security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-02 22:46:30 +02:00
Code Activity

added zlib and reorgnaized some stuff

Browse source
This commit is contained in:
Werner Koch 1998-02-12 14:39:08 +00:00
parent bc5789665a
commit fec94908c3
52 changed files with 8138 additions and 356 deletions
Download patch file Download diff file Expand all files Collapse all files

2
g10/Makefile.am
View file

@ -55,7 +55,7 @@ g10_SOURCES = g10.c \
g10maint_SOURCES = g10maint.c \
$(common_source)
LDADD = @INTLLIBS@ $(needed_libs)
LDADD = @INTLLIBS@ $(needed_libs) @ZLIBS@
$(PROGRAMS): $(needed_libs)

5
g10/Makefile.in
View file

@ -72,7 +72,6 @@ G10_LOCALEDIR = @G10_LOCALEDIR@
GENCAT = @GENCAT@
GMOFILES = @GMOFILES@
GMSGFMT = @GMSGFMT@
HAVE_ZLIB_H = @HAVE_ZLIB_H@
INSTOBJEXT = @INSTOBJEXT@
INTLDEPS = @INTLDEPS@
INTLLIBS = @INTLLIBS@
@ -85,6 +84,8 @@ POFILES = @POFILES@
POSUB = @POSUB@
RANLIB = @RANLIB@
VERSION = @VERSION@
ZLIBS = @ZLIBS@
ZLIB_SUBDIR = @ZLIB_SUBDIR@
INCLUDES = -I$(top_srcdir)/include
EXTRA_DIST = OPTIONS pubring.g10
@ -140,7 +141,7 @@ g10_SOURCES = g10.c \
g10maint_SOURCES = g10maint.c \
$(common_source)
LDADD = @INTLLIBS@ $(needed_libs)
LDADD = @INTLLIBS@ $(needed_libs) @ZLIBS@
mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
CONFIG_HEADER = ../config.h
CONFIG_CLEAN_FILES =

33
g10/compress.c
View file

@ -25,9 +25,7 @@
#include <unistd.h>
#include <assert.h>
#include <errno.h>
#ifdef HAVE_ZLIB_H
#include <zlib.h>
#endif
#include <zlib.h>
#include "util.h"
#include "memory.h"
@ -36,7 +34,6 @@
#include "options.h"
#ifdef HAVE_ZLIB_H
static void
init_compress( compress_filter_context_t *zfx, z_stream *zs )
{
@ -228,34 +225,6 @@ compress_filter( void *opaque, int control,
*(char**)buf = "compress_filter";
return rc;
}
#else /* No ZLIB */
int
compress_filter( void *opaque, int control,
IOBUF a, byte *buf, size_t *ret_len)
{
size_t size = *ret_len;
int c, rc=0;
size_t n;
if( control == IOBUFCTRL_UNDERFLOW ) {
for( n=0; n < size; n++ ) {
if( (c=iobuf_get(a)) == -1 )
break;
buf[n] = c & 0xff;
}
if( !n )
rc = -1;
*ret_len = n;
}
else if( control == IOBUFCTRL_FLUSH ) {
if( iobuf_write( a, buf, size ) )
rc = G10ERR_WRITE_FILE;
}
else if( control == IOBUFCTRL_DESC )
*(char**)buf = "dummy compress_filter";
return rc;
}
#endif /*no ZLIB*/
/****************
* Handle a compressed packet

