diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 22 | ||||
| -rw-r--r-- | g10/armor.c | 2 | ||||
| -rw-r--r-- | g10/cipher.c | 3 | ||||
| -rw-r--r-- | g10/encr-data.c | 3 | ||||
| -rw-r--r-- | g10/keygen.c | 105 | ||||
| -rw-r--r-- | g10/mainproc.c | 33 | ||||
| -rw-r--r-- | g10/options.h | 2 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 14 | ||||
| -rw-r--r-- | g10/sign.c | 30 | ||||
| -rw-r--r-- | g10/status.c | 1 | ||||
| -rw-r--r-- | g10/status.h | 1 |
11 files changed, 189 insertions, 27 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 0a538b4f6..30032047d 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,23 @@ +Wed Jun 28 11:54:44 CEST 2000 Werner Koch <wk@> + + * armor.c (armor_filter): Set sigclass to 0 in case of non-dash-escaped + clearsig. This makes this mode work again. + + * mainproc.c (proc_tree): Fixed handling of one-pass-sig packets in textmode. + Disabled the ugly workaround for PGP 5 - let's see whether thi breaks less + cases. Found by Ted Cabeen. + + * options.h (DBG_HASHING): New. All commented md_start_debug are now + controlled by this debug option. + + * sign.c (print_status_sig_created): New and called from 2 places. + + * keygen.c (gen_rsa): New, but commented. + (ask_algo): Commented support for RSA. + + * seckey-cert.c (protect_secret_key): Started to fix the code for v4 RSA + keys - it is not solved yet. However, we have time until, Sep 20th ;) + Wed Jun 14 12:27:09 CEST 2000 Werner Koch <[email protected]> * status.c (init_shm_coprocessing): Changed the sequence of the get,attach @@ -267,7 +287,7 @@ Wed Jan 5 11:51:17 CET 2000 Werner Koch <[email protected]> * g10.c (main): Reset new global flag opt.pgp2_workarounds when --openpgp is used. * mainproc.c (proc_plaintext): Do the PGP2,5 workarounds only - when the global falg is set. + when the global flag is set. (proc_tree): Ditto. * textfilter.c (copy_clearsig_text): Ditto. * armor.c (armor_filter): Ditto. diff --git a/g10/armor.c b/g10/armor.c index 4384131ff..7622dd039 100644 --- a/g10/armor.c +++ b/g10/armor.c @@ -847,7 +847,7 @@ armor_filter( void *opaque, int control, buf[n++] = 0x90; /* old format, type 4, 1 length byte */ buf[n++] = 13; /* length */ buf[n++] = 3; /* version */ - buf[n++] = 0x01; /* sigclass 0x01 (canonical text mode)*/ + buf[n++] = afx->not_dash_escaped? 0:1; /* sigclass */ if( hashes & 1 ) { hashes &= ~1; buf[n++] = DIGEST_ALGO_RMD160; diff --git a/g10/cipher.c b/g10/cipher.c index e2972297d..c45fa1e70 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -63,7 +63,8 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) if( use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 ); - /*md_start_debug( cfx->mdc_hash, "creatmdc" );*/ + if ( DBG_HASHING ) + md_start_debug( cfx->mdc_hash, "creatmdc" ); } init_packet( &pkt ); pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; diff --git a/g10/encr-data.c b/g10/encr-data.c index 1ee2bbed8..5e1fdabed 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -78,7 +78,8 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if( ed->mdc_method ) { dfx.mdc_hash = md_open( ed->mdc_method, 0 ); - /*md_start_debug(dfx.mdc_hash, "checkmdc");*/ + if ( DBG_HASHING ) + md_start_debug(dfx.mdc_hash, "checkmdc"); } dfx.cipher_hd = cipher_open( dek->algo, ed->mdc_method? CIPHER_MODE_CFB diff --git a/g10/keygen.c b/g10/keygen.c index d0083d13d..58642e103 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -414,6 +414,87 @@ gen_dsa(unsigned int nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, return 0; } +#if 0 +static int +gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, + STRING2KEY *s2k, PKT_secret_key **ret_sk, u32 expireval ) +{ + int rc; + PACKET *pkt; + PKT_secret_key *sk; + PKT_public_key *pk; + MPI skey[4]; + MPI *factors; + + assert( is_RSA(algo) ); + + if( nbits < 1024 ) { + nbits = 1024; + log_info(_("keysize invalid; using %u bits\n"), nbits ); + } + + if( (nbits % 32) ) { + nbits = ((nbits + 31) / 32) * 32; + log_info(_("keysize rounded up to %u bits\n"), nbits ); + } + + rc = pubkey_generate( algo, nbits, skey, &factors ); + if( rc ) { + log_error("pubkey_generate failed: %s\n", g10_errstr(rc) ); + return rc; + } + + sk = m_alloc_clear( sizeof *sk ); + pk = m_alloc_clear( sizeof *pk ); + sk->timestamp = pk->timestamp = make_timestamp(); + sk->version = pk->version = 4; + if( expireval ) { + sk->expiredate = pk->expiredate = sk->timestamp + expireval; + } + sk->pubkey_algo = pk->pubkey_algo = algo; + pk->pkey[0] = mpi_copy( skey[0] ); + pk->pkey[1] = mpi_copy( skey[1] ); + sk->skey[0] = skey[0]; + sk->skey[1] = skey[1]; + sk->skey[2] = skey[2]; + sk->skey[3] = skey[3]; + sk->skey[4] = skey[4]; + sk->skey[5] = skey[5]; + sk->is_protected = 0; + sk->protect.algo = 0; + + sk->csum = checksum_mpi_counted_nbits( sk->skey[2] ); + sk->csum += checksum_mpi_counted_nbits( sk->skey[3] ); + sk->csum += checksum_mpi_counted_nbits( sk->skey[4] ); + sk->csum += checksum_mpi_counted_nbits( sk->skey[5] ); + if( ret_sk ) /* not a subkey: return an unprotected version of the sk */ + *ret_sk = copy_secret_key( NULL, sk ); + + if( dek ) { + sk->protect.algo = dek->algo; + sk->protect.s2k = *s2k; + rc = protect_secret_key( sk, dek ); + if( rc ) { + log_error("protect_secret_key failed: %s\n", g10_errstr(rc) ); + free_public_key(pk); + free_secret_key(sk); + return rc; + } + } + + pkt = m_alloc_clear(sizeof *pkt); + pkt->pkttype = ret_sk ? PKT_PUBLIC_KEY : PKT_PUBLIC_SUBKEY; + pkt->pkt.public_key = pk; + add_kbnode(pub_root, new_kbnode( pkt )); + + pkt = m_alloc_clear(sizeof *pkt); + pkt->pkttype = ret_sk ? PKT_SECRET_KEY : PKT_SECRET_SUBKEY; + pkt->pkt.secret_key = sk; + add_kbnode(sec_root, new_kbnode( pkt )); + + return 0; +} +#endif /**************** @@ -460,6 +541,9 @@ ask_algo( int addmode ) if( addmode ) tty_printf( _(" (%d) ElGamal (encrypt only)\n"), 3 ); tty_printf( _(" (%d) ElGamal (sign and encrypt)\n"), 4 ); + #if 0 + tty_printf( _(" (%d) RSA (sign and encrypt)\n"), 5 ); + #endif for(;;) { answer = cpr_get("keygen.algo",_("Your selection? ")); @@ -470,6 +554,15 @@ ask_algo( int addmode ) algo = 0; /* create both keys */ break; } + #if 0 + else if( algo == 5 ) { + if( cpr_get_answer_is_yes("keygen.algo.rsa_se",_( + "Do you really want to create a sign and encrypt key? "))) { + algo = PUBKEY_ALGO_RSA; + break; + } + } + #endif else if( algo == 4 ) { if( cpr_get_answer_is_yes("keygen.algo.elg_se",_( "Do you really want to create a sign and encrypt key? "))) { @@ -513,6 +606,9 @@ ask_keysize( int algo ) tty_printf(_("DSA only allows keysizes from 512 to 1024\n")); else if( nbits < 768 ) tty_printf(_("keysize too small; 768 is smallest value allowed.\n")); + else if( algo == PUBKEY_ALGO_RSA && nbits < 1024 ) + tty_printf(_("keysize too small;" + " 1024 is smallest value allowed for RSA.\n")); else if( nbits > 4096 ) { /* It is ridiculous and an annoyance to use larger key sizes! * GnuPG can handle much larger sizes; but it takes an eternity @@ -537,7 +633,7 @@ ask_keysize( int algo ) break; } } - else if( nbits > 1536 && !cpr_enabled() ) { + else if( nbits > 1536 && !cpr_enabled() && algo != PUBKEY_ALGO_RSA ) { if( cpr_get_answer_is_yes("keygen.size.large.okay",_( "Do you really need such a large keysize? ")) ) break; @@ -882,10 +978,13 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, "generator a better chance to gain enough entropy.\n") ); if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E ) - rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k, - sk, expiredate ); + rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k, sk, expiredate); else if( algo == PUBKEY_ALGO_DSA ) rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, sk, expiredate); + #if 0 + else if( algo == PUBKEY_ALGO_RSA ) + rc = gen_rsa(algo, nbits, pub_root, sec_root, dek, s2k, sk, expiredate); + #endif else BUG(); diff --git a/g10/mainproc.c b/g10/mainproc.c index 99806313a..a12dbd873 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -424,10 +424,11 @@ proc_plaintext( CTX c, PACKET *pkt ) */ c->mfx.md2 = md_open( DIGEST_ALGO_MD5, 0); } - #if 0 - #warning md_start_debug is enabled - md_start_debug( c->mfx.md, "verify" ); - #endif + if ( DBG_HASHING ) { + md_start_debug( c->mfx.md, "verify" ); + if ( c->mfx.md2 ) + md_start_debug( c->mfx.md2, "verify2" ); + } rc = handle_plaintext( pt, &c->mfx, c->sigs_only, clearsig ); if( rc == G10ERR_CREATE_FILE && !c->sigs_only) { /* can't write output but we hash it anyway to @@ -1190,13 +1191,16 @@ proc_tree( CTX c, KBNODE node ) md_enable( c->mfx.md, n1->pkt->pkt.signature->digest_algo); } /* ask for file and hash it */ - if( c->sigs_only ) + if( c->sigs_only ) { rc = hash_datafiles( c->mfx.md, NULL, c->signed_data, c->sigfilename, n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 ); - else + } + else { rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2, - iobuf_get_fname(c->iobuf), 0 ); + iobuf_get_fname(c->iobuf), + n1? (n1->pkt->pkt.onepass_sig->sig_class == 0x01):0 ); + } if( rc ) { log_error("can't hash datafile: %s\n", g10_errstr(rc)); return; @@ -1230,6 +1234,7 @@ proc_tree( CTX c, KBNODE node ) * signature has been created in textmode */ c->mfx.md2 = md_open( sig->digest_algo, 0 ); } + #if 0 /* workaround disabled */ /* Here we have another hack to work around a pgp 2 bug * It works by not using the textmode for detached signatures; * this will let the first signature check (on md) fail @@ -1237,14 +1242,18 @@ proc_tree( CTX c, KBNODE node ) * then produce the "correct" hash. This is very, very ugly * hack but it may help in some cases (and break others) */ - if( c->sigs_only ) + /* c->mfx.md2? 0 :(sig->sig_class == 0x01) */ + #endif + if( c->sigs_only ) { rc = hash_datafiles( c->mfx.md, c->mfx.md2, c->signed_data, c->sigfilename, - c->mfx.md2? 0 :(sig->sig_class == 0x01) ); - else + (sig->sig_class == 0x01) ); + } + else { rc = ask_for_detached_datafile( c->mfx.md, c->mfx.md2, - iobuf_get_fname(c->iobuf), - c->mfx.md2? 0 :(sig->sig_class == 0x01) ); + iobuf_get_fname(c->iobuf), + (sig->sig_class == 0x01) ); + } if( rc ) { log_error("can't hash datafile: %s\n", g10_errstr(rc)); return; diff --git a/g10/options.h b/g10/options.h index 5d80e6771..312068e41 100644 --- a/g10/options.h +++ b/g10/options.h @@ -108,12 +108,14 @@ struct { #define DBG_CACHE_VALUE 64 /* debug the cacheing */ #define DBG_MEMSTAT_VALUE 128 /* show memory statistics */ #define DBG_TRUST_VALUE 256 /* debug the trustdb */ +#define DBG_HASHING_VALUE 512 /* debug hashing operations */ #define DBG_PACKET (opt.debug & DBG_PACKET_VALUE) #define DBG_FILTER (opt.debug & DBG_FILTER_VALUE) #define DBG_CACHE (opt.debug & DBG_CACHE_VALUE) #define DBG_TRUST (opt.debug & DBG_TRUST_VALUE) +#define DBG_HASHING (opt.debug & DBG_HASHING_VALUE) #endif /*G10_OPTIONS_H*/ diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 283e4e816..5cb10ee13 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -237,10 +237,11 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1); cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); if( sk->version >= 4 ) { - #define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY) - byte *bufarr[NMPIS]; - unsigned narr[NMPIS]; - unsigned nbits[NMPIS]; + /* FIXME: There is a bug in this function for all algorithms + * where the secret MPIs are more than 1 */ + byte *bufarr[PUBKEY_MAX_NSKEY]; + unsigned narr[PUBKEY_MAX_NSKEY]; + unsigned nbits[PUBKEY_MAX_NSKEY]; int ndata=0; byte *p, *data; @@ -251,13 +252,13 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) nbits[j] = mpi_get_nbits( sk->skey[i] ); ndata += narr[j] + 2; } - for( ; j < NMPIS; j++ ) + for( ; j < PUBKEY_MAX_NSKEY; j++ ) bufarr[j] = NULL; ndata += 2; /* for checksum */ data = m_alloc_secure( ndata ); p = data; - for(j=0; j < NMPIS && bufarr[j]; j++ ) { + for(j=0; j < PUBKEY_MAX_NSKEY && bufarr[j]; j++ ) { p[0] = nbits[j] >> 8 ; p[1] = nbits[j]; p += 2; @@ -265,7 +266,6 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) p += narr[j]; m_free(bufarr[j]); } - #undef NMPIS csum = checksum( data, ndata-2); sk->csum = csum; *p++ = csum >> 8; diff --git a/g10/sign.c b/g10/sign.c index 6b6d5c5d0..e5df3e482 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -36,6 +36,7 @@ #include "filter.h" #include "ttyio.h" #include "trustdb.h" +#include "status.h" #include "i18n.h" @@ -190,6 +191,25 @@ only_old_style( SK_LIST sk_list ) } +static void +print_status_sig_created ( PKT_secret_key *sk, PKT_signature *sig, int what ) +{ + byte array[MAX_FINGERPRINT_LEN], *p; + char buf[100+MAX_FINGERPRINT_LEN*2]; + size_t i, n; + + sprintf(buf, "%c %d %d %02x %lu ", + what, sig->pubkey_algo, sig->digest_algo, sig->sig_class, + (ulong)sig->timestamp ); + + fingerprint_from_sk( sk, array, &n ); + p = buf + strlen(buf); + for(i=0; i < n ; i++ ) + sprintf(p+2*i, "%02X", array[i] ); + + write_status_text( STATUS_SIG_CREATED, buf ); +} + /**************** * Sign the files whose names are in FILENAME. @@ -522,12 +542,16 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, pkt.pkttype = PKT_SIGNATURE; pkt.pkt.signature = sig; rc = build_packet( out, &pkt ); + if( !rc && is_status_enabled() ) { + print_status_sig_created ( sk, sig, detached ? 'D':'S'); + } free_packet( &pkt ); if( rc ) log_error("build signature packet failed: %s\n", g10_errstr(rc) ); } if( rc ) goto leave; + } @@ -639,7 +663,8 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) PKT_secret_key *sk = sk_rover->sk; md_enable(textmd, hash_for(sk->pubkey_algo)); } - /*md_start_debug( textmd, "sign" );*/ + if ( DBG_HASHING ) + md_start_debug( textmd, "clearsign" ); copy_clearsig_text( out, inp, textmd, !opt.not_dash_escaped, opt.escape_from, old_style ); /* fixme: check for read errors */ @@ -718,6 +743,9 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) pkt.pkttype = PKT_SIGNATURE; pkt.pkt.signature = sig; rc = build_packet( out, &pkt ); + if( !rc && is_status_enabled() ) { + print_status_sig_created ( sk, sig, 'C'); + } free_packet( &pkt ); if( rc ) log_error("build signature packet failed: %s\n", g10_errstr(rc) ); diff --git a/g10/status.c b/g10/status.c index b42265961..b3bc51e5b 100644 --- a/g10/status.c +++ b/g10/status.c @@ -150,6 +150,7 @@ write_status_text ( int no, const char *text) case STATUS_END_ENCRYPTION : s = "END_ENCRYPTION\n"; break; case STATUS_DELETE_PROBLEM : s = "DELETE_PROBLEM\n"; break; case STATUS_PROGRESS : s = "PROGRESS\n"; break; + case STATUS_SIG_CREATED : s = "SIG_CREATED\n"; break; default: s = "?\n"; break; } diff --git a/g10/status.h b/g10/status.h index 667565560..843f95cc7 100644 --- a/g10/status.h +++ b/g10/status.h @@ -80,6 +80,7 @@ #define STATUS_GET_HIDDEN 48 #define STATUS_GOT_IT 49 #define STATUS_PROGRESS 50 +#define STATUS_SIG_CREATED 51 /*-- status.c --*/ void set_status_fd ( int fd ); |