mirror of
git://git.gnupg.org/gnupg.git
synced 2025-07-02 22:46:30 +02:00
gnupg extension are now working
This commit is contained in:
Werner Koch
parent
37d2adfe61
commit
e662bf708b
33 changed files with 1411 additions and 713 deletions
15
g10/g10.c
15
g10/g10.c
|
|
@ -310,6 +310,11 @@ wrong_args( const char *text)
|
|||
static void
|
||||
set_debug(void)
|
||||
{
|
||||
volatile char *p = g10_malloc(1);
|
||||
volatile MPI a = g10m_new(1);
|
||||
*p = g10c_get_random_byte( 0 );
|
||||
|
||||
|
||||
if( opt.debug & DBG_MEMORY_VALUE )
|
||||
memory_debug_mode = 1;
|
||||
if( opt.debug & DBG_MEMSTAT_VALUE )
|
||||
|
|
@ -317,9 +322,10 @@ set_debug(void)
|
|||
if( opt.debug & DBG_MPI_VALUE )
|
||||
mpi_debug_mode = 1;
|
||||
if( opt.debug & DBG_CIPHER_VALUE )
|
||||
cipher_debug_mode = 1;
|
||||
g10c_debug_mode = 1;
|
||||
if( opt.debug & DBG_IOBUF_VALUE )
|
||||
iobuf_debug_mode = 1;
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -542,7 +548,8 @@ main( int argc, char **argv )
|
|||
#endif /* IS_G10MAINT */
|
||||
|
||||
case 'o': opt.outfile = pargs.r.ret_str; break;
|
||||
case 'v': opt.verbose++; opt.list_sigs=1; break;
|
||||
case 'v': g10_opt_verbose++;
|
||||
opt.verbose++; opt.list_sigs=1; break;
|
||||
case 'k': set_cmd( &cmd, aKMode ); break;
|
||||
|
||||
case 500: opt.batch = 1; greeting = 0; break;
|
||||
|
|
@ -567,7 +574,8 @@ main( int argc, char **argv )
|
|||
case 520: default_keyring = 0; break;
|
||||
case 521: set_cmd( &cmd, aListPackets); break;
|
||||
case 522: greeting = 0; break;
|
||||
case 526: opt.verbose = 0; opt.list_sigs=0; break;
|
||||
case 526: g10_opt_verbose = 0;
|
||||
opt.verbose = 0; opt.list_sigs=0; break;
|
||||
case 530: set_cmd( &cmd, aImport); break;
|
||||
case 532: quick_random_gen(1); break;
|
||||
case 534: opt.no_comment=1; break;
|
||||
|
|
@ -633,6 +641,7 @@ main( int argc, char **argv )
|
|||
opt.list_sigs++;
|
||||
|
||||
opt.verbose = opt.verbose > 1;
|
||||
g10_opt_verbose = opt.verbose;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
10
g10/getkey.c
10
g10/getkey.c
|
|
@ -474,16 +474,18 @@ get_pubkey_byname( PKT_public_cert *pkc, const char *name )
|
|||
/****************
|
||||
* Search for a key with the given fingerprint and return the
|
||||
* complete keyblock which may have more than only this key.
|
||||
* The fingerprint should always be 20 bytes, fill with zeroes
|
||||
* for 16 byte fprints.
