diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 16 | ||||
| -rw-r--r-- | g10/build-packet.c | 28 | ||||
| -rw-r--r-- | g10/cipher.c | 25 | ||||
| -rw-r--r-- | g10/encode.c | 1 | ||||
| -rw-r--r-- | g10/encr-data.c | 117 | ||||
| -rw-r--r-- | g10/filter.h | 1 | ||||
| -rw-r--r-- | g10/mainproc.c | 49 | ||||
| -rw-r--r-- | g10/packet.h | 9 | ||||
| -rw-r--r-- | g10/parse-packet.c | 30 |
9 files changed, 221 insertions, 55 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 4585c9a34..177850fe8 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,19 @@ +Mon May 17 21:54:43 CEST 1999 Werner Koch <[email protected]> + + + * parse-packet.c (parse_encrypted): Support for PKT_ENCRYPTED_MDC. + * build-packet.c (do_encrypted_mdc): Ditto. + * cipher.c (write_header): Add mdc hashing. + (cipher_filter): write out the hash. + * mainproc.c (do_proc_packets): Add PKT_ENCRYPTED_MDC. + * encr-data.c (decrypt_data): Add mdc hashing. + (mdc_decode_filter): New. + + * parse-packet.c (parse_sig_subpkt): Fixed stupid bug for subpkt + length calculation + (parse_signature): Fixed even more stupid bug. + + Sat May 8 19:28:08 CEST 1999 Werner Koch <[email protected]> * build-packet.c (do_signature): Removed MDC hack. diff --git a/g10/build-packet.c b/g10/build-packet.c index 577c10984..f90790343 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -43,6 +43,7 @@ static int do_pubkey_enc( IOBUF out, int ctb, PKT_pubkey_enc *enc ); static u32 calc_plaintext( PKT_plaintext *pt ); static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt ); static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed ); +static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed ); static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd ); static int do_signature( IOBUF out, int ctb, PKT_signature *sig ); static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops ); @@ -74,7 +75,8 @@ build_packet( IOBUF out, PACKET *pkt ) switch( pkt->pkttype ) { case PKT_OLD_COMMENT: pkt->pkttype = PKT_COMMENT; break; case PKT_PLAINTEXT: new_ctb = pkt->pkt.plaintext->new_ctb; break; - case PKT_ENCRYPTED: new_ctb = pkt->pkt.encrypted->new_ctb; break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: new_ctb = pkt->pkt.encrypted->new_ctb; break; case PKT_COMPRESSED:new_ctb = pkt->pkt.compressed->new_ctb; break; default: break; } @@ -110,6 +112,9 @@ build_packet( IOBUF out, PACKET *pkt ) case PKT_ENCRYPTED: rc = do_encrypted( out, ctb, pkt->pkt.encrypted ); break; + case PKT_ENCRYPTED_MDC: + rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted ); + break; case PKT_COMPRESSED: rc = do_compressed( out, ctb, pkt->pkt.compressed ); break; @@ -171,7 +176,7 @@ write_fake_data( IOBUF out, MPI a ) void *p; p = mpi_get_opaque( a, &i ); - iobuf_write( a, p, i ); + iobuf_write( out, p, i ); } } @@ -509,6 +514,24 @@ do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed ) } static int +do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed ) +{ + int rc = 0; + u32 n; + + assert( ed->mdc_method ); + + n = ed->len ? (ed->len + 10) : 0; + write_header(out, ctb, n ); + iobuf_put(out, 1 ); /* version */ + iobuf_put(out, ed->mdc_method ); + + /* This is all. The caller has to write the real data */ + + return rc; +} + +static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd ) { int rc = 0; @@ -560,6 +583,7 @@ find_subpkt( byte *buffer, sigsubpkttype_t reqtype, if( buflen < 2 ) break; n = (( n - 192 ) << 8) + *buffer + 192; + buffer++; buflen--; } if( buflen < n ) diff --git a/g10/cipher.c b/g10/cipher.c index f0564e36d..0de2a9d90 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -46,12 +46,18 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) byte temp[18]; unsigned blocksize; unsigned nprefix; + int use_mdc = opt.force_mdc; memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; ed.new_ctb = !ed.len && !opt.rfc1991; + if( use_mdc ) { + ed.mdc_method = DIGEST_ALGO_SHA1; + cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 ); + md_start_debug( cfx->mdc_hash, "mdccreat" ); + } init_packet( &pkt ); - pkt.pkttype = PKT_ENCRYPTED; + pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; pkt.pkt.encrypted = &ed; if( build_packet( a, &pkt )) log_bug("build_packet(ENCR_DATA) failed\n"); @@ -68,6 +74,8 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); cipher_setiv( cfx->cipher_hd, NULL, 0 ); /* log_hexdump( "prefix", temp, nprefix+2 ); */ + if( cfx->mdc_hash ) + md_write( cfx->mdc_hash, temp, nprefix+2 ); cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2); cipher_sync( cfx->cipher_hd ); iobuf_write(a, temp, nprefix+2); @@ -75,6 +83,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) } + /**************** * This filter is used to en/de-cipher data with a conventional algorithm */ @@ -94,11 +103,23 @@ cipher_filter( void *opaque, int control, if( !cfx->header ) { write_header( cfx, a ); } + if( cfx->mdc_hash ) + md_write( cfx->mdc_hash, buf, size ); cipher_encrypt( cfx->cipher_hd, buf, buf, size); if( iobuf_write( a, buf, size ) ) rc = G10ERR_WRITE_FILE; } else if( control == IOBUFCTRL_FREE ) { + if( cfx->mdc_hash ) { + byte *hash; + int hashlen = md_digest_length( md_get_algo( cfx->mdc_hash ) ); + md_final( cfx->mdc_hash ); + hash = md_read( cfx->mdc_hash, 0 ); + cipher_encrypt( cfx->cipher_hd, hash, hash, hashlen ); + if( iobuf_write( a, hash, hashlen ) ) + rc = G10ERR_WRITE_FILE; + md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL; + } cipher_close(cfx->cipher_hd); } else if( control == IOBUFCTRL_DESC ) { @@ -108,5 +129,3 @@ cipher_filter( void *opaque, int control, } - - diff --git a/g10/encode.c b/g10/encode.c index 775d64f15..8a533f331 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -64,6 +64,7 @@ encode_store( const char *filename ) } + static int encode_simple( const char *filename, int mode ) { diff --git a/g10/encr-data.c b/g10/encr-data.c index 5061622da..fd3da055b 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -34,13 +34,18 @@ static int decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len); +static int mdc_decode_filter( void *opaque, int control, IOBUF a, + byte *buf, size_t *ret_len); typedef struct { CIPHER_HANDLE cipher_hd; + MD_HANDLE mdc_hash; + char defer[20]; + int defer_filled; + int eof_seen; } decode_filter_ctx_t; - /**************** * Decrypt the data, specified by ED with the key DEK. */ @@ -49,11 +54,12 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) { decode_filter_ctx_t dfx; byte *p; - int rc, c, i; + int rc=0, c, i; byte temp[32]; unsigned blocksize; unsigned nprefix; + memset( &dfx, 0, sizeof dfx ); if( opt.verbose ) { const char *s = cipher_algo_to_string( dek->algo ); if( s ) @@ -62,7 +68,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) log_info(_("encrypted with unknown algorithm %d\n"), dek->algo ); } if( (rc=check_cipher_algo(dek->algo)) ) - return rc; + goto leave; blocksize = cipher_get_blocksize(dek->algo); if( !blocksize || blocksize > 16 ) log_fatal("unsupported blocksize %u\n", blocksize ); @@ -70,14 +76,18 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if( ed->len && ed->len < (nprefix+2) ) BUG(); + if( ed->mdc_method ) + dfx.mdc_hash = md_open( ed->mdc_method, 0 ); dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); /* log_hexdump( "thekey", dek->key, dek->keylen );*/ rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); if( rc == G10ERR_WEAK_KEY ) log_info(_("WARNING: message was encrypted with " "a weak key in the symmetric cipher.