mirror of
https://github.com/deltachat/deltachat-core.git
synced 2025-10-04 10:19:16 +02:00
Do not add 'Modification Detection' feature to subkey binding packet.
This commit is contained in:
B. Petersen
parent
1b2e9f9309
commit
caadf7aa99
2 changed files with 44 additions and 51 deletions
|
|
@ -909,6 +909,7 @@ pgp_add_key_flags(pgp_create_sig_t *sig, uint8_t flags)
|
|||
pgp_write_scalar(sig->output, (unsigned int)flags, 1);
|
||||
}
|
||||
|
||||
#if 0 ///////
|
||||
unsigned
|
||||
pgp_add_key_prefs(pgp_create_sig_t *sig)
|
||||
{
|
||||
|
|
@ -927,16 +928,17 @@ pgp_add_key_prefs(pgp_create_sig_t *sig)
|
|||
/* Hash algo prefs */
|
||||
pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_HASH) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA256, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA384, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA512, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA224, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) && // Edit for Autocrypt/Delta Chat: due to the weak SHA1, it should not be preferred
|
||||
|
||||
/* Compression algo prefs */
|
||||
pgp_write_ss_header(sig->output, 2/*1+number of following items*/, PGP_PTAG_SS_PREF_COMPRESS) &&
|
||||
pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) /*&& -- not sure if Delta Chat will support bzip2 on all platforms, however, this is not that important as typical files are compressed themselves and text is not that big
|
||||
pgp_write_scalar(sig->output, PGP_C_BZIP2, 1) -- if you re-enable this, do not forget to modifiy the header count*/;
|
||||
pgp_write_ss_header(sig->output, 3, PGP_PTAG_SS_PREF_COMPRESS) &&
|
||||
pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_C_BZIP2, 1);
|
||||
}
|
||||
#endif //////
|
||||
|
||||
unsigned
|
||||
pgp_add_key_features(pgp_create_sig_t *sig)
|
||||
|
|
|
|||
|
|
@ -93,9 +93,36 @@ void mre2ee_driver_exit(mrmailbox_t* mailbox)
|
|||
******************************************************************************/
|
||||
|
||||
|
||||
static unsigned add_key_prefs(pgp_create_sig_t *sig)
|
||||
{
|
||||
/* similar to pgp_add_key_prefs(), Mimic of GPG default settings, limited to supported algos */
|
||||
return
|
||||
/* Symmetric algo prefs */
|
||||
pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_SKA) &&
|
||||
pgp_write_scalar(sig->output, PGP_SA_AES_256, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_SA_AES_128, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_SA_CAST5, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_SA_TRIPLEDES, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_SA_IDEA, 1) &&
|
||||
|
||||
/* Hash algo prefs, the first algo is the preferred algo */
|
||||
pgp_write_ss_header(sig->output, 6, PGP_PTAG_SS_PREFERRED_HASH) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA256, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA384, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA512, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA224, 1) &&
|
||||
pgp_write_scalar(sig->output, PGP_HASH_SHA1, 1) && /* Edit for Autocrypt/Delta Chat: due to the weak SHA1, it should not be preferred */
|
||||
|
||||
/* Compression algo prefs */
|
||||
pgp_write_ss_header(sig->output, 2/*1+number of following items*/, PGP_PTAG_SS_PREF_COMPRESS) &&