|
||||
*/
|
||||
int
|
||||
get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint )
|
||||
get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
|
||||
size_t fprint_len )
|
||||
{
|
||||
int rc;
|
||||
PKT_public_cert *pkc = m_alloc_clear( sizeof *pkc );
|
||||
|
||||
rc = lookup( pkc, 20, NULL, fprint, ret_keyblock );
|
||||
if( fprint_len == 20 || fprint_len == 16 )
|
||||
rc = lookup( pkc, fprint_len, NULL, fprint, ret_keyblock );
|
||||
else
|
||||
rc = G10ERR_GENERAL; /* Oops */
|
||||
|
||||
free_public_cert( pkc );
|
||||
return rc;
|
||||
|
|
|
|||
|
|
@ -109,7 +109,8 @@ void add_secret_keyring( const char *name );
|
|||
int get_pubkey( PKT_public_cert *pkc, u32 *keyid );
|
||||
int get_pubkey_byname( PKT_public_cert *pkc, const char *name );
|
||||
int get_seckey( PKT_secret_cert *skc, u32 *keyid );
|
||||
int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint );
|
||||
int get_keyblock_byfprint( KBNODE *ret_keyblock, const byte *fprint,
|
||||
size_t fprint_len );
|
||||
int seckey_available( u32 *keyid );
|
||||
int get_seckey_byname( PKT_secret_cert *skc, const char *name, int unlock );
|
||||
int enum_secret_keys( void **context, PKT_secret_cert *skc );
|
||||
|
|
|
|||
52
g10/keygen.c
52
g10/keygen.c
|
|
@ -35,7 +35,7 @@
|
|||
#include "i18n.h"
|
||||
|
||||
|
||||
#if defined(HAVE_RSA_CIPHER) && 0
|
||||
#if 0
|
||||
#define ENABLE_RSA_KEYGEN 1
|
||||
#endif
|
||||
|
||||
|
|
@ -143,11 +143,14 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
|||
PACKET *pkt;
|
||||
PKT_secret_cert *skc;
|
||||
PKT_public_cert *pkc;
|
||||
ELG_public_key pk;
|
||||
ELG_secret_key sk;
|
||||
MPI skey[4];
|
||||
MPI *factors;
|
||||
|
||||
elg_generate( &pk, &sk, nbits, &factors );
|
||||
rc = pubkey_generate( PUBKEY_ALGO_ELGAMAL, nbits, skey, &factors );
|
||||
if( rc ) {
|
||||
log_error("pubkey_generate failed: %s\n", g10_errstr(rc) );
|
||||
return rc;
|
||||
}
|
||||
|
||||
skc = m_alloc_clear( sizeof *skc );
|
||||
pkc = m_alloc_clear( sizeof *pkc );
|
||||
|
|
@ -155,13 +158,13 @@ gen_elg(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
|||
skc->version = pkc->version = version;
|
||||
skc->valid_days = pkc->valid_days = valid_days;
|
||||
skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_ELGAMAL;
|
||||
pkc->pkey[0] = pk.p;
|
||||
pkc->pkey[1] = pk.g;
|
||||
pkc->pkey[2] = pk.y;
|
||||
skc->skey[0] = sk.p;
|
||||
skc->skey[1] = sk.g;
|
||||
skc->skey[2] = sk.y;
|
||||
skc->skey[3] = sk.x;
|
||||
pkc->pkey[0] = mpi_copy( skey[0] );
|
||||
pkc->pkey[1] = mpi_copy( skey[1] );
|
||||
pkc->pkey[2] = mpi_copy( skey[2] );
|
||||
skc->skey[0] = skey[0];
|
||||
skc->skey[1] = skey[1];
|
||||
skc->skey[2] = skey[2];
|
||||
skc->skey[3] = skey[3];
|
||||
skc->is_protected = 0;
|
||||
skc->protect.algo = 0;
|
||||
|
||||
|
|
@ -278,14 +281,17 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
|||
PACKET *pkt;
|
||||
PKT_secret_cert *skc;
|
||||
PKT_public_cert *pkc;
|
||||
DSA_public_key pk;
|
||||
DSA_secret_key sk;
|
||||
MPI skey[5];
|
||||
MPI *factors;
|
||||
|
||||
if( nbits > 1024 )
|
||||
nbits = 1024;
|
||||
|
||||
dsa_generate( &pk, &sk, nbits, &factors );
|
||||
rc = pubkey_generate( PUBKEY_ALGO_DSA, nbits, skey, &factors );
|
||||
if( rc ) {
|
||||
log_error("pubkey_generate failed: %s\n", g10_errstr(rc) );
|
||||
return rc;
|
||||
}
|
||||
|
||||
skc = m_alloc_clear( sizeof *skc );
|
||||
pkc = m_alloc_clear( sizeof *pkc );
|
||||
|
|
@ -296,15 +302,15 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
|
|||
*/
|
||||
skc->valid_days = pkc->valid_days = valid_days;
|
||||
skc->pubkey_algo = pkc->pubkey_algo = PUBKEY_ALGO_DSA;
|
||||
pkc->pkey[0] = pk.p;
|
||||
pkc->pkey[1] = pk.q;
|
||||
pkc->pkey[2] = pk.g;
|
||||
pkc->pkey[3] = pk.y;
|
||||
skc->skey[0] = sk.p;
|
||||
skc->skey[1] = sk.q;
|
||||
skc->skey[2] = sk.g;
|
||||
skc->skey[3] = sk.y;
|
||||
skc->skey[4] = sk.x;
|
||||
pkc->pkey[0] = skey[0];
|
||||
pkc->pkey[1] = skey[1];
|
||||
pkc->pkey[2] = skey[2];
|
||||
pkc->pkey[3] = skey[3];
|
||||
skc->skey[0] = skey[0];
|
||||
skc->skey[1] = skey[1];
|
||||
skc->skey[2] = skey[2];
|
||||
skc->skey[3] = skey[3];
|
||||
skc->skey[4] = skey[4];
|
||||
skc->is_protected = 0;
|
||||
skc->protect.algo = 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -972,15 +972,15 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
|
|||
|
||||
}
|
||||
else {
|
||||
if( list_mode )
|
||||
printf( "\tprotect algo: %d\n",
|
||||
cert->protect.algo);
|
||||
/* old version, we don't have a S2K, so we fake one */
|
||||
cert->protect.s2k.mode = 0;
|
||||
/* We need this kludge to cope with old GNUPG versions */
|
||||
cert->protect.s2k.hash_algo =
|
||||
cert->protect.algo == CIPHER_ALGO_BLOWFISH160?
