security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-18 14:17:03 +01:00
Code Activity

See ChangeLog: Mon Apr 26 17:48:15 CEST 1999 Werner Koch

Browse Source
This commit is contained in:
Werner Koch 1999-04-26 15:53:01 +00:00
parent ebb0ed57c7
commit bbf86c6e59
32 changed files with 866 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS
View File

@ -8,6 +8,9 @@
* Merged gpgm and gpg into one binary. * Merged gpgm and gpg into one binary.
* Add revsig command to the edit menu. It is now possible to
revoke signature.
Noteworthy changes in version 0.9.5 Noteworthy changes in version 0.9.5
----------------------------------- -----------------------------------

4
PROJECTS
View File

@ -47,3 +47,7 @@
* Keep a list of duplicate, faked or unwanted keyids. * Keep a list of duplicate, faked or unwanted keyids.
* The current code has knowledge about the structure of a keyblock.
We should add an abstraction layer so that adding support for
different certificate structures will become easier.

2
TODO
View File

@ -8,7 +8,7 @@
* See why we always get this "Hmmm, public key not anymore available" * See why we always get this "Hmmm, public key not anymore available"
* print a warning when a revoked/expired secret key is used. * print a warning when a revoked/expired _secret_ key is used.
* remove more "Fixmes" * remove more "Fixmes"

5
doc/gpg.1pod
View File

@ -473,6 +473,11 @@ B<--force-v3-sigs>
on key material. This options forces v3 signatures for on key material. This options forces v3 signatures for
signatures on data. signatures on data.
B<--force-mdc>
Force the use of encryption with appended manipulation
code. This is always used with the newer cipher (those
with a blocksize greater than 64 bit).
B<--lock-once> B<--lock-once>
Lock the file the first time a lock is requested Lock the file the first time a lock is requested
and do not release the lock until the process and do not release the lock until the process

2
doc/manual.sgml
View File

@ -5,7 +5,7 @@
<title>The GNU Privacy Guard</title> <title>The GNU Privacy Guard</title>
<authorgroup> <authorgroup>
<author> <firstname>Werner</firstname> <surname>Koch</surname> <author> <firstname>Werner</firstname> <surname>Koch</surname>
<affiliation><address><email>wk@computer.org</email></address> <affiliation><address><email>wk@gnupg.org</email></address>
</affiliation> </affiliation>
</author> </author>
</authorgroup> </authorgroup>

14
g10/ChangeLog
View File

@ -1,3 +1,16 @@
Mon Apr 26 17:48:15 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* parse-packet.c (parse_signature): Add the MDC hack.
* build-packet.c (do_signature): Ditto.
* free-packet.c (free_seckey_enc,copy_signature,cmp_signatures): Ditto.
* mainproc.c (do_check_sig): Ditto.
* sig-check.c (mdc_kludge_check): New.
* encode.c (encrypt_mdc_file): New.
* keyedit.c (check_all_keysigs): List revocations.
* (menu_revsig): New.
* sign (make_keysig_packet): Support for class 0x30.
Sun Apr 18 20:48:15 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> Sun Apr 18 20:48:15 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* pkclist.c (select_algo_from_prefs): Fixed the case that one key * pkclist.c (select_algo_from_prefs): Fixed the case that one key
@ -7,7 +20,6 @@ Sun Apr 18 20:48:15 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* seckey-cert.c (do_check): Use real IV instead of a 0 one, so that * seckey-cert.c (do_check): Use real IV instead of a 0 one, so that
it works even if the length of the IV doesn't match the blocksize. it works even if the length of the IV doesn't match the blocksize.
Removed the save_iv stuff. Removed the save_iv stuff.

12
g10/build-packet.c
View File

@ -728,9 +728,15 @@ do_signature( IOBUF out, int ctb, PKT_signature *sig )
} }
iobuf_put(a, sig->digest_start[0] ); iobuf_put(a, sig->digest_start[0] );
iobuf_put(a, sig->digest_start[1] ); iobuf_put(a, sig->digest_start[1] );
n = pubkey_get_nsig( sig->pubkey_algo ); n = sig->pubkey_algo? pubkey_get_nsig( sig->pubkey_algo ) : 0;
if( !n ) if( !n ) { /* the MDC data */
write_fake_data( a, sig->data[0] ); fputs("The MDC: ", stderr);
mpi_print(stderr, sig->data[0], 0 );
fputs(" ", stderr);
mpi_print(stderr, sig->data[0], 1 );
putc('\n', stderr);
mpi_write( a, sig->data[0] );
}
for(i=0; i < n; i++ ) for(i=0; i < n; i++ )
mpi_write(a, sig->data[i] ); mpi_write(a, sig->data[i] );

4
g10/compress.c
View File

@ -256,7 +256,7 @@ compress_filter( void *opaque, int control,
* Handle a compressed packet * Handle a compressed packet
*/ */
int int
handle_compressed( PKT_compressed *cd, handle_compressed( void *procctx, PKT_compressed *cd,
int (*callback)(IOBUF, void *), void *passthru ) int (*callback)(IOBUF, void *), void *passthru )
{ {
compress_filter_context_t cfx; compress_filter_context_t cfx;
@ -271,7 +271,7 @@ handle_compressed( PKT_compressed *cd,
if( callback ) if( callback )
rc = callback(cd->buf, passthru ); rc = callback(cd->buf, passthru );
else else
rc = proc_packets(cd->buf); rc = proc_packets(procctx, cd->buf);
#if 0 #if 0
iobuf_pop_filter( cd->buf, compress_filter, &cfx ); iobuf_pop_filter( cd->buf, compress_filter, &cfx );
if( cd->len ) if( cd->len )

2
g10/decrypt.c
View File

@ -71,7 +71,7 @@ decrypt_message( const char *filename )
no_out = 1; no_out = 1;
opt.outfile = "-"; opt.outfile = "-";
} }
rc = proc_encryption_packets( fp ); rc = proc_encryption_packets( NULL, fp );
if( no_out ) if( no_out )
opt.outfile = NULL; opt.outfile = NULL;
iobuf_close(fp); iobuf_close(fp);

192
g10/encode.c
View File

@ -39,6 +39,7 @@
static int encode_simple( const char *filename, int mode ); static int encode_simple( const char *filename, int mode );
static int encode_crypt_mdc( const char* fname, STRLIST remusr );
static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out ); static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
@ -215,6 +216,10 @@ encode_crypt( const char *filename, STRLIST remusr )
PK_LIST pk_list; PK_LIST pk_list;
int do_compress = opt.compress && !opt.rfc1991; int do_compress = opt.compress && !opt.rfc1991;
if( opt.force_mdc )
return encode_crypt_mdc( filename, remusr );
memset( &cfx, 0, sizeof cfx); memset( &cfx, 0, sizeof cfx);
memset( &afx, 0, sizeof afx); memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx); memset( &zfx, 0, sizeof zfx);
@ -329,6 +334,193 @@ encode_crypt( const char *filename, STRLIST remusr )
} }
static int
encode_crypt_mdc( const char* fname, STRLIST remusr )
{
armor_filter_context_t afx;
compress_filter_context_t zfx;
md_filter_context_t mfx;
text_filter_context_t tfx;
encrypt_filter_context_t efx;
IOBUF inp = NULL, out = NULL;
PACKET pkt;
PKT_plaintext *pt = NULL;
u32 filesize;
int rc = 0;
PK_LIST pk_list = NULL;
int compr_algo = -1; /* unknown */
memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx);
memset( &mfx, 0, sizeof mfx);
memset( &tfx, 0, sizeof tfx);
memset( &efx, 0, sizeof efx);
init_packet( &pkt );
if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
goto leave;
compr_algo = select_algo_from_prefs( pk_list, PREFTYPE_COMPR );
/* prepare iobufs */
if( !(inp = iobuf_open(fname)) ) {
log_error("can't open %s: %s\n", fname? fname: "[stdin]",
strerror(errno) );
rc = G10ERR_OPEN_FILE;
goto leave;
}
if( (rc = open_outfile( fname, opt.armor? 1: 0, &out )))
goto leave;
/* prepare to calculate the MD over the input */
mfx.md = md_open( DIGEST_ALGO_SHA1, 0 );
iobuf_push_filter( inp, md_filter, &mfx );
if( opt.armor )
iobuf_push_filter( out, armor_filter, &afx );
efx.pk_list = pk_list;
/* fixme: set efx.cfx.datalen if known */
iobuf_push_filter( out, encrypt_filter, &efx );
if( opt.compress ) {
if( !compr_algo )
; /* don't use compression */
else {
if( compr_algo == 1 )
zfx.algo = 1;
iobuf_push_filter( out, compress_filter, &zfx );
}
}
/* build a one pass packet */
{
PKT_onepass_sig *ops;
ops = m_alloc_clear( sizeof *ops );
ops->sig_class = 0x00;
ops->digest_algo = DIGEST_ALGO_SHA1;
ops->pubkey_algo = 0;
ops->keyid[0] = 0;
ops->keyid[1] = 0;
ops->last = 1;
init_packet(&pkt);
pkt.pkttype = PKT_ONEPASS_SIG;
pkt.pkt.onepass_sig = ops;
rc = build_packet( out, &pkt );
free_packet( &pkt );
if( rc ) {
log_error("build onepass_sig packet failed: %s\n",
g10_errstr(rc));
goto leave;
}
}
/* setup the inner packet */
if( fname || opt.set_filename ) {
char *s = make_basename( opt.set_filename ? opt.set_filename : fname );
pt = m_alloc( sizeof *pt + strlen(s) - 1 );
pt->namelen = strlen(s);
memcpy(pt->name, s, pt->namelen );
m_free(s);
}
else { /* no filename */
pt = m_alloc( sizeof *pt - 1 );
pt->namelen = 0;
}
if( fname ) {
if( !(filesize = iobuf_get_filelength(inp)) )
log_info(_("WARNING: `%s' is an empty file\n"), fname );
/* because the text_filter modifies the length of the
* data, it is not possible to know the used length
* without a double read of the file - to avoid that
* we simple use partial length packets.
*/
if( opt.textmode )
filesize = 0;
}
else
filesize = 0; /* stdin */
pt->timestamp = make_timestamp();
pt->mode = opt.textmode ? 't':'b';
pt->len = filesize;
pt->new_ctb = !pt->len;
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
/*cfx.datalen = filesize? calc_packet_length( &pkt ) : 0;*/
if( (rc = build_packet( out, &pkt )) )
log_error("build_packet(PLAINTEXT) failed: %s\n", g10_errstr(rc) );
pt->buf = NULL;
/* build the MDC faked signature packet */
{
PKT_signature *sig;
MD_HANDLE md;
byte buf[6];
size_t n;
sig = m_alloc_clear( sizeof *sig );
sig->version = 4;
sig->digest_algo = DIGEST_ALGO_SHA1;
md = md_copy( mfx.md );
md_putc( md, sig->version );
md_putc( md, sig->sig_class );
md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo );
n = 6;
/* add some magic */
buf[0] = sig->version;
buf[1] = 0xff; buf[2] = 0; buf[3] = 0; buf[4] = 0; buf[5] = 6;
md_write( md, buf, 6 );
md_final( md );
/* pack the hash into data[0] */
memcpy( sig->digest_start, md_read( md, DIGEST_ALGO_SHA1), 2 );
sig->data[0] = mpi_alloc( (20+BYTES_PER_MPI_LIMB-1)
/BYTES_PER_MPI_LIMB );
mpi_set_buffer( sig->data[0], md_read(md, DIGEST_ALGO_SHA1),
md_digest_length(DIGEST_ALGO_SHA1), 0 );
md_close( md );
if( !rc ) { /* and write it */
init_packet(&pkt);
pkt.pkttype = PKT_SIGNATURE;
pkt.pkt.signature = sig;
rc = build_packet( out, &pkt );
free_packet( &pkt );
if( rc )
log_error("build MDC packet failed: %s\n", g10_errstr(rc) );
}
if( rc )
goto leave;
}
leave:
if( rc )
iobuf_cancel(out);
else
iobuf_close(out);
iobuf_close(inp);
md_close( mfx.md );
release_pk_list( pk_list );
return rc;
}
/**************** /****************
* Filter to do a complete public key encryption. * Filter to do a complete public key encryption.
*/ */

4
g10/encr-data.c
View File

@ -45,7 +45,7 @@ typedef struct {
* Decrypt the data, specified by ED with the key DEK. * Decrypt the data, specified by ED with the key DEK.
*/ */
int int
decrypt_data( PKT_encrypted *ed, DEK *dek ) decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
{ {
decode_filter_ctx_t dfx; decode_filter_ctx_t dfx;
byte *p; byte *p;
@ -105,7 +105,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
return G10ERR_BAD_KEY; return G10ERR_BAD_KEY;
} }
iobuf_push_filter( ed->buf, decode_filter, &dfx ); iobuf_push_filter( ed->buf, decode_filter, &dfx );
proc_packets(ed->buf); proc_packets( procctx, ed->buf);
ed->buf = NULL; ed->buf = NULL;
cipher_close(dfx.cipher_hd); cipher_close(dfx.cipher_hd);
return 0; return 0;

20
g10/free-packet.c
View File

@ -56,11 +56,9 @@ void
free_seckey_enc( PKT_signature *sig ) free_seckey_enc( PKT_signature *sig )
{ {
int n, i; int n, i;
n = pubkey_get_nsig( sig->pubkey_algo ); n = sig->pubkey_algo? pubkey_get_nsig( sig->pubkey_algo ) : 0;
if( !n ) { if( !n )
m_free(sig->data[0]); mpi_free(sig->data[0]);
sig->data[0] = NULL;
}
for(i=0; i < n; i++ ) for(i=0; i < n; i++ )
mpi_free( sig->data[i] ); mpi_free( sig->data[i] );
m_free(sig->hashed_data); m_free(sig->hashed_data);
@ -168,13 +166,11 @@ copy_signature( PKT_signature *d, PKT_signature *s )
if( !d ) if( !d )
d = m_alloc(sizeof *d); d = m_alloc(sizeof *d);
memcpy( d, s, sizeof *d ); memcpy( d, s, sizeof *d );
n = pubkey_get_nsig( s->pubkey_algo ); n = s->pubkey_algo? pubkey_get_nsig( s->pubkey_algo ) : 0;
if( !n ) if( !n )
d->data[0] = cp_fake_data(s->data[0]); d->data[0] = mpi_copy(s->data[0]);
else { for(i=0; i < n; i++ )
for(i=0; i < n; i++ ) d->data[i] = mpi_copy( s->data[i] );
d->data[i] = mpi_copy( s->data[i] );
}
d->hashed_data = cp_data_block(s->hashed_data); d->hashed_data = cp_data_block(s->hashed_data);
d->unhashed_data = cp_data_block(s->unhashed_data); d->unhashed_data = cp_data_block(s->unhashed_data);
return d; return d;
@ -434,7 +430,7 @@ cmp_signatures( PKT_signature *a, PKT_signature *b )
if( a->pubkey_algo != b->pubkey_algo ) if( a->pubkey_algo != b->pubkey_algo )
return -1; return -1;
n = pubkey_get_nsig( a->pubkey_algo ); n = a->pubkey_algo? pubkey_get_nsig( a->pubkey_algo ) : 0;
if( !n ) if( !n )
return -1; /* can't compare due to unknown algorithm */ return -1; /* can't compare due to unknown algorithm */
for(i=0; i < n; i++ ) { for(i=0; i < n; i++ ) {

5
g10/g10.c
View File

@ -144,6 +144,7 @@ enum cmd_and_opt_values { aNull = 0,
oComment, oComment,
oThrowKeyid, oThrowKeyid,
oForceV3Sigs, oForceV3Sigs,
oForceMDC,
oS2KMode, oS2KMode,
oS2KDigest, oS2KDigest,
oS2KCipher, oS2KCipher,
@ -220,6 +221,7 @@ static ARGPARSE_OPTS opts[] = {
{ oVerbose, "verbose", 0, N_("verbose") }, { oVerbose, "verbose", 0, N_("verbose") },
{ oQuiet, "quiet", 0, N_("be somewhat more quiet") }, { oQuiet, "quiet", 0, N_("be somewhat more quiet") },
{ oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") }, { oForceV3Sigs, "force-v3-sigs", 0, N_("force v3 signatures") },
{ oForceMDC, "force-mdc", 0, N_("always use a MDC for encryption") },
{ oDryRun, "dry-run", 0, N_("do not make any changes") }, { oDryRun, "dry-run", 0, N_("do not make any changes") },
{ oBatch, "batch", 0, N_("batch mode: never ask")}, { oBatch, "batch", 0, N_("batch mode: never ask")},
{ oAnswerYes, "yes", 0, N_("assume yes on most questions")}, { oAnswerYes, "yes", 0, N_("assume yes on most questions")},
@ -701,6 +703,7 @@ main( int argc, char **argv )
case oComment: opt.comment_string = pargs.r.ret_str; break; case oComment: opt.comment_string = pargs.r.ret_str; break;
case oThrowKeyid: opt.throw_keyid = 1; break; case oThrowKeyid: opt.throw_keyid = 1; break;
case oForceV3Sigs: opt.force_v3_sigs = 1; break; case oForceV3Sigs: opt.force_v3_sigs = 1; break;
case oForceMDC: opt.force_mdc = 1; break;
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break; case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break; case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break;
case oS2KCipher: s2k_cipher_string = m_strdup(pargs.r.ret_str); break; case oS2KCipher: s2k_cipher_string = m_strdup(pargs.r.ret_str); break;
@ -1240,7 +1243,7 @@ main( int argc, char **argv )
set_packet_list_mode(1); set_packet_list_mode(1);
opt.list_packets=1; opt.list_packets=1;
} }
proc_packets( a ); proc_packets(NULL, a );
iobuf_close(a); iobuf_close(a);
} }
break; break;

184
g10/keyedit.c
View File

@ -1,5 +1,5 @@
/* keyedit.c - keyedit stuff /* keyedit.c - keyedit stuff
* Copyright (C) 1998 Free Software Foundation, Inc. * Copyright (C) 1998, 1999 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -56,6 +56,7 @@ static int count_uids_with_flag( KBNODE keyblock, unsigned flag );
static int count_keys_with_flag( KBNODE keyblock, unsigned flag ); static int count_keys_with_flag( KBNODE keyblock, unsigned flag );
static int count_selected_uids( KBNODE keyblock ); static int count_selected_uids( KBNODE keyblock );
static int count_selected_keys( KBNODE keyblock ); static int count_selected_keys( KBNODE keyblock );
static int menu_revsig( KBNODE keyblock );
#define CONTROL_D ('D' - 'A' + 1) #define CONTROL_D ('D' - 'A' + 1)
@ -67,6 +68,7 @@ static int count_selected_keys( KBNODE keyblock );
#define NODFLG_SELUID (1<<8) /* indicate the selected userid */ #define NODFLG_SELUID (1<<8) /* indicate the selected userid */
#define NODFLG_SELKEY (1<<9) /* indicate the selected key */ #define NODFLG_SELKEY (1<<9) /* indicate the selected key */
#define NODFLG_SELSIG (1<<10) /* indicate a selected signature */
struct sign_uid_attrib { struct sign_uid_attrib {
@ -119,6 +121,8 @@ check_all_keysigs( KBNODE keyblock, int only_selected )
int anyuid = 0; int anyuid = 0;
for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) { for( kbctx=NULL; (node=walk_kbnode( keyblock, &kbctx, 0)) ; ) {
int is_rev = 0;
if( node->pkt->pkttype == PKT_USER_ID ) { if( node->pkt->pkttype == PKT_USER_ID ) {
PKT_user_id *uid = node->pkt->pkt.user_id; PKT_user_id *uid = node->pkt->pkt.user_id;
@ -135,7 +139,8 @@ check_all_keysigs( KBNODE keyblock, int only_selected )
} }
} }
else if( selected && node->pkt->pkttype == PKT_SIGNATURE else if( selected && node->pkt->pkttype == PKT_SIGNATURE
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) { && (node->pkt->pkt.signature->sig_class&~3) == 0x10
&& (is_rev = node->pkt->pkt.signature->sig_class == 0x30) ) {
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
int sigrc, selfsig; int sigrc, selfsig;
@ -161,14 +166,16 @@ check_all_keysigs( KBNODE keyblock, int only_selected )
break; break;
} }
if( sigrc != '?' ) { if( sigrc != '?' ) {
tty_printf("sig%c %08lX %s ", tty_printf("%s%c %08lX %s ",
is_rev? "rev":"sig",
sigrc, sig->keyid[1], datestr_from_sig(sig)); sigrc, sig->keyid[1], datestr_from_sig(sig));
if( sigrc == '%' ) if( sigrc == '%' )
tty_printf("[%s] ", g10_errstr(rc) ); tty_printf("[%s] ", g10_errstr(rc) );
else if( sigrc == '?' ) else if( sigrc == '?' )
; ;
else if( selfsig ) { else if( selfsig ) {
tty_printf( _("[self-signature]") ); tty_printf( is_rev? _("[revocation]")
: _("[self-signature]") );
if( sigrc == '!' ) if( sigrc == '!' )
has_selfsig = 1; has_selfsig = 1;
} }
@ -278,6 +285,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, int local )
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) { && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
if( sk_keyid[0] == node->pkt->pkt.signature->keyid[0] if( sk_keyid[0] == node->pkt->pkt.signature->keyid[0]
&& sk_keyid[1] == node->pkt->pkt.signature->keyid[1] ) { && sk_keyid[1] == node->pkt->pkt.signature->keyid[1] ) {
/* Fixme: see whether there is a revocation in which
* case we should allow to sign it again. */
tty_printf(_("Already signed by key %08lX\n"), tty_printf(_("Already signed by key %08lX\n"),
(ulong)sk_keyid[1] ); (ulong)sk_keyid[1] );
uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */ uidnode->flag &= ~NODFLG_MARK_A; /* remove mark */
@ -514,7 +523,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
{ {
enum cmdids { cmdNONE = 0, enum cmdids { cmdNONE = 0,
cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN, cmdQUIT, cmdHELP, cmdFPR, cmdLIST, cmdSELUID, cmdCHECK, cmdSIGN,
cmdLSIGN, cmdLSIGN, cmdREVSIG,
cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY, cmdDEBUG, cmdSAVE, cmdADDUID, cmdDELUID, cmdADDKEY, cmdDELKEY,
cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE, cmdTOGGLE, cmdSELKEY, cmdPASSWD, cmdTRUST, cmdPREF, cmdEXPIRE,
cmdNOP }; cmdNOP };
@ -550,6 +559,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
{ N_("pref") , cmdPREF , 0, N_("list preferences") }, { N_("pref") , cmdPREF , 0, N_("list preferences") },
{ N_("passwd") , cmdPASSWD , 1, N_("change the passphrase") }, { N_("passwd") , cmdPASSWD , 1, N_("change the passphrase") },
{ N_("trust") , cmdTRUST , 0, N_("change the ownertrust") }, { N_("trust") , cmdTRUST , 0, N_("change the ownertrust") },
{ N_("revsig") , cmdREVSIG , 0, N_("revoke signatures") },
{ NULL, cmdNONE } }; { NULL, cmdNONE } };
enum cmdids cmd; enum cmdids cmd;
@ -852,6 +862,13 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
case cmdNOP: case cmdNOP:
break; break;
case cmdREVSIG:
if( menu_revsig( keyblock ) ) {
redisplay = 1;
modified = 1;
}
break;
default: default:
tty_printf("\n"); tty_printf("\n");
tty_printf(_("Invalid command (try \"help\")\n")); tty_printf(_("Invalid command (try \"help\")\n"));
@ -1490,3 +1507,160 @@ count_selected_keys( KBNODE keyblock )
return count_keys_with_flag( keyblock, NODFLG_SELKEY); return count_keys_with_flag( keyblock, NODFLG_SELKEY);
} }
/*
* Ask whether the signature should be revoked. If the user commits this,
* flag bit MARK_A is set on the signature and the user ID.
*/
static void
ask_revoke_sig( KBNODE keyblock, KBNODE node )
{
PKT_signature *sig = node->pkt->pkt.signature;
KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
if( !unode ) {
log_error("Oops: no user ID for signature\n");
return;
}
tty_printf(_("user ID: \""));
tty_print_string( unode->pkt->pkt.user_id->name,
unode->pkt->pkt.user_id->len );
tty_printf(_("\"\nsigned with your key %08lX at %s\n"),
sig->keyid[1], datestr_from_sig(sig) );
if( cpr_get_answer_is_yes("ask_revoke_sig.one",
_("Create a revocation certificate for this signature? (y/N)")) ) {
node->flag |= NODFLG_MARK_A;
unode->flag |= NODFLG_MARK_A;
}
}
/****************
* Display all user ids of the current public key together with signatures
* done by one of our keys. Then walk over all this sigs and ask the user
* whether he wants to revoke this signature.
* Return: True when the keyblock has changed.
*/
static int
menu_revsig( KBNODE keyblock )
{
PKT_signature *sig;
PKT_public_key *primary_pk;
KBNODE node;
int changed = 0;
int upd_trust = 0;
int rc, any;
/* FIXME: detect duplicates here */
tty_printf("You have signed these user IDs:\n");
for( node = keyblock; node; node = node->next ) {
node->flag &= ~(NODFLG_SELSIG | NODFLG_MARK_A);
if( node->pkt->pkttype == PKT_USER_ID ) {
PKT_user_id *uid = node->pkt->pkt.user_id;
/* Hmmm: Should we show only UIDs with a signature? */
tty_printf(" ");
tty_print_string( uid->name, uid->len );
tty_printf("\n");
}
else if( node->pkt->pkttype == PKT_SIGNATURE
&& ((sig = node->pkt->pkt.signature),
!seckey_available( sig->keyid ) ) ) {
if( (sig->sig_class&~3) == 0x10 ) {
tty_printf(" signed by %08lX at %s\n",
sig->keyid[1], datestr_from_sig(sig) );
node->flag |= NODFLG_SELSIG;
}
else if( sig->sig_class == 0x30 ) {
tty_printf(" revoked by %08lX at %s\n",
sig->keyid[1], datestr_from_sig(sig) );
}
}
}
/* ask */
for( node = keyblock; node; node = node->next ) {
if( !(node->flag & NODFLG_SELSIG) )
continue;
ask_revoke_sig( keyblock, node );
}
/* present selected */
any = 0;
for( node = keyblock; node; node = node->next ) {
if( !(node->flag & NODFLG_MARK_A) )
continue;
if( !any ) {
any = 1;
tty_printf("You are about to revoke these signatures:\n");
}
if( node->pkt->pkttype == PKT_USER_ID ) {
PKT_user_id *uid = node->pkt->pkt.user_id;
tty_printf(" ");
tty_print_string( uid->name, uid->len );
tty_printf("\n");
}
else if( node->pkt->pkttype == PKT_SIGNATURE ) {
sig = node->pkt->pkt.signature;
tty_printf(" signed by %08lX at %s\n",
sig->keyid[1], datestr_from_sig(sig) );
}
}
if( !any )
return 0; /* none selected */
if( !cpr_get_answer_is_yes("ask_revoke_sig.okay",
_("Really create the revocation certificates? (y/N)")) )
return 0; /* forget it */
/* now we can sign the user ids */
reloop: /* (must use this, because we are modifing the list) */
primary_pk = keyblock->pkt->pkt.public_key;
for( node=keyblock; node; node = node->next ) {
KBNODE unode;
PACKET *pkt;
struct sign_uid_attrib attrib;
PKT_secret_key *sk;
if( !(node->flag & NODFLG_MARK_A)
|| node->pkt->pkttype != PKT_SIGNATURE )
continue;
unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
assert( unode ); /* we already checked this */
memset( &attrib, 0, sizeof attrib );
node->flag &= ~NODFLG_MARK_A;
sk = m_alloc_secure_clear( sizeof *sk );
if( get_seckey( sk, node->pkt->pkt.signature->keyid ) ) {
log_info(_("no secret key\n"));
continue;
}
rc = make_keysig_packet( &sig, primary_pk,
unode->pkt->pkt.user_id,
NULL,
sk,
0x30, 0,
sign_uid_mk_attrib,
&attrib );
free_secret_key(sk);
if( rc ) {
log_error(_("signing failed: %s\n"), g10_errstr(rc));
return changed;
}
changed = 1; /* we changed the keyblock */
upd_trust = 1;
pkt = m_alloc_clear( sizeof *pkt );
pkt->pkttype = PKT_SIGNATURE;
pkt->pkt.signature = sig;
insert_kbnode( unode, new_kbnode(pkt), PKT_SIGNATURE );
goto reloop;
}
if( upd_trust )
clear_trust_checked_flag( primary_pk );
return changed;
}

102
g10/mainproc.c
View File

@ -1,5 +1,5 @@
/* mainproc.c - handle packets /* mainproc.c - handle packets
* Copyright (C) 1998 Free Software Foundation, Inc. * Copyright (C) 1998, 1999 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
* *
@ -42,8 +42,9 @@
/**************** /****************
* Structure to hold the context * Structure to hold the context
*/ */
typedef struct mainproc_context *CTX;
typedef struct { struct mainproc_context {
struct mainproc_context *anchor;
PKT_public_key *last_pubkey; PKT_public_key *last_pubkey;
PKT_secret_key *last_seckey; PKT_secret_key *last_seckey;
PKT_user_id *last_user_id; PKT_user_id *last_user_id;
@ -59,7 +60,8 @@ typedef struct {
IOBUF iobuf; /* used to get the filename etc. */ IOBUF iobuf; /* used to get the filename etc. */
int trustletter; /* temp usage in list_node */ int trustletter; /* temp usage in list_node */
ulong local_id; /* ditto */ ulong local_id; /* ditto */
} *CTX; int is_encrypted; /* used to check the MDC */
};
static int do_proc_packets( CTX c, IOBUF a ); static int do_proc_packets( CTX c, IOBUF a );
@ -226,7 +228,8 @@ proc_encrypted( CTX c, PACKET *pkt )
{ {
int result = 0; int result = 0;
/*printf("dat: %sencrypted data\n", c->dek?"":"conventional ");*/ /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/
c->is_encrypted = 1;
if( !c->dek && !c->last_was_session_key ) { if( !c->dek && !c->last_was_session_key ) {
/* assume this is old conventional encrypted data */ /* assume this is old conventional encrypted data */
c->dek = passphrase_to_dek( NULL, c->dek = passphrase_to_dek( NULL,
@ -236,7 +239,7 @@ proc_encrypted( CTX c, PACKET *pkt )
else if( !c->dek ) else if( !c->dek )
result = G10ERR_NO_SECKEY; result = G10ERR_NO_SECKEY;
if( !result ) if( !result )
result = decrypt_data( pkt->pkt.encrypted, c->dek ); result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
m_free(c->dek); c->dek = NULL; m_free(c->dek); c->dek = NULL;
if( result == -1 ) if( result == -1 )
; ;
@ -289,10 +292,13 @@ proc_plaintext( CTX c, PACKET *pkt )
* to do it. (We could use a special packet type to indicate * to do it. (We could use a special packet type to indicate
* this, but this may also be faked - it simply can't be verified * this, but this may also be faked - it simply can't be verified
* and is _no_ security issue) * and is _no_ security issue)
* Hmmm: There is one problem: The MDC also uses a keyid of 0
* and a pubkey algo of 0 - the only difference is that the
* sig_class will be 0.
*/ */
if( n->pkt->pkt.onepass_sig->sig_class == 0x01 if( n->pkt->pkt.onepass_sig->sig_class == 0x01
&& !n->pkt->pkt.onepass_sig->keyid[0] && !n->pkt->pkt.onepass_sig->keyid[0]
&& !n->pkt->pkt.onepass_sig->keyid[1] ) && !n->pkt->pkt.onepass_sig->keyid[1] )
clearsig = 1; clearsig = 1;
} }
} }
@ -321,14 +327,14 @@ proc_plaintext( CTX c, PACKET *pkt )
static int static int
proc_compressed_cb( IOBUF a, void *info ) proc_compressed_cb( IOBUF a, void *info )
{ {
return proc_signature_packets( a, ((CTX)info)->signed_data, return proc_signature_packets( info, a, ((CTX)info)->signed_data,
((CTX)info)->sigfilename ); ((CTX)info)->sigfilename );
} }
static int static int
proc_encrypt_cb( IOBUF a, void *info ) proc_encrypt_cb( IOBUF a, void *info )
{ {
return proc_encryption_packets( a ); return proc_encryption_packets( info, a );
} }
static void static void
@ -339,19 +345,26 @@ proc_compressed( CTX c, PACKET *pkt )
/*printf("zip: compressed data packet\n");*/ /*printf("zip: compressed data packet\n");*/
if( c->sigs_only ) if( c->sigs_only )
rc = handle_compressed( zd, proc_compressed_cb, c ); rc = handle_compressed( c, zd, proc_compressed_cb, c );
else if( c->encrypt_only ) else if( c->encrypt_only )
rc = handle_compressed( zd, proc_encrypt_cb, c ); rc = handle_compressed( c, zd, proc_encrypt_cb, c );
else else
rc = handle_compressed( zd, NULL, NULL ); rc = handle_compressed( c, zd, NULL, NULL );
if( rc ) if( rc )
log_error("uncompressing failed: %s\n", g10_errstr(rc)); log_error("uncompressing failed: %s\n", g10_errstr(rc));
free_packet(pkt); free_packet(pkt);
c->last_was_session_key = 0; c->last_was_session_key = 0;
} }
static int
is_encrypted( CTX c )
{
for( ; c; c = c->anchor ) {
if( c->is_encrypted )
return 1;
}
return 0;
}
/**************** /****************
* check the signature * check the signature
@ -370,17 +383,9 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
sig = node->pkt->pkt.signature; sig = node->pkt->pkt.signature;
algo = sig->digest_algo; algo = sig->digest_algo;
if( !algo )
return G10ERR_PUBKEY_ALGO;
if( (rc=check_digest_algo(algo)) ) if( (rc=check_digest_algo(algo)) )
return rc; return rc;
if( c->mfx.md ) {
m_check(c->mfx.md);
if( c->mfx.md->list )
m_check( c->mfx.md->list );
}
if( sig->sig_class == 0x00 ) { if( sig->sig_class == 0x00 ) {
if( c->mfx.md ) if( c->mfx.md )
md = md_copy( c->mfx.md ); md = md_copy( c->mfx.md );
@ -411,7 +416,12 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
} }
else else
return G10ERR_SIG_CLASS; return G10ERR_SIG_CLASS;
rc = signature_check( sig, md ); if( sig->pubkey_algo )
rc = signature_check( sig, md );
else if( !is_encrypted( c ) )
rc = G10ERR_NOT_ENCRYPTED;
else
rc = mdc_kludge_check( sig, md );
md_close(md); md_close(md);
return rc; return rc;
@ -697,19 +707,25 @@ list_node( CTX c, KBNODE node )
int int
proc_packets( IOBUF a ) proc_packets( void *anchor, IOBUF a )
{ {
int rc;
CTX c = m_alloc_clear( sizeof *c ); CTX c = m_alloc_clear( sizeof *c );
int rc = do_proc_packets( c, a );
c->anchor = anchor;
rc = do_proc_packets( c, a );
m_free( c ); m_free( c );
return rc; return rc;
} }
int int
proc_signature_packets( IOBUF a, STRLIST signedfiles, const char *sigfilename ) proc_signature_packets( void *anchor, IOBUF a,
STRLIST signedfiles, const char *sigfilename )
{ {
CTX c = m_alloc_clear( sizeof *c ); CTX c = m_alloc_clear( sizeof *c );
int rc; int rc;
c->anchor = anchor;
c->sigs_only = 1; c->sigs_only = 1;
c->signed_data = signedfiles; c->signed_data = signedfiles;
c->sigfilename = sigfilename; c->sigfilename = sigfilename;
@ -719,10 +735,12 @@ proc_signature_packets( IOBUF a, STRLIST signedfiles, const char *sigfilename )
} }
int int
proc_encryption_packets( IOBUF a ) proc_encryption_packets( void *anchor, IOBUF a )
{ {
CTX c = m_alloc_clear( sizeof *c ); CTX c = m_alloc_clear( sizeof *c );
int rc; int rc;
c->anchor = anchor;
c->encrypt_only = 1; c->encrypt_only = 1;
rc = do_proc_packets( c, a ); rc = do_proc_packets( c, a );
m_free( c ); m_free( c );
@ -845,23 +863,41 @@ check_sig_and_print( CTX c, KBNODE node )
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
const char *astr, *tstr; const char *astr, *tstr;
int rc; int rc;
int mdc_hack = !sig->pubkey_algo;
if( opt.skip_verify ) { if( opt.skip_verify && !mdc_hack ) {
log_info(_("signature verification suppressed\n")); log_info(_("signature verification suppressed\n"));
return 0; return 0;
} }
tstr = asctimestamp(sig->timestamp); if( !mdc_hack ) {
astr = pubkey_algo_to_string( sig->pubkey_algo ); tstr = asctimestamp(sig->timestamp);
log_info(_("Signature made %.*s using %s key ID %08lX\n"), astr = pubkey_algo_to_string( sig->pubkey_algo );
log_info(_("Signature made %.*s using %s key ID %08lX\n"),
(int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] ); (int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] );
}
rc = do_check_sig(c, node, NULL ); rc = do_check_sig(c, node, NULL );
if( rc == G10ERR_NO_PUBKEY && opt.keyserver_name ) { if( rc == G10ERR_NO_PUBKEY && opt.keyserver_name ) {
if( !hkp_ask_import( sig->keyid ) ) if( !hkp_ask_import( sig->keyid ) )
rc = do_check_sig(c, node, NULL ); rc = do_check_sig(c, node, NULL );
} }
if( !rc || rc == G10ERR_BAD_SIGN ) { if( mdc_hack ) {
if( !rc ) {
if( opt.verbose )
log_info(_("encrypted message is valid\n"));
write_status( STATUS_GOODMDC );
}
else if( rc == G10ERR_BAD_SIGN ) {
log_error(_("WARNING: encrypted message has been manipulated!\n"));
write_status( STATUS_BADMDC );
}
else {
write_status( STATUS_ERRMDC );
log_error(_("Can't check MDC: %s\n"), g10_errstr(rc) );
}
}
else if( !rc || rc == G10ERR_BAD_SIGN ) {
KBNODE un, keyblock; KBNODE un, keyblock;
char *us; char *us;
int count=0; int count=0;

1
g10/options.h
View File

@ -44,6 +44,7 @@ struct {
int list_packets; /* list-packets mode */ int list_packets; /* list-packets mode */
int def_cipher_algo; int def_cipher_algo;
int force_v3_sigs; int force_v3_sigs;
int force_mdc;
int def_digest_algo; int def_digest_algo;
int def_compress_algo; int def_compress_algo;
const char *def_secret_key; const char *def_secret_key;

12
g10/packet.h
View File

@ -233,9 +233,10 @@ typedef enum {
/*-- mainproc.c --*/ /*-- mainproc.c --*/
int proc_packets( IOBUF a ); int proc_packets( void *ctx, IOBUF a );
int proc_signature_packets( IOBUF a, STRLIST signedfiles, const char *sigfile ); int proc_signature_packets( void *ctx, IOBUF a,
int proc_encryption_packets( IOBUF a ); STRLIST signedfiles, const char *sigfile );
int proc_encryption_packets( void *ctx, IOBUF a );
int list_packets( IOBUF a ); int list_packets( IOBUF a );
/*-- parse-packet.c --*/ /*-- parse-packet.c --*/
@ -301,6 +302,7 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
/*-- sig-check.c --*/ /*-- sig-check.c --*/
int signature_check( PKT_signature *sig, MD_HANDLE digest ); int signature_check( PKT_signature *sig, MD_HANDLE digest );
int mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest );
/*-- seckey-cert.c --*/ /*-- seckey-cert.c --*/
int is_secret_key_protected( PKT_secret_key *sk ); int is_secret_key_protected( PKT_secret_key *sk );
@ -311,11 +313,11 @@ int protect_secret_key( PKT_secret_key *sk, DEK *dek );
int get_session_key( PKT_pubkey_enc *k, DEK *dek ); int get_session_key( PKT_pubkey_enc *k, DEK *dek );
/*-- compress.c --*/ /*-- compress.c --*/
int handle_compressed( PKT_compressed *cd, int handle_compressed( void *ctx, PKT_compressed *cd,
int (*callback)(IOBUF, void *), void *passthru ); int (*callback)(IOBUF, void *), void *passthru );
/*-- encr-data.c --*/ /*-- encr-data.c --*/
int decrypt_data( PKT_encrypted *ed, DEK *dek ); int decrypt_data( void *ctx, PKT_encrypted *ed, DEK *dek );
int encrypt_data( PKT_encrypted *ed, DEK *dek ); int encrypt_data( PKT_encrypted *ed, DEK *dek );
/*-- plaintext.c --*/ /*-- plaintext.c --*/

46
g10/parse-packet.c
View File

@ -1024,7 +1024,7 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
sig->digest_start[0] = iobuf_get_noeof(inp); pktlen--; sig->digest_start[0] = iobuf_get_noeof(inp); pktlen--;
sig->digest_start[1] = iobuf_get_noeof(inp); pktlen--; sig->digest_start[1] = iobuf_get_noeof(inp); pktlen--;
if( is_v4 ) { /*extract required information */ if( is_v4 && sig->pubkey_algo ) { /*extract required information */
const byte *p; const byte *p;
/* set sig->flags.unknown_critical if there is a /* set sig->flags.unknown_critical if there is a
@ -1065,24 +1065,36 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
} }
} }
ndata = pubkey_get_nsig(sig->pubkey_algo); if( !sig->pubkey_algo ) {
if( !ndata ) { n = pktlen;
if( list_mode ) sig->data[0] = mpi_read(inp, &n, 0 );
printf("\tunknown algorithm %d\n", sig->pubkey_algo ); pktlen -=n;
unknown_pubkey_warning( sig->pubkey_algo ); if( list_mode ) {
/* we store the plain material in data[0], so that we are able printf("\tMDC data: ");
* to write it back with build_packet() */ mpi_print(stdout, sig->data[0], mpi_print_mode );
sig->data[0] = read_rest(inp, &pktlen ); putchar('\n');
}
} }
else { else {
for( i=0; i < ndata; i++ ) { ndata = pubkey_get_nsig(sig->pubkey_algo);
n = pktlen; if( !ndata ) {
sig->data[i] = mpi_read(inp, &n, 0 ); if( list_mode )
pktlen -=n; printf("\tunknown algorithm %d\n", sig->pubkey_algo );
if( list_mode ) { unknown_pubkey_warning( sig->pubkey_algo );
printf("\tdata: "); /* we store the plain material in data[0], so that we are able
mpi_print(stdout, sig->data[i], mpi_print_mode ); * to write it back with build_packet() */
putchar('\n'); sig->data[0] = read_rest(inp, &pktlen );
}
else {
for( i=0; i < ndata; i++ ) {
n = pktlen;
sig->data[i] = mpi_read(inp, &n, 0 );
pktlen -=n;
if( list_mode ) {
printf("\tdata: ");
mpi_print(stdout, sig->data[i], mpi_print_mode );
putchar('\n');
}
} }
} }
} }

186
g10/revoke.c
View File

@ -201,4 +201,190 @@ gen_revoke( const char *uname )
return rc; return rc;
} }
#if 0 /* The code is not complete but anyway, now we use */
/* the edit menu to revoke signature */
/****************
* Return true if there is already a revocation signature for KEYID
* in KEYBLOCK at point node.
*/
static int
already_revoked( const KBNODE keyblock, const KBNODE node, u32 *keyid ) ) {
{
const KBNODE n = find_prev_kbnode( keyblock, node, PKT_USER_ID );
for( ; n; n = n->next ) {
PKT_signature *sig;
if( n->pkt->pkttype == PKT_SIGNATURE
&& (sig = node->pkt->pkt.signature)->sig_class == 0x30
&& sig->keyid[0] == keyid[0]
&& sig->keyid[1] == keyid[1] )
return 1;
}
else if( n->pkt->pkttype == PKT_USER_ID
break;
else if( n->pkt->pkttype == PKT_PUBLIC_SUBKEY
break;
}
return 0;
}
/****************
* Ask whether the signature should be revoked. If the user commits this,
* flag bit 0 is set.
*/
static void
ask_revoke_sig( KBNODE keyblock, KBNODE node, PKT_signature *sig ) ) {
{
KBNODE unode = find_prev_kbnode( keyblock, node, PKT_USER_ID );
if( !unode ) {
log_error("Oops: no user ID for signature\n");
return;
}
tty_printf(_("user ID: \""));
tty_print_string( unode->pkt->pkt.user_id->name,
unode->pkt->pkt.user_id->len, 0 );
tty_printf(_("\"\nsigned with your key %08lX at %s\n"),
sig->keyid[1], datestr_from_sig(sig) );
if( cpr_get_answer_is_yes("ask_revoke_sig.one",
_("Create a revocation certificate for this signature? (y/N)")) ) {
node->flag |= 1;
}
}
/****************
* Generate a signature revocation certificate for UNAME
*/
int
gen_sig_revoke( const char *uname )
{
int rc = 0;
armor_filter_context_t afx;
compress_filter_context_t zfx;
PACKET pkt;
IOBUF out = NULL;
KBNODE keyblock = NULL;
KBNODE node;
KBPOS kbpos;
int uidchg;
if( opt.batch ) {
log_error(_("sorry, can't do this in batch mode\n"));
return G10ERR_GENERAL;
}
memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx);
init_packet( &pkt );
/* get the keyblock */
rc = find_keyblock_byname( &kbpos, uname );
if( rc ) {
log_error(_("public key for user `%s' not found\n"), uname );
goto leave;
}
/* read the keyblock */
rc = read_keyblock( &kbpos, &keyblock );
if( rc ) {
log_error(_("error reading the certificate: %s\n"), g10_errstr(rc) );
goto leave;
}
/* get the keyid from the keyblock */
node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
if( !node ) {
log_error(_("Oops; public key lost!\n"));
rc = G10ERR_GENERAL;
goto leave;
}
if( (rc = open_outfile( NULL, 0, &out )) )
goto leave;
if( opt.armor ) {
afx.what = 1;
iobuf_push_filter( out, armor_filter, &afx );
}
/* Now walk over all signatures which we did with one of
* our secret keys. Hmmm: Should we check for duplicate signatures */
clear_kbnode_flags( flags );
for( node = keyblock; node; node = node->next ) {
PKT_signature *sig;
if( node->pkt->pkttype == PKT_SIGNATURE
&& ((sig = node->pkt->pkt.signature)->sig_class&~3) == 0x10
&& seckey_available( sig->keyid )
&& !already_revoked( keyblock, node, sig->keyid ) ) { ) {
ask_revoke_sig( keyblock, node, sig )
}
else if( node->pkt->pkttype == PKT_PUBLIC_SUBKEY
break;
}
for( node = keyblock; node; node = node->next ) { {
if( (node->flag & 1) )
break;
}
if( !node ) {
log_info(_("nothing to revoke\n"));
iobuf_cancel(out);
out = NULL;
goto leave;
}
init_packet( &pkt );
pkt.pkttype = PKT_PUBLIC_KEY;
pkt.pkt.public_key = keyblock->pkt->pkt.public_key;
rc = build_packet( out, &pkt );
if( rc ) {
log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
goto leave;
}
uidchg = 1;
for( node = keyblock; node; node = node->next ) {
if( node->pkt->pkttype == PKT_USER_ID )
uidchg = 1;
if( !(node->flag & 1) )
continue;
if( uidchg ) {
/* create a user ID packet */
.......
uidchg = 0;
}
/* create it */
rc = make_keysig_packet( &sig, pk, NULL, NULL, sk, 0x30, 0, NULL, NULL);
if( rc ) {
log_error(_("make_keysig_packet failed: %s\n"), g10_errstr(rc));
goto leave;
}
init_packet( &pkt );
pkt.pkttype = PKT_SIGNATURE;
pkt.pkt.signature = sig;
rc = build_packet( out, &pkt );
if( rc ) {
log_error(_("build_packet failed: %s\n"), g10_errstr(rc) );
goto leave;
}
}
leave:
release_kbnode( keyblock );
if( !out )
;
else if( rc )
iobuf_cancel(out);
else
iobuf_close(out);
return rc;
}
#endif /* unused code */

91
g10/sig-check.c
View File

@ -45,7 +45,7 @@ static int do_check( PKT_public_key *pk, PKT_signature *sig,
/**************** /****************
* Check the signature which is contained in SIG. * Check the signature which is contained in SIG.
* The md5handle should be currently open, so that this function * The MD_HANDLE should be currently open, so that this function
* is able to append some data, before finalizing the digest. * is able to append some data, before finalizing the digest.
*/ */
int int
@ -54,7 +54,6 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
PKT_public_key *pk = m_alloc_clear( sizeof *pk ); PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0; int rc=0;
if( is_RSA(sig->pubkey_algo) ) if( is_RSA(sig->pubkey_algo) )
write_status(STATUS_RSA_OR_IDEA); write_status(STATUS_RSA_OR_IDEA);
@ -108,6 +107,94 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
} }
/****************
* Check the MDC which is contained in SIG.
* The MD_HANDLE should be currently open, so that this function
* is able to append some data, before finalizing the digest.
*/
int
mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest )
{
int rc=0;
if( (rc=check_digest_algo(sig->digest_algo)) )
return rc;
/* make sure the digest algo is enabled (in case of a detached mdc??) */
md_enable( digest, sig->digest_algo );
/* complete the digest */
if( sig->version >= 4 )
md_putc( digest, sig->version );
md_putc( digest, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( digest, sig->hashed_data, n+2 );
n += 6;
}
else
n = 6;
/* add some magic */
buf[0] = sig->version;
buf[1] = 0xff;
buf[2] = n >> 24;
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( digest, buf, 6 );
}
md_final( digest );
rc = G10ERR_BAD_SIGN;
{ const byte *s1 = md_read( digest, sig->digest_algo );
int s1len = md_digest_length( sig->digest_algo );
log_hexdump( "MDC calculated", s1, s1len );
if( !sig->data[0] )
log_debug("sig_data[0] is NULL\n");
else {
unsigned s2len;
byte *s2;
s2 = mpi_get_buffer( sig->data[0], &s2len, NULL );
log_hexdump( "MDC stored ", s2, s2len );
if( s2len != s1len )
log_debug("MDC check: len differ: %d/%d\n", s1len, s2len);
else if( memcmp( s1, s2, s1len ) )
log_debug("MDC check: hashs differ\n");
else
rc = 0;
m_free(s2);
}
}
if( !rc && sig->flags.unknown_critical ) {
log_info(_("assuming bad MDC due to an unknown critical bit\n"));
rc = G10ERR_BAD_SIGN;
}
sig->flags.checked = 1;
sig->flags.valid = !rc;
/* FIXME: check that we are actually in an encrypted packet */
return rc;
}
/**************** /****************
* This function gets called by pubkey_verify() if the algorithm needs it. * This function gets called by pubkey_verify() if the algorithm needs it.
*/ */

2
g10/sign.c
View File

@ -656,7 +656,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
MD_HANDLE md; MD_HANDLE md;
assert( (sigclass >= 0x10 && sigclass <= 0x13) assert( (sigclass >= 0x10 && sigclass <= 0x13)
|| sigclass == 0x20 || sigclass == 0x18 ); || sigclass == 0x20 || sigclass == 0x18 || sigclass == 0x30 );
if( !digest_algo ) { if( !digest_algo ) {
switch( sk->pubkey_algo ) { switch( sk->pubkey_algo ) {
case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break; case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break;

3
g10/status.c
View File

@ -109,6 +109,9 @@ write_status_text ( int no, const char *text)
case STATUS_DECRYPTION_OKAY: s = "DECRYPTION_OKAY\n"; break; case STATUS_DECRYPTION_OKAY: s = "DECRYPTION_OKAY\n"; break;
case STATUS_MISSING_PASSPHRASE: s = "MISSING_PASSPHRASE\n"; break; case STATUS_MISSING_PASSPHRASE: s = "MISSING_PASSPHRASE\n"; break;
case STATUS_GOOD_PASSPHRASE : s = "GOOD_PASSPHRASE\n"; break; case STATUS_GOOD_PASSPHRASE : s = "GOOD_PASSPHRASE\n"; break;
case STATUS_GOODMDC : s = "GOODMDC\n"; break;
case STATUS_BADMDC : s = "BADMDC\n"; break;
case STATUS_ERRMDC : s = "ERRMDC\n"; break;
default: s = "?\n"; break; default: s = "?\n"; break;
} }

3
g10/status.h
View File

@ -60,6 +60,9 @@
#define STATUS_DECRYPTION_OKAY 30 #define STATUS_DECRYPTION_OKAY 30
#define STATUS_MISSING_PASSPHRASE 31 #define STATUS_MISSING_PASSPHRASE 31
#define STATUS_GOOD_PASSPHRASE 32 #define STATUS_GOOD_PASSPHRASE 32
#define STATUS_GOODMDC 33
#define STATUS_BADMDC 34
#define STATUS_ERRMDC 35
/*-- status.c --*/ /*-- status.c --*/
void set_status_fd ( int fd ); void set_status_fd ( int fd );

2
g10/verify.c
View File

@ -77,7 +77,7 @@ verify_signatures( int nfiles, char **files )
sl = NULL; sl = NULL;
for(i=1 ; i < nfiles; i++ ) for(i=1 ; i < nfiles; i++ )
add_to_strlist( &sl, files[i] ); add_to_strlist( &sl, files[i] );
rc = proc_signature_packets( fp, sl, sigfile ); rc = proc_signature_packets( NULL, fp, sl, sigfile );
free_strlist(sl); free_strlist(sl);
iobuf_close(fp); iobuf_close(fp);
return rc; return rc;

2
include/errors.h
View File

@ -70,7 +70,7 @@
#define G10ERR_NETWORK 48 /* general network error */ #define G10ERR_NETWORK 48 /* general network error */
#define G10ERR_UNKNOWN_HOST 49 #define G10ERR_UNKNOWN_HOST 49
#define G10ERR_SELFTEST_FAILED 50 #define G10ERR_SELFTEST_FAILED 50
#define G10ERR_NOT_ENCRYPTED 51
#ifndef HAVE_STRERROR #ifndef HAVE_STRERROR
char *strerror( int n ); char *strerror( int n );

6
mpi/ChangeLog
View File

@ -1,3 +1,9 @@
Mon Apr 26 17:48:15 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* mpih-add.c, mpih-sub.c: Removed
* mpi-inline.c: New.
* mpi-inline.h: Make it usable by mpi-inline.c.
Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> Sun Apr 18 10:11:28 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* mpih-mul.c (mpihelp_mul_n): Fixed use of memory region. * mpih-mul.c (mpihelp_mul_n): Fixed use of memory region.

3
mpi/Makefile.am
View File

@ -22,6 +22,7 @@ libmpi_a_SOURCES = longlong.h \
mpi-gcd.c \ mpi-gcd.c \
mpi-internal.h \ mpi-internal.h \
mpi-inline.h \ mpi-inline.h \
mpi-inline.c \
mpi-inv.c \ mpi-inv.c \
mpi-mul.c \ mpi-mul.c \
mpi-pow.c \ mpi-pow.c \
@ -29,8 +30,6 @@ libmpi_a_SOURCES = longlong.h \
mpi-scan.c \ mpi-scan.c \
mpicoder.c \ mpicoder.c \
mpih-cmp.c \ mpih-cmp.c \
mpih-add.c \
mpih-sub.c \
mpih-div.c \ mpih-div.c \
mpih-mul.c \ mpih-mul.c \
mpiutil.c \ mpiutil.c \

36
mpi/mpi-inline.c Normal file
View File

@ -0,0 +1,36 @@
/* mpi-inline.c
* Copyright (C) 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
/* put the inline functions as real functions into the lib */
#define G10_MPI_INLINE_DECL
#include "mpi-internal.h"
/* always include the header becuase it is only
* included by mpi-internal if __GCC__ is defined but we
* need it here in all cases and the above definition of
* of the macro allows us to do so
*/
#include "mpi-inline.h"

13
mpi/mpi-inline.h
View File

@ -1,5 +1,5 @@
/* mpi-inline.h - Internal to the Multi Precision Integers /* mpi-inline.h - Internal to the Multi Precision Integers
* Copyright (C) 1998 Free Software Foundation, Inc. * Copyright (C) 1998, 1999 Free Software Foundation, Inc.
* Copyright (C) 1994, 1996 Free Software Foundation, Inc. * Copyright (C) 1994, 1996 Free Software Foundation, Inc.
* *
* This file is part of GnuPG. * This file is part of GnuPG.
@ -30,8 +30,11 @@
#ifndef G10_MPI_INLINE_H #ifndef G10_MPI_INLINE_H
#define G10_MPI_INLINE_H #define G10_MPI_INLINE_H
#ifndef G10_MPI_INLINE_DECL
#define G10_MPI_INLINE_DECL extern __inline__
#endif
extern __inline__ mpi_limb_t G10_MPI_INLINE_DECL mpi_limb_t
mpihelp_add_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpihelp_add_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
mpi_size_t s1_size, mpi_limb_t s2_limb) mpi_size_t s1_size, mpi_limb_t s2_limb)
{ {
@ -61,7 +64,7 @@ mpihelp_add_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
extern __inline__ mpi_limb_t G10_MPI_INLINE_DECL mpi_limb_t
mpihelp_add(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size, mpihelp_add(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
mpi_ptr_t s2_ptr, mpi_size_t s2_size) mpi_ptr_t s2_ptr, mpi_size_t s2_size)
{ {
@ -77,7 +80,7 @@ mpihelp_add(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
} }
extern __inline__ mpi_limb_t G10_MPI_INLINE_DECL mpi_limb_t
mpihelp_sub_1(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpihelp_sub_1(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
mpi_size_t s1_size, mpi_limb_t s2_limb ) mpi_size_t s1_size, mpi_limb_t s2_limb )
{ {
@ -107,7 +110,7 @@ mpihelp_sub_1(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
extern __inline__ mpi_limb_t G10_MPI_INLINE_DECL mpi_limb_t
mpihelp_sub( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size, mpihelp_sub( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
mpi_ptr_t s2_ptr, mpi_size_t s2_size) mpi_ptr_t s2_ptr, mpi_size_t s2_size)
{ {

88
mpi/mpih-add.c
View File

@ -1,88 +0,0 @@
/* mpihelp-add.c - MPI helper functions
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1994, 1996 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
* Note: This code is heavily based on the GNU MP Library.
* Actually it's the same code with only minor changes in the
* way the data is stored; this is to support the abstraction
* of an optional secure memory allocation which may be used
* to avoid revealing of sensitive data due to paging etc.
* The GNU MP Library itself is published under the LGPL;
* however I decided to publish this code under the plain GPL.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include "mpi-internal.h"
/****************
* Add to S1_PTR with size S1_SIZE the limb S2_LIMB and
* store the result in RES_PTR. Return the carry
* S1_SIZE must be > 0.
*/
#ifndef __GNUC__
/*_EXTERN_INLINE */
mpi_limb_t
mpihelp_add_1( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
mpi_size_t s1_size, mpi_limb_t s2_limb)
{
mpi_limb_t x;
x = *s1_ptr++;
s2_limb += x;
*res_ptr++ = s2_limb;
if( s2_limb < x ) { /* sum is less than the left operand: handle carry */
while( --s1_size ) {
x = *s1_ptr++ + 1; /* add carry */
*res_ptr++ = x; /* and store */
if( x ) /* not 0 (no overflow): we can stop */
goto leave;
}
return 1; /* return carry (size of s1 to small) */
}
leave:
if( res_ptr != s1_ptr ) { /* not the same variable */
mpi_size_t i; /* copy the rest */
for( i=0; i < s1_size-1; i++ )
res_ptr[i] = s1_ptr[i];
}
return 0; /* no carry */
}
/*_EXTERN_INLINE*/
mpi_limb_t
mpihelp_add(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
mpi_ptr_t s2_ptr, mpi_size_t s2_size)
{
mpi_limb_t cy = 0;
if( s2_size )
cy = mpihelp_add_n( res_ptr, s1_ptr, s2_ptr, s2_size );
if( s1_size - s2_size )
cy = mpihelp_add_1( res_ptr + s2_size, s1_ptr + s2_size,
s1_size - s2_size, cy);
return cy;
}
#endif

81
mpi/mpih-sub.c
View File

@ -1,81 +0,0 @@
/* mpihelp-sub.c - MPI helper functions
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1994, 1996 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*
* Note: This code is heavily based on the GNU MP Library.
* Actually it's the same code with only minor changes in the
* way the data is stored; this is to support the abstraction
* of an optional secure memory allocation which may be used
* to avoid revealing of sensitive data due to paging etc.
* The GNU MP Library itself is published under the LGPL;
* however I decided to publish this code under the plain GPL.
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include "mpi-internal.h"
#ifndef __GNUC__
mpi_limb_t
mpihelp_sub_1(mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr,
mpi_size_t s1_size, mpi_limb_t s2_limb )
{
mpi_limb_t x;
x = *s1_ptr++;
s2_limb = x - s2_limb;
*res_ptr++ = s2_limb;
if( s2_limb > x ) {
while( --s1_size ) {
x = *s1_ptr++;
*res_ptr++ = x - 1;
if( x )
goto leave;
}
return 1;
}
leave:
if( res_ptr != s1_ptr ) {
mpi_size_t i;
for( i=0; i < s1_size-1; i++ )
res_ptr[i] = s1_ptr[i];
}
return 0;
}
mpi_limb_t
mpihelp_sub( mpi_ptr_t res_ptr, mpi_ptr_t s1_ptr, mpi_size_t s1_size,
mpi_ptr_t s2_ptr, mpi_size_t s2_size)
{
mpi_limb_t cy = 0;
if( s2_size )
cy = mpihelp_sub_n(res_ptr, s1_ptr, s2_ptr, s2_size);
if( s1_size - s2_size )
cy = mpihelp_sub_1(res_ptr + s2_size, s1_ptr + s2_size,
s1_size - s2_size, cy);
return cy;
}
#endif

1
util/errors.c
View File

@ -99,6 +99,7 @@ g10_errstr( int err )
X(INVALID_URI ,N_("unsupported URI")) X(INVALID_URI ,N_("unsupported URI"))
X(NETWORK ,N_("network error")) X(NETWORK ,N_("network error"))
X(SELFTEST_FAILED,"selftest failed") X(SELFTEST_FAILED,"selftest failed")
X(NOT_ENCRYPTED ,N_("not encrypted"))
default: p = buf; sprintf(buf, "g10err=%d", err); break; default: p = buf; sprintf(buf, "g10err=%d", err); break;
} }
#undef X #undef X