security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

See ChangeLog: Tue Oct 26 14:10:21 CEST 1999 Werner Koch

This commit is contained in:
Werner Koch 1999-10-26 12:14:37 +00:00
parent df4ecbb8d9
commit cf70ca8d68
71 changed files with 4032 additions and 2869 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
BUGS
View File

@ -54,5 +54,11 @@ and after about half a day in the rsync snapshots.
for the last one. This happens on some systems when not using the
GNU ld. This need to be fixed in libtool.
[ **] #25 1999-10-04 <wk@gnupg.org> 1.0
Validity check based on user name is only done when listing a key;
the key ID based checking (selecting the user ID with the most
validity) is used in all other cases. The Edit menu does not have
a way to disbly user ID based validity.
Next #25
Next #26

10
ChangeLog
View File

@ -1,3 +1,13 @@
Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
* README-alpha: New
* configure.in: Fixed quoting in test for development version.
* THANKS: Add entries for Michael, Brenno and J Horacio who did
very nice Howto documents - I apoligize for forgetting to mention them
earlier.
Fri Sep 17 12:56:42 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

15
Makefile.am
View File

@ -1,12 +1,15 @@
## Process this file with automake to produce Makefile.in
if COMPILE_LIBGCRYPT
#if COMPILE_LIBGCRYPT
#gcrypt = gcrypt
#my_clean_gcrypt =
#else
#gcrypt =
#my_clean_gcrypt = gcrypt/Makefile
#endif
gcrypt = gcrypt
my_clean_gcrypt =
else
gcrypt =
my_clean_gcrypt = gcrypt/Makefile
endif
if CROSS_COMPILING
checks =
@ -15,7 +18,7 @@ checks = checks
endif
SUBDIRS = intl zlib util mpi cipher tools g10 po doc ${checks} ${gcrypt}
EXTRA_DIST = VERSION PROJECTS BUGS
EXTRA_DIST = README-alpha VERSION PROJECTS BUGS
# gettext never gets it right, so we take here care of deleting the
# symlink. my_clean_gcrypt is just a kludge until we can include
# libgcrypt.

8
NEWS
View File

@ -1,3 +1,11 @@
Noteworthy changes in version 1.1.0 (1999-10-26)
-----------------------------------
* Did a couple of changes for this new development series.
This release basically works on my machine but may have
serious problems.
Noteworthy changes in version 1.0.0 (1999-09-07)
-----------------------------------

7
NOTES
View File

@ -1,4 +1,7 @@
gcry_md_open() may return NULL in case of an unknown algorithm
Return GCRYERR_NOMEM instead of using m_alloc in most library functions
SCO UnixWare/7.1.0 reported by Allan Clark <allanc@sco.com> for 0.9.8
@ -11,3 +14,7 @@ Some other reported cpu-vendor-os strings:
sparc-sun-sunos4.1.2
i386-pc-sysv4.2 (USL Unixware v1.1.2)
Johan Wevers <johanw@vulcan.xs4all.nl> is working on a NL translation.

199
THANKS
View File

@ -3,106 +3,109 @@ reporting problems, suggesting various improvements or submitting actual
code. Here is a list of those people. Help me keep it complete and free of
errors.
Allan Clark allanc@sco.com
Anand Kumria wildfire@progsoc.uts.edu.au
Ariel T Glenn ariel@columbia.edu
Bodo Moeller Bodo_Moeller@public.uni-hamburg.de
Bryan Fullerton bryanf@samurai.com
Brian Moore bem@cmc.net
Brian Warner warner@lothar.com
Caskey L. Dickson caskey@technocage.com
Cees van de Griend cees-list@griend.xs4all.nl
Charles Levert charles@comm.polymtl.ca
Christian von Roques roques@pond.sub.org
Christopher Oliver oliver@fritz.traverse.net
Christian Recktenwald chris@citecs.de
Daniel Eisenbud eisenbud@cs.swarthmore.edu
Daniel Koening dan@mail.isis.de
David Ellement ellement@sdd.hp.com
Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
Dirk Lattermann dlatt@t-online.de
Ed Boraas ecxjo@esperanto.org
Enzo Michelangeli em@MailAndNews.com
Ernst Molitor ernst.molitor@uni-bonn.de
Fabio Coatti cova@felix.unife.it
Felix von Leitner leitner@amdiv.de
Frank Heckenbach heckenb@mi.uni-erlangen.de
Frank Stajano frank.stajano@cl.cam.ac.uk
Gaël Quéri gqueri@mail.dotcom.fr
Greg Louis glouis@dynamicro.on.ca
Greg Troxel gdt@ir.bbn.com
Gregory Steuck steuck@iname.com
Geoff Keating geoffk@ozemail.com.au
Harald Denker harry@hal.westfalen.de
Hendrik Buschkamp buschkamp@rheumanet.org
Holger Schurig holger@d.om.org
Hugh Daniel hugh@toad.com
Ian McKellar imckellar@harvestroad.com.au
Janusz A. Urbanowicz alex@bofh.torun.pl
James Troup james@nocrew.org
Jean-loup Gailly gzip@prep.ai.mit.edu
Jens Bachem bachem@rrz.uni-koeln.de
Joachim Backes backes@rhrk.uni-kl.de
John A. Martin jam@jamux.com
Johnny Teveßen j.tevessen@gmx.de
Jörg Schilling schilling@fokus.gmd.de
Jun Kuriyama kuriyama@sky.rim.or.jp
Karl Fogel kfogel@guanabana.onshore.com
Karsten Thygesen karthy@kom.auc.dk
Katsuhiro Kondou kondou@nec.co.jp
Kazu Yamamoto kazu@iijlab.net
Lars Kellogg-Stedman lars@bu.edu
Marco d'Itri md@linux.it
Mark Adler madler@alumni.caltech.edu
Mark Elbrecht snowball3@bigfoot.com
Markus Friedl Markus.Friedl@informatik.uni-erlangen.de
Martin Kahlert martin.kahlert@provi.de
Allan Clark allanc@sco.com
Anand Kumria wildfire@progsoc.uts.edu.au
Ariel T Glenn ariel@columbia.edu
Bodo Moeller Bodo_Moeller@public.uni-hamburg.de
Brenno de Winter brenno@dewinter.com
Brian Moore bem@cmc.net
Brian Warner warner@lothar.com
Bryan Fullerton bryanf@samurai.com
Caskey L. Dickson caskey@technocage.com
Cees van de Griend cees-list@griend.xs4all.nl
Charles Levert charles@comm.polymtl.ca
Christian von Roques roques@pond.sub.org
Christopher Oliver oliver@fritz.traverse.net
Christian Recktenwald chris@citecs.de
Daniel Eisenbud eisenbud@cs.swarthmore.edu
Daniel Koening dan@mail.isis.de
David Ellement ellement@sdd.hp.com
Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
Dirk Lattermann dlatt@t-online.de
Ed Boraas ecxjo@esperanto.org
Enzo Michelangeli em@MailAndNews.com
Ernst Molitor ernst.molitor@uni-bonn.de
Fabio Coatti cova@felix.unife.it
Felix von Leitner leitner@amdiv.de
Frank Heckenbach heckenb@mi.uni-erlangen.de
Frank Stajano frank.stajano@cl.cam.ac.uk
Gaël Quéri gqueri@mail.dotcom.fr
Greg Louis glouis@dynamicro.on.ca
Greg Troxel gdt@ir.bbn.com
Gregory Steuck steuck@iname.com
Geoff Keating geoffk@ozemail.com.au
Harald Denker harry@hal.westfalen.de
Hendrik Buschkamp buschkamp@rheumanet.org
Holger Schurig holger@d.om.org
Hugh Daniel hugh@toad.com
Ian McKellar imckellar@harvestroad.com.au
Janusz A. Urbanowicz alex@bofh.torun.pl
James Troup james@nocrew.org
Jean-loup Gailly gzip@prep.ai.mit.edu
Jens Bachem bachem@rrz.uni-koeln.de
J Horacio MG homega@ciberia.es
Joachim Backes backes@rhrk.uni-kl.de
John A. Martin jam@jamux.com
Johnny Teveßen j.tevessen@gmx.de
Jörg Schilling schilling@fokus.gmd.de
Jun Kuriyama kuriyama@sky.rim.or.jp
Karl Fogel kfogel@guanabana.onshore.com
Karsten Thygesen karthy@kom.auc.dk
Katsuhiro Kondou kondou@nec.co.jp
Kazu Yamamoto kazu@iijlab.net
Lars Kellogg-Stedman lars@bu.edu
Marco d'Itri md@linux.it
Mark Adler madler@alumni.caltech.edu
Mark Elbrecht snowball3@bigfoot.com
Markus Friedl Markus.Friedl@informatik.uni-erlangen.de
Martin Kahlert martin.kahlert@provi.de
Martin Hamilton
Martin Schulte schulte@thp.uni-koeln.de
Matthew Skala mskala@ansuz.sooke.bc.ca
Max Valianskiy maxcom@maxcom.ml.org
Michael Roth mroth@nessie.de
Michael Sobolev mss@despair.transas.com
Nicolas Graner Nicolas.Graner@cri.u-psud.fr
NIIBE Yutaka gniibe@chroot.org
Martin Schulte schulte@thp.uni-koeln.de
Matthew Skala mskala@ansuz.sooke.bc.ca
Max Valianskiy maxcom@maxcom.ml.org
Michael Fischer v. Mollard mfvm@gmx.de
Michael Roth mroth@nessie.de
Michael Sobolev mss@despair.transas.com
Nicolas Graner Nicolas.Graner@cri.u-psud.fr
NIIBE Yutaka gniibe@chroot.org
Niklas Hernaeus
Nimrod Zimerman zimerman@forfree.at
N J Doye nic@niss.ac.uk
Oliver Haakert haakert@hsp.de
Oskari Jääskeläinen f33003a@cc.hut.fi
Paul D. Smith psmith@baynetworks.com
Philippe Laliberte arsphl@oeil.qc.ca
Peter Gutmann pgut001@cs.auckland.ac.nz
QingLong qinglong@bolizm.ihep.su
Ralph Gillen gillen@theochem.uni-duesseldorf.de
Rat ratinox@peorth.gweep.net
Reinhard Wobst R.Wobst@ifw-dresden.de
Rémi Guyomarch rguyom@mail.dotcom.fr
Reuben Sumner rasumner@wisdom.weizmann.ac.il
Richard Outerbridge outer@interlog.com
Roddy Strachan roddy@satlink.com.au
Roland Rosenfeld roland@spinnaker.rhein.de
Ross Golder rossigee@bigfoot.com
Serge Munhoven munhoven@mema.ucl.ac.be
SL Baur steve@xemacs.org
Stefan Karrmann S.Karrmann@gmx.net
Stefan Keller dres@cs.tu-berlin.de
Steffen Ullrich ccrlphr@xensei.com
Steffen Zahn zahn@berlin.snafu.de
Steven Bakker steven@icoe.att.com
Susanne Schultz schultz@hsp.de
Thiago Jung Bauermann jungmann@cwb.matrix.com.br
Thomas Roessler roessler@guug.de
Tom Spindler dogcow@home.merit.edu
Tom Zerucha tzeruch@ceddec.com
Tomas Fasth tomas.fasth@twinspot.net
Thomas Mikkelsen tbm@image.dk
Ulf Möller 3umoelle@informatik.uni-hamburg.de
Urko Lusa ulusa@lacueva.ddns.org
Walter Koch koch@hsp.de
Werner Koch werner.koch@guug.de
Wim Vandeputte bunbun@reptile.rug.ac.be
nbecker@hns.com
Nimrod Zimerman zimerman@forfree.at
N J Doye nic@niss.ac.uk
Oliver Haakert haakert@hsp.de
Oskari Jääskeläinen f33003a@cc.hut.fi
Paul D. Smith psmith@baynetworks.com
Philippe Laliberte arsphl@oeil.qc.ca
Peter Gutmann pgut001@cs.auckland.ac.nz
QingLong qinglong@bolizm.ihep.su
Ralph Gillen gillen@theochem.uni-duesseldorf.de
Rat ratinox@peorth.gweep.net
Reinhard Wobst R.Wobst@ifw-dresden.de
Rémi Guyomarch rguyom@mail.dotcom.fr
Reuben Sumner rasumner@wisdom.weizmann.ac.il
Richard Outerbridge outer@interlog.com
Roddy Strachan roddy@satlink.com.au
Roland Rosenfeld roland@spinnaker.rhein.de
Ross Golder rossigee@bigfoot.com
Serge Munhoven munhoven@mema.ucl.ac.be
SL Baur steve@xemacs.org
Stefan Karrmann S.Karrmann@gmx.net
Stefan Keller dres@cs.tu-berlin.de
Steffen Ullrich ccrlphr@xensei.com
Steffen Zahn zahn@berlin.snafu.de
Steven Bakker steven@icoe.att.com
Susanne Schultz schultz@hsp.de
Thiago Jung Bauermann jungmann@cwb.matrix.com.br
Thomas Roessler roessler@guug.de
Tom Spindler dogcow@home.merit.edu
Tom Zerucha tzeruch@ceddec.com
Tomas Fasth tomas.fasth@twinspot.net
Thomas Mikkelsen tbm@image.dk
Ulf Möller 3umoelle@informatik.uni-hamburg.de
Urko Lusa ulusa@lacueva.ddns.org
Walter Koch koch@hsp.de
Werner Koch werner.koch@guug.de
Wim Vandeputte bunbun@reptile.rug.ac.be
nbecker@hns.com
Thanks to the German Unix User Group for providing FTP space,
Martin Hamilton for hosting the mailing list and HSP for

10
TODO
View File

@ -1,10 +1,10 @@
* try to do --verify even if the files are swapped on the commandline
(requested by Herny Spencer) or change the error message to
a more clear one.
* Implement the AXP syscall to enable bus traps for GLIB 2
* parse a paramter file to do automatic key generation and to set
parameters for the keygen menu. Far easier than to do a dialog for
each required parameter.
Scheduled for 1.1
-----------------
* With option -i prompt before adding a key to the keyring and show some
info what we are about to add.

2
VERSION
View File

@ -1 +1 @@
1.0.0pre1.1
1.1.0

2
checks/genkey1024.test
View File

@ -13,7 +13,7 @@ fi
LANG=
LANGUAGE=
expect - <<EOF >/dev/null
expect - <<EOF
#set timeout -1
set timeout 8
match_max 100000

18
cipher/ChangeLog
View File

@ -1,3 +1,21 @@
Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
* elgamal.c (sign): Hugh found strange code here. Replaced by BUG().
* cipher.c: Merged with gcrypt/symapi.c.
* pubkey.c (string_to_pubkey_algo): Renamed function to ...
(gcry_pk_map_name): ... this.
(pubkey_algo_to_string): Renamed function to ...
(gcry_pk_algo_name): ... this.
(gcry_pk_algo_info): New.
* pubkey.c: Merged with gcrypt/pkapi.c.
* md.c (md_reset): Clear finalized; thanks to Ulf Moeller for
fixing this bug.
* md.c: Merged with gcrypt/mdapi.c
Wed Sep 15 14:39:59 CEST 1999 Michael Roth <mroth@nessie.de>
* des.c: Various speed improvements: One bit pre rotation