|
||||
DIGEST_ALGO_RMD160 : DIGEST_ALGO_MD5;
|
||||
if( list_mode )
|
||||
printf( "\tprotect algo: %d (hash algo: %d)\n",
|
||||
cert->protect.algo, cert->protect.s2k.hash_algo );
|
||||
}
|
||||
if( pktlen < 8 ) {
|
||||
rc = G10ERR_INVALID_PACKET;
|
||||
|
|
@ -1176,6 +1176,9 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
|
|||
}
|
||||
if( cert->protect.algo == CIPHER_ALGO_BLOWFISH160 )
|
||||
memcpy(cert->protect.iv, temp, 8 );
|
||||
/* old version, we don't have a S2K, so we fake one */
|
||||
cert->protect.s2k.mode = 0;
|
||||
cert->protect.s2k.hash_algo = DIGEST_ALGO_MD5;
|
||||
}
|
||||
else
|
||||
cert->is_protected = 0;
|
||||
|
|
|
|||
|
|
@ -81,27 +81,25 @@ do_check( PKT_secret_cert *cert )
|
|||
csum = checksum_mpi( cert->skey[4] );
|
||||
m_free( buffer );
|
||||
break;
|
||||
#ifdef HAVE_RSA_CIPHER
|
||||
case PUBKEY_ALGO_RSA:
|
||||
case PUBKEY_ALGO_RSA_E:
|
||||
case PUBKEY_ALGO_RSA_S:
|
||||
csum = 0;
|
||||
#define X(a) do { \
|
||||
buffer = mpi_get_secure_buffer( cert->d.rsa.##a, \
|
||||
buffer = mpi_get_secure_buffer( cert->skey[(a)], \
|
||||
&nbytes, NULL ); \
|
||||
csum += checksum_u16( nbytes*8 ); \
|
||||
cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); \
|
||||
csum += checksum( buffer, nbytes ); \
|
||||
mpi_set_buffer(cert->d.rsa.##a, buffer, nbytes, 0 ); \
|
||||
mpi_set_buffer(cert->skey[(a)], buffer, nbytes, 0 ); \
|
||||
m_free( buffer ); \
|
||||
} while(0)
|
||||
X(d);
|
||||
X(p);
|
||||
X(q);
|
||||
X(u);
|
||||
X(2);
|
||||
X(3);
|
||||
X(4);
|
||||
X(5);
|
||||
#undef X
|
||||
break;
|
||||
#endif /* HAVE_RSA_CIPHER */
|
||||
|
||||
default: BUG();
|
||||
}
|
||||
|
|
@ -135,29 +133,27 @@ do_check( PKT_secret_cert *cert )
|
|||
case PUBKEY_ALGO_DSA:
|
||||
csum = checksum_mpi( cert->skey[4] );
|
||||
break;
|
||||
#ifdef HAVE_RSA_CIPHER
|
||||
case PUBKEY_ALGO_RSA_E:
|
||||
case PUBKEY_ALGO_RSA_S:
|
||||
case PUBKEY_ALGO_RSA:
|
||||
csum =0;
|
||||
buffer = mpi_get_buffer( cert->d.rsa.rsa_d, &nbytes, NULL );
|
||||
buffer = mpi_get_buffer( cert->skey[2], &nbytes, NULL );
|
||||
csum += checksum_u16( nbytes*8 );
|
||||
csum += checksum( buffer, nbytes );
|
||||
m_free( buffer );
|
||||
buffer = mpi_get_buffer( cert->d.rsa.rsa_p, &nbytes, NULL );
|
||||
buffer = mpi_get_buffer( cert->skey[3], &nbytes, NULL );
|
||||
csum += checksum_u16( nbytes*8 );
|
||||
csum += checksum( buffer, nbytes );
|
||||
m_free( buffer );
|
||||
buffer = mpi_get_buffer( cert->d.rsa.rsa_q, &nbytes, NULL );
|
||||
buffer = mpi_get_buffer( cert->skey[4], &nbytes, NULL );
|
||||
csum += checksum_u16( nbytes*8 );
|
||||
csum += checksum( buffer, nbytes );
|
||||
m_free( buffer );
|
||||
buffer = mpi_get_buffer( cert->d.rsa.rsa_u, &nbytes, NULL );
|
||||
buffer = mpi_get_buffer( cert->skey[5], &nbytes, NULL );
|
||||
csum += checksum_u16( nbytes*8 );
|
||||
csum += checksum( buffer, nbytes );
|
||||
m_free( buffer );
|
||||
break;
|
||||