19
g10/g10.c
View file

@ -46,7 +46,7 @@ enum cmd_values { aNull = 0,
aSignKey, aClearsign, aListPackets, aEditSig,
aKMode, aKModeC, aChangePass, aImport,
aExport,
aTest };
aNOP };
static void set_cmd( enum cmd_values *ret_cmd,
@ -75,17 +75,7 @@ strusage( int level )
p = _("Please report bugs to <g10-bugs@isil.d.shuttle.de>.\n");
break;
#if !defined(HAVE_ZLIB_H) && defined(HAVE_RSA_CIPHER)
case 30: p = _(
" NOTE: This version is compiled without ZLIB support;\n"
" you are not able to process compresssed data!\n"
"WARNING: This version has RSA support! Your are not allowed to\n"
" use it inside the Unites States before Sep 30, 2000!\n" );
#elif !defined(HAVE_ZLIB_H)
case 30: p = _(
" NOTE: This version is compiled without ZLIB support;\n"
" you are not able to process compresssed data!\n");
#elif defined(HAVE_RSA_CIPHER)
#if defined(HAVE_RSA_CIPHER)
case 30: p = _(
"WARNING: This version has RSA support! Your are not allowed to\n"
" use it inside the Unites States before Sep 30, 2000!\n" );
@ -216,6 +206,7 @@ main( int argc, char **argv )
{ 538, "trustdb-name", 2, "\r" },
{ 539, "clearsign", 0, N_("make a clear text signature") },
{ 540, "no-secmem-warning", 0, "\r" }, /* used only by regression tests */
{ 541, "no-operation", 0, "\r" }, /* used by regression tests */
{0} };
ARGPARSE_ARGS pargs;
@ -372,6 +363,7 @@ main( int argc, char **argv )
case 538: trustdb_name = pargs.r.ret_str; break;
case 539: set_cmd( &cmd, aClearsign); break;
case 540: secmem_set_flags( secmem_get_flags() | 1 ); break;
case 541: set_cmd( &cmd, aNOP); break;
default : errors++; pargs.err = configfp? 1:2; break;
}
}
@ -606,6 +598,9 @@ main( int argc, char **argv )
free_strlist(sl);
break;
case aNOP:
break;
case aListPackets:
opt.list_packets=1;
default:

12
g10/g10maint.c
View file

@ -75,17 +75,7 @@ strusage( int level )
p = _("Please report bugs to <g10-bugs@isil.d.shuttle.de>.\n");
break;
#if !defined(HAVE_ZLIB_H) && defined(HAVE_RSA_CIPHER)
case 30: p = _(
" NOTE: This version is compiled without ZLIB support;\n"
" you are not able to process compresssed data!\n"
"WARNING: This version has RSA support! Your are not allowed to\n"
" use it inside the Unites States before Sep 30, 2000!\n" );
#elif !defined(HAVE_ZLIB_H)
case 30: p = _(
" NOTE: This version is compiled without ZLIB support;\n"
" you are not able to process compresssed data!\n");
#elif defined(HAVE_RSA_CIPHER)
#if defined(HAVE_RSA_CIPHER)
case 30: p = _(
"WARNING: This version has RSA support! Your are not allowed to\n"
" use it inside the Unites States before Sep 30, 2000!\n" );

