security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

See ChangeLog: Wed Apr 7 20:51:39 CEST 1999 Werner Koch

Browse source
This commit is contained in:
Werner Koch 1999-04-07 18:58:34 +00:00
parent 1b9a820c19
commit 9f40263e56
30 changed files with 771 additions and 520 deletions
Download patch file Download diff file Expand all files Collapse all files

15
g10/ChangeLog
View file

@ -1,3 +1,18 @@
Wed Apr 7 20:51:39 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* encr-data.c (decrypt_data): Fixes for 128 bit blocksize
* cipher.c (write_header): Ditto.
* seckey-cert.c (do_check): Ditto.
(protect_secret_key). Ditto.
* misc.c (print_cipher_algo_note): Twofish is now a standard algo.
* keygen.c (do_create): Fixed spelling (Gaël Quéri)
(ask_keysize): Only allow keysizes up to 4096
* ringedit.c (add_keyblock_resource): chmod newly created secrings.
* import.c (delete_inv_parts): Fixed accidently deleted subkeys.
Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* armor.c: Removed duped include (John Bley)

19
g10/cipher.c
View file

@ -1,5 +1,5 @@
/* cipher.c - En-/De-ciphering filter
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998,1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -45,6 +45,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
PKT_encrypted ed;
byte temp[18];
unsigned blocksize;
unsigned nprefix;
memset( &ed, 0, sizeof ed );
ed.len = cfx->datalen;
@ -57,16 +58,22 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
blocksize = cipher_get_blocksize( cfx->dek->algo );
if( blocksize < 8 || blocksize > 16 )
log_fatal("unsupported blocksize %u\n", blocksize );
randomize_buffer( temp, blocksize, 1 );
temp[blocksize] = temp[blocksize-2];
temp[blocksize+1] = temp[blocksize-1];
/* FIXME: remove the kludge for the experimental twofish128 mode:
* we always use the 10 byte prefix and not one depending on the blocksize
*/
nprefix = cfx->dek->algo == CIPHER_ALGO_TWOFISH_OLD? blocksize : 8;
randomize_buffer( temp, nprefix, 1 );
temp[nprefix] = temp[nprefix-2];
temp[nprefix+1] = temp[nprefix-1];
print_cipher_algo_note( cfx->dek->algo );
cfx->cipher_hd = cipher_open( cfx->dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
/*log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/
cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen );
cipher_setiv( cfx->cipher_hd, NULL );
cipher_encrypt( cfx->cipher_hd, temp, temp, blocksize+2);
/* log_hexdump( "prefix", temp, nprefix+2 );*/
cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2);
cipher_sync( cfx->cipher_hd );
iobuf_write(a, temp, blocksize+2);
iobuf_write(a, temp, nprefix+2);
cfx->header=1;
}

2
g10/decrypt.c
View file

@ -1,4 +1,4 @@
/* verify.c - verify signed data
/* decrypt.c - verify signed data
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GnuPG.

19
g10/encr-data.c
View file

@ -52,6 +52,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
int rc, c, i;
byte temp[32];
unsigned blocksize;
unsigned nprefix;
if( opt.verbose ) {
const char *s = cipher_algo_to_string( dek->algo );
@ -65,10 +66,15 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
blocksize = cipher_get_blocksize(dek->algo);
if( !blocksize || blocksize > 16 )
log_fatal("unsupported blocksize %u\n", blocksize );
if( ed->len && ed->len < (blocksize+2) )
log_bug("Nanu\n"); /* oops: found a bug */
/* FIXME: remove the kludge for the experimental twofish128 mode:
* we always use the 10 byte prefix and not one depending on the blocksize
*/
nprefix = dek->algo == CIPHER_ALGO_TWOFISH_OLD? blocksize : 8;
if( ed->len && ed->len < (nprefix+2) )
BUG();
dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
/*log_hexdump( "thekey", dek->key, dek->keylen );*/
rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
if( rc == G10ERR_WEAK_KEY )
log_info(_("WARNING: message was encrypted with "
@ -79,7 +85,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
cipher_setiv( dfx.cipher_hd, NULL );
if( ed->len ) {
for(i=0; i < (blocksize+2) && ed->len; i++, ed->len-- ) {
for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) {
if( (c=iobuf_get(ed->buf)) == -1 )
break;
else
@ -87,16 +93,17 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
}
}
else {
for(i=0; i < (blocksize+2); i++ )
for(i=0; i < (nprefix+2); i++ )
if( (c=iobuf_get(ed->buf)) == -1 )
break;
else
temp[i] = c;
}
cipher_decrypt( dfx.cipher_hd, temp, temp, blocksize+2);
cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2);
cipher_sync( dfx.cipher_hd );
p = temp;
if( p[blocksize-2] != p[blocksize] || p[blocksize-1] != p[blocksize+1] ) {
/*log_hexdump( "prefix", temp, nprefix+2 );*/
if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
cipher_close(dfx.cipher_hd);
return G10ERR_BAD_KEY;
}

