summaryrefslogtreecommitdiffstats
path: root/doc/HACKING
blob: eee9f628b4d18689ce722bbed79553d1e22daa1e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
		      A Hacker's Guide to GNUPG
		   ================================
		   (Some notes on GNUPG internals.)


		   ===> Under construction <=======


CVS Access
==========

NOTE: CVS access has been disabled while we are migrating to Subversion.
Watch www.gnupg.org for instarctions on how to use the Subversion repository.

Anonymous read-only CVS access is available:

  cvs -z3 -d :pserver:anoncvs@cvs.gnupg.org:/cvs/gnupg login

use the password "anoncvs".  To check out the the complete
archive use:

  cvs -z3 -d :pserver:anoncvs@cvs.gnupg.org:/cvs/gnupg \
        checkout -R STABLE-BRANCH-1-0 gnupg

This service is provided to help you in hunting bugs and not to deliver
stable snapshots; it may happen that it even does not compile, so please
don't complain. CVS may put a high load on a server, so please don't poll
poll for new updates but wait for an announcement; to receive this you may
want to subscribe to:

    gnupg-commit-watchers@gnupg.org

by sending a mail with subject "subscribe" to

    gnupg-commit-watchers-request@gnupg.org


You must run scripts/autogen.sh before doing the ./configure,
as this creates some needed while which are not in the CVS.
autogen.sh should checks that you have all required tools
installed.


RSYNC access
============
The FTP archive is also available by anonymous rsync.  A daily snapshot
of the CVS head revision is also available.  See rsync(1) and try
"rsync ftp.gnupg.org::" to see available resources.



Special Tools
=============
Documentation is based on the docbook DTD.  Actually we have only the
man page for now.  To build a man page you need the docbook-to-man
tool and all the other thinks needed for SGML processing.  Debian
comes with the docbook tools and you only need this docbook-to-man
script which is comes with gtk-doc or download it from
ftp.openit.de:/pub/devel/sgml.	If you don't have it everything
should still work fine but you will have only a dummy man page.


RFCs
====

1423  Privacy Enhancement for Internet Electronic Mail:
      Part III: Algorithms, Modes, and Identifiers.

1489  Registration of a Cyrillic Character Set.

1750  Randomness Recommendations for Security.

1991  PGP Message Exchange Formats.

2015  MIME Security with Pretty Good Privacy (PGP).

2144  The CAST-128 Encryption Algorithm.

2279  UTF-8, a transformation format of ISO 10646.

2440  OpenPGP.



Debug Flags
-----------
Use the option "--debug n" to output debug information. This option
can be used multiple times, all values are ORed; n maybe prefixed with
0x to use hex-values.

     value  used for
     -----  ----------------------------------------------
      1     packet reading/writing
      2     MPI details
      4     ciphers and primes (may reveal sensitive data)
      8     iobuf filter functions
      16    iobuf stuff
      32    memory allocation stuff
      64    caching
      128   show memory statistics at exit
      256   trust verification stuff




Directory Layout
----------------
  ./		Readme, configure
  ./scripts	Scripts needed by configure and others
  ./doc 	Documentation
  ./util	General purpose utility function
  ./mpi 	Multi precision integer library
  ./cipher	Cryptographic functions
  ./g10 	GnuPG application
  ./tools	Some helper and demo programs
  ./keybox	The keybox library (under construction)
  ./gcrypt	Stuff needed to build libgcrypt (under construction)


Detailed Roadmap
----------------
g10/g10.c	Main module with option parsing and all the stuff you have
		to do on startup.  Also has the exout handler and some
		helper functions.
g10/sign.c      Create signature and optionally encrypt

g10/parse-packet.c
g10/build-packet.c
g10/free-packet.c
		Parsing and creating of OpenPGP message packets.

g10/getkey.c    Key selection code
g10/pkclist.c   Build a list of public keys
g10/skclist.c   Build a list of secret keys
g10/ringedit.c  Keyring I/O
g10/keydb.h

g10/keyid.c	Helper functions to get the keyid, fingerprint etc.


g10/trustdb.c    
g10/trustdb.h
g10/tdbdump.c
               Management of the trustdb.gpg

g10/compress.c Filter to handle compression
g10/filter.h   Declarations for all filter functions
g10/delkey.c   Delete a key
g10/kbnode.c   Helper for the KBNODE linked list
g10/main.h     Prototypes and some constants
g10/mainproc.c Message processing
g10/armor.c    Ascii armor filter 
g10/mdfilter.c Filter to calculate hashs
g10/textfilter.c Filter to handle CR/LF and trailing white space
g10/cipher.c   En-/Decryption filter
g10/misc.c     Utlity functions
g10/options.h  Structure with all the command line options
               and related constants
g10/openfile.c Create/Open Files
g10/tdbio.c    I/O handling for the trustdb.gpg
g10/tdbio.h
g10/hkp.h      Keyserver access
g10/hkp.c
g10/packet.h   Defintion of OpenPGP structures.
g10/passphrase.c  Passphrase handling code
g10/pubkey-enc.c  
g10/seckey-cert.c
g10/seskey.c
g10/import.c
g10/export.c
g10/comment.c
g10/status.c
g10/status.h
g10/sign.c
g10/plaintext.c
g10/encr-data.c
g10/encode.c
g10/revoke.c
g10/keylist.c
g10/sig-check.c
g10/signal.c
g10/helptext.c
g10/verify.c
g10/decrypt.c
g10/keyedit.c
g10/dearmor.c
g10/keygen.c



Memory allocation
-----------------
Use only the functions:

    m_alloc()
    m_alloc_clear()
    m_strdup()
    m_free()

If you want to store a passphrase or some other sensitive data you may
want to use m_alloc_secure() instead of m_alloc(), as this puts the data
into a memory region which is protected from swapping (on some platforms).
m_free() works for both.  This functions will not return if there is not
enough memory available.



Logging
-------






Option parsing
---------------
GNUPG does not use getopt or GNU getopt but functions of it's own.  See
util/argparse.c for details.  The advantage of these functions is that
it is more easy to display and maintain the help texts for the options.
The same option table is also used to parse resource files.



What is an IOBUF
----------------
This is the data structure used for most I/O of gnupg.	It is similar
to System V Streams but much simpler.  Because OpenPGP messages are nested
in different ways; the use of such a system has big advantages.  Here is
an example, how it works:  If the parser sees a packet header with a partial
length, it pushes the block_filter onto the IOBUF to handle these partial
length packets: from now on you don't have to worry about this.  When it sees
a compressed packet it pushes the uncompress filter and the next read byte
is one which has already been uncompressed by this filter. Same goes for
enciphered packet, plaintext packets and so on.  The file g10/encode.c
might be a good staring point to see how it is used  - actually this is
the other way: constructing messages using pushed filters but it may be
easier to understand.


How to use the message digest functions
---------------------------------------
cipher/md.c implements an interface to hash (message digest functions).

a) If you have a common part of data and some variable parts
   and you need to hash of the concatenated parts, you can use this:
	md = md_open(...)
	md_write( md,  common_part )
	md1 = md_copy( md )
	md_write(md1, part1)
	md_final(md1);
	digest1 = md_read(md1)
	md2 = md_copy( md )
	md_write(md2, part2)
	md_final(md2);
	digest2 = md_read(md2)

   An example are key signatures; the key packet is the common part
   and the user-id packets are the variable parts.

b) If you need a running digest you should use this:
	md = md_open(...)
	md_write( md, part1 )
	digest_of_part1 = md_digest( md );
	md_write( md, part2 )
	digest_of_part1_cat_part2 = md_digest( md );
	....

Both methods may be combined. [Please see the source for the real syntax]




How to use the cipher functions
-------------------------------
cipher/cipher.c implements the interface to symmetric encryption functions.
As usual you have a function to open a cipher (which returns a handle to be used
with all other functions), some functions to set the key and other stuff and
a encrypt and decrypt function which does the real work.  You probably know
how to work with files - so it should really be easy to work with these
functions.  Here is an example:

    CIPHER_HANDLE hd;

    hd = cipher_open( CIPHER_ALGO_TWOFISH, CIPHER_MODE_CFB, 0 );
    if( !hd )
	oops( use other function to check for the real error );
    rc = cipher_setkey( hd, key256bit, 32 ) )
    if( rc )
	oops( weak key or something like this );
    cipher_setiv( hd, some_IV_or_NULL_for_all_zeroes );
    cipher_encrypt( hd, plain, cipher, size );
    cipher_close( hd );



How to use the public key functions
-----------------------------------
cipher/pubkey.c implements the interface to asymmetric encryption and
signature functions. This is basically the same as with the symmetric
counterparts, but due to their nature it is a little bit more complicated.

   [Give an example]