diff options
| author | Werner Koch <wk@gnupg.org> | 1999-11-13 17:43:23 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 1999-11-13 17:43:23 +0100 |
| commit | 881e51323749ba797202d8a4119910e6f9d2f727 (patch) | |
| tree | 3de535d07143b9b3513b524dd81f32a5305756b1 /g10 | |
| parent | See ChangeLog: Thu Oct 28 16:17:46 CEST 1999 Werner Koch (diff) | |
| download | gnupg2-881e51323749ba797202d8a4119910e6f9d2f727.tar.xz gnupg2-881e51323749ba797202d8a4119910e6f9d2f727.zip | |
See ChangeLog: Sat Nov 13 17:44:23 CET 1999 Werner Koch
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/ChangeLog | 43 | ||||
| -rw-r--r-- | g10/Makefile.am | 4 | ||||
| -rw-r--r-- | g10/build-packet.c | 1 | ||||
| -rw-r--r-- | g10/cipher.c | 2 | ||||
| -rw-r--r-- | g10/encode.c | 2 | ||||
| -rw-r--r-- | g10/encr-data.c | 1 | ||||
| -rw-r--r-- | g10/free-packet.c | 1 | ||||
| -rw-r--r-- | g10/g10.c | 27 | ||||
| -rw-r--r-- | g10/getkey.c | 29 | ||||
| -rw-r--r-- | g10/gpgd.c | 2 | ||||
| -rw-r--r-- | g10/import.c | 4 | ||||
| -rw-r--r-- | g10/keyedit.c | 2 | ||||
| -rw-r--r-- | g10/keygen.c | 26 | ||||
| -rw-r--r-- | g10/keyid.c | 18 | ||||
| -rw-r--r-- | g10/keylist.c | 5 | ||||
| -rw-r--r-- | g10/main.h | 8 | ||||
| -rw-r--r-- | g10/mainproc.c | 9 | ||||
| -rw-r--r-- | g10/misc.c | 57 | ||||
| -rw-r--r-- | g10/packet.h | 14 | ||||
| -rw-r--r-- | g10/passphrase.c | 2 | ||||
| -rw-r--r-- | g10/pkclist.c | 11 | ||||
| -rw-r--r-- | g10/pubkey-enc.c | 10 | ||||
| -rw-r--r-- | g10/seckey-cert.c | 5 | ||||
| -rw-r--r-- | g10/seskey.c | 10 | ||||
| -rw-r--r-- | g10/sig-check.c | 84 | ||||
| -rw-r--r-- | g10/sign.c | 77 | ||||
| -rw-r--r-- | g10/skclist.c | 36 | ||||
| -rw-r--r-- | g10/trustdb.c | 5 |
28 files changed, 349 insertions, 146 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index c7c3dc204..3ae1255af 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,46 @@ +Sat Nov 13 17:44:23 CET 1999 Werner Koch <wk@gnupg.de> + + * mainproc.c (list_node): Print the PK algo in the --with-colon mode. + * keylist.c (list_keyblock): Ditto. + + * misc.c (pull_in_libs): Removed pull in of g10c. + + * misc.c (map_gcry_rc): Removed here and chnaged all users. + + * getkey.c: Replaced check_pubkey_algo by openpgp_pk_test_algo. + * import.c (delete_inv_parts): Ditto. + * pkclist.c: Ditto. + * skclist.c: Ditto. + * pubkey-enc.c: Ditto. + + * g10.c (main): Replaced the function to diable PK algos. + + * g10.c (main): Replaced get_random_bits by gcry_random_bytes. + * seskey.c (encode_session_key): Likewise. + (make_session_key): Renamed randomize_buffer to gcry_randomize + and use the GCRY_xxx_RANDOM constants. + * cipher.c (write_header): Ditto. + * passphrase.c (hash_passphrase): Ditto. + * seckey-cert.c (protect_secret_key): Ditto. + + * getkey.c (find_by_name): Replaced rmd160_hash_buffer + by gcry_md_hash_buffer. + * keyedit.c (show_prefs): Ditto. + * keylist.c (list_keyblock): Ditto. + * trustdb.c (print_uid_from_keyblock): Ditto. + (make_uid_records): Ditto. + + * skclist.c (build_sk_list): Removed the test on faked RNGs. + (is_insecure): Removed. + * g10.c (--quick-random): Removed this option. + + * Replaced all PUBKEY_ALGO_xxx by GCRY_PK_xxxx. + + * misc.c (pubkey_algo_npkey): New as a wrapper around the gcry fucntion. + (pubkey_algo_nskey): Ditto. + (pubkey_algo_nsig): Ditto. + (pubkey_algo_nenc): Ditto. + Tue Oct 26 20:03:44 CEST 1999 Werner Koch <wk@gnupg.de> * Makefile.am (basicdefs.h): Added. diff --git a/g10/Makefile.am b/g10/Makefile.am index 8e0ac443f..299ea5131 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -4,8 +4,8 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl EXTRA_DIST = OPTIONS pubring.asc options.skel OMIT_DEPENDENCIES = zlib.h zconf.h LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@ -needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la \ - ../gcrypt/libgcrypt.la +##needed_libs = ../util/libutil.la ../gcrypt/libgcrypt.la +needed_libs = #noinst_PROGRAMS = gpgd bin_PROGRAMS = gpg diff --git a/g10/build-packet.c b/g10/build-packet.c index 5e56c2048..eb2608a44 100644 --- a/g10/build-packet.c +++ b/g10/build-packet.c @@ -32,6 +32,7 @@ #include "cipher.h" #include "memory.h" #include "options.h" +#include "main.h" static int do_comment( IOBUF out, int ctb, PKT_comment *rem ); diff --git a/g10/cipher.c b/g10/cipher.c index c0f10ff19..162bbc35f 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -69,7 +69,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) if( blocksize < 8 || blocksize > 16 ) log_fatal("unsupported blocksize %d\n", blocksize ); nprefix = blocksize; - randomize_buffer( temp, nprefix, 1 ); + gcry_randomize( temp, nprefix, GCRY_STRONG_RANDOM ); temp[nprefix] = temp[nprefix-2]; temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); diff --git a/g10/encode.c b/g10/encode.c index fe054fdab..e87616d70 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -252,7 +252,7 @@ encode_crypt( const char *filename, STRLIST remusr ) memset( &tfx, 0, sizeof tfx); init_packet(&pkt); - if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) ) + if( (rc=build_pk_list( remusr, &pk_list, GCRY_PK_USAGE_ENCR)) ) return rc; /* prepare iobufs */ diff --git a/g10/encr-data.c b/g10/encr-data.c index 1dd6e0e77..7f5b16392 