diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 17 | ||||
| -rw-r--r-- | g10/armor.c | 36 | ||||
| -rw-r--r-- | g10/keygen.c | 9 | ||||
| -rw-r--r-- | g10/keyid.c | 107 | ||||
| -rw-r--r-- | g10/main.h | 6 | ||||
| -rw-r--r-- | g10/misc.c | 64 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/parse-packet.c | 2 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 10 | ||||
| -rw-r--r-- | g10/sig-check.c | 4 |
10 files changed, 190 insertions, 66 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index de4fc890c..45f6af4db 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,20 @@ +Fri Dec 31 12:48:31 CET 1999 Werner Koch <[email protected]> + + * keyid.c (do_fingerprint_md): Replaced mpi_get_buffer by gcry_mpi_print. + (v3_keyid): New. + (keyid_from_sk): And use it here. + (keyid_from_pk): Ditto. + (fingerprint_from_sk): Ditto. + (fingerprint_from_pk): Ditto. + + * misc.c (mpi_print): New. + + * misc.c (checksum_mpi): Now uses gcry_mpi_print to get the data. + + * seckey-cert.c (do_check): Replaced mpi_read_from_buffer. + + * armor.c (armor_filter): Made the "Comment:" header translatable. + Wed Dec 8 21:58:32 CET 1999 Werner Koch <[email protected]> * seckey-cert.c: Removed obsolete mpi_*_protect_flag. diff --git a/g10/armor.c b/g10/armor.c index d595141ba..192a4188c 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -876,6 +876,8 @@ armor_filter( void *opaque, int control, } else if( control == IOBUFCTRL_FLUSH ) { if( !afx->status ) { /* write the header line */ + const char *s; + if( afx->what >= DIM(head_strings) ) log_bug("afx->what=%d", afx->what); iobuf_writestr(a, "-----"); @@ -885,26 +887,24 @@ armor_filter( void *opaque, int control, iobuf_writestr(a, "Version: GnuPG v" VERSION " (" PRINTABLE_OS_NAME ")\n"); - if( opt.comment_string ) { - const char *s = opt.comment_string; - if( *s ) { - iobuf_writestr(a, "Comment: " ); - for( ; *s; s++ ) { - if( *s == '\n' ) - iobuf_writestr(a, "\\n" ); - else if( *s == '\r' ) - iobuf_writestr(a, "\\r" ); - else if( *s == '\v' ) - iobuf_writestr(a, "\\v" ); - else - iobuf_put(a, *s ); - } - iobuf_put(a, '\n' ); + /* write the comment string or a default one */ + s = opt.comment_string ? opt.comment_string + : _("For info see http://www.gnupg.org"); + if( *s ) { + iobuf_writestr(a, "Comment: " ); + for( ; *s; s++ ) { + if( *s == '\n' ) + iobuf_writestr(a, "\\n" ); + else if( *s == '\r' ) + iobuf_writestr(a, "\\r" ); + else if( *s == '\v' ) + iobuf_writestr(a, "\\v" ); + else + iobuf_put(a, *s ); } + iobuf_put(a, '\n' ); } - else - iobuf_writestr(a, - "Comment: For info see http://www.gnupg.org\n"); + if( afx->hdrlines ) iobuf_writestr(a, afx->hdrlines); iobuf_put(a, '\n'); diff --git a/g10/keygen.c b/g10/keygen.c index 2d3c88f43..10f27952a 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -26,6 +26,7 @@ #include <errno.h> #include <assert.h> #include "util.h" +#include "memory.h" #include "main.h" #include "packet.h" #include "dummy-cipher.h" @@ -83,12 +84,12 @@ keygen_add_std_prefs( PKT_signature *sig, void *opaque ) keygen_add_key_expire( sig, opaque ); - buf[0] = CIPHER_ALGO_TWOFISH; - buf[1] = CIPHER_ALGO_CAST5; + buf[0] = GCRY_CIPHER_TWOFISH; + buf[1] = GCRY_CIPHER_CAST5; build_sig_subpkt( sig, SIGSUBPKT_PREF_SYM, buf, 2 ); - buf[0] = DIGEST_ALGO_RMD160; - buf[1] = DIGEST_ALGO_SHA1; + buf[0] = GCRY_MD_RMD160; + buf[1] = GCRY_MD_SHA1; build_sig_subpkt( sig, SIGSUBPKT_PREF_HASH, buf, 2 ); buf[0] = 2; diff --git a/g10/keyid.c b/g10/keyid.c index ac3e71258..774b90a9a 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -54,8 +54,7 @@ do_fingerprint_md( PKT_public_key *pk ) { GCRY_MD_HD md; unsigned n; - unsigned nb[GNUPG_MAX_NPKEY]; - unsigned nn[GNUPG_MAX_NPKEY]; + unsigned int nn[GNUPG_MAX_NPKEY]; byte *pp[GNUPG_MAX_NPKEY]; int i; int npkey = pubkey_get_npkey( pk->pubkey_algo ); @@ -65,9 +64,17 @@ do_fingerprint_md( PKT_public_key *pk ) BUG(); n = pk->version < 4 ? 8 : 6; for(i=0; i < npkey; i++ ) { - nb[i] = mpi_get_nbits(pk->pkey[i]); - pp[i] = mpi_get_buffer( pk->pkey[i], nn+i, NULL ); - n += 2 + nn[i]; + int rc; + size_t nbytes; + + rc = gcry_mpi_print( GCRYMPI_FMT_PGP, NULL, &nbytes, pk->pkey[i] ); + assert( !rc ); + /* fixme: we should try to allocate a buffer on the stack */ + pp[i] = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_PGP, pp[1], &nbytes, pk->pkey[i] ); + assert( !rc ); + nn[i] = nbytes; + n += nn[i]; } gcry_md_putc( md, 0x99 ); /* ctb */ @@ -96,8 +103,6 @@ do_fingerprint_md( PKT_public_key *pk ) } gcry_md_putc( md, pk->pubkey_algo ); for(i=0; i < npkey; i++ ) { - gcry_md_putc( md, nb[i]>>8); - gcry_md_putc( md, nb[i] ); gcry_md_write( md, pp[i], nn[i] ); m_free(pp[i]); } @@ -124,6 +129,30 @@ do_fingerprint_md_sk( PKT_secret_key *sk ) } +static void +v3_keyid( MPI a, u32 *ki ) +{ + int rc; + byte *buffer; + size_t nbytes; + + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, a ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buffer = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buffer, &nbytes, a ); + assert( !rc ); + if( nbytes < 8 ) { /* oops */ + ki[0] = ki[1] = 0; + } + else { + memcpy( ki+0, buffer+nbytes-8, 4); + memcpy( ki+1, buffer+nbytes-4, 4); + } + m_free( buffer ); +} + + /**************** * Get the keyid from the secret key and put it into keyid * if this is not NULL. Return the 32 low bits of the keyid. @@ -131,15 +160,16 @@ do_fingerprint_md_sk( PKT_secret_key *sk ) u32 keyid_from_sk( PKT_secret_key *sk, u32 *keyid ) { - u32 lowbits; u32 dummy_keyid[2]; if( !keyid ) keyid = dummy_keyid; if( sk->version < 4 && is_RSA(sk->pubkey_algo) ) { - lowbits = pubkey_get_npkey(sk->pubkey_algo) ? - mpi_get_keyid( sk->skey[0], keyid ) : 0; /* take n */ + if( pubkey_get_npkey(sk->pubkey_algo) ) + v3_keyid( sk->skey[0], keyid ); /* take n */ + else + keyid[0] = keyid[1] = 0; } else { const byte *dp; @@ -148,11 +178,10 @@ keyid_from_sk( PKT_secret_key *sk, u32 *keyid ) dp = gcry_md_read( md, 0 ); keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; - lowbits = keyid[1]; gcry_md_close(md); } - return lowbits; + return keyid[1]; } @@ -163,7 +192,6 @@ keyid_from_sk( PKT_secret_key *sk, u32 *keyid ) u32 keyid_from_pk( PKT_public_key *pk, u32 *keyid ) { - u32 lowbits; u32 dummy_keyid[2]; if( !keyid ) @@ -172,11 +200,12 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid ) if( pk->keyid[0] || pk->keyid[1] ) { keyid[0] = pk->keyid[0]; keyid[1] = pk->keyid[1]; - lowbits = keyid[1]; } else if( pk->version < 4 && is_RSA(pk->pubkey_algo) ) { - lowbits = pubkey_get_npkey(pk->pubkey_algo) ? - mpi_get_keyid( pk->pkey[0], keyid ) : 0 ; /* from n */ + if( pubkey_get_npkey(pk->pubkey_algo) ) + v3_keyid( pk->pkey[0], keyid ); /* from n */ + else + keyid[0] = keyid[1] = 0; pk->keyid[0] = keyid[0]; pk->keyid[1] = keyid[1]; } @@ -187,13 +216,12 @@ keyid_from_pk( PKT_public_key *pk, u32 *keyid ) dp = gcry_md_read( md, 0 ); keyid[0] = dp[12] << 24 | dp[13] << 16 | dp[14] << 8 | dp[15] ; keyid[1] = dp[16] << 24 | dp[17] << 16 | dp[18] << 8 | dp[19] ; - lowbits = keyid[1]; gcry_md_close(md); pk->keyid[0] = keyid[0]; pk->keyid[1] = keyid[1]; } - return lowbits; + return keyid[1]; } @@ -357,11 +385,24 @@ fingerprint_from_pk( PKT_public_key *pk, byte *array, size_t *ret_len ) if( !md ) BUG(); if( pubkey_get_npkey( pk->pubkey_algo ) > 1 ) { - p = buf = mpi_get_buffer( pk->pkey[0], &n, NULL ); - gcry_md_write( md, p, n ); + int rc; + size_t nbytes; + + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, pk->pkey[0] ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buf = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buf, &nbytes, pk->pkey[0] ); + assert( !rc ); + gcry_md_write( md, buf, nbytes ); m_free(buf); - p = buf = mpi_get_buffer( pk->pkey[1], &n, NULL ); - gcry_md_write( md, p, n ); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, pk->pkey[1] ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buf = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buf, &nbytes, pk->pkey[1] ); + assert( !rc ); + gcry_md_write( md, buf, nbytes ); m_free(buf); } gcry_md_final(md); @@ -403,11 +444,25 @@ fingerprint_from_sk( PKT_secret_key *sk, byte *array, size_t *ret_len ) if( !md ) BUG(); if( pubkey_get_npkey( sk->pubkey_algo ) > 1 ) { - p = buf = mpi_get_buffer( sk->skey[1], &n, NULL ); - gcry_md_write( md, p, n ); + int rc; + size_t nbytes; + + #warning Why is the hash sequence for secret keys different + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, sk->skey[1] ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buf = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buf, &nbytes, sk->skey[1] ); + assert( !rc ); + gcry_md_write( md, buf, nbytes ); m_free(buf); - p = buf = mpi_get_buffer( sk->skey[0], &n, NULL ); - gcry_md_write( md, p, n ); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, NULL, &nbytes, sk->skey[0] ); + assert( !rc ); + /* fixme: allocate it on the stack */ + buf = m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_USG, buf, &nbytes, sk->skey[0] ); + assert( !rc ); + gcry_md_write( md, buf, nbytes ); m_free(buf); } gcry_md_final(md); diff --git a/g10/main.h b/g10/main.h index 1649a69ef..03cba92c5 100644 --- a/g10/main.h +++ b/g10/main.h @@ -58,8 +58,10 @@ u16 checksum_mpi( MPI a ); u32 buffer_to_u32( const byte *buffer ); int mpi_write( IOBUF out, GCRY_MPI a ); -GCRY_MPI mpi_read(IOBUF inp, unsigned *ret_nread ); -GCRY_MPI mpi_read_opaque(IOBUF inp, unsigned *ret_nread ); +int mpi_write_opaque( IOBUF out, MPI a ); +GCRY_MPI mpi_read(IOBUF inp, unsigned int *ret_nread, int secure ); +GCRY_MPI mpi_read_opaque(IOBUF inp, unsigned int *ret_nread ); +int mpi_print( FILE *fp, MPI a, int mode ); int openpgp_cipher_test_algo( int algo ); int openpgp_pk_test_algo( int algo, unsigned int usage_flags ); diff --git a/g10/misc.c b/g10/misc.c index 4d7644f4c..a750cca75 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -23,6 +23,7 @@ #include <stdlib.h> #include <string.h> #include <errno.h> +#include <assert.h> #if defined(__linux__) && defined(__alpha__) && __GLIBC__ < 2 #include <asm/sysinfo.h> #include <asm/unistd.h> @@ -116,12 +117,13 @@ mpi_write_opaque( IOBUF out, MPI a ) { size_t nbytes, nbits; int rc; + char *p; assert( gcry_mpi_get_flag( a, GCRYMPI_FLAG_OPAQUE ) ); p = gcry_mpi_get_opaque( a, &nbits ); nbytes = (nbits+7) / 8; iobuf_put( out, nbits >> 8 ); - iobuf_put( out, nbits ) + iobuf_put( out, nbits ); rc = iobuf_write( out, p, nbytes ); return rc; } @@ -134,10 +136,10 @@ mpi_write_opaque( IOBUF out, MPI a ) * with MSB first (left padded with zeroes to align on a byte boundary). */ MPI -mpi_read(IOBUF inp, unsigned *ret_nread, int secure) +mpi_read(IOBUF inp, unsigned int *ret_nread, int secure) { int c, c1, c2, i; - unsigned nbits, nbytes, nread=0; + unsigned int nbits, nbytes, nread=0; MPI a = NULL; byte *buf = NULL; byte *p; @@ -163,8 +165,8 @@ mpi_read(IOBUF inp, unsigned *ret_nread, int secure) nread++; } nread += nbytes; - /* FIXME: replace with the gcry_scan function */ - a = mpi_read_from_buffer( buf, &nread, secure ); + if( gcry_mpi_scan( &a, GCRYMPI_FMT_PGP, buf, &nread ) ) + a = NULL; leave: m_free(buf); @@ -220,6 +222,35 @@ mpi_read_opaque(IOBUF inp, unsigned *ret_nread ) } +int +mpi_print( FILE *fp, MPI a, int mode ) +{ + int n=0; + + if( !a ) + return fprintf(fp, "[MPI_NULL]"); + if( !mode ) { + unsigned int n1; + n1 = gcry_mpi_get_nbits(a); + n += fprintf(fp, "[%u bits]", n1); + } + else { + int rc; + byte *buffer; + size_t nbytes; + + rc = gcry_mpi_print( GCRYMPI_FMT_HEX, NULL, &nbytes, a ); + assert( !rc ); + buffer = m_is_secure(a)? m_alloc_secure(nbytes) : m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_HEX, buffer, &nbytes, a ); + assert( !rc ); + fputs( buffer, fp ); + n += strlen(buffer); + m_free( buffer ); + } + return n; +} + u16 checksum_u16( unsigned n ) @@ -244,15 +275,21 @@ checksum( byte *p, unsigned n ) u16 checksum_mpi( MPI a ) { + int rc; u16 csum; byte *buffer; - unsigned nbytes; - unsigned nbits; + size_t nbytes; - buffer = mpi_get_buffer( a, &nbytes, NULL ); - nbits = mpi_get_nbits(a); - csum = checksum_u16( nbits ); - csum += checksum( buffer, nbytes ); + rc = gcry_mpi_print( GCRYMPI_FMT_PGP, NULL, &nbytes, a ); + assert( !rc ); + /* fixme: for numbers not in the suecre memory we + * should use a stack based buffer and only allocate + * a larger one when the mpi_print return an error + */ + buffer = m_is_secure(a)? m_alloc_secure(nbytes) : m_alloc(nbytes); + rc = gcry_mpi_print( GCRYMPI_FMT_PGP, buffer, &nbytes, a ); + assert( !rc ); + csum = checksum( buffer, nbytes ); m_free( buffer ); return csum; } @@ -388,3 +425,8 @@ pubkey_get_nenc( int algo ) return n > 0? n : 0; } +int +pubkey_nbits() +{ +} + diff --git a/g10/options.h b/g10/options.h index 4a2251052..937d452ed 100644 --- a/g10/options.h +++ b/g10/options.h @@ -102,6 +102,7 @@ struct { #define DBG_FILTER (opt.debug & DBG_FILTER_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_TRUST (opt.debug & DBG_TRUST_VALUE) +#define DBG_CIPHER (opt.debug & DBG_CIPHER_VALUE) #endif /*G10_OPTIONS_H*/ diff --git a/g10/parse-packet.c b/g10/parse-packet.c index e4e9fdd51..e72e16d65 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1423,7 +1423,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, else { /* v3 method: the mpi length is not encrypted */ for(i=npkey; i < nskey; i++ ) { n = pktlen; - sk->skey[i] = mpi_read_opaque(inp, &n, 0 ); + sk->skey[i] = mpi_read_opaque(inp, &n ); pktlen -=n; if( list_mode ) { printf( "\tskey[%d]: ", i); diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index b228bc9c8..7cacb9f5b 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -109,8 +109,12 @@ do_check( PKT_secret_key *sk ) if( sk->csum == csum ) { for( ; i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { nbytes = ndata; - sk->skey[i] = mpi_read_from_buffer(p, &nbytes, 1 ); - /* fixme: replace by mpi_scan */ + assert( m_is_secure( p ) ); + res = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP, + p, &nbytes); + if( res ) + log_bug("gcry_mpi_scan failed in do_check: rc=%d\n", res); + ndata -= nbytes; p += nbytes; } @@ -134,6 +138,8 @@ do_check( PKT_secret_key *sk ) res = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_USG, data, &ndata ); + if( res ) + log_bug("gcry_mpi_scan failed in do_check: rc=%d\n", res); csum += checksum_mpi( sk->skey[i] ); m_free( buffer ); diff --git a/g10/sig-check.c b/g10/sig-check.c index 4fbf0808c..842055d17 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -105,7 +105,7 @@ pk_verify( int algo, MPI hash, MPI *data, MPI *pkey, NULL )); } else if( algo == GCRY_PK_RSA ) { - s_sig = SEXP_CONS( SEXP_NEW( "public-key", 10 ), + s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), gcry_sexp_new_name_mpi( "s", data[0] ), NULL )); @@ -167,7 +167,7 @@ do_signature_check( PKT_signature *sig, GCRY_MD_HD digest, u32 *r_expire ) int i, nsig = pubkey_get_nsig( sig->pubkey_algo ); byte *p, *buffer; - if( !(md = gcry_md_open( DIGEST_ALGO_RMD160, 0)) ) + if( !(md = gcry_md_open( GCRY_MD_RMD160, 0)) ) BUG(); gcry_md_putc( digest, sig->pubkey_algo ); gcry_md_putc( digest, sig->digest_algo ); |