diff options
| author | David Shaw <[email protected]> | 2009-06-05 14:11:03 +0000 |
|---|---|---|
| committer | David Shaw <[email protected]> | 2009-06-05 14:11:03 +0000 |
| commit | 047d97e95e1df831d699fb77cd58c269a13a5c5c (patch) | |
| tree | 1aba8b3a366cbf6bfe543401009358b079ef3673 | |
| parent | * defs.inc: Improved all_cipher_algos and all_hash_algos to work when (diff) | |
| download | gnupg-047d97e95e1df831d699fb77cd58c269a13a5c5c.tar.gz gnupg-047d97e95e1df831d699fb77cd58c269a13a5c5c.zip | |
Add full Camellia support.
* configure.ac: Remove Camellia restriction.
* gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia
restriction.
* misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for
openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and
openpgp_cipher_get_algo_blklen to wrap around the corresponding gcry_*
functions, but pass the algorithm number through
map_cipher_openpgp_to_gcry. This is needed in case the gcry algorithm
number doesn't match the OpenPGP number (c.f. Camellia).
* encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c, seskey.c,
passphrase.c, seckey-cert.c: Use new openpgp_cipher_* macros here.
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | configure.ac | 24 | ||||
| -rw-r--r-- | g10/ChangeLog | 16 | ||||
| -rw-r--r-- | g10/cipher.c | 16 | ||||
| -rw-r--r-- | g10/encode.c | 10 | ||||
| -rw-r--r-- | g10/encr-data.c | 14 | ||||
| -rw-r--r-- | g10/gpg.c | 12 | ||||
| -rw-r--r-- | g10/main.h | 6 | ||||
| -rw-r--r-- | g10/mainproc.c | 4 | ||||
| -rw-r--r-- | g10/misc.c | 13 | ||||
| -rw-r--r-- | g10/passphrase.c | 4 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 4 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 25 | ||||
| -rw-r--r-- | g10/seskey.c | 12 |
14 files changed, 72 insertions, 92 deletions
@@ -1,3 +1,7 @@ +2009-06-05 David Shaw <[email protected]> + + * configure.ac: Remove Camellia restriction. + 2009-04-01 Werner Koch <[email protected]> * configure.ac: Test for fsync. diff --git a/configure.ac b/configure.ac index 31a3516e9..6e81812fa 100644 --- a/configure.ac +++ b/configure.ac @@ -74,7 +74,6 @@ have_adns=no use_bzip2=yes use_exec=yes disable_keyserver_path=no -use_camellia=no GNUPG_BUILD_PROGRAM(gpg, yes) @@ -174,22 +173,6 @@ AC_ARG_ENABLE(bzip2, use_bzip2=$enableval) AC_MSG_RESULT($use_bzip2) -# Check whether testing support for Camellia has been requested -AC_MSG_CHECKING([whether to enable the CAMELLIA cipher for gpg]) -AC_ARG_ENABLE(camellia, - AC_HELP_STRING([--enable-camellia],[enable the CAMELLIA cipher for gpg]), - use_camellia=$enableval) -AC_MSG_RESULT($use_camellia) -if test x"$use_camellia" = xyes ; then - AC_DEFINE(USE_CAMELLIA,1,[Define to include the CAMELLIA cipher into gpg]) - AC_MSG_WARN([[ -*** -*** The Camellia cipher for gpg is for testing only and -*** is NOT for production use! -***]]) -fi - - # Configure option to allow or disallow execution of external # programs, like a photo viewer. AC_MSG_CHECKING([whether to enable external program execution]) @@ -1489,10 +1472,3 @@ echo " gpg-check-pattern will not be build. " fi -if test x"$use_camellia" = xyes ; then - echo - echo "WARNING: The Camellia cipher for gpg is for testing only" - echo " and is NOT for production use!" - echo -fi - diff --git a/g10/ChangeLog b/g10/ChangeLog index cbc4e778e..5eb5d0c68 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,19 @@ +2009-06-05 David Shaw <[email protected]> + + * gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia + restriction. + + * misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for + openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and + openpgp_cipher_get_algo_blklen to wrap around the corresponding + gcry_* functions, but pass the algorithm number through + map_cipher_openpgp_to_gcry. This is needed in case the gcry + algorithm number doesn't match the OpenPGP number (c.f. Camellia). + + * encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c, + seskey.c, passphrase.c, seckey-cert.c: Use new openpgp_cipher_* + macros here. + 2009-06-02 Werner Koch <[email protected]> * card-util.c (get_manufacturer): Add new manufacturer. diff --git a/g10/cipher.c b/g10/cipher.c index dc248e395..f0dc57719 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -1,6 +1,6 @@ /* cipher.c - En-/De-ciphering filter * Copyright (C) 1998, 1999, 2000, 2001, 2003, - * 2006 Free Software Foundation, Inc. + * 2006, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -49,7 +49,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) unsigned int blocksize; unsigned int nprefix; - blocksize = gcry_cipher_get_algo_blklen (cfx->dek->algo); + blocksize = openpgp_cipher_get_algo_blklen (cfx->dek->algo); if ( blocksize < 8 || blocksize > 16 ) log_fatal("unsupported blocksize %u\n", blocksize ); @@ -81,12 +81,12 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) temp[nprefix] = temp[nprefix-2]; temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); - err = gcry_cipher_open (&cfx->cipher_hd, - cfx->dek->algo, - GCRY_CIPHER_MODE_CFB, - (GCRY_CIPHER_SECURE - | ((cfx->dek->use_mdc || cfx->dek->algo >= 100)? - 0 : GCRY_CIPHER_ENABLE_SYNC))); + err = openpgp_cipher_open (&cfx->cipher_hd, + cfx->dek->algo, + GCRY_CIPHER_MODE_CFB, + (GCRY_CIPHER_SECURE + | ((cfx->dek->use_mdc || cfx->dek->algo >= 100)? + 0 : GCRY_CIPHER_ENABLE_SYNC))); if (err) { /* We should never get an error here cause we already checked, * that the algorithm is available. */ diff --git a/g10/encode.c b/g10/encode.c index 0c7dc4e22..3c4e0a274 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -1,6 +1,6 @@ /* encode.c - encode data * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006 Free Software Foundation, Inc. + * 2006, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -86,7 +86,7 @@ encode_seskey( DEK *dek, DEK **seskey, byte *enckey ) /* We only pass already checked values to the following fucntion, thus we consider any failure as fatal. */ - if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) + if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) BUG (); if (gcry_cipher_setkey (hd, dek->key, dek->keylen)) BUG (); @@ -142,7 +142,7 @@ use_mdc(PK_LIST pk_list,int algo) /* Last try. Use MDC for the modern ciphers. */ - if (gcry_cipher_get_algo_blklen (algo) != 8) + if (openpgp_cipher_get_algo_blklen (algo) != 8) return 1; if (opt.verbose) @@ -237,7 +237,7 @@ encode_simple( const char *filename, int mode, int use_seskey ) { DEK *dek = NULL; - seskeylen = gcry_cipher_get_algo_keylen (default_cipher_algo ()); + seskeylen = openpgp_cipher_get_algo_keylen (default_cipher_algo ()); encode_seskey( cfx.dek, &dek, enckey ); xfree( cfx.dek ); cfx.dek = dek; } @@ -411,7 +411,7 @@ setup_symkey(STRING2KEY **symkey_s2k,DEK **symkey_dek) static int write_symkey_enc(STRING2KEY *symkey_s2k,DEK *symkey_dek,DEK *dek,IOBUF out) { - int rc, seskeylen = gcry_cipher_get_algo_keylen (dek->algo); + int rc, seskeylen = openpgp_cipher_get_algo_keylen (dek->algo); PKT_symkey_enc *enc; byte enckey[33]; diff --git a/g10/encr-data.c b/g10/encr-data.c index 56d787c7e..c559299ff 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -1,6 +1,6 @@ /* encr-data.c - process an encrypted data packet * Copyright (C) 1998, 1999, 2000, 2001, 2005, - * 2006 Free Software Foundation, Inc. + * 2006, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -98,7 +98,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) rc = openpgp_cipher_test_algo (dek->algo); if (rc) goto leave; - blocksize = gcry_cipher_get_algo_blklen (dek->algo); + blocksize = openpgp_cipher_get_algo_blklen (dek->algo); if ( !blocksize || blocksize > 16 ) log_fatal ("unsupported blocksize %u\n", blocksize ); nprefix = blocksize; @@ -113,11 +113,11 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) gcry_md_start_debug (dfx->mdc_hash, "checkmdc"); } - rc = gcry_cipher_open (&dfx->cipher_hd, dek->algo, - GCRY_CIPHER_MODE_CFB, - (GCRY_CIPHER_SECURE - | ((ed->mdc_method || dek->algo >= 100)? - 0 : GCRY_CIPHER_ENABLE_SYNC))); + rc = openpgp_cipher_open (&dfx->cipher_hd, dek->algo, + GCRY_CIPHER_MODE_CFB, + (GCRY_CIPHER_SECURE + | ((ed->mdc_method || dek->algo >= 100)? + 0 : GCRY_CIPHER_ENABLE_SYNC))); if (rc) { /* We should never get an error here cause we already checked @@ -1,6 +1,6 @@ /* gpg.c - The GnuPG utility (main for gpg) * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, - * 2006, 2007, 2008 Free Software Foundation, Inc. + * 2006, 2007, 2008, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -2963,15 +2963,6 @@ main (int argc, char **argv) log_set_prefix (NULL, 1|2|4); } -#ifdef USE_CAMELLIA - /* We better also print a runtime warning if people build it with - support for Camellia (which is not yet defined by OpenPGP). */ - log_info ("WARNING: This version has been built with support for the " - "Camellia cipher.\n"); - log_info (" It is for testing only and is NOT for production " - "use!\n"); -#endif - /* Older Libgcrypts fail with an assertion during DSA key generation. Better disable DSA2 entirely. */ if (opt.flags.dsa2 && !gcry_check_version ("1.4.0") ) @@ -4323,4 +4314,3 @@ add_keyserver_url( const char *string, int which ) if(critical) sl->flags |= 1; } - diff --git a/g10/main.h b/g10/main.h index 1e5cad4bf..d46c0ff9f 100644 --- a/g10/main.h +++ b/g10/main.h @@ -1,6 +1,6 @@ /* main.h * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008 Free Software Foundation, Inc. + * 2008, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -82,6 +82,10 @@ u16 checksum( byte *p, unsigned n ); u16 checksum_mpi( gcry_mpi_t a ); u32 buffer_to_u32( const byte *buffer ); const byte *get_session_marker( size_t *rlen ); +int map_cipher_openpgp_to_gcry (int algo); +#define openpgp_cipher_open(_a,_b,_c,_d) gcry_cipher_open((_a),map_cipher_openpgp_to_gcry((_b)),(_c),(_d)) +#define openpgp_cipher_get_algo_keylen(_a) gcry_cipher_get_algo_keylen(map_cipher_openpgp_to_gcry((_a))) +#define openpgp_cipher_get_algo_blklen(_a) gcry_cipher_get_algo_blklen(map_cipher_openpgp_to_gcry((_a))) int openpgp_cipher_blocklen (int algo); int openpgp_cipher_test_algo( int algo ); const char *openpgp_cipher_algo_name (int algo); diff --git a/g10/mainproc.c b/g10/mainproc.c index beab791b9..31d338529 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1,6 +1,6 @@ /* mainproc.c - handle packets * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008 Free Software Foundation, Inc. + * 2008, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -233,7 +233,7 @@ symkey_decrypt_seskey( DEK *dek, byte *seskey, size_t slen ) return G10ERR_BAD_KEY; } - if (gcry_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) + if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1)) BUG (); if (gcry_cipher_setkey ( hd, dek->key, dek->keylen )) BUG (); diff --git a/g10/misc.c b/g10/misc.c index 80a8a74ca..5b9e652ab 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1,6 +1,6 @@ /* misc.c - miscellaneous functions * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, - * 2008 Free Software Foundation, Inc. + * 2008, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -340,7 +340,7 @@ print_digest_algo_note( int algo ) /* Map OpenPGP algo numbers to those used by Libgcrypt. We need to do this for algorithms we implemented in Libgcrypt after they become part of OpenPGP. */ -static int +int map_cipher_openpgp_to_gcry (int algo) { switch (algo) @@ -400,15 +400,6 @@ openpgp_cipher_test_algo( int algo ) if ( algo < 0 || algo > 110 || algo == 5 || algo == 6 ) return gpg_error (GPG_ERR_CIPHER_ALGO); - /* Camellia is not yet defined for OpenPGP thus only allow it if - requested. */ -#ifndef USE_CAMELLIA - if (algo == CIPHER_ALGO_CAMELLIA128 - || algo == CIPHER_ALGO_CAMELLIA192 - || algo == CIPHER_ALGO_CAMELLIA256) - return gpg_error (GPG_ERR_CIPHER_ALGO); -#endif - return gcry_cipher_test_algo (map_cipher_openpgp_to_gcry (algo)); } diff --git a/g10/passphrase.c b/g10/passphrase.c index 84eedc211..3742738e9 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -1,6 +1,6 @@ /* passphrase.c - Get a passphrase * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - * 2005, 2006, 2007 Free Software Foundation, Inc. + * 2005, 2006, 2007, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -61,7 +61,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k) int pwlen = strlen(pw); assert ( s2k->hash_algo ); - dek->keylen = gcry_cipher_get_algo_keylen (dek->algo); + dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo); if ( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) ) BUG(); diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 5a8c0c01f..c0167b12e 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -1,6 +1,6 @@ /* pubkey-enc.c - public key encoded packet handling * Copyright (C) 1998, 1999, 2000, 2001, 2002, - * 2006 Free Software Foundation, Inc. + * 2006, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -251,7 +251,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid ) dek->algo = 0; goto leave; } - if ( dek->keylen != gcry_cipher_get_algo_keylen (dek->algo) ) { + if ( dek->keylen != openpgp_cipher_get_algo_keylen (dek->algo) ) { rc = GPG_ERR_WRONG_SECKEY; goto leave; } diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 841421d94..821673541 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -1,6 +1,6 @@ /* seckey-cert.c - secret key certificate packet handling * Copyright (C) 1998, 1999, 2000, 2001, 2002, - * 2006 Free Software Foundation, Inc. + * 2006, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -86,11 +86,11 @@ do_check( PKT_secret_key *sk, const char *tryagain_text, int mode, return G10ERR_GENERAL; - err = gcry_cipher_open (&cipher_hd, sk->protect.algo, - GCRY_CIPHER_MODE_CFB, - (GCRY_CIPHER_SECURE - | (sk->protect.algo >= 100 ? - 0 : GCRY_CIPHER_ENABLE_SYNC))); + err = openpgp_cipher_open (&cipher_hd, sk->protect.algo, + GCRY_CIPHER_MODE_CFB, + (GCRY_CIPHER_SECURE + | (sk->protect.algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC))); if (err) log_fatal ("cipher open failed: %s\n", gpg_strerror (err) ); @@ -351,16 +351,16 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) else { print_cipher_algo_note( sk->protect.algo ); - if ( gcry_cipher_open (&cipher_hd, sk->protect.algo, - GCRY_CIPHER_MODE_CFB, - (GCRY_CIPHER_SECURE - | (sk->protect.algo >= 100 ? - 0 : GCRY_CIPHER_ENABLE_SYNC))) ) + if ( openpgp_cipher_open (&cipher_hd, sk->protect.algo, + GCRY_CIPHER_MODE_CFB, + (GCRY_CIPHER_SECURE + | (sk->protect.algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC))) ) BUG(); if ( gcry_cipher_setkey ( cipher_hd, dek->key, dek->keylen ) ) log_info(_("WARNING: Weak key detected" " - please change passphrase again.\n")); - sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo); + sk->protect.ivlen = openpgp_cipher_get_algo_blklen (sk->protect.algo); assert( sk->protect.ivlen <= DIM(sk->protect.iv) ); if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 ) BUG(); /* yes, we are very careful */ @@ -471,4 +471,3 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) } return rc; } - diff --git a/g10/seskey.c b/g10/seskey.c index cc3c32ea7..ccbfe30af 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -1,6 +1,6 @@ /* seskey.c - make sesssion keys etc. * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2004, - * 2006 Free Software Foundation, Inc. + * 2006, 2009 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -40,12 +40,12 @@ make_session_key( DEK *dek ) gcry_cipher_hd_t chd; int i, rc; - dek->keylen = gcry_cipher_get_algo_keylen (dek->algo); + dek->keylen = openpgp_cipher_get_algo_keylen (dek->algo); - if (gcry_cipher_open (&chd, dek->algo, GCRY_CIPHER_MODE_CFB, - (GCRY_CIPHER_SECURE - | (dek->algo >= 100 ? - 0 : GCRY_CIPHER_ENABLE_SYNC))) ) + if (openpgp_cipher_open (&chd, dek->algo, GCRY_CIPHER_MODE_CFB, + (GCRY_CIPHER_SECURE + | (dek->algo >= 100 ? + 0 : GCRY_CIPHER_ENABLE_SYNC))) ) BUG(); gcry_randomize (dek->key, dek->keylen, GCRY_STRONG_RANDOM ); for (i=0; i < 16; i++ ) |