that any decrypt or sign operations that basically something to indicate that any decrypt or sign operations that
occur for a specific keyid should call the extension module instead. The occur for a specific keyid should call the extension module instead. The
@ -221,12 +241,17 @@ DJGPP
Don't use symlinks but try to do the preprocessing in the config-links script. Don't use symlinks but try to do the preprocessing in the config-links script.
DJPGG has problems to distinguish betwen .s and .S becaus the FAT filesystem DJPGG has problems to distinguish betwen .s and .S becaus the FAT filesystem
is not case sensitive (Mark Elbrecht). is not case sensitive (Mark Elbrecht).
Well, it runs only on one architecture and therefor it might be possible
to add a special case for it, completely bypassing the symlink autselection
trick.
Special procmail addresses Special procmail addresses
========================== ==========================
* foo+bar@example.net: Try to match the address without the "+bar". * foo+bar@example.net: Try to match the address without the "+bar".
Should be done by the MUA, but maybe we can do this. Should be done by the MUA, but maybe we can do this.
--> Yep. Another reason to utilize a directory service or something
else for keylookup.
Suggested things which I will not do: Suggested things which I will not do:

2
VERSION
View File

@ -1 +1 @@
1.0.0 1.0.0a

6
cipher/ChangeLog
View File

@ -1,3 +1,9 @@
Mon Sep 13 10:51:29 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* bithelp.h: New.
* rmd160.h, sha1.h, md5.h: Use the rol macro from bithelp.h
Tue Sep 7 16:23:36 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> Tue Sep 7 16:23:36 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

1
cipher/Makefile.am
View File

@ -39,6 +39,7 @@ libcipher_la_SOURCES = cipher.c \
md.c \ md.c \
dynload.c \ dynload.c \
dynload.h \ dynload.h \
bithelp.h \
des.c \ des.c \
des.h \ des.h \
twofish.c \ twofish.c \

41
cipher/bithelp.h Normal file
View File

@ -0,0 +1,41 @@
/* bithelp.h - Some bit manipulation helpers
* Copyright (C) 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifndef G10_BITHELP_H
#define G10_BITHELP_H
/****************
* Rotate a 32 bit integer by n bytes
*/
#if defined(__GNUC__) && defined(__i386__)
static inline u32
rol( u32 x, int n)
{
__asm__("roll %%cl,%0"
:"=r" (x)
:"0" (x),"c" (n));
return x;
}
#else
#define rol(x,n) ( ((x) << (n)) | ((x) >> (32-(n))) )
#endif
#endif /*G10_BITHELP_H*/

10
cipher/md5.c
View File

@ -37,6 +37,8 @@
#include "memory.h" #include "memory.h"
#include "dynload.h" #include "dynload.h"
#include "bithelp.h"
typedef struct { typedef struct {
u32 A,B,C,D; /* chaining variables */ u32 A,B,C,D; /* chaining variables */
@ -104,15 +106,11 @@ transform( MD5_CONTEXT *ctx, byte *data )
do \ do \
{ \ { \
a += FF (b, c, d) + (*cwp++) + T; \ a += FF (b, c, d) + (*cwp++) + T; \
CYCLIC (a, s); \ a = rol(a, s); \
a += b; \ a += b; \
} \ } \
while (0) while (0)
/* It is unfortunate that C does not provide an operator for
cyclic rotation. Hope the C compiler is smart enough. */
#define CYCLIC(w, s) (w = (w << s) | (w >> (32 - s)))
/* Before we start, one word about the strange constants. /* Before we start, one word about the strange constants.
They are defined in RFC 1321 as They are defined in RFC 1321 as
@ -142,7 +140,7 @@ transform( MD5_CONTEXT *ctx, byte *data )
do \ do \
{ \ { \
a += f (b, c, d) + correct_words[k] + T; \ a += f (b, c, d) + correct_words[k] + T; \
CYCLIC (a, s); \ a = rol(a, s); \
a += b; \ a += b; \
} \ } \
while (0) while (0)