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -104,7 +104,6 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek ) } else if( rc ) { log_error("key setup failed: %s\n", gcry_strerror(rc) ); - rc = map_gcry_rc(rc); goto leave; } diff --git a/g10/free-packet.c b/g10/free-packet.c index 0a61e222c..4c533d859 100644 --- a/g10/free-packet.c +++ b/g10/free-packet.c @@ -31,6 +31,7 @@ #include "cipher.h" #include "memory.h" #include "options.h" +#include "main.h" void free_symkey_enc( PKT_symkey_enc *enc ) @@ -131,7 +131,6 @@ enum cmd_and_opt_values { aNull = 0, oDigestAlgo, oCompressAlgo, oPasswdFD, - oQuickRandom, oNoVerbose, oTrustDBName, oNoSecmemWarn, @@ -301,7 +300,6 @@ static ARGPARSE_OPTS opts[] = { { oKOption, NULL, 0, "@"}, { oPasswdFD, "passphrase-fd",1, "@" }, { aDeleteSecretKey, "delete-secret-key",0, "@" }, - { oQuickRandom, "quick-random", 0, "@"}, { oNoVerbose, "no-verbose", 0, "@"}, { oTrustDBName, "trustdb-name", 2, "@" }, { oNoSecmemWarn, "no-secmem-warning", 0, "@" }, /* used only by regression tests */ @@ -362,6 +360,13 @@ static void print_mds( const char *fname, int algo ); static void add_notation_data( const char *string ); static int check_policy_url( const char *s ); +static int +our_pk_test_algo( int algo ) +{ + return openpgp_pk_test_algo( algo, 0 ); +} + + const char * strusage( int level ) { @@ -395,7 +400,7 @@ strusage( int level ) case 33: if( !pubkeys ) pubkeys = build_list("Pubkey: ", gcry_pk_algo_name, - openpgp_pk_test_algo ); + our_pk_test_algo ); p = pubkeys; break; case 34: @@ -745,7 +750,6 @@ main( int argc, char **argv ) case oNoGreeting: nogreeting = 1; break; case oNoVerbose: g10_opt_verbose = 0; opt.verbose = 0; opt.list_sigs=0; break; - case oQuickRandom: quick_random_gen(1); break; case oNoComment: opt.no_comment=1; break; case oNoVersion: opt.no_version=1; break; case oEmitVersion: opt.no_version=0; break; @@ -858,8 +862,11 @@ main( int argc, char **argv ) &algo, sizeof algo ); } break; - case oDisablePubkeyAlgo: - disable_pubkey_algo( gcry_pk_map_name(pargs.r.ret_str) ); + case oDisablePubkeyAlgo: { + int algo = gcry_pk_map_name(pargs.r.ret_str); + gcry_pk_ctl( GCRYCTL_DISABLE_ALGO, + &algo, sizeof algo ); + } break; case oAllowNonSelfsignedUID: opt.allow_non_selfsigned_uid = 1; @@ -1274,6 +1281,7 @@ main( int argc, char **argv ) case aPrimegen: { int mode = argc < 2 ? 0 : atoi(*argv); + #if 0 /* FIXME: disabled until we have an API to create primes */ if( mode == 1 && argc == 2 ) { mpi_print( stdout, generate_public_prime( atoi(argv[1]) ), 1); } @@ -1300,6 +1308,7 @@ main( int argc, char **argv ) mpi_free(g); } else + #endif wrong_args("--gen-prime mode bits [qbits] "); putchar('\n'); } @@ -1318,7 +1327,7 @@ main( int argc, char **argv ) byte *p; size_t n = !endless && count < 100? count : 100; - p = get_random_bits( n*8, level, 0); + p = gcry_random_bytes( n, level ); fwrite( p, n, 1, stdout ); m_free(p); if( !endless ) @@ -1457,10 +1466,10 @@ g10_exit( int rc ) { if( opt.debug & DBG_MEMSTAT_VALUE ) { m_print_stats("on exit"); - random_dump_stats(); + gcry_control( GCRYCTL_DUMP_RANDOM_STATS ); } if( opt.debug ) - secmem_dump_stats(); + gcry_control( GCRYCTL_DUMP_SECMEM_STATS ); secmem_term(); rc = rc? rc : log_get_errorcount(0)? 2 : g10_errors_seen? 1 : 0; diff --git a/g10/getkey.c b/g10/getkey.c index fb5f1bc3e..a94b5de48 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -24,6 +24,7 @@ #include <string.h> #include <assert.h> #include <ctype.h> +#include <gcrypt.h> #include "util.h" #include "packet.h" #include "memory.h" @@ -185,7 +186,7 @@ cache_public_key( PKT_public_key *pk ) return; if( is_ELGAMAL(pk->pubkey_algo) - || pk->pubkey_algo == PUBKEY_ALGO_DSA + || pk->pubkey_algo == GCRY_PK_DSA || is_RSA(pk->pubkey_algo) ) { keyid_from_pk( pk, keyid ); } @@ -1269,7 +1270,7 @@ find_by_name( KBNODE keyblock, PKT_public_key *pk, const char *name, || pk->pubkey_algo == kk->pkt->pkt.public_key->pubkey_algo) && ( !pk->pubkey_usage - || !check_pubkey_algo2( + || !openpgp_pk_test_algo( kk->pkt->pkt.public_key->pubkey_algo, pk->pubkey_usage )) ) @@ -1279,7 +1280,7 @@ find_by_name( KBNODE keyblock, PKT_public_key *pk, const char *name, u32 aki[2]; keyid_from_pk( kk->pkt->pkt.public_key, aki ); cache_user_id( k->pkt->pkt.user_id, aki ); - rmd160_hash_buffer( namehash, + gcry_md_hash_buffer( GCRY_MD_RMD160, namehash, k->pkt->pkt.user_id->name, k->pkt->pkt.user_id->len ); *use_namehash = 1; @@ -1312,7 +1313,7 @@ find_by_name_sk( KBNODE keyblock, PKT_secret_key *sk, const char *name, || sk->pubkey_algo == kk->pkt->pkt.secret_key->pubkey_algo) && ( !sk->pubkey_usage - || !check_pubkey_algo2( + || !openpgp_pk_test_algo( kk->pkt->pkt.secret_key->pubkey_algo, sk->pubkey_usage )) ) @@ -1530,7 +1531,7 @@ finish_lookup( KBNODE keyblock, PKT_public_key *pk, KBNODE k, byte *namehash, } else { if( primary && pk->pubkey_usage - && check_pubkey_algo2( k->pkt->pkt.public_key->pubkey_algo, + && openpgp_pk_test_algo( k->pkt->pkt.public_key->pubkey_algo, pk->pubkey_usage ) == G10ERR_WR_PUBKEY_ALGO ) { /* if the usage is not correct, try to use a subkey */ KBNODE save_k = k; @@ -1538,12 +1539,12 @@ finish_lookup( KBNODE keyblock, PKT_public_key *pk, KBNODE k, byte *namehash, k = NULL; /* kludge for pgp 5: which doesn't