189
g10/seskey.c
View file

@ -29,7 +29,6 @@
#include "main.h"
/****************
* Make a session key and put it into DEK
*/
@ -61,15 +60,16 @@ encode_session_key( DEK *dek, unsigned nbits )
{
int nframe = (nbits+7) / 8;
byte *p;
MPI frame;
byte *frame;
int i,n,c;
u16 csum;
MPI a;
/* the current limitation is, that we can only use a session key
* which length is a multiple of BITS_PER_MPI_LIMB
* I think we can live with that.
*/
if( dek->keylen + 7 > nframe || (nbits % BITS_PER_MPI_LIMB) || !nframe )
if( dek->keylen + 7 > nframe || !nframe )
log_bug("can't encode a %d bit key in a %d bits frame\n",
dek->keylen*8, nbits );
@ -83,163 +83,80 @@ encode_session_key( DEK *dek, unsigned nbits )
* cipher algorithm (20 is used with blowfish).
* CSUM is the 16 bit checksum over the DEK
*/
frame = mpi_alloc_secure( nframe / BYTES_PER_MPI_LIMB );
csum = 0;
for( p = dek->key, i=0; i < dek->keylen; i++ )
csum += *p++;
mpi_putbyte(frame, 0, csum );
mpi_putbyte(frame, 1, csum >> 8 );
for(n=2,i=dek->keylen-1, p = dek->key; i >= 0; i--, n++ )
mpi_putbyte(frame, n, p[i] );
mpi_putbyte(frame, n++, dek->algo );
mpi_putbyte(frame, n++, 0 );
while( n < nframe-2 ) {
frame = m_alloc_secure( nframe );
n = 0;
frame[n++] = 0;
frame[n++] = 2;
i = nframe - 6 - dek->keylen;
assert( i > 0 );
for( ; i ; i-- ) {
while( !(c = get_random_byte(1)) )
;
mpi_putbyte(frame, n++, c );
frame[n++] = c;
}
mpi_putbyte(frame, n++, 2 );
mpi_putbyte(frame, n++, 0 );
frame[n++] = 0;
frame[n++] = dek->algo;
memcpy( frame+n, dek->key, dek->keylen ); n += dek->keylen;
frame[n++] = csum >>8;
frame[n++] = csum;
assert( n == nframe );
return frame;
a = mpi_alloc_secure( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB );
mpi_set_buffer( a, frame, nframe, 0 );
m_free(frame);
return a;
}
/****************
* Encode a ripemd160 message digest of LEN bytes into NBITS.
* returns: A mpi with the session key (caller must free)
* RMD160 Object ID is 1.3.36.3.2.1
*/
static MPI
encode_rmd160_value( byte *md, unsigned len, unsigned nbits, int secure )
{
static byte asn[15] =
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
0x02, 0x01, 0x05, 0x00, 0x04, 0x14 };
int nframe = (nbits+7) / 8;
MPI frame;
int i,n;
if( (nbits % BITS_PER_MPI_LIMB) || nframe < 42 || len != 20 )
static MPI
do_encode_md( MD_HANDLE md, int algo, size_t len, unsigned nbits,
const byte *asn, size_t asnlen )
{
int nframe = (nbits+7) / 8;
byte *frame;
int i,n;
MPI a;
if( len + asnlen + 4 > nframe )
log_bug("can't encode a %d bit MD into a %d bits frame\n",len*8, nbits);
/* We encode the MD in this way:
*
* 0 A PAD(n bytes) 0 ASN(15 bytes) MD(20 bytes)
* 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes)
*
* PAD consists of FF bytes.
*/
frame = secure ? mpi_alloc_secure( nframe / BYTES_PER_MPI_LIMB )
: mpi_alloc( nframe / BYTES_PER_MPI_LIMB );
frame = md_is_secure(md)? m_alloc_secure( nframe ) : m_alloc( nframe );
n = 0;
for(i=20-1; i >= 0; i--, n++ )
mpi_putbyte(frame, n, md[i] );
for( i=15-1; i >= 0; i--, n++ )
mpi_putbyte(frame, n, asn[i] );
mpi_putbyte(frame, n++, 0 );
while( n < nframe-2 )
mpi_putbyte(frame, n++, 0xff );
mpi_putbyte(frame, n++, DIGEST_ALGO_RMD160 );
mpi_putbyte(frame, n++, 0 );
frame[n++] = 0;
frame[n++] = algo;
i = nframe - len - asnlen -3 ;
assert( i > 1 );
memset( frame+n, 0xff, i ); n += i;
frame[n++] = 0;
memcpy( frame+n, asn, asnlen ); n += asnlen;
memcpy( frame+n, md_read(md, algo), len ); n += len;
assert( n == nframe );
return frame;
a = md_is_secure(md)?
mpi_alloc_secure( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB )
: mpi_alloc( (nframe+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB );
mpi_set_buffer( a, frame, nframe, 0 );
m_free(frame);
return a;
}
/****************
* Encode a sha-1 message digest of LEN bytes into NBITS.
* returns: A mpi with the session key (caller must free)
* SHA-1 Objet ID is 1.3.14.3.2.26
*/
static MPI
encode_sha1_value( byte *md, unsigned len, unsigned nbits, int secure )
{
static byte asn[15] =
{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
0x02, 0x1a, 0x05, 0x00, 0x04, 0x14 };
int nframe = (nbits+7) / 8;
MPI frame;
int i,n;
if( (nbits % BITS_PER_MPI_LIMB) || nframe < 42 || len != 20 )
log_bug("can't encode a %d bit MD into a %d bits frame\n",len*8, nbits);
/* We encode the MD in this way:
*
* 0 A PAD(n bytes) 0 ASN(15 bytes) MD(20 bytes)
*
* PAD consists of FF bytes.
*/
frame = secure ? mpi_alloc_secure( nframe / BYTES_PER_MPI_LIMB )
: mpi_alloc( nframe / BYTES_PER_MPI_LIMB );
n = 0;
for(i=20-1; i >= 0; i--, n++ )
mpi_putbyte(frame, n, md[i] );
for( i=15-1; i >= 0; i--, n++ )
mpi_putbyte(frame, n, asn[i] );
mpi_putbyte(frame, n++, 0 );
while( n < nframe-2 )
mpi_putbyte(frame, n++, 0xff );
mpi_putbyte(frame, n++, DIGEST_ALGO_RMD160 );
mpi_putbyte(frame, n++, 0 );
assert( n == nframe );
return frame;
}
/****************
* Encode a md5 message digest of LEN bytes into NBITS.
* returns: A mpi with the session key (caller must free)
* MD5 Object ID is 1.2.840.113549.2.5
*/
static MPI
encode_md5_value( byte *md, unsigned len, unsigned nbits, int secure )
{
static byte asn[18] =
{ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,0x48,
0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
int nframe = (nbits+7) / 8;
MPI frame;
int i,n;
if( (nbits % BITS_PER_MPI_LIMB) || nframe < 38 || len != 16 )
log_bug("can't encode a %d bit MD into a %d bits frame\n",len*8, nbits);
/* We encode the MD in this way:
*
* 0 A PAD(n bytes) 0 ASN(18 bytes) MD(16 bytes)
*
* PAD consists of FF bytes.
*/
frame = secure ? mpi_alloc_secure( nframe / BYTES_PER_MPI_LIMB )
: mpi_alloc( nframe / BYTES_PER_MPI_LIMB );
n = 0;
for(i=16-1; i >= 0; i--, n++ )
mpi_putbyte(frame, n, md[i] );
for( i=18-1; i >= 0; i--, n++ )
mpi_putbyte(frame, n, asn[i] );
mpi_putbyte(frame, n++, 0 );
while( n < nframe-2 )
mpi_putbyte(frame, n++, 0xff );
mpi_putbyte(frame, n++, DIGEST_ALGO_MD5 );
mpi_putbyte(frame, n++, 0 );
assert( n == nframe );
return frame;
}
MPI
encode_md_value( MD_HANDLE md, unsigned nbits )
{
switch( md_get_algo( md ) ) {
case DIGEST_ALGO_MD5:
return encode_md5_value( md_read(md, DIGEST_ALGO_MD5),
16, nbits, md_is_secure(md) );
case DIGEST_ALGO_RMD160:
return encode_rmd160_value( md_read(md, DIGEST_ALGO_RMD160),
20, nbits, md_is_secure(md) );
case DIGEST_ALGO_SHA1:
return encode_sha1_value( md_read(md, DIGEST_ALGO_SHA1),
20, nbits, md_is_secure(md) );
default:
BUG();
}
int algo = md_get_algo(md);
const byte *asn;
size_t asnlen, mdlen;
asn = md_asn_oid( algo, &asnlen, &mdlen );
return do_encode_md( md, algo, mdlen, nbits, asn, asnlen );
}