|
||||
pgp_write_scalar(sig->output, PGP_C_ZLIB, 1) /*&& -- not sure if Delta Chat will support bzip2 on all platforms, however, this is not that important as typical files are compressed themselves and text is not that big
|
||||
pgp_write_scalar(sig->output, PGP_C_BZIP2, 1) -- if you re-enable this, do not forget to modifiy the header count*/;
|
||||
}
|
||||
|
||||
|
||||
static void add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_t *userid, time_t key_expiry)
|
||||
{
|
||||
/* close to pgp_add_selfsigned_userid() which, however, uses different key flags */
|
||||
/* similar to pgp_add_selfsigned_userid() which, however, uses different key flags */
|
||||
pgp_create_sig_t *sig;
|
||||
pgp_subpacket_t sigpacket;
|
||||
pgp_memory_t *mem_sig = NULL;
|
||||
|
|
@ -110,8 +137,8 @@ static void add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_
|
|||
pgp_add_issuer_keyid(sig, skey->pubkeyid);
|
||||
pgp_add_primary_userid(sig, 1);
|
||||
pgp_add_key_flags(sig, PGP_KEYFLAG_SIGN_DATA|PGP_KEYFLAG_CERT_KEYS);
|
||||
pgp_add_key_prefs(sig);
|
||||
pgp_add_key_features(sig);
|
||||
add_key_prefs(sig);
|
||||
pgp_add_key_features(sig); /* will add 0x01 - modification detection */
|
||||
|
||||
pgp_end_hashed_subpkts(sig);
|
||||
|
||||
|
|
@ -135,9 +162,9 @@ static void add_selfsigned_userid(pgp_key_t *skey, pgp_key_t *pkey, const uint8_
|
|||
}
|
||||
|
||||
|
||||
static void add_subkey_binding_structure(pgp_subkeysig_t* p, pgp_key_t* primarykey, pgp_key_t* subkey, pgp_key_t* seckey)
|
||||
static void add_subkey_binding_signature(pgp_subkeysig_t* p, pgp_key_t* primarykey, pgp_key_t* subkey, pgp_key_t* seckey)
|
||||
{
|
||||
//pgp_subkeysig_t* p = &pubkey.subkeysigs[pubkey.subkeysigc++];
|
||||
/*add "0x18: Subkey Binding Signature" packet, PGP_SIG_SUBKEY */
|
||||
pgp_create_sig_t* sig;
|
||||
pgp_output_t* sigoutput = NULL;
|
||||
pgp_memory_t* mem_sig = NULL;
|
||||
|
|
@ -148,10 +175,8 @@ static void add_subkey_binding_structure(pgp_subkeysig_t* p, pgp_key_t* primaryk
|
|||
pgp_add_creation_time(sig, time(NULL));
|
||||
pgp_add_key_expiration_time(sig, 0);
|
||||
pgp_add_issuer_keyid(sig, seckey->pubkeyid);
|
||||
//pgp_add_primary_userid(sig, 1); // seems not be needed for "Subkey Binding Signature"
|
||||
pgp_add_key_flags(sig, PGP_KEYFLAG_ENC_STORAGE|PGP_KEYFLAG_ENC_COMM);
|
||||
pgp_add_key_prefs(sig); // algo/hash/compression preferences seems not to be required for subkeys, however, skipping this results in a bad structure
|
||||
//pgp_add_key_features(sig); // will add 0x01 - modification detection, not needed for subkeys
|
||||
add_key_prefs(sig); // algo/hash/compression preferences seems not to be required for subkeys, however, skipping this results in a bad structure
|
||||
|
||||
pgp_end_hashed_subpkts(sig);
|
||||
|
||||
|
|
@ -215,7 +240,7 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t
|
|||
}
|
||||
|
||||
|
||||
/* Create public key
|
||||
/* Create public key, bind public subkey to public key
|
||||
------------------------------------------------------------------------ */
|
||||
|
||||
pubkey.type = PGP_PTAG_CT_PUBLIC_KEY;
|
||||
|
|
@ -224,7 +249,6 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t
|
|||
pgp_fingerprint(&pubkey.pubkeyfpr, &seckey.key.pubkey, 0);
|
||||
