diff options
| author | Werner Koch <wk@gnupg.org> | 2013-01-08 18:15:49 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2013-01-08 21:55:34 +0100 |
| commit | b11f84b858bad867f1062977a7aba30299157e90 (patch) | |
| tree | a40f5fa26be022241f22aaed901a065607387928 /kbx/keybox-blob.c | |
| parent | kbx: Update blob specification (diff) | |
| download | gnupg2-b11f84b858bad867f1062977a7aba30299157e90.tar.xz gnupg2-b11f84b858bad867f1062977a7aba30299157e90.zip | |
kbx: Switch from MD5 to SHA-1 for the checksum.
* kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes.
(create_blob_finish): Write just the needed space.
(create_blob_finish): Switch to SHA-1.
* kbx/keybox-dump.c (print_checksum): New.
(_keybox_dump_blob): Print the checksum and the verification status.
--
The checksum was never used in the past. Due to fast SHA-1
computations in modern CPUs we now use SHA-1. Eventually we will
support a First blob flag to enable the use of a secret or public
HMAC-SHA1. The first may be used for authentication of keyblocks and
the latter to mitigate collission attacks on SHA-1. It is not clear
whether this will be useful at all.
Diffstat (limited to 'kbx/keybox-blob.c')
| -rw-r--r-- | kbx/keybox-blob.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c index 62d1c9fb0..64935275e 100644 --- a/kbx/keybox-blob.c +++ b/kbx/keybox-blob.c @@ -261,7 +261,10 @@ put_membuf (struct membuf *mb, const void *buf, size_t len) } mb->buf = p; } - memcpy (mb->buf + mb->len, buf, len); + if (buf) + memcpy (mb->buf + mb->len, buf, len); + else + memset (mb->buf + mb->len, 0, len); mb->len += len; } @@ -311,6 +314,7 @@ put32 (struct membuf *mb, u32 a ) put_membuf (mb, tmp, 4); } + /* Store a value in the fixup list */ static void @@ -638,12 +642,10 @@ create_blob_finish (KEYBOXBLOB blob) struct membuf *a = blob->buf; unsigned char *p; unsigned char *pp; - int i; size_t n; - /* write a placeholder for the checksum */ - for (i = 0; i < 16; i++ ) - put32 (a, 0); /* Hmmm: why put32() ?? */ + /* Write a placeholder for the checksum */ + put_membuf (a, NULL, 20); /* get the memory area */ n = 0; /* (Just to avoid compiler warning.) */ @@ -671,8 +673,8 @@ create_blob_finish (KEYBOXBLOB blob) } } - /* calculate and store the MD5 checksum */ - gcry_md_hash_buffer (GCRY_MD_MD5, p + n - 16, p, n - 16); + /* Compute and store the SHA-1 checksum. */ + gcry_md_hash_buffer (GCRY_MD_SHA1, p + n - 20, p, n - 20); pp = xtrymalloc (n); if ( !pp ) |