aboutsummaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
authorWerner Koch <[email protected]>2009-05-18 17:38:34 +0000
committerWerner Koch <[email protected]>2009-05-18 17:38:34 +0000
commit387a51f9515fdfa26b5fa8bb22366844a315fd9c (patch)
tree026a801ad349e59e2e64c495a7478533cf627ecb /g10
parentChanged default algo and size. (diff)
downloadgnupg-387a51f9515fdfa26b5fa8bb22366844a315fd9c.tar.gz
gnupg-387a51f9515fdfa26b5fa8bb22366844a315fd9c.zip
New gpgsm server option no-encrypt-to.
Add caching for symkey encryption. Minor cleanups.
Diffstat (limited to 'g10')
-rw-r--r--g10/ChangeLog12
-rw-r--r--g10/encode.c4
-rw-r--r--g10/mainproc.c4
-rw-r--r--g10/passphrase.c49
4 files changed, 48 insertions, 21 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index ef6817037..c3f62394a 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,15 @@
+2009-05-18 Daiki Ueno <[email protected]> (wk)
+
+ * encode.c (encode_simple): Tell passphrase_to_dek to cache
+ the passphrase.
+ (setup_symkey): Ditto.
+ * mainproc.c (proc_symkey_enc): Tell passphrase_to_dek to cache
+ the passphrase.
+ (proc_encrypted): Ditto.
+ * passphrase.c (hash_passphrase): Remove arg CREATE.
+ (passphrase_to_dek): New mode 3 and 4 for caching passphrase for
+ symmetric encryption.
+
2009-05-17 Werner Koch <[email protected]>
* keygen.c (ask_algo): Add arg R_SUBKEY_ALGO. Change return value
diff --git a/g10/encode.c b/g10/encode.c
index 10c638f89..0c7dc4e22 100644
--- a/g10/encode.c
+++ b/g10/encode.c
@@ -216,7 +216,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
s2k->mode = RFC1991? 0:opt.s2k_mode;
s2k->hash_algo=S2K_DIGEST_ALGO;
cfx.dek = passphrase_to_dek( NULL, 0,
- default_cipher_algo(), s2k, 2,
+ default_cipher_algo(), s2k, 4,
NULL, &canceled);
if( !cfx.dek || !cfx.dek->keylen ) {
rc = gpg_error (canceled? GPG_ERR_CANCELED:GPG_ERR_INV_PASSPHRASE);
@@ -397,7 +397,7 @@ setup_symkey(STRING2KEY **symkey_s2k,DEK **symkey_dek)
(*symkey_s2k)->hash_algo = S2K_DIGEST_ALGO;
*symkey_dek=passphrase_to_dek(NULL,0,opt.s2k_cipher_algo,
- *symkey_s2k,2,NULL, &canceled);
+ *symkey_s2k, 4, NULL, &canceled);
if(!*symkey_dek || !(*symkey_dek)->keylen)
{
xfree(*symkey_dek);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 84a9de5f1..beab791b9 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -311,7 +311,7 @@ proc_symkey_enc( CTX c, PACKET *pkt )
}
else
{
- c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 0,
+ c->dek = passphrase_to_dek (NULL, 0, algo, &enc->s2k, 3,
NULL, NULL);
if(c->dek)
{
@@ -548,7 +548,7 @@ proc_encrypted( CTX c, PACKET *pkt )
log_info (_("assuming %s encrypted data\n"), "IDEA");
}
- c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 0, NULL, NULL );
+ c->dek = passphrase_to_dek ( NULL, 0, algo, s2k, 3, NULL, NULL );
if (c->dek)
c->dek->algo_info_printed = 1;
}
diff --git a/g10/passphrase.c b/g10/passphrase.c
index f5d301398..84eedc211 100644
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@@ -50,11 +50,10 @@ static char *next_pw = NULL;
static char *last_pw = NULL;
-/* Hash a passphrase using the supplied s2k. If create is true, create
- a new salt or what else must be filled into the s2k for a new key.
- always needs: dek->algo, s2k->mode, s2k->hash_algo. */
+/* Hash a passphrase using the supplied s2k.
+ Always needs: dek->algo, s2k->mode, s2k->hash_algo. */
static void
-hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k, int create )
+hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
{
gcry_md_hd_t md;
int pass, i;
@@ -82,13 +81,6 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k, int create )
int len2 = pwlen + 8;
ulong count = len2;
- if ( create && !pass )
- {
- gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
- if ( s2k->mode == 3 )
- s2k->count = opt.s2k_count;
- }
-
if ( s2k->mode == 3 )
{
count = S2K_DECODE_COUNT(s2k->count);
@@ -441,7 +433,9 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
MODE 0: Allow cached passphrase
1: Ignore cached passphrase
- 2: Ditto, but change the text to "repeat entry"
+ 2: Ditto, but create a new key
+ 3: Allow cached passphrase; use the S2K salt as the cache ID
+ 4: Ditto, but create a new key
*/
DEK *
passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
@@ -461,6 +455,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
if ( !s2k )
{
+ assert (mode != 3 && mode != 4);
/* This is used for the old rfc1991 mode
* Note: This must match the code in encode.c with opt.rfc1991 set */
s2k = &help_s2k;
@@ -468,6 +463,15 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
s2k->hash_algo = S2K_DIGEST_ALGO;
}
+ /* Create a new salt or what else to be filled into the s2k for a
+ new key. */
+ if ((mode == 2 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
+ {
+ gcry_randomize (s2k->salt, 8, GCRY_STRONG_RANDOM);
+ if ( s2k->mode == 3 )
+ s2k->count = opt.s2k_count;
+ }
+
/* If we do not have a passphrase available in NEXT_PW and status
information are request, we print them now. */
if ( !next_pw && is_status_enabled() )
@@ -565,10 +569,21 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
}
else
{
+ char *cacheid = NULL;
+ char buf[1+16+1];
+
+ if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
+ {
+ memset (buf, 0, sizeof buf);
+ *buf = 'S';
+ bin2hex (s2k->salt, 8, buf + 1);
+ cacheid = buf;
+ }
+
/* Divert to the gpg-agent. */
- pw = passphrase_get ( keyid, mode == 2, NULL,
- mode == 2? opt.passwd_repeat: 0,
- tryagain_text, custdesc, custprompt, canceled);
+ pw = passphrase_get (keyid, mode == 2, cacheid,
+ (mode == 2 || mode == 4)? opt.passwd_repeat : 0,
+ tryagain_text, custdesc, custprompt, canceled);
if (*canceled)
{
xfree (pw);
@@ -585,10 +600,10 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
get_last_passphrase(). */
dek = xmalloc_secure_clear ( sizeof *dek );
dek->algo = cipher_algo;
- if ( !*pw && mode == 2 )
+ if ( !*pw && (mode == 2 || mode == 4))
dek->keylen = 0;
else
- hash_passphrase( dek, pw, s2k, mode==2 );
+ hash_passphrase (dek, pw, s2k);
xfree(last_pw);
last_pw = pw;
return dek;
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 13:05:53 +0000