1
g10/g10.c
View file

@ -176,6 +176,7 @@ static ARGPARSE_OPTS opts[] = {
{ aVerify, "verify" , 256, N_("verify a signature")},
#endif
{ aListKeys, "list-keys", 256, N_("list keys")},
{ aListKeys, "list-public-keys", 256, "@" },
{ aListSigs, "list-sigs", 256, N_("list keys and signatures")},
{ aCheckKeys, "check-sigs",256, N_("check key signatures")},
{ oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},

5
g10/import.c
View file

@ -765,7 +765,10 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
}
delete_kbnode( node ); /* the user-id */
/* and all following packets up to the next user-id */
while( node->next && node->next->pkt->pkttype != PKT_USER_ID ){
while( node->next
&& node->next->pkt->pkttype != PKT_USER_ID
&& node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
&& node->next->pkt->pkttype != PKT_SECRET_SUBKEY ){
delete_kbnode( node->next );
node = node->next;
}

18
g10/keygen.c
View file

@ -1,5 +1,5 @@
/* keygen.c - generate a key pair
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -454,6 +454,18 @@ ask_keysize( int algo )
tty_printf(_("DSA only allows keysizes from 512 to 1024\n"));
else if( nbits < 768 )
tty_printf(_("keysize too small; 768 is smallest value allowed.\n"));
else if( nbits > 4096 ) {
/* It is ridiculous and an annoyance to use larger key sizes!
* GnuPG can handle much larger sizes; but it takes an eternity
* to create such a key (but less than the time the Sirius
* Computer Corporation needs to process one of the usual
* complaints) and {de,en}cryption although needs some time.
* So, before you complain about this limitation, I suggest that
* you start a discussion with Marvin about this theme and then
* do whatever you want. */
tty_printf(_("keysize too large; %d is largest value allowed.\n"),
4096);
}
else if( nbits > 2048 && !cpr_enabled() ) {
tty_printf(
_("Keysizes larger than 2048 are not suggested because\n"
@ -762,8 +774,8 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root,
tty_printf(_(
"We need to generate a lot of random bytes. It is a good idea to perform\n"
"some other action (type on the keyboard, move the mouse, utilize the\n"
"the disks) during the prime generation; this gives the random\n"
"number generator a better chance to gain enough entropy.\n") );
"disks) during the prime generation; this gives the random number\n"
"generator a better chance to gain enough entropy.\n") );
if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E )
rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k,

3
g10/misc.c
View file

@ -1,5 +1,5 @@
/* misc.c - miscellaneous functions
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -225,6 +225,7 @@ print_cipher_algo_note( int algo )
else if( algo == CIPHER_ALGO_3DES
|| algo == CIPHER_ALGO_CAST5
|| algo == CIPHER_ALGO_BLOWFISH
|| algo == CIPHER_ALGO_TWOFISH
)
;
else {

1
g10/parse-packet.c
View file

@ -1318,7 +1318,6 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
rc = G10ERR_INVALID_PACKET;
goto leave;
}
/* fixme: Add support for other blocksizes */
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
if( list_mode ) {

20
g10/ringedit.c
View file

@ -318,8 +318,19 @@ add_keyblock_resource( const char *url, int force, int secret )
rc = G10ERR_OPEN_FILE;
goto leave;
}
else
else {
#ifndef HAVE_DOSISH_SYSTEM
if( secret ) {
if( chmod( filename, S_IRUSR | S_IWUSR ) ) {
log_error("%s: chmod failed: %s\n",
filename, strerror(errno) );
rc = G10ERR_WRITE_FILE;
goto leave;
}
}
#endif
log_info(_("%s: keyring created\n"), filename );
}
}
#if HAVE_DOSISH_SYSTEM || 1
iobuf_close( iobuf );
@ -350,6 +361,13 @@ add_keyblock_resource( const char *url, int force, int secret )
goto leave;
}
#ifndef HAVE_DOSISH_SYSTEM
#if 0 /* fixme: check directory permissions and print a warning */
if( secret ) {
}
#endif
#endif
/* fixme: avoid duplicate resources */
resource_table[i].used = 1;
resource_table[i].secret = !!secret;

7
g10/seckey-cert.c
View file

@ -1,5 +1,5 @@
/* seckey-cert.c - secret key certificate packet handling
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -52,8 +52,7 @@ do_check( PKT_secret_key *sk )
if( sk->protect.algo == CIPHER_ALGO_NONE )
BUG();
if( check_cipher_algo( sk->protect.algo )
|| cipher_get_blocksize( sk->protect.algo ) != 8 ) {
if( check_cipher_algo( sk->protect.algo ) ) {
log_info(_("protection algorithm %d is not supported\n"),
sk->protect.algo );
return G10ERR_CIPHER_ALGO;
@ -222,8 +221,6 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
if( check_cipher_algo( sk->protect.algo ) )
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
else if( cipher_get_blocksize( sk->protect.algo ) != 8 )
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
else {
print_cipher_algo_note( sk->protect.algo );
cipher_hd = cipher_open( sk->protect.algo,