summaryrefslogtreecommitdiffstats
path: root/g10
diff options
context:
space:
mode:
Diffstat (limited to 'g10')
-rw-r--r--g10/ChangeLog15
-rw-r--r--g10/cipher.c19
-rw-r--r--g10/decrypt.c2
-rw-r--r--g10/encr-data.c19
-rw-r--r--g10/g10.c1
-rw-r--r--g10/import.c5
-rw-r--r--g10/keygen.c18
-rw-r--r--g10/misc.c3
-rw-r--r--g10/parse-packet.c1
-rw-r--r--g10/ringedit.c20
-rw-r--r--g10/seckey-cert.c7
11 files changed, 85 insertions, 25 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog
index 91a45a931..c2885b4e1 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,18 @@
+Wed Apr 7 20:51:39 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
+
+ * encr-data.c (decrypt_data): Fixes for 128 bit blocksize
+ * cipher.c (write_header): Ditto.
+ * seckey-cert.c (do_check): Ditto.
+ (protect_secret_key). Ditto.
+ * misc.c (print_cipher_algo_note): Twofish is now a standard algo.
+
+ * keygen.c (do_create): Fixed spelling (Gaël Quéri)
+ (ask_keysize): Only allow keysizes up to 4096
+
+ * ringedit.c (add_keyblock_resource): chmod newly created secrings.
+
+ * import.c (delete_inv_parts): Fixed accidently deleted subkeys.
+
Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de>
* armor.c: Removed duped include (John Bley)
diff --git a/g10/cipher.c b/g10/cipher.c
index 0d6e54ff2..98c5e8403 100644
--- a/g10/cipher.c
+++ b/g10/cipher.c
@@ -1,5 +1,5 @@
/* cipher.c - En-/De-ciphering filter
- * Copyright (C) 1998 Free Software Foundation, Inc.
+ * Copyright (C) 1998,1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -45,6 +45,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
PKT_encrypted ed;
byte temp[18];
unsigned blocksize;
+ unsigned nprefix;
memset( &ed, 0, sizeof ed );
ed.len = cfx->datalen;
@@ -57,16 +58,22 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
blocksize = cipher_get_blocksize( cfx->dek->algo );
if( blocksize < 8 || blocksize > 16 )
log_fatal("unsupported blocksize %u\n", blocksize );
- randomize_buffer( temp, blocksize, 1 );
- temp[blocksize] = temp[blocksize-2];
- temp[blocksize+1] = temp[blocksize-1];
+ /* FIXME: remove the kludge for the experimental twofish128 mode:
+ * we always use the 10 byte prefix and not one depending on the blocksize
+ */
+ nprefix = cfx->dek->algo == CIPHER_ALGO_TWOFISH_OLD? blocksize : 8;
+ randomize_buffer( temp, nprefix, 1 );
+ temp[nprefix] = temp[nprefix-2];
+ temp[nprefix+1] = temp[nprefix-1];
print_cipher_algo_note( cfx->dek->algo );
cfx->cipher_hd = cipher_open( cfx->dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
+ /*log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/
cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen );
cipher_setiv( cfx->cipher_hd, NULL );
- cipher_encrypt( cfx->cipher_hd, temp, temp, blocksize+2);
+ /* log_hexdump( "prefix", temp, nprefix+2 );*/
+ cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2);
cipher_sync( cfx->cipher_hd );
- iobuf_write(a, temp, blocksize+2);
+ iobuf_write(a, temp, nprefix+2);
cfx->header=1;
}
diff --git a/g10/decrypt.c b/g10/decrypt.c
index f59f2a546..3d223eadd 100644
--- a/g10/decrypt.c
+++ b/g10/decrypt.c
@@ -1,4 +1,4 @@
-/* verify.c - verify signed data
+/* decrypt.c - verify signed data
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
diff --git a/g10/encr-data.c b/g10/encr-data.c
index c5967c23b..8ae6949d8 100644
--- a/g10/encr-data.c
+++ b/g10/encr-data.c
@@ -52,6 +52,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
int rc, c, i;
byte temp[32];
unsigned blocksize;
+ unsigned nprefix;
if( opt.verbose ) {
const char *s = cipher_algo_to_string( dek->algo );
@@ -65,10 +66,15 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
blocksize = cipher_get_blocksize(dek->algo);
if( !blocksize || blocksize > 16 )
log_fatal("unsupported blocksize %u\n", blocksize );
- if( ed->len && ed->len < (blocksize+2) )
- log_bug("Nanu\n"); /* oops: found a bug */
+ /* FIXME: remove the kludge for the experimental twofish128 mode:
+ * we always use the 10 byte prefix and not one depending on the blocksize
+ */
+ nprefix = dek->algo == CIPHER_ALGO_TWOFISH_OLD? blocksize : 8;
+ if( ed->len && ed->len < (nprefix+2) )
+ BUG();
dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 );
+ /*log_hexdump( "thekey", dek->key, dek->keylen );*/
rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen );
if( rc == G10ERR_WEAK_KEY )
log_info(_("WARNING: message was encrypted with "
@@ -79,7 +85,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
cipher_setiv( dfx.cipher_hd, NULL );
if( ed->len ) {
- for(i=0; i < (blocksize+2) && ed->len; i++, ed->len-- ) {
+ for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) {
if( (c=iobuf_get(ed->buf)) == -1 )
break;
else
@@ -87,16 +93,17 @@ decrypt_data( PKT_encrypted *ed, DEK *dek )
}
}
else {
- for(i=0; i < (blocksize+2); i++ )
+ for(i=0; i < (nprefix+2); i++ )
if( (c=iobuf_get(ed->buf)) == -1 )
break;
else
temp[i] = c;
}
- cipher_decrypt( dfx.cipher_hd, temp, temp, blocksize+2);
+ cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2);
cipher_sync( dfx.cipher_hd );
p = temp;
- if( p[blocksize-2] != p[blocksize] || p[blocksize-1] != p[blocksize+1] ) {
+ /*log_hexdump( "prefix", temp, nprefix+2 );*/
+ if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) {
cipher_close(dfx.cipher_hd);
return G10ERR_BAD_KEY;
}
diff --git a/g10/g10.c b/g10/g10.c
index 5ec1a013c..7e98f1e29 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -176,6 +176,7 @@ static ARGPARSE_OPTS opts[] = {
{ aVerify, "verify" , 256, N_("verify a signature")},
#endif
{ aListKeys, "list-keys", 256, N_("list keys")},
+ { aListKeys, "list-public-keys", 256, "@" },
{ aListSigs, "list-sigs", 256, N_("list keys and signatures")},
{ aCheckKeys, "check-sigs",256, N_("check key signatures")},
{ oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},
diff --git a/g10/import.c b/g10/import.c
index deab7f4bd..5a739b922 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -765,7 +765,10 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
}
delete_kbnode( node ); /* the user-id */
/* and all following packets up to the next user-id */
- while( node->next && node->next->pkt->pkttype != PKT_USER_ID ){
+ while( node->next
+ && node->next->pkt->pkttype != PKT_USER_ID
+ && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY
+ && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ){
delete_kbnode( node->next );
node = node->next;
}
diff --git a/g10/keygen.c b/g10/keygen.c
index 7fcd86453..6637d95e4 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -1,5 +1,5 @@
/* keygen.c - generate a key pair
- * Copyright (C) 1998 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -454,6 +454,18 @@ ask_keysize( int algo )
tty_printf(_("DSA only allows keysizes from 512 to 1024\n"));
else if( nbits < 768 )
tty_printf(_("keysize too small; 768 is smallest value allowed.\n"));
+ else if( nbits > 4096 ) {
+ /* It is ridiculous and an annoyance to use larger key sizes!
+ * GnuPG can handle much larger sizes; but it takes an eternity
+ * to create such a key (but less than the time the Sirius
+ * Computer Corporation needs to process one of the usual
+ * complaints) and {de,en}cryption although needs some time.
+ * So, before you complain about this limitation, I suggest that
+ * you start a discussion with Marvin about this theme and then
+ * do whatever you want. */
+ tty_printf(_("keysize too large; %d is largest value allowed.\n"),
+ 4096);
+ }
else if( nbits > 2048 && !cpr_enabled() ) {
tty_printf(
_("Keysizes larger than 2048 are not suggested because\n"
@@ -762,8 +774,8 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root,
tty_printf(_(
"We need to generate a lot of random bytes. It is a good idea to perform\n"
"some other action (type on the keyboard, move the mouse, utilize the\n"
-"the disks) during the prime generation; this gives the random\n"
-"number generator a better chance to gain enough entropy.\n") );
+"disks) during the prime generation; this gives the random number\n"
+"generator a better chance to gain enough entropy.\n") );
if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E )
rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k,
diff --git a/g10/misc.c b/g10/misc.c
index 09811ae4e..47420638d 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -1,5 +1,5 @@
/* misc.c - miscellaneous functions
- * Copyright (C) 1998 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -225,6 +225,7 @@ print_cipher_algo_note( int algo )
else if( algo == CIPHER_ALGO_3DES
|| algo == CIPHER_ALGO_CAST5
|| algo == CIPHER_ALGO_BLOWFISH
+ || algo == CIPHER_ALGO_TWOFISH
)
;
else {
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 40c737c39..bf22f10dc 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -1318,7 +1318,6 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
rc = G10ERR_INVALID_PACKET;
goto leave;
}
- /* fixme: Add support for other blocksizes */
for(i=0; i < 8 && pktlen; i++, pktlen-- )
temp[i] = iobuf_get_noeof(inp);
if( list_mode ) {
diff --git a/g10/ringedit.c b/g10/ringedit.c
index b61aa9b94..30e30cefe 100644
--- a/g10/ringedit.c
+++ b/g10/ringedit.c
@@ -318,8 +318,19 @@ add_keyblock_resource( const char *url, int force, int secret )
rc = G10ERR_OPEN_FILE;
goto leave;
}
- else
+ else {
+ #ifndef HAVE_DOSISH_SYSTEM
+ if( secret ) {
+ if( chmod( filename, S_IRUSR | S_IWUSR ) ) {
+ log_error("%s: chmod failed: %s\n",
+ filename, strerror(errno) );
+ rc = G10ERR_WRITE_FILE;
+ goto leave;
+ }
+ }
+ #endif
log_info(_("%s: keyring created\n"), filename );
+ }
}
#if HAVE_DOSISH_SYSTEM || 1
iobuf_close( iobuf );
@@ -350,6 +361,13 @@ add_keyblock_resource( const char *url, int force, int secret )
goto leave;
}
+ #ifndef HAVE_DOSISH_SYSTEM
+ #if 0 /* fixme: check directory permissions and print a warning */
+ if( secret ) {
+ }
+ #endif
+ #endif
+
/* fixme: avoid duplicate resources */
resource_table[i].used = 1;
resource_table[i].secret = !!secret;
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 7f0d41e33..4ee0485ca 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -1,5 +1,5 @@
/* seckey-cert.c - secret key certificate packet handling
- * Copyright (C) 1998 Free Software Foundation, Inc.
+ * Copyright (C) 1998, 1999 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@@ -52,8 +52,7 @@ do_check( PKT_secret_key *sk )
if( sk->protect.algo == CIPHER_ALGO_NONE )
BUG();
- if( check_cipher_algo( sk->protect.algo )
- || cipher_get_blocksize( sk->protect.algo ) != 8 ) {
+ if( check_cipher_algo( sk->protect.algo ) ) {
log_info(_("protection algorithm %d is not supported\n"),
sk->protect.algo );
return G10ERR_CIPHER_ALGO;
@@ -222,8 +221,6 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
if( check_cipher_algo( sk->protect.algo ) )
rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
- else if( cipher_get_blocksize( sk->protect.algo ) != 8 )
- rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */
else {
print_cipher_algo_note( sk->protect.algo );
cipher_hd = cipher_open( sk->protect.algo,