summaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>1998-04-07 20:16:10 +0200
committerWerner Koch <wk@gnupg.org>1998-04-07 20:16:10 +0200
commit86f261dbc50544d73e4b9ae71fcbc2c6df5b9612 (patch)
treed3ba75484a73e1fe891f7ff862ab1f3722cb126c /g10
parentcast5 does now work (diff)
downloadgnupg2-86f261dbc50544d73e4b9ae71fcbc2c6df5b9612.tar.xz
gnupg2-86f261dbc50544d73e4b9ae71fcbc2c6df5b9612.zip
cipher reorganisiert
Diffstat (limited to 'g10')
-rw-r--r--g10/ChangeLog15
-rw-r--r--g10/Makefile.am12
-rw-r--r--g10/Makefile.in57
-rw-r--r--g10/cipher.c37
-rw-r--r--g10/comment.c3
-rw-r--r--g10/encr-data.c47
-rw-r--r--g10/filter.h3
-rw-r--r--g10/getkey.c8
-rw-r--r--g10/keygen.c36
-rw-r--r--g10/keyid.c24
-rw-r--r--g10/main.h6
-rw-r--r--g10/misc.c63
-rw-r--r--g10/parse-packet.c16
-rw-r--r--g10/pubkey-enc.c5
-rw-r--r--g10/seckey-cert.c187
-rw-r--r--g10/seskey.c3
16 files changed, 222 insertions, 300 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index e16f15550..d3e06d2b7 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,18 @@
+Tue Apr 7 19:28:07 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * cipher.c, encr-data.c, seckey-cert.c: Now uses cipher_xxxx
+ functions instead of blowfish_xxx or cast_xxx
+
+Tue Apr 7 11:04:02 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * Makefile.am (g10maint.o): Changed the way it is created.
+
+Mon Apr 6 11:17:08 1998 Werner Koch (wk@isil.d.shuttle.de)
+
+ * misc.c: New.
+ * keygen.c (checksum,checksum_u16,checksum_mpi): Moved to misc.c
+ * seckey-cert.c: Kludge for wrong ELG checksum implementation.
+
Sat Apr 4 20:07:01 1998 Werner Koch (wk@isil.d.shuttle.de)
* cipher.c (cipher_filter): Support for CAST5
diff --git a/g10/Makefile.am b/g10/Makefile.am
index 438acec19..ba9ca29df 100644
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@@ -3,7 +3,6 @@
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
EXTRA_DIST = OPTIONS pubring.asc
OMIT_DEPENDENCIES = zlib.h zconf.h
-BUILT_SOURCES = g10maint.c
needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
bin_PROGRAMS = gpg gpgm gpgd
@@ -28,6 +27,7 @@ common_source = \
elg.c \
dsa.c \
rsa.c \
+ misc.c \
options.h \
openfile.c \
keyid.c \
@@ -60,8 +60,7 @@ gpg_SOURCES = g10.c \
keygen.c
-gpgm_SOURCES = g10maint.c \
- dearmor.c \
+gpgm_SOURCES = dearmor.c \
$(common_source)
gpgd_SOURCES = gpgd.c \
@@ -70,8 +69,11 @@ gpgd_SOURCES = gpgd.c \
LDADD = @INTLLIBS@ $(needed_libs) @ZLIBS@
-g10maint.c : g10.c
- $(CPP) $(CFLAGS) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@
+gpgm_LDADD = g10maint.o $(LDADD)
+
+g10maint.o: g10.c
+ $(COMPILE) -DIS_G10MAINT -o g10maint.o -c g10.c
+
$(PROGRAMS): $(needed_libs)
diff --git a/g10/Makefile.in b/g10/Makefile.in
index 60aed6e28..b2a106c2b 100644
--- a/g10/Makefile.in
+++ b/g10/Makefile.in
@@ -95,7 +95,6 @@ l = @l@
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
EXTRA_DIST = OPTIONS pubring.asc
OMIT_DEPENDENCIES = zlib.h zconf.h
-BUILT_SOURCES = g10maint.c
needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
bin_PROGRAMS = gpg gpgm gpgd
@@ -120,6 +119,7 @@ common_source = \
elg.c \
dsa.c \
rsa.c \
+ misc.c \
options.h \
openfile.c \
keyid.c \
@@ -151,14 +151,15 @@ gpg_SOURCES = g10.c \
decrypt.c \
keygen.c
-gpgm_SOURCES = g10maint.c \
- dearmor.c \
+gpgm_SOURCES = dearmor.c \
$(common_source)
gpgd_SOURCES = gpgd.c \
$(common_source)
LDADD = @INTLLIBS@ $(needed_libs) @ZLIBS@
+
+gpgm_LDADD = g10maint.o $(LDADD)
mkinstalldirs = $(SHELL) $(top_srcdir)/scripts/mkinstalldirs
CONFIG_HEADER = ../config.h
CONFIG_CLEAN_FILES =
@@ -171,32 +172,31 @@ LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
gpg_OBJECTS = g10.o build-packet.o compress.o free-packet.o getkey.o \