accept type 20: * try to use a type 16 subkey instead */ - if( pk->pubkey_usage == PUBKEY_USAGE_ENC ) { + if( pk->pubkey_usage == GCRY_PK_USAGE_ENCR ) { for( k = save_k; k; k = k->next ) { if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY && k->pkt->pkt.public_key->pubkey_algo - == PUBKEY_ALGO_ELGAMAL_E - && !check_pubkey_algo2( + == GCRY_PK_ELG_E + && !openpgp_pk_test_algo( k->pkt->pkt.public_key->pubkey_algo, pk->pubkey_usage ) ) break; @@ -1553,7 +1554,7 @@ finish_lookup( KBNODE keyblock, PKT_public_key *pk, KBNODE k, byte *namehash, if( !k ) { for(k = save_k ; k; k = k->next ) { if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY - && !check_pubkey_algo2( + && !openpgp_pk_test_algo( k->pkt->pkt.public_key->pubkey_algo, pk->pubkey_usage ) ) break; @@ -1586,7 +1587,7 @@ finish_lookup_sk( KBNODE keyblock, PKT_secret_key *sk, KBNODE k, int primary ) } else { if( primary && sk->pubkey_usage - && check_pubkey_algo2( k->pkt->pkt.secret_key->pubkey_algo, + && openpgp_pk_test_algo( k->pkt->pkt.secret_key->pubkey_algo, sk->pubkey_usage ) == G10ERR_WR_PUBKEY_ALGO ) { /* if the usage is not correct, try to use a subkey */ KBNODE save_k = k; @@ -1594,12 +1595,12 @@ finish_lookup_sk( KBNODE keyblock, PKT_secret_key *sk, KBNODE k, int primary ) k = NULL; /* kludge for pgp 5: which doesn't accept type 20: * try to use a type 16 subkey instead */ - if( sk->pubkey_usage == PUBKEY_USAGE_ENC ) { + if( sk->pubkey_usage == GCRY_PK_USAGE_ENCR ) { for( k = save_k; k; k = k->next ) { if( k->pkt->pkttype == PKT_SECRET_SUBKEY && k->pkt->pkt.secret_key->pubkey_algo - == PUBKEY_ALGO_ELGAMAL_E - && !check_pubkey_algo2( + == GCRY_PK_ELG_E + && !openpgp_pk_test_algo( k->pkt->pkt.secret_key->pubkey_algo, sk->pubkey_usage ) ) break; @@ -1609,7 +1610,7 @@ finish_lookup_sk( KBNODE keyblock, PKT_secret_key *sk, KBNODE k, int primary ) if( !k ) { for(k = save_k ; k; k = k->next ) { if( k->pkt->pkttype == PKT_SECRET_SUBKEY - && !check_pubkey_algo2( + && !openpgp_pk_test_algo( k->pkt->pkt.secret_key->pubkey_algo, sk->pubkey_usage ) ) break; diff --git a/g10/gpgd.c b/g10/gpgd.c index 8f99a0533..d68e5a843 100644 --- a/g10/gpgd.c +++ b/g10/gpgd.c @@ -85,7 +85,7 @@ strusage( int level ) case 33: if( !pubkeys ) pubkeys = build_list("Supported pubkeys: ", pubkey_algo_to_string, - check_pubkey_algo ); + openpgp_pk_test_algo ); p = pubkeys; break; case 34: diff --git a/g10/import.c b/g10/import.c index 92cd93c24..368ea8b75 100644 --- a/g10/import.c +++ b/g10/import.c @@ -831,8 +831,8 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid ) } } else if( node->pkt->pkttype == PKT_SIGNATURE - && check_pubkey_algo( node->pkt->pkt.signature->pubkey_algo) - && node->pkt->pkt.signature->pubkey_algo != PUBKEY_ALGO_RSA ) + && openpgp_pk_test_algo( node->pkt->pkt.signature->pubkey_algo, 0) + && node->pkt->pkt.signature->pubkey_algo != GCRY_PK_RSA ) delete_kbnode( node ); /* build_packet() can't handle this */ else if( node->pkt->pkttype == PKT_SIGNATURE && (p = parse_sig_subpkt2( node->pkt->pkt.signature, diff --git a/g10/keyedit.c b/g10/keyedit.c index 8daa7c4f5..91bba4723 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -1005,7 +1005,7 @@ show_prefs( KBNODE keyblock, PKT_user_id *uid ) return; } - rmd160_hash_buffer( namehash, uid->name, uid->len ); + gcry_md_hash_buffer( GCRY_MD_RMD160, namehash, uid->name, uid->len ); p = get_pref_data( pk->local_id, namehash, &n ); if( !p ) diff --git a/g10/keygen.c b/g10/keygen.c index 0ed07e690..b4da909f8 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -280,7 +280,7 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, if( nbits > 1024 ) nbits = 1024; - rc = pubkey_generate( PUBKEY_ALGO_DSA, nbits, skey, &factors ); + rc = pubkey_generate( GCRY_PK_DSA, nbits, skey, &factors ); if( rc ) { log_error("pubkey_generate failed: %s\n", g10_errstr(rc) ); return rc; @@ -293,7 +293,7 @@ gen_dsa(unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, if( expireval ) { sk->expiredate = pk->expiredate = sk->timestamp + expireval; } - sk->pubkey_algo = pk->pubkey_algo = PUBKEY_ALGO_DSA; + sk->pubkey_algo = pk->pubkey_algo = GCRY_PK_DSA; pk->pkey[0] = mpi_copy( skey[0] ); pk->pkey[1] = mpi_copy( skey[1] ); pk->pkey[2] = mpi_copy( skey[2] ); @@ -407,21 +407,21 @@ ask_algo( int *ret_v4, int addmode ) else if( algo == 4 ) { if( cpr_get_answer_is_yes("keygen.algo.elg_se",_( "Do you really want to create a sign and encrypt key? "))) { - algo = PUBKEY_ALGO_ELGAMAL; + algo = GCRY_PK_ELG; break; } } else if( algo == 3 && addmode ) { - algo = PUBKEY_ALGO_ELGAMAL_E; + algo = GCRY_PK_ELG_E; break; } else if( algo == 2 ) { - algo = PUBKEY_ALGO_DSA; + algo = GCRY_PK_DSA; break; } #if 0 else if( algo == 5 ) { - algo = PUBKEY_ALGO_ELGAMAL_E; + algo = GCRY_PK_ELG_E; *ret_v4 = 0; break; } @@ -450,7 +450,7 @@ ask_keysize( int algo ) cpr_kill_prompt(); nbits = *answer? atoi(answer): 1024; m_free(answer); - if( algo == PUBKEY_ALGO_DSA && (nbits < 512 || nbits > 1024) ) + if( algo == GCRY_PK_DSA && (nbits < 512 || nbits > 1024) ) tty_printf(_("DSA only allows keysizes from 512 to 1024\n")); else if( nbits < 768 ) tty_printf(_("keysize too small; 768 is smallest value allowed.\n")); @@ -487,7 +487,7 @@ ask_keysize( int algo ) break; } tty_printf(_("Requested keysize is %u bits\n"), nbits ); - if( algo == PUBKEY_ALGO_DSA && (nbits % 64) ) { + if( algo == GCRY_PK_DSA && (nbits % 64) ) { nbits = ((nbits + 63) / 64) * 64; tty_printf(_("rounded up to %u bits\n"), nbits ); } @@ -788,10 +788,10 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, "disks) during the prime generation; this gives the random number\n" "generator a better chance to gain enough entropy.\n") ); - if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E ) + if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k, sk, expiredate, v4_packet? 4:3 ); - else if( algo == PUBKEY_ALGO_DSA ) + else if( algo == GCRY_PK_DSA ) rc = gen_dsa(nbits, pub_root, sec_root, dek, s2k, sk, expiredate); else BUG(); @@ -859,7 +859,7 @@ generate_keypair() algo = ask_algo( &v4, 0 ); if( !algo ) { - algo = PUBKEY_ALGO_ELGAMAL_E; + algo = GCRY_PK_ELG_E; both = 1; tty_printf(_("DSA keypair will have 1024 bits.\n")); } @@ -890,7 +890,7 @@ generate_keypair() sec_root = make_comment_node("#"); delete_kbnode(sec_root); if( both ) - rc = do_create( PUBKEY_ALGO_DSA, 1024, pub_root, sec_root, + rc = do_create( GCRY_PK_DSA, 1024, pub_root, sec_root, dek, s2k, &sk, expire, 1); else rc = do_create( algo, nbits, pub_root, sec_root, @@ -956,7 +956,7 @@ generate_keypair() log_error("can't write secret key: %s\n", g10_errstr(rc) ); else { tty_printf(_("public and secret key created and signed.\n") ); - if( algo == PUBKEY_ALGO_DSA ) + if( algo == GCRY_PK_DSA ) tty_printf(_("Note that this key cannot be used for " "encryption. You may want to use\n" "the command \"--edit-key\" to generate a " diff --git a/g10/keyid.c b/g10/keyid.c index b4d745a7c..0c82aa193 100644 --- a/g10/keyid.c +++ b/g10/keyid.c @@ -38,12 +38,12 @@ int pubkey_letter( int algo ) { switch( algo ) { - case PUBKEY_ALGO_RSA: return 'R' ; - case PUBKEY_ALGO_RSA_E: return 'r' ; - case PUBKEY_ALGO_RSA_S: return 's' ; - case PUBKEY_ALGO_ELGAMAL_E: return 'g'; - case PUBKEY_ALGO_ELGAMAL: return 'G' ; - case PUBKEY_ALGO_DSA: return 'D' ; + case GCRY_PK_RSA: return 'R' ; + case GCRY_PK_RSA_E: return 'r' ; + case GCRY_PK_RSA_S: return 's' ; + case GCRY_PK_ELG_E: return 'g'; + case GCRY_PK_ELG: return 'G' ; + case GCRY_PK_DSA: return 'D' ; default: return '?'; } } @@ -54,9 +54,9 @@ do_fingerprint_md( PKT_public_key *pk ) { GCRY_MD_HD md; unsigned n; - unsigned nb[PUBKEY_MAX_NPKEY]; - unsigned nn[PUBKEY_MAX_NPKEY]; - byte *pp[PUBKEY_MAX_NPKEY]; + unsigned nb[GNUPG_MAX_NPKEY]; + unsigned nn[GNUPG_MAX_NPKEY]; + byte *pp[GNUPG_MAX_NPKEY]; int i; int npkey = pubkey_get_npkey( pk->pubkey_algo ); diff --git a/g10/keylist.c b/g10/keylist.c index 91a13afaf..53e88f468 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -243,7 +243,7 @@ list_keyblock( KBNODE keyblock, int secret ) byte namehash[20]; if( pk && !ulti_hack ) { - rmd160_hash_buffer( namehash, + gcry_md_hash_buffer( GCRY_MD_RMD160, namehash, node->pkt->pkt.user_id->name, node->pkt->pkt.user_id->len ); trustletter = query_trust_info( pk, namehash ); @@ -394,7 +394,8 @@ list_keyblock( KBNODE keyblock, int secret ) putchar(':'); if( sigrc != ' ' ) putchar(sigrc); - printf(":::%08lX%08lX:%s::::", (ulong)sig->keyid[0], + printf("::%d:%08lX%08lX:%s::::", sig->pubkey_algo, + (ulong)sig->keyid[0], (ulong)sig->keyid[1], datestr_from_sig(sig)); } else diff --git a/g10/main.h b/g10/main.h index 4ccc2f658..dc5eb32c7 100644 --- a/g10/main.h +++ b/g10/main.h @@ -56,9 +56,15 @@ u16 checksum_mpi_counted_nbits( MPI a ); u32 buffer_to_u32( const byte *buffer ); int openpgp_cipher_test_algo( int algo ); -int openpgp_pk_test_algo( int algo ); +int openpgp_pk_test_algo( int algo, unsigned int usage_flags ); int openpgp_md_test_algo( int algo ); +int pubkey_get_npkey( int algo ); +int pubkey_get_nskey( int algo ); +int pubkey_get_nsig( int algo ); +int pubkey_get_nenc( int algo ); + + /*-- helptext.c --*/ void display_online_help( const char *keyword ); diff --git a/g10/mainproc.c b/g10/mainproc.c index 98034bec3..db43e50b3 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1,4 +1,4 @@ -/* maPPPPinproc.c - handle packets +/* mainproc.c - handle packets * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. @@ -221,7 +221,7 @@ proc_pubkey_enc( CTX c, PACKET *pkt ) if( is_ELGAMAL(enc->pubkey_algo) - || enc->pubkey_algo == PUBKEY_ALGO_DSA + || enc->pubkey_algo == GCRY_PK_DSA || is_RSA(enc->pubkey_algo) ) { if ( !c->dek && ((!enc->keyid[0] && !enc->keyid[1]) || !seckey_available( enc->keyid )) ) { @@ -830,7 +830,8 @@ list_node( CTX c, KBNODE node ) putchar(':'); if( sigrc != ' ' ) putchar(sigrc); - printf(":::%08lX%08lX:%s::::", (ulong)sig->keyid[0], + printf("::%d:%08lX%08lX:%s::::", sig->pubkey_algo, + (ulong)sig->keyid[0], (ulong)sig->keyid[1], datestr_from_sig(sig)); } else @@ -1194,7 +1195,7 @@ proc_tree( CTX c, KBNODE node ) BUG(); } else if( sig->digest_algo == DIGEST_ALGO_SHA1 - && sig->pubkey_algo == PUBKEY_ALGO_DSA + && sig->pubkey_algo == GCRY_PK_DSA && sig->sig_class == 0x01 ) { /* enable the workaround also for pgp5 when the detached * signature has been created in textmode */ diff --git a/g10/misc.c b/g10/misc.c index fb9d62f1f..a3ed841db 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -49,7 +49,6 @@ volatile pull_in_libs(void) { g10m_revision_string(0); - g10c_revision_string(0); g10u_revision_string(0); } @@ -253,20 +252,6 @@ print_digest_algo_note( int algo ) } - -/**************** - * Map errors retuned by libgcrypt to those used by GnuPG. - */ -int -map_gcry_rc( int rc ) -{ - switch( rc ) { - case 0: return 0; - default: return G10ERR_GENERAL; - } -} - - /**************** * Wrapper around the libgcrypt function with addional checks on * openPGP contrainst for the algo ID. @@ -275,23 +260,55 @@ int openpgp_cipher_test_algo( int algo ) { if( algo < 0 || algo > 110 ) - return GCRYERR_INV_ALGO; + return GCRYERR_INV_CIPHER_ALGO; return gcry_cipher_test_algo(algo); } int -openpgp_pk_test_algo( int algo ) +openpgp_pk_test_algo( int algo, unsigned int usage_flags ) { + size_t n = usage_flags; + if( algo < 0 || algo > 110 ) - return GCRYERR_INV_ALGO; - return gcry_pk_test_algo(algo); + return GCRYERR_INV_PK_ALGO; + return gcry_pk_algo_info( algo, GCRYCTL_TEST_ALGO, NULL, &n ); } + int openpgp_md_test_algo( int algo ) { if( algo < 0 || algo > 110 ) - return GCRYERR_INV_ALGO; + return GCRYERR_INV_MD_ALGO; return gcry_md_test_algo(algo); } + +int +pubkey_get_npkey( int algo ) +{ + int n = gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NPKEY, NULL, 0 ); + return n > 0? n : 0; +} + +int +pubkey_get_nskey( int algo ) +{ + int n = gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSKEY, NULL, 0 ); + return n > 0? n : 0; +} + +int +pubkey_get_nsig( int algo ) +{ + int n = gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NSIGN, NULL, 0 ); + return n > 0? n : 0; +} + +int +pubkey_get_nenc( int algo ) +{ + int n = gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NENCR, NULL, 0 ); + return n > 0? n : 0; +} + diff --git a/g10/packet.h b/g10/packet.h index f3f8cbd9d..17893875f 100644 --- a/g10/packet.h +++ b/g10/packet.h @@ -27,6 +27,12 @@ #include "cipher.h" #include "filter.h" + +#define GNUPG_MAX_NPKEY 4 +#define GNUPG_MAX_NSKEY 6 +#define GNUPG_MAX_NSIG 2 +#define GNUPG_MAX_NENC 2 + #define DEBUG_PARSE_PACKET 1 typedef enum { @@ -72,7 +78,7 @@ typedef struct { byte version; byte pubkey_algo; /* algorithm used for public key scheme */ byte throw_keyid; - MPI data[PUBKEY_MAX_NENC]; + MPI data[GNUPG_MAX_NENC]; } PKT_pubkey_enc; @@ -102,7 +108,7 @@ typedef struct { byte *hashed_data; /* all subpackets with hashed data (v4 only) */ byte *unhashed_data; /* ditto for unhashed data */ byte digest_start[2]; /* first 2 bytes of the digest */ - MPI data[PUBKEY_MAX_NSIG]; + MPI data[GNUPG_MAX_NSIG]; } PKT_signature; @@ -122,7 +128,7 @@ typedef struct { ulong local_id; /* internal use, valid if > 0 */ u32 keyid[2]; /* calculated by keyid_from_pk() */ byte *namehash; /* if != NULL: found by this name */ - MPI pkey[PUBKEY_MAX_NPKEY]; + MPI pkey[GNUPG_MAX_NPKEY]; } PKT_public_key; typedef struct { @@ -143,7 +149,7 @@ typedef struct { byte ivlen; /* used length of the iv */ byte iv[16]; /* initialization vector for CFB mode */ } protect; - MPI skey[PUBKEY_MAX_NSKEY]; + MPI skey[GNUPG_MAX_NSKEY]; u16 csum; /* checksum */ } PKT_secret_key; diff --git a/g10/passphrase.c b/g10/passphrase.c index 46527d8f5..49b7a60c2 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -254,7 +254,7 @@ hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create ) ulong count = len2; if( create && !pass ) { - randomize_buffer(s2k->salt, 8, 1); + gcry_randomize(s2k->salt, 8, GCRY_STRONG_RANDOM ); if( s2k->mode == 3 ) s2k->count = 96; /* 65536 iterations */ } diff --git a/g10/pkclist.c b/g10/pkclist.c index 7559b1145..6eae1f024 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -24,6 +24,7 @@ #include <string.h> #include <errno.h> #include <assert.h> +#include <gcrypt.h> #include "options.h" #include "packet.h" @@ -687,14 +688,14 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) for( rov = remusr; rov; rov = rov->next ) { if( !(rov->flags & 1) ) any_recipients = 1; - else if( (use & PUBKEY_USAGE_ENC) && !opt.no_encrypt_to ) { + else if( (use & GCRY_PK_USAGE_ENCR) && !opt.no_encrypt_to ) { pk = m_alloc_clear( sizeof *pk ); pk->pubkey_usage = use; if( (rc = get_pubkey_byname( NULL, pk, rov->d, NULL )) ) { free_public_key( pk ); pk = NULL; log_error(_("%s: skipped: %s\n"), rov->d, g10_errstr(rc) ); } - else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) { + else if( !(rc=openpgp_pk_test_algo(pk->pubkey_algo, use )) ) { /* Skip the actual key if the key is already present * in the list */ @@ -750,7 +751,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) rc = get_pubkey_byname( NULL, pk, answer, NULL ); if( rc ) tty_printf(_("No such user ID.\n")); - else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) { + else if( !(rc=openpgp_pk_test_algo(pk->pubkey_algo, use)) ) { if( have_def_rec ) { if (key_present_in_pk_list(pk_list, pk) == 0) { free_public_key(pk); pk = NULL; @@ -815,7 +816,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) rc = get_pubkey_byname( NULL, pk, def_rec, NULL ); if( rc ) log_error(_("unknown default recipient `%s'\n"), def_rec ); - else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use)) ) { + else if( !