132
g10/sig-check.c
View file

@ -76,6 +76,8 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
int i, j, c, old_enc;
byte *dp;
RSA_public_key pkey;
const byte *asn;
size_t mdlen, asnlen;
result = mpi_alloc(40);
pkey.n = pkc->d.rsa.rsa_n;
@ -107,98 +109,50 @@ signature_check( PKT_signature *sig, MD_HANDLE digest )
goto leave;
}
if( sig->d.rsa.digest_algo == DIGEST_ALGO_RMD160 ) {
static byte asn[15] = /* stored reverse */
{ 0x14, 0x04, 0x00, 0x05, 0x01, 0x02, 0x03, 0x24, 0x2b,
0x05, 0x06, 0x09, 0x30, 0x21, 0x30 };
if( (rc=check_digest_algo(sig->d.rsa.digest_algo)) )
goto leave; /* unsupported algo */
asn = md_asn_oid( sig->d.rsa.digest_algo, &asnlen, &mdlen );
for(i=20,j=0; (c=mpi_getbyte(result, i)) != -1 && j < 15; i++, j++ )
if( asn[j] != c )
break;
if( j != 15 || mpi_getbyte(result, i) ) { /* ASN is wrong */
rc = G10ERR_BAD_PUBKEY;
goto leave;
}
for(i++; (c=mpi_getbyte(result, i)) != -1; i++ )
if( c != 0xff )
break;
i++;
if( c != DIGEST_ALGO_RMD160 || mpi_getbyte(result, i) ) {
/* Padding or leading bytes in signature is wrong */
rc = G10ERR_BAD_PUBKEY;
goto leave;
}
if( mpi_getbyte(result, 19) != sig->d.rsa.digest_start[0]
|| mpi_getbyte(result, 18) != sig->d.rsa.digest_start[1] ) {
/* Wrong key used to check the signature */
rc = G10ERR_BAD_PUBKEY;
goto leave;
}
/* complete the digest */
md_putc( digest, sig->sig_class );
{ u32 a = sig->timestamp;
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
}
md_final( digest );
dp = md_read( digest, DIGEST_ALGO_RMD160 );
for(i=19; i >= 0; i--, dp++ )
if( mpi_getbyte( result, i ) != *dp ) {
rc = G10ERR_BAD_SIGN;
goto leave;
}
}
else if( sig->d.rsa.digest_algo == DIGEST_ALGO_MD5 ) {
static byte asn[18] = /* stored reverse */
{ 0x10, 0x04, 0x00, 0x05, 0x05, 0x02, 0x0d, 0xf7, 0x86,
0x48, 0x86, 0x2a, 0x08, 0x06, 0x0c, 0x30, 0x20, 0x30 };
for(i=16,j=0; j < 18 && (c=mpi_getbyte(result, i)) != -1; i++, j++ )
if( asn[j] != c )
break;
if( j != 18 || mpi_getbyte(result, i) ) { /* ASN is wrong */
rc = G10ERR_BAD_PUBKEY;
goto leave;
}
for(i++; (c=mpi_getbyte(result, i)) != -1; i++ )
if( c != 0xff )
break;
i++;
if( c != DIGEST_ALGO_MD5 || mpi_getbyte(result, i) ) {
/* Padding or leading bytes in signature is wrong */
rc = G10ERR_BAD_PUBKEY;
goto leave;
}
if( mpi_getbyte(result, 15) != sig->d.rsa.digest_start[0]
|| mpi_getbyte(result, 14) != sig->d.rsa.digest_start[1] ) {
/* Wrong key used to check the signature */
rc = G10ERR_BAD_PUBKEY;
goto leave;
}
/* complete the digest */
md_putc( digest, sig->sig_class );
{ u32 a = sig->timestamp;
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
}
md_final( digest );
dp = md_read( digest, DIGEST_ALGO_MD5 );
for(i=15; i >= 0; i--, dp++ )
if( mpi_getbyte( result, i ) != *dp ) {
rc = G10ERR_BAD_SIGN;
goto leave;
}
}
else {
rc = G10ERR_DIGEST_ALGO;
for(i=mdlen,j=asnlen-1; (c=mpi_getbyte(result, i)) != -1 && j >= 0;
i++, j-- )
if( asn[j] != c )
break;
if( j != -1 || mpi_getbyte(result, i) ) { /* ASN is wrong */
rc = G10ERR_BAD_PUBKEY;
goto leave;
}
for(i++; (c=mpi_getbyte(result, i)) != -1; i++ )
if( c != 0xff )
break;
i++;
if( c != sig->d.rsa.digest_algo || mpi_getbyte(result, i) ) {
/* Padding or leading bytes in signature is wrong */
rc = G10ERR_BAD_PUBKEY;
goto leave;
}
if( mpi_getbyte(result, mdlen-1) != sig->d.rsa.digest_start[0]
|| mpi_getbyte(result, mdlen-2) != sig->d.rsa.digest_start[1] ) {
/* Wrong key used to check the signature */
rc = G10ERR_BAD_PUBKEY;
goto leave;
}
/* complete the digest */
md_putc( digest, sig->sig_class );
{ u32 a = sig->timestamp;
md_putc( digest, (a >> 24) & 0xff );
md_putc( digest, (a >> 16) & 0xff );
md_putc( digest, (a >> 8) & 0xff );
md_putc( digest, a & 0xff );
}
md_final( digest );
dp = md_read( digest, sig->d.rsa.digest_algo );
for(i=mdlen-1; i >= 0; i--, dp++ ) {
if( mpi_getbyte( result, i ) != *dp ) {
rc = G10ERR_BAD_SIGN;
goto leave;
}
}
}
#endif/*HAVE_RSA_CIPHER*/
else {