See ChangeLog: Mon Jan 24 13:04:28 CET 2000 Werner Koch
[gnupg.git] / g10 / seckey-cert.c
index c153782..10f7092 100644 (file)
@@ -26,9 +26,7 @@
 
 #include <gcrypt.h>
 #include "util.h"
-#include "memory.h"
 #include "packet.h"
-#include "mpi.h"
 #include "keydb.h"
 #include "main.h"
 #include "options.h"
@@ -60,7 +58,7 @@ do_check( PKT_secret_key *sk )
        keyid_from_sk( sk, keyid );
        keyid[2] = keyid[3] = 0;
        if( !sk->is_primary ) {
-           PKT_secret_key *sk2 = m_alloc_clear( sizeof *sk2 );
+           PKT_secret_key *sk2 = gcry_xcalloc( 1, sizeof *sk2 );
            if( !get_primary_seckey( sk2, keyid ) )
                keyid_from_sk( sk2, keyid+2 );
            free_secret_key( sk2 );
@@ -78,21 +76,23 @@ do_check( PKT_secret_key *sk )
 
        if( gcry_cipher_setkey( cipher_hd, dek->key, dek->keylen ) )
            log_fatal("set key failed: %s\n", gcry_strerror(-1) );
-       m_free(dek);
+       gcry_free(dek);
        save_sk = copy_secret_key( NULL, sk );
        if( gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ))
            log_fatal("set IV failed: %s\n", gcry_strerror(-1) );
        csum = 0;
        if( sk->version >= 4 ) {
-           int ndata;
+           size_t ndata;
+           unsigned int ndatabits;
            byte *p, *data;
 
            i = pubkey_get_npkey(sk->pubkey_algo);
-           assert( mpi_is_opaque( sk->skey[i] ) );
-           p = mpi_get_opaque( sk->skey[i], &ndata );
-           data = m_alloc_secure( ndata );
+           assert( gcry_mpi_get_flag( sk->skey[i], GCRYMPI_FLAG_OPAQUE ) );
+           p = gcry_mpi_get_opaque( sk->skey[i], &ndatabits );
+           ndata = (ndatabits+7)/8;
+           data = gcry_xmalloc_secure( ndata );
            gcry_cipher_decrypt( cipher_hd, data, ndata, p, ndata );
-           mpi_free( sk->skey[i] ); sk->skey[i] = NULL ;
+           mpi_release( sk->skey[i] ); sk->skey[i] = NULL ;
            p = data;
            if( ndata < 2 ) {
                log_error("not enough bytes for checksum\n");
@@ -104,31 +104,44 @@ do_check( PKT_secret_key *sk )
                sk->csum = data[ndata-2] << 8 | data[ndata-1];
            }
            /* must check it here otherwise the mpi_read_xx would fail
-            * because the length das an abritary value */
+            * because the length may have an arbitrary value */
            if( sk->csum == csum ) {
                for( ; i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
                    nbytes = ndata;
-                   sk->skey[i] = mpi_read_from_buffer(p, &nbytes, 1 );
+                   assert( gcry_is_secure( p ) );
+                   res = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_PGP,
+                                                            p, &nbytes);
+                   if( res )
+                       log_bug("gcry_mpi_scan failed in do_check: rc=%d\n", res);
+
                    ndata -= nbytes;
                    p += nbytes;
                }
            }
-           m_free(data);
+           gcry_free(data);
        }
        else {
            for(i=pubkey_get_npkey(sk->pubkey_algo);
                    i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
-               buffer = mpi_get_secure_buffer( sk->skey[i], &nbytes, NULL );
+               size_t ndata;
+               unsigned int ndatabits;
+               byte *p, *data;
+
+               assert( gcry_mpi_get_flag( sk->skey[i], GCRYMPI_FLAG_OPAQUE ) );
+               p = gcry_mpi_get_opaque( sk->skey[i], &ndatabits );
+               ndata = (ndatabits+7)/8;
+               data = gcry_xmalloc_secure( ndata );
                gcry_cipher_sync( cipher_hd );
-               assert( mpi_is_protected(sk->skey[i]) );
-               gcry_cipher_decrypt( cipher_hd, buffer, nbytes, NULL, 0 );
-               mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
-               mpi_clear_protect_flag( sk->skey[i] );
+               gcry_cipher_decrypt( cipher_hd, data, ndata, p, ndata );
+               mpi_release( sk->skey[i] ); sk->skey[i] = NULL ;
+
+               res = gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_USG,
+                                    data, &ndata );
+               if( res )
+                   log_bug("gcry_mpi_scan failed in do_check: rc=%d\n", res);
+
                csum += checksum_mpi( sk->skey[i] );
-               m_free( buffer );
-           }
-           if( opt.emulate_bugs & EMUBUG_GPGCHKSUM ) {
-              csum = sk->csum;
+               gcry_free( buffer );
            }
        }
        gcry_cipher_close( cipher_hd );
@@ -258,10 +271,12 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
            }
 
            assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
-           randomize_buffer(sk->protect.iv, sk->protect.ivlen, 1);
+           gcry_randomize(sk->protect.iv, sk->protect.ivlen,
+                                                       GCRY_STRONG_RANDOM);
            gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
+           #warning FIXME: replace set/get buffer
            if( sk->version >= 4 ) {
-             #define NMPIS (PUBKEY_MAX_NSKEY - PUBKEY_MAX_NPKEY)
+             #define NMPIS (GNUPG_MAX_NSKEY - GNUPG_MAX_NPKEY)
                byte *bufarr[NMPIS];
                unsigned narr[NMPIS];
                unsigned nbits[NMPIS];
@@ -270,16 +285,20 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
 
                for(j=0, i = pubkey_get_npkey(sk->pubkey_algo);
                        i < pubkey_get_nskey(sk->pubkey_algo); i++, j++ ) {
-                   assert( !mpi_is_opaque( sk->skey[i] ) );
-                   bufarr[j] = mpi_get_buffer( sk->skey[i], &narr[j], NULL );
-                   nbits[j]  = mpi_get_nbits( sk->skey[i] );
+                   assert( !gcry_mpi_get_flag( sk->skey[i], GCRYMPI_FLAG_OPAQUE ) );
+
+                   if( gcry_mpi_aprint( GCRYMPI_FMT_USG, (char*)bufarr+j,
+                                                         narr+j, sk->skey[i]))
+                       BUG();
+
+                   nbits[j]  = gcry_mpi_get_nbits( sk->skey[i] );
                    ndata += narr[j] + 2;
                }
                for( ; j < NMPIS; j++ )
                    bufarr[j] = NULL;
                ndata += 2; /* for checksum */
 
-               data = m_alloc_secure( ndata );
+               data = gcry_xmalloc_secure( ndata );
                p = data;
                for(j=0; j < NMPIS && bufarr[j]; j++ ) {
                    p[0] = nbits[j] >> 8 ;
@@ -287,7 +306,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
                    p += 2;
                    memcpy(p, bufarr[j], narr[j] );
                    p += narr[j];
-                   m_free(bufarr[j]);
+                   gcry_free(bufarr[j]);
                }
              #undef NMPIS
                csum = checksum( data, ndata-2);
@@ -298,26 +317,34 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
                gcry_cipher_encrypt( cipher_hd, data, ndata, NULL, 0 );
                for(i = pubkey_get_npkey(sk->pubkey_algo);
                        i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
-                   mpi_free( sk->skey[i] );
+                   mpi_release( sk->skey[i] );
                    sk->skey[i] = NULL;
                }
                i = pubkey_get_npkey(sk->pubkey_algo);
-               sk->skey[i] = mpi_set_opaque(NULL, data, ndata );
+               sk->skey[i] = gcry_mpi_set_opaque(NULL, data, ndata*8 );
            }
            else {
                /* NOTE: we always recalculate the checksum because there
                 * are some test releases which calculated it wrong */
+              #warning FIXME:  Replace this code
                csum = 0;
                for(i=pubkey_get_npkey(sk->pubkey_algo);
                        i < pubkey_get_nskey(sk->pubkey_algo); i++ ) {
-                   csum += checksum_mpi_counted_nbits( sk->skey[i] );
-                   buffer = mpi_get_buffer( sk->skey[i], &nbytes, NULL );
+                   csum += checksum_mpi( sk->skey[i] );
+
+                   if( gcry_mpi_aprint( GCRYMPI_FMT_USG,
+                                        &buffer, &nbytes, sk->skey[i] ) )
+                       BUG();
+
                    gcry_cipher_sync( cipher_hd );
-                   assert( !mpi_is_protected(sk->skey[i]) );
+                   assert( !gcry_mpi_get_flag( sk->skey[i], GCRYMPI_FLAG_OPAQUE ) );
                    gcry_cipher_encrypt( cipher_hd, buffer, nbytes, NULL, 0 );
-                   mpi_set_buffer( sk->skey[i], buffer, nbytes, 0 );
-                   mpi_set_protect_flag( sk->skey[i] );
-                   m_free( buffer );
+                   gcry_mpi_release( sk->skey[i] );
+                   if( gcry_mpi_scan( &sk->skey[i], GCRYMPI_FMT_USG,
+                                      buffer,&nbytes ) )
+                       BUG();
+
+                   gcry_free( buffer );
                }
                sk->csum = csum;
            }