add_selfsigned_userid(&seckey, &pubkey, (const uint8_t*)user_id, 0/*never expire*/);
|
||||
|
||||
/* add subkey to public key and sign it (cmp. pgp_update_subkey()) */
|
||||
EXPAND_ARRAY((&pubkey), subkey);
|
||||
{
|
||||
pgp_subkey_t* p = &pubkey.subkeys[pubkey.subkeyc++];
|
||||
|
|
@ -233,45 +257,11 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t
|
|||
memcpy(p->id, subkeyid, PGP_KEY_ID_SIZE);
|
||||
}
|
||||
|
||||
// add "0x18: Subkey Binding Signature" packet, PGP_SIG_SUBKEY, see also pgp_update_subkey()
|
||||
EXPAND_ARRAY((&pubkey), subkeysig);
|
||||
add_subkey_binding_structure(&pubkey.subkeysigs[pubkey.subkeysigc++], &pubkey, &subkey, &seckey);
|
||||
#if 0
|
||||
{
|
||||
pgp_subkeysig_t* p = &pubkey.subkeysigs[pubkey.subkeysigc++];
|
||||
pgp_create_sig_t* sig;
|
||||
pgp_output_t* sigoutput = NULL;
|
||||
pgp_memory_t* mem_sig = NULL;
|
||||
|
||||
sig = pgp_create_sig_new();
|
||||
pgp_sig_start_key_sig(sig, &pubkey.key.pubkey, &subkey.key.pubkey, NULL, PGP_SIG_SUBKEY);
|
||||
|
||||
pgp_add_creation_time(sig, time(NULL));
|
||||
pgp_add_key_expiration_time(sig, 0);
|
||||
pgp_add_issuer_keyid(sig, seckey.pubkeyid);
|
||||
//pgp_add_primary_userid(sig, 1); // seems not be needed for "Subkey Binding Signature"
|
||||
pgp_add_key_flags(sig, PGP_KEYFLAG_ENC_STORAGE|PGP_KEYFLAG_ENC_COMM);
|
||||
pgp_add_key_prefs(sig); // algo/hash/compression preferences seems not to be required for subkeys, however, skipping this results in a bad structure
|
||||
//pgp_add_key_features(sig); // will add 0x01 - modification detection, not needed for subkeys
|
||||
|
||||
pgp_end_hashed_subpkts(sig);
|
||||
|
||||
pgp_setup_memory_write(&sigoutput, &mem_sig, 128);
|
||||
pgp_write_sig(sigoutput, sig, &seckey.key.seckey.pubkey, &seckey.key.seckey);
|
||||
|
||||
p->subkey = pubkey.subkeyc-1; /* index of subkey in array */
|
||||
p->packet.length = mem_sig->length;
|
||||
p->packet.raw = mem_sig->buf; mem_sig->buf = NULL; /* move ownership to packet */
|
||||
copy_sig_info(&p->siginfo, &sig->sig.info); /* not sure, if this is okay, however, siginfo should be set up, otherwise we get "bad info-type" errors */
|
||||
|
||||
pgp_create_sig_delete(sig);
|
||||
pgp_output_delete(sigoutput);
|
||||
free(mem_sig); /* do not use pgp_memory_free() as this would also free mem_sig->buf which is owned by the packet */
|
||||
}
|
||||
#endif
|
||||
add_subkey_binding_signature(&pubkey.subkeysigs[pubkey.subkeysigc++], &pubkey, &subkey, &seckey);
|
||||
|
||||
|
||||
/* Create secret key
|
||||
/* Create secret key, bind secret subkey to secret key
|
||||
------------------------------------------------------------------------ */
|
||||
|
||||
EXPAND_ARRAY((&seckey), subkey);
|
||||
|
|
@ -283,7 +273,8 @@ int mre2ee_driver_create_keypair(mrmailbox_t* mailbox, const char* addr, mrkey_t
|
|||
}
|
||||
|
||||
EXPAND_ARRAY((&seckey), subkeysig);
|
||||
add_subkey_binding_structure(&seckey.subkeysigs[seckey.subkeysigc++], &seckey, &subkey, &seckey);
|
||||
add_subkey_binding_signature(&seckey.subkeysigs[seckey.subkeysigc++], &seckey, &subkey, &seckey);
|
||||
|
||||
|
||||
/* Done with key generation, write binary keys to memory
|
||||
------------------------------------------------------------------------ */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue