diff --git a/ChangeLog b/ChangeLog index 70039b8bb..8a51e3e74 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ +Mon Jun 5 12:37:43 CEST 2000 Werner Koch + + * acnclude.m4 (GNUPG_CHECK_EXPORTDYNAMIC): Replacement for + GNUPG_CHECK_RDYNAMIC which should handle gcc with non GNU ld nicer. + Contributed by Dave Dykstra. + * configure.in (GNYPG_CHECK_RDYNAMIC): Replaced by the new check. + + * configure.in (AC_CHECK_AWK): Moved before the first use of AWK. Suggested + by Dave Dykstra. + Tue May 30 16:37:55 CEST 2000 Werner Koch Version 1.0.1-ePit-1 diff --git a/NEWS b/NEWS index 83f69d9c5..5fa9834c3 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,5 @@ -Noteworthy changes in version 1.0.1-ePit-1 ------------------------------------------- +Noteworthy changes in the current test release +---------------------------------------------- * Fixed expiration handling of encryption keys. @@ -45,6 +45,12 @@ Noteworthy changes in version 1.0.1-ePit-1 * There is a new status PROGRESS which is used to show progress during key generation. + * Support for the new MDC encryption packets. To create them either + --force-mdc must be use or cipher algorithm with a blocksize other + than 64 bits is to be used. --openpgp currently disables MDC packets + entirely. + + Noteworthy changes in version 1.0.1 (1999-12-16) ----------------------------------- diff --git a/TODO b/TODO index 8323bd954..4f442a9d2 100644 --- a/TODO +++ b/TODO @@ -7,12 +7,11 @@ * Fix localtime() in W32. - * export sollte exit(1) machen bei einem Fehler - testen! Es wird ein - leerer File erzeugt. Nur unter Windows? - * No TCP support yet for W32? arggg - should go into a separate program anyway. + * Replace Valid/Invalid by Known/Unknown? + Scheduled for 1.1 ----------------- diff --git a/VERSION b/VERSION index f37fc79b4..36beb0f0e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.1-ePit-1 +1.0.1h diff --git a/acinclude.m4 b/acinclude.m4 index 01f890020..05b8873d9 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -206,39 +206,38 @@ define(GNUPG_CHECK_PIC, ###################################################################### -# Check for rdynamic flag -# This sets CFLAGS_RDYNAMIC to the required flags +# Check for export-dynamic flag +# This sets CFLAGS_EXPORTDYNAMIC to the required flags ###################################################################### -dnl GNUPG_CHECK_RDYNAMIC +dnl GNUPG_CHECK_EXPORTDYNAMIC dnl -define(GNUPG_CHECK_RDYNAMIC, - [ AC_MSG_CHECKING(how to specify -rdynamic) - CFLAGS_RDYNAMIC= +define(GNUPG_CHECK_EXPORTDYNAMIC, + [ AC_MSG_CHECKING(how to specify -export-dynamic) if test "$cross_compiling" = yes; then - AC_MSG_RESULT(assume none) + AC_MSG_RESULT(assume none) + CFLAGS_EXPORTDYNAMIC="" else - case "$host_os" in - solaris* ) - CFLAGS_RDYNAMIC="-Wl,-dy" - ;; - - hpux* ) - CFLAGS_RDYNAMIC="-Wl,-E" - ;; - - openbsd* | freebsd2* | osf4* | irix* | netbsd* | bsdi* ) - CFLAGS_RDYNAMIC="" - ;; - - * ) - CFLAGS_RDYNAMIC="-Wl,-export-dynamic" - ;; - esac - AC_MSG_RESULT($CFLAGS_RDYNAMIC) + AC_CACHE_VAL(gnupg_cv_export_dynamic,[ + if AC_TRY_COMMAND([${CC-cc} $CFLAGS -Wl,--version 2>&1 | + grep "GNU ld" >/dev/null]); then + # using gnu's linker + gnupg_cv_export_dynamic="-Wl,-export-dynamic" + else + case "$host_os" in + hpux* ) + gnupg_cv_export_dynamic="-Wl,-E" + ;; + * ) + gnupg_cv_export_dynamic="" + ;; + esac + fi + ]) + AC_MSG_RESULT($gnupg_cv_export_dynamic) + CFLAGS_EXPORTDYNAMIC="$gnupg_cv_export_dynamic" fi ]) - ##################################################################### # Check for SysV IPC (from GIMP) # And see whether we have a SHM_LOCK (FreeBSD does not have it). diff --git a/checks/Makefile.am b/checks/Makefile.am index 41ded3cd6..4ddb5e310 100644 --- a/checks/Makefile.am +++ b/checks/Makefile.am @@ -11,7 +11,7 @@ TESTS = version.test mds.test \ signencrypt.test signencrypt-dsa.test \ armsignencrypt.test armdetach.test \ armdetachm.test detachm.test genkey1024.test \ - conventional.test + conventional.test conventional-mdc.test TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \ diff --git a/checks/conventional-mdc.test b/checks/conventional-mdc.test new file mode 100755 index 000000000..7d9616459 --- /dev/null +++ b/checks/conventional-mdc.test @@ -0,0 +1,16 @@ +#!/bin/sh + +. $srcdir/defs.inc || exit 3 + +#info Checking conventional encryption +for i in 0 1 2 3 9 10 11 19 20 21 22 23 39 40 41 8192 32000 ; do + for ciph in 3des cast5 blowfish twofish; do + dd if=data-80000 of=z bs=1 count=$i 2>/dev/null + echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 \ + --force-mdc --cipher $ciph -c -o x --yes z + echo "Hier spricht HAL" | $srcdir/run-gpg --passphrase-fd 0 \ + -o y --yes x + cmp z y || error "$ciph/$i: mismatch" + done +done + diff --git a/checks/conventional.test b/checks/conventional.test index 289a85095..b638f1d25 100755 --- a/checks/conventional.test +++ b/checks/conventional.test @@ -2,7 +2,7 @@ . $srcdir/defs.inc || exit 3 -# temp. hack cause the format for 128 biut blocksize messages may change +# temp. hack cause the format for 128 bit blocksize messages may change GNUPG_ENABLE_TWOFISH=1 export GNUPG_ENABLE_TWOFISH diff --git a/configure.in b/configure.in index 290ebbc23..695703158 100644 --- a/configure.in +++ b/configure.in @@ -23,7 +23,9 @@ AC_SUBST(PACKAGE) AC_DEFINE_UNQUOTED(VERSION, "$VERSION") AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE") -MODULES_IN_CIPHER=`awk '/^EXTRA_PROGRAMS/ { for(i=3;i<=NF;i++) print $i}' \ +AC_PROG_AWK + +MODULES_IN_CIPHER=`$AWK '/^EXTRA_PROGRAMS/ { for(i=3;i<=NF;i++) print $i}' \ $srcdir/cipher/Makefile.am` dnl @@ -221,7 +223,7 @@ esac AC_SUBST(MPI_OPT_FLAGS) GNUPG_SYS_SYMBOL_UNDERSCORE GNUPG_CHECK_PIC -GNUPG_CHECK_RDYNAMIC +GNUPG_CHECK_EXPORTDYNAMIC if test "$NO_PIC" = yes; then try_dynload=no fi @@ -320,21 +322,21 @@ if test "$try_dynload" = yes ; then if test "$ac_cv_lib_dl_dlopen" = "yes"; then AC_DEFINE(USE_DYNAMIC_LINKING) AC_DEFINE(HAVE_DL_DLOPEN) - DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC" + DYNLINK_LDFLAGS="$CFLAGS_EXPORTDYNAMIC" use_gnupg_extensions=yes else AC_CHECK_FUNCS(dlopen) if test "$ac_cv_func_dlopen" = "yes"; then AC_DEFINE(USE_DYNAMIC_LINKING) AC_DEFINE(HAVE_DL_DLOPEN) - DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC" + DYNLINK_LDFLAGS="$CFLAGS_EXPORTDYNAMIC" use_gnupg_extensions=yes else AC_CHECK_LIB(dld,shl_load) if test "$ac_cv_lib_dld_shl_load" = "yes"; then AC_DEFINE(USE_DYNAMIC_LINKING) AC_DEFINE(HAVE_DL_SHL_LOAD) - DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC" + DYNLINK_LDFLAGS="$CFLAGS_EXPORTDYNAMIC" use_gnupg_extensions=yes dnl ----------------- dnl DLD is not ready for use. So I better disable this test @@ -343,7 +345,7 @@ dnl AC_CHECK_LIB(dld,dld_link) dnl if test "$ac_cv_lib_dld_dld_link" = "yes"; then dnl AC_DEFINE(USE_DYNAMIC_LINKING) dnl AC_DEFINE(HAVE_DLD_DLD_LINK) -dnl DYNLINK_LDFLAGS="$CFLAGS_RDYNAMIC" +dnl DYNLINK_LDFLAGS="$CFLAGS_EXPORTDYNAMIC" dnl use_gnupg_extensions=yes dnl --------------- fi diff --git a/g10/ChangeLog b/g10/ChangeLog index 6d19d7e0e..51c3973d0 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +Mon Jun 5 12:37:43 CEST 2000 Werner Koch + + * build-packet.c (do_mdc): New. + (do_encrypted_mdc): Changed for the new proposal. + * parse-packet.c (parse_mdc): New. + (parse_encrypted): Fixed for the new proposal. + * packet.h (PKT_MDC): New. + * cipher.c (cipher_filter): Build the MDC packet here. + * g10.c (main): Enable --force-mdc. + * encr-data.c (mdc_decode_filter): Fixed for new MDC method + + * options.h(rfc2440): New. + * g10.c (main): Changed the selected values for --openpgp to not include + optional algorithms. + Thu May 18 11:38:54 CEST 2000 Werner Koch * keyedit.c (keyedit_menu): Add a keyword arg to the prompt. diff --git a/g10/build-packet.c b/g10/build-packet.c index 238a2021b..0f297b0e7 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -44,6 +44,7 @@ static u32 calc_plaintext( PKT_plaintext *pt ); static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt ); static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed ); static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed ); +static int do_mdc( IOBUF out, PKT_mdc *mdc ); static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd ); static int do_signature( IOBUF out, int ctb, PKT_signature *sig ); static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops ); @@ -121,6 +122,9 @@ build_packet( IOBUF out, PACKET *pkt ) case PKT_ENCRYPTED_MDC: rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted ); break; + case PKT_MDC: + rc = do_mdc( out, pkt->pkt.mdc ); + break; case PKT_COMPRESSED: rc = do_compressed( out, ctb, pkt->pkt.compressed ); break; @@ -550,13 +554,24 @@ do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed ) n = ed->len ? (ed->len + 10) : 0; write_header(out, ctb, n ); iobuf_put(out, 1 ); /* version */ - iobuf_put(out, ed->mdc_method ); /* This is all. The caller has to write the real data */ return rc; } + +static int +do_mdc( IOBUF out, PKT_mdc *mdc ) +{ + /* This packet requires a fixed header encoding */ + iobuf_put( out, 0xd3 ); /* packet ID and 1 byte length */ + iobuf_put( out, 0x14 ); /* length = 20 */ + if( iobuf_write( out, mdc->hash, sizeof(mdc->hash) ) ) + return G10ERR_WRITE_FILE; + return 0; +} + static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd ) { diff --git a/g10/cipher.c b/g10/cipher.c index b270a4aee..0bed51300 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -49,22 +49,27 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) unsigned nprefix; int use_mdc = opt.force_mdc; + blocksize = cipher_get_blocksize( cfx->dek->algo ); + if( blocksize < 8 || blocksize > 16 ) + log_fatal("unsupported blocksize %u\n", blocksize ); + if( blocksize != 8 ) + use_mdc = 1; /* enable it for all modern ciphers */ + if( opt.rfc2440 ) + use_mdc = 0; /* override - rfc2440 does not know about MDC */ + memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; ed.new_ctb = !ed.len && !opt.rfc1991; if( use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 ); - /*md_start_debug( cfx->mdc_hash, "mdccreat" );*/ + /*md_start_debug( cfx->mdc_hash, "creatmdc" );*/ } init_packet( &pkt ); pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; pkt.pkt.encrypted = &ed; if( build_packet( a, &pkt )) log_bug("build_packet(ENCR_DATA) failed\n"); - blocksize = cipher_get_blocksize( cfx->dek->algo ); - if( blocksize < 8 || blocksize > 16 ) - log_fatal("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; randomize_buffer( temp, nprefix, 1 ); temp[nprefix] = temp[nprefix-2]; @@ -75,8 +80,6 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); cipher_setiv( cfx->cipher_hd, NULL, 0 ); /* log_hexdump( "prefix", temp, nprefix+2 ); */ - if( cfx->mdc_hash ) - md_write( cfx->mdc_hash, temp, nprefix+2 ); cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2); cipher_sync( cfx->cipher_hd ); iobuf_write(a, temp, nprefix+2); @@ -115,12 +118,22 @@ cipher_filter( void *opaque, int control, if( cfx->mdc_hash ) { byte *hash; int hashlen = md_digest_length( md_get_algo( cfx->mdc_hash ) ); + byte temp[22]; + + assert( hashlen == 20 ); + /* we must hash the prefix of the MDC packet here */ + temp[0] = 0xd3; + temp[1] = 0x14; + md_putc( cfx->mdc_hash, temp[0] ); + md_putc( cfx->mdc_hash, temp[1] ); + md_final( cfx->mdc_hash ); hash = md_read( cfx->mdc_hash, 0 ); - cipher_encrypt( cfx->cipher_hd, hash, hash, hashlen ); - if( iobuf_write( a, hash, hashlen ) ) - rc = G10ERR_WRITE_FILE; + memcpy(temp+2, hash, 20); + cipher_encrypt( cfx->cipher_hd, temp, temp, 22 ); md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL; + if( iobuf_write( a, temp, 22 ) ) + log_error("writing MDC packet failed\n" ); } cipher_close(cfx->cipher_hd); write_status( STATUS_END_ENCRYPTION ); diff --git a/g10/encr-data.c b/g10/encr-data.c index d2aea0ff1..c584f49d3 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -32,9 +32,9 @@ #include "i18n.h" -static int decode_filter( void *opaque, int control, IOBUF a, - byte *buf, size_t *ret_len); static int mdc_decode_filter( void *opaque, int control, IOBUF a, + byte *buf, size_t *ret_len); +static int decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len); typedef struct { @@ -76,8 +76,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if( ed->len && ed->len < (nprefix+2) ) BUG(); - if( ed->mdc_method ) + if( ed->mdc_method ) { dfx.mdc_hash = md_open( ed->mdc_method, 0 ); + /*md_start_debug(dfx.mdc_hash, "checkmdc");*/ + } dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); /* log_hexdump( "thekey", dek->key, dek->keylen );*/ rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); @@ -107,8 +109,6 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) temp[i] = c; } cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2); - if( dfx.mdc_hash ) - md_write( dfx.mdc_hash, temp, nprefix+2 ); cipher_sync( dfx.cipher_hd ); p = temp; /* log_hexdump( "prefix", temp, nprefix+2 ); */ @@ -116,29 +116,36 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) rc = G10ERR_BAD_KEY; goto leave; } + if( ed->mdc_method ) iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx ); else iobuf_push_filter( ed->buf, decode_filter, &dfx ); - proc_packets( procctx, ed->buf); + + proc_packets( procctx, ed->buf ); ed->buf = NULL; if( ed->mdc_method && dfx.eof_seen == 2 ) rc = G10ERR_INVALID_PACKET; else if( ed->mdc_method ) { /* check the mdc */ int datalen = md_digest_length( ed->mdc_method ); + + cipher_decrypt( dfx.cipher_hd, dfx.defer, dfx.defer, 20); md_final( dfx.mdc_hash ); if( datalen != 20 || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) ) rc = G10ERR_BAD_SIGN; - log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen); - log_hexdump("MDC message :", dfx.defer, 20); + /*log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);*/ + /*log_hexdump("MDC message :", dfx.defer, 20);*/ } + leave: cipher_close(dfx.cipher_hd); md_close( dfx.mdc_hash ); return rc; } + + /* I think we should merge this with cipher_filter */ static int mdc_decode_filter( void *opaque, int control, IOBUF a, @@ -166,10 +173,13 @@ mdc_decode_filter( void *opaque, int control, IOBUF a, if( n == 40 ) { /* we have enough stuff - flush the deferred stuff */ /* (we have asserted that the buffer is large enough) */ - if( !dfx->defer_filled ) /* the first time */ + if( !dfx->defer_filled ) { /* the first time */ memcpy(buf, buf+20, 20 ); - else + n = 20; + } + else { memcpy(buf, dfx->defer, 20 ); + } /* now fill up */ for(; n < size; n++ ) { if( (c = iobuf_get(a)) == -1 ) @@ -183,7 +193,7 @@ mdc_decode_filter( void *opaque, int control, IOBUF a, dfx->defer_filled = 1; } else if( !dfx->defer_filled ) { /* eof seen buf empty defer */ - /* this is very bad because there is an incomplete hash */ + /* this is bad because there is an incomplete hash */ n -= 20; memcpy(buf, buf+20, n ); dfx->eof_seen = 2; /* eof with incomplete hash */ diff --git a/g10/filter.h b/g10/filter.h index 1adf0edaa..aecacbc43 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -83,6 +83,8 @@ typedef struct { CIPHER_HANDLE cipher_hd; int header; MD_HANDLE mdc_hash; + byte enchash[20]; + int create_mdc; /* flag will be set by the cipher filter */ } cipher_filter_context_t; diff --git a/g10/g10.c b/g10/g10.c index e545b9e8c..cf2bfd64e 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -821,11 +821,13 @@ main( int argc, char **argv ) break; case oRFC1991: opt.rfc1991 = 1; + opt.rfc2440 = 0; opt.no_comment = 1; opt.escape_from = 1; break; case oOpenPGP: opt.rfc1991 = 0; + opt.rfc2440 = 1; opt.pgp2_workarounds = 0; opt.escape_from = 0; opt.force_v3_sigs = 0; @@ -834,10 +836,10 @@ main( int argc, char **argv ) opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; opt.def_digest_algo = 0; - opt.def_compress_algo = 2; + opt.def_compress_algo = 1; opt.s2k_mode = 3; /* iterated+salted */ - opt.s2k_digest_algo = DIGEST_ALGO_RMD160; - opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH; + opt.s2k_digest_algo = DIGEST_ALGO_SHA1; + opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break; @@ -936,11 +938,6 @@ main( int argc, char **argv ) log_info("used in a production environment or with production keys!\n"); } #endif - if( opt.force_mdc ) { - log_info("--force-mdc ignored because" - " the OpenPGP WG has not yet aggreed on MDCs\n"); - opt.force_mdc = 0; - } if (opt.no_literal) { log_info(_("NOTE: %s is not for normal use!\n"), "--no-literal"); if (opt.textmode) diff --git a/g10/mainproc.c b/g10/mainproc.c index 7c5ed36aa..abfdf6bb6 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -333,6 +333,7 @@ proc_encrypted( CTX c, PACKET *pkt ) result = G10ERR_NO_SECKEY; if( !result ) result = decrypt_data( c, pkt->pkt.encrypted, c->dek ); + m_free(c->dek); c->dek = NULL; if( result == -1 ) ; @@ -350,7 +351,7 @@ proc_encrypted( CTX c, PACKET *pkt ) else { write_status( STATUS_DECRYPTION_FAILED ); log_error(_("decryption failed: %s\n"), g10_errstr(result)); - /* Hmmm: does this work when we have encrypted using a multiple + /* Hmmm: does this work when we have encrypted using multiple * ways to specify the session key (symmmetric and PK)*/ } free_packet(pkt); @@ -884,6 +885,7 @@ list_node( CTX c, KBNODE node ) } + int proc_packets( void *anchor, IOBUF a ) { @@ -896,6 +898,8 @@ proc_packets( void *anchor, IOBUF a ) return rc; } + + int proc_signature_packets( void *anchor, IOBUF a, STRLIST signedfiles, const char *sigfilename ) diff --git a/g10/options.h b/g10/options.h index b3bdc8a34..f2090a2f0 100644 --- a/g10/options.h +++ b/g10/options.h @@ -64,6 +64,7 @@ struct { int compress_sigs; int always_trust; int rfc1991; + int rfc2440; int pgp2_workarounds; unsigned emulate_bugs; /* bug emulation flags EMUBUG_xxxx */ int shm_coprocess; diff --git a/g10/packet.h b/g10/packet.h index fdc8af4a5..62626c826 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -47,8 +47,9 @@ typedef enum { PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */ PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */ PKT_PHOTO_ID =17, /* PGP's photo ID */ + PKT_ENCRYPTED_MDC =18, /* integrity protected encrypted data */ + PKT_MDC =19, /* manipulaion detection code packet */ PKT_COMMENT =61, /* new comment packet (private) */ - PKT_ENCRYPTED_MDC =62, /* test: encrypted data with MDC */ } pkttype_t; typedef struct packet_struct PACKET; @@ -171,10 +172,14 @@ typedef struct { typedef struct { u32 len; /* length of encrypted data */ byte new_ctb; /* uses a new CTB */ - byte mdc_method; /* test: > 0: this is is an encrypted_mdc packet */ + byte mdc_method; /* > 0: integrity protected encrypted data packet */ IOBUF buf; /* IOBUF reference */ } PKT_encrypted; +typedef struct { + byte hash[20]; +} PKT_mdc; + typedef struct { unsigned int trustval; } PKT_ring_trust; @@ -205,6 +210,7 @@ struct packet_struct { PKT_user_id *user_id; /* PKT_USER_ID */ PKT_compressed *compressed; /* PKT_COMPRESSED */ PKT_encrypted *encrypted; /* PKT_ENCRYPTED[_MDC] */ + PKT_mdc *mdc; /* PKT_MDC */ PKT_ring_trust *ring_trust; /* PKT_RING_TRUST */ PKT_plaintext *plaintext; /* PKT_PLAINTEXT */ } pkt; @@ -333,7 +339,6 @@ int handle_compressed( void *ctx, PKT_compressed *cd, /*-- encr-data.c --*/ int decrypt_data( void *ctx, PKT_encrypted *ed, DEK *dek ); -int encrypt_data( PKT_encrypted *ed, DEK *dek ); /*-- plaintext.c --*/ int handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 48d601501..bc720f756 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -73,6 +73,8 @@ static int parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet, int new_ctb ); static int parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet, int new_ctb); +static int parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen, + PACKET *packet, int new_ctb); static unsigned short read_16(IOBUF inp) @@ -441,6 +443,9 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, case PKT_ENCRYPTED_MDC: rc = parse_encrypted(inp, pkttype, pktlen, pkt, new_ctb ); break; + case PKT_MDC: + rc = parse_mdc(inp, pkttype, pktlen, pkt, new_ctb ); + break; default: skip_packet(inp, pkttype, pktlen); break; @@ -1697,9 +1702,8 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, ed->new_ctb = new_ctb; ed->mdc_method = 0; if( pkttype == PKT_ENCRYPTED_MDC ) { - /* test: this is the new encrypted_mdc packet */ /* fixme: add some pktlen sanity checks */ - int version, method; + int version; version = iobuf_get_noeof(inp); pktlen--; if( version != 1 ) { @@ -1707,12 +1711,7 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, version); goto leave; } - method = iobuf_get_noeof(inp); pktlen--; - if( method != DIGEST_ALGO_SHA1 ) { - log_error("encrypted_mdc does not use SHA1 method\n" ); - goto leave; - } - ed->mdc_method = method; + ed->mdc_method = DIGEST_ALGO_SHA1; } if( pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */ log_error("packet(%d) too short\n", pkttype); @@ -1735,3 +1734,26 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, return 0; } + +static int +parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen, + PACKET *pkt, int new_ctb ) +{ + PKT_mdc *mdc; + byte *p; + + mdc = pkt->pkt.mdc= m_alloc(sizeof *pkt->pkt.mdc ); + if( list_mode ) + printf(":mdc packet: length=%lu\n", pktlen); + if( !new_ctb || pktlen != 20 ) { + log_error("mdc_packet with invalid encoding\n"); + goto leave; + } + p = mdc->hash; + for( ; pktlen; pktlen--, p++ ) + *p = iobuf_get_noeof(inp); + + leave: + return 0; +} + diff --git a/g10/sig-check.c b/g10/sig-check.c index cb00b86dc..6c51cc89f 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -518,6 +518,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, keyid_from_pk( pk, keyid ); md = md_open( algo, 0 ); + md_start_debug( md, "rsa" ); hash_public_key( md, pk ); hash_uid_node( unode, md, sig ); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { diff --git a/scripts/mk-w32-dist b/scripts/mk-w32-dist index 4761d0dfb..235abb98b 100755 --- a/scripts/mk-w32-dist +++ b/scripts/mk-w32-dist @@ -22,7 +22,9 @@ ln ../g10/gpg gpg.exe i386--mingw32-strip gpg.exe man -T latin1 -l ../doc/gpg.1 >gpg.man todos gpg.man -ln ${srcdir}/README . +cp ${srcdir}/README . +todos README ln ${srcdir}/doc/README.W32 . +todos README.W32 for i in ${srcdir}/po/*.gmo; do ln $i "$(basename $i .gmo).mo" ; done zip "gnupg-w32-$(cat ${srcdir}/VERSION).zip" *