366
cipher/cipher.c
View File

@ -24,6 +24,8 @@
#include <string.h>
#include <errno.h>
#include <assert.h>
#include "g10lib.h"
#include "util.h"
#include "errors.h"
#include "cipher.h"
@ -32,9 +34,10 @@
#include "cast5.h"
#include "dynload.h"
#define MAX_BLOCKSIZE 16
#define TABLE_SIZE 10
#define CTX_MAGIC_NORMAL 0x24091964
#define CTX_MAGIC_SECURE 0x46919042
struct cipher_table_s {
const char *name;
@ -50,10 +53,11 @@ struct cipher_table_s {
static struct cipher_table_s cipher_table[TABLE_SIZE];
static int disabled_algos[TABLE_SIZE];
struct cipher_handle_s {
struct gcry_cipher_handle {
int magic;
int algo;
int mode;
unsigned int flags;
size_t blocksize;
byte iv[MAX_BLOCKSIZE]; /* (this should be ulong aligned) */
byte lastiv[MAX_BLOCKSIZE];
@ -209,16 +213,13 @@ load_cipher_modules(void)
}
/****************
* Map a string to the cipher algo
* Map a string to the cipher algo.
* Returns: The algo ID of the cipher for the gioven name or
* 0 if the name is not known.
*/
int
string_to_cipher_algo( const char *string )
gcry_cipher_map_name( const char *string )
{
int i;
const char *s;
@ -234,7 +235,7 @@ string_to_cipher_algo( const char *string )
/****************
* Map a cipher algo to a string
*/
const char *
static const char *
cipher_algo_to_string( int algo )
{
int i;
@ -247,8 +248,20 @@ cipher_algo_to_string( int algo )
return NULL;
}
/****************
* This function simply returns the name of the algorithm or some constant
* string when there is no algo. It will never return NULL.
*/
const char *
gcry_cipher_algo_name( int algo )
{
const char *s = cipher_algo_to_string( algo );
return s? s: "";
}
void
static void
disable_cipher_algo( int algo )
{
int i;
@ -266,7 +279,7 @@ disable_cipher_algo( int algo )
/****************
* Return 0 if the cipher algo is available
*/
int
static int
check_cipher_algo( int algo )
{
int i;
@ -285,7 +298,7 @@ check_cipher_algo( int algo )
}
unsigned
static unsigned
cipher_get_keylen( int algo )
{
int i;
@ -305,7 +318,7 @@ cipher_get_keylen( int algo )
return 0;
}
unsigned
static unsigned
cipher_get_blocksize( int algo )
{
int i;
@ -328,70 +341,98 @@ cipher_get_blocksize( int algo )
/****************
* Open a cipher handle for use with algorithm ALGO, in mode MODE
* and put it into secure memory if SECURE is true.
* and return the handle. Return NULL and set the internal error variable
* if something goes wrong.
*/
CIPHER_HANDLE
cipher_open( int algo, int mode, int secure )
GCRY_CIPHER_HD
gcry_cipher_open( int algo, int mode, unsigned int flags )
{
CIPHER_HANDLE hd;
int i;
GCRY_CIPHER_HD h;
int idx;
int secure = (flags & GCRY_CIPHER_SECURE);
fast_random_poll();
do {
for(i=0; cipher_table[i].name; i++ )
if( cipher_table[i].algo == algo )
break;
} while( !cipher_table[i].name && load_cipher_modules() );
if( !cipher_table[i].name ) {
log_fatal("cipher_open: algorithm %d not available\n", algo );
/* check whether the algo is available */
if( check_cipher_algo( algo ) ) {
set_lasterr( GCRYERR_INV_ALGO );
return NULL;
}
/* check flags */
if( (flags & ~(GCRY_CIPHER_SECURE|GCRY_CIPHER_ENABLE_SYNC)) ) {
set_lasterr( GCRYERR_INV_ARG );
return NULL;
}
/* get the table index of the algo */
for(idx=0; cipher_table[idx].name; idx++ )
if( cipher_table[idx].algo == algo )
break;
if( !cipher_table[idx].name )
BUG(); /* check_cipher_algo() should have loaded the algo */
if( algo == CIPHER_ALGO_DUMMY )
mode = GCRY_CIPHER_MODE_NONE; /* force this mode for dummy algo */
/* check that a valid mode has been requested */
switch( mode ) {
case GCRY_CIPHER_MODE_ECB:
case GCRY_CIPHER_MODE_CBC:
case GCRY_CIPHER_MODE_CFB:
break;
case GCRY_CIPHER_MODE_NONE:
/* FIXME: issue a warning when this mode is used */
break;
default:
set_lasterr( GCRYERR_INV_ALGO );
return NULL;
}
/* ? perform selftest here and mark this with a flag in cipher_table ? */
hd = secure ? m_alloc_secure_clear( sizeof *hd
+ cipher_table[i].contextsize
- sizeof(PROPERLY_ALIGNED_TYPE) )
: m_alloc_clear( sizeof *hd + cipher_table[i].contextsize
h = secure ? m_alloc_secure_clear( sizeof *h
+ cipher_table[idx].contextsize
- sizeof(PROPERLY_ALIGNED_TYPE) )
: m_alloc_clear( sizeof *h + cipher_table[idx].contextsize
- sizeof(PROPERLY_ALIGNED_TYPE) );
hd->algo = algo;
hd->blocksize = cipher_table[i].blocksize;
hd->setkey = cipher_table[i].setkey;
hd->encrypt = cipher_table[i].encrypt;
hd->decrypt = cipher_table[i].decrypt;
if( algo == CIPHER_ALGO_DUMMY )
hd->mode = CIPHER_MODE_DUMMY;
else if( mode == CIPHER_MODE_AUTO_CFB ) {
#warning Remove this code and the AUTO:CFB macro.
if( algo >= 100 )
hd->mode = CIPHER_MODE_CFB;
else
hd->mode = CIPHER_MODE_PHILS_CFB;
}
else
hd->mode = mode;
h->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
h->algo = algo;
h->mode = mode;
h->flags = flags;
h->blocksize = cipher_table[idx].blocksize;
h->setkey = cipher_table[idx].setkey;
h->encrypt = cipher_table[idx].encrypt;
h->decrypt = cipher_table[idx].decrypt;
return hd;
return h;
}
void
cipher_close( CIPHER_HANDLE c )
gcry_cipher_close( GCRY_CIPHER_HD h )
{
m_free(c);
if( !h )
return;
if( h->magic != CTX_MAGIC_SECURE && h->magic != CTX_MAGIC_NORMAL ) {
fatal_invalid_arg("gcry_cipher_close: already closed/invalid handle");
return;
}
h->magic = 0;
m_free(h);
}
int
cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen )
static int
cipher_setkey( GCRY_CIPHER_HD c, byte *key, unsigned keylen )
{
return (*c->setkey)( &c->context.c, key, keylen );
}
void
cipher_setiv( CIPHER_HANDLE c, const byte *iv, unsigned ivlen )
static void
cipher_setiv( GCRY_CIPHER_HD c, const byte *iv, unsigned ivlen )
{
memset( c->iv, 0, c->blocksize );
if( iv ) {
@ -408,7 +449,7 @@ cipher_setiv( CIPHER_HANDLE c, const byte *iv, unsigned ivlen )
static void
do_ecb_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
do_ecb_encrypt( GCRY_CIPHER_HD c, byte *outbuf, byte *inbuf, unsigned nblocks )
{
unsigned n;
@ -420,7 +461,7 @@ do_ecb_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
}
static void
do_ecb_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
do_ecb_decrypt( GCRY_CIPHER_HD c, byte *outbuf, byte *inbuf, unsigned nblocks )
{
unsigned n;
@ -432,7 +473,7 @@ do_ecb_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
}
static void
do_cbc_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
do_cbc_encrypt( GCRY_CIPHER_HD c, byte *outbuf, byte *inbuf, unsigned nblocks )
{
unsigned int n;
byte *ivp;
@ -453,7 +494,7 @@ do_cbc_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
}
static void
do_cbc_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
do_cbc_decrypt( GCRY_CIPHER_HD c, byte *outbuf, byte *inbuf, unsigned nblocks )
{
unsigned int n;
byte *ivp;
@ -476,7 +517,7 @@ do_cbc_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nblocks )
static void
do_cfb_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
do_cfb_encrypt( GCRY_CIPHER_HD c, byte *outbuf, byte *inbuf, unsigned nbytes )
{
byte *ivp;
size_t blocksize = c->blocksize;
@ -520,7 +561,7 @@ do_cfb_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
}
static void
do_cfb_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
do_cfb_decrypt( GCRY_CIPHER_HD c, byte *outbuf, byte *inbuf, unsigned nbytes )
{
byte *ivp;
ulong temp;
@ -582,23 +623,22 @@ do_cfb_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
* inbuf and outbuf may overlap or be the same.
* Depending on the mode some some contraints apply to NBYTES.
*/
void
cipher_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
static void
cipher_encrypt( GCRY_CIPHER_HD c, byte *outbuf, byte *inbuf, unsigned nbytes )
{
switch( c->mode ) {
case CIPHER_MODE_ECB:
case GCRY_CIPHER_MODE_ECB:
assert(!(nbytes%8));
do_ecb_encrypt(c, outbuf, inbuf, nbytes/8 );
break;
case CIPHER_MODE_CBC:
case GCRY_CIPHER_MODE_CBC:
assert(!(nbytes%8)); /* fixme: should be blocksize */
do_cbc_encrypt(c, outbuf, inbuf, nbytes/8 );
break;
case CIPHER_MODE_CFB:
case CIPHER_MODE_PHILS_CFB:
case GCRY_CIPHER_MODE_CFB:
do_cfb_encrypt(c, outbuf, inbuf, nbytes );
break;
case CIPHER_MODE_DUMMY:
case GCRY_CIPHER_MODE_NONE:
if( inbuf != outbuf )
memmove( outbuf, inbuf, nbytes );
break;
@ -607,28 +647,54 @@ cipher_encrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
}
/****************
* Encrypt IN and write it to OUT. If IN is NULL, in-place encryption has
* been requested,
*/
int
gcry_cipher_encrypt( GCRY_CIPHER_HD h, byte *out, size_t outsize,
const byte *in, size_t inlen )
{
if( !in ) {
/* caller requested in-place encryption */
/* actullay cipher_encrypt() does not need to know about it, but
* we may chnage this to get better performace */
cipher_encrypt( h, out, out, outsize );
}
else {
if( outsize < inlen )
return set_lasterr( GCRYERR_TOO_SHORT );
/* fixme: check that the inlength is a multipe of the blocksize
* if a blockoriented mode is used, or modify cipher_encrypt to
* return an error in this case */
cipher_encrypt( h, out, in, inlen );
}
return 0;
}
/****************
* Decrypt INBUF to OUTBUF with the mode selected at open.
* inbuf and outbuf may overlap or be the same.
* Depending on the mode some some contraints apply to NBYTES.
*/
void
cipher_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
static void
cipher_decrypt( GCRY_CIPHER_HD c, byte *outbuf, byte *inbuf, unsigned nbytes )
{
switch( c->mode ) {
case CIPHER_MODE_ECB:
case GCRY_CIPHER_MODE_ECB:
assert(!(nbytes%8));
do_ecb_decrypt(c, outbuf, inbuf, nbytes/8 );
break;
case CIPHER_MODE_CBC:
case GCRY_CIPHER_MODE_CBC:
assert(!(nbytes%8)); /* fixme: should assert on blocksize */
do_cbc_decrypt(c, outbuf, inbuf, nbytes/8 );
break;
case CIPHER_MODE_CFB:
case CIPHER_MODE_PHILS_CFB:
case GCRY_CIPHER_MODE_CFB:
do_cfb_decrypt(c, outbuf, inbuf, nbytes );
break;
case CIPHER_MODE_DUMMY:
case GCRY_CIPHER_MODE_NONE:
if( inbuf != outbuf )
memmove( outbuf, inbuf, nbytes );
break;
@ -637,18 +703,160 @@ cipher_decrypt( CIPHER_HANDLE c, byte *outbuf, byte *inbuf, unsigned nbytes )
}
int
gcry_cipher_decrypt( GCRY_CIPHER_HD h, byte *out, size_t outsize,
const byte *in, size_t inlen )
{
if( !in ) {
/* caller requested in-place encryption */
/* actullay cipher_encrypt() does not need to know about it, but
* we may chnage this to get better performace */
cipher_decrypt( h, out, out, outsize );
}
else {
if( outsize < inlen )
return set_lasterr( GCRYERR_TOO_SHORT );
/* fixme: check that the inlength is a multipe of the blocksize
* if a blockoriented mode is used, or modify cipher_encrypt to
* return an error in this case */
cipher_decrypt( h, out, in, inlen );
}
return 0;
}
/****************
* Used for PGP's somewhat strange CFB mode. Only works if
* the handle is in PHILS_CFB mode
* the corresponding flag is set.
*/
void
cipher_sync( CIPHER_HANDLE c )
static void
cipher_sync( GCRY_CIPHER_HD c )
{
if( c->mode == CIPHER_MODE_PHILS_CFB && c->unused ) {
if( (c->flags & GCRY_CIPHER_ENABLE_SYNC) && c->unused ) {
memmove(c->iv + c->unused, c->iv, c->blocksize - c->unused );
memcpy(c->iv, c->lastiv + c->blocksize - c->unused, c->unused);
c->unused = 0;
}
}
int
gcry_cipher_ctl( GCRY_CIPHER_HD h, int cmd, void *buffer, size_t buflen)
{
switch( cmd ) {
case GCRYCTL_SET_KEY:
cipher_setkey( h, buffer, buflen );
break;
case GCRYCTL_SET_IV:
cipher_setiv( h, buffer, buflen );
break;
case GCRYCTL_CFB_SYNC:
cipher_sync( h );
break;
case GCRYCTL_DISABLE_ALGO:
/* this one expects a NULL handle and buffer pointing to an
* integer with the algo number.
*/
if( h || !buffer || buflen != sizeof(int) )
return set_lasterr( GCRYERR_INV_ARG );
disable_cipher_algo( *(int*)buffer );
break;
default:
return set_lasterr( GCRYERR_INV_OP );
}
return 0;
}
/****************
* Return information about the cipher handle.
* -1 is returned on error and gcry_errno() may be used to get more information
* about the error.
*/
int
gcry_cipher_info( GCRY_CIPHER_HD h, int cmd, void *buffer, size_t *nbytes)
{
switch( cmd ) {
default:
set_lasterr( GCRYERR_INV_OP );
return -1;
}
return 0;
}
/****************
* Return information about the given cipher algorithm
* WHAT select the kind of information returned:
* GCRYCTL_GET_KEYLEN:
* Return the length of the key, if the algorithm
* supports multiple key length, the maximum supported value
* is returnd. The length is return as number of octets.
* buffer and nbytes must be zero.
* The keylength is returned in _bytes_.
* GCRYCTL_GET_BLKLEN:
* Return the blocklength of the algorithm counted in octets.
* buffer and nbytes must be zero.
* GCRYCTL_TEST_ALGO:
* Returns 0 when the specified algorithm is available for use.
* buffer and nbytes must be zero.
*
* On error the value -1 is returned and the error reason may be
* retrieved by gcry_errno().
* Note: Because this function is in most caes used to return an
* integer value, we can make it easier for the caller to just look at
* the return value. The caller will in all cases consult the value
* and thereby detecting whether a error occured or not (i.e. while checking
* the block size)
*/
int
gcry_cipher_algo_info( int algo, int what, void *buffer, size_t *nbytes)
{
unsigned int ui;
switch( what ) {
case GCRYCTL_GET_KEYLEN:
if( buffer || nbytes ) {
set_lasterr( GCRYERR_INV_ARG );
break;
}
ui = cipher_get_keylen( algo );
if( ui > 0 && ui <= 512 )
return (int)ui/8;
/* the only reason is an invalid algo or a strange blocksize */
set_lasterr( GCRYERR_INV_ALGO );
break;
case GCRYCTL_GET_BLKLEN:
if( buffer || nbytes ) {
set_lasterr( GCRYERR_INV_ARG );
break;
}
ui = cipher_get_blocksize( algo );
if( ui > 0 && ui < 10000 )
return (int)ui;
/* the only reason is an invalid algo or a strange blocksize */
set_lasterr( GCRYERR_INV_ALGO );
break;
case GCRYCTL_TEST_ALGO:
if( buffer || nbytes ) {
set_lasterr( GCRYERR_INV_ARG );
break;
}
if( check_cipher_algo( algo ) ) {
set_lasterr( GCRYERR_INV_ALGO );
break;
}
return 0;
default:
set_lasterr( GCRYERR_INV_OP );
}
return -1;
}

4
cipher/elgamal.c
View File

@ -351,8 +351,10 @@ sign(MPI a, MPI b, MPI input, ELG_secret_key *skey )
mpi_powm( a, skey->g, k, skey->p );
mpi_mul(t, skey->x, a );
mpi_subm(t, input, t, p_1 );
while( mpi_is_neg(t) )
while( mpi_is_neg(t) ) {
BUG(); /* That is nonsense code - left over from a very early test?*/
mpi_add(t, t, p_1);
}
mpi_invm(inv, k, p_1 );
mpi_mulm(b, t, inv, p_1 );

430
cipher/md.c
View File

@ -24,6 +24,8 @@
#include <string.h>
#include <errno.h>
#include <assert.h>
#include "g10lib.h"
#include "util.h"
#include "cipher.h"
#include "errors.h"
@ -31,9 +33,38 @@
#include "rmd.h"
struct md_digest_list_s;
/* this structure is put right after the GCRY_MD_HD buffer, so that
* only one memory block is needed. */
struct gcry_md_context {
int magic;
int secure;
FILE *debug;
int finalized;
struct md_digest_list_s *list;
};
#define CTX_MAGIC_NORMAL 0x11071961
#define CTX_MAGIC_SECURE 0x16917011
static const char * digest_algo_to_string( int algo );
static int check_digest_algo( int algo );
static GCRY_MD_HD md_open( int algo, int secure );
static int md_enable( GCRY_MD_HD hd, int algo );
static GCRY_MD_HD md_copy( GCRY_MD_HD a );
static void md_close(GCRY_MD_HD a);
static void md_write( GCRY_MD_HD a, byte *inbuf, size_t inlen);
static void md_final(GCRY_MD_HD a);
static byte *md_read( GCRY_MD_HD a, int algo );
static int md_get_algo( GCRY_MD_HD a );
static int md_digest_length( int algo );
static const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );
static void md_start_debug( GCRY_MD_HD a, const char *suffix );
static void md_stop_debug( GCRY_MD_HD a );
/****************
* This structure is used for the list of available algorithms
* and for the list of algorithms in MD_HANDLE.
* and for the list of algorithms in GCRY_MD_HD.
*/
struct md_digest_list_s {
struct md_digest_list_s *next;
@ -146,7 +177,7 @@ load_digest_module( int req_algo )
* Map a string to the digest algo
*/
int
string_to_digest_algo( const char *string )
gcry_md_map_name( const char *string )
{
struct md_digest_list_s *r;
@ -162,7 +193,7 @@ string_to_digest_algo( const char *string )
/****************
* Map a digest algo to a string
*/
const char *
static const char *
digest_algo_to_string( int algo )
{
struct md_digest_list_s *r;
@ -175,8 +206,21 @@ digest_algo_to_string( int algo )
return NULL;
}
/****************
* This function simply returns the name of the algorithm or some constant
* string when there is no algo. It will never return NULL.
* Use the macro gcry_md_test_algo() to check whether the algorithm
* is valid.
*/
const char *
gcry_md_algo_name( int algo )
{
const char *s = digest_algo_to_string( algo );
return s? s: "?";
}
int
static int
check_digest_algo( int algo )
{
struct md_digest_list_s *r;
@ -196,37 +240,73 @@ check_digest_algo( int algo )
* More algorithms may be added by md_enable(). The initial algorithm
* may be 0.
*/
MD_HANDLE
static GCRY_MD_HD
md_open( int algo, int secure )
{
MD_HANDLE hd;
int bufsize;
GCRY_MD_HD hd;
struct gcry_md_context *ctx;
int bufsize = secure? 512 : 1024;
size_t n;
if( secure ) {
bufsize = 512 - sizeof( *hd );
hd = m_alloc_secure_clear( sizeof *hd + bufsize );
}
else {
bufsize = 1024 - sizeof( *hd );
hd = m_alloc_clear( sizeof *hd + bufsize );
}
/* Allocate a memory area to hold the caller visible buffer with it's
* control information and the data required by this module. Set the
* context pointer at the beginning to this area.
* We have to use this strange scheme because we want to hide the
* internal data but have a variable sized buffer.
*
* +---+------+---........------+-------------+
* !ctx! bctl ! buffer ! private !
* +---+------+---........------+-------------+
* ! ^
* !---------------------------!
*
* We have to make sture that private is well aligned.
*/
n = sizeof( struct gcry_md_handle ) + bufsize;
n = ((n + sizeof(PROPERLY_ALIGNED_TYPE)-1)
/ sizeof(PROPERLY_ALIGNED_TYPE) ) * sizeof(PROPERLY_ALIGNED_TYPE);
hd->bufsize = bufsize+1; /* hd has already one byte allocated */
hd->secure = secure;
if( algo )
md_enable( hd, algo );
fast_random_poll();
/* allocate and set the Context pointer to the private data */
hd = secure ? m_alloc_secure( n + sizeof( struct gcry_md_context ) )
: m_alloc( n + sizeof( struct gcry_md_context ) );
hd->ctx = ctx = (struct gcry_md_context*)( (char*)hd + n );
/* setup the globally visible data (bctl in the diagram)*/
hd->bufsize = n - sizeof( struct gcry_md_handle ) + 1;
hd->bufpos = 0;
/* initialize the private data */
memset( hd->ctx, 0, sizeof *hd->ctx );
ctx->magic = secure ? CTX_MAGIC_SECURE : CTX_MAGIC_NORMAL;
ctx->secure = secure;
fast_random_poll(); /* FIXME: should we really do that? */
if( algo && md_enable( hd, algo ) ) {
md_close( hd );
return NULL;
}
return hd;
}
void
md_enable( MD_HANDLE h, int algo )
GCRY_MD_HD
gcry_md_open( int algo, unsigned int flags )
{
GCRY_MD_HD hd;
/* fixme: check that algo is available and that only valid
* flag values are used */
hd = md_open( algo, (flags & GCRY_MD_FLAG_SECURE) );
return hd;
}
static int
md_enable( GCRY_MD_HD hd, int algo )
{
struct gcry_md_context *h = hd->ctx;
struct md_digest_list_s *r, *ac;
for( ac=h->list; ac; ac = ac->next )
if( ac->algo == algo )
return ; /* already enabled */
return 0; /* already enabled */
/* find the algorithm */
do {
for(r = digest_list; r; r = r->next )
@ -234,8 +314,8 @@ md_enable( MD_HANDLE h, int algo )
break;
} while( !r && load_digest_module( algo ) );
if( !r ) {
log_error("md_enable: algorithm %d not available\n", algo );
return;
log_debug("md_enable: algorithm %d not available\n", algo );
return set_lasterr( GCRYERR_INV_ALGO );
}
/* and allocate a new list entry */
ac = h->secure? m_alloc_secure( sizeof *ac + r->contextsize
@ -247,20 +327,37 @@ md_enable( MD_HANDLE h, int algo )
h->list = ac;
/* and init this instance */
(*ac->init)( &ac->context.c );
return 0;
}
MD_HANDLE
md_copy( MD_HANDLE a )
int
gcry_md_enable( GCRY_MD_HD hd, int algo )
{
MD_HANDLE b;
struct md_digest_list_s *ar, *br;
return md_enable( hd, algo );
}
if( a->bufcount )
md_write( a, NULL, 0 );
b = a->secure ? m_alloc_secure( sizeof *b + a->bufsize - 1 )
: m_alloc( sizeof *b + a->bufsize - 1 );
memcpy( b, a, sizeof *a + a->bufsize - 1 );
static GCRY_MD_HD
md_copy( GCRY_MD_HD ahd )
{
struct gcry_md_context *a = ahd->ctx;
struct gcry_md_context *b;
GCRY_MD_HD bhd;
struct md_digest_list_s *ar, *br;
size_t n;
if( ahd->bufpos )
md_write( ahd, NULL, 0 );
n = (char*)ahd->ctx - (char*)ahd;
bhd = a->secure ? m_alloc_secure( n + sizeof( struct gcry_md_context ) )
: m_alloc( n + sizeof( struct gcry_md_context ) );
bhd->ctx = b = (struct gcry_md_context*)( (char*)bhd + n );
/* no need to copy the buffer due to the write above */
assert( ahd->bufsize == (n - sizeof( struct gcry_md_handle ) + 1) );
bhd->bufsize = ahd->bufsize;
bhd->bufpos = 0; assert( !ahd->bufpos );
memcpy( b, a, sizeof *a );
b->list = NULL;
b->debug = NULL;
/* and now copy the complete list of algorithms */
@ -277,38 +374,43 @@ md_copy( MD_HANDLE a )
}
if( a->debug )
md_start_debug( b, "unknown" );
return b;
md_start_debug( bhd, "unknown" );
return bhd;
}
GCRY_MD_HD
gcry_md_copy( GCRY_MD_HD hd )
{
return md_copy( hd );
}
/****************
* Reset all contexts and discard any buffered stuff. This may be used
* instead of a md_close(); md_open().
*/
void
md_reset( MD_HANDLE a )
gcry_md_reset( GCRY_MD_HD a )
{
struct md_digest_list_s *r;
a->bufcount = 0;
for( r=a->list; r; r = r->next ) {
a->bufpos = a->ctx->finalized = 0;
for( r=a->ctx->list; r; r = r->next ) {
memset( r->context.c, 0, r->contextsize );
(*r->init)( &r->context.c );
}
}
void
md_close(MD_HANDLE a)
static void
md_close(GCRY_MD_HD a)
{
struct md_digest_list_s *r, *r2;
if( !a )
return;
if( a->debug )
if( a->ctx->debug )
md_stop_debug(a);
for(r=a->list; r; r = r2 ) {
for(r=a->ctx->list; r; r = r2 ) {
r2 = r->next;
m_free(r);
}
@ -317,60 +419,86 @@ md_close(MD_HANDLE a)
void
md_write( MD_HANDLE a, byte *inbuf, size_t inlen)
gcry_md_close( GCRY_MD_HD hd )
{
md_close( hd );
}
static void
md_write( GCRY_MD_HD a, byte *inbuf, size_t inlen)
{
struct md_digest_list_s *r;
if( a->debug ) {
if( a->bufcount && fwrite(a->buffer, a->bufcount, 1, a->debug ) != 1 )
if( a->ctx->debug ) {
if( a->bufpos && fwrite(a->buf, a->bufpos, 1, a->ctx->debug ) != 1 )
BUG();
if( inlen && fwrite(inbuf, inlen, 1, a->debug ) != 1 )
if( inlen && fwrite(inbuf, inlen, 1, a->ctx->debug ) != 1 )
BUG();
}
for(r=a->list; r; r = r->next ) {
(*r->write)( &r->context.c, a->buffer, a->bufcount );
for(r=a->ctx->list; r; r = r->next ) {
if( a->bufpos )
(*r->write)( &r->context.c, a->buf, a->bufpos );
(*r->write)( &r->context.c, inbuf, inlen );
}
a->bufcount = 0;
a->bufpos = 0;
}
void
gcry_md_write( GCRY_MD_HD hd, const byte *inbuf, size_t inlen)
{
md_write( hd, (byte*)inbuf, inlen );
}
void
md_final(MD_HANDLE a)
static void
md_final(GCRY_MD_HD a)
{
struct md_digest_list_s *r;
if( a->finalized )
if( a->ctx->finalized )
return;
if( a->bufcount )
if( a->bufpos )
md_write( a, NULL, 0 );
for(r=a->list; r; r = r->next ) {
for(r=a->ctx->list; r; r = r->next ) {
(*r->final)( &r->context.c );
}
a->finalized = 1;
a->ctx->finalized = 1;
}
int
gcry_md_ctl( GCRY_MD_HD hd, int cmd, byte *buffer, size_t buflen)
{
if( cmd == GCRYCTL_FINALIZE )
md_final( hd );
else
return GCRYERR_INV_OP;
return 0;
}
/****************
* if ALGO is null get the digest for the used algo (which should be only one)
*/
byte *
md_read( MD_HANDLE a, int algo )
static byte *
md_read( GCRY_MD_HD a, int algo )
{
struct md_digest_list_s *r;
if( !algo ) { /* return the first algorithm */
if( (r=a->list) ) {
if( (r=a->ctx->list) ) {
if( r->next )
log_debug("more than algorithm in md_read(0)\n");
return (*r->read)( &r->context.c );
}
}
else {
for(r=a->list; r; r = r->next )
for(r=a->ctx->list; r; r = r->next )
if( r->algo == algo )
return (*r->read)( &r->context.c );
}
@ -378,6 +506,17 @@ md_read( MD_HANDLE a, int algo )
return NULL;
}
/****************
* Read out the complete digest, this function implictly finalizes
* the hash.
*/
byte *
gcry_md_read( GCRY_MD_HD hd, int algo )
{
gcry_md_ctl( hd, GCRYCTL_FINALIZE, NULL, 0 );
return md_read( hd, algo);
}
/****************
* This function combines md_final and md_read but keeps the context
@ -388,22 +527,23 @@ md_read( MD_HANDLE a, int algo )
* hold the complete digest, the buffer is filled with as many bytes are
* possible and this value is returned.
*/
int
md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen )
#if 0
static int
md_digest( GCRY_MD_HD a, int algo, byte *buffer, int buflen )
{
struct md_digest_list_s *r = NULL;
char *context;
char *digest;
if( a->bufcount )
if( a->bufpos )
md_write( a, NULL, 0 );
if( !algo ) { /* return digest for the first algorithm */
if( (r=a->list) && r->next )
if( (r=a->ctx->list) && r->next )
log_debug("more than algorithm in md_digest(0)\n");
}
else {
for(r=a->list; r; r = r->next )
for(r=a->ctx->list; r; r = r->next )
if( r->algo == algo )
break;
}
@ -414,9 +554,9 @@ md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen )
return r->mdlen;
/* I don't want to change the interface, so I simply work on a copy
* the context (extra overhead - should be fixed)*/
context = a->secure ? m_alloc_secure( r->contextsize )
: m_alloc( r->contextsize );
* of the context (extra overhead - should be fixed)*/
context = a->ctx->secure ? m_alloc_secure( r->contextsize )
: m_alloc( r->contextsize );
memcpy( context, r->context.c, r->contextsize );
(*r->final)( context );
digest = (*r->read)( context );
@ -428,14 +568,26 @@ md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen )
m_free(context);
return buflen;
}
#endif
/****************
* Read out an intermediate digest.
*/
int
md_get_algo( MD_HANDLE a )
gcry_md_get( GCRY_MD_HD hd, int algo, byte *buffer, int buflen )
{
/*md_digest ... */
return GCRYERR_INTERNAL;
}
static int
md_get_algo( GCRY_MD_HD a )
{
struct md_digest_list_s *r;
if( (r=a->list) ) {
if( (r=a->ctx->list) ) {
if( r->next )
log_error("WARNING: more than algorithm in md_get_algo()\n");
return r->algo;
@ -443,10 +595,18 @@ md_get_algo( MD_HANDLE a )
return 0;
}
int
gcry_md_get_algo( GCRY_MD_HD hd )
{
return md_get_algo( hd ); /* fixme: we need error handling */
}
/****************
* Return the length of the digest
*/
int
static int
md_digest_length( int algo )
{
struct md_digest_list_s *r;
@ -457,14 +617,35 @@ md_digest_length( int algo )
return r->mdlen;
}
} while( !r && load_digest_module( algo ) );
log_error("WARNING: no length for md algo %d\n", algo);
return 0;
}
/****************
* Return the length of the digest in bytes.
* This function will return 0 in case of errors.
*/
unsigned int
gcry_md_get_algo_dlen( int algo )
{
/* we do some very quick checks here */
switch( algo )
{
case GCRY_MD_MD5: return 16;
case GCRY_MD_SHA1:
case GCRY_MD_RMD160: return 20;
default: {
int len = md_digest_length( algo );
if( !len )
set_lasterr( GCRYERR_INV_ALGO );
return 0;
}
}
}
/* Hmmm: add a mode to enumerate the OIDs
* to make g10/sig-check.c more portable */
const byte *
static const byte *
md_asn_oid( int algo, size_t *asnlen, size_t *mdlen )
{
struct md_digest_list_s *r;
@ -485,31 +666,92 @@ md_asn_oid( int algo, size_t *asnlen, size_t *mdlen )
}
/****************
* Return information about the given cipher algorithm
* WHAT select the kind of information returned:
* GCRYCTL_TEST_ALGO:
* Returns 0 when the specified algorithm is available for use.
* buffer and nbytes must be zero.
* GCRYCTL_GET_ASNOID:
* Return the ASNOID of the algorithm in buffer. if buffer is NULL, only
* the required length is returned.
*
* On error the value -1 is returned and the error reason may be
* retrieved by gcry_errno().
* Note: Because this function is in most caes used to return an
* integer value, we can make it easier for the caller to just look at
* the return value. The caller will in all cases consult the value
* and thereby detecting whether a error occured or not (i.e. while checking
* the block size)
*/
int
gcry_md_algo_info( int algo, int what, void *buffer, size_t *nbytes)
{
switch( what ) {
case GCRYCTL_TEST_ALGO:
if( buffer || nbytes ) {
set_lasterr( GCRYERR_INV_ARG );
return -1;
}
if( check_digest_algo( algo ) ) {
set_lasterr( GCRYERR_INV_ALGO );
return -1;
}
break;
case GCRYCTL_GET_ASNOID: {
size_t asnlen;
const char *asn = md_asn_oid( algo, &asnlen, NULL );
if( buffer && *nbytes >= asnlen ) {
memcpy( buffer, asn, asnlen );
*nbytes = asnlen;
return 0;
}
if( !buffer && nbytes ) {
*nbytes = asnlen;
return 0;
}
set_lasterr( buffer ? GCRYERR_TOO_SHORT : GCRYERR_INV_ARG );
return -1;
}
break;
default:
set_lasterr( GCRYERR_INV_OP );
return -1;
}
return 0;
}
void
md_start_debug( MD_HANDLE md, const char *suffix )
md_start_debug( GCRY_MD_HD md, const char *suffix )
{
static int idx=0;
char buf[25];
if( md->debug ) {
if( md->ctx->debug ) {
log_debug("Oops: md debug already started\n");
return;
}
idx++;
sprintf(buf, "dbgmd-%05d.%.10s", idx, suffix );
md->debug = fopen(buf, "w");
if( !md->debug )
md->ctx->debug = fopen(buf, "w");
if( !md->ctx->debug )
log_debug("md debug: can't open %s\n", buf );
}
void
md_stop_debug( MD_HANDLE md )
md_stop_debug( GCRY_MD_HD md )
{
if( md->debug ) {
if( md->bufcount )
if( md->ctx->debug ) {
if( md->bufpos )
md_write( md, NULL, 0 );
fclose(md->debug);
md->debug = NULL;
fclose(md->ctx->debug);
md->ctx->debug = NULL;
}
#ifdef HAVE_U64_TYPEDEF
{ /* a kludge to pull in the __muldi3 for Solaris */
@ -521,3 +763,25 @@ md_stop_debug( MD_HANDLE md )
#endif
}
/****************
* Return information about the digest handle.
* GCRYCTL_IS_SECURE:
* Returns 1 when the handle works on secured memory
* otherwise 0 is returned. There is no error return.
*/
int
gcry_md_info( GCRY_MD_HD h, int cmd, void *buffer, size_t *nbytes)
{
switch( cmd ) {
case GCRYCTL_IS_SECURE:
return h->ctx->secure;
default:
set_lasterr( GCRYERR_INV_OP );
return -1;
}
return 0;
}

83
cipher/pubkey.c
View File

@ -1,5 +1,5 @@
/* pubkey.c - pubkey dispatcher
* Copyright (C) 1998 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -24,6 +24,8 @@
#include <string.h>
#include <errno.h>
#include <assert.h>
#include "g10lib.h"
#include "util.h"
#include "errors.h"
#include "mpi.h"
@ -236,7 +238,7 @@ load_pubkey_modules(void)
* Map a string to the pubkey algo
*/
int
string_to_pubkey_algo( const char *string )
gcry_pk_map_name( const char *string )
{
int i;
const char *s;
@ -254,7 +256,7 @@ string_to_pubkey_algo( const char *string )
* Map a pubkey algo to a string
*/
const char *
pubkey_algo_to_string( int algo )
gcry_pk_algo_name( int algo )
{
int i;
@ -565,3 +567,78 @@ pubkey_verify( int algo, MPI hash, MPI *data, MPI *pkey,
return rc;
}
int
gcry_pk_encrypt( GCRY_SEXP *result, GCRY_SEXP data, GCRY_SEXP pkey )
{
/* ... */
return 0;
}
int
gcry_pk_decrypt( GCRY_SEXP *result, GCRY_SEXP data, GCRY_SEXP skey )
{
/* ... */
return 0;
}
int
gcry_pk_sign( GCRY_SEXP *result, GCRY_SEXP data, GCRY_SEXP skey )
{
GCRY_SEXP s;
/* get the secret key */
s = NULL; /*gcry_sexp_find_token( skey, "private-key", 0 );*/
if( !s )
return -1; /* no private key */
/* ... */
return 0;
}
int
gcry_pk_verify( GCRY_SEXP *result, GCRY_SEXP data, GCRY_SEXP pkey )
{
/* ... */
return 0;
}
/****************
* Return information about the given algorithm
* WHAT select the kind of information returned:
* GCRYCTL_TEST_ALGO:
* Returns 0 when the specified algorithm is available for use.
* buffer and nbytes must be zero.
*
* On error the value -1 is returned and the error reason may be
* retrieved by gcry_errno().
* Note: Because this function is in most caes used to return an
* integer value, we can make it easier for the caller to just look at
* the return value. The caller will in all cases consult the value
* and thereby detecting whether a error occured or not (i.e. while checking
* the block size)
*/
int
gcry_pk_algo_info( int algo, int what, void *buffer, size_t *nbytes)
{
switch( what ) {
case GCRYCTL_TEST_ALGO:
if( buffer || nbytes ) {
set_lasterr( GCRYERR_INV_ARG );
return -1;
}
if( check_pubkey_algo( algo ) ) {
set_lasterr( GCRYERR_INV_ALGO );
return -1;
}
break;
default:
set_lasterr( GCRYERR_INV_OP );
return -1;
}
return 0;
}

20
configure.in
View File

@ -109,22 +109,9 @@ dnl Check wether we want to compile libgcrypt
dnl
AC_MSG_CHECKING([whether compilation of libgcrypt is requested])
AC_ARG_ENABLE(libgcrypt,
[ --enable-libgcrypt compile the libgcrypt [default=no]],
[ --enable-libgcrypt compile the libgcrypt [default=yes]],
[compile_libgcrypt="$enableval"],[compile_libgcrypt=no])
AC_MSG_RESULT($compile_libgcrypt)
if test x$compile_libgcrypt = xyes ; then
if test -f $srcdir/gcrypt/gcrypt.h; then
:
else
compile_libgcrypt=no
AC_MSG_WARN([[
***
*** LIBGCRYPT is not yet ready for public testing.
*** Maybe you have more luck with the next release of GnuPG
*** Watch the gnupg-announce mailing list or the webpage.
***]])
fi
fi
AM_CONDITIONAL(COMPILE_LIBGCRYPT, test x$compile_libgcrypt = xyes)
@ -680,10 +667,13 @@ AC_SUBST(ZLIBS)
changequote(,)dnl
tmp_pat='[a-zA-Z]'
changequote([,])dnl
if echo "$VERSION" | grep $tmp_pat >/dev/null ; then
if echo "$VERSION" | grep "$tmp_pat" >/dev/null ; then
AC_DEFINE(IS_DEVELOPMENT_VERSION)
fi
dnl Temp workaround:
GNUPG_LINK_FILES(gcrypt/gcrypt.h, gcrypt.h )
AM_CONDITIONAL(CROSS_COMPILING, test x$cross_compiling = xyes)
GNUPG_DO_LINK_FILES

36
doc/ChangeLog Normal file
View File

@ -0,0 +1,36 @@
Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
* Makefile.am (SUBDIRS): Removed gph from this development series
Mon Sep 6 19:59:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* Makefile.am (SUBDIRS): New subdir gph for the manual.
Thu Jul 22 20:03:03 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* gpg.sgml (--always-trust): Added.
Wed Jul 14 19:42:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* Makefile.am: Create a dummy man page if docbook-to-man is missing.
Wed Jun 16 20:16:21 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* gpg1.pod: Removed.
* gpg.sgml: New. Replaces the pod file
* Makefile.am: Add rule to make a man file from sgml
Tue Jun 15 12:21:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* Makefile.in.in: Use DESTDIR.
Mon May 31 19:41:10 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* gpg.1pod: Enhanced the Bugs section (Michael).
Wed Feb 10 17:15:39 CET 1999 Werner Koch <wk@isil.d.shuttle.de>
* gpg.1pod: Spelling and grammar corrections (John A. Martin)
* FAQ: Ditto.
* DETAILS: Ditto.

8
doc/DETAILS
View File

@ -181,6 +181,14 @@ more arguments in future versions.
<n_uids> <n_subk> <n_sigs> <n_revoc> <sec_read> <sec_imported> <sec_dups>
Final statistics on import process (this is one long line)
FILE_START <what> <filename>
Start processing a file <filename>. <what> indicates the performed
operation:
1 - verify
FILE_DONE
Marks the end of a file processing which has been started
by FILE_START.
Key generation

2
doc/Makefile.am
View File

@ -1,6 +1,6 @@
## Process this file with automake to create Makefile.in
SUBDIRS = gph
##SUBDIRS = gph
EXTRA_DIST = DETAILS gpg.sgml gpg.1 FAQ HACKING OpenPGP

2
doc/gpg.sgml
View File

@ -260,7 +260,7 @@ only in the local environment.</para></listitem></varlistentry>
<term>revsig</term>
<listitem><para>
Revoke a signature. GnuPG asks for every
every signature which has been done by one of
signature which has been done by one of
the secret keys, whether a revocation
certificate should be generated.</para></listitem></varlistentry>
<varlistentry>

52
g10/ChangeLog
View File

@ -1,5 +1,55 @@
Sat Sep 18 12:16:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
* misc.c (openpgp_cipher_test_algo): New.
(openpgp_pk_test_algo): New.
(openpgp_md_test_algo): New.
* g10.c (build_list): Changed to use the new functions from libgcrypt.
* ringedit.c (enum_keyblocks): Set .rt to 0 on open.
* encode.c (encode_simple): Use new CTB when we don't have the
length of the file. This is somewhat strange as the comment above
indicates that this part is actually fixed for PGP 5 - maybe I simply
lost the source line, tsss.
* sign.c (clearsign_file): Avoid duplicated Entries in the "Hash:"
line. Those headers are now only _not_ printed when there are
only old-style keys _and_ all hashs are MD5.
(clearsign_file): Use gcry_md_test_algo() and gcry_md_algo_name().
* openfile.c (make_outfile_name): Use case-insenstive compare for
DOS systems. Add ".pgp" to the list of know extensions.
(open_outfile): For DOS systems try to replace the suffix instead of
appending it.
* encr-data.c (decrypt_data): Reset error on a weak key.
* cipher.c: Replaced the cipher and digest functions by the gcry_ ones.
* seckey-cert.c: Ditto.
* seskey.c: Ditto.
* g10.c (print_mds): Replaced digst functions with the new gcry_ ones.
* keyid.c: Ditto.
* mainproc.c: Ditto.
* passphrase.c: Ditto.
* sig-check.c: Ditto.
* sign.c: Ditto.
* pkclist.c (do_edit_ownertrust): Made the answer string const.
* basicdefs.h: New. Move some defs and decl to this header.
* openfile.c (open_outfile): Fixed the 8dot3 handling.
* passphrase.c (passphrase_to_dek): Print uid using utf8 func.
* delkey.c (delete_key): Ditto.
* pkclist.c (show_paths,do_edit_ownertrust,do_we_trust): Ditto
(do_we_trust_pre): Ditto.
* trustdb.c (print_user_id,check_uidsigs): Ditto.
* revoke.c (gen_revoke,ask_revoke_sig): Ditto.
Sat Sep 18 12:16:08 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* filter.h: Changed cipher handle types to the the GCRY_xxx ones.
replaces include cipher by system header include gcrypt.h.

3
g10/Makefile.am
View File

@ -4,7 +4,8 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
EXTRA_DIST = OPTIONS pubring.asc options.skel
OMIT_DEPENDENCIES = zlib.h zconf.h
LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@
needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la
needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la \
../gcrypt/libgcrypt.la
#noinst_PROGRAMS = gpgd
bin_PROGRAMS = gpg

10
g10/build-packet.c
View File

@ -242,7 +242,7 @@ do_public_key( IOBUF out, int ctb, PKT_public_key *pk )
* Make a hash value from the public key certificate
*/
void
hash_public_key( MD_HANDLE md, PKT_public_key *pk )
hash_public_key( GCRY_MD_HD md, PKT_public_key *pk )
{
PACKET pkt;
int rc = 0;
@ -293,10 +293,10 @@ hash_public_key( MD_HANDLE md, PKT_public_key *pk )
}
}
/* hash a header */
md_putc( md, 0x99 );
gcry_md_putc( md, 0x99 );
pktlen &= 0xffff; /* can't handle longer packets */
md_putc( md, pktlen >> 8 );
md_putc( md, pktlen & 0xff );
gcry_md_putc( md, pktlen >> 8 );
gcry_md_putc( md, pktlen & 0xff );
}
/* hash the packet body */
while( (c=iobuf_get(a)) != -1 ) {
@ -307,7 +307,7 @@ hash_public_key( MD_HANDLE md, PKT_public_key *pk )
i=0;
}
#endif
md_putc( md, c );
gcry_md_putc( md, c );
}
#if 0
putc('\n', fp);

18
g10/cipher.c
View File

@ -25,6 +25,7 @@
#include <errno.h>
#include <assert.h>
#include <gcrypt.h>
#include "errors.h"
#include "iobuf.h"
#include "memory.h"
@ -55,6 +56,8 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
if( use_mdc ) {
ed.mdc_method = DIGEST_ALGO_SHA1;
cfx->mdc_hash = gcry_md_open( DIGEST_ALGO_SHA1, 0 );
/*should we check the function works, or is it better to provide
a flag which makes the function die itself ?? FIXME */
/*md_start_debug( cfx->mdc_hash, "mdccreat" );*/
}
init_packet( &pkt );
@ -70,13 +73,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
temp[nprefix] = temp[nprefix-2];
temp[nprefix+1] = temp[nprefix-1];
print_cipher_algo_note( cfx->dek->algo );
if( gcry_cipher_open( &cfx->cipher_hd,
cfx->dek->algo,
CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (cfy->dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) )
) {
if( !(cfx->cipher_hd = gcry_cipher_open( cfx->dek->algo,
GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (cfx->dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC)))
) {
/* we should never get an error here cause we already checked, that
* the algorithm is available. */
BUG();
@ -91,7 +93,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
/* log_hexdump( "prefix", temp, nprefix+2 ); */
if( cfx->mdc_hash )
gcry_md_write( cfx->mdc_hash, temp, nprefix+2 );
rc = cipher_encrypt( cfx->cipher_hd, temp, nprefix+2, NULL, 0 );
rc = gcry_cipher_encrypt( cfx->cipher_hd, temp, nprefix+2, NULL, 0 );
if( !rc )
rc = gcry_cipher_sync( cfx->cipher_hd );
if( rc )

2
g10/delkey.c
View File

@ -124,7 +124,7 @@ delete_key( const char *username, int secret )
pubkey_letter( pk->pubkey_algo ),
keyid[1], datestr_from_pk(pk) );
p = get_user_id( keyid, &n );
tty_print_string( p, n );
tty_print_utf8_string( p, n );
m_free(p);
tty_printf("\n\n");