(rc=openpgp_pk_test_algo(pk->pubkey_algo, use)) ) { PK_LIST r = m_alloc( sizeof *r ); r->pk = pk; pk = NULL; r->next = pk_list; @@ -841,7 +842,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) free_public_key( pk ); pk = NULL; log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) ); } - else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, use )) ) { + else if( !(rc=openpgp_pk_test_algo(pk->pubkey_algo, use )) ) { int trustlevel; rc = check_trust( pk, &trustlevel, NULL, NULL, NULL ); diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 67bb50994..f11e6f12a 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -51,7 +51,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) if( is_RSA(k->pubkey_algo) ) /* warn about that */ write_status(STATUS_RSA_OR_IDEA); - rc = check_pubkey_algo( k->pubkey_algo ); + rc = openpgp_pk_test_algo( k->pubkey_algo, 0 ); if( rc ) goto leave; @@ -149,7 +149,7 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) dek->keylen = nframe - (n+1) - 2; dek->algo = frame[n++]; - if( dek->algo == CIPHER_ALGO_IDEA ) + if( dek->algo == GCRY_CIPHER_IDEA ) write_status(STATUS_RSA_OR_IDEA); rc = openpgp_cipher_test_algo( dek->algo ); if( rc ) { @@ -180,14 +180,14 @@ get_it( PKT_pubkey_enc *k, DEK *dek, PKT_secret_key *sk, u32 *keyid ) log_error("public key problem: %s\n", g10_errstr(rc) ); else if( !pk->local_id && query_trust_record(pk) ) log_error("can't check algorithm against preferences\n"); - else if( dek->algo != CIPHER_ALGO_3DES + else if( dek->algo != GCRY_CIPHER_3DES && !is_algo_in_prefs( pk->local_id, PREFTYPE_SYM, dek->algo ) ) { /* Don't print a note while we are not on verbose mode, * the cipher is blowfish and the preferences have twofish * listed */ - if( opt.verbose || dek->algo != CIPHER_ALGO_BLOWFISH + if( opt.verbose || dek->algo != GCRY_CIPHER_BLOWFISH || !is_algo_in_prefs( pk->local_id, PREFTYPE_SYM, - CIPHER_ALGO_TWOFISH ) ) + GCRY_CIPHER_TWOFISH ) ) log_info(_( "NOTE: cipher algorithm %d not found in preferences\n"), dek->algo ); diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index c153782bf..a0e41eea9 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -258,10 +258,11 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) } assert( sk->protect.ivlen <= DIM(sk->protect.iv) ); - randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1); + gcry_randomize(sk->protect.iv, sk->protect.ivlen, + GCRY_STRONG_RANDOM); gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); if( sk->version >= 4 ) { - #define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY) + #define NMPIS (GNUPG_MAX_NSKEY - GNUPG_MAX_NPKEY) byte *bufarr[NMPIS]; unsigned narr[NMPIS]; unsigned nbits[NMPIS]; diff --git a/g10/seskey.c b/g10/seskey.c index db8f6c62c..19f40636f 100644 --- a/g10/seskey.c +++ b/g10/seskey.c @@ -51,7 +51,7 @@ make_session_key( DEK *dek ) BUG(); } - randomize_buffer( dek->key, dek->keylen, 1 ); + gcry_randomize( dek->key, dek->keylen, GCRY_STRONG_RANDOM ); for(i=0; i < 16; i++ ) { rc = gcry_cipher_setkey( chd, dek->key, dek->keylen ); if( !rc ) { @@ -62,7 +62,7 @@ make_session_key( DEK *dek ) BUG(); log_info(_("weak key created - retrying\n") ); /* Renew the session key until we get a non-weak key. */ - randomize_buffer( dek->key, dek->keylen, 1 ); + gcry_randomize( dek->key, dek->keylen, GCRY_STRONG_RANDOM ); } log_fatal(_( "cannot avoid weak key for symmetric cipher; tried %d times!\n"), @@ -116,7 +116,7 @@ encode_session_key( DEK *dek, unsigned nbits ) frame[n++] = 2; i = nframe - 6 - dek->keylen; assert( i > 0 ); - p = get_random_bits( i*8, 1, 1 ); + p = gcry_random_bytes_secure( i, GCRY_STRONG_RANDOM ); /* replace zero bytes by new values */ for(;;) { int j, k; @@ -129,7 +129,7 @@ encode_session_key( DEK *dek, unsigned nbits ) if( !k ) break; /* okay: no zero bytes */ k += k/128; /* better get some more */ - pp = get_random_bits( k*8, 1, 1); + pp = gcry_random_bytes_secure( k, GCRY_STRONG_RANDOM); for(j=0; j < i && k ; j++ ) if( !p[j] ) p[j] = pp[--k]; @@ -197,7 +197,7 @@ encode_md_value( int pubkey_algo, GCRY_MD_HD md, int hash_algo, unsigned nbits ) int algo = hash_algo? hash_algo : gcry_md_get_algo(md); MPI frame; - if( pubkey_algo == PUBKEY_ALGO_DSA ) { + if( pubkey_algo == GCRY_PK_DSA ) { frame = gcry_md_is_secure(md)? mpi_alloc_secure( (gcry_md_get_algo_dlen(hash_algo) +BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB ) diff --git a/g10/sig-check.c b/g10/sig-check.c index 972c8778d..03477b537 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -47,6 +47,84 @@ static int do_check( PKT_public_key *pk, PKT_signature *sig, /**************** + * Emulate our old PK interface here - sometime in the future we might + * change the internal design to directly fit to libgcrypt. + */ +static int +pk_verify( int algo, MPI hash, MPI *data, MPI *pkey, + int (*cmp)(void *, MPI), void *opaque ) +{ + GCRY_SEXP s_sig, s_hash, s_pkey; + int rc; + + /* forget about cmp and opaque - we never used it */ + + /* make a sexp from pkey */ + if( algo == GCRY_PK_DSA ) { + s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 10 ), + gcry_sexp_vlist( SEXP_NEW( "dsa", 3 ), + gcry_sexp_new_name_mpi( "p", pkey[0] ), + gcry_sexp_new_name_mpi( "q", pkey[1] ), + gcry_sexp_new_name_mpi( "g", pkey[2] ), + gcry_sexp_new_name_mpi( "y", pkey[3] ), + NULL )); + } + else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { + s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 