pkclist.o skclist.o ringedit.o kbnode.o mainproc.o armor.o mdfilter.o \
-textfilter.o cipher.o elg.o dsa.o rsa.o openfile.o keyid.o trustdb.o \
-parse-packet.o passphrase.o pubkey-enc.o seckey-cert.o seskey.o \
-import.o export.o comment.o status.o sign.o plaintext.o encr-data.o \
-encode.o revoke.o keylist.o sig-check.o signal.o verify.o decrypt.o \
-keygen.o
+textfilter.o cipher.o elg.o dsa.o rsa.o misc.o openfile.o keyid.o \
+trustdb.o parse-packet.o passphrase.o pubkey-enc.o seckey-cert.o \
+seskey.o import.o export.o comment.o status.o sign.o plaintext.o \
+encr-data.o encode.o revoke.o keylist.o sig-check.o signal.o verify.o \
+decrypt.o keygen.o
gpg_LDADD = $(LDADD)
gpg_DEPENDENCIES = ../cipher/libcipher.a ../mpi/libmpi.a \
../util/libutil.a
gpg_LDFLAGS =
-gpgm_OBJECTS = g10maint.o dearmor.o build-packet.o compress.o \
-free-packet.o getkey.o pkclist.o skclist.o ringedit.o kbnode.o \
-mainproc.o armor.o mdfilter.o textfilter.o cipher.o elg.o dsa.o rsa.o \
-openfile.o keyid.o trustdb.o parse-packet.o passphrase.o pubkey-enc.o \
+gpgm_OBJECTS = dearmor.o build-packet.o compress.o free-packet.o \
+getkey.o pkclist.o skclist.o ringedit.o kbnode.o mainproc.o armor.o \
+mdfilter.o textfilter.o cipher.o elg.o dsa.o rsa.o misc.o openfile.o \
+keyid.o trustdb.o parse-packet.o passphrase.o pubkey-enc.o \
seckey-cert.o seskey.o import.o export.o comment.o status.o sign.o \
plaintext.o encr-data.o encode.o revoke.o keylist.o sig-check.o \
signal.o
-gpgm_LDADD = $(LDADD)
-gpgm_DEPENDENCIES = ../cipher/libcipher.a ../mpi/libmpi.a \
+gpgm_DEPENDENCIES = g10maint.o ../cipher/libcipher.a ../mpi/libmpi.a \
../util/libutil.a
gpgm_LDFLAGS =
gpgd_OBJECTS = gpgd.o build-packet.o compress.o free-packet.o getkey.o \
pkclist.o skclist.o ringedit.o kbnode.o mainproc.o armor.o mdfilter.o \
-textfilter.o cipher.o elg.o dsa.o rsa.o openfile.o keyid.o trustdb.o \
-parse-packet.o passphrase.o pubkey-enc.o seckey-cert.o seskey.o \
-import.o export.o comment.o status.o sign.o plaintext.o encr-data.o \
-encode.o revoke.o keylist.o sig-check.o signal.o
+textfilter.o cipher.o elg.o dsa.o rsa.o misc.o openfile.o keyid.o \
+trustdb.o parse-packet.o passphrase.o pubkey-enc.o seckey-cert.o \
+seskey.o import.o export.o comment.o status.o sign.o plaintext.o \
+encr-data.o encode.o revoke.o keylist.o sig-check.o signal.o
gpgd_LDADD = $(LDADD)
gpgd_DEPENDENCIES = ../cipher/libcipher.a ../mpi/libmpi.a \
../util/libutil.a
@@ -214,15 +214,14 @@ GZIP = --best
DEP_FILES = .deps/armor.P .deps/build-packet.P .deps/cipher.P \
.deps/comment.P .deps/compress.P .deps/dearmor.P .deps/decrypt.P \
.deps/dsa.P .deps/elg.P .deps/encode.P .deps/encr-data.P .deps/export.P \
-.deps/free-packet.P .deps/g10.P .deps/g10maint .deps/g10maint.P \
-.deps/getkey.P .deps/gpgd.P .deps/import.P .deps/kbnode.P \
-.deps/keygen.P .deps/keyid.P .deps/keylist.P .deps/mainproc.P \
-.deps/mdfilter.P .deps/openfile.P .deps/parse-packet.P \
-.deps/passphrase.P .deps/pkclist.P .deps/plaintext.P .deps/pubkey-enc.P \
-.deps/revoke.P .deps/ringedit.P .deps/rsa.P .deps/seckey-cert.P \
-.deps/seskey.P .deps/sig-check.P .deps/sign.P .deps/signal.P \
-.deps/skclist.P .deps/status.P .deps/textfilter.P .deps/trustdb.P \
-.deps/verify.P
+.deps/free-packet.P .deps/g10.P .deps/getkey.P .deps/gpgd.P \
+.deps/import.P .deps/kbnode.P .deps/keygen.P .deps/keyid.P \
+.deps/keylist.P .deps/mainproc.P .deps/mdfilter.P .deps/misc.P \
+.deps/openfile.P .deps/parse-packet.P .deps/passphrase.P \
+.deps/pkclist.P .deps/plaintext.P .deps/pubkey-enc.P .deps/revoke.P \
+.deps/ringedit.P .deps/rsa.P .deps/seckey-cert.P .deps/seskey.P \
+.deps/sig-check.P .deps/sign.P .deps/signal.P .deps/skclist.P \
+.deps/status.P .deps/textfilter.P .deps/trustdb.P .deps/verify.P
SOURCES = $(gpg_SOURCES) $(gpgm_SOURCES) $(gpgd_SOURCES)
OBJECTS = $(gpg_OBJECTS) $(gpgm_OBJECTS) $(gpgd_OBJECTS)
@@ -421,8 +420,8 @@ installdirs mostlyclean-generic distclean-generic clean-generic \
maintainer-clean-generic clean mostlyclean distclean maintainer-clean
-g10maint.c : g10.c
- $(CPP) $(CFLAGS) $(DEFS) $(INCLUDES) -DIS_G10MAINT $< > $@ || rm $@
+g10maint.o: g10.c
+ $(COMPILE) -DIS_G10MAINT -o g10maint.o -c g10.c
$(PROGRAMS): $(needed_libs)
diff --git a/g10/cipher.c b/g10/cipher.c
index 8e6c91aa9..3fe4e9ea4 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -67,42 +67,21 @@ cipher_filter( void *opaque, int control,
randomize_buffer( temp, 8, 1 );
temp[8] = temp[6];
temp[9] = temp[7];
- if( cfx->dek->algo == CIPHER_ALGO_BLOWFISH
- || cfx->dek->algo == CIPHER_ALGO_BLOWFISH128 ) {
- cfx->bf_ctx = m_alloc_secure( sizeof *cfx->bf_ctx );
- blowfish_setkey( cfx->bf_ctx, cfx->dek->key, cfx->dek->keylen );
- blowfish_setiv( cfx->bf_ctx, NULL );
- blowfish_encode_cfb( cfx->bf_ctx, temp, temp, 10);
- }
- else if( cfx->dek->algo == CIPHER_ALGO_CAST ) {
- cfx->cast5_ctx = m_alloc_secure( sizeof *cfx->cast5_ctx );
- cast5_setkey( cfx->cast5_ctx, cfx->dek->key, cfx->dek->keylen );
- cast5_setiv( cfx->cast5_ctx, NULL );
- cast5_encode_cfb( cfx->cast5_ctx, temp, temp, 10);
- cast5_sync_cfb( cfx->cast5_ctx );
- }
- else
- log_bug("no cipher algo %d\n", cfx->dek->algo);
-
+ cfx->cipher_hd = cipher_open( cfx->dek->algo,
+ CIPHER_MODE_AUTO_CFB, 1 );
+ cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen );
+ cipher_setiv( cfx->cipher_hd, NULL );
+ cipher_encrypt( cfx->cipher_hd, temp, temp, 10);
+ cipher_sync( cfx->cipher_hd );
iobuf_write(a, temp, 10);
cfx->header=1;
}
-
- if( cfx->dek->algo == CIPHER_ALGO_BLOWFISH
- || cfx->dek->algo == CIPHER_ALGO_BLOWFISH128 )
- blowfish_encode_cfb( cfx->bf_ctx, buf, buf, size);
- else if( cfx->dek->algo == CIPHER_ALGO_CAST )
- cast5_encode_cfb( cfx->cast5_ctx, buf, buf, size);
-
+ cipher_encrypt( cfx->cipher_hd, buf, buf, size);
if( iobuf_write( a, buf, size ) )
rc = G10ERR_WRITE_FILE;
}
else if( control == IOBUFCTRL_FREE ) {
- if( cfx->dek->algo == CIPHER_ALGO_BLOWFISH
- || cfx->dek->algo == CIPHER_ALGO_BLOWFISH128 )
- m_free(cfx->bf_ctx);
- else if( cfx->dek->algo == CIPHER_ALGO_CAST )
- m_free(cfx->cast5_ctx);
+ cipher_close(cfx->cipher_hd);
}
else if( control == IOBUFCTRL_DESC ) {
*(char**)buf = "cipher_filter";
diff --git a/g10/comment.c b/g10/comment.c
index 77b9a7ece..fef831cc7 100644
--- a/g10/comment.c
+++ b/g10/comment.c
@@ -79,9 +79,6 @@ make_mpi_comment_node( const char *s, MPI a )
nb1 = mpi_get_nbits( a );
p = buf = mpi_get_buffer( a, &n1, NULL );
- for( ; !*p && n1; p++, n1-- ) /* skip leading null bytes */
- ;
-
pkt = m_alloc_clear( sizeof *pkt );
pkt->pkttype = PKT_COMMENT;
pkt->pkt.comment = m_alloc( sizeof *pkt->pkt.comment + n + 2 + n1 );
diff --git a/g10/encr-data.c b/g10/encr-data.c
index 4f8aa897d..e7e56408a 100644
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@@ -35,9 +35,7 @@ static int decode_filter( void *opaque, int control, IOBUF a,
byte *buf, size_t *ret_len);
typedef struct {
- int is_cast5;
- BLOWFISH_context *bf_ctx;
- CAST5_context *cast5_ctx;
+ CIPHER_HANDLE cipher_hd;
} decode_filter_ctx_t;
@@ -50,7 +48,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
{
decode_filter_ctx_t dfx;
byte *p;
- int c, i;
+ int rc, c, i;
byte temp[16];
if( opt.verbose ) {
@@ -60,25 +58,14 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
else
log_info("encrypted with unknown algorithm %d\n", dek->algo );
}
- if( dek->algo != CIPHER_ALGO_BLOWFISH
- && dek->algo != CIPHER_ALGO_BLOWFISH128
- && dek->algo != CIPHER_ALGO_CAST )
- return G10ERR_CIPHER_ALGO;
+ if( (rc=check_cipher_algo(dek->algo)) )
+ return rc;
if( ed->len && ed->len < 10 )
log_bug("Nanu\n"); /* oops: found a bug */
- if( dek->algo == CIPHER_ALGO_CAST ) {
- dfx.is_cast5 = 1;
- dfx.cast5_ctx = m_alloc_secure( sizeof *dfx.cast5_ctx );
- cast5_setkey( dfx.cast5_ctx, dek->key, dek->keylen );
- cast5_setiv( dfx.cast5_ctx, NULL );
- }
- else {
- dfx.is_cast5 = 0;
- dfx.bf_ctx = m_alloc_secure( sizeof *dfx.bf_ctx );
- blowfish_setkey( dfx.bf_ctx, dek->key, dek->keylen );
- blowfish_setiv( dfx.bf_ctx, NULL );
- }
+ dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
+ cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
+ cipher_setiv( dfx.cipher_hd, NULL );
if( ed->len ) {
iobuf_set_limit( ed->buf, ed->len );
@@ -93,15 +80,11 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
else
temp[i] = c;
}
- if( dfx.is_cast5 ) {
- cast5_decode_cfb( dfx.cast5_ctx, temp, temp, 10);
- cast5_sync_cfb( dfx.cast5_ctx );
- }
- else
- blowfish_decode_cfb( dfx.bf_ctx, temp, temp, 10);
+ cipher_decrypt( dfx.cipher_hd, temp, temp, 10);
+ cipher_sync( dfx.cipher_hd );
p = temp;
if( p[6] != p[8] || p[7] != p[9] ) {
- m_free(dfx.bf_ctx);
+ cipher_close(dfx.cipher_hd);
return G10ERR_BAD_KEY;
}
iobuf_push_filter( ed->buf, decode_filter, &dfx );
@@ -112,7 +95,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
else
iobuf_clear_eof( ed->buf );
ed->buf = NULL;
- m_free(dfx.bf_ctx);
+ cipher_close(dfx.cipher_hd);
return 0;
}
@@ -132,12 +115,8 @@ decode_filter( void *opaque, int control, IOBUF a, byte *buf, size_t *ret_len)
buf[n] = c;
}
- if( n ) {
- if( fc->is_cast5 )
- cast5_decode_cfb( fc->cast5_ctx, buf, buf, n);
- else
- blowfish_decode_cfb( fc->bf_ctx, buf, buf, n);
- }
+ if( n )
+ cipher_decrypt( fc->cipher_hd, buf, buf, n);
else
rc = -1; /* eof */
*ret_len = n;
diff --git a/g10/filter.h b/g10/filter.h
index fac1e0e2b..1bd8ba050 100644
--- a/g10/filter.h
+++ b/g10/filter.h
@@ -60,8 +60,7 @@ typedef struct {
typedef struct {
DEK *dek;
u32 datalen;
- BLOWFISH_context *bf_ctx;
- CAST5_context *cast5_ctx;
+ CIPHER_HANDLE cipher_hd;
int header;
} cipher_filter_context_t;
diff --git a/g10/getkey.c b/g10/getkey.c
index edc5c8355..7868df951 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -554,6 +554,7 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid, const char *name )
int rc;
KBNODE keyblock = NULL;
KBPOS kbpos;
+ int oldmode = set_packet_list_mode(0);
rc = enum_keyblocks( 0, &kbpos, &keyblock );
if( rc ) {
@@ -655,6 +656,7 @@ lookup( PKT_public_cert *pkc, int mode, u32 *keyid, const char *name )
leave:
enum_keyblocks( 2, &kbpos, &keyblock ); /* close */
release_kbnode( keyblock );
+ set_packet_list_mode(oldmode);
return rc;
}
@@ -667,11 +669,12 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
int rc;
KBNODE keyblock = NULL;
KBPOS kbpos;
+ int oldmode = set_packet_list_mode(0);
rc = enum_keyblocks( 5 /* open secret */, &kbpos, &keyblock );
if( rc ) {
if( rc == -1 )
- rc = G10ERR_NO_PUBKEY;
+ rc = G10ERR_NO_SECKEY;
else if( rc )
log_error("enum_keyblocks(open secret) failed: %s\n", g10_errstr(rc) );
goto leave;
@@ -761,13 +764,14 @@ lookup_skc( PKT_secret_cert *skc, int mode, u32 *keyid, const char *name )
keyblock = NULL;
}
if( rc == -1 )
- rc = G10ERR_NO_PUBKEY;
+ rc = G10ERR_NO_SECKEY;
else if( rc )
log_error("enum_keyblocks(read) failed: %s\n", g10_errstr(rc));
leave:
enum_keyblocks( 2, &kbpos, &keyblock ); /* close */
release_kbnode( keyblock );
+ set_packet_list_mode(oldmode);
return rc;
}
diff --git a/g10/keygen.c b/g10/keygen.c