5
g10/encode.c
View File

@ -177,6 +177,7 @@ encode_simple( const char *filename, int mode )
pt->timestamp = make_timestamp();
pt->mode = opt.textmode? 't' : 'b';
pt->len = filesize;
pt->new_ctb = !pt->len && !opt.rfc1991;
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
@ -480,8 +481,8 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
if( opt.verbose ) {
char *ustr = get_user_id_string( enc->keyid );
log_info(_("%s/%s encrypted for: %s\n"),
pubkey_algo_to_string(enc->pubkey_algo),
cipher_algo_to_string(dek->algo), ustr );
gcry_pk_algo_name(enc->pubkey_algo),
gcry_cipher_algo_name(dek->algo), ustr );
m_free(ustr);
}
/* and write it */

61
g10/encr-data.c
View File

@ -56,7 +56,6 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
decode_filter_ctx_t dfx;
byte *p;
int rc=0, c, i;
int algo_okay;
byte temp[32];
int blocksize;
unsigned nprefix;
@ -71,27 +70,45 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
if( opt.verbose )
log_info(_("%s encrypted data\n"), gcry_cipher_algo_name( dek->algo ) );
blocksize = gcry_cipher_get_blklen( dek->algo );
blocksize = gcry_cipher_get_algo_blklen( dek->algo );
if( blocksize < 1 || blocksize > 16 )
log_fatal("unsupported blocksize %u\n", blocksize );
nprefix = blocksize;
if( ed->len && ed->len < (nprefix+2) )
BUG();
--> We are currently working HERE!!!!
if( ed->mdc_method )
dfx.mdc_hash = md_open( ed->mdc_method, 0 );
dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
if( ed->mdc_method ) {
dfx.mdc_hash = gcry_md_open( ed->mdc_method, 0 );
if( !dfx.mdc_hash )
BUG();
}
if( !(dfx.cipher_hd = gcry_cipher_open( dek->algo,
GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) ))
) {
/* we should never get an error here cause we already checked, that
* the algorithm is available. What about a flag to let the function
* die in this case? */
BUG();
}
/* log_hexdump( "thekey", dek->key, dek->keylen );*/
rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
if( rc == G10ERR_WEAK_KEY )
rc = gcry_cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
if( rc == GCRYERR_WEAK_KEY ) {
log_info(_("WARNING: message was encrypted with "
"a weak key in the symmetric cipher.\n"));
rc = 0;
}
else if( rc ) {
log_error("key setup failed: %s\n", g10_errstr(rc) );
log_error("key setup failed: %s\n", gcry_strerror(rc) );
rc = map_gcry_rc(rc);
goto leave;
}
cipher_setiv( dfx.cipher_hd, NULL, 0 );
gcry_cipher_setiv( dfx.cipher_hd, NULL, 0 );
if( ed->len ) {
for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) {
@ -108,10 +125,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
else
temp[i] = c;
}
cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2);
gcry_cipher_decrypt( dfx.cipher_hd, temp, nprefix+2, NULL, 0 );
if( dfx.mdc_hash )
md_write( dfx.mdc_hash, temp, nprefix+2 );
cipher_sync( dfx.cipher_hd );
gcry_md_write( dfx.mdc_hash, temp, nprefix+2 );
gcry_cipher_sync( dfx.cipher_hd );
p = temp;
/* log_hexdump( "prefix", temp, nprefix+2 ); */
if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
@ -127,20 +144,20 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
if( ed->mdc_method && dfx.eof_seen == 2 )
rc = G10ERR_INVALID_PACKET;
else if( ed->mdc_method ) { /* check the mdc */
int datalen = md_digest_length( ed->mdc_method );
md_final( dfx.mdc_hash );
int datalen = gcry_md_get_algo_dlen( ed->mdc_method );
if( datalen != 20
|| memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) )
|| memcmp(gcry_md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) )
rc = G10ERR_BAD_SIGN;
log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);
log_hexdump("MDC calculated:", gcry_md_read( dfx.mdc_hash, 0), datalen);
log_hexdump("MDC message :", dfx.defer, 20);
}
leave:
cipher_close(dfx.cipher_hd);
md_close( dfx.mdc_hash );
gcry_cipher_close(dfx.cipher_hd);
gcry_md_close( dfx.mdc_hash );
return rc;
}
/* I think we should merge this with cipher_filter */
static int
mdc_decode_filter( void *opaque, int control, IOBUF a,
@ -198,8 +215,8 @@ mdc_decode_filter( void *opaque, int control, IOBUF a,
}
if( n ) {
cipher_decrypt( dfx->cipher_hd, buf, buf, n);
md_write( dfx->mdc_hash, buf, n );
gcry_cipher_decrypt( dfx->cipher_hd, buf, n, NULL, 0);
gcry_md_write( dfx->mdc_hash, buf, n );
}
else {
assert( dfx->eof_seen );
@ -225,7 +242,7 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
n = iobuf_read( a, buf, size );
if( n == -1 ) n = 0;
if( n )
cipher_decrypt( fc->cipher_hd, buf, buf, n);
gcry_cipher_decrypt( fc->cipher_hd, buf, n, NULL, 0);
else
rc = -1; /* eof */
*ret_len = n;

11
g10/filter.h
View File

@ -22,7 +22,9 @@
#include <gcrypt.h>
#include "types.h"
#include "basicdefs.h"
typedef struct {
GCRY_MD_HD md; /* catch all */
@ -83,6 +85,13 @@ typedef struct {
} cipher_filter_context_t;
typedef struct {
int header_okay;
PK_LIST pk_list;
cipher_filter_context_t cfx;
} encrypt_filter_context_t;
typedef struct {
byte *buffer; /* malloced buffer */

95
g10/g10.c
View File

@ -26,6 +26,7 @@
#include <ctype.h>
#include <unistd.h>
#include <gcrypt.h>
#include "packet.h"
#include "iobuf.h"
@ -36,7 +37,6 @@
#include "keydb.h"
#include "trustdb.h"
#include "mpi.h"
#include "cipher.h"
#include "filter.h"
#include "ttyio.h"
#include "i18n.h"
@ -353,8 +353,8 @@ int g10_errors_seen = 0;
static int utf8_strings = 0;
static int maybe_setuid = 1;
static char *build_list( const char *text,
const char *(*mapf)(int), int (*chkf)(int) );
static char *build_list( const char *text, const char * (*mapf)(int),
int (*chkf)(int) );
static void set_cmd( enum cmd_and_opt_values *ret_cmd,
enum cmd_and_opt_values new_cmd );
static void print_hex( byte *p, size_t n );
@ -388,20 +388,20 @@ strusage( int level )
case 31: p = _("\nSupported algorithms:\n"); break;
case 32:
if( !ciphers )
ciphers = build_list("Cipher: ", cipher_algo_to_string,
check_cipher_algo );
ciphers = build_list("Cipher: ", gcry_cipher_algo_name,
openpgp_cipher_test_algo );
p = ciphers;
break;
case 33:
if( !pubkeys )
pubkeys = build_list("Pubkey: ", pubkey_algo_to_string,
check_pubkey_algo );
pubkeys = build_list("Pubkey: ", gcry_pk_algo_name,
openpgp_pk_test_algo );
p = pubkeys;
break;
case 34:
if( !digests )
digests = build_list("Hash: ", digest_algo_to_string,
check_digest_algo );
digests = build_list("Hash: ", gcry_md_algo_name,
openpgp_md_test_algo );
p = digests;
break;
@ -415,7 +415,6 @@ static char *
build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) )
{
int i;
const char *s;
size_t n=strlen(text)+2;
char *list, *p;
@ -423,16 +422,16 @@ build_list( const char *text, const char * (*mapf)(int), int (*chkf)(int) )
secmem_init( 0 ); /* drop setuid */
for(i=1; i < 110; i++ )
if( !chkf(i) && (s=mapf(i)) )
n += strlen(s) + 2;
if( !chkf(i) )
n += strlen(mapf(i)) + 2;
list = m_alloc( 21 + n ); *list = 0;
for(p=NULL, i=1; i < 110; i++ ) {
if( !chkf(i) && (s=mapf(i)) ) {
if( !chkf(i) ) {
if( !p )
p = stpcpy( list, text );
else
p = stpcpy( p, ", ");
p = stpcpy(p, s );
p = stpcpy(p, mapf(i) );
}
}
if( p )
@ -577,8 +576,8 @@ main( int argc, char **argv )
opt.def_digest_algo = 0;
opt.def_compress_algo = 2;
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = DIGEST_ALGO_RMD160;
opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
opt.s2k_digest_algo = GCRY_MD_RMD160;
opt.s2k_cipher_algo = GCRY_CIPHER_BLOWFISH;
opt.completes_needed = 1;
opt.marginals_needed = 3;
opt.max_cert_depth = 5;
@ -798,8 +797,8 @@ main( int argc, char **argv )
opt.def_digest_algo = 0;
opt.def_compress_algo = 2;
opt.s2k_mode = 3; /* iterated+salted */
opt.s2k_digest_algo = DIGEST_ALGO_RMD160;
opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
opt.s2k_digest_algo = GCRY_MD_RMD160;
opt.s2k_cipher_algo = GCRY_CIPHER_BLOWFISH;
break;
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
case oCompressSigs: opt.compress_sigs = 1; break;
@ -853,11 +852,14 @@ main( int argc, char **argv )
case oNotation: add_notation_data( pargs.r.ret_str ); break;
case oUtf8Strings: utf8_strings = 1; break;
case oNoUtf8Strings: utf8_strings = 0; break;
case oDisableCipherAlgo:
disable_cipher_algo( string_to_cipher_algo(pargs.r.ret_str) );
case oDisableCipherAlgo: {
int algo = gcry_cipher_map_name(pargs.r.ret_str);
gcry_cipher_ctl( NULL, GCRYCTL_DISABLE_ALGO,
&algo, sizeof algo );
}
break;
case oDisablePubkeyAlgo:
disable_pubkey_algo( string_to_pubkey_algo(pargs.r.ret_str) );
disable_pubkey_algo( gcry_pk_map_name(pargs.r.ret_str) );
break;
case oAllowNonSelfsignedUID:
opt.allow_non_selfsigned_uid = 1;
@ -927,27 +929,27 @@ main( int argc, char **argv )
/* must do this after dropping setuid, because string_to...
* may try to load an module */
if( def_cipher_string ) {
opt.def_cipher_algo = string_to_cipher_algo(def_cipher_string);
opt.def_cipher_algo = gcry_cipher_map_name(def_cipher_string);
m_free(def_cipher_string); def_cipher_string = NULL;
if( check_cipher_algo(opt.def_cipher_algo) )
if( openpgp_cipher_test_algo(opt.def_cipher_algo) )
log_error(_("selected cipher algorithm is invalid\n"));
}
if( def_digest_string ) {
opt.def_digest_algo = string_to_digest_algo(def_digest_string);
opt.def_digest_algo = gcry_md_map_name(def_digest_string);
m_free(def_digest_string); def_digest_string = NULL;
if( check_digest_algo(opt.def_digest_algo) )
if( openpgp_md_test_algo(opt.def_digest_algo) )
log_error(_("selected digest algorithm is invalid\n"));
}
if( s2k_cipher_string ) {
opt.s2k_cipher_algo = string_to_cipher_algo(s2k_cipher_string);
opt.s2k_cipher_algo = gcry_cipher_map_name(s2k_cipher_string);
m_free(s2k_cipher_string); s2k_cipher_string = NULL;
if( check_cipher_algo(opt.s2k_cipher_algo) )
if( openpgp_cipher_test_algo(opt.s2k_cipher_algo) )
log_error(_("selected cipher algorithm is invalid\n"));
}
if( s2k_digest_string ) {
opt.s2k_digest_algo = string_to_digest_algo(s2k_digest_string);
opt.s2k_digest_algo = gcry_md_map_name(s2k_digest_string);
m_free(s2k_digest_string); s2k_digest_string = NULL;
if( check_digest_algo(opt.s2k_digest_algo) )
if( openpgp_md_test_algo(opt.s2k_digest_algo) )
log_error(_("selected digest algorithm is invalid\n"));
}
if( opt.set_policy_url ) {
@ -1330,7 +1332,7 @@ main( int argc, char **argv )
wrong_args("--print-md algo [files]");
{
int all_algos = (**argv=='*' && !(*argv)[1]);
int algo = all_algos? 0 : string_to_digest_algo(*argv);
int algo = all_algos? 0 : gcry_md_map_name(*argv);
if( !algo && !all_algos )
log_error(_("invalid hash algorithm `%s'\n"), *argv );
@ -1509,8 +1511,9 @@ print_mds( const char *fname, int algo )
FILE *fp;
char buf[1024];
size_t n;
MD_HANDLE md;
GCRY_MD_HD md;
char *pname;
int have_tiger = 0;
if( !fname ) {
fp = stdin;
@ -1527,43 +1530,41 @@ print_mds( const char *fname, int algo )
return;
}
md = md_open( 0, 0 );
md = gcry_md_open( 0, 0 );
if( algo )
md_enable( md, algo );
gcry_md_enable( md, algo );
else {
md_enable( md, DIGEST_ALGO_MD5 );
md_enable( md, DIGEST_ALGO_SHA1 );
md_enable( md, DIGEST_ALGO_RMD160 );
if( !check_digest_algo(DIGEST_ALGO_TIGER) )
md_enable( md, DIGEST_ALGO_TIGER );
gcry_md_enable( md, GCRY_MD_MD5 );
gcry_md_enable( md, GCRY_MD_SHA1 );
gcry_md_enable( md, GCRY_MD_RMD160 );
have_tiger = !gcry_md_enable( md, GCRY_MD_TIGER );
}
while( (n=fread( buf, 1, DIM(buf), fp )) )
md_write( md, buf, n );
gcry_md_write( md, buf, n );
if( ferror(fp) )
log_error("%s%s\n", pname, strerror(errno) );
else {
md_final(md);
if( algo ) {
if( fname )
fputs( pname, stdout );
print_hex(md_read(md, algo), md_digest_length(algo) );
print_hex( gcry_md_read(md, algo), gcry_md_get_algo_dlen(algo) );
}
else {
printf( "%s MD5 = ", fname?pname:"" );
print_hex(md_read(md, DIGEST_ALGO_MD5), 16 );
print_hex(gcry_md_read(md, GCRY_MD_MD5), 16 );
printf("\n%s SHA1 = ", fname?pname:"" );
print_hex(md_read(md, DIGEST_ALGO_SHA1), 20 );
print_hex(gcry_md_read(md, GCRY_MD_SHA1), 20 );
printf("\n%sRMD160 = ", fname?pname:"" );
print_hex(md_read(md, DIGEST_ALGO_RMD160), 20 );
if( !check_digest_algo(DIGEST_ALGO_TIGER) ) {
print_hex(gcry_md_read(md, GCRY_MD_RMD160), 20 );
if( have_tiger ) {
printf("\n%s TIGER = ", fname?pname:"" );
print_hex(md_read(md, DIGEST_ALGO_TIGER), 24 );
print_hex(gcry_md_read(md, GCRY_MD_TIGER), 24 );
}
}
putchar('\n');
}
md_close(md);
gcry_md_close(md);
if( fp != stdin )
fclose(fp);

5
g10/keydb.h
View File

@ -25,9 +25,8 @@
#include <gdbm.h>
#endif
#include "types.h"
#include "basicdefs.h"
#include "packet.h"
#include "cipher.h"
#define MAX_FINGERPRINT_LEN 20
@ -83,7 +82,6 @@ struct keyblock_pos_struct {
typedef struct keyblock_pos_struct KBPOS;
/* structure to hold a couple of public key certificates */
typedef struct pk_list *PK_LIST;
struct pk_list {
PK_LIST next;
PKT_public_key *pk;
@ -91,7 +89,6 @@ struct pk_list {
};
/* structure to hold a couple of secret key certificates */
typedef struct sk_list *SK_LIST;
struct sk_list {
SK_LIST next;
PKT_secret_key *sk;

4
g10/keygen.c
View File

@ -443,7 +443,7 @@ ask_keysize( int algo )
" minimum keysize is 768 bits\n"
" default keysize is 1024 bits\n"
" highest suggested keysize is 2048 bits\n"),
pubkey_algo_to_string(algo) );
gcry_pk_algo_name(algo) );
for(;;) {
answer = cpr_get("keygen.size",
_("What keysize do you want? (1024) "));
@ -686,7 +686,7 @@ ask_user_id( int mode )
tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
/* fixme: add a warning if this user-id already exists */
for(;;) {
char *ansstr = _("NnCcEeOoQq");
const char *ansstr = _("NnCcEeOoQq");
if( strlen(ansstr) != 10 )
BUG();

103
g10/keyid.c
View File

@ -25,6 +25,7 @@
#include <errno.h>
#include <time.h>
#include <assert.h>
#include <gcrypt.h>
#include "util.h"
#include "main.h"
#include "packet.h"
@ -48,10 +49,10 @@ pubkey_letter( int algo )
}
static MD_HANDLE
static GCRY_MD_HD
do_fingerprint_md( PKT_public_key *pk )
{
MD_HANDLE md;
GCRY_MD_HD md;
unsigned n;
unsigned nb[PUBKEY_MAX_NPKEY];
unsigned nn[PUBKEY_MAX_NPKEY];
@ -59,7 +60,9 @@ do_fingerprint_md( PKT_public_key *pk )
int i;
int npkey = pubkey_get_npkey( pk->pubkey_algo );
md = md_open( pk->version < 4 ? DIGEST_ALGO_RMD160 : DIGEST_ALGO_SHA1, 0);
md = gcry_md_open( pk->version < 4 ? GCRY_MD_RMD160 : GCRY_MD_SHA1, 0);
if( !md )
BUG();
n = pk->version < 4 ? 8 : 6;
for(i=0; i < npkey; i++ ) {
nb[i] = mpi_get_nbits(pk->pkey[i]);
@ -67,19 +70,19 @@ do_fingerprint_md( PKT_public_key *pk )
n += 2 + nn[i];
}
md_putc( md, 0x99 ); /* ctb */
md_putc( md, n >> 8 ); /* 2 byte length header */
md_putc( md, n );
gcry_md_putc( md, 0x99 ); /* ctb */
gcry_md_putc( md, n >> 8 ); /* 2 byte length header */
gcry_md_putc( md, n );
if( pk->version < 4 )
md_putc( md, 3 );
gcry_md_putc( md, 3 );
else
md_putc( md, 4 );
gcry_md_putc( md, 4 );
{ u32 a = pk->timestamp;
md_putc( md, a >> 24 );
md_putc( md, a >> 16 );
md_putc( md, a >> 8 );
md_putc( md, a );
gcry_md_putc( md, a >> 24 );
gcry_md_putc( md, a >> 16 );
gcry_md_putc( md, a >> 8 );
gcry_md_putc( md, a );
}
if( pk->version < 4 ) {
u16 a;
@ -88,22 +91,22 @@ do_fingerprint_md( PKT_public_key *pk )
a = (u16)((pk->expiredate - pk->timestamp) / 86400L);
else
a = 0;
md_putc( md, a >> 8 );
md_putc( md, a );
gcry_md_putc( md, a >> 8 );
gcry_md_putc( md, a );
}
md_putc( md, pk->pubkey_algo );
gcry_md_putc( md, pk->pubkey_algo );
for(i=0; i < npkey; i++ ) {
md_putc( md, nb[i]>>8);
md_putc( md, nb[i] );
md_write( md, pp[i], nn[i] );
gcry_md_putc( md, nb[i]>>8);
gcry_md_putc( md, nb[i] );
gcry_md_write( md, pp[i], nn[i] );
m_free(pp[i]);
}
md_final( md );
gcry_md_final( md );
return md;
}
static MD_HANDLE
static GCRY_MD_HD
do_fingerprint_md_sk( PKT_secret_key *sk )
{
PKT_public_key pk;
@ -140,13 +143,13 @@ keyid_from_sk( PKT_secret_key *sk, u32 *keyid )
}
else {
const byte *dp;
MD_HANDLE md;
GCRY_MD_HD md;
md = do_fingerprint_md_sk(sk);
dp = md_read( md, 0 );
dp = gcry_md_read( md, 0 );
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
lowbits = keyid[1];
md_close(md);
gcry_md_close(md);
}
return lowbits;
@ -179,13 +182,13 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid )
}
else {
const byte *dp;
MD_HANDLE md;
GCRY_MD_HD md;
md = do_fingerprint_md(pk);
dp = md_read( md, 0 );
dp = gcry_md_read( md, 0 );
keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ;
keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ;
lowbits = keyid[1];
md_close(md);
gcry_md_close(md);
pk->keyid[0] = keyid[0];
pk->keyid[1] = keyid[1];
}
@ -348,34 +351,36 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len )
if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) {
/* RSA in version 3 packets is special */
MD_HANDLE md;
GCRY_MD_HD md;
md = md_open( DIGEST_ALGO_MD5, 0);
md = gcry_md_open( DIGEST_ALGO_MD5, 0);
if( !md )
BUG();
if( pubkey_get_npkey( pk->pubkey_algo ) > 1 ) {
p = buf = mpi_get_buffer( pk->pkey[0], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(buf);
p = buf = mpi_get_buffer( pk->pkey[1], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(buf);
}
md_final(md);
gcry_md_final(md);
if( !array )
array = m_alloc( 16 );
len = 16;
memcpy(array, md_read(md, DIGEST_ALGO_MD5), 16 );
md_close(md);
memcpy(array, gcry_md_read(md, DIGEST_ALGO_MD5), 16 );
gcry_md_close(md);
}
else {
MD_HANDLE md;
GCRY_MD_HD md;
md = do_fingerprint_md(pk);
dp = md_read( md, 0 );
len = md_digest_length( md_get_algo( md ) );
dp = gcry_md_read( md, 0 );
len = gcry_md_get_algo_dlen( gcry_md_get_algo( md ) );
assert( len <= MAX_FINGERPRINT_LEN );
if( !array )
array = m_alloc( len );
memcpy(array, dp, len );
md_close(md);
gcry_md_close(md);
}
*ret_len = len;
@ -392,34 +397,36 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len )
if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) {
/* RSA in version 3 packets is special */
MD_HANDLE md;
GCRY_MD_HD md;
md = md_open( DIGEST_ALGO_MD5, 0);
md = gcry_md_open( DIGEST_ALGO_MD5, 0);
if( !md )
BUG();
if( pubkey_get_npkey( sk->pubkey_algo ) > 1 ) {
p = buf = mpi_get_buffer( sk->skey[1], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(buf);
p = buf = mpi_get_buffer( sk->skey[0], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(buf);
}
md_final(md);
gcry_md_final(md);
if( !array )
array = m_alloc( 16 );
len = 16;
memcpy(array, md_read(md, DIGEST_ALGO_MD5), 16 );
md_close(md);
memcpy(array, gcry_md_read(md, GCRY_MD_MD5), 16 );
gcry_md_close(md);
}
else {
MD_HANDLE md;
GCRY_MD_HD md;
md = do_fingerprint_md_sk(sk);
dp = md_read( md, 0 );
len = md_digest_length( md_get_algo( md ) );
dp = gcry_md_read( md, 0 );
len = gcry_md_get_algo_dlen( gcry_md_get_algo( md ) );
assert( len <= MAX_FINGERPRINT_LEN );
if( !array )
array = m_alloc( len );
memcpy(array, dp, len );
md_close(md);
gcry_md_close(md);
}
*ret_len = len;

28
g10/main.h
View File

@ -19,22 +19,16 @@
*/
#ifndef G10_MAIN_H
#define G10_MAIN_H
#include "types.h"
#include <gcrypt.h>
#include "basicdefs.h"
#include "iobuf.h"
#include "mpi.h"
#include "cipher.h"
#include "keydb.h"
#define DEFAULT_CIPHER_ALGO CIPHER_ALGO_BLOWFISH
#define DEFAULT_PUBKEY_ALGO PUBKEY_ALGO_ELGAMAL
#define DEFAULT_DIGEST_ALGO DIGEST_ALGO_RMD160
typedef struct {
int header_okay;
PK_LIST pk_list;
cipher_filter_context_t cfx;
} encrypt_filter_context_t;
#define DEFAULT_CIPHER_ALGO GCRY_CIPHER_BLOWFISH
#define DEFAULT_PUBKEY_ALGO GCRY_PUBKEY_ELGAMAL
#define DEFAULT_DIGEST_ALGO GCRY_MD_RMD160
/*-- g10.c --*/
@ -61,6 +55,10 @@ u16 checksum_mpi( MPI a );
u16 checksum_mpi_counted_nbits( MPI a );
u32 buffer_to_u32( const byte *buffer );
int openpgp_cipher_test_algo( int algo );
int openpgp_pk_test_algo( int algo );
int openpgp_md_test_algo( int algo );
/*-- helptext.c --*/
void display_online_help( const char *keyword );
@ -73,7 +71,7 @@ int encrypt_filter( void *opaque, int control,
/*-- sign.c --*/
int complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md );
int complete_sig( PKT_signature *sig, PKT_secret_key *sk, GCRY_MD_HD md );
int sign_file( STRLIST filenames, int detached, STRLIST locusr,
int do_encrypt, STRLIST remusr, const char *outfile );
int clearsign_file( const char *fname, STRLIST locusr, const char *outfile );
@ -108,7 +106,7 @@ void copy_options_file( const char *destdir );
/*-- seskey.c --*/
void make_session_key( DEK *dek );
MPI encode_session_key( DEK *dek, unsigned nbits );
MPI encode_md_value( int pubkey_algo, MD_HANDLE md,
MPI encode_md_value( int pubkey_algo, GCRY_MD_HD md,
int hash_algo, unsigned nbits );
/*-- comment.c --*/
@ -143,7 +141,7 @@ int verify_signatures( int nfiles, char **files );
int decrypt_message( const char *filename );
/*-- plaintext.c --*/
int hash_datafiles( MD_HANDLE md, MD_HANDLE md2,
int hash_datafiles( GCRY_MD_HD md, GCRY_MD_HD md2,
STRLIST files, const char *sigfilename, int textmode );
/*-- signal.c --*/

63
g10/mainproc.c
View File

@ -25,12 +25,12 @@
#include <assert.h>
#include <time.h>
#include <gcrypt.h>
#include "packet.h"
#include "iobuf.h"
#include "memory.h"
#include "options.h"
#include "util.h"
#include "cipher.h"
#include "keydb.h"
#include "filter.h"
#include "main.h"
@ -266,7 +266,7 @@ print_failed_pkenc( struct kidlist_item *list )
{
for( ; list; list = list->next ) {
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
const char *algstr = pubkey_algo_to_string( list->pubkey_algo );
const char *algstr = gcry_pk_algo_name( list->pubkey_algo );
pk->pubkey_algo = list->pubkey_algo;
if( !get_pubkey( pk, list->kid ) ) {
@ -361,7 +361,8 @@ proc_plaintext( CTX c, PACKET *pkt )
else if( opt.verbose )
log_info(_("original file name='%.*s'\n"), pt->namelen, pt->name);
free_md_filter_context( &c->mfx );
c->mfx.md = md_open( 0, 0);
if( !(c->mfx.md = gcry_md_open( 0, 0)) )
BUG();
/* fixme: we may need to push the textfilter if we have sigclass 1
* and no armoring - Not yet tested
* Hmmm, why don't we need it at all if we have sigclass 1
@ -372,7 +373,8 @@ proc_plaintext( CTX c, PACKET *pkt )
for(n=c->list; n; n = n->next ) {
if( n->pkt->pkttype == PKT_ONEPASS_SIG ) {
if( n->pkt->pkt.onepass_sig->digest_algo ) {
md_enable( c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo );
gcry_md_enable( c->mfx.md,
n->pkt->pkt.onepass_sig->digest_algo );
if( !any && n->pkt->pkt.onepass_sig->digest_algo
== DIGEST_ALGO_MD5 )
only_md5 = 1;
@ -398,9 +400,9 @@ proc_plaintext( CTX c, PACKET *pkt )
}
}
if( !any ) { /* no onepass sig packet: enable all standard algos */
md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
gcry_md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
gcry_md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
gcry_md_enable( c->mfx.md, DIGEST_ALGO_MD5 );
}
if( only_md5 ) {
/* This is a kludge to work around a bug in pgp2. It does only
@ -408,7 +410,8 @@ proc_plaintext( CTX c, PACKET *pkt )
* pgp mails we could see whether there is the signature packet
* in front of the plaintext. If someone needs this, send me a patch.
*/
c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0);
if( !(c->mfx.md2 = gcry_md_open( DIGEST_ALGO_MD5, 0)) )
BUG();
}
#if 0
#warning md_start_debug is enabled
@ -467,7 +470,7 @@ static int
do_check_sig( CTX c, KBNODE node, int *is_selfsig )
{
PKT_signature *sig;
MD_HANDLE md = NULL, md2 = NULL;
GCRY_MD_HD md = NULL, md2 = NULL;
int algo, rc;
assert( node->pkt->pkttype == PKT_SIGNATURE );
@ -476,27 +479,31 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
sig = node->pkt->pkt.signature;
algo = sig->digest_algo;
if( (rc=check_digest_algo(algo)) )
if( (rc=openpgp_md_test_algo(algo)) )
return rc;
if( sig->sig_class == 0x00 ) {
if( c->mfx.md )
md = md_copy( c->mfx.md );
md = gcry_md_copy( c->mfx.md );
else /* detached signature */
md = md_open( 0, 0 ); /* signature_check() will enable the md*/
md = gcry_md_open( 0, 0 ); /* signature_check() will enable the md*/
if( !md )
BUG();
}
else if( sig->sig_class == 0x01 ) {
/* how do we know that we have to hash the (already hashed) text
* in canonical mode ??? (calculating both modes???) */
if( c->mfx.md ) {
md = md_copy( c->mfx.md );
md = gcry_md_copy( c->mfx.md );
if( c->mfx.md2 )
md2 = md_copy( c->mfx.md2 );
md2 = gcry_md_copy( c->mfx.md2 );
}
else { /* detached signature */
log_debug("Do we really need this here?");
md = md_open( 0, 0 ); /* signature_check() will enable the md*/
md2 = md_open( 0, 0 );
md = gcry_md_open( 0, 0 ); /* signature_check() will enable the md*/
md2 = gcry_md_open( 0, 0 );
if( !md || !md2 )
BUG();
}
}
else if( (sig->sig_class&~3) == 0x10
@ -518,8 +525,8 @@ do_check_sig( CTX c, KBNODE node, int *is_selfsig )
rc = signature_check( sig, md );
if( rc == G10ERR_BAD_SIGN && md2 )
rc = signature_check( sig, md2 );
md_close(md);
md_close(md2);
gcry_md_close(md);
gcry_md_close(md2);
return rc;
}
@ -1020,7 +1027,7 @@ static int
check_sig_and_print( CTX c, KBNODE node )
{
PKT_signature *sig = node->pkt->pkt.signature;
const char *astr, *tstr;
const char *tstr;
int rc;
if( opt.skip_verify ) {
@ -1029,9 +1036,9 @@ check_sig_and_print( CTX c, KBNODE node )
}
tstr = asctimestamp(sig->timestamp);
astr = pubkey_algo_to_string( sig->pubkey_algo );
log_info(_("Signature made %.*s using %s key ID %08lX\n"),
(int)strlen(tstr), tstr, astr? astr: "?", (ulong)sig->keyid[1] );
(int)strlen(tstr), tstr, gcry_pk_algo_name( sig->pubkey_algo ),
(ulong)sig->keyid[1] );
rc = do_check_sig(c, node, NULL );
if( rc == G10ERR_NO_PUBKEY && opt.keyserver_name ) {
@ -1148,11 +1155,12 @@ proc_tree( CTX c, KBNODE node )
if( !c->have_data ) {
free_md_filter_context( &c->mfx );
/* prepare to create all requested message digests */
c->mfx.md = md_open(0, 0);
if( !(c->mfx.md = gcry_md_open(0, 0)) )
BUG();
/* fixme: why looking for the signature packet and not 1passpacket*/
for( n1 = node; (n1 = find_next_kbnode(n1, PKT_SIGNATURE )); ) {
md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
gcry_md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo);
}
/* ask for file and hash it */
if( c->sigs_only )
@ -1177,18 +1185,21 @@ proc_tree( CTX c, KBNODE node )
if( !c->have_data ) {
/* detached signature */
free_md_filter_context( &c->mfx );
c->mfx.md = md_open(sig->digest_algo, 0);
if( !(c->mfx.md = gcry_md_open(sig->digest_algo, 0)) )
BUG();
if( sig->digest_algo == DIGEST_ALGO_MD5
&& is_RSA( sig->pubkey_algo ) ) {
/* enable a workaround for a pgp2 bug */
c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0 );
if( !(c->mfx.md2 = gcry_md_open( DIGEST_ALGO_MD5, 0 )) )
BUG();
}
else if( sig->digest_algo == DIGEST_ALGO_SHA1
&& sig->pubkey_algo == PUBKEY_ALGO_DSA
&& sig->sig_class == 0x01 ) {
/* enable the workaround also for pgp5 when the detached
* signature has been created in textmode */
c->mfx.md2 = md_open( sig->digest_algo, 0 );
if( !(c->mfx.md2 = gcry_md_open( sig->digest_algo, 0 )) )
BUG();
}
/* Here we have another hack to work around a pgp 2 bug
* It works by not using the textmode for detached signatures;

8
g10/mdfilter.c
View File

@ -50,9 +50,9 @@ md_filter( void *opaque, int control,
i = iobuf_read( a, buf, size );
if( i == -1 ) i = 0;
if( i ) {
md_write(mfx->md, buf, i );
gcry_md_write(mfx->md, buf, i );
if( mfx->md2 )
md_write(mfx->md2, buf, i );
gcry_md_write(mfx->md2, buf, i );
}
else
rc = -1; /* eof */
@ -67,8 +67,8 @@ md_filter( void *opaque, int control,
void
free_md_filter_context( md_filter_context_t *mfx )
{
md_close(mfx->md);
md_close(mfx->md2);
gcry_md_close(mfx->md);
gcry_md_close(mfx->md2);
mfx->md = NULL;
mfx->md2 = NULL;
mfx->maxbuf_size = 0;

30
g10/misc.c
View File

@ -31,6 +31,7 @@
#include <sys/time.h>
#include <sys/resource.h>
#endif
#include <gcrypt.h>
#include "util.h"
#include "main.h"
#include "options.h"
@ -265,3 +266,32 @@ map_gcry_rc( int rc )
}
}
/****************
* Wrapper around the libgcrypt function with addional checks on
* openPGP contrainst for the algo ID.
*/
int
openpgp_cipher_test_algo( int algo )
{
if( algo < 0 || algo > 110 )
return GCRYERR_INV_ALGO;
return gcry_cipher_test_algo(algo);
}
int
openpgp_pk_test_algo( int algo )
{
if( algo < 0 || algo > 110 )
return GCRYERR_INV_ALGO;
return gcry_pk_test_algo(algo);
}
int
openpgp_md_test_algo( int algo )
{
if( algo < 0 || algo > 110 )
return GCRYERR_INV_ALGO;
return gcry_md_test_algo(algo);
}

48
g10/openfile.c
View File

@ -39,6 +39,14 @@
#define SKELEXT ".skel"
#endif
#ifdef HAVE_DRIVE_LETTERS
#define CMP_FILENAME(a,b) stricmp( (a), (b) )
#else
#define CMP_FILENAME(a,b) strcmp( (a), (b) )
#endif
/* FIXME: Implement opt.interactive. */
/****************
@ -70,6 +78,7 @@ overwrite_filep( const char *fname )
}
/****************
* Strip know extensions from iname and return a newly allocated
* filename. Return NULL if we can't do that.
@ -82,13 +91,11 @@ make_outfile_name( const char *iname )
if( (!iname || (*iname=='-' && !iname[1]) ))
return m_strdup("-");
#ifdef HAVE_DRIVE_LETTERS
#warning add case insensitive compare
#endif
n = strlen(iname);
if( n > 4 && ( !strcmp(iname+n-4,".gpg")
|| !strcmp(iname+n-4,".sig")
|| !strcmp(iname+n-4,".asc") ) ) {
if( n > 4 && ( !CMP_FILENAME(iname+n-4,".gpg")
|| !CMP_FILENAME(iname+n-4,".pgp")
|| !CMP_FILENAME(iname+n-4,".sig")
|| !CMP_FILENAME(iname+n-4,".asc") ) ) {
char *buf = m_strdup( iname );
buf[n-4] = 0;
return buf;
@ -169,11 +176,33 @@ open_outfile( const char *iname, int mode, IOBUF *a )
name = opt.outfile;
else {
#ifdef USE_ONLY_8DOT3
#warning please implement 8.3 files
#endif
/* It is quite common for DOS system to have only one dot in a
* a filename So if we have something like this, we simple
* replace the suffix execpt in cases where the suffix is
* larger than 3 characters and not the same as.
* We should really map the filenames to 8.3 but this tends to
* be more complicated and is probaly a duty of the filesystem
*/
char *dot;
const char *newsfx = mode==1 ? ".asc" :
mode==2 ? ".sig" : ".gpg";
buf = m_alloc(strlen(iname)+4+1);
strcpy(buf,iname);
dot = strchr(buf, '.' );
if( dot && dot > buf && dot[1] && strlen(dot) <= 4
&& CMP_FILENAME(newsfx, dot) ) {
strcpy(dot, newsfx );
}
else if( dot && !dot[1] ) /* don't duplicate a dot */
strcat( dot, newsfx+1 );
else
strcat( buf, newsfx );
#else
buf = m_alloc(strlen(iname)+4+1);
strcpy(stpcpy(buf,iname), mode==1 ? ".asc" :
mode==2 ? ".sig" : ".gpg");
#endif
name = buf;
}
@ -204,9 +233,6 @@ open_sigfile( const char *iname )
IOBUF a = NULL;
size_t len;
#ifdef USE_ONLY_8DOT3
#warning please implement 8.3 files
#endif
if( iname && !(*iname == '-' && !iname[1]) ) {
len = strlen(iname);
if( len > 4 && ( !strcmp(iname + len - 4, ".sig")

6
g10/packet.h
View File

@ -281,7 +281,7 @@ const byte *parse_sig_subpkt2( PKT_signature *sig,
/*-- build-packet.c --*/
int build_packet( IOBUF inp, PACKET *pkt );
u32 calc_packet_length( PACKET *pkt );
void hash_public_key( MD_HANDLE md, PKT_public_key *pk );
void hash_public_key( GCRY_MD_HD md, PKT_public_key *pk );
void build_sig_subpkt( PKT_signature *sig, sigsubpkttype_t type,
const byte *buffer, size_t buflen );
void build_sig_subpkt_from_sig( PKT_signature *sig );
@ -313,7 +313,7 @@ int cmp_user_ids( PKT_user_id *a, PKT_user_id *b );
/*-- sig-check.c --*/
int signature_check( PKT_signature *sig, MD_HANDLE digest );
int signature_check( PKT_signature *sig, GCRY_MD_HD digest );
/*-- seckey-cert.c --*/
int is_secret_key_protected( PKT_secret_key *sk );
@ -334,7 +334,7 @@ int encrypt_data( PKT_encrypted *ed, DEK *dek );
/*-- plaintext.c --*/
int handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
int nooutput, int clearsig );
int ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
int ask_for_detached_datafile( GCRY_MD_HD md, GCRY_MD_HD md2,
const char *inname, int textmode );
/*-- comment.c --*/

38
g10/passphrase.c
View File

@ -159,14 +159,14 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
tty_printf(_("\nYou need a passphrase to unlock the secret key for\n"
"user: \"") );
p = get_user_id( keyid, &n );
tty_print_string( p, n );
tty_print_utf8_string( p, n );
m_free(p);
tty_printf("\"\n");
if( !get_pubkey( pk, keyid ) ) {
const char *s = pubkey_algo_to_string( pk->pubkey_algo );
tty_printf( _("%u-bit %s key, ID %08lX, created %s"),
nbits_from_pk( pk ), s?s:"?", (ulong)keyid[1],
nbits_from_pk( pk ),
gcry_pk_algo_name( pk->pubkey_algo ), (ulong)keyid[1],
strtimestamp(pk->timestamp) );
if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
&& keyid[1] != keyid[3] )
@ -229,22 +229,24 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
static void
hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
{
MD_HANDLE md;
GCRY_MD_HD md;
int pass, i;
int used = 0;
int pwlen = strlen(pw);
assert( s2k->hash_algo );
dek->keylen = cipher_get_keylen( dek->algo ) / 8;
dek->keylen = gcry_cipher_get_algo_keylen( dek->algo );
if( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) )
BUG();
md = md_open( s2k->hash_algo, 1);
if( !(md = gcry_md_open( s2k->hash_algo, GCRY_MD_FLAG_SECURE )) )
BUG();
for(pass=0; used < dek->keylen ; pass++ ) {
if( pass ) {
md_reset(md);
gcry_md_reset(md);
for(i=0; i < pass; i++ ) /* preset the hash context */
md_putc(md, 0 );
gcry_md_putc(md, 0 );
}
if( s2k->mode == 1 || s2k->mode == 3 ) {
@ -264,28 +266,28 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
}
/* a little bit complicated because we need a ulong for count */
while( count > len2 ) { /* maybe iterated+salted */
md_write( md, s2k->salt, 8 );
md_write( md, pw, pwlen );
gcry_md_write( md, s2k->salt, 8 );
gcry_md_write( md, pw, pwlen );
count -= len2;
}
if( count < 8 )
md_write( md, s2k->salt, count );
gcry_md_write( md, s2k->salt, count );
else {
md_write( md, s2k->salt, 8 );
gcry_md_write( md, s2k->salt, 8 );
count -= 8;
assert( count >= 0 );
md_write( md, pw, count );
gcry_md_write( md, pw, count );
}
}
else
md_write( md, pw, pwlen );
md_final( md );
i = md_digest_length( s2k->hash_algo );
gcry_md_write( md, pw, pwlen );
gcry_md_final( md );
i = gcry_md_get_algo_dlen( s2k->hash_algo );
if( i > dek->keylen - used )
i = dek->keylen - used;
memcpy( dek->key+used, md_read(md, s2k->hash_algo), i );
memcpy( dek->key+used, gcry_md_read(md, s2k->hash_algo), i );
used += i;
}
md_close(md);
gcry_md_close(md);
}