10 ), + gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), + gcry_sexp_new_name_mpi( "p", pkey[0] ), + gcry_sexp_new_name_mpi( "g", pkey[1] ), + gcry_sexp_new_name_mpi( "y", pkey[2] ), + NULL )); + } + else if( algo == GCRY_PK_RSA ) { + s_pkey = SEXP_CONS( SEXP_NEW( "public-key", 10 ), + gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), + gcry_sexp_new_name_mpi( "n", pkey[0] ), + gcry_sexp_new_name_mpi( "e", pkey[1] ), + NULL )); + } + else + return G10ERR_PUBKEY_ALGO; + + /* put hash into a S-Exp s_hash */ + s_hash = gcry_sexp_new_mpi( hash ); + + /* put data into a S-Exp s_sig */ + if( algo == GCRY_PK_DSA ) { + s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), + gcry_sexp_vlist( SEXP_NEW( "dsa", 0 ), + gcry_sexp_new_name_mpi( "r", data[0] ), + gcry_sexp_new_name_mpi( "s", data[1] ), + NULL )); + } + else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { + s_sig = SEXP_CONS( SEXP_NEW( "sig-val", 0 ), + gcry_sexp_vlist( SEXP_NEW( "elg", 0 ), + gcry_sexp_new_name_mpi( "r", data[0] ), + gcry_sexp_new_name_mpi( "s", data[1] ), + NULL )); + } + else if( algo == GCRY_PK_RSA ) { + s_sig = SEXP_CONS( SEXP_NEW( "public-key", 10 ), + gcry_sexp_vlist( SEXP_NEW( "rsa", 3 ), + gcry_sexp_new_name_mpi( "s", data[0] ), + NULL )); + } + else + BUG(); + + + rc = gcry_pk_verify( s_sig, s_hash, s_pkey ); + gcry_sexp_release( s_sig ); + gcry_sexp_release( s_hash ); + gcry_sexp_release( s_pkey ); + return rc; +} + + + +/**************** * Check the signature which is contained in SIG. * The GCRY_MD_HD should be currently open, so that this function * is able to append some data, before finalizing the digest. @@ -293,7 +371,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, GCRY_MD_HD digest ) struct cmp_help_context_s ctx; u32 cur_time; - if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { + if( pk->version == 4 && pk->pubkey_algo == GCRY_PK_ELG_E ) { log_info(_("this is a PGP generated " "ElGamal key which is NOT secure for signatures!\n")); return G10ERR_PUBKEY_ALGO; @@ -327,7 +405,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, GCRY_MD_HD digest ) if( (rc=openpgp_md_test_algo(sig->digest_algo)) ) return rc; - if( (rc=openpgp_pk_test_algo(sig->pubkey_algo)) ) + if( (rc=openpgp_pk_test_algo(sig->pubkey_algo, 0)) ) return rc; /* make sure the digest algo is enabled (in case of a detached signature)*/ @@ -372,7 +450,7 @@ do_check( PKT_public_key *pk, PKT_signature *sig, GCRY_MD_HD digest ) ctx.sig = sig; ctx.md = digest; - rc = pubkey_verify( pk->pubkey_algo, result, sig->data, pk->pkey, + rc = pk_verify( pk->pubkey_algo, result, sig->data, pk->pkey, cmp_help, &ctx ); mpi_free( result ); if( !rc && sig->flags.unknown_critical ) { diff --git a/g10/sign.c b/g10/sign.c index 1f577bef2..3ec430d2f 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -40,6 +40,63 @@ #include "i18n.h" +/**************** + * Emulate our old PK interface here - sometime in the future we might + * change the internal design to directly fit to libgcrypt. + */ +static int +pk_sign( int algo, MPI *data, MPI hash, MPI *skey ) +{ + GCRY_SEXP s_sig, s_hash, s_skey, list; + int rc; + + /* make a sexp from skey */ + if( algo == GCRY_PK_DSA ) { + s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), + gcry_sexp_vlist( SEXP_NEW( "dsa", 3 ), + gcry_sexp_new_name_mpi( "p", skey[0] ), + gcry_sexp_new_name_mpi( "q", skey[1] ), + gcry_sexp_new_name_mpi( "g", skey[2] ), + gcry_sexp_new_name_mpi( "y", skey[3] ), + gcry_sexp_new_name_mpi( "x", skey[4] ), + NULL )); + } + else if( algo == GCRY_PK_ELG || algo == GCRY_PK_ELG_E ) { + s_skey = SEXP_CONS( SEXP_NEW( "private-key", 0 ), + gcry_sexp_vlist( SEXP_NEW( "elg", 3 ), + gcry_sexp_new_name_mpi( "p", skey[0] ), + gcry_sexp_new_name_mpi( "g", skey[1] ), + gcry_sexp_new_name_mpi( "y", skey[2] ), + gcry_sexp_new_name_mpi( "x", skey[3] ), + NULL )); + } + else + return G10ERR_PUBKEY_ALGO; + + /* put hash into a S-Exp s_hash */ + s_hash = gcry_sexp_new_mpi( hash ); + + rc = gcry_pk_sign( &s_sig, s_hash, s_skey ); + gcry_sexp_release( s_hash ); + gcry_sexp_release( s_skey ); + + if( rc ) + ; + else { + list = gcry_sexp_find_token( s_sig, "r" , 0 ); + assert( list ); + data[0] = gcry_sexp_cdr_mpi( list, 0 ); + assert( data[0] ); + list = gcry_sexp_find_token( s_sig, "s" , 0 ); + assert( list ); + data[1] = gcry_sexp_cdr_mpi( list, 0 ); + assert( data[1] ); + } + + + gcry_sexp_release( s_sig ); + return rc; +} /**************** * Create a notation. It is assumed that the stings in STRLIST @@ -123,7 +180,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig, sig->digest_start[1] = dp[1]; frame = encode_md_value( sk->pubkey_algo, md, digest_algo, mpi_get_nbits(sk->skey[0])); - rc = pubkey_sign( sk->pubkey_algo, sig->data, frame, sk->skey ); + rc = pk_sign( sk->pubkey_algo, sig->data, frame, sk->skey ); mpi_free(frame); if( rc ) log_error(_("signing failed: %s\n"), g10_errstr(rc) ); @@ -159,9 +216,9 @@ hash_for(int pubkey_algo ) { if( opt.def_digest_algo ) return opt.def_digest_algo; - if( pubkey_algo == PUBKEY_ALGO_DSA ) + if( pubkey_algo == GCRY_PK_DSA ) return DIGEST_ALGO_SHA1; - if( pubkey_algo == PUBKEY_ALGO_RSA ) + if( pubkey_algo == GCRY_PK_RSA ) return DIGEST_ALGO_MD5; return DEFAULT_DIGEST_ALGO; } @@ -175,7 +232,7 @@ only_old_style( SK_LIST sk_list ) /* if there are only old style capable key we use the old sytle */ for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) { PKT_secret_key *sk = sk_rover->sk; - if( sk->pubkey_algo == PUBKEY_ALGO_RSA && sk->version < 4 ) + if( sk->pubkey_algo == GCRY_PK_RSA && sk->version < 4 ) old_style = 1; else return 0; @@ -237,13 +294,13 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, if( fname && filenames->next && (!detached || encrypt) ) log_bug("multiple files can only be detached signed"); - if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) + if( (rc=build_sk_list( locusr, &sk_list, 1, GCRY_PK_USAGE_SIGN )) ) goto leave; if( !old_style ) old_style = only_old_style( sk_list ); if( encrypt ) { - if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) ) + if( (rc=build_pk_list( remusr, &pk_list, GCRY_PK_USAGE_ENCR )) ) goto leave; if( !old_style ) compr_algo = select_algo_from_prefs( pk_list, PREFTYPE_COMPR ); @@ -559,7 +616,7 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) memset( &afx, 0, sizeof afx); init_packet( &pkt ); - if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) + if( (rc=build_sk_list( locusr, &sk_list, 1, GCRY_PK_USAGE_SIGN )) ) goto leave; if( !old_style ) old_style = only_old_style( sk_list ); @@ -756,9 +813,9 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk, || sigclass == 0x30 || sigclass == 0x28 ); if( !digest_algo ) { switch( sk->pubkey_algo ) { - case PUBKEY_ALGO_DSA: digest_algo = DIGEST_ALGO_SHA1; break; - case PUBKEY_ALGO_RSA_S: - case PUBKEY_ALGO_RSA: digest_algo = DIGEST_ALGO_MD5; break; + case GCRY_PK_DSA: digest_algo = DIGEST_ALGO_SHA1; break; + case GCRY_PK_RSA_S: + case GCRY_PK_RSA: digest_algo = DIGEST_ALGO_MD5; break; default: digest_algo = DIGEST_ALGO_RMD160; break; } } diff --git a/g10/skclist.c b/g10/skclist.c index df8b683f3..381601e90 100644 --- a/g10/skclist.c +++ b/g10/skclist.c @@ -25,6 +25,7 @@ #include <errno.h> #include <assert.h> +#include <gcrypt.h> #include "options.h" #include "packet.h" #include "errors.h" @@ -33,6 +34,7 @@ #include "util.h" #include "i18n.h" #include "cipher.h" +#include "main.h" void @@ -48,18 +50,6 @@ release_sk_list( SK_LIST sk_list ) } -/* Check that we are only using keys which don't have - * the string "(insecure!)" or "not secure" or "do not use" - * in one of the user ids - */ -static int -is_insecure( PKT_secret_key *sk ) -{ - - return 0; /* FIXME!! */ -} - - int build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, unsigned use ) @@ -76,19 +66,14 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, free_secret_key( sk ); sk = NULL; log_error("no default secret key: %s\n", g10_errstr(rc) ); } - else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, use)) ) { + else if( !(rc=openpgp_pk_test_algo(sk->pubkey_algo, use)) ) { SK_LIST r; - if( sk->version == 4 && (use & PUBKEY_USAGE_SIG) - && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { + if( sk->version == 4 && (use & GCRY_PK_USAGE_SIGN) + && sk->pubkey_algo == GCRY_PK_ELG_E ) { log_info("this is a PGP generated " "ElGamal key which is NOT secure for signatures!\n"); free_secret_key( sk ); sk = NULL; } - else if( random_is_faked() && !is_insecure( sk ) ) { - log_info(_("key is not flagged as insecure - " - "can't use it with the faked RNG!\n")); - free_secret_key( sk ); sk = NULL; - } else { r = m_alloc( sizeof *r ); r->sk = sk; sk = NULL; @@ -112,20 +97,15 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock, free_secret_key( sk ); sk = NULL; log_error(_("skipped `%s': %s\n"), locusr->d, g10_errstr(rc) ); } - else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, use)) ) { + else if( !(rc=openpgp_pk_test_algo(sk->pubkey_algo, use)) ) { SK_LIST r; - if( sk->version == 4 && (use & PUBKEY_USAGE_SIG) - && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { + if( sk->version == 4 && (use & GCRY_PK_USAGE_SIGN) + && sk->pubkey_algo == GCRY_PK_ELG_E ) { log_info(_("skipped `%s': this is a PGP generated " "ElGamal key which is not secure for signatures!\n"), locusr->d ); free_secret_key( sk ); sk = NULL; } - else if( random_is_faked() && !is_insecure( sk ) ) { - log_info(_("key is not flagged as insecure - " - "can't use it with the faked RNG!\n")); - free_secret_key( sk ); sk = NULL; - } else { r = m_alloc( sizeof *r ); r->sk = sk; sk = NULL; diff --git a/g10/trustdb.c b/g10/trustdb.c index 830316931..263bac261 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -683,7 +683,8 @@ print_uid_from_keyblock( FILE *fp, KBNODE keyblock, ulong urecno ) if( node->pkt->pkttype == PKT_USER_ID ) { PKT_user_id *uidpkt = node->pkt->pkt.user_id; - rmd160_hash_buffer( uhash, uidpkt->name, uidpkt->len ); + gcry_md_hash_buffer( GCRY_MD_RMD160, uhash, + uidpkt->name, uidpkt->len ); if( !memcmp( uhash, urec.r.uid.namehash, 20 ) ) { print_string( fp, uidpkt->name, uidpkt->len, ':' ); return; @@ -1334,7 +1335,7 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire ) if( node->pkt->pkttype != PKT_USER_ID ) continue; uid = node->pkt->pkt.user_id; - rmd160_hash_buffer( uidhash, uid->name, uid->len ); + gcry_md_hash_buffer( GCRY_MD_RMD160, uidhash, uid->name, uid->len ); /* create the uid record */ u = m_alloc_clear( sizeof *u ); |