index 293d70a58..003d54bbb 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -40,42 +40,6 @@
#endif
-static u16
-checksum_u16( unsigned n )
-{
- u16 a;
-
- a = (n >> 8) & 0xff;
- a |= n & 0xff;
- return a;
-}
-
-static u16
-checksum( byte *p, unsigned n )
-{
- u16 a;
-
- for(a=0; n; n-- )
- a += *p++;
- return a;
-}
-
-static u16
-checksum_mpi( MPI a )
-{
- u16 csum;
- byte *buffer;
- unsigned nbytes;
-
- buffer = mpi_get_buffer( a, &nbytes, NULL );
- csum = checksum_u16( nbytes*8 );
- csum += checksum( buffer, nbytes );
- m_free( buffer );
- return csum;
-}
-
-
-
static void
write_uid( KBNODE root, const char *s )
{
diff --git a/g10/keyid.c b/g10/keyid.c
index 9f4ccdfb8..02e706fc2 100644
--- a/g10/keyid.c
+++ b/g10/keyid.c
@@ -64,16 +64,10 @@ v3_elg_fingerprint_md( PKT_public_cert *pkc )
nb1 = mpi_get_nbits(pkc->d.elg.p);
p1 = buf1 = mpi_get_buffer( pkc->d.elg.p, &n1, NULL );
- for( ; !*p1 && n1; p1++, n1-- ) /* skip leading null bytes */
- ;
nb2 = mpi_get_nbits(pkc->d.elg.g);
p2 = buf2 = mpi_get_buffer( pkc->d.elg.g, &n2, NULL );
- for( ; !*p2 && n2; p2++, n2-- ) /* skip leading null bytes */
- ;
nb3 = mpi_get_nbits(pkc->d.elg.y);
p3 = buf3 = mpi_get_buffer( pkc->d.elg.y, &n3, NULL );
- for( ; !*p3 && n3; p3++, n3-- ) /* skip leading null bytes */
- ;
/* calculate length of packet (1+4+2+1+2+n1+2+n2+2+n3) */
n = 14 + n1 + n2 + n3;
@@ -117,16 +111,10 @@ elg_fingerprint_md( PKT_public_cert *pkc )
nb1 = mpi_get_nbits(pkc->d.elg.p);
p1 = buf1 = mpi_get_buffer( pkc->d.elg.p, &n1, NULL );
- for( ; !*p1 && n1; p1++, n1-- ) /* skip leading null bytes */
- ;
nb3 = mpi_get_nbits(pkc->d.elg.g);
p3 = buf3 = mpi_get_buffer( pkc->d.elg.g, &n3, NULL );
- for( ; !*p3 && n3; p3++, n3-- )
- ;
nb4 = mpi_get_nbits(pkc->d.elg.y);
p4 = buf4 = mpi_get_buffer( pkc->d.elg.y, &n4, NULL );
- for( ; !*p4 && n4; p4++, n4-- )
- ;
/* calculate length of packet */
n = 12 + n1 + n3 +n4 ;
@@ -167,20 +155,12 @@ dsa_fingerprint_md( PKT_public_cert *pkc )
nb1 = mpi_get_nbits(pkc->d.dsa.p);
p1 = buf1 = mpi_get_buffer( pkc->d.dsa.p, &n1, NULL );
- for( ; !*p1 && n1; p1++, n1-- ) /* skip leading null bytes */
- ;
nb2 = mpi_get_nbits(pkc->d.dsa.q);
p2 = buf2 = mpi_get_buffer( pkc->d.dsa.q, &n2, NULL );
- for( ; !*p2 && n2; p2++, n2-- )
- ;
nb3 = mpi_get_nbits(pkc->d.dsa.g);
p3 = buf3 = mpi_get_buffer( pkc->d.dsa.g, &n3, NULL );
- for( ; !*p3 && n3; p3++, n3-- )
- ;
nb4 = mpi_get_nbits(pkc->d.dsa.y);
p4 = buf4 = mpi_get_buffer( pkc->d.dsa.y, &n4, NULL );
- for( ; !*p4 && n4; p4++, n4-- )
- ;
/* calculate length of packet */
n = 14 + n1 + n2 + n3 +n4 ;
@@ -510,13 +490,9 @@ fingerprint_from_pkc( PKT_public_cert *pkc, size_t *ret_len )
md = md_open( DIGEST_ALGO_MD5, 0);
p = buf = mpi_get_buffer( pkc->d.rsa.rsa_n, &n, NULL );
- for( ; !*p && n; p++, n-- )
- ;
md_write( md, p, n );
m_free(buf);
p = buf = mpi_get_buffer( pkc->d.rsa.rsa_e, &n, NULL );
- for( ; !*p && n; p++, n-- )
- ;
md_write( md, p, n );
m_free(buf);
md_final(md);
diff --git a/g10/main.h b/g10/main.h
index c162fd9cd..82f2373d7 100644
--- a/g10/main.h
+++ b/g10/main.h
@@ -21,6 +21,7 @@
#define G10_MAIN_H
#include "types.h"
#include "iobuf.h"
+#include "mpi.h"
#include "cipher.h"
#include "keydb.h"
@@ -39,6 +40,11 @@ typedef struct {
void g10_exit(int rc);
#endif
+/*-- misc.c --*/
+u16 checksum_u16( unsigned n );
+u16 checksum( byte *p, unsigned n );
+u16 checksum_mpi( MPI a );
+
/*-- encode.c --*/
int encode_symmetric( const char *filename );
int encode_store( const char *filename );
diff --git a/g10/misc.c b/g10/misc.c
new file mode 100644
index 000000000..7424039bd
--- /dev/null
+++ b/g10/misc.c
@@ -0,0 +1,63 @@
+/* misc.c - miscellaneous functions
+ * Copyright (C) 1998 Free Software Foundation, Inc.
+ *
+ * This file is part of GNUPG.
+ *
+ * GNUPG is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUPG is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "util.h"
+#include "main.h"
+
+
+u16
+checksum_u16( unsigned n )
+{
+ u16 a;
+
+ a = (n >> 8) & 0xff;
+ a |= n & 0xff;
+ return a;
+}
+
+u16
+checksum( byte *p, unsigned n )
+{
+ u16 a;
+
+ for(a=0; n; n-- )
+ a += *p++;
+ return a;
+}
+
+u16
+checksum_mpi( MPI a )
+{
+ u16 csum;
+ byte *buffer;
+ unsigned nbytes;
+
+ buffer = mpi_get_buffer( a, &nbytes, NULL );
+ csum = checksum_u16( mpi_get_nbits(a) );
+ csum += checksum( buffer, nbytes );
+ m_free( buffer );
+ return csum;
+}
+
+
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index fe2c63c5b..26c112244 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -61,19 +61,6 @@ static int parse_compressed( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
static int parse_encrypted( IOBUF inp, int pkttype, unsigned long pktlen,
PACKET *packet );
-#if 0
-static u16
-checksum( byte *p )
-{
- u16 n, a;
-
- n = *p++ << 8;
- n |= *p++;
- for(a=0; n; n-- )
- a += *p++;
- return a;
-}
-#endif
static unsigned short
read_16(IOBUF inp)
@@ -944,6 +931,9 @@ parse_certificate( IOBUF inp, int pkttype, unsigned long pktlen,
cert->csum = read_16(inp); pktlen -= 2;
if( list_mode ) {
+ printf("\telg x: ");
+ mpi_print(stdout, cert->d.elg.x, mpi_print_mode );
+ putchar('\n');
printf("\t[secret value x is not shown]\n"
"\tchecksum: %04hx\n", cert->csum);
}
diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c
index f19af2189..7fd3101bd 100644
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@@ -100,6 +100,8 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
*
* 0 2 RND(n bytes) 0 A DEK(k bytes) CSUM(2 bytes)
*
+ * (mpi_get_buffer already removed the leading zero).
+ *
* RND are non-zero randow bytes.
* A is the cipher algorithm
* DEK is the encryption key (session key) with length k
@@ -107,8 +109,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
*/
if( DBG_CIPHER )
log_hexdump("DEK frame:", frame, nframe );
- for(n=0; n < nframe && !frame[n]; n++ ) /* skip leading zeroes */
- ;
+ n=0;
if( n + 7 > nframe )
{ rc = G10ERR_WRONG_SECKEY; goto leave; }
if( frame[n] == 1 && frame[nframe-1] == 2 ) {
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index dada0fd20..a4ce96206 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -29,34 +29,8 @@
#include "mpi.h"
#include "keydb.h"
#include "cipher.h"
-
-#if BLOWFISH_BLOCKSIZE != 8
- #error unsupported blocksize
-#endif
-#if CAST5_BLOCKSIZE != 8
- #error unsupported blocksize
-#endif
-
-static u16
-checksum_u16( unsigned n )
-{
- u16 a;
-
- a = (n >> 8) & 0xff;
- a |= n & 0xff;
- return a;
-}
-
-static u16
-checksum( byte *p, unsigned n )
-{
- u16 a;
-
- for(a=0; n; n-- )
- a += *p++;
- return a;
-}
-
+#include "main.h"
+#include "options.h"
static int
@@ -73,8 +47,7 @@ check_elg( PKT_secret_cert *cert )
if( cert->is_protected ) { /* remove the protection */
DEK *dek = NULL;
MPI test_x;
- BLOWFISH_context *blowfish_ctx=NULL;
- CAST5_context *cast5_ctx=NULL;
+ CIPHER_HANDLE cipher_hd=NULL;
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
@@ -87,47 +60,37 @@ check_elg( PKT_secret_cert *cert )
else
dek = get_passphrase_hash( keyid, NULL, NULL );
- if( cert->protect.algo == CIPHER_ALGO_CAST )
- cast5_ctx = m_alloc_secure( sizeof *cast5_ctx );
- else
- blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
-
- if( blowfish_ctx ) {
- blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
- blowfish_setiv( blowfish_ctx, NULL );
- }
- else {
- cast5_setkey( cast5_ctx, dek->key, dek->keylen );
- cast5_setiv( cast5_ctx, NULL );
- }
+ cipher_hd = cipher_open( cert->protect.algo,
+ CIPHER_MODE_AUTO_CFB, 1);
+ cipher_setkey( cipher_hd, dek->key, dek->keylen );
+ cipher_setiv( cipher_hd, NULL );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
memcpy(save_iv, cert->protect.iv, 8 );
- if( blowfish_ctx )
- blowfish_decode_cfb( blowfish_ctx, cert->protect.iv,
- cert->protect.iv, 8 );
- else
- cast5_decode_cfb( cast5_ctx, cert->protect.iv,
- cert->protect.iv, 8 );
+ cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
mpi_set_secure(cert->d.elg.x );
/*fixme: maybe it is better to set the buffer secure with a
* new get_buffer_secure() function */
buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL );
- csum = checksum_u16( nbytes*8 );
- if( blowfish_ctx )
- blowfish_decode_cfb( blowfish_ctx, buffer, buffer, nbytes );
- else
- cast5_decode_cfb( cast5_ctx, buffer, buffer, nbytes );
- csum += checksum( buffer, nbytes );
+ cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
test_x = mpi_alloc_secure( mpi_get_nlimbs(cert->d.elg.x) );
mpi_set_buffer( test_x, buffer, nbytes, 0 );
+ csum = checksum_mpi( test_x );
m_free( buffer );
- m_free( cast5_ctx );
- m_free( blowfish_ctx );
+ cipher_close( cipher_hd );
/* now let's see wether we have used the right passphrase */
if( csum != cert->csum ) {
- mpi_free(test_x);
- memcpy( cert->protect.iv, save_iv, 8 );
- return G10ERR_BAD_PASS;
+ /* very bad kludge to work around an early bug */
+ csum -= checksum_u16( mpi_get_nbits(test_x) );
+ nbytes = mpi_get_nlimbs(test_x) * 4;
+ csum += checksum_u16( nbytes*8 );
+ if( csum != cert->csum ) {
+ mpi_free(test_x);
+ memcpy( cert->protect.iv, save_iv, 8 );
+ return G10ERR_BAD_PASS;
+ }
+ if( !opt.batch )
+ log_info("Probably you have an old key - use "
+ "\"--change-passphrase\" to convert.\n");
}
skey.p = cert->d.elg.p;
@@ -151,12 +114,18 @@ check_elg( PKT_secret_cert *cert )
}
}
else { /* not protected */
- buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL );
- csum = checksum_u16( nbytes*8 );
- csum += checksum( buffer, nbytes );
- m_free( buffer );
- if( csum != cert->csum )
- return G10ERR_CHECKSUM;
+ csum = checksum_mpi( cert->d.elg.x );
+ if( csum != cert->csum ) {
+ /* very bad kludge to work around an early bug */
+ csum -= checksum_u16( mpi_get_nbits(cert->d.elg.x) );
+ nbytes = mpi_get_nlimbs(cert->d.elg.x) * 4;
+ csum += checksum_u16( nbytes*8 );
+ if( csum != cert->csum )
+ return G10ERR_CHECKSUM;
+ if( !opt.batch )
+ log_info("Probably you have an old key - use "
+ "\"--change-passphrase\" to convert.\n");
+ }
}
return 0;
@@ -177,8 +146,7 @@ check_dsa( PKT_secret_cert *cert )
if( cert->is_protected ) { /* remove the protection */
DEK *dek = NULL;
MPI test_x;
- BLOWFISH_context *blowfish_ctx=NULL;
- CAST5_context *cast5_ctx=NULL;
+ CIPHER_HANDLE cipher_hd=NULL;
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
@@ -191,39 +159,23 @@ check_dsa( PKT_secret_cert *cert )
else
dek = get_passphrase_hash( keyid, NULL, NULL );
- if( cert->protect.algo == CIPHER_ALGO_CAST ) {
- cast5_ctx = m_alloc_secure( sizeof *cast5_ctx );
- cast5_setkey( cast5_ctx, dek->key, dek->keylen );
- cast5_setiv( cast5_ctx, NULL );
- }
- else {
- blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
- blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
- blowfish_setiv( blowfish_ctx, NULL );
- }
+ cipher_hd = cipher_open( cert->protect.algo,
+ CIPHER_MODE_AUTO_CFB, 1);
+ cipher_setkey( cipher_hd, dek->key, dek->keylen );
+ cipher_setiv( cipher_hd, NULL );
m_free(dek); /* pw is in secure memory, so m_free() burns it */
memcpy(save_iv, cert->protect.iv, 8 );
- if( blowfish_ctx )
- blowfish_decode_cfb( blowfish_ctx, cert->protect.iv,
- cert->protect.iv, 8 );
- else
- cast5_decode_cfb( cast5_ctx, cert->protect.iv,
- cert->protect.iv, 8 );
+ cipher_decrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
mpi_set_secure(cert->d.dsa.x );
/*fixme: maybe it is better to set the buffer secure with a
* new get_buffer_secure() function */
buffer = mpi_get_buffer( cert->d.dsa.x, &nbytes, NULL );
- csum = checksum_u16( nbytes*8 );
- if( blowfish_ctx )
- blowfish_decode_cfb( blowfish_ctx, buffer, buffer, nbytes );
- else
- cast5_decode_cfb( cast5_ctx, buffer, buffer, nbytes );
- csum += checksum( buffer, nbytes );
+ cipher_decrypt( cipher_hd, buffer, buffer, nbytes );
test_x = mpi_alloc_secure( mpi_get_nlimbs(cert->d.dsa.x) );
mpi_set_buffer( test_x, buffer, nbytes, 0 );
+ csum = checksum_mpi( test_x );
m_free( buffer );
- m_free( cast5_ctx );
- m_free( blowfish_ctx );
+ cipher_close( cipher_hd );
/* now let's see wether we have used the right passphrase */
if( csum != cert->csum ) {
mpi_free(test_x);
@@ -253,10 +205,7 @@ check_dsa( PKT_secret_cert *cert )
}
}
else { /* not protected */
- buffer = mpi_get_buffer( cert->d.dsa.x, &nbytes, NULL );
- csum = checksum_u16( nbytes*8 );
- csum += checksum( buffer, nbytes );
- m_free( buffer );
+ csum = checksum_mpi( cert->d.dsa.x );
if( csum != cert->csum )
return G10ERR_CHECKSUM;
}
@@ -267,6 +216,9 @@ check_dsa( PKT_secret_cert *cert )
#ifdef HAVE_RSA_CIPHER
+/****************
+ * FIXME: fix checksum stuff
+ */
static int
check_rsa( PKT_secret_cert *cert )
{
@@ -398,23 +350,29 @@ is_secret_key_protected( PKT_secret_cert *cert )
static int
-do_protect( void (*fnc)(void *, byte *, byte *, unsigned),
- void *fncctx, PKT_secret_cert *cert )
+do_protect( void (*fnc)(CIPHER_HANDLE, byte *, byte *, unsigned),
+ CIPHER_HANDLE fnc_hd, PKT_secret_cert *cert )
{
byte *buffer;
unsigned nbytes;
switch( cert->pubkey_algo ) {
case PUBKEY_ALGO_ELGAMAL:
+ /* recalculate the checksum, so that --change-passphrase
+ * can be used to convert from the faulty to the correct one
+ * wk 06.04.98:
+ * fixme: remove this some time in the future.
+ */
+ cert->csum = checksum_mpi( cert->d.elg.x );
buffer = mpi_get_buffer( cert->d.elg.x, &nbytes, NULL );
- (*fnc)( fncctx, buffer, buffer, nbytes );
+ (*fnc)( fnc_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.elg.x, buffer, nbytes, 0 );
m_free( buffer );
break;
case PUBKEY_ALGO_DSA:
buffer = mpi_get_buffer( cert->d.dsa.x, &nbytes, NULL );
- (*fnc)( fncctx, buffer, buffer, nbytes );
+ (*fnc)( fnc_hd, buffer, buffer, nbytes );
mpi_set_buffer( cert->d.dsa.x, buffer, nbytes, 0 );
m_free( buffer );
break;
@@ -437,33 +395,20 @@ protect_secret_key( PKT_secret_cert *cert, DEK *dek )
return 0;
if( !cert->is_protected ) { /* okay, apply the protection */
- BLOWFISH_context *blowfish_ctx=NULL;
- CAST5_context *cast5_ctx=NULL;
+ CIPHER_HANDLE cipher_hd=NULL;
switch( cert->protect.algo ) {
case CIPHER_ALGO_NONE: BUG(); break;
case CIPHER_ALGO_BLOWFISH:
- blowfish_ctx = m_alloc_secure( sizeof *blowfish_ctx );
- blowfish_setkey( blowfish_ctx, dek->key, dek->keylen );
- blowfish_setiv( blowfish_ctx, NULL );
- blowfish_encode_cfb( blowfish_ctx, cert->protect.iv,
- cert->protect.iv, 8 );
- if( !do_protect( (void (*)(void*,byte*,byte*,unsigned))
- &blowfish_encode_cfb, blowfish_ctx, cert ) )
- cert->is_protected = 1;
- m_free( blowfish_ctx );
- break;
-
case CIPHER_ALGO_CAST:
- cast5_ctx = m_alloc_secure( sizeof *cast5_ctx );
- cast5_setkey( cast5_ctx, dek->key, dek->keylen );
- cast5_setiv( cast5_ctx, NULL );
- cast5_encode_cfb( cast5_ctx, cert->protect.iv,
- cert->protect.iv, 8 );
- if( !do_protect( (void (*)(void*,byte*,byte*,unsigned))
- &cast5_encode_cfb, cast5_ctx, cert ) )
+ cipher_hd = cipher_open( cert->protect.algo,
+ CIPHER_MODE_AUTO_CFB, 1 );
+ cipher_setkey( cipher_hd, dek->key, dek->keylen );
+ cipher_setiv( cipher_hd, NULL );
+ cipher_encrypt( cipher_hd, cert->protect.iv, cert->protect.iv, 8 );
+ if( !do_protect( &cipher_encrypt, cipher_hd, cert ) )
cert->is_protected = 1;
- m_free( cast5_ctx );
+ cipher_close( cipher_hd );
break;
default:
diff --git a/g10/seskey.c b/g10/seskey.c
index b17302ea5..4ce8fe03b 100644
--- a/g10/seskey.c
+++ b/g10/seskey.c
@@ -78,6 +78,9 @@ encode_session_key( DEK *dek, unsigned nbits )
*
* 0 2 RND(n bytes) 0 A DEK(k bytes) CSUM(2 bytes)
*
+ * (But how can we store the leading 0 - the external representaion
+ * of MPIs don't allow leading zeroes =:-)
+ *
* RND are non-zero random bytes.
* A is the cipher algorithm
* DEK is the encryption key (session key) length k depends on the