security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

See ChangeLog: Sat May 8 19:28:33 CEST 1999 Werner Koch

Browse source
This commit is contained in:
Werner Koch 1999-05-08 17:35:16 +00:00
parent 5d6d50c23c
commit a1dcec76c1
18 changed files with 685 additions and 778 deletions
Download patch file Download diff file Expand all files Collapse all files

21
g10/ChangeLog
View file

@ -1,3 +1,24 @@
Sat May 8 19:28:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* build-packet.c (do_signature): Removed MDC hack.
* encode.c (encode_crypt_mdc): Removed.
* mainproc.c (do_check_sig): Removed MDC hack.
(check_sig_and_print): Ditto.
* parse-packet.c (parse_signature): Ditto.
* sig-check.c (mdc_kludge_check): Ditto.
* free-packte.c (copy_signature, free_seckey_enc): Ditto.
* parse-packet.c (parse_signature,parse_key): Store data of
unknown algorithms with mpi_set_opaque inseatd of the old
faked data stuff.
(read_rest): Removed.
(read_rest2): Renamed to read_rest
* build-packet.c (write_fake_data): Use mpi_get_opaque.
* free-packet.c (cp_fake_data): Removed and cahnged all callers
to use mpi_copy.
(free_pubkey_enc,free_seckey_enc,release_public_key_parts,
release_secret_key_parts): Use mpi_free for opaque data.
Thu May 6 14:18:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* trustdb.c (check_trust): Check for revoked subkeys.

23
g10/build-packet.c
View file

@ -166,13 +166,12 @@ calc_packet_length( PACKET *pkt )
static void
write_fake_data( IOBUF out, MPI a )
{
byte *s;
u16 len;
if( a ) {
s = (byte*)a;
len = (s[0] << 8) | s[1];
iobuf_write( out, s+2, len );
int i;
void *p;
p = mpi_get_opaque( a, &i );
iobuf_write( a, p, i );
}
}
@ -732,15 +731,9 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
}
iobuf_put(a, sig->digest_start[0] );
iobuf_put(a, sig->digest_start[1] );
n = sig->pubkey_algo? pubkey_get_nsig( sig->pubkey_algo ) : 0;
if( !n ) { /* the MDC data */
fputs("The MDC: ", stderr);
mpi_print(stderr, sig->data[0], 0 );
fputs(" ", stderr);
mpi_print(stderr, sig->data[0], 1 );
putc('\n', stderr);
mpi_write( a, sig->data[0] );
}
n = pubkey_get_nsig( sig->pubkey_algo );
if( !n )
write_fake_data( a, sig->data[0] );
for(i=0; i < n; i++ )
mpi_write(a, sig->data[i] );