19
cipher/rmd160.c
View File

@ -29,6 +29,8 @@
#include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */ #include "cipher.h" /* only used for the rmd160_hash_buffer() prototype */
#include "dynload.h" #include "dynload.h"
#include "bithelp.h"
/********************************* /*********************************
* RIPEMD-160 is not patented, see (as of 25.10.97) * RIPEMD-160 is not patented, see (as of 25.10.97)
* http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html * http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html
@ -153,19 +155,6 @@ rmd160_init( RMD160_CONTEXT *hd )
} }
#if defined(__GNUC__) && defined(__i386__)
static inline u32
rol(int n, u32 x)
{
__asm__("roll %%cl,%0"
:"=r" (x)
:"0" (x),"c" (n));
return x;
}
#else
#define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) )
#endif
/**************** /****************
* Transform the message X which consists of 16 32-bit-words * Transform the message X which consists of 16 32-bit-words
@ -218,8 +207,8 @@ transform( RMD160_CONTEXT *hd, byte *data )
#define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) ) #define F3(x,y,z) ( ((x) & (z)) | ((y) & ~(z)) )
#define F4(x,y,z) ( (x) ^ ((y) | ~(z)) ) #define F4(x,y,z) ( (x) ^ ((y) | ~(z)) )
#define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \ #define R(a,b,c,d,e,f,k,r,s) do { t = a + f(b,c,d) + k + x[r]; \
a = rol(s,t) + e; \ a = rol(t,s) + e; \
c = rol(10,c); \ c = rol(c,10); \
} while(0) } while(0)
/* left lane */ /* left lane */

19
cipher/sha1.c
View File

@ -39,6 +39,7 @@
#include "util.h" #include "util.h"
#include "memory.h" #include "memory.h"
#include "dynload.h" #include "dynload.h"
#include "bithelp.h"
typedef struct { typedef struct {
@ -49,20 +50,6 @@ typedef struct {
} SHA1_CONTEXT; } SHA1_CONTEXT;
#if defined(__GNUC__) && defined(__i386__)
static inline u32
rol(int n, u32 x)
{
__asm__("roll %%cl,%0"
:"=r" (x)
:"0" (x),"c" (n));
return x;
}
#else
#define rol(n,x) ( ((x) << (n)) | ((x) >> (32-(n))) )
#endif
void void
@ -123,11 +110,11 @@ transform( SHA1_CONTEXT *hd, byte *data )
^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \ ^ x[(i-8)&0x0f] ^ x[(i-3)&0x0f] \
, (x[i&0x0f] = (tm << 1) | (tm >> 31)) ) , (x[i&0x0f] = (tm << 1) | (tm >> 31)) )
#define R(a,b,c,d,e,f,k,m) do { e += rol( 5, a ) \ #define R(a,b,c,d,e,f,k,m) do { e += rol( a, 5 ) \
+ f( b, c, d ) \ + f( b, c, d ) \
+ k \ + k \
+ m; \ + m; \
b = rol( 30, b ); \ b = rol( b, 30 ); \
} while(0) } while(0)
R( a, b, c, d, e, F1, K1, x[ 0] ); R( a, b, c, d, e, F1, K1, x[ 0] );
R( e, a, b, c, d, F1, K1, x[ 1] ); R( e, a, b, c, d, F1, K1, x[ 1] );

16
doc/FAQ
View File

@ -232,7 +232,7 @@
abbreviated -o) is an option that takes a filename. The option's argument abbreviated -o) is an option that takes a filename. The option's argument
must follow immediately after the option itself, otherwise gpg doesn't know must follow immediately after the option itself, otherwise gpg doesn't know
which option the argument is supposed to go with. As an option, --output and which option the argument is supposed to go with. As an option, --output and
its filename must come before the command. The --remote-user (-r) option takes its filename must come before the command. The --recipient (-r) option takes
a name or keyid to encrypt the message to, which must come right after the -r a name or keyid to encrypt the message to, which must come right after the -r
argument. The --encrypt (or -e) command comes after all the options followed argument. The --encrypt (or -e) command comes after all the options followed
by the file you wish to encrypt. So use by the file you wish to encrypt. So use
@ -241,22 +241,22 @@
If you write the options out in full, it is easier to read If you write the options out in full, it is easier to read
gpg --remote-user alice --output secret.txt --encrypt test.txt gpg --recipient alice --output secret.txt --encrypt test.txt
If you're saving it in a file called ".txt" then you'd probably expect to see If you're saving it in a file called ".txt" then you'd probably expect to see
ASCII-armored text in there, so you need to add the --armor (-a) option, ASCII-armored text in there, so you need to add the --armor (-a) option,
which doesn't take any arguments. which doesn't take any arguments.
gpg --armor --remote-user alice --output secret.txt --encrypt test.txt gpg --armor --recipient alice --output secret.txt --encrypt test.txt
If you imagine square brackets around the optional parts, it becomes a bit If you imagine square brackets around the optional parts, it becomes a bit
clearer: clearer:
gpg [--armor] [--remote-user alice] [--output secret.txt] --encrypt test.txt gpg [--armor] [--recipient alice] [--output secret.txt] --encrypt test.txt
The optional parts can be rearranged any way you want. The optional parts can be rearranged any way you want.
gpg --output secret.txt --remote-user alice --armor --encrypt test.txt gpg --output secret.txt --recipient alice --armor --encrypt test.txt
If your filename begins with a hyphen (e.g. "-a.txt"), gnupg assumes this is If your filename begins with a hyphen (e.g. "-a.txt"), gnupg assumes this is
an option and may complain. To avoid this you have either to use an option and may complain. To avoid this you have either to use
@ -282,8 +282,7 @@
other keys. "validity", or calculated trust, is a value which other keys. "validity", or calculated trust, is a value which
says how much GnuPG thinks a key is valid (that it really belongs says how much GnuPG thinks a key is valid (that it really belongs
to the one who claims to be the owner of the key). to the one who claims to be the owner of the key).
For more see the chapter "The Web of Trust" in the For more see the chapter "The Web of Trust" in the Manual
Manual [gpg: Oops: Internal error: manual not found - sorry]
Q: How do I interpret some of the informational outputs? Q: How do I interpret some of the informational outputs?
A: While checking the validity of a key, GnuPG sometimes prints A: While checking the validity of a key, GnuPG sometimes prints
@ -340,5 +339,6 @@
A: There is a script in the tools directory to help you: A: There is a script in the tools directory to help you:
After you have imported the PGP keyring you can give this command: After you have imported the PGP keyring you can give this command:
$ lspgpot pgpkeyring | gpg --import-ownertrust $ lspgpot pgpkeyring | gpg --import-ownertrust
where pgpkeyring is the original keyring and not the GnuPG one you
might have created in the first step.