#endif
|
||||
default: BUG();
|
||||
}
|
||||
if( csum != cert->csum )
|
||||
|
|
@ -182,36 +178,22 @@ check_secret_key( PKT_secret_cert *cert )
|
|||
for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) {
|
||||
if( i )
|
||||
log_error(_("Invalid passphrase; please try again ...\n"));
|
||||
switch( cert->pubkey_algo ) {
|
||||
case PUBKEY_ALGO_ELGAMAL_E:
|
||||
case PUBKEY_ALGO_ELGAMAL:
|
||||
case PUBKEY_ALGO_DSA:
|
||||
rc = do_check( cert );
|
||||
#if 0 /* set to 1 to enable the workaround */
|
||||
if( rc == G10ERR_BAD_PASS && cert->is_protected
|
||||
&& cert->protect.algo == CIPHER_ALGO_BLOWFISH
|
||||
&& cert->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
|
||||
/* Workaround for a bug in 0.2.16 which still used
|
||||
* a 160 bit key for BLOWFISH. */
|
||||
log_info("trying workaround for 0.2.16 passphrase bug ...\n");
|
||||
log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n");
|
||||
cert->protect.algo = CIPHER_ALGO_BLOWFISH160;
|
||||
rc = do_check( cert );
|
||||
#if 0 /* set to 1 to enable the workaround */
|
||||
if( rc == G10ERR_BAD_PASS && cert->is_protected
|
||||
&& cert->protect.algo == CIPHER_ALGO_BLOWFISH
|
||||
&& cert->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) {
|
||||
/* Workaround for a bug in 0.2.16 which still used
|
||||
* a 160 bit key for BLOWFISH. */
|
||||
log_info("trying workaround for 0.2.16 passphrase bug ...\n");
|
||||
log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n");
|
||||
cert->protect.algo = CIPHER_ALGO_BLOWFISH160;
|
||||
rc = do_check( cert );
|
||||
if( rc )
|
||||
rc = G10ERR_BAD_PASS;
|
||||
cert->protect.algo = CIPHER_ALGO_BLOWFISH;
|
||||
}
|
||||
#endif
|
||||
break;
|
||||
#ifdef HAVE_RSA_CIPHER
|
||||
case PUBKEY_ALGO_RSA:
|
||||
case PUBKEY_ALGO_RSA_E:
|
||||
case PUBKEY_ALGO_RSA_S:
|
||||
rc = do_check( cert );
|
||||
break;
|
||||
#endif
|
||||
default: rc = G10ERR_PUBKEY_ALGO;
|
||||
if( rc )
|
||||
rc = G10ERR_BAD_PASS;
|
||||
cert->protect.algo = CIPHER_ALGO_BLOWFISH;
|
||||
}
|
||||
#endif
|
||||
if( get_passphrase_fd() != -1 )
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -49,10 +49,8 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
|
|||
int rc=0;
|
||||
|
||||
|
||||
#ifndef HAVE_RSA_CIPHER
|
||||
if( is_RSA(sig->pubkey_algo) )
|
||||
write_status(STATUS_RSA_OR_IDEA);
|
||||
#endif
|
||||
|
||||
if( get_pubkey( pkc, sig->keyid ) )
|
||||
rc = G10ERR_NO_PUBKEY;
|
||||
|
|
@ -149,7 +147,7 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
|
|||
log_mpidump("calc sig frame: ", result);
|
||||
rc = pubkey_verify( pkc->pubkey_algo, result, sig->data, pkc->pkey );
|
||||
}
|
||||
#ifdef HAVE_RSA_CIPHER
|
||||
#if 0 /* WORK!!! */
|
||||
else if( pkc->pubkey_algo == PUBKEY_ALGO_RSA
|
||||
|| pkc->pubkey_algo == PUBKEY_ALGO_RSA_S ) {
|
||||
int i, j, c, old_enc;
|
||||
|
|
@ -231,7 +229,7 @@ do_check( PKT_public_cert *pkc, PKT_signature *sig, MD_HANDLE digest )