189
g10/encode.c
View file

@ -39,7 +39,6 @@
static int encode_simple( const char *filename, int mode );
static int encode_crypt_mdc( const char* fname, STRLIST remusr );
static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
@ -216,9 +215,6 @@ encode_crypt( const char *filename, STRLIST remusr )
PK_LIST pk_list;
int do_compress = opt.compress && !opt.rfc1991;
if( opt.force_mdc )
return encode_crypt_mdc( filename, remusr );
memset( &cfx, 0, sizeof cfx);
memset( &afx, 0, sizeof afx);
@ -335,191 +331,6 @@ encode_crypt( const char *filename, STRLIST remusr )
static int
encode_crypt_mdc( const char* fname, STRLIST remusr )
{
armor_filter_context_t afx;
compress_filter_context_t zfx;
md_filter_context_t mfx;
text_filter_context_t tfx;
encrypt_filter_context_t efx;
IOBUF inp = NULL, out = NULL;
PACKET pkt;
PKT_plaintext *pt = NULL;
u32 filesize;
int rc = 0;
PK_LIST pk_list = NULL;
int compr_algo = -1; /* unknown */
memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx);
memset( &mfx, 0, sizeof mfx);
memset( &tfx, 0, sizeof tfx);
memset( &efx, 0, sizeof efx);
init_packet( &pkt );
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
goto leave;
compr_algo = select_algo_from_prefs( pk_list, PREFTYPE_COMPR );
/* prepare iobufs */
if( !(inp = iobuf_open(fname)) ) {
log_error("can't open %s: %s\n", fname? fname: "[stdin]",
strerror(errno) );
rc = G10ERR_OPEN_FILE;
goto leave;
}
if( (rc = open_outfile( fname, opt.armor? 1: 0, &out )))
goto leave;
/* prepare to calculate the MD over the input */
mfx.md = md_open( DIGEST_ALGO_SHA1, 0 );
iobuf_push_filter( inp, md_filter, &mfx );
if( opt.armor )
iobuf_push_filter( out, armor_filter, &afx );
efx.pk_list = pk_list;
/* fixme: set efx.cfx.datalen if known */
iobuf_push_filter( out, encrypt_filter, &efx );
if( opt.compress ) {
if( !compr_algo )
; /* don't use compression */
else {
if( compr_algo == 1 )
zfx.algo = 1;
iobuf_push_filter( out, compress_filter, &zfx );
}
}
/* build a one pass packet */
{
PKT_onepass_sig *ops;
ops = m_alloc_clear( sizeof *ops );
ops->sig_class = 0x00;
ops->digest_algo = DIGEST_ALGO_SHA1;
ops->pubkey_algo = 0;
ops->keyid[0] = 0;
ops->keyid[1] = 0;
ops->last = 1;
init_packet(&pkt);
pkt.pkttype = PKT_ONEPASS_SIG;
pkt.pkt.onepass_sig = ops;
rc = build_packet( out, &pkt );
free_packet( &pkt );
if( rc ) {
log_error("build onepass_sig packet failed: %s\n",
g10_errstr(rc));
goto leave;
}
}
/* setup the inner packet */
if( fname || opt.set_filename ) {
char *s = make_basename( opt.set_filename ? opt.set_filename : fname );
pt = m_alloc( sizeof *pt + strlen(s) - 1 );
pt->namelen = strlen(s);
memcpy(pt->name, s, pt->namelen );
m_free(s);
}
else { /* no filename */
pt = m_alloc( sizeof *pt - 1 );
pt->namelen = 0;
}
if( fname ) {
if( !(filesize = iobuf_get_filelength(inp)) )
log_info(_("WARNING: `%s' is an empty file\n"), fname );
/* because the text_filter modifies the length of the
* data, it is not possible to know the used length
* without a double read of the file - to avoid that
* we simple use partial length packets.
*/
if( opt.textmode )
filesize = 0;
}
else
filesize = 0; /* stdin */
pt->timestamp = make_timestamp();
pt->mode = opt.textmode ? 't':'b';
pt->len = filesize;
pt->new_ctb = !pt->len;
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
/*cfx.datalen = filesize? calc_packet_length( &pkt ) : 0;*/
if( (rc = build_packet( out, &pkt )) )
log_error("build_packet(PLAINTEXT) failed: %s\n", g10_errstr(rc) );
pt->buf = NULL;
/* build the MDC faked signature packet */
{
PKT_signature *sig;
MD_HANDLE md;
byte buf[6];
size_t n;
sig = m_alloc_clear( sizeof *sig );
sig->version = 4;
sig->digest_algo = DIGEST_ALGO_SHA1;
md = md_copy( mfx.md );
md_putc( md, sig->version );
md_putc( md, sig->sig_class );
md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo );
n = 6;
/* add some magic */
buf[0] = sig->version;
buf[1] = 0xff; buf[2] = 0; buf[3] = 0; buf[4] = 0; buf[5] = 6;
md_write( md, buf, 6 );
md_final( md );
/* pack the hash into data[0] */
memcpy( sig->digest_start, md_read( md, DIGEST_ALGO_SHA1), 2 );
sig->data[0] = mpi_alloc( (20+BYTES_PER_MPI_LIMB-1)
/BYTES_PER_MPI_LIMB );
mpi_set_buffer( sig->data[0], md_read(md, DIGEST_ALGO_SHA1),
md_digest_length(DIGEST_ALGO_SHA1), 0 );
md_close( md );
if( !rc ) { /* and write it */
init_packet(&pkt);
pkt.pkttype = PKT_SIGNATURE;
pkt.pkt.signature = sig;
rc = build_packet( out, &pkt );
free_packet( &pkt );
if( rc )
log_error("build MDC packet failed: %s\n", g10_errstr(rc) );
}
if( rc )
goto leave;
}
leave:
if( rc )
iobuf_cancel(out);
else
iobuf_close(out);
iobuf_close(inp);
md_close( mfx.md );
release_pk_list( pk_list );
return rc;
}
/****************
* Filter to do a complete public key encryption.