13
g10/pkclist.c
View File

@ -27,6 +27,7 @@
#include "options.h"
#include "packet.h"
#include "main.h"
#include "errors.h"
#include "keydb.h"
#include "memory.h"
@ -149,7 +150,7 @@ show_paths( ulong lid, int only_first )
putchar(' ');
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
tty_print_utf8_string( p, n ),
m_free(p);
tty_printf("\"\n");
free_public_key( pk );
@ -194,7 +195,7 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help )
for(;;) {
/* a string with valid answers */
char *ans = _("sSmMqQ");
const char *ans = _("sSmMqQ");
if( !did_help ) {
if( !mode ) {
@ -203,7 +204,7 @@ do_edit_ownertrust( ulong lid, int mode, unsigned *new_trust, int defer_help )
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1], datestr_from_pk( pk ) );
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
tty_print_utf8_string( p, n ),
m_free(p);
tty_printf("\"\n");
print_fpr( pk );
@ -460,7 +461,7 @@ do_we_trust_pre( PKT_public_key *pk, int trustlevel )
nbits_from_pk( pk ), pubkey_letter( pk->pubkey_algo ),
(ulong)keyid[1], datestr_from_pk( pk ) );
p = get_user_id( keyid, &n );
tty_print_string( p, n ),
tty_print_utf8_string( p, n ),
m_free(p);
tty_printf("\"\n");
print_fpr( pk );
@ -908,10 +909,10 @@ algo_available( int preftype, int algo )
if( preftype == PREFTYPE_SYM ) {
if( algo == CIPHER_ALGO_TWOFISH )
return 0; /* we don't want to generate Twofish messages for now*/
return algo && !check_cipher_algo( algo );
return algo && !openpgp_cipher_test_algo( algo );
}
else if( preftype == PREFTYPE_HASH ) {
return algo && !check_digest_algo( algo );
return algo && !openpgp_md_test_algo( algo );
}
else if( preftype == PREFTYPE_COMPR ) {
return !algo || algo == 1 || algo == 2;

42
g10/plaintext.c
View File

@ -106,7 +106,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
goto leave;
}
if( mfx->md )
md_putc(mfx->md, c );
gcry_md_putc(mfx->md, c );
if( c == '\r' )
continue; /* fixme: this hack might be too simple */
if( fp ) {
@ -132,7 +132,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
goto leave;
}
if( mfx->md )
md_write( mfx->md, buffer, len );
gcry_md_write( mfx->md, buffer, len );
if( fp ) {
if( fwrite( buffer, 1, len, fp ) != len ) {
log_error("Error writing to `%s': %s\n",
@ -151,7 +151,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
if( convert ) { /* text mode */
while( (c = iobuf_get(pt->buf)) != -1 ) {
if( mfx->md )
md_putc(mfx->md, c );
gcry_md_putc(mfx->md, c );
if( convert && c == '\r' )
continue; /* fixme: this hack might be too simple */
if( fp ) {
@ -180,7 +180,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
if( len < 32768 )
eof = 1;
if( mfx->md )
md_write( mfx->md, buffer, len );
gcry_md_write( mfx->md, buffer, len );
if( fp ) {
if( fwrite( buffer, 1, len, fp ) != len ) {
log_error("Error writing to `%s': %s\n",
@ -210,26 +210,26 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
if( !mfx->md )
continue;
if( state == 2 ) {
md_putc(mfx->md, '\r' );
md_putc(mfx->md, '\n' );
gcry_md_putc(mfx->md, '\r' );
gcry_md_putc(mfx->md, '\n' );
state = 0;
}
if( !state ) {
if( c == '\r' )
state = 1;
else
md_putc(mfx->md, c );
gcry_md_putc(mfx->md, c );
}
else if( state == 1 ) {
if( c == '\n' )
state = 2;
else {
md_putc(mfx->md, '\r' );
gcry_md_putc(mfx->md, '\r' );
if( c == '\r' )
state = 1;
else {
state = 0;
md_putc(mfx->md, c );
gcry_md_putc(mfx->md, c );
}
}
}
@ -253,7 +253,7 @@ handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx,
}
static void
do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode )
do_hash( GCRY_MD_HD md, GCRY_MD_HD md2, IOBUF fp, int textmode )
{
text_filter_context_t tfx;
int c;
@ -267,27 +267,27 @@ do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode )
int lc = -1;
while( (c = iobuf_get(fp)) != -1 ) {
if( c == '\n' && lc == '\r' )
md_putc(md2, c);
gcry_md_putc(md2, c);
else if( c == '\n' ) {
md_putc(md2, '\r');
md_putc(md2, c);
gcry_md_putc(md2, '\r');
gcry_md_putc(md2, c);
}
else if( c != '\n' && lc == '\r' ) {
md_putc(md2, '\n');
md_putc(md2, c);
gcry_md_putc(md2, '\n');
gcry_md_putc(md2, c);
}
else
md_putc(md2, c);
gcry_md_putc(md2, c);
if( md )
md_putc(md, c );
gcry_md_putc(md, c );
lc = c;
}
}
else {
while( (c = iobuf_get(fp)) != -1 ) {
if( md )
md_putc(md, c );
gcry_md_putc(md, c );
}
}
}
@ -298,7 +298,7 @@ do_hash( MD_HANDLE md, MD_HANDLE md2, IOBUF fp, int textmode )
* INFILE is the name of the input file.
*/
int
ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
ask_for_detached_datafile( GCRY_MD_HD md, GCRY_MD_HD md2,
const char *inname, int textmode )
{
char *answer = NULL;
@ -308,7 +308,7 @@ ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
fp = open_sigfile( inname ); /* open default file */
if( !fp && !opt.batch ) {
int any=0;
tty_printf("Detached signature.\n");
tty_printf(_("Detached signature.\n"));
do {
m_free(answer);
answer = cpr_get("detached_signature.filename",
@ -353,7 +353,7 @@ ask_for_detached_datafile( MD_HANDLE md, MD_HANDLE md2,
* If FILES is NULL, hash stdin.
*/
int
hash_datafiles( MD_HANDLE md, MD_HANDLE md2, STRLIST files,
hash_datafiles( GCRY_MD_HD md, GCRY_MD_HD md2, STRLIST files,
const char *sigfilename, int textmode )
{
IOBUF fp;

5
g10/pubkey-enc.c
View File

@ -26,6 +26,7 @@
#include "util.h"
#include "memory.h"
#include "packet.h"
#include "main.h"
#include "mpi.h"
#include "keydb.h"
#include "trustdb.h"
@ -150,12 +151,12 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid )
dek->algo = frame[n++];
if( dek->algo == CIPHER_ALGO_IDEA )
write_status(STATUS_RSA_OR_IDEA);
rc = check_cipher_algo( dek->algo );
rc = openpgp_cipher_test_algo( dek->algo );
if( rc ) {
dek->algo = 0;
goto leave;
}
if( (dek->keylen*8) != cipher_get_keylen( dek->algo ) ) {
if( dek->keylen != gcry_cipher_get_algo_keylen( dek->algo ) ) {
rc = G10ERR_WRONG_SECKEY;
goto leave;
}

6
g10/revoke.c
View File

@ -113,7 +113,7 @@ gen_revoke( const char *uname )
{
size_t n;
char *p = get_user_id( sk_keyid, &n );
tty_print_string( p, n );
tty_print_utf8_string( p, n );
m_free(p);
tty_printf("\n");
}
@ -243,8 +243,8 @@ ask_revoke_sig( KBNODE keyblock, KBNODE node, PKT_signature *sig ) ) {
}
tty_printf(_("user ID: \""));
tty_print_string( unode->pkt->pkt.user_id->name,
unode->pkt->pkt.user_id->len, 0 );
tty_print_utf8_string( unode->pkt->pkt.user_id->name,
unode->pkt->pkt.user_id->len, 0 );
tty_printf(_("\"\nsigned with your key %08lX at %s\n"),
sig->keyid[1], datestr_from_sig(sig) );

2
g10/ringedit.c
View File

@ -737,7 +737,9 @@ enum_keyblocks( int mode, KBPOS *kbpos, KBNODE *ret_root )
if( !mode || mode == 5 || mode == 100 ) {
int i;
kbpos->fp = NULL;
kbpos->rt = rt_UNKNOWN;
if( !mode ) {
kbpos->secret = 0;
i = 0;

78
g10/seckey-cert.c
View File

@ -23,12 +23,13 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <gcrypt.h>
#include "util.h"
#include "memory.h"
#include "packet.h"
#include "mpi.h"
#include "keydb.h"
#include "cipher.h"
#include "main.h"
#include "options.h"
#include "i18n.h"
@ -46,12 +47,12 @@ do_check( PKT_secret_key *sk )
if( sk->is_protected ) { /* remove the protection */
DEK *dek = NULL;
u32 keyid[4]; /* 4! because we need two of them */
CIPHER_HANDLE cipher_hd=NULL;
GCRY_CIPHER_HD cipher_hd=NULL;
PKT_secret_key *save_sk;
if( sk->protect.algo == CIPHER_ALGO_NONE )
if( sk->protect.algo == GCRY_CIPHER_NONE )
BUG();
if( check_cipher_algo( sk->protect.algo ) ) {
if( openpgp_cipher_test_algo( sk->protect.algo ) ) {
log_info(_("protection algorithm %d is not supported\n"),
sk->protect.algo );
return G10ERR_CIPHER_ALGO;
@ -66,12 +67,21 @@ do_check( PKT_secret_key *sk )
}
dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo,
&sk->protect.s2k, 0 );
cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen );
if( !(cipher_hd = gcry_cipher_open( sk->protect.algo,
GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (sk->protect.algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) ) )
) {
BUG();
}
if( gcry_cipher_setkey( cipher_hd, dek->key, dek->keylen ) )
log_fatal("set key failed: %s\n", gcry_strerror(-1) );
m_free(dek);
save_sk = copy_secret_key( NULL, sk );
cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
if( gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ))
log_fatal("set IV failed: %s\n", gcry_strerror(-1) );
csum = 0;
if( sk->version >= 4 ) {
int ndata;
@ -81,7 +91,7 @@ do_check( PKT_secret_key *sk )
assert( mpi_is_opaque( sk->skey[i] ) );
p = mpi_get_opaque( sk->skey[i], &ndata );
data = m_alloc_secure( ndata );
cipher_decrypt( cipher_hd, data, p, ndata );
gcry_cipher_decrypt( cipher_hd, data, ndata, p, ndata );
mpi_free( sk->skey[i] ); sk->skey[i] = NULL ;
p = data;
if( ndata < 2 ) {
@ -109,9 +119,9 @@ do_check( PKT_secret_key *sk )
for(i=pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
gcry_cipher_sync( cipher_hd );
assert( mpi_is_protected(sk->skey[i]) );
cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
gcry_cipher_decrypt( cipher_hd, buffer, nbytes, NULL, 0 );
mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
mpi_clear_protect_flag( sk->skey[i] );
csum += checksum_mpi( sk->skey[i] );
@ -121,7 +131,7 @@ do_check( PKT_secret_key *sk )
csum = sk->csum;
}
}
cipher_close( cipher_hd );
gcry_cipher_close( cipher_hd );
/* now let's see whether we have used the right passphrase */
if( csum != sk->csum ) {
copy_secret_key( sk, save_sk );
@ -215,23 +225,41 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
return 0;
if( !sk->is_protected ) { /* okay, apply the protection */
CIPHER_HANDLE cipher_hd=NULL;
GCRY_CIPHER_HD cipher_hd=NULL;
if( check_cipher_algo( sk->protect.algo ) )
if( openpgp_cipher_test_algo( sk->protect.algo ) )
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
else {
print_cipher_algo_note( sk->protect.algo );
cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1 );
if( cipher_setkey( cipher_hd, dek->key, dek->keylen ) )
if( !(cipher_hd = gcry_cipher_open( sk->protect.algo,
GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (sk->protect.algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) ))
) {
BUG();
}
rc = gcry_cipher_setkey( cipher_hd, dek->key, dek->keylen );
if( rc == GCRYERR_WEAK_KEY ) {
log_info(_("WARNING: Weak key detected"
" - please change passphrase again.\n"));
sk->protect.ivlen = cipher_get_blocksize( sk->protect.algo );
rc = 0;
}
else if( rc )
BUG();
/* set the IV length */
{ int blocksize = gcry_cipher_get_algo_blklen( sk->protect.algo );
if( blocksize != 8 && blocksize != 16 )
log_fatal("unsupported blocksize %d\n", blocksize );
sk->protect.ivlen = blocksize;
}
assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
BUG(); /* yes, we are very careful */
randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1);
cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
if( sk->version >= 4 ) {
#define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY)
byte *bufarr[NMPIS];
@ -267,7 +295,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
*p++ = csum >> 8;
*p++ = csum;
assert( p == data+ndata );
cipher_encrypt( cipher_hd, data, data, ndata );
gcry_cipher_encrypt( cipher_hd, data, ndata, NULL, 0 );
for(i = pubkey_get_npkey(sk->pubkey_algo);
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
mpi_free( sk->skey[i] );
@ -284,9 +312,9 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
csum += checksum_mpi_counted_nbits( sk->skey[i] );
buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL );
cipher_sync( cipher_hd );
gcry_cipher_sync( cipher_hd );
assert( !mpi_is_protected(sk->skey[i]) );
cipher_encrypt( cipher_hd, buffer, buffer, nbytes );
gcry_cipher_encrypt( cipher_hd, buffer, nbytes, NULL, 0 );
mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
mpi_set_protect_flag( sk->skey[i] );
m_free( buffer );
@ -294,7 +322,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
sk->csum = csum;
}
sk->is_protected = 1;
cipher_close( cipher_hd );
gcry_cipher_close( cipher_hd );
}
}
return rc;

61
g10/seskey.c
View File

@ -23,6 +23,8 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <gcrypt.h>
#include "util.h"
#include "cipher.h"
#include "mpi.h"
@ -36,19 +38,28 @@
void
make_session_key( DEK *dek )
{
CIPHER_HANDLE chd;
GCRY_CIPHER_HD chd;
int i, rc;
dek->keylen = cipher_get_keylen( dek->algo ) / 8;
dek->keylen = gcry_cipher_get_algo_keylen( dek->algo );
if( !(chd = gcry_cipher_open( dek->algo, GCRY_CIPHER_MODE_CFB,
GCRY_CIPHER_SECURE
| (dek->algo >= 100 ?
0 : GCRY_CIPHER_ENABLE_SYNC) ))
) {
BUG();
}
chd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
randomize_buffer( dek->key, dek->keylen, 1 );
for(i=0; i < 16; i++ ) {
rc = cipher_setkey( chd, dek->key, dek->keylen );
rc = gcry_cipher_setkey( chd, dek->key, dek->keylen );
if( !rc ) {
cipher_close( chd );
gcry_cipher_close( chd );
return;
}
if( rc != GCRYERR_WEAK_KEY )
BUG();
log_info(_("weak key created - retrying\n") );
/* Renew the session key until we get a non-weak key. */
randomize_buffer( dek->key, dek->keylen, 1 );
@ -141,8 +152,8 @@ encode_session_key( DEK *dek, unsigned nbits )
static MPI
do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
const byte *asn, size_t asnlen )
do_encode_md( GCRY_MD_HD md, int algo, size_t len, unsigned nbits,
const byte *asn, size_t asnlen )
{
int nframe = (nbits+7) / 8;
byte *frame;
@ -159,7 +170,8 @@ do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
*
* PAD consists of FF bytes.
*/
frame = md_is_secure(md)? m_alloc_secure( nframe ) : m_alloc( nframe );
frame = gcry_md_is_secure(md)? m_alloc_secure( nframe )
: m_alloc( nframe );
n = 0;
frame[n++] = 0;
frame[n++] = algo;
@ -168,9 +180,9 @@ do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
memset( frame+n, 0xff, i ); n += i;
frame[n++] = 0;
memcpy( frame+n, asn, asnlen ); n += asnlen;
memcpy( frame+n, md_read(md, algo), len ); n += len;
memcpy( frame+n, gcry_md_read(md, algo), len ); n += len;
assert( n == nframe );
a = md_is_secure(md)?
a = gcry_md_is_secure(md)?
mpi_alloc_secure( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB )
: mpi_alloc( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB );
mpi_set_buffer( a, frame, nframe, 0 );
@ -180,24 +192,33 @@ do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
MPI
encode_md_value( int pubkey_algo, MD_HANDLE md, int hash_algo, unsigned nbits )
encode_md_value( int pubkey_algo, GCRY_MD_HD md, int hash_algo, unsigned nbits )
{
int algo = hash_algo? hash_algo : md_get_algo(md);
const byte *asn;
size_t asnlen, mdlen;
int algo = hash_algo? hash_algo : gcry_md_get_algo(md);
MPI frame;
if( pubkey_algo == PUBKEY_ALGO_DSA ) {
frame = md_is_secure(md)? mpi_alloc_secure((md_digest_length(hash_algo)
frame = gcry_md_is_secure(md)? mpi_alloc_secure(
(gcry_md_get_algo_dlen(hash_algo)
+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB )
: mpi_alloc((md_digest_length(hash_algo)
: mpi_alloc((gcry_md_get_algo_dlen(hash_algo)
+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB );
mpi_set_buffer( frame, md_read(md, hash_algo),
md_digest_length(hash_algo), 0 );
mpi_set_buffer( frame, gcry_md_read(md, hash_algo),
gcry_md_get_algo_dlen(hash_algo), 0 );
}
else {
asn = md_asn_oid( algo, &asnlen, &mdlen );
frame = do_encode_md( md, algo, mdlen, nbits, asn, asnlen );
byte *asn;
size_t asnlen;
if( gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, NULL, &asnlen ) )
log_fatal("can't get OID of algo %d: %s\n",
algo, gcry_strerror(-1));
asn = m_alloc( asnlen );
if( gcry_md_algo_info( algo, GCRYCTL_GET_ASNOID, asn, &asnlen ) )
BUG();
frame = do_encode_md( md, algo, gcry_md_get_algo_dlen( algo ),
nbits, asn, asnlen );
m_free( asn );
}
return frame;
}

130
g10/sig-check.c
View File

@ -23,42 +23,43 @@
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <gcrypt.h>
#include "util.h"
#include "packet.h"
#include "memory.h"
#include "mpi.h"
#include "keydb.h"
#include "cipher.h"
#include "main.h"
#include "status.h"
#include "i18n.h"
struct cmp_help_context_s {
PKT_signature *sig;
MD_HANDLE md;
GCRY_MD_HD md;
};
static int do_signature_check( PKT_signature *sig, MD_HANDLE digest,
static int do_signature_check( PKT_signature *sig, GCRY_MD_HD digest,
u32 *r_expire );
static int do_check( PKT_public_key *pk, PKT_signature *sig,
MD_HANDLE digest );
GCRY_MD_HD digest );
/****************
* Check the signature which is contained in SIG.
* The MD_HANDLE should be currently open, so that this function
* The GCRY_MD_HD should be currently open, so that this function
* is able to append some data, before finalizing the digest.
*/
int
signature_check( PKT_signature *sig, MD_HANDLE digest )
signature_check( PKT_signature *sig, GCRY_MD_HD digest )
{
u32 dummy;
return do_signature_check( sig, digest, &dummy );
}
static int
do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
do_signature_check( PKT_signature *sig, GCRY_MD_HD digest, u32 *r_expire )
{
PKT_public_key *pk = m_alloc_clear( sizeof *pk );
int rc=0;
@ -84,36 +85,37 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
* not possible to sign more than one identical document within
* one second. Some remote bacth processing applications might
* like this feature here */
MD_HANDLE md;
GCRY_MD_HD md;
u32 a = sig->timestamp;
int i, nsig = pubkey_get_nsig( sig->pubkey_algo );
byte *p, *buffer;
md = md_open( DIGEST_ALGO_RMD160, 0);
md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo );
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
if( !(md = gcry_md_open( DIGEST_ALGO_RMD160, 0)) )
BUG();
gcry_md_putc( digest, sig->pubkey_algo );
gcry_md_putc( digest, sig->digest_algo );
gcry_md_putc( digest, (a >> 24) & 0xff );
gcry_md_putc( digest, (a >> 16) & 0xff );
gcry_md_putc( digest, (a >> 8) & 0xff );
gcry_md_putc( digest, a & 0xff );
for(i=0; i < nsig; i++ ) {
unsigned n = mpi_get_nbits( sig->data[i]);
md_putc( md, n>>8);
md_putc( md, n );
gcry_md_putc( md, n>>8);
gcry_md_putc( md, n );
p = mpi_get_buffer( sig->data[i], &n, NULL );
md_write( md, p, n );
gcry_md_write( md, p, n );
m_free(p);
}
md_final( md );
p = make_radix64_string( md_read( md, 0 ), 20 );
gcry_md_final( md );
p = make_radix64_string( gcry_md_read( md, 0 ), 20 );
buffer = m_alloc( strlen(p) + 60 );
sprintf( buffer, "%s %s %lu",
p, strtimestamp( sig->timestamp ), (ulong)sig->timestamp );
write_status_text( STATUS_SIG_ID, buffer );
m_free(buffer);
m_free(p);
md_close(md);
gcry_md_close(md);
}
return rc;
@ -123,11 +125,11 @@ do_signature_check( PKT_signature *sig, MD_HANDLE digest, u32 *r_expire )
#if 0 /* not anymore used */
/****************
* Check the MDC which is contained in SIG.
* The MD_HANDLE should be currently open, so that this function
* The GCRY_MD_HD should be currently open, so that this function
* is able to append some data, before finalizing the digest.
*/
int
mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest )
mdc_kludge_check( PKT_signature *sig, GCRY_MD_HD digest )
{
int rc=0;
@ -139,23 +141,23 @@ mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest )
/* complete the digest */
if( sig->version >= 4 )
md_putc( digest, sig->version );
md_putc( digest, sig->sig_class );
gcry_md_putc( digest, sig->version );
gcry_md_putc( digest, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
gcry_md_putc( digest, (a >> 24) & 0xff );
gcry_md_putc( digest, (a >> 16) & 0xff );
gcry_md_putc( digest, (a >> 8) & 0xff );
gcry_md_putc( digest, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo );
gcry_md_putc( digest, sig->pubkey_algo );
gcry_md_putc( digest, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( digest, sig->hashed_data, n+2 );
gcry_md_write( digest, sig->hashed_data, n+2 );
n += 6;
}
else
@ -167,7 +169,7 @@ mdc_kludge_check( PKT_signature *sig, MD_HANDLE digest )
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( digest, buf, 6 );
gcry_md_write( digest, buf, 6 );
}
md_final( digest );
@ -221,7 +223,7 @@ cmp_help( void *opaque, MPI result )
size_t mdlen, asnlen;
struct cmp_help_context_s *ctx = opaque;
PKT_signature *sig = ctx->sig;
MD_HANDLE digest = ctx->md;
GCRY_MD_HD digest = ctx->md;
old_enc = 0;
for(i=j=0; (c=mpi_getbyte(result, i)) != -1; i++ ) {
@ -284,7 +286,7 @@ cmp_help( void *opaque, MPI result )
static int
do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
do_check( PKT_public_key *pk, PKT_signature *sig, GCRY_MD_HD digest )
{
MPI result = NULL;
int rc=0;
@ -323,33 +325,33 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
}
if( (rc=check_digest_algo(sig->digest_algo)) )
if( (rc=openpgp_md_test_algo(sig->digest_algo)) )
return rc;
if( (rc=check_pubkey_algo(sig->pubkey_algo)) )
if( (rc=openpgp_pk_test_algo(sig->pubkey_algo)) )
return rc;
/* make sure the digest algo is enabled (in case of a detached signature)*/
md_enable( digest, sig->digest_algo );
gcry_md_enable( digest, sig->digest_algo );
/* complete the digest */
if( sig->version >= 4 )
md_putc( digest, sig->version );
md_putc( digest, sig->sig_class );
gcry_md_putc( digest, sig->version );
gcry_md_putc( digest, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
gcry_md_putc( digest, (a >> 24) & 0xff );
gcry_md_putc( digest, (a >> 16) & 0xff );
gcry_md_putc( digest, (a >> 8) & 0xff );
gcry_md_putc( digest, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( digest, sig->pubkey_algo );
md_putc( digest, sig->digest_algo );
gcry_md_putc( digest, sig->pubkey_algo );
gcry_md_putc( digest, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( digest, sig->hashed_data, n+2 );
gcry_md_write( digest, sig->hashed_data, n+2 );
n += 6;
}
else
@ -361,9 +363,9 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( digest, buf, 6 );
gcry_md_write( digest, buf, 6 );
}
md_final( digest );
gcry_md_final( digest );
result = encode_md_value( pk->pubkey_algo, digest, sig->digest_algo,
mpi_get_nbits(pk->pkey[0]));
@ -385,7 +387,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
static void
hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig )
hash_uid_node( KBNODE unode, GCRY_MD_HD md, PKT_signature *sig )
{
PKT_user_id *uid = unode->pkt->pkt.user_id;
@ -397,9 +399,9 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig )
buf[2] = uid->len >> 16;
buf[3] = uid->len >> 8;
buf[4] = uid->len;
md_write( md, buf, 5 );
gcry_md_write( md, buf, 5 );
}
md_write( md, uid->name, uid->len );
gcry_md_write( md, uid->name, uid->len );
}
/****************
@ -417,7 +419,7 @@ check_key_signature( KBNODE root, KBNODE node, int *is_selfsig )
int
check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
{
MD_HANDLE md;
GCRY_MD_HD md;
PKT_public_key *pk;
PKT_signature *sig;
int algo;
@ -439,24 +441,26 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
sig->flags.valid? "good":"bad" );
#endif
if( (rc=check_digest_algo(algo)) )
if( (rc=openpgp_md_test_algo(algo)) )
return rc;
if( sig->sig_class == 0x20 ) {
md = md_open( algo, 0 );
if( !(md = gcry_md_open( algo, 0 )) )
BUG();
hash_public_key( md, pk );
rc = do_check( pk, sig, md );
md_close(md);
gcry_md_close(md);
}
else if( sig->sig_class == 0x28 ) { /* subkey revocation */
KBNODE snode = find_prev_kbnode( root, node, PKT_PUBLIC_SUBKEY );
if( snode ) {
md = md_open( algo, 0 );
if( !(md = gcry_md_open( algo, 0 )) )
BUG();
hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md );
md_close(md);
gcry_md_close(md);
}
else {
log_error("no subkey for subkey revocation packet\n");
@ -474,11 +478,12 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] )
*is_selfsig = 1;
}
md = md_open( algo, 0 );
if( !(md = gcry_md_open( algo, 0 )) )
BUG();
hash_public_key( md, pk );
hash_public_key( md, snode->pkt->pkt.public_key );
rc = do_check( pk, sig, md );
md_close(md);
gcry_md_close(md);
}
else {
log_error("no subkey for key signature packet\n");
@ -492,7 +497,8 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
u32 keyid[2];
keyid_from_pk( pk, keyid );
md = md_open( algo, 0 );
if( !(md = gcry_md_open( algo, 0 )) )
BUG();
hash_public_key( md, pk );
hash_uid_node( unode, md, sig );
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
@ -502,7 +508,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, u32 *r_expire)
}
else
rc = do_signature_check( sig, md, r_expire );
md_close(md);
gcry_md_close(md);
}
else {
log_error("no user ID for key signature packet\n");

149
g10/sign.c
View File

@ -25,6 +25,7 @@
#include <errno.h>
#include <assert.h>
#include <gcrypt.h>
#include "options.h"
#include "packet.h"
#include "errors.h"
@ -94,7 +95,7 @@ mk_notation_and_policy( PKT_signature *sig )
static int
do_sign( PKT_secret_key *sk, PKT_signature *sig,
MD_HANDLE md, int digest_algo )
GCRY_MD_HD md, int digest_algo )
{
MPI frame;
byte *dp;
@ -113,10 +114,10 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
print_pubkey_algo_note(sk->pubkey_algo);
if( !digest_algo )
digest_algo = md_get_algo(md);
digest_algo = gcry_md_get_algo(md);
print_digest_algo_note( digest_algo );
dp = md_read( md, digest_algo );
dp = gcry_md_read( md, digest_algo );
sig->digest_algo = digest_algo;
sig->digest_start[0] = dp[0];
sig->digest_start[1] = dp[1];
@ -130,7 +131,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
if( opt.verbose ) {
char *ustr = get_user_id_string( sig->keyid );
log_info(_("%s signature from: %s\n"),
pubkey_algo_to_string(sk->pubkey_algo), ustr );
gcry_pk_algo_name(sk->pubkey_algo), ustr );
m_free(ustr);
}
}
@ -140,7 +141,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
int
complete_sig( PKT_signature *sig, PKT_secret_key *sk, MD_HANDLE md )
complete_sig( PKT_signature *sig, PKT_secret_key *sk, GCRY_MD_HD md )
{
int rc=0;
@ -273,11 +274,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
/* prepare to calculate the MD over the input */
if( opt.textmode && !outfile )
iobuf_push_filter( inp, text_filter, &tfx );
mfx.md = md_open(0, 0);
if( !(mfx.md = gcry_md_open(0, 0)))
BUG();
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
md_enable(mfx.md, hash_for(sk->pubkey_algo));
gcry_md_enable(mfx.md, hash_for(sk->pubkey_algo));
}
if( !multifile )
@ -448,7 +450,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk;
PKT_signature *sig;
MD_HANDLE md;
GCRY_MD_HD md;
sk = sk_rover->sk;
@ -462,37 +464,37 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
sig->timestamp = make_timestamp();
sig->sig_class = opt.textmode && !outfile? 0x01 : 0x00;
md = md_copy( mfx.md );
md = gcry_md_copy( mfx.md );
if( sig->version >= 4 ) {
build_sig_subpkt_from_sig( sig );
md_putc( md, sig->version );
gcry_md_putc( md, sig->version );
}
mk_notation_and_policy( sig );
md_putc( md, sig->sig_class );
gcry_md_putc( md, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( md, (a >> 24) & 0xff );
md_putc( md, (a >> 16) & 0xff );
md_putc( md, (a >> 8) & 0xff );
md_putc( md, a & 0xff );
gcry_md_putc( md, (a >> 24) & 0xff );
gcry_md_putc( md, (a >> 16) & 0xff );
gcry_md_putc( md, (a >> 8) & 0xff );
gcry_md_putc( md, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo );
gcry_md_putc( md, sig->pubkey_algo );
gcry_md_putc( md, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( md, sig->hashed_data, n+2 );
gcry_md_write( md, sig->hashed_data, n+2 );
n += 6;
}
else {
md_putc( md, 0 ); /* always hash the length of the subpacket*/
md_putc( md, 0 );
gcry_md_putc( md, 0 ); /* always hash the length of the subpacket*/
gcry_md_putc( md, 0 );
n = 6;
}
/* add some magic */
@ -502,13 +504,13 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( md, buf, 6 );
gcry_md_write( md, buf, 6 );
}
md_final( md );
gcry_md_final( md );
rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
md_close( md );
gcry_md_close( md );
if( !rc ) { /* and write it */
init_packet(&pkt);
@ -530,7 +532,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
else
iobuf_close(out);
iobuf_close(inp);
md_close( mfx.md );
gcry_md_close( mfx.md );
release_sk_list( sk_list );
release_pk_list( pk_list );
return rc;
@ -545,7 +547,7 @@ int
clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
{
armor_filter_context_t afx;
MD_HANDLE textmd = NULL;
GCRY_MD_HD textmd = NULL;
IOBUF inp = NULL, out = NULL;
PACKET pkt;
int rc = 0;
@ -594,21 +596,26 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
}
}
if( old_style || only_md5 )
if( old_style && only_md5 )
iobuf_writestr(out, "\n" );
else {
const char *s;
int any = 0;
byte hashs_seen[256];
memset( hashs_seen, 0, sizeof hashs_seen );
iobuf_writestr(out, "Hash: " );
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
s = digest_algo_to_string( hash_for(sk->pubkey_algo) );
if( s ) {
if( any )
iobuf_put(out, ',' );
iobuf_writestr(out, s );
any = 1;
int i = hash_for(sk->pubkey_algo);
if( !hashs_seen[ i & 0xff ] ) {
if( !openpgp_md_test_algo( i ) ) {
hashs_seen[ i & 0xff ] = 1;
if( any )
iobuf_put(out, ',' );
iobuf_writestr(out, gcry_md_algo_name( i ) );
any = 1;
}
}
}
assert(any);
@ -620,10 +627,11 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
}
textmd = md_open(0, 0);
if( !(textmd = gcry_md_open(0, 0)) )
BUG();
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
md_enable(textmd, hash_for(sk->pubkey_algo));
gcry_md_enable(textmd, hash_for(sk->pubkey_algo));
}
/*md_start_debug( textmd, "sign" );*/
copy_clearsig_text( out, inp, textmd,
@ -638,7 +646,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk;
PKT_signature *sig;
MD_HANDLE md;
GCRY_MD_HD md;
sk = sk_rover->sk;
@ -652,36 +660,36 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
sig->timestamp = make_timestamp();
sig->sig_class = 0x01;
md = md_copy( textmd );
md = gcry_md_copy( textmd );
if( sig->version >= 4 ) {
build_sig_subpkt_from_sig( sig );
md_putc( md, sig->version );
gcry_md_putc( md, sig->version );
}
mk_notation_and_policy( sig );
md_putc( md, sig->sig_class );
gcry_md_putc( md, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( md, (a >> 24) & 0xff );
md_putc( md, (a >> 16) & 0xff );
md_putc( md, (a >> 8) & 0xff );
md_putc( md, a & 0xff );
gcry_md_putc( md, (a >> 24) & 0xff );
gcry_md_putc( md, (a >> 16) & 0xff );
gcry_md_putc( md, (a >> 8) & 0xff );
gcry_md_putc( md, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo );
gcry_md_putc( md, sig->pubkey_algo );
gcry_md_putc( md, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( md, sig->hashed_data, n+2 );
gcry_md_write( md, sig->hashed_data, n+2 );
n += 6;
}
else {
md_putc( md, 0 ); /* always hash the length of the subpacket*/
md_putc( md, 0 );
gcry_md_putc( md, 0 ); /* always hash the length of the subpacket*/
gcry_md_putc( md, 0 );
n = 6;
}
/* add some magic */
@ -691,13 +699,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( md, buf, 6 );
gcry_md_write( md, buf, 6 );
}
md_final( md );
gcry_md_final( md );
rc = do_sign( sk, sig, md, hash_for(sig->pubkey_algo) );
md_close( md );
gcry_md_close( md );
if( !rc ) { /* and write it */
init_packet(&pkt);
@ -719,7 +727,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
else
iobuf_close(out);
iobuf_close(inp);
md_close( textmd );
gcry_md_close( textmd );
release_sk_list( sk_list );
return rc;
}
@ -741,7 +749,7 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
{
PKT_signature *sig;
int rc=0;
MD_HANDLE md;
GCRY_MD_HD md;
assert( (sigclass >= 0x10 && sigclass <= 0x13)
|| sigclass == 0x20 || sigclass == 0x18
@ -754,7 +762,8 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
default: digest_algo = DIGEST_ALGO_RMD160; break;
}
}
md = md_open( digest_algo, 0 );
if( !(md = gcry_md_open( digest_algo, 0 )))
BUG();
/* hash the public key certificate and the user id */
hash_public_key( md, pk );
@ -769,9 +778,9 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
buf[2] = uid->len >> 16;
buf[3] = uid->len >> 8;
buf[4] = uid->len;
md_write( md, buf, 5 );
gcry_md_write( md, buf, 5 );
}
md_write( md, uid->name, uid->len );
gcry_md_write( md, uid->name, uid->len );
}
/* and make the signature packet */
sig = m_alloc_clear( sizeof *sig );
@ -790,29 +799,29 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
if( !rc ) {
mk_notation_and_policy( sig );
if( sig->version >= 4 )
md_putc( md, sig->version );
md_putc( md, sig->sig_class );
gcry_md_putc( md, sig->version );
gcry_md_putc( md, sig->sig_class );
if( sig->version < 4 ) {
u32 a = sig->timestamp;
md_putc( md, (a >> 24) & 0xff );
md_putc( md, (a >> 16) & 0xff );
md_putc( md, (a >> 8) & 0xff );
md_putc( md, a & 0xff );
gcry_md_putc( md, (a >> 24) & 0xff );
gcry_md_putc( md, (a >> 16) & 0xff );
gcry_md_putc( md, (a >> 8) & 0xff );
gcry_md_putc( md, a & 0xff );
}
else {
byte buf[6];
size_t n;
md_putc( md, sig->pubkey_algo );
md_putc( md, sig->digest_algo );
gcry_md_putc( md, sig->pubkey_algo );
gcry_md_putc( md, sig->digest_algo );
if( sig->hashed_data ) {
n = (sig->hashed_data[0] << 8) | sig->hashed_data[1];
md_write( md, sig->hashed_data, n+2 );
gcry_md_write( md, sig->hashed_data, n+2 );
n += 6;
}
else {
md_putc( md, 0 ); /* always hash the length of the subpacket*/
md_putc( md, 0 );
gcry_md_putc( md, 0 ); /* always hash the length of the subpacket*/
gcry_md_putc( md, 0 );
n = 6;
}
/* add some magic */
@ -822,15 +831,15 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write( md, buf, 6 );
gcry_md_write( md, buf, 6 );
}
md_final(md);
gcry_md_final(md);
rc = complete_sig( sig, sk, md );
}
md_close( md );
gcry_md_close( md );
if( rc )
free_seckey_enc( sig );
else

13
g10/textfilter.c
View File

@ -25,6 +25,7 @@
#include <errno.h>
#include <assert.h>
#include <gcrypt.h>
#include "errors.h"
#include "iobuf.h"
#include "memory.h"
@ -141,7 +142,7 @@ text_filter( void *opaque, int control,
* md is updated as required by rfc2440
*/
int
copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
copy_clearsig_text( IOBUF out, IOBUF inp, GCRY_MD_HD md,
int escape_dash, int escape_from, int pgp2mode )
{
unsigned maxlen;
@ -166,15 +167,15 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
/* update the message digest */
if( escape_dash ) {
if( pending_lf ) {
md_putc( md, '\r' );
md_putc( md, '\n' );
gcry_md_putc( md, '\r' );
gcry_md_putc( md, '\n' );
}
md_write( md, buffer,
gcry_md_write( md, buffer,
len_without_trailing_chars( buffer, n,
pgp2mode? " \r\n":" \t\r\n"));
}
else
md_write( md, buffer, n );
gcry_md_write( md, buffer, n );
pending_lf = buffer[n-1] == '\n';
/* write the output */
@ -190,7 +191,7 @@ copy_clearsig_text( IOBUF out, IOBUF inp, MD_HANDLE md,
if( !pending_lf ) { /* make sure that the file ends with a LF */
iobuf_put( out, '\n');
if( !escape_dash )
md_putc( md, '\n' );
gcry_md_putc( md, '\n' );
}
if( truncated )

8
g10/trustdb.c
View File

@ -586,13 +586,13 @@ print_user_id( FILE *fp, const char *text, u32 *keyid )
p = get_user_id( keyid, &n );
if( fp ) {
fprintf( fp, "%s \"", text );
print_string( fp, p, n, 0 );
print_utf8_string( fp, p, n );
putc('\"', fp);
putc('\n', fp);
}
else {
tty_printf( "%s \"", text );
tty_print_string( p, n );
tty_print_utf8_string( p, n );
tty_printf( "\"\n" );
}
m_free(p);
@ -652,7 +652,7 @@ print_path( int pathlen, TN ME .........., FILE *fp, ulong highlight )
p = get_user_id( keyid, &n );
putc(' ', fp);
putc('\"', fp);
print_string( fp, p, n > 40? 40:n, 0 );
print_utf8_string( fp, p, n > 40? 40:n, 0 );
putc('\"', fp);
m_free(p);
putc('\n', fp );
@ -1000,7 +1000,7 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid,
(ulong)mainkid[1], lid );
assert(keynode->pkt->pkttype == PKT_USER_ID );
uid = keynode->pkt->pkt.user_id;
print_string( log_stream(), uid->name, uid->len, '\"' );
print_utf8_string( log_stream(), uid->name, uid->len );
fputs("\"\n", log_stream());
}

4
include/ChangeLog
View File

@ -1,3 +1,7 @@
Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
* g10lib.h: Moved from ../gcrypt to here.
Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

102
include/cipher.h
View File

@ -57,38 +57,6 @@
|| (a)==PUBKEY_ALGO_RSA_S )
#define is_ELGAMAL(a) ((a)==PUBKEY_ALGO_ELGAMAL || (a)==PUBKEY_ALGO_ELGAMAL_E)
typedef struct {
int algo;
int keylen;
byte key[32]; /* this is the largest used keylen (256 bit) */
} DEK;
struct cipher_handle_s;
typedef struct cipher_handle_s *CIPHER_HANDLE;
#define CIPHER_MODE_ECB 1
#define CIPHER_MODE_CFB 2
#define CIPHER_MODE_PHILS_CFB 3
#define CIPHER_MODE_AUTO_CFB 4
#define CIPHER_MODE_DUMMY 5 /* used with algo DUMMY for no encryption */
#define CIPHER_MODE_CBC 6
struct md_digest_list_s;
struct gcry_md_context {
int secure;
FILE *debug;
int finalized;
struct md_digest_list_s *list;
int bufcount;
int bufsize;
byte buffer[1];
};
typedef struct gcry_md_context *MD_HANDLE;
int g10c_debug_mode;
int g10_opt_verbose;
const char *g10_opt_homedir;
@ -96,82 +64,12 @@ const char *g10_opt_homedir;
/*-- dynload.c --*/
void register_cipher_extension( const char *mainpgm, const char *fname );
/*-- md.c --*/
int string_to_digest_algo( const char *string );
const char * digest_algo_to_string( int algo );
int check_digest_algo( int algo );
MD_HANDLE md_open( int algo, int secure );
void md_enable( MD_HANDLE hd, int algo );
MD_HANDLE md_copy( MD_HANDLE a );
void md_reset( MD_HANDLE a );
void md_close(MD_HANDLE a);
void md_write( MD_HANDLE a, byte *inbuf, size_t inlen);
void md_final(MD_HANDLE a);
byte *md_read( MD_HANDLE a, int algo );
int md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen );
int md_get_algo( MD_HANDLE a );
int md_digest_length( int algo );
const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );
void md_start_debug( MD_HANDLE a, const char *suffix );
void md_stop_debug( MD_HANDLE a );
#define md_is_secure(a) ((a)->secure)
#define md_putc(h,c) \
do { \
if( (h)->bufcount == (h)->bufsize ) \
md_write( (h), NULL, 0 ); \
(h)->buffer[(h)->bufcount++] = (c) & 0xff; \
} while(0)
/*-- rmd160.c --*/
void rmd160_hash_buffer( char *outbuf, const char *buffer, size_t length );
/*-- cipher.c --*/
int string_to_cipher_algo( const char *string );
const char * cipher_algo_to_string( int algo );
void disable_cipher_algo( int algo );
int check_cipher_algo( int algo );
unsigned cipher_get_keylen( int algo );
unsigned cipher_get_blocksize( int algo );
CIPHER_HANDLE cipher_open( int algo, int mode, int secure );
void cipher_close( CIPHER_HANDLE c );
int cipher_setkey( CIPHER_HANDLE c, byte *key, unsigned keylen );
void cipher_setiv( CIPHER_HANDLE c, const byte *iv, unsigned ivlen );
void cipher_encrypt( CIPHER_HANDLE c, byte *out, byte *in, unsigned nbytes );
void cipher_decrypt( CIPHER_HANDLE c, byte *out, byte *in, unsigned nbytes );
void cipher_sync( CIPHER_HANDLE c );
/*-- pubkey.c --*/
#define PUBKEY_MAX_NPKEY 4
#define PUBKEY_MAX_NSKEY 6
#define PUBKEY_MAX_NSIG 2
#define PUBKEY_MAX_NENC 2
int string_to_pubkey_algo( const char *string );
const char * pubkey_algo_to_string( int algo );
void disable_pubkey_algo( int algo );
int check_pubkey_algo( int algo );
int check_pubkey_algo2( int algo, unsigned use );
int pubkey_get_npkey( int algo );
int pubkey_get_nskey( int algo );
int pubkey_get_nsig( int algo );
int pubkey_get_nenc( int algo );
unsigned pubkey_nbits( int algo, MPI *pkey );
int pubkey_generate( int algo, unsigned nbits, MPI *skey, MPI **retfactors );
int pubkey_check_secret_key( int algo, MPI *skey );
int pubkey_encrypt( int algo, MPI *resarr, MPI data, MPI *pkey );
int pubkey_decrypt( int algo, MPI *result, MPI *data, MPI *skey );
int pubkey_sign( int algo, MPI *resarr, MPI hash, MPI *skey );
int pubkey_verify( int algo, MPI hash, MPI *data, MPI *pkey,
int (*cmp)(void *, MPI), void *opaque );
/*-- smallprime.c --*/
extern ushort small_prime_numbers[];
/*-- primegen.c --*/
MPI generate_secret_prime( unsigned nbits );
MPI generate_public_prime( unsigned nbits );
MPI generate_elg_prime( int mode, unsigned pbits, unsigned qbits,
MPI g, MPI **factors );
#endif /*G10_CIPHER_H*/

1
include/distfiles
View File

@ -9,5 +9,6 @@ util.h
i18n.h
host2net.h
http.h
g10lib.h
ChangeLog

212
include/g10lib.h Normal file
View File

@ -0,0 +1,212 @@
/* g10lib.h - internal defintions for libgcrypt
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This header is to be used inside of libgcrypt in place of gcrypt.h.
* This way we can easily distinguish between internal and external
* usage of gcrypt.h
*
* This file is part of GnuPG.
*
* GnuPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GnuPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifndef G10LIB_H
#define G10LIB_H 1
#ifdef _GCRYPT_H
#error gcrypt.h already included
#endif
#include "gcrypt.h"
#ifdef G10_I18N_H
#error i18n should not be included here
#endif
#define _(a) g10_gettext(a)
#define N_(a) (a)
/*-- gcrypt/global.c --*/
int set_lasterr( int ec );
/*-- gcrypt/misc.c --*/
const char *g10_gettext( const char *key );
int fatal_invalid_arg(const char *text);
#if 0
/* This used to be the old include/g10lib.h */
#include "mpi.h"
int g10c_debug_mode;
int g10_opt_verbose;
/********************************
******* math functions *******
********************************/
MPI g10m_new( unsigned nbits );
MPI g10m_new_secure( unsigned nbits );
void g10m_release( MPI a );
void g10m_resize( MPI a, unsigned nbits );
MPI g10m_copy( MPI a );
void g10m_swap( MPI a, MPI b);
void g10m_set( MPI w, MPI u);
void g10m_set_ui( MPI w, unsigned long u);
void g10m_set_bytes( MPI a, unsigned nbits, unsigned char (*fnc)(int), int opaque );
int g10m_cmp( MPI u, MPI v );
int g10m_cmp_ui( MPI u, unsigned long v );
void g10m_add(MPI w, MPI u, MPI v);
void g10m_add_ui(MPI w, MPI u, unsigned long v );
void g10m_sub( MPI w, MPI u, MPI v);
void g10m_sub_ui(MPI w, MPI u, unsigned long v );
void g10m_mul_ui(MPI w, MPI u, unsigned long v );
void g10m_mul_2exp( MPI w, MPI u, unsigned long cnt);
void g10m_mul( MPI w, MPI u, MPI v);
void g10m_mulm( MPI w, MPI u, MPI v, MPI m);
void g10m_fdiv_q( MPI quot, MPI dividend, MPI divisor );
void g10m_powm( MPI res, MPI base, MPI exp, MPI mod);
int g10m_gcd( MPI g, MPI a, MPI b );
int g10m_invm( MPI x, MPI u, MPI v );
unsigned g10m_get_nbits( MPI a );
unsigned g10m_get_size( MPI a );
void g10m_set_buffer( MPI a, const char *buffer, unsigned nbytes, int sign );
/********************************************
******* symmetric cipher functions *******
********************************************/
/*********************************************
******* asymmetric cipher functions *******
*********************************************/
/*********************************************
******* cryptograhic hash functions *******
*********************************************/
/*****************************************
******* miscellaneous functions *******
*****************************************/
const char *g10m_revision_string(int mode);
const char *g10c_revision_string(int mode);
const char *g10u_revision_string(int mode);
MPI g10c_generate_secret_prime( unsigned nbits );
char *g10c_get_random_bits( unsigned nbits, int level, int secure );
void *g10_malloc( size_t n );
void *g10_calloc( size_t n );
void *g10_malloc_secure( size_t n );
void *g10_calloc_secure( size_t n );
void *g10_realloc( void *a, size_t n );
void g10_free( void *p );
char *g10_strdup( const char * a);
void g10_log_bug( const char *fmt, ... );
void g10_log_bug0( const char *, int );
void g10_log_fatal( const char *fmt, ... );
void g10_log_error( const char *fmt, ... );
void g10_log_info( const char *fmt, ... );
void g10_log_debug( const char *fmt, ... );
void g10_log_hexdump( const char *text, char *buf, size_t len );
void g10_log_mpidump( const char *text, MPI a );
/***************************
******* constants *******
**************************/
#define CIPHER_ALGO_NONE 0
#define CIPHER_ALGO_IDEA 1
#define CIPHER_ALGO_3DES 2
#define CIPHER_ALGO_CAST5 3
#define CIPHER_ALGO_BLOWFISH 4 /* blowfish 128 bit key */
#define CIPHER_ALGO_SAFER_SK128 5
#define CIPHER_ALGO_DES_SK 6
#define CIPHER_ALGO_BLOWFISH160 42 /* blowfish 160 bit key (not in OpenPGP)*/
#define CIPHER_ALGO_DUMMY 110 /* no encryption at all */
#define PUBKEY_ALGO_RSA 1
#define PUBKEY_ALGO_RSA_E 2 /* RSA encrypt only */
#define PUBKEY_ALGO_RSA_S 3 /* RSA sign only */
#define PUBKEY_ALGO_ELGAMAL_E 16 /* encrypt only ElGamal (but not vor v3)*/
#define PUBKEY_ALGO_DSA 17
#define PUBKEY_ALGO_ELGAMAL 20 /* sign and encrypt elgamal */
#define DIGEST_ALGO_MD5 1
#define DIGEST_ALGO_SHA1 2
#define DIGEST_ALGO_RMD160 3
#define DIGEST_ALGO_TIGER 6
#define is_RSA(a) ((a)==PUBKEY_ALGO_RSA || (a)==PUBKEY_ALGO_RSA_E \
|| (a)==PUBKEY_ALGO_RSA_S )
#define is_ELGAMAL(a) ((a)==PUBKEY_ALGO_ELGAMAL || (a)==PUBKEY_ALGO_ELGAMAL_E)
#define G10ERR_GENERAL 1
#define G10ERR_PUBKEY_ALGO 4
#define G10ERR_DIGEST_ALGO 5
#define G10ERR_BAD_PUBKEY 6
#define G10ERR_BAD_SECKEY 7
#define G10ERR_BAD_SIGN 8
#define G10ERR_CIPHER_ALGO 12
#define G10ERR_WRONG_SECKEY 18
#define G10ERR_UNSUPPORTED 19
#define G10ERR_NI_PUBKEY 27
#define G10ERR_NI_CIPHER 28
#define G10ERR_BAD_MPI 30
#define G10ERR_WR_PUBKEY_ALGO 41
/***********************************
******* some handy macros *******
***********************************/
#ifndef BUG
#define BUG() g10_log_bug0( __FILE__ , __LINE__ )
#endif
#ifndef STR
#define STR(v) #v
#define STR2(v) STR(v)
#endif
#ifndef DIM
#define DIM(v) (sizeof(v)/sizeof((v)[0]))
#define DIMof(type,member) DIM(((type *)0)->member)
#endif
#define DBG_CIPHER g10c_debug_mode
#define OPT_VERBOSE g10_opt_verbose
#endif /* if 0 */
#endif /* G10LIB_H */

5
include/mpi.h
View File

@ -54,7 +54,10 @@ struct gcry_mpi {
mpi_limb_t *d; /* array with the limbs */
};
typedef struct gcry_mpi *MPI;
#ifndef DID_MPI_TYPEDEF
typedef struct gcry_mpi *MPI;
#define DID_MPI_TYPEDEF
#endif
#define MPI_NULL NULL

1
po/ChangeLog
View File

@ -1,6 +1,5 @@
Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* pt_PT.po: New. Done by Pedro Morais.
* it.po: Updated by Marco.

489
po/de.po
View File

File diff suppressed because it is too large Load Diff

489
po/es_ES.po
View File

File diff suppressed because it is too large Load Diff

625
po/fr.po
View File

File diff suppressed because it is too large Load Diff

496
po/it.po
View File

File diff suppressed because it is too large Load Diff

489
po/pl.po
View File

File diff suppressed because it is too large Load Diff

489
po/pt_BR.po
View File

File diff suppressed because it is too large Load Diff

524
po/pt_PT.po
View File

File diff suppressed because it is too large Load Diff

489
po/ru.po
View File

File diff suppressed because it is too large Load Diff

5
scripts/ChangeLog
View File

@ -1,3 +1,8 @@
Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
* commit: Remove leading and trailing empty lines when copying
Changes to Changelog
Wed Sep 15 16:22:17 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

28
scripts/commit
View File

@ -11,15 +11,25 @@ addr="<`id -un`@`hostname -d`>"
for i in `find . -name Changes -print`; do
dir=`dirname $i`
if [ -s $dir/Changes ]; then
lines=`wc -l <$dir/Changes`
echo "$date $name $addr" >$dir/ChangeLog.new
echo >>$dir/ChangeLog.new
cat $dir/Changes >>$dir/ChangeLog.new
[ -f $dir/ChangeLog ] && cat $dir/ChangeLog >>$dir/ChangeLog.new
echo -n > $dir/Changes
[ -f $dir/ChangeLog ] && rm $dir/ChangeLog
mv $dir/ChangeLog.new $dir/ChangeLog
echo "$lines new lines in $dir/ChangeLog"
awk '
state == 0 && /^[ \t]*$/ { next }
state == 0 { state = 1 }
/^[ \t]*$/ { empty++; next }
{ while ( empty > 0 ) { print ""; empty--; }; print }
' < $dir/Changes > $dir/Changes.tmp
if [ -s $dir/Changes.tmp ]; then
lines=`wc -l <$dir/Changes.tmp`
echo "$date $name $addr" >$dir/ChangeLog.new
echo >>$dir/ChangeLog.new
cat $dir/Changes.tmp >>$dir/ChangeLog.new
echo >>$dir/ChangeLog.new
[ -f $dir/ChangeLog ] && cat $dir/ChangeLog >>$dir/ChangeLog.new
echo -n > $dir/Changes
[ -f $dir/ChangeLog ] && rm $dir/ChangeLog
mv $dir/ChangeLog.new $dir/ChangeLog
echo "$lines new lines in $dir/ChangeLog"
fi
rm $dir/Changes.tmp || true
fi
done

2
scripts/mksnapshot
View File

@ -21,7 +21,7 @@ This is a snapshot of the current CVS head branch!
It may not compile or not work. Please don't report
bugs about this snapshot release it is just for your
convenience and to reduce the load of out CVS server.
convenience and to reduce the load of our CVS server.
Thanks,

3
tools/Makefile.am
View File

@ -3,7 +3,8 @@
EXTRA_DIST = lspgpot
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
needed_libs = ../cipher/libcipher.la \
../mpi/libmpi.la ../util/libutil.la @INTLLIBS@
../mpi/libmpi.la ../util/libutil.la ../gcrypt/libgcrypt.la @INTLLIBS@
noinst_PROGRAMS = mpicalc bftest clean-sat mk-tdata shmtest

18
tools/bftest.c
View File

@ -27,8 +27,8 @@
#include <fcntl.h>
#endif
#include <gcrypt.h>
#include "util.h"
#include "cipher.h"
#include "i18n.h"
static void
@ -62,7 +62,7 @@ int
main(int argc, char **argv)
{
int encode=0;
CIPHER_HANDLE hd;
GCRY_CIPHER_HD hd;
char buf[4096];
int n, size=4096;
int algo;
@ -92,21 +92,21 @@ main(int argc, char **argv)
if( argc != 3 )
my_usage();
argc--; argv++;
algo = string_to_cipher_algo( *argv );
algo = gcry_cipher_map_name( *argv );
argc--; argv++;
hd = cipher_open( algo, CIPHER_MODE_CFB, 0 );
cipher_setkey( hd, *argv, strlen(*argv) );
cipher_setiv( hd, NULL, 0 );
hd = gcry_cipher_open( algo, GCRY_CIPHER_MODE_CFB, 0 );
gcry_cipher_setkey( hd, *argv, strlen(*argv) );
gcry_cipher_setiv( hd, NULL, 0 );
while( (n = fread( buf, 1, size, stdin )) > 0 ) {
if( encode )
cipher_encrypt( hd, buf, buf, n );
gcry_cipher_encrypt( hd, buf, n, buf, n );
else
cipher_decrypt( hd, buf, buf, n );
gcry_cipher_decrypt( hd, buf, n, buf, n );
if( fwrite( buf, 1, n, stdout) != n )
log_fatal("write error\n");
}
cipher_close(hd);
gcry_cipher_close(hd);
return 0;
}

8
util/ChangeLog
View File

@ -1,3 +1,11 @@
Tue Oct 26 14:10:21 CEST 1999 Werner Koch <wk@gnupg.de>
* simple-gettext.c (set_gettext_file): Check charset and do
mapping only for IBM850.
* strgutil.c (query_native_charset): New.
(get_native_charset): Try to get it from the system on the first call.
(ibm850_unicode): New table.
Fri Sep 17 12:56:42 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>

10
util/simple-gettext.c
View File

@ -217,6 +217,13 @@ load_domain( const char *filename )
free( domain );
return NULL;
}
/* Currently we have only a Latin-1 to IBM850 translation, so
* we simply mark everything mapped if we don't have this codepage. */
{
const char *s = get_native_charset();
if( !s || strcmp(s, "ibm850")
memset( domain->mapped, 1, domain->nstrings );
}
return domain;
}
@ -242,7 +249,6 @@ set_gettext_file( const char *filename )
#endif
) {
/* absolute path - use it as is */
log_info("trying `%s'\n", filename );
domain = load_domain( filename );
}
else { /* relative path - append ".mo" and get DIR from env */
@ -280,7 +286,7 @@ get_string( struct loaded_domain *domain, u32 idx )
byte *pp;
domain->mapped[idx] = 1;
/* we assume Latin1 -> CP 850 for now */
/* currently we only support Latin-1 to CP 850 */
for( pp=p; *pp; pp++ ) {
if( (*pp & 0x80) ) {
switch( *pp ) {

85
util/strgutil.c
View File

@ -65,6 +65,26 @@ static ushort latin2_unicode[128] = {
0x0159,0x016F,0x00FA,0x0171,0x00FC,0x00FD,0x0163,0x02D9
};
static ushort ibm850_unicode[128] = {
0x00c7,0x00fc,0x00e9,0x00e2,0x00e4,0x00e0,0x00e5,0x00e7,
0x00ea,0x00eb,0x00e8,0x00ef,0x00ee,0x00ec,0x00c4,0x00c5,
0x00c9,0x00e6,0x00c6,0x00f4,0x00f6,0x00f2,0x00fb,0x00f9,
0x00ff,0x00d6,0x00dc,0x00f8,0x00a3,0x00d8,0x00d7,0x0192,
0x00e1,0x00ed,0x00f3,0x00fa,0x00f1,0x00d1,0x00aa,0x00ba,
0x00bf,0x00ae,0x00ac,0x00bd,0x00bc,0x00a1,0x00ab,0x00bb,
0x2591,0x2592,0x2593,0x2502,0x2524,0x00c1,0x00c2,0x00c0,
0x00a9,0x2563,0x2551,0x2557,0x255d,0x00a2,0x00a5,0x2510,
0x2514,0x2534,0x252c,0x251c,0x2500,0x253c,0x00e3,0x00c3,
0x255a,0x2554,0x2569,0x2566,0x2560,0x2550,0x256c,0x00a4,
0x00f0,0x00d0,0x00ca,0x00cb,0x00c8,0x0131,0x00cd,0x00ce,
0x00cf,0x2518,0x250c,0x2588,0x2584,0x00a6,0x00cc,0x2580,
0x00d3,0x00df,0x00d4,0x00d2,0x00f5,0x00d5,0x00b5,0x00fe,
0x00de,0x00da,0x00db,0x00d9,0x00fd,0x00dd,0x00af,0x00b4,
0x00ad,0x00b1,0x2017,0x00be,0x00b6,0x00a7,0x00f7,0x00b8,
0x00b0,0x00a8,0x00b7,0x00b9,0x00b3,0x00b2,0x25a0,0x00a0,
};
static int query_native_charset_done = 0;
static const char *active_charset_name = "iso-8859-1";
static ushort *active_charset = NULL;
@ -291,9 +311,65 @@ string_count_chr( const char *string, int c )
}
static const char*
query_native_charset(void)
{
#ifdef __MINGW32__
unsigned int cp;
cp = GetConsoleOutputCP();
if( cp != GetConsoleCP() ) {
/* The input cgarset is not equal to the output charset
* our system depends on it and therefore we will set
* same the same (this won't work on Windows 95) */
if( !SetConsoleCP( cp ) )
log_info("can't set Input-CP to Output-CP: %d\n",
(int)GetLastError() );
}
/* we could read the registry, but this seems to be too much work */
switch( cp ) {
case 850: return "ibm850";
case 437: return "ibm437";
case 1252: return "iso-8859-1";
default:
log_info("unknown MS-Windows CodePage %u "
"- trying to switch to Latin-1\n", cp );
/* try to set latin-1 */
if( !SetConsoleOutputCP( 1252 ) ) {
if( !SetConsoleCP( 1252 ) )
return "iso-8859-1";
else /* back off */
SetConsoleOutputCP( cp );
}
log_info("no information about MS-Windows CodePage %u\n", cp );
return NULL;
}
#else
return NULL; /* unknown */
#endif
}
const char*
get_native_charset()
{
if( !query_native_charset_done ) {
const char *s;
query_native_charset_done = 1;
s = query_native_charset();
if( s )
set_native_charset(s);
}
return active_charset_name;
}
int
set_native_charset( const char *newset )
{
query_native_charset_done = 1; /* don't do this when we want to set one*/
if( !stricmp( newset, "iso-8859-1" ) ) {
active_charset_name = "iso-8859-1";
active_charset = NULL;
@ -306,16 +382,15 @@ set_native_charset( const char *newset )
active_charset_name = "koi8-r";
active_charset = koi8_unicode;
}
else if( !stricmp( newset, "ibm850" ) || !stricmp( newset, "ibm437" ) ) {
active_charset_name = "ibm850";
active_charset = ibm850_unicode;
}
else
return G10ERR_GENERAL;
return 0;
}
const char*
get_native_charset()
{
return active_charset_name;
}
/****************
* Convert string, which is in native encoding to UTF8 and return the