|
|||
}
|
||||
}
|
||||
}
|
||||
#endif/*HAVE_RSA_CIPHER*/
|
||||
#endif
|
||||
else {
|
||||
/*log_debug("signature_check: unsupported pubkey algo %d\n",
|
||||
pkc->pubkey_algo );*/
|
||||
|
|
|
|||
|
|
@ -83,6 +83,7 @@ struct trust_record {
|
|||
ulong owner;
|
||||
u32 keyid[2];
|
||||
byte pubkey_algo;
|
||||
byte fingerprint_len;
|
||||
byte fingerprint[20];
|
||||
byte ownertrust;
|
||||
} key;
|
||||
|
|
@ -387,9 +388,11 @@ dump_record( ulong rnum, TRUSTREC *rec, FILE *fp )
|
|||
fputs(", (??)", fp );
|
||||
putc('\n', fp);
|
||||
break;
|
||||
case RECTYPE_KEY: fprintf(fp, "key keyid=%08lX, own=%lu, ownertrust=%02x\n",
|
||||
case RECTYPE_KEY: fprintf(fp,
|
||||
"key keyid=%08lX, own=%lu, ownertrust=%02x, fl=%d\n",
|
||||
(ulong)rec->r.key.keyid[1],
|
||||
rec->r.key.owner, rec->r.key.ownertrust );
|
||||
rec->r.key.owner, rec->r.key.ownertrust,
|
||||
rec->r.key.fingerprint_len );
|
||||
break;
|
||||
case RECTYPE_CTL: fprintf(fp, "ctl\n");
|
||||
break;
|
||||
|
|
@ -497,7 +500,10 @@ read_record( ulong recnum, TRUSTREC *rec, int expected )
|
|||
rec->r.key.owner = buftoulong(p); p += 4;
|
||||
rec->r.dir.keyid[0] = buftou32(p); p += 4;
|
||||
rec->r.dir.keyid[1] = buftou32(p); p += 4;
|
||||
rec->r.key.pubkey_algo = *p++; p++;
|
||||
rec->r.key.pubkey_algo = *p++;
|
||||
rec->r.key.fingerprint_len = *p++;
|
||||
if( rec->r.key.fingerprint_len < 1 || rec->r.key.fingerprint_len > 20 )
|
||||
rec->r.key.fingerprint_len = 20;
|
||||
memcpy( rec->r.key.fingerprint, p, 20); p += 20;
|
||||
rec->r.key.ownertrust = *p++;
|
||||
break;
|
||||
|
|
@ -562,7 +568,8 @@ write_record( ulong recnum, TRUSTREC *rec )
|
|||
ulongtobuf(p, rec->r.key.owner); p += 4;
|
||||
u32tobuf(p, rec->r.key.keyid[0]); p += 4;
|
||||
u32tobuf(p, rec->r.key.keyid[1]); p += 4;
|
||||
*p++ = rec->r.key.pubkey_algo; p++;
|
||||
*p++ = rec->r.key.pubkey_algo;
|
||||
*p++ = rec->r.key.fingerprint_len;
|
||||
memcpy( p, rec->r.key.fingerprint, 20); p += 20;
|
||||
*p++ = rec->r.key.ownertrust;
|
||||
break;
|
||||
|
|
@ -1166,7 +1173,8 @@ build_sigrecs( ulong pubkeyid )
|
|||
log_error(_("%lu: build_sigrecs: can't read key record\n"), pubkeyid);
|
||||
goto leave;
|
||||
}
|
||||
rc = get_keyblock_byfprint( &keyblock, krec.r.key.fingerprint );
|
||||
rc = get_keyblock_byfprint( &keyblock, krec.r.key.fingerprint,
|
||||
krec.r.key.fingerprint_len );
|
||||
if( rc ) {
|
||||
log_error(_("build_sigrecs: get_keyblock_byfprint failed\n") );
|
||||
goto leave;
|
||||
|
|
@ -1938,6 +1946,7 @@ insert_trust_record( PKT_public_cert *pkc )
|
|||
rec.r.key.keyid[0] = keyid[0];
|
||||
rec.r.key.keyid[1] = keyid[1];
|
||||
rec.r.key.pubkey_algo = pkc->pubkey_algo;
|
||||
rec.r.key.fingerprint_len = fingerlen;
|
||||
memcpy(rec.r.key.fingerprint, fingerprint, fingerlen );
|
||||
rec.r.key.ownertrust = 0;
|
||||
if( write_record( knum, &rec ) ) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue