diff options
Diffstat (limited to 'g10')
-rw-r--r-- | g10/ChangeLog | 15 | ||||
-rw-r--r-- | g10/cipher.c | 19 | ||||
-rw-r--r-- | g10/decrypt.c | 2 | ||||
-rw-r--r-- | g10/encr-data.c | 19 | ||||
-rw-r--r-- | g10/g10.c | 1 | ||||
-rw-r--r-- | g10/import.c | 5 | ||||
-rw-r--r-- | g10/keygen.c | 18 | ||||
-rw-r--r-- | g10/misc.c | 3 | ||||
-rw-r--r-- | g10/parse-packet.c | 1 | ||||
-rw-r--r-- | g10/ringedit.c | 20 | ||||
-rw-r--r-- | g10/seckey-cert.c | 7 |
11 files changed, 85 insertions, 25 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index 91a45a931..c2885b4e1 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +Wed Apr 7 20:51:39 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> + + * encr-data.c (decrypt_data): Fixes for 128 bit blocksize + * cipher.c (write_header): Ditto. + * seckey-cert.c (do_check): Ditto. + (protect_secret_key). Ditto. + * misc.c (print_cipher_algo_note): Twofish is now a standard algo. + + * keygen.c (do_create): Fixed spelling (Gaël Quéri) + (ask_keysize): Only allow keysizes up to 4096 + + * ringedit.c (add_keyblock_resource): chmod newly created secrings. + + * import.c (delete_inv_parts): Fixed accidently deleted subkeys. + Tue Apr 6 19:58:12 CEST 1999 Werner Koch <wk@isil.d.shuttle.de> * armor.c: Removed duped include (John Bley) diff --git a/g10/cipher.c b/g10/cipher.c index 0d6e54ff2..98c5e8403 100644 --- a/g10/cipher.c +++ b/g10/cipher.c @@ -1,5 +1,5 @@ /* cipher.c - En-/De-ciphering filter - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998,1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -45,6 +45,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) PKT_encrypted ed; byte temp[18]; unsigned blocksize; + unsigned nprefix; memset( &ed, 0, sizeof ed ); ed.len = cfx->datalen; @@ -57,16 +58,22 @@ write_header( cipher_filter_context_t *cfx, IOBUF a ) blocksize = cipher_get_blocksize( cfx->dek->algo ); if( blocksize < 8 || blocksize > 16 ) log_fatal("unsupported blocksize %u\n", blocksize ); - randomize_buffer( temp, blocksize, 1 ); - temp[blocksize] = temp[blocksize-2]; - temp[blocksize+1] = temp[blocksize-1]; + /* FIXME: remove the kludge for the experimental twofish128 mode: + * we always use the 10 byte prefix and not one depending on the blocksize + */ + nprefix = cfx->dek->algo == CIPHER_ALGO_TWOFISH_OLD? blocksize : 8; + randomize_buffer( temp, nprefix, 1 ); + temp[nprefix] = temp[nprefix-2]; + temp[nprefix+1] = temp[nprefix-1]; print_cipher_algo_note( cfx->dek->algo ); cfx->cipher_hd = cipher_open( cfx->dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); + /*log_hexdump( "thekey", cfx->dek->key, cfx->dek->keylen );*/ cipher_setkey( cfx->cipher_hd, cfx->dek->key, cfx->dek->keylen ); cipher_setiv( cfx->cipher_hd, NULL ); - cipher_encrypt( cfx->cipher_hd, temp, temp, blocksize+2); + /* log_hexdump( "prefix", temp, nprefix+2 );*/ + cipher_encrypt( cfx->cipher_hd, temp, temp, nprefix+2); cipher_sync( cfx->cipher_hd ); - iobuf_write(a, temp, blocksize+2); + iobuf_write(a, temp, nprefix+2); cfx->header=1; } diff --git a/g10/decrypt.c b/g10/decrypt.c index f59f2a546..3d223eadd 100644 --- a/g10/decrypt.c +++ b/g10/decrypt.c @@ -1,4 +1,4 @@ -/* verify.c - verify signed data +/* decrypt.c - verify signed data * Copyright (C) 1998 Free Software Foundation, Inc. * * This file is part of GnuPG. diff --git a/g10/encr-data.c b/g10/encr-data.c index c5967c23b..8ae6949d8 100644 --- a/g10/encr-data.c +++ b/g10/encr-data.c @@ -52,6 +52,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) int rc, c, i; byte temp[32]; unsigned blocksize; + unsigned nprefix; if( opt.verbose ) { const char *s = cipher_algo_to_string( dek->algo ); @@ -65,10 +66,15 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) blocksize = cipher_get_blocksize(dek->algo); if( !blocksize || blocksize > 16 ) log_fatal("unsupported blocksize %u\n", blocksize ); - if( ed->len && ed->len < (blocksize+2) ) - log_bug("Nanu\n"); /* oops: found a bug */ + /* FIXME: remove the kludge for the experimental twofish128 mode: + * we always use the 10 byte prefix and not one depending on the blocksize + */ + nprefix = dek->algo == CIPHER_ALGO_TWOFISH_OLD? blocksize : 8; + if( ed->len && ed->len < (nprefix+2) ) + BUG(); dfx.cipher_hd = cipher_open( dek->algo, CIPHER_MODE_AUTO_CFB, 1 ); + /*log_hexdump( "thekey", dek->key, dek->keylen );*/ rc = cipher_setkey( dfx.cipher_hd, dek->key, dek->keylen ); if( rc == G10ERR_WEAK_KEY ) log_info(_("WARNING: message was encrypted with " @@ -79,7 +85,7 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) cipher_setiv( dfx.cipher_hd, NULL ); if( ed->len ) { - for(i=0; i < (blocksize+2) && ed->len; i++, ed->len-- ) { + for(i=0; i < (nprefix+2) && ed->len; i++, ed->len-- ) { if( (c=iobuf_get(ed->buf)) == -1 ) break; else @@ -87,16 +93,17 @@ decrypt_data( PKT_encrypted *ed, DEK *dek ) } } else { - for(i=0; i < (blocksize+2); i++ ) + for(i=0; i < (nprefix+2); i++ ) if( (c=iobuf_get(ed->buf)) == -1 ) break; else temp[i] = c; } - cipher_decrypt( dfx.cipher_hd, temp, temp, blocksize+2); + cipher_decrypt( dfx.cipher_hd, temp, temp, nprefix+2); cipher_sync( dfx.cipher_hd ); p = temp; - if( p[blocksize-2] != p[blocksize] || p[blocksize-1] != p[blocksize+1] ) { + /*log_hexdump( "prefix", temp, nprefix+2 );*/ + if( p[nprefix-2] != p[nprefix] || p[nprefix-1] != p[nprefix+1] ) { cipher_close(dfx.cipher_hd); return G10ERR_BAD_KEY; } @@ -176,6 +176,7 @@ static ARGPARSE_OPTS opts[] = { { aVerify, "verify" , 256, N_("verify a signature")}, #endif { aListKeys, "list-keys", 256, N_("list keys")}, + { aListKeys, "list-public-keys", 256, "@" }, { aListSigs, "list-sigs", 256, N_("list keys and signatures")}, { aCheckKeys, "check-sigs",256, N_("check key signatures")}, { oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")}, diff --git a/g10/import.c b/g10/import.c index deab7f4bd..5a739b922 100644 --- a/g10/import.c +++ b/g10/import.c @@ -765,7 +765,10 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid ) } delete_kbnode( node ); /* the user-id */ /* and all following packets up to the next user-id */ - while( node->next && node->next->pkt->pkttype != PKT_USER_ID ){ + while( node->next + && node->next->pkt->pkttype != PKT_USER_ID + && node->next->pkt->pkttype != PKT_PUBLIC_SUBKEY + && node->next->pkt->pkttype != PKT_SECRET_SUBKEY ){ delete_kbnode( node->next ); node = node->next; } diff --git a/g10/keygen.c b/g10/keygen.c index 7fcd86453..6637d95e4 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -1,5 +1,5 @@ /* keygen.c - generate a key pair - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -454,6 +454,18 @@ ask_keysize( int algo ) tty_printf(_("DSA only allows keysizes from 512 to 1024\n")); else if( nbits < 768 ) tty_printf(_("keysize too small; 768 is smallest value allowed.\n")); + else if( nbits > 4096 ) { + /* It is ridiculous and an annoyance to use larger key sizes! + * GnuPG can handle much larger sizes; but it takes an eternity + * to create such a key (but less than the time the Sirius + * Computer Corporation needs to process one of the usual + * complaints) and {de,en}cryption although needs some time. + * So, before you complain about this limitation, I suggest that + * you start a discussion with Marvin about this theme and then + * do whatever you want. */ + tty_printf(_("keysize too large; %d is largest value allowed.\n"), + 4096); + } else if( nbits > 2048 && !cpr_enabled() ) { tty_printf( _("Keysizes larger than 2048 are not suggested because\n" @@ -762,8 +774,8 @@ do_create( int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, tty_printf(_( "We need to generate a lot of random bytes. It is a good idea to perform\n" "some other action (type on the keyboard, move the mouse, utilize the\n" -"the disks) during the prime generation; this gives the random\n" -"number generator a better chance to gain enough entropy.\n") ); +"disks) during the prime generation; this gives the random number\n" +"generator a better chance to gain enough entropy.\n") ); if( algo == PUBKEY_ALGO_ELGAMAL || algo == PUBKEY_ALGO_ELGAMAL_E ) rc = gen_elg(algo, nbits, pub_root, sec_root, dek, s2k, diff --git a/g10/misc.c b/g10/misc.c index 09811ae4e..47420638d 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -1,5 +1,5 @@ /* misc.c - miscellaneous functions - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -225,6 +225,7 @@ print_cipher_algo_note( int algo ) else if( algo == CIPHER_ALGO_3DES || algo == CIPHER_ALGO_CAST5 || algo == CIPHER_ALGO_BLOWFISH + || algo == CIPHER_ALGO_TWOFISH ) ; else { diff --git a/g10/parse-packet.c b/g10/parse-packet.c index 40c737c39..bf22f10dc 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1318,7 +1318,6 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen, rc = G10ERR_INVALID_PACKET; goto leave; } - /* fixme: Add support for other blocksizes */ for(i=0; i < 8 && pktlen; i++, pktlen-- ) temp[i] = iobuf_get_noeof(inp); if( list_mode ) { diff --git a/g10/ringedit.c b/g10/ringedit.c index b61aa9b94..30e30cefe 100644 --- a/g10/ringedit.c +++ b/g10/ringedit.c @@ -318,8 +318,19 @@ add_keyblock_resource( const char *url, int force, int secret ) rc = G10ERR_OPEN_FILE; goto leave; } - else + else { + #ifndef HAVE_DOSISH_SYSTEM + if( secret ) { + if( chmod( filename, S_IRUSR | S_IWUSR ) ) { + log_error("%s: chmod failed: %s\n", + filename, strerror(errno) ); + rc = G10ERR_WRITE_FILE; + goto leave; + } + } + #endif log_info(_("%s: keyring created\n"), filename ); + } } #if HAVE_DOSISH_SYSTEM || 1 iobuf_close( iobuf ); @@ -350,6 +361,13 @@ add_keyblock_resource( const char *url, int force, int secret ) goto leave; } + #ifndef HAVE_DOSISH_SYSTEM + #if 0 /* fixme: check directory permissions and print a warning */ + if( secret ) { + } + #endif + #endif + /* fixme: avoid duplicate resources */ resource_table[i].used = 1; resource_table[i].secret = !!secret; diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 7f0d41e33..4ee0485ca 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -1,5 +1,5 @@ /* seckey-cert.c - secret key certificate packet handling - * Copyright (C) 1998 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -52,8 +52,7 @@ do_check( PKT_secret_key *sk ) if( sk->protect.algo == CIPHER_ALGO_NONE ) BUG(); - if( check_cipher_algo( sk->protect.algo ) - || cipher_get_blocksize( sk->protect.algo ) != 8 ) { + if( check_cipher_algo( sk->protect.algo ) ) { log_info(_("protection algorithm %d is not supported\n"), sk->protect.algo ); return G10ERR_CIPHER_ALGO; @@ -222,8 +221,6 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) if( check_cipher_algo( sk->protect.algo ) ) rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ - else if( cipher_get_blocksize( sk->protect.algo ) != 8 ) - rc = G10ERR_CIPHER_ALGO; /* unsupport protection algorithm */ else { print_cipher_algo_note( sk->protect.algo ); cipher_hd = cipher_open( sk->protect.algo, |