48
g10/free-packet.c
View file

@ -43,10 +43,8 @@ free_pubkey_enc( PKT_pubkey_enc *enc )
{
int n, i;
n = pubkey_get_nenc( enc->pubkey_algo );
if( !n ) {
m_free(enc->data[0]);
enc->data[0] = NULL;
}
if( !n )
mpi_free(enc->data[0]);
for(i=0; i < n; i++ )
mpi_free( enc->data[i] );
m_free(enc);
@ -56,7 +54,7 @@ void
free_seckey_enc( PKT_signature *sig )
{
int n, i;
n = sig->pubkey_algo? pubkey_get_nsig( sig->pubkey_algo ) : 0;
n = pubkey_get_nsig( sig->pubkey_algo );
if( !n )
mpi_free(sig->data[0]);
for(i=0; i < n; i++ )
@ -73,10 +71,8 @@ release_public_key_parts( PKT_public_key *pk )
{
int n, i;
n = pubkey_get_npkey( pk->pubkey_algo );
if( !n ) {
m_free(pk->pkey[0]);
pk->pkey[0] = NULL;
}
if( !n )
mpi_free(pk->pkey[0]);
for(i=0; i < n; i++ ) {
mpi_free( pk->pkey[i] );
pk->pkey[i] = NULL;
@ -95,20 +91,6 @@ free_public_key( PKT_public_key *pk )
m_free(pk);
}
static void *
cp_fake_data( MPI a )
{
byte *d, *s;
u16 len;
if( !a )
return NULL;
s = (byte*)a;
len = (s[0] << 8) | s[1];
d = m_alloc( len+2 );
memcpy(d, s, len+2);
return d;
}
static void *
cp_data_block( byte *s )
@ -144,7 +126,7 @@ copy_public_key_new_namehash( PKT_public_key *d, PKT_public_key *s,
}
n = pubkey_get_npkey( s->pubkey_algo );
if( !n )
d->pkey[0] = cp_fake_data(s->pkey[0]);
d->pkey[0] = mpi_copy(s->pkey[0]);
else {
for(i=0; i < n; i++ )
d->pkey[i] = mpi_copy( s->pkey[i] );
@ -166,11 +148,13 @@ copy_signature( PKT_signature *d, PKT_signature *s )
if( !d )
d = m_alloc(sizeof *d);
memcpy( d, s, sizeof *d );
n = s->pubkey_algo? pubkey_get_nsig( s->pubkey_algo ) : 0;
n = pubkey_get_nsig( s->pubkey_algo );
if( !n )
d->data[0] = mpi_copy(s->data[0]);
for(i=0; i < n; i++ )
d->data[i] = mpi_copy( s->data[i] );
else {
for(i=0; i < n; i++ )
d->data[i] = mpi_copy( s->data[i] );
}
d->hashed_data = cp_data_block(s->hashed_data);
d->unhashed_data = cp_data_block(s->unhashed_data);
return d;
@ -194,10 +178,8 @@ release_secret_key_parts( PKT_secret_key *sk )
int n, i;
n = pubkey_get_nskey( sk->pubkey_algo );
if( !n ) {
m_free(sk->skey[0]);
sk->skey[0] = NULL;
}
if( !n )
mpi_free(sk->skey[0]);
for(i=0; i < n; i++ ) {
mpi_free( sk->skey[i] );
sk->skey[i] = NULL;
@ -221,7 +203,7 @@ copy_secret_key( PKT_secret_key *d, PKT_secret_key *s )
memcpy( d, s, sizeof *d );
n = pubkey_get_nskey( s->pubkey_algo );
if( !n )
d->skey[0] = cp_fake_data(s->skey[0]);
d->skey[0] = mpi_copy(s->skey[0]);
else {
for(i=0; i < n; i++ )
d->skey[i] = mpi_copy( s->skey[i] );
@ -430,7 +412,7 @@ cmp_signatures( PKT_signature *a, PKT_signature *b )
if( a->pubkey_algo != b->pubkey_algo )
return -1;
n = a->pubkey_algo? pubkey_get_nsig( a->pubkey_algo ) : 0;
n = pubkey_get_nsig( a->pubkey_algo );
if( !n )
return -1; /* can't compare due to unknown algorithm */
for(i=0; i < n; i++ ) {

