diff options
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 15 | ||||
| -rw-r--r-- | g10/build-packet.c | 17 | ||||
| -rw-r--r-- | g10/cipher.c | 31 | ||||
| -rw-r--r-- | g10/encr-data.c | 32 | ||||
| -rw-r--r-- | g10/filter.h | 2 | ||||
| -rw-r--r-- | g10/g10.c | 13 | ||||
| -rw-r--r-- | g10/mainproc.c | 6 | ||||
| -rw-r--r-- | g10/options.h | 1 | ||||
| -rw-r--r-- | g10/packet.h | 11 | ||||
| -rw-r--r-- | g10/parse-packet.c | 38 | ||||
| -rw-r--r-- | g10/sig-check.c | 1 |
11 files changed, 126 insertions, 41 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 6d19d7e0e..51c3973d0 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +Mon Jun 5 12:37:43 CEST 2000 Werner Koch <[email protected]> + + * build-packet.c (do_mdc): New. + (do_encrypted_mdc): Changed for the new proposal. + * parse-packet.c (parse_mdc): New. + (parse_encrypted): Fixed for the new proposal. + * packet.h (PKT_MDC): New. + * cipher.c (cipher_filter): Build the MDC packet here. + * g10.c (main): Enable --force-mdc. + * encr-data.c (mdc_decode_filter): Fixed for new MDC method + + * options.h(rfc2440): New. + * g10.c (main): Changed the selected values for --openpgp to not include + optional algorithms. + Thu May 18 11:38:54 CEST 2000 Werner Koch <[email protected]> * keyedit.c (keyedit_menu): Add a keyword arg to the prompt. diff --git a/g10/build-packet.c b/g10/build-packet.c index 238a2021b..0f297b0e7 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -44,6 +44,7 @@ static u32 calc_plaintext( PKT_plaintext *pt ); static int do_plaintext( IOBUF out, int ctb, PKT_plaintext *pt ); static int do_encrypted( IOBUF out, int ctb, PKT_encrypted *ed ); static int do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed ); +static int do_mdc( IOBUF out, PKT_mdc *mdc ); static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd ); static int do_signature( IOBUF out, int ctb, PKT_signature *sig ); static int do_onepass_sig( IOBUF out, int ctb, PKT_onepass_sig *ops ); @@ -121,6 +122,9 @@ build_packet( IOBUF out, PACKET *pkt ) case PKT_ENCRYPTED_MDC: rc = do_encrypted_mdc( out, ctb, pkt->pkt.encrypted ); break; + case PKT_MDC: + rc = do_mdc( out, pkt->pkt.mdc ); + break; case PKT_COMPRESSED: rc = do_compressed( out, ctb, pkt->pkt.compressed ); break; @@ -550,13 +554,24 @@ do_encrypted_mdc( IOBUF out, int ctb, PKT_encrypted *ed ) n = ed->len ? (ed->len + 10) : 0; write_header(out, ctb, n ); iobuf_put(out, 1 ); /* version */ - iobuf_put(out, ed->mdc_method ); /* This is all. The caller has to write the real data */ return rc; } + +static int +do_mdc( IOBUF out, PKT_mdc *mdc ) +{ + /* This packet requires a fixed header encoding */ + iobuf_put( out, 0xd3 ); /* packet ID and 1 byte length */ + iobuf_put( out, 0x14 ); /* length = 20 */ + if( iobuf_write( out, mdc->hash, sizeof(mdc->hash) ) ) + return G10ERR_WRITE_FILE; + return 0; +} + static int do_compressed( IOBUF out, int ctb, PKT_compressed *cd ) { diff --git a/g10/cipher.c b/g10/cipher.c index b270a4aee..0bed51300 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -49,22 +49,27 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) unsigned nprefix; int use_mdc = opt.force_mdc; + blocksize = cipher_get_blocksize( cfx->dek->algo ); + if( blocksize < 8 || blocksize > 16 ) + log_fatal("unsupported blocksize %u\n", blocksize ); + if( blocksize != 8 ) + use_mdc = 1; /* enable it for all modern ciphers */ + if( opt.rfc2440 ) + use_mdc = 0; /* override - rfc2440 does not know about MDC */ + memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; ed.new_ctb = !ed.len && !opt.rfc1991; if( use_mdc ) { ed.mdc_method = DIGEST_ALGO_SHA1; cfx->mdc_hash = md_open( DIGEST_ALGO_SHA1, 0 ); - /*md_start_debug( cfx->mdc_hash, "mdccreat" );*/ + /*md_start_debug( cfx->mdc_hash, "creatmdc" );*/ } init_packet( &pkt ); pkt.pkttype = use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED; pkt.pkt.encrypted = &ed; if( build_packet( a, &pkt )) log_bug("build_packet(ENCR_DATA) failed\n"); - blocksize = cipher_get_blocksize( cfx->dek->algo ); - if( blocksize < 8 || blocksize > 16 ) - log_fatal("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; randomize_buffer( temp, nprefix, 1 ); temp[nprefix] = temp[nprefix-2]; @@ -75,8 +80,6 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); cipher_setiv( cfx->cipher_hd, NULL, 0 ); /* log_hexdump( "prefix", temp, nprefix+2 ); */ - if( cfx->mdc_hash ) - md_write( cfx->mdc_hash, temp, nprefix+2 ); cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2); cipher_sync( cfx->cipher_hd ); iobuf_write(a, temp, nprefix+2); @@ -115,12 +118,22 @@ cipher_filter( void *opaque, int control, if( cfx->mdc_hash ) { byte *hash; int hashlen = md_digest_length( md_get_algo( cfx->mdc_hash ) ); + byte temp[22]; + + assert( hashlen == 20 ); + /* we must hash the prefix of the MDC packet here */ + temp[0] = 0xd3; + temp[1] = 0x14; + md_putc( cfx->mdc_hash, temp[0] ); + md_putc( cfx->mdc_hash, temp[1] ); + md_final( cfx->mdc_hash ); hash = md_read( cfx->mdc_hash, 0 ); - cipher_encrypt( cfx->cipher_hd, hash, hash, hashlen ); - if( iobuf_write( a, hash, hashlen ) ) - rc = G10ERR_WRITE_FILE; + memcpy(temp+2, hash, 20); + cipher_encrypt( cfx->cipher_hd, temp, temp, 22 ); md_close( cfx->mdc_hash ); cfx->mdc_hash = NULL; + if( iobuf_write( a, temp, 22 ) ) + log_error("writing MDC packet failed\n" ); } cipher_close(cfx->cipher_hd); write_status( STATUS_END_ENCRYPTION ); diff --git a/g10/encr-data.c b/g10/encr-data.c index d2aea0ff1..c584f49d3 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -32,9 +32,9 @@ #include "i18n.h" -static int decode_filter( void *opaque, int control, IOBUF a, - byte *buf, size_t *ret_len); static int mdc_decode_filter( void *opaque, int control, IOBUF a, + byte *buf, size_t *ret_len); +static int decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len); typedef struct { @@ -76,8 +76,10 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) if( ed->len && ed->len < (nprefix+2) ) BUG(); - if( ed->mdc_method ) + if( ed->mdc_method ) { dfx.mdc_hash = md_open( ed->mdc_method, 0 ); + /*md_start_debug(dfx.mdc_hash, "checkmdc");*/ + } dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); /* log_hexdump( "thekey", dek->key, dek->keylen );*/ rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); @@ -107,8 +109,6 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) temp[i] = c; } cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2); - if( dfx.mdc_hash ) - md_write( dfx.mdc_hash, temp, nprefix+2 ); cipher_sync( dfx.cipher_hd ); p = temp; /* log_hexdump( "prefix", temp, nprefix+2 ); */ @@ -116,29 +116,36 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) rc = G10ERR_BAD_KEY; goto leave; } + if( ed->mdc_method ) iobuf_push_filter( ed->buf, mdc_decode_filter, &dfx ); else iobuf_push_filter( ed->buf, decode_filter, &dfx ); - proc_packets( procctx, ed->buf); + + proc_packets( procctx, ed->buf ); ed->buf = NULL; if( ed->mdc_method && dfx.eof_seen == 2 ) rc = G10ERR_INVALID_PACKET; else if( ed->mdc_method ) { /* check the mdc */ int datalen = md_digest_length( ed->mdc_method ); + + cipher_decrypt( dfx.cipher_hd, dfx.defer, dfx.defer, 20); md_final( dfx.mdc_hash ); if( datalen != 20 || memcmp(md_read( dfx.mdc_hash, 0 ), dfx.defer, datalen) ) rc = G10ERR_BAD_SIGN; - log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen); - log_hexdump("MDC message :", dfx.defer, 20); + /*log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);*/ + /*log_hexdump("MDC message :", dfx.defer, 20);*/ } + leave: cipher_close(dfx.cipher_hd); md_close( dfx.mdc_hash ); return rc; } + + /* I think we should merge this with cipher_filter */ static int mdc_decode_filter( void *opaque, int control, IOBUF a, @@ -166,10 +173,13 @@ mdc_decode_filter( void *opaque, int control, IOBUF a, if( n == 40 ) { /* we have enough stuff - flush the deferred stuff */ /* (we have asserted that the buffer is large enough) */ - if( !dfx->defer_filled ) /* the first time */ + if( !dfx->defer_filled ) { /* the first time */ memcpy(buf, buf+20, 20 ); - else + n = 20; + } + else { memcpy(buf, dfx->defer, 20 ); + } /* now fill up */ for(; n < size; n++ ) { if( (c = iobuf_get(a)) == -1 ) @@ -183,7 +193,7 @@ mdc_decode_filter( void *opaque, int control, IOBUF a, dfx->defer_filled = 1; } else if( !dfx->defer_filled ) { /* eof seen buf empty defer */ - /* this is very bad because there is an incomplete hash */ + /* this is bad because there is an incomplete hash */ n -= 20; memcpy(buf, buf+20, n ); dfx->eof_seen = 2; /* eof with incomplete hash */ diff --git a/g10/filter.h b/g10/filter.h index 1adf0edaa..aecacbc43 100644 --- a/g10/filter.h +++ b/g10/filter.h @@ -83,6 +83,8 @@ typedef struct { CIPHER_HANDLE cipher_hd; int header; MD_HANDLE mdc_hash; + byte enchash[20]; + int create_mdc; /* flag will be set by the cipher filter */ } cipher_filter_context_t; @@ -821,11 +821,13 @@ main( int argc, char **argv ) break; case oRFC1991: opt.rfc1991 = 1; + opt.rfc2440 = 0; opt.no_comment = 1; opt.escape_from = 1; break; case oOpenPGP: opt.rfc1991 = 0; + opt.rfc2440 = 1; opt.pgp2_workarounds = 0; opt.escape_from = 0; opt.force_v3_sigs = 0; @@ -834,10 +836,10 @@ main( int argc, char **argv ) opt.not_dash_escaped = 0; opt.def_cipher_algo = 0; opt.def_digest_algo = 0; - opt.def_compress_algo = 2; + opt.def_compress_algo = 1; opt.s2k_mode = 3; /* iterated+salted */ - opt.s2k_digest_algo = DIGEST_ALGO_RMD160; - opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH; + opt.s2k_digest_algo = DIGEST_ALGO_SHA1; + opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break; @@ -936,11 +938,6 @@ main( int argc, char **argv ) log_info("used in a production environment or with production keys!\n"); } #endif - if( opt.force_mdc ) { - log_info("--force-mdc ignored because" - " the OpenPGP WG has not yet aggreed on MDCs\n"); - opt.force_mdc = 0; - } if (opt.no_literal) { log_info(_("NOTE: %s is not for normal use!\n"), "--no-literal"); if (opt.textmode) diff --git a/g10/mainproc.c b/g10/mainproc.c index 7c5ed36aa..abfdf6bb6 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -333,6 +333,7 @@ proc_encrypted( CTX c, PACKET *pkt ) result = G10ERR_NO_SECKEY; if( !result ) result = decrypt_data( c, pkt->pkt.encrypted, c->dek ); + m_free(c->dek); c->dek = NULL; if( result == -1 ) ; @@ -350,7 +351,7 @@ proc_encrypted( CTX c, PACKET *pkt ) else { write_status( STATUS_DECRYPTION_FAILED ); log_error(_("decryption failed: %s\n"), g10_errstr(result)); - /* Hmmm: does this work when we have encrypted using a multiple + /* Hmmm: does this work when we have encrypted using multiple * ways to specify the session key (symmmetric and PK)*/ } free_packet(pkt); @@ -884,6 +885,7 @@ list_node( CTX c, KBNODE node ) } + int proc_packets( void *anchor, IOBUF a ) { @@ -896,6 +898,8 @@ proc_packets( void *anchor, IOBUF a ) return rc; } + + int proc_signature_packets( void *anchor, IOBUF a, STRLIST signedfiles, const char *sigfilename ) diff --git a/g10/options.h b/g10/options.h index b3bdc8a34..f2090a2f0 100644 --- a/g10/options.h +++ b/g10/options.h @@ -64,6 +64,7 @@ struct { int compress_sigs; int always_trust; int rfc1991; + int rfc2440; int pgp2_workarounds; unsigned emulate_bugs; /* bug emulation flags EMUBUG_xxxx */ int shm_coprocess; diff --git a/g10/packet.h b/g10/packet.h index fdc8af4a5..62626c826 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -47,8 +47,9 @@ typedef enum { PKT_PUBLIC_SUBKEY =14, /* public subkey (OpenPGP) */ PKT_OLD_COMMENT =16, /* comment packet from an OpenPGP draft */ PKT_PHOTO_ID =17, /* PGP's photo