\n")); - else if( rc ) + else if( rc ) { log_error("key setup failed: %s\n", g10_errstr(rc) ); + goto leave; + } cipher_setiv( dfx.cipher_hd, NULL, 0 ); @@ -97,18 +107,108 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) temp[i] = c; } cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2); + if( dfx.mdc_hash ) + md_write( dfx.mdc_hash, temp, nprefix+2 ); cipher_sync( dfx.cipher_hd ); p = temp; /* log_hexdump( "prefix", temp, nprefix+2 ); */ if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) { - cipher_close(dfx.cipher_hd); - return G10ERR_BAD_KEY; + rc = G10ERR_BAD_KEY; + goto leave; } - iobuf_push_filter( ed->buf, decode_filter, &dfx ); + if( ed->mdc_method ) + iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx ); + else + iobuf_push_filter( ed->buf, decode_filter, &dfx ); proc_packets( procctx, ed->buf); ed->buf = NULL; + if( ed->mdc_method && dfx.eof_seen == 2 ) + rc = G10ERR_INVALID_PACKET; + else if( ed->mdc_method ) { /* check the mdc */ + int datalen = md_digest_length( ed->mdc_method ); + md_final( dfx.mdc_hash ); + if( datalen != 20 + || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) ) + rc = G10ERR_BAD_SIGN; + log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen); + log_hexdump("MDC message :", dfx.defer, 20); + } + leave: cipher_close(dfx.cipher_hd); - return 0; + md_close( dfx.mdc_hash ); + return rc; +} + +/* I think we should merge this with cipher_filter */ +static int +mdc_decode_filter( void *opaque, int control, IOBUF a, + byte *buf, size_t *ret_len) +{ + decode_filter_ctx_t *dfx = opaque; + size_t n, size = *ret_len; + int rc = 0; + int c; + + if( control == IOBUFCTRL_UNDERFLOW && dfx->eof_seen ) { + *ret_len = 0; + rc = -1; + } + else if( control == IOBUFCTRL_UNDERFLOW ) { + assert(a); + assert( size > 40 ); + + /* get at least 20 bytes and put it somewhere ahead in the buffer */ + for(n=20; n < 40 ; n++ ) { + if( (c = iobuf_get(a)) == -1 ) + break; + buf[n] = c; + } + if( n == 40 ) { + /* we have enough stuff - flush the deferred stuff */ + /* (we have asserted that the buffer is large enough */ + if( !dfx->defer_filled ) /* the first time */ + memcpy(buf, buf+20, 20 ); + else + memcpy(buf, dfx->defer, 20 ); + /* now fill up */ + for(; n < size; n++ ) { + if( (c = iobuf_get(a)) == -1 ) + break; + buf[n] = c; + } + /* move the last 20 bytes back to the defer buffer */ + /* (okay, we are wasting 20 bytes of supplied buffer) */ + n -= 20; + memcpy( dfx->defer, buf+n, 20 ); + dfx->defer_filled = 1; + } + else if( !dfx->defer_filled ) { /* eof seen buf empty defer */ + /* this is very bad because there is an incomplete hash */ + n -= 20; + memcpy(buf, buf+20, n ); + dfx->eof_seen = 2; /* eof with incomplete hash */ + } + else { /* eof seen */ + memcpy(buf, dfx->defer, 20 ); + n -= 20; + memcpy( dfx->defer, buf+n, 20 ); + dfx->eof_seen = 1; /* normal eof */ + } + + if( n ) { + cipher_decrypt( dfx->cipher_hd, buf, buf, n); + md_write( dfx->mdc_hash, buf, n ); + } + else { + assert( dfx->eof_seen ); + rc = -1; /* eof */ + } + *ret_len = n; + } + else if( control == IOBUFCTRL_DESC ) { + *(char**)buf = "mdc_decode_filter"; + } + return rc; } static int @@ -139,4 +239,3 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len) return rc; } - diff --git a/g10/filter.h b/g10/filter.h index a37a814fe..8fb875dd2 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -76,6 +76,7 @@ typedef struct { u32 datalen; CIPHER_HANDLE cipher_hd; int header; + MD_HANDLE mdc_hash; } cipher_filter_context_t; diff --git a/g10/mainproc.c b/g10/mainproc.c index 17c958feb..a560fcbe5 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1,4 +1,4 @@ -/* mainproc.c - handle packets +/* maPPPPinproc.c - handle packets * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. @@ -44,7 +44,7 @@ */ typedef struct mainproc_context *CTX; struct mainproc_context { - struct mainproc_context *anchor; + struct mainproc_context *anchor; /* may be useful in the future */ PKT_public_key *last_pubkey; PKT_secret_key *last_seckey; PKT_user_id *last_user_id; @@ -60,7 +60,6 @@ struct mainproc_context { IOBUF iobuf; /* used to get the filename etc. */ int trustletter; /* temp usage in list_node */ ulong local_id; /* ditto */ - int is_encrypted; /* used to check the MDC */ }; @@ -229,7 +228,6 @@ proc_encrypted( CTX c, PACKET *pkt ) int result = 0; /*log_debug("dat: %sencrypted data\n", c->dek?"":"conventional ");*/ - c->is_encrypted = 1; if( !c->dek && !c->last_was_session_key ) { /* assume this is old conventional encrypted data */ c->dek = passphrase_to_dek( NULL, @@ -247,6 +245,12 @@ proc_encrypted( CTX c, PACKET *pkt ) write_status( STATUS_DECRYPTION_OKAY ); if( opt.verbose > 1 ) log_info(_("decryption okay\n")); + if( pkt->pkt.encrypted->mdc_method ) + write_status( STATUS_GOODMDC ); + } + else if( result == G10ERR_BAD_SIGN ) { + log_error(_("WARNING: encrypted message has been manipulated!\n")); + write_status( STATUS_BADMDC ); } else { write_status( STATUS_DECRYPTION_FAILED ); @@ -259,6 +263,7 @@ proc_encrypted( CTX c, PACKET *pkt ) } + static void proc_plaintext( CTX c, PACKET *pkt ) { @@ -353,16 +358,6 @@ proc_compressed( CTX c, PACKET *pkt ) c->last_was_session_key = 0; } -static int -is_encrypted( CTX c ) -{ - for( ; c; c = c->anchor ) { - if( c->is_encrypted ) - return 1; - } - return 0; -} - /**************** * check the signature * Returns: 0 = valid signature or an error code @@ -763,7 +758,8 @@ do_proc_packets( CTX c, IOBUF a ) switch( pkt->pkttype ) { case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break; case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break; - case PKT_ENCRYPTED: proc_encrypted( c, pkt ); break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break; case PKT_COMPRESSED: proc_compressed( c, pkt ); break; default: newpkt = 0; break; } @@ -776,6 +772,7 @@ do_proc_packets( CTX c, IOBUF a ) case PKT_SYMKEY_ENC: case PKT_PUBKEY_ENC: case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: rc = G10ERR_UNEXPECTED; goto leave; case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; @@ -795,7 +792,8 @@ do_proc_packets( CTX c, IOBUF a ) case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break; case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break; - case PKT_ENCRYPTED: proc_encrypted( c, pkt ); break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break; case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break; case PKT_COMPRESSED: proc_compressed( c, pkt ); break; case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break; @@ -818,7 +816,8 @@ do_proc_packets( CTX c, IOBUF a ) case PKT_SIGNATURE: newpkt = add_signature( c, pkt ); break; case PKT_PUBKEY_ENC: proc_pubkey_enc( c, pkt ); break; case PKT_SYMKEY_ENC: proc_symkey_enc( c, pkt ); break; - case PKT_ENCRYPTED: proc_encrypted( c, pkt ); break; + case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: proc_encrypted( c, pkt ); break; case PKT_PLAINTEXT: proc_plaintext( c, pkt ); break; case PKT_COMPRESSED: proc_compressed( c, pkt ); break; case PKT_ONEPASS_SIG: newpkt = add_onepass_sig( c, pkt ); break; @@ -855,22 +854,6 @@ do_proc_packets( CTX c, IOBUF a ) } -#if 0 /* old MDC hack code preserved to reuse the messages later */ - if( !rc ) { - if( opt.verbose ) - log_info(_("encrypted message is valid\n")); - write_status( STATUS_GOODMDC ); - } - else if( rc == G10ERR_BAD_SIGN ) { - log_error(_("WARNING: encrypted message has been manipulated!\n")); - write_status( STATUS_BADMDC ); - } - else { - write_status( STATUS_ERRMDC ); - log_error(_("Can't check MDC: %s\n"), g10_errstr(rc) ); - } -#endif - static int check_sig_and_print( CTX c, KBNODE node ) { diff --git a/g10/packet.h b/g10/packet.h index 741e10009..a2af98abb 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -46,7 +46,8 @@ typedef enum { PKT_USER_ID =13, /* user id packet */ PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */ PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */ - PKT_COMMENT =61 /* new comment packet (private) */ + PKT_COMMENT =61, /* new comment packet (private) */ + PKT_ENCRYPTED_MDC =62, /* test: encrypted data with MDC */ } pkttype_t; typedef struct packet_struct PACKET; @@ -166,7 +167,8 @@ typedef struct { typedef struct { u32 len; /* length of encrypted data */ - byte new_ctb; + byte new_ctb; /* uses a new CTB */ + byte mdc_method; /* test: > 0: this is is an encrypted_mdc packet */ IOBUF buf; /* IOBUF reference */ } PKT_encrypted; @@ -180,6 +182,7 @@ typedef struct { char name[1]; } PKT_plaintext; + /* combine all packets into a union */ struct packet_struct { pkttype_t pkttype; @@ -194,7 +197,7 @@ struct packet_struct { PKT_comment *comment; /* PKT_COMMENT */ PKT_user_id *user_id; /* PKT_USER_ID */ PKT_compressed *compressed; /* PKT_COMPRESSED */ - PKT_encrypted *encrypted; /* PKT_ENCRYPTED */ + PKT_encrypted *encrypted; /* PKT_ENCRYPTED[_MDC] */ PKT_plaintext *plaintext; /* PKT_PLAINTEXT */ } pkt; }; diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 291128ba3..47d28e396 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -71,7 +71,6 @@ static int parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen, static int parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet, int new_ctb); - static unsigned short read_16(IOBUF inp) { @@ -432,6 +431,7 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, rc = parse_compressed(inp, pkttype, pktlen, pkt, new_ctb ); break; case PKT_ENCRYPTED: + case PKT_ENCRYPTED_MDC: rc = parse_encrypted(inp, pkttype, pktlen, pkt, new_ctb ); break; default: @@ -852,6 +852,7 @@ parse_sig_subpkt( const byte *buffer, sigsubpkttype_t reqtype, size_t *ret_n ) if( buflen < 2 ) goto too_short; n = (( n - 192 ) << 8) + *buffer + 192; + buffer++; buflen--; } if( buflen < n ) @@ -966,7 +967,7 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, } if( n ) { sig->hashed_data = m_alloc( n + 2 ); - sig->hashed_data[0] = n << 8; + sig->hashed_data[0] = n >> 8; sig->hashed_data[1] = n; if( iobuf_read(inp, sig->hashed_data+2, n ) != n ) { log_error("premature eof while reading hashed signature data\n"); @@ -983,7 +984,7 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, } if( n ) { sig->unhashed_data = m_alloc( n + 2 ); - sig->unhashed_data[0] = n << 8; + sig->unhashed_data[0] = n >> 8; sig->unhashed_data[1] = n; if( iobuf_read(inp, sig->unhashed_data+2, n ) != n ) { log_error("premature eof while reading unhashed signature data\n"); @@ -1536,6 +1537,25 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, ed->len = pktlen; ed->buf = NULL; ed->new_ctb = new_ctb; + ed->mdc_method = 0; + if( pkttype == PKT_ENCRYPTED_MDC ) { + /* test: this is the new encrypted_mdc packet */ + /* fixme: add some pktlen sanity checks */ + int version, method; + + version = iobuf_get_noeof(inp); pktlen--; + if( version != 1 ) { + log_error("encrypted_mdc packet with unknown version %d\n", + version); + goto leave; + } + method = iobuf_get_noeof(inp); pktlen--; + if( method != DIGEST_ALGO_SHA1 ) { + log_error("encrypted_mdc does not use SHA1 method\n" ); + goto leave; + } + ed->mdc_method = method; + } if( pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */ log_error("packet(%d) too short\n", pkttype); skip_rest(inp, pktlen); @@ -1546,6 +1566,8 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, printf(":encrypted data packet:\n\tlength: %lu\n", pktlen); else printf(":encrypted data packet:\n\tlength: unknown\n"); + if( ed->mdc_method ) + printf("\tmdc_method: %d\n", ed->mdc_method ); } ed->buf = inp; @@ -1555,5 +1577,3 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, return 0; } - - |