diff options
Diffstat (limited to 'g10/seckey-cert.c')
| -rw-r--r-- | g10/seckey-cert.c | 120 |
1 files changed, 60 insertions, 60 deletions
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 508187fb8..042b90fe8 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -35,76 +35,76 @@ static int -do_check( PKT_secret_cert *cert ) +do_check( PKT_secret_key *sk ) { byte *buffer; u16 csum=0; int i, res; unsigned nbytes; - if( cert->is_protected ) { /* remove the protection */ + if( sk->is_protected ) { /* remove the protection */ DEK *dek = NULL; u32 keyid[2]; CIPHER_HANDLE cipher_hd=NULL; - PKT_secret_cert *save_cert; + PKT_secret_key *save_sk; char save_iv[8]; - if( cert->protect.algo == CIPHER_ALGO_NONE ) + if( sk->protect.algo == CIPHER_ALGO_NONE ) BUG(); - if( check_cipher_algo( cert->protect.algo ) ) + if( check_cipher_algo( sk->protect.algo ) ) return G10ERR_CIPHER_ALGO; /* unsupported protection algorithm */ - keyid_from_skc( cert, keyid ); - dek = passphrase_to_dek( keyid, cert->protect.algo, - &cert->protect.s2k, 0 ); - cipher_hd = cipher_open( cert->protect.algo, + keyid_from_sk( sk, keyid ); + dek = passphrase_to_dek( keyid, sk->protect.algo, + &sk->protect.s2k, 0 ); + cipher_hd = cipher_open( sk->protect.algo, CIPHER_MODE_AUTO_CFB, 1); cipher_setkey( cipher_hd, dek->key, dek->keylen ); cipher_setiv( cipher_hd, NULL ); m_free(dek); - save_cert = copy_secret_cert( NULL, cert ); - memcpy(save_iv, cert->protect.iv, 8 ); - cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 ); + save_sk = copy_secret_key( NULL, sk ); + memcpy(save_iv, sk->protect.iv, 8 ); + cipher_decrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); csum = 0; - for(i=pubkey_get_npkey(cert->pubkey_algo); - i < pubkey_get_nskey(cert->pubkey_algo); i++ ) { - buffer = mpi_get_secure_buffer( cert->skey[i], &nbytes, NULL ); + for(i=pubkey_get_npkey(sk->pubkey_algo); + i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { + buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL ); cipher_sync( cipher_hd ); - assert( mpi_is_protected(cert->skey[i]) ); + assert( mpi_is_protected(sk->skey[i]) ); cipher_decrypt( cipher_hd, buffer, buffer, nbytes ); - mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 ); - mpi_clear_protect_flag( cert->skey[i] ); - csum += checksum_mpi( cert->skey[i] ); + mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 ); + mpi_clear_protect_flag( sk->skey[i] ); + csum += checksum_mpi( sk->skey[i] ); m_free( buffer ); } if( opt.emulate_bugs & 1 ) { - csum = cert->csum; + csum = sk->csum; } cipher_close( cipher_hd ); /* now let's see whether we have used the right passphrase */ - if( csum != cert->csum ) { - copy_secret_cert( cert, save_cert ); - free_secret_cert( save_cert ); - memcpy( cert->protect.iv, save_iv, 8 ); + if( csum != sk->csum ) { + copy_secret_key( sk, save_sk ); + free_secret_key( save_sk ); + memcpy( sk->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } /* the checksum may fail, so we also check the key itself */ - res = pubkey_check_secret_key( cert->pubkey_algo, cert->skey ); + res = pubkey_check_secret_key( sk->pubkey_algo, sk->skey ); if( res ) { - copy_secret_cert( cert, save_cert ); - free_secret_cert( save_cert ); - memcpy( cert->protect.iv, save_iv, 8 ); + copy_secret_key( sk, save_sk ); + free_secret_key( save_sk ); + memcpy( sk->protect.iv, save_iv, 8 ); return G10ERR_BAD_PASS; } - free_secret_cert( save_cert ); - cert->is_protected = 0; + free_secret_key( save_sk ); + sk->is_protected = 0; } else { /* not protected, assume it is okay if the checksum is okay */ csum = 0; - for(i=pubkey_get_npkey(cert->pubkey_algo); - i < pubkey_get_nskey(cert->pubkey_algo); i++ ) { - csum += checksum_mpi( cert->skey[i] ); + for(i=pubkey_get_npkey(sk->pubkey_algo); + i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { + csum += checksum_mpi( sk->skey[i] ); } - if( csum != cert->csum ) + if( csum != sk->csum ) return G10ERR_CHECKSUM; } @@ -114,11 +114,11 @@ do_check( PKT_secret_cert *cert ) /**************** - * Check the secret key certificate + * Check the secret key * Ask up to 3 times for a correct passphrase */ int -check_secret_key( PKT_secret_cert *cert ) +check_secret_key( PKT_secret_key *sk ) { int rc = G10ERR_BAD_PASS; int i; @@ -126,20 +126,20 @@ check_secret_key( PKT_secret_cert *cert ) for(i=0; i < 3 && rc == G10ERR_BAD_PASS; i++ ) { if( i ) log_error(_("Invalid passphrase; please try again ...\n")); - rc = do_check( cert ); + rc = do_check( sk ); #if 0 /* set to 1 to enable the workaround */ - if( rc == G10ERR_BAD_PASS && cert->is_protected - && cert->protect.algo == CIPHER_ALGO_BLOWFISH - && cert->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) { + if( rc == G10ERR_BAD_PASS && sk->is_protected + && sk->protect.algo == CIPHER_ALGO_BLOWFISH + && sk->pubkey_algo != PUBKEY_ALGO_ELGAMAL ) { /* Workaround for a bug in 0.2.16 which still used * a 160 bit key for BLOWFISH. */ log_info("trying workaround for 0.2.16 passphrase bug ...\n"); log_info("If you don't need this, uncomment it in g10/seckey-cert.c\n\n"); - cert->protect.algo = CIPHER_ALGO_BLOWFISH160; - rc = do_check( cert ); + sk->protect.algo = CIPHER_ALGO_BLOWFISH160; + rc = do_check( sk ); if( rc ) rc = G10ERR_BAD_PASS; - cert->protect.algo = CIPHER_ALGO_BLOWFISH; + sk->protect.algo = CIPHER_ALGO_BLOWFISH; } #endif if( get_passphrase_fd() != -1 ) @@ -154,18 +154,18 @@ check_secret_key( PKT_secret_cert *cert ) * Returns: 0 not protected, -1 on error or the protection algorithm */ int -is_secret_key_protected( PKT_secret_cert *cert ) +is_secret_key_protected( PKT_secret_key *sk ) { - return cert->is_protected? cert->protect.algo : 0; + return sk->is_protected? sk->protect.algo : 0; } /**************** - * Protect the secret key certificate with the passphrase from DEK + * Protect the secret key with the passphrase from DEK */ int -protect_secret_key( PKT_secret_cert *cert, DEK *dek ) +protect_secret_key( PKT_secret_key *sk, DEK *dek ) { int i, rc = 0; byte *buffer; @@ -175,33 +175,33 @@ protect_secret_key( PKT_secret_cert *cert, DEK *dek ) if( !dek ) return 0; - if( !cert->is_protected ) { /* okay, apply the protection */ + if( !sk->is_protected ) { /* okay, apply the protection */ CIPHER_HANDLE cipher_hd=NULL; - if( check_cipher_algo( cert->protect.algo ) ) + if( check_cipher_algo( sk->protect.algo ) ) rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ else { - cipher_hd = cipher_open( cert->protect.algo, + cipher_hd = cipher_open( sk->protect.algo, CIPHER_MODE_AUTO_CFB, 1 ); cipher_setkey( cipher_hd, dek->key, dek->keylen ); cipher_setiv( cipher_hd, NULL ); - cipher_encrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 ); + cipher_encrypt( cipher_hd, sk->protect.iv, sk->protect.iv, 8 ); /* NOTE: we always recalculate the checksum because there are some * test releases which calculated it wrong */ csum = 0; - for(i=pubkey_get_npkey(cert->pubkey_algo); - i < pubkey_get_nskey(cert->pubkey_algo); i++ ) { - csum += checksum_mpi_counted_nbits( cert->skey[i] ); - buffer = mpi_get_buffer( cert->skey[i], &nbytes, NULL ); + for(i=pubkey_get_npkey(sk->pubkey_algo); + i < pubkey_get_nskey(sk->pubkey_algo); i++ ) { + csum += checksum_mpi_counted_nbits( sk->skey[i] ); + buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL ); cipher_sync( cipher_hd ); - assert( !mpi_is_protected(cert->skey[i]) ); + assert( !mpi_is_protected(sk->skey[i]) ); cipher_encrypt( cipher_hd, buffer, buffer, nbytes ); - mpi_set_buffer( cert->skey[i], buffer, nbytes, 0 ); - mpi_set_protect_flag( cert->skey[i] ); + mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 ); + mpi_set_protect_flag( sk->skey[i] ); m_free( buffer ); } - cert->csum = csum; - cert->is_protected = 1; + sk->csum = csum; + sk->is_protected = 1; cipher_close( cipher_hd ); } } |