ID */ + PKT_ENCRYPTED_MDC =18, /* integrity protected encrypted data */ + PKT_MDC =19, /* manipulaion detection code packet */ PKT_COMMENT =61, /* new comment packet (private) */ - PKT_ENCRYPTED_MDC =62, /* test: encrypted data with MDC */ } pkttype_t; typedef struct packet_struct PACKET; @@ -171,11 +172,15 @@ typedef struct { typedef struct { u32 len; /* length of encrypted data */ byte new_ctb; /* uses a new CTB */ - byte mdc_method; /* test: > 0: this is is an encrypted_mdc packet */ + byte mdc_method; /* > 0: integrity protected encrypted data packet */ IOBUF buf; /* IOBUF reference */ } PKT_encrypted; typedef struct { + byte hash[20]; +} PKT_mdc; + +typedef struct { unsigned int trustval; } PKT_ring_trust; @@ -205,6 +210,7 @@ struct packet_struct { PKT_user_id *user_id; /* PKT_USER_ID */ PKT_compressed *compressed; /* PKT_COMPRESSED */ PKT_encrypted *encrypted; /* PKT_ENCRYPTED[_MDC] */ + PKT_mdc *mdc; /* PKT_MDC */ PKT_ring_trust *ring_trust; /* PKT_RING_TRUST */ PKT_plaintext *plaintext; /* PKT_PLAINTEXT */ } pkt; @@ -333,7 +339,6 @@ int handle_compressed( void *ctx, PKT_compressed *cd, /*-- encr-data.c --*/ int decrypt_data( void *ctx, PKT_encrypted *ed, DEK *dek ); -int encrypt_data( PKT_encrypted *ed, DEK *dek ); /*-- plaintext.c --*/ int handle_plaintext( PKT_plaintext *pt, md_filter_context_t *mfx, diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 48d601501..bc720f756 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -73,6 +73,8 @@ static int parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet, int new_ctb ); static int parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet, int new_ctb); +static int parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen, + PACKET *packet, int new_ctb); static unsigned short read_16(IOBUF inp) @@ -441,6 +443,9 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, case PKT_ENCRYPTED_MDC: rc = parse_encrypted(inp, pkttype, pktlen, pkt, new_ctb ); break; + case PKT_MDC: + rc = parse_mdc(inp, pkttype, pktlen, pkt, new_ctb ); + break; default: skip_packet(inp, pkttype, pktlen); break; @@ -1697,9 +1702,8 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, ed->new_ctb = new_ctb; ed->mdc_method = 0; if( pkttype == PKT_ENCRYPTED_MDC ) { - /* test: this is the new encrypted_mdc packet */ /* fixme: add some pktlen sanity checks */ - int version, method; + int version; version = iobuf_get_noeof(inp); pktlen--; if( version != 1 ) { @@ -1707,12 +1711,7 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, version); goto leave; } - method = iobuf_get_noeof(inp); pktlen--; - if( method != DIGEST_ALGO_SHA1 ) { - log_error("encrypted_mdc does not use SHA1 method\n" ); - goto leave; - } - ed->mdc_method = method; + ed->mdc_method = DIGEST_ALGO_SHA1; } if( pktlen && pktlen < 10 ) { /* actually this is blocksize+2 */ log_error("packet(%d) too short\n", pkttype); @@ -1735,3 +1734,26 @@ parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen, return 0; } + +static int +parse_mdc( IOBUF inp, int pkttype, unsigned long pktlen, + PACKET *pkt, int new_ctb ) +{ + PKT_mdc *mdc; + byte *p; + + mdc = pkt->pkt.mdc= m_alloc(sizeof *pkt->pkt.mdc ); + if( list_mode ) + printf(":mdc packet: length=%lu\n", pktlen); + if( !new_ctb || pktlen != 20 ) { + log_error("mdc_packet with invalid encoding\n"); + goto leave; + } + p = mdc->hash; + for( ; pktlen; pktlen--, p++ ) + *p = iobuf_get_noeof(inp); + + leave: + return 0; +} + diff --git a/g10/sig-check.c b/g10/sig-check.c index cb00b86dc..6c51cc89f 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -518,6 +518,7 @@ check_key_signature2( KBNODE root, KBNODE node, int *is_selfsig, keyid_from_pk( pk, keyid ); md = md_open( algo, 0 ); + md_start_debug( md, "rsa" ); hash_public_key( md, pk ); hash_uid_node( unode, md, sig ); if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { |