[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: more on read_s2k() for GnuTLS 2.4.1 (including "GNU dummy S2K")
From: |
Daniel Kahn Gillmor |
Subject: |
Re: more on read_s2k() for GnuTLS 2.4.1 (including "GNU dummy S2K") |
Date: |
Thu, 14 Aug 2008 20:59:41 -0400 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) |
On Thu 2008-08-14 04:19:01 -0400, Simon Josefsson wrote:
> Ouch.
I know! One day i'll be a better programmer, i hope :/
> FWIW, I think your goal is fine and it should be supported
> eventually.
Thanks, that's good to hear.
> I'm not sure this can go into 2.4.x, it seems like a somewhat large
> addition, although I'll let Nikos comment as well. Maybe it could
> go in.
Hrm. I don't think it's that big of a change (and it only affects a
people using GnuTLS for OpenPGP), but of course i'll defer to you and
Nikos.
> However, this certainly seems appropriate for 2.5. Please create a
> patch for it, and I'll apply it.
The patch to enable parsing (but not decrypting) of locked secret keys
(including the "gnu-dummy" S2K option) against GnuTLS 2.5.3 is
attached, and seems to work for me. Please let me know if you have
any problems or concerns with it.
> Btw, I want to get the 2.6.x release process started, I think we
> have enough new features in 2.5.x to be ready for a new stable
> release. So maybe it isn't that important to get into 2.4.x if
> 2.6.x is release relatively soon.
I was hoping for 2.4.x because i'd love to see support for this in
debian lenny, but we likely won't be able to get a new version of
2.4.x into lenny at this point in debian's release cycle anyway.
Regardless of its status in 2.4.x, i'd certainly like to see this
behavior in 2.6.
Regards,
--dkg
diff --git a/lib/opencdk/opencdk.h b/lib/opencdk/opencdk.h
index 9df17ff..d4717b1 100644
--- a/lib/opencdk/opencdk.h
+++ b/lib/opencdk/opencdk.h
@@ -185,7 +185,8 @@ enum cdk_pubkey_algo_t {
enum cdk_s2k_type_t {
CDK_S2K_SIMPLE = 0,
CDK_S2K_SALTED = 1,
- CDK_S2K_ITERSALTED = 3
+ CDK_S2K_ITERSALTED = 3,
+ CDK_S2K_GNU_DUMMY = 101 /* look for --export-secret-subkeys in gpg(1) */
};
/* The different kind of user ID preferences. */
diff --git a/lib/opencdk/read-packet.c b/lib/opencdk/read-packet.c
index 9e40903..78e5605 100644
--- a/lib/opencdk/read-packet.c
+++ b/lib/opencdk/read-packet.c
@@ -78,10 +78,35 @@ read_16 (cdk_stream_t s)
}
-static int
+/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */
+static cdk_error_t
read_s2k (cdk_stream_t inp, cdk_s2k_t s2k)
{
- return CDK_Not_Implemented;
+ size_t nread;
+
+ s2k->mode = cdk_stream_getc (inp);
+ s2k->hash_algo = cdk_stream_getc (inp);
+ if (s2k->mode == CDK_S2K_SIMPLE)
+ return 0;
+ else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
+ {
+ if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
+ return CDK_Inv_Packet;
+ if (nread != DIM (s2k->salt))
+ return CDK_Inv_Packet;
+
+ if (s2k->mode == CDK_S2K_ITERSALTED)
+ s2k->count = cdk_stream_getc (inp);
+ }
+ else if (s2k->mode == CDK_S2K_GNU_DUMMY)
+ {
+ /* look for --export-secret-subkeys in gpg(1) */
+ return 0;
+ }
+ else
+ return CDK_Not_Implemented;
+
+ return 0;
}
@@ -330,14 +355,19 @@ read_secret_key (cdk_stream_t inp, size_t pktlen,
cdk_pkt_seckey_t sk)
rc = read_s2k (inp, sk->protect.s2k);
if (rc)
return rc;
- sk->protect.ivlen = _gnutls_cipher_get_block_size (sk->protect.algo);
- if (sk->protect.ivlen <= 0)
- return CDK_Inv_Packet;
- rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
- if (rc)
- return rc;
- if (nread != sk->protect.ivlen)
- return CDK_Inv_Packet;
+ /* refer to --export-secret-subkeys in gpg(1) */
+ if (sk->protect.s2k->mode == CDK_S2K_GNU_DUMMY)
+ sk->protect.ivlen = 0;
+ else {
+ sk->protect.ivlen = gcry_cipher_get_algo_blklen (sk->protect.algo);
+ if (!sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
+ if (rc)
+ return rc;
+ if (nread != sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ }
}
else
sk->protect.algo = _pgp_cipher_to_gnutls (sk->s2k_usage);
@@ -391,6 +421,11 @@ read_secret_key (cdk_stream_t inp, size_t pktlen,
cdk_pkt_seckey_t sk)
return CDK_Out_Of_Core;
if (stream_read (inp, sk->encdata, sk->enclen, &nread))
return CDK_Inv_Packet;
+ /* checking that this is supposed to be a GNU Dummy S2K, which we know:
*/
+ if ((sk->protect.s2k->mode == CDK_S2K_GNU_DUMMY) &&
+ ((sk->enclen != strlen("GNU\01")) ||
+ (0 != memcmp("GNU\01", sk->encdata, strlen("GNU\01")))))
+ return CDK_Inv_Packet;
nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
if (!nskey)
{
pgpvIQu_CJSLW.pgp
Description: PGP signature
- more on read_s2k() for GnuTLS 2.4.1 (including "GNU dummy S2K"), Daniel Kahn Gillmor, 2008/08/13
- Re: more on read_s2k() for GnuTLS 2.4.1 (including "GNU dummy S2K"), Simon Josefsson, 2008/08/14
- Re: more on read_s2k() for GnuTLS 2.4.1 (including "GNU dummy S2K"),
Daniel Kahn Gillmor <=
- read_s2k() for GnuTLS 2.5.3 (including "GNU dummy S2K") [was: Re: more on read_s2k() for GnuTLS 2.4.1 (including "GNU dummy S2K")], Daniel Kahn Gillmor, 2008/08/18
- Re: more on read_s2k() for GnuTLS 2.4.1 (including "GNU dummy S2K"), Nikos Mavrogiannopoulos, 2008/08/19
- Re: more on read_s2k() for GnuTLS 2.4.1 (including "GNU dummy S2K"), Daniel Kahn Gillmor, 2008/08/19
- GNU extensions to read_s2k for 2.5.x [was: Re: more on read_s2k() for GnuTLS ...], Daniel Kahn Gillmor, 2008/08/22
- GNU extensions to read_s2k for GnuTLS 2.4.x [was: Re: GNU extensions to read_s2k for 2.5.x], Daniel Kahn Gillmor, 2008/08/22
- Re: GNU extensions to read_s2k for GnuTLS 2.4.x, Simon Josefsson, 2008/08/22
- Re: GNU extensions to read_s2k for GnuTLS 2.4.x, Daniel Kahn Gillmor, 2008/08/22
- Re: GNU extensions to read_s2k for 2.5.x, Werner Koch, 2008/08/22
- Re: GNU extensions to read_s2k for 2.5.x, Daniel Kahn Gillmor, 2008/08/22