2
doc/OpenPGP
View File

@ -1,7 +1,7 @@
GnuPG and OpenPGP GnuPG and OpenPGP
================= =================
See RFC2440 for a description of OpenPGP. I have an annotated version See RFC2440 for a description of OpenPGP. We have an annotated version
of this RFC online: http://www.gnupg.org/rfc2440.html of this RFC online: http://www.gnupg.org/rfc2440.html

7
g10/ChangeLog
View File

@ -1,3 +1,10 @@
Mon Sep 13 10:51:29 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* signal.c (got_fatal_signal): Print message using write(2) and
only for development versions.
Mon Sep 6 19:59:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> Mon Sep 6 19:59:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* tdbio.c (tdbio_set_dbname): Use mkdir macro * tdbio.c (tdbio_set_dbname): Use mkdir macro

22
g10/signal.c
View File

@ -1,5 +1,5 @@
/* signal.c - signal handling /* signal.c - signal handling
* Copyright (C) 1998 Free Software Foundation, Inc. * Copyright (C) 1998, 1999 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -39,28 +39,34 @@ static volatile int caught_fatal_sig = 0;
static volatile int caught_sigusr1 = 0; static volatile int caught_sigusr1 = 0;
static const char * static const char *
signal_name( int signum ) get_signal_name( int signum )
{ {
#if defined(SYS_SIGLIST_DECLARED) && defined(NSIG) #if defined(SYS_SIGLIST_DECLARED) && defined(NSIG)
return (signum >= 0 && signum < NSIG) ? sys_siglist[signum] : "?"; return (signum >= 0 && signum < NSIG) ? sys_siglist[signum] : "?";
#else #else
static char buf[20]; return "some signal";
sprintf(buf, "signal %d", signum );
return buf;
#endif #endif
} }
static RETSIGTYPE static RETSIGTYPE
got_fatal_signal( int sig ) got_fatal_signal( int sig )
{ {
const char *s;
if( caught_fatal_sig ) if( caught_fatal_sig )
raise( sig ); raise( sig );
caught_fatal_sig = 1; caught_fatal_sig = 1;
fprintf( stderr, "\n%s: %s caught ... exiting\n",
log_get_name(), signal_name(sig) );
secmem_term(); secmem_term();
exit( 8 ); #ifdef IS_DEVELOPMENT_VERSION
write(2, "\n", 1 );
s = log_get_name(); if( s ) write(2, s, strlen(s) );
write(2, ": ", 2 );
s = get_signal_name(sig); write(2, s, strlen(s) );
write(2, " caught ... exiting\n", 21 );
#endif
exit(8); /* Hmmm, for some reasons rais2e does not work */
} }

10
util/secmem.c
View File

@ -370,6 +370,16 @@ m_is_secure( const void *p )
return p >= pool && p < (void*)((char*)pool+poolsize); return p >= pool && p < (void*)((char*)pool+poolsize);
} }
/****************
* Warning: This code might be called by an interrupt handler
* and frankly, thre should really be such a handler,
* to make sure that the memory is wiped out.
* We hope that the OS wipes out mlocked memory after
* receiving a SIGKILL - it really should do so, otherwise
* there is no chance to get the secure memory cleaned.
*/
void void
secmem_term() secmem_term()
{ {