diff --git a/NEWS b/NEWS index b20b0efda..380fb0e4e 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,8 @@ Noteworthy changes in version 2.0.10 (unreleased) * [gpg] New control statement %ask-passphrase for the unattended key generation. + * [gpg] The algorithm to compute the SIG_ID status has been changed. + * [gpgsm] Now uses AES by default. * [gpgsm] Made --output option work with --export-secret-key-p12. diff --git a/g10/ChangeLog b/g10/ChangeLog index 979a681be..2e921a0ed 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,23 @@ +2008-12-11 Werner Koch + + * sig-check.c (signature_check2): Change algorithm used to compute + the SIG_ID. + (check_revocation_keys): Close message digest. + + * rmd160.c, rmd160.h: New. Based on code from GnuPG-1.4. + * t-rmd160.c: New. + * Makefile.am: Add support to run tests. + * keyid.c (namehash_from_uid): Use rmd160_hash_buffer. + +2008-12-10 Werner Koch + + * trustdb.h (NAMEHASH_HASH): Remove unsued constant. + + * gpg.c (print_mds): Print RMD160 only is enabled. + + * keygen.c (keygen_set_std_prefs): Include RMD160 only if + available. + 2008-12-09 Werner Koch * gpg.c (main) [IS_DEVELOPMENT_VERSION]: Fix strusage use. diff --git a/g10/Makefile.am b/g10/Makefile.am index ff5081200..f6f80e63e 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -30,6 +30,8 @@ AM_CFLAGS = $(LIBGCRYPT_CFLAGS) $(LIBASSUAN_CFLAGS) $(GPG_ERROR_CFLAGS) needed_libs = $(libcommon) ../jnlib/libjnlib.a ../gl/libgnu.a bin_PROGRAMS = gpg2 gpgv2 +noinst_PROGRAMS = $(module_tests) +TESTS = $(module_tests) if ENABLE_BZIP2_SUPPORT bzip2_source = compress-bz2.c @@ -57,6 +59,7 @@ common_source = \ textfilter.c \ progress.c \ misc.c \ + rmd160.c \ options.h \ openfile.c \ keyid.c \ @@ -121,6 +124,12 @@ gpg2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ gpgv2_LDADD = $(LDADD) $(LIBGCRYPT_LIBS) $(LIBASSUAN_LIBS) $(GPG_ERROR_LIBS) \ $(LIBICONV) +t_common_ldadd = +module_tests = t-rmd160 +t_rmd160_SOURCES = t-rmd160.c rmd160.c +t_rmd160_LDADD = $(t_common_ldadd) + + $(PROGRAMS): $(needed_libs) ../common/libgpgrl.a install-data-local: diff --git a/g10/gpg.c b/g10/gpg.c index 4e72b87e6..a88b1ffc3 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -4187,7 +4187,8 @@ print_mds( const char *fname, int algo ) else { print_hashline( md, GCRY_MD_MD5, fname ); print_hashline( md, GCRY_MD_SHA1, fname ); - print_hashline( md, GCRY_MD_RMD160, fname ); + if (!gcry_md_test_algo (GCRY_MD_RMD160)) + print_hashline( md, GCRY_MD_RMD160, fname ); if (!gcry_md_test_algo (GCRY_MD_SHA224)) print_hashline (md, GCRY_MD_SHA224, fname); if (!gcry_md_test_algo (GCRY_MD_SHA256)) @@ -4204,7 +4205,8 @@ print_mds( const char *fname, int algo ) else { print_hex( md, GCRY_MD_MD5, fname ); print_hex( md, GCRY_MD_SHA1, fname ); - print_hex( md, GCRY_MD_RMD160, fname ); + if (!gcry_md_test_algo (GCRY_MD_RMD160)) + print_hex( md, GCRY_MD_RMD160, fname ); if (!gcry_md_test_algo (GCRY_MD_SHA224)) print_hex (md, GCRY_MD_SHA224, fname); if (!gcry_md_test_algo (GCRY_MD_SHA256)) diff --git a/g10/keygen.c b/g10/keygen.c index f0de2fbf3..d60578640 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -352,7 +352,8 @@ keygen_set_std_prefs (const char *string,int personal) strcat(dummy_string,"H8 "); /* RIPEMD160 */ - strcat(dummy_string,"H3 "); + if (!openpgp_md_test_algo(DIGEST_ALGO_RMD160)) + strcat(dummy_string,"H3 "); /* ZLIB */ strcat(dummy_string,"Z2 "); diff --git a/g10/keyid.c b/g10/keyid.c index 9675bbe07..3ba7d4256 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -33,6 +33,7 @@ #include "options.h" #include "keydb.h" #include "i18n.h" +#include "rmd160.h" int pubkey_letter( int algo ) @@ -448,16 +449,14 @@ keyid_from_sig( PKT_signature *sig, u32 *keyid ) byte * namehash_from_uid(PKT_user_id *uid) { - if(uid->namehash==NULL) + if (!uid->namehash) { - uid->namehash = xmalloc(20); - + uid->namehash = xmalloc (20); + if(uid->attrib_data) - gcry_md_hash_buffer (GCRY_MD_RMD160, uid->namehash, - uid->attrib_data, uid->attrib_len); + rmd160_hash_buffer (uid->namehash, uid->attrib_data, uid->attrib_len); else - gcry_md_hash_buffer (GCRY_MD_RMD160, uid->namehash, - uid->name, uid->len); + rmd160_hash_buffer (uid->namehash, uid->name, uid->len); } return uid->namehash; diff --git a/g10/main.h b/g10/main.h index be60d17ce..d5c52b36d 100644 --- a/g10/main.h +++ b/g10/main.h @@ -328,7 +328,6 @@ void pause_on_sigusr( int which ); void block_all_signals(void); void unblock_all_signals(void); - /*-- server.c --*/ int gpg_server (ctrl_t); diff --git a/g10/sig-check.c b/g10/sig-check.c index 995821c5e..c415703f7 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -130,41 +130,63 @@ signature_check2 (PKT_signature *sig, gcry_md_hd_t digest, u32 *r_expiredate, * and the timestamp, but the drawback of this is, that it is * not possible to sign more than one identical document within * one second. Some remote batch processing applications might - * like this feature here */ - gcry_md_hd_t md; - + * like this feature here. + * + * Note that before 2.0.10, we used RIPE-MD160 for the hash + * and accidently didn't include the timestamp and algorithm + * information in the hash. Given that this feature is not + * commonly used and that a replay attacks detection should + * not solely be based on this feature (because it does not + * work with RSA), we take the freedom and switch to SHA-1 + * with 2.0.10 to take advantage of hardware supported SHA-1 + * implementations. We also include the missing information + * in the hash. Note also the SIG_ID as computed by gpg 1.x + * and gpg 2.x didn't matched either because 2.x used to print + * MPIs not in PGP format. */ u32 a = sig->timestamp; - int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); - byte *p, *buffer; + int nsig = pubkey_get_nsig( sig->pubkey_algo ); + unsigned char *p, *buffer; + size_t n, nbytes; + int i; + char hashbuf[20]; - if (gcry_md_open (&md, GCRY_MD_RMD160, 0)) - BUG (); - - /* FIXME: Why the hell are we updating DIGEST here??? */ - gcry_md_putc( digest, sig->pubkey_algo ); - gcry_md_putc( digest, sig->digest_algo ); - gcry_md_putc( digest, (a >> 24) & 0xff ); - gcry_md_putc( digest, (a >> 16) & 0xff ); - gcry_md_putc( digest, (a >> 8) & 0xff ); - gcry_md_putc( digest, a & 0xff ); - for(i=0; i < nsig; i++ ) { - size_t n; - unsigned char *tmp; - - if (gcry_mpi_aprint (GCRYMPI_FMT_USG, &tmp, &n, sig->data[i])) + nbytes = 6; + for (i=0; i < nsig; i++ ) + { + if (gcry_mpi_print (GCRYMPI_FMT_USG, NULL, 0, &n, sig->data[i])) BUG(); - gcry_md_write (md, tmp, n); - xfree (tmp); - } - gcry_md_final (md); - p = make_radix64_string ( gcry_md_read( md, 0 ), 20 ); - buffer = xmalloc( strlen(p) + 60 ); - sprintf( buffer, "%s %s %lu", - p, strtimestamp( sig->timestamp ), (ulong)sig->timestamp ); - write_status_text( STATUS_SIG_ID, buffer ); - xfree(buffer); - xfree(p); - gcry_md_close(md); + nbytes += n; + } + + /* Make buffer large enough to be later used as output buffer. */ + if (nbytes < 100) + nbytes = 100; + nbytes += 10; /* Safety margin. */ + + /* Fill and hash buffer. */ + buffer = p = xmalloc (nbytes); + *p++ = sig->pubkey_algo; + *p++ = sig->digest_algo; + *p++ = (a >> 24) & 0xff; + *p++ = (a >> 16) & 0xff; + *p++ = (a >> 8) & 0xff; + *p++ = a & 0xff; + nbytes -= 6; + for (i=0; i < nsig; i++ ) + { + if (gcry_mpi_print (GCRYMPI_FMT_PGP, p, nbytes, &n, sig->data[i])) + BUG(); + p += n; + nbytes -= n; + } + gcry_md_hash_buffer (GCRY_MD_SHA1, hashbuf, buffer, p-buffer); + + p = make_radix64_string (hashbuf, 20); + sprintf (buffer, "%s %s %lu", + p, strtimestamp (sig->timestamp), (ulong)sig->timestamp); + xfree (p); + write_status_text (STATUS_SIG_ID, buffer); + xfree (buffer); } return rc; @@ -420,6 +442,7 @@ check_revocation_keys(PKT_public_key *pk,PKT_signature *sig) hash_public_key(md,pk); rc=signature_check(sig,md); cache_sig_result(sig,rc); + gcry_md_close (md); break; } } diff --git a/g10/t-rmd160.c b/g10/t-rmd160.c new file mode 100644 index 000000000..d48e3f2ed --- /dev/null +++ b/g10/t-rmd160.c @@ -0,0 +1,92 @@ +/* t-rmd160.c - Module test for rmd160.c + * Copyright (C) 2008 Free Software Foundation, Inc. + * + * This file is part of GnuPG. + * + * GnuPG is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * GnuPG is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include +#include +#include +#include + +#include "rmd160.h" + +#define pass() do { ; } while(0) +#define fail(a) do { fprintf (stderr, "%s:%d: test %d failed\n",\ + __FILE__,__LINE__, (a)); \ + exit (1); \ + } while(0) + +static void +run_test (void) +{ + static struct + { + const char *data; + const char *expect; + } testtbl[] = + { + { "", + "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28" + "\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31" }, + { "a", + "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9\xda\xae" + "\x34\x7b\xe6\xf4\xdc\x83\x5a\x46\x7f\xfe" }, + { "abc", + "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04" + "\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc" }, + { "message digest", + "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8" + "\x81\xb1\x23\xa8\x5f\xfa\x21\x59\x5f\x36" }, + { "abcdefghijklmnopqrstuvwxyz", + "\xf7\x1c\x27\x10\x9c\x69\x2c\x1b\x56\xbb" + "\xdc\xeb\x5b\x9d\x28\x65\xb3\x70\x8d\xbc" }, + { "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789", + "\xb0\xe2\x0b\x6e\x31\x16\x64\x02\x86\xed" + "\x3a\x87\xa5\x71\x30\x79\xb2\x1f\x51\x89" }, + { "1234567890" "1234567890" "1234567890" "1234567890" + "1234567890" "1234567890" "1234567890" "1234567890", + "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb" + "\xd3\x32\x3c\xab\x82\xbf\x63\x32\x6b\xfb" }, + + { NULL, NULL } + }; + int idx; + char digest[20]; + + for (idx=0; testtbl[idx].data; idx++) + { + rmd160_hash_buffer (digest, + testtbl[idx].data, strlen(testtbl[idx].data)); + if (memcmp (digest, testtbl[idx].expect, 20)) + fail (idx); + } +} + + +int +main (int argc, char **argv) +{ + (void)argc; + (void)argv; + + run_test (); + + return 0; +} + diff --git a/g10/trustdb.h b/g10/trustdb.h index 8c6721532..65eb8d1bb 100644 --- a/g10/trustdb.h +++ b/g10/trustdb.h @@ -36,7 +36,6 @@ #define TRUST_FLAG_DISABLED 128 /* d: key/uid disabled */ #define TRUST_FLAG_PENDING_CHECK 256 /* a check-trustdb is pending */ -#define NAMEHASH_HASH DIGEST_ALGO_RMD160 #define NAMEHASH_LEN 20 /*-- trustdb.c --*/