63
g10/mainproc.c
View file

@ -292,9 +292,6 @@ proc_plaintext( CTX c, PACKET *pkt )
* to do it. (We could use a special packet type to indicate
* this, but this may also be faked - it simply can't be verified
* and is _no_ security issue)
* Hmmm: There is one problem: The MDC also uses a keyid of 0
* and a pubkey algo of 0 - the only difference is that the
* sig_class will be 0.
*/
if( n->pkt->pkt.onepass_sig->sig_class == 0x01
&& !n->pkt->pkt.onepass_sig->keyid[0]
@ -416,12 +413,7 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
}
else
return G10ERR_SIG_CLASS;
if( sig->pubkey_algo )
rc = signature_check( sig, md );
else if( !is_encrypted( c ) )
rc = G10ERR_NOT_ENCRYPTED;
else
rc = mdc_kludge_check( sig, md );
rc = signature_check( sig, md );
md_close(md);
return rc;
@ -863,33 +855,7 @@ do_proc_packets( CTX c, IOBUF a )
}
static int
check_sig_and_print( CTX c, KBNODE node )
{
PKT_signature *sig = node->pkt->pkt.signature;
const char *astr, *tstr;
int rc;
int mdc_hack = !sig->pubkey_algo;
if( opt.skip_verify && !mdc_hack ) {
log_info(_("signature verification suppressed\n"));
return 0;
}
if( !mdc_hack ) {
tstr = asctimestamp(sig->timestamp);
astr = pubkey_algo_to_string( sig->pubkey_algo );
log_info(_("Signature made %.*s using %s key ID %08lX\n"),
(int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] );
}
rc = do_check_sig(c, node, NULL );
if( rc == G10ERR_NO_PUBKEY && opt.keyserver_name ) {
if( !hkp_ask_import( sig->keyid ) )
rc = do_check_sig(c, node, NULL );
}
if( mdc_hack ) {
#if 0 /* old MDC hack code preserved to reuse the messages later */
if( !rc ) {
if( opt.verbose )
log_info(_("encrypted message is valid\n"));
@ -903,8 +869,31 @@ check_sig_and_print( CTX c, KBNODE node )
write_status( STATUS_ERRMDC );
log_error(_("Can't check MDC: %s\n"), g10_errstr(rc) );
}
#endif
static int
check_sig_and_print( CTX c, KBNODE node )
{
PKT_signature *sig = node->pkt->pkt.signature;
const char *astr, *tstr;
int rc;
if( opt.skip_verify ) {
log_info(_("signature verification suppressed\n"));
return 0;
}
else if( !rc || rc == G10ERR_BAD_SIGN ) {
tstr = asctimestamp(sig->timestamp);
astr = pubkey_algo_to_string( sig->pubkey_algo );
log_info(_("Signature made %.*s using %s key ID %08lX\n"),
(int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] );
rc = do_check_sig(c, node, NULL );
if( rc == G10ERR_NO_PUBKEY && opt.keyserver_name ) {
if( !hkp_ask_import( sig->keyid ) )
rc = do_check_sig(c, node, NULL );
}
if( !rc || rc == G10ERR_BAD_SIGN ) {
KBNODE un, keyblock;
char *us;
int count=0;

1
g10/packet.h
View file

@ -302,7 +302,6 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
/*-- sig-check.c --*/
int signature_check( PKT_signature *sig, MD_HANDLE digest );
int mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest );
/*-- seckey-cert.c --*/
int is_secret_key_protected( PKT_secret_key *sk );

81
g10/parse-packet.c
View file

@ -48,7 +48,7 @@ static int copy_packet( IOBUF inp, IOBUF out, int pkttype,
unsigned long pktlen );
static void skip_packet( IOBUF inp, int pkttype, unsigned long pktlen );
static void skip_rest( IOBUF inp, unsigned long pktlen );
static void *read_rest( IOBUF inp, ulong *r_pktlen );
static void *read_rest( IOBUF inp, size_t pktlen );
static int parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
static int parse_pubkeyenc( IOBUF inp, int pkttype, unsigned long pktlen,
@ -535,30 +535,9 @@ skip_rest( IOBUF inp, unsigned long pktlen )
}
}
static void *
read_rest( IOBUF inp, ulong *r_pktlen )
{
byte *p;
int i;
size_t pktlen = *r_pktlen;
if( iobuf_in_block_mode(inp) ) {
log_error("read_rest: can't store stream data\n");
p = NULL;
}
else {
p = m_alloc( pktlen + 2 );
p[0] = pktlen >> 8;
p[1] = pktlen & 0xff;
for(i=2; pktlen; pktlen--, i++ )
p[i] = iobuf_get(inp);
}
*r_pktlen = 0;
return p;
}
static void *
read_rest2( IOBUF inp, size_t pktlen )
read_rest( IOBUF inp, size_t pktlen )
{
byte *p;
int i;
@ -1065,41 +1044,29 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
}
}
if( !sig->pubkey_algo ) {
n = pktlen;
sig->data[0] = mpi_read(inp, &n, 0 );
pktlen -=n;
if( list_mode ) {
printf("\tMDC data: ");
mpi_print(stdout, sig->data[0], mpi_print_mode );
putchar('\n');
}
ndata = pubkey_get_nsig(sig->pubkey_algo);
if( !ndata ) {
if( list_mode )
printf("\tunknown algorithm %d\n", sig->pubkey_algo );
unknown_pubkey_warning( sig->pubkey_algo );
/* we store the plain material in data[0], so that we are able
* to write it back with build_packet() */
sig->data[0] = mpi_set_opaque(NULL, read_rest(inp, pktlen), pktlen );
pktlen = 0;
}
else {
ndata = pubkey_get_nsig(sig->pubkey_algo);
if( !ndata ) {
if( list_mode )
printf("\tunknown algorithm %d\n", sig->pubkey_algo );
unknown_pubkey_warning( sig->pubkey_algo );
/* we store the plain material in data[0], so that we are able
* to write it back with build_packet() */
sig->data[0] = read_rest(inp, &pktlen );
}
else {
for( i=0; i < ndata; i++ ) {
n = pktlen;
sig->data[i] = mpi_read(inp, &n, 0 );
pktlen -=n;
if( list_mode ) {
printf("\tdata: ");
mpi_print(stdout, sig->data[i], mpi_print_mode );
putchar('\n');
}
for( i=0; i < ndata; i++ ) {
n = pktlen;
sig->data[i] = mpi_read(inp, &n, 0 );
pktlen -=n;
if( list_mode ) {
printf("\tdata: ");
mpi_print(stdout, sig->data[i], mpi_print_mode );
putchar('\n');
}
}
}
leave:
skip_rest(inp, pktlen);
return rc;
@ -1243,7 +1210,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
byte temp[8];
if( !npkey ) {
sk->skey[0] = read_rest( inp, &pktlen );
sk->skey[0] = mpi_set_opaque( NULL,
read_rest(inp, pktlen), pktlen );
pktlen = 0;
goto leave;
}
@ -1361,7 +1330,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
* stuff up to the end of the packet into the first
* skey element */
sk->skey[npkey] = mpi_set_opaque(NULL,
read_rest2(inp, pktlen), pktlen );
read_rest(inp, pktlen), pktlen );
pktlen = 0;
if( list_mode ) {
printf("\tencrypted stuff follows\n");
@ -1393,7 +1362,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
PKT_public_key *pk = pkt->pkt.public_key;
if( !npkey ) {
pk->pkey[0] = read_rest( inp, &pktlen );
pk->pkey[0] = mpi_set_opaque( NULL,
read_rest(inp, pktlen), pktlen );
pktlen = 0;
goto leave;
}

4
g10/sig-check.c
View file

@ -107,7 +107,7 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
}
#if 0 /* not anymore used */
/****************
* Check the MDC which is contained in SIG.
* The MD_HANDLE should be currently open, so that this function
@ -193,7 +193,7 @@ mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest )
return rc;
}
#endif
/****************
* This function gets called by pubkey_verify() if the algorithm needs it.