[git] GnuPG - branch, key-storage-work, updated. gnupg-2.1.0beta3-134-gb11f84b
by Werner Koch
cvs at cvs.gnupg.org
Tue Jan 8 22:10:10 CET 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, key-storage-work has been updated
via b11f84b858bad867f1062977a7aba30299157e90 (commit)
via bbcdb3d3cefa06b2bff367054c6518f611d7abb7 (commit)
from 492792378dc7a79316ef742b2ffaa46c6cda282a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit b11f84b858bad867f1062977a7aba30299157e90
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jan 8 18:15:49 2013 +0100
kbx: Switch from MD5 to SHA-1 for the checksum.
* kbx/keybox-blob.c (put_membuf): Use a NULL buf to store zero bytes.
(create_blob_finish): Write just the needed space.
(create_blob_finish): Switch to SHA-1.
* kbx/keybox-dump.c (print_checksum): New.
(_keybox_dump_blob): Print the checksum and the verification status.
--
The checksum was never used in the past. Due to fast SHA-1
computations in modern CPUs we now use SHA-1. Eventually we will
support a First blob flag to enable the use of a secret or public
HMAC-SHA1. The first may be used for authentication of keyblocks and
the latter to mitigate collission attacks on SHA-1. It is not clear
whether this will be useful at all.
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index 62d1c9f..6493527 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -261,7 +261,10 @@ put_membuf (struct membuf *mb, const void *buf, size_t len)
}
mb->buf = p;
}
- memcpy (mb->buf + mb->len, buf, len);
+ if (buf)
+ memcpy (mb->buf + mb->len, buf, len);
+ else
+ memset (mb->buf + mb->len, 0, len);
mb->len += len;
}
@@ -311,6 +314,7 @@ put32 (struct membuf *mb, u32 a )
put_membuf (mb, tmp, 4);
}
+
�
/* Store a value in the fixup list */
static void
@@ -638,12 +642,10 @@ create_blob_finish (KEYBOXBLOB blob)
struct membuf *a = blob->buf;
unsigned char *p;
unsigned char *pp;
- int i;
size_t n;
- /* write a placeholder for the checksum */
- for (i = 0; i < 16; i++ )
- put32 (a, 0); /* Hmmm: why put32() ?? */
+ /* Write a placeholder for the checksum */
+ put_membuf (a, NULL, 20);
/* get the memory area */
n = 0; /* (Just to avoid compiler warning.) */
@@ -671,8 +673,8 @@ create_blob_finish (KEYBOXBLOB blob)
}
}
- /* calculate and store the MD5 checksum */
- gcry_md_hash_buffer (GCRY_MD_MD5, p + n - 16, p, n - 16);
+ /* Compute and store the SHA-1 checksum. */
+ gcry_md_hash_buffer (GCRY_MD_SHA1, p + n - 20, p, n - 20);
pp = xtrymalloc (n);
if ( !pp )
diff --git a/kbx/keybox-dump.c b/kbx/keybox-dump.c
index b603814..c397f9c 100644
--- a/kbx/keybox-dump.c
+++ b/kbx/keybox-dump.c
@@ -80,6 +80,57 @@ print_string (FILE *fp, const byte *p, size_t n, int delim)
static int
+print_checksum (const byte *buffer, size_t length, size_t unhashed, FILE *fp)
+{
+ const byte *p;
+ int i;
+ int hashlen;
+ unsigned char digest[20];
+
+ fprintf (fp, "Checksum: ");
+ if (unhashed && unhashed < 20)
+ {
+ fputs ("[specified unhashed sized too short]\n", fp);
+ return 0;
+ }
+ if (!unhashed)
+ {
+ unhashed = 16;
+ hashlen = 16;
+ }
+ else
+ hashlen = 20;
+ if (length < 5+unhashed)
+ {
+ fputs ("[blob too short for a checksum]\n", fp);
+ return 0;
+ }
+
+ p = buffer + length - hashlen;
+ for (i=0; i < hashlen; p++, i++)
+ fprintf (fp, "%02x", *p);
+
+ if (hashlen == 16) /* Compatibility method. */
+ {
+ gcry_md_hash_buffer (GCRY_MD_MD5, digest, buffer, length - 16);
+ if (!memcmp (buffer + length - 16, digest, 16))
+ fputs (" [valid]\n", fp);
+ else
+ fputs (" [bad]\n", fp);
+ }
+ else
+ {
+ gcry_md_hash_buffer (GCRY_MD_SHA1, digest, buffer, length - unhashed);
+ if (!memcmp (buffer + length - hashlen, digest, hashlen))
+ fputs (" [valid]\n", fp);
+ else
+ fputs (" [bad]\n", fp);
+ }
+ return 0;
+}
+
+
+static int
dump_header_blob (const byte *buffer, size_t length, FILE *fp)
{
unsigned long n;
@@ -108,12 +159,13 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
{
const byte *buffer;
size_t length;
- int type;
+ int type, i;
ulong n, nkeys, keyinfolen;
ulong nuids, uidinfolen;
ulong nsigs, siginfolen;
ulong rawdata_off, rawdata_len;
ulong nserial;
+ ulong unhashed;
const byte *p;
buffer = _keybox_get_blob_image (blob, &length);
@@ -189,8 +241,12 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
fprintf( fp, "Data-Offset: %lu\n", rawdata_off );
fprintf( fp, "Data-Length: %lu\n", rawdata_len );
if (rawdata_off > length || rawdata_len > length
- || rawdata_off+rawdata_off > length)
+ || rawdata_off+rawdata_len > length
+ || rawdata_len + 4 > length
+ || rawdata_off+rawdata_len + 4 > length)
fprintf (fp, "[Error: raw data larger than blob]\n");
+ unhashed = get32 (buffer + rawdata_off + rawdata_len);
+ fprintf (fp, "Unhashed: %lu\n", unhashed);
nkeys = get16 (buffer + 16);
fprintf (fp, "Key-Count: %lu\n", nkeys );
@@ -205,7 +261,6 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
p = buffer + 20;
for (n=0; n < nkeys; n++, p += keyinfolen)
{
- int i;
ulong kidoff, kflags;
fprintf (fp, "Key-Fpr[%lu]: ", n );
@@ -347,13 +402,17 @@ _keybox_dump_blob (KEYBOXBLOB blob, FILE *fp)
n = get32 (p ); p += 4;
fprintf (fp, "Reserved-Space: %lu\n", n );
- /* check that the keyblock is at the correct offset and other bounds */
- /*fprintf (fp, "Blob-Checksum: [MD5-hash]\n");*/
+ if (unhashed >= 24)
+ {
+ n = get32 ( buffer + length - unhashed);
+ fprintf (fp, "Storage-Flags: %08lx\n", n );
+ }
+ print_checksum (buffer, length, unhashed, fp);
return 0;
}
-/* Compute the SHA_1 checksum of teh rawdata in BLOB and aput it into
+/* Compute the SHA-1 checksum of the rawdata in BLOB and put it into
DIGEST. */
static int
hash_blob_rawdata (KEYBOXBLOB blob, unsigned char *digest)
commit bbcdb3d3cefa06b2bff367054c6518f611d7abb7
Author: Werner Koch <wk at gnupg.org>
Date: Tue Jan 8 17:40:56 2013 +0100
kbx: Update blob specification
--
Mainly formatting updates. The only actual change is the checksum
which is now declared as SHA-1.
diff --git a/kbx/keybox-blob.c b/kbx/keybox-blob.c
index 855deaf..62d1c9f 100644
--- a/kbx/keybox-blob.c
+++ b/kbx/keybox-blob.c
@@ -17,93 +17,119 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
+/*
+* The keybox data format
+
+ The KeyBox uses an augmented OpenPGP/X.509 key format. This makes
+ random access to a keyblock/certificate easier and also gives the
+ opportunity to store additional information (e.g. the fingerprint)
+ along with the key. All integers are stored in network byte order,
+ offsets are counted from the beginning of the Blob.
+
+** Overview of blob types
+
+ | Byte 4 | Blob type |
+ |--------+--------------|
+ | 0 | Empty blob |
+ | 1 | First blob |
+ | 2 | OpenPGP blob |
+ | 3 | X.509 blob |
+
+** The First blob
+
+ The first blob of a plain KBX file has a special format:
+
+ - u32 Length of this blob
+ - byte Blob type (1)
+ - byte Version number (1)
+ - byte RFU
+ - byte RFU
+ - b4 Magic 'KBXf'
+ - u32 RFU
+ - u32 file_created_at
+ - u32 last_maintenance_run
+ - u32 RFU
+ - u32 RFU
+
+** The OpenPGP and X.509 blobs
+
+ The OpenPGP and X.509 blobs are very similiar, things which are
+ X.509 specific are noted like [X.509: xxx]
+
+ - u32 Length of this blob (including these 4 bytes)
+ - byte Blob type
+ 2 = OpenPGP
+ 3 = X509
+ - byte Version number of this blob type
+ 1 = The only defined value
+ - u16 Blob flags
+ bit 0 = contains secret key material (not used)
+ bit 1 = ephemeral blob (e.g. used while quering external resources)
+ - u32 Offset to the OpenPGP keyblock or the X.509 DER encoded
+ certificate
+ - u32 The length of the keyblock or certificate
+ - u16 [NKEYS] Number of keys (at least 1!) [X509: always 1]
+ - u16 Size of the key information structure (at least 28).
+ - NKEYS times:
+ - b20 The fingerprint of the key.
+ Fingerprints are always 20 bytes, MD5 left padded with zeroes.
+ - u32 Offset to the n-th key's keyID (a keyID is always 8 byte)
+ or 0 if not known which is the case only for X.509.
+ - u16 Key flags
+ bit 0 = qualified signature (not yet implemented}
+ - u16 RFU
+ - bN Optional filler up to the specified length of this
+ structure.
+ - u16 Size of the serial number (may be zero)
+ - bN The serial number. N as giiven above.
+ - u16 Number of user IDs
+ - u16 [NUIDS] Size of user ID information structure
+ - NUIDS times:
+
+ For X509, the first user ID is the Issuer, the second the
+ Subject and the others are subjectAltNames. For OpenPGP we only
+ store the information from UserID packets here.
+
+ - u32 Blob offset to the n-th user ID
+ - u32 Length of this user ID.
+ - u16 User ID flags.
+ (not yet used)
+ - byte Validity
+ - byte RFU
+
+ - u16 [NSIGS] Number of signatures
+ - u16 Size of signature information (4)
+ - NSIGS times:
+ - u32 Expiration time of signature with some special values:
+ - 0x00000000 = not checked
+ - 0x00000001 = missing key
+ - 0x00000002 = bad signature
+ - 0x10000000 = valid and expires at some date in 1978.
+ - 0xffffffff = valid and does not expire
+ - u8 Assigned ownertrust [X509: not used]
+ - u8 All_Validity
+ OpenPGP: See ../g10/trustdb/TRUST_* [not yet used]
+ X509: Bit 4 set := key has been revoked.
+ Note that this value matches TRUST_FLAG_REVOKED
+ - u16 RFU
+ - u32 Recheck_after
+ - u32 Latest timestamp in the keyblock (useful for KS syncronsiation?)
+ - u32 Blob created at
+ - u32 [NRES] Size of reserved space (not including this field)
+ - bN Reserved space of size NRES for future use.
+ - bN Arbitrary space for example used to store data which is not
+ part of the keyblock or certificate. For example the v3 key
+ IDs go here.
+ - bN Space for the keyblock or certifciate.
+ - bN RFU
+ - b20 SHA-1 checksum (useful for KS syncronisation?)
+ Note, that KBX versions before GnuPG 2.1 used an MD5
+ checksum. However it was only created but never checked.
+ Thus we do not expect problems if we switch to SHA-1. If
+ the checksum fails and the first 4 bytes are zero, we can
+ try again with MD5. SHA-1 has the advantage that it is
+ faster on CPUs with dedicated SHA-1 support.
-/* The keybox data formats
-
-The KeyBox uses an augmented OpenPGP/X.509 key format. This makes
-random access to a keyblock/certificate easier and also gives the
-opportunity to store additional information (e.g. the fingerprint)
-along with the key. All integers are stored in network byte order,
-offsets are counted from the beginning of the Blob.
-
-The first record of a plain KBX file has a special format:
-
- u32 length of the first record
- byte Blob type (1)
- byte version number (1)
- byte reserved
- byte reserved
- u32 magic 'KBXf'
- u32 reserved
- u32 file_created_at
- u32 last_maintenance_run
- u32 reserved
- u32 reserved
-
-The OpenPGP and X.509 blob are very similiar, things which are
-X.509 specific are noted like [X.509: xxx]
-
- u32 length of this blob (including these 4 bytes)
- byte Blob type (2) [X509: 3]
- byte version number of this blob type (1)
- u16 Blob flags
- bit 0 = contains secret key material (not used)
- bit 1 = ephemeral blob (e.g. used while quering external resources)
-
- u32 offset to the OpenPGP keyblock or X509 DER encoded certificate
- u32 and its length
- u16 number of keys (at least 1!) [X509: always 1]
- u16 size of additional key information
- n times:
- b20 The keys fingerprint
- (fingerprints are always 20 bytes, MD5 left padded with zeroes)
- u32 offset to the n-th key's keyID (a keyID is always 8 byte)
- or 0 if not known which is the case only for X509.
- u16 special key flags
- bit 0 = qualified signature (not yet implemented}
- u16 reserved
- u16 size of serialnumber(may be zero)
- n u16 (see above) bytes of serial number
- u16 number of user IDs
- u16 size of additional user ID information
- n times:
- u32 offset to the n-th user ID
- u32 length of this user ID.
- u16 special user ID flags.
- bit 0 =
- byte validity
- byte reserved
- [For X509, the first user ID is the Issuer, the second the Subject
- and the others are subjectAltNames]
- u16 number of signatures
- u16 size of signature information (4)
- u32 expiration time of signature with some special values:
- 0x00000000 = not checked
- 0x00000001 = missing key
- 0x00000002 = bad signature
- 0x10000000 = valid and expires at some date in 1978.
- 0xffffffff = valid and does not expire
- u8 assigned ownertrust [X509: not used]
- u8 all_validity
- OpenPGP: see ../g10/trustdb/TRUST_* [not yet used]
- X509: Bit 4 set := key has been revoked. Note that this value
- matches TRUST_FLAG_REVOKED
- u16 reserved
- u32 recheck_after
- u32 Newest timestamp in the keyblock (useful for KS syncronsiation?)
- u32 Blob created at
- u32 size of reserved space (not including this field)
- reserved space
-
- Here we might want to put other data
-
- Here comes the keyblock
-
- maybe we put a signature here later.
-
- b16 MD5 checksum (useful for KS syncronisation), we might also want to use
- a mac here.
- b4 reserved
*/
-----------------------------------------------------------------------
Summary of changes:
kbx/keybox-blob.c | 214 ++++++++++++++++++++++++++++++-----------------------
kbx/keybox-dump.c | 71 ++++++++++++++++--
2 files changed, 186 insertions(+), 99 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list