From 04d8d2263cef2b9ae94ce2dd2e3a720b2cf55925 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Tue, 29 Jan 2002 01:12:00 +0000 Subject: [PATCH] --pgp6 flag. This is not nearly as involved as --pgp2. In short, it turns off force_mdc, turns on no_comment, escape_from, and force_v3_sigs, and sets compression to 1. It also restricts the user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. See the comments above algo_available() for lots of discussion on why you would want to do this. --- g10/ChangeLog | 10 ++++ g10/encode.c | 17 ------- g10/g10.c | 123 +++++++++++++++++++++++++++++--------------------- g10/options.h | 1 + g10/pkclist.c | 25 +++++++++- 5 files changed, 106 insertions(+), 70 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index ebb4d474a..8e90fc273 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,13 @@ +2002-01-28 David Shaw + + * g10.c (main), options.h, pkclist.c (algo_available): --pgp6 + flag. This is not nearly as involved as --pgp2. In short, it + turns off force_mdc, turns on no_comment, escape_from, and + force_v3_sigs, and sets compression to 1. It also restricts the + user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. + See the comments above algo_available() for lots of discussion on + why you would want to do this. + 2002-01-27 David Shaw * keygen.c (keygen_set_std_prefs): Comment diff --git a/g10/encode.c b/g10/encode.c index a3ef51e34..7412c8236 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -624,20 +624,3 @@ encode_crypt_files(int nfiles, char **files, STRLIST remusr) } } } - - - - - - - - - - - - - - - - - diff --git a/g10/g10.c b/g10/g10.c index 47f07325c..99e5d6430 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -158,6 +158,8 @@ enum cmd_and_opt_values { aNull = 0, oOpenPGP, oPGP2, oNoPGP2, + oPGP6, + oNoPGP6, oCipherAlgo, oDigestAlgo, oCompressAlgo, @@ -388,6 +390,8 @@ static ARGPARSE_OPTS opts[] = { { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")}, { oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")}, { oNoPGP2, "no-pgp2", 0, "@"}, + { oPGP6, "pgp6", 0, "@"}, + { oNoPGP6, "no-pgp6", 0, "@"}, { oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")}, { oS2KDigest, "s2k-digest-algo",2, N_("|NAME|use message digest algorithm NAME for passphrases")}, @@ -1064,6 +1068,8 @@ main( int argc, char **argv ) break; case oPGP2: opt.pgp2 = 1; break; case oNoPGP2: opt.pgp2 = 0; break; + case oPGP6: opt.pgp6 = 1; break; + case oNoPGP6: opt.pgp6 = 0; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break; case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break; @@ -1295,67 +1301,82 @@ main( int argc, char **argv ) set_debug(); g10_opt_homedir = opt.homedir; - /* Do this after the switch(), so it can override settings. */ - if(opt.pgp2) + /* Do these after the switch(), so they can override settings. */ + if(opt.pgp2 && opt.pgp6) + log_error(_("%s not allowed with %s!\n"),"--pgp2","--pgp6"); + else { - int unusable=0; + if(opt.pgp2) + { + int unusable=0; - if(cmd==aSign && !detached_sig) - { - log_info(_("you can only make detached or clear signatures " - "while in --pgp2 mode\n")); - unusable=1; - } - else if(cmd==aSignEncr || cmd==aSignSym) - { - log_info(_("you can't sign and encrypt at the " - "same time while in --pgp2 mode\n")); - unusable=1; - } - else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym)) - { - log_info(_("you must use files (and not a pipe) when " - "working with --pgp2 enabled.\n")); - unusable=1; - } - else if(cmd==aEncr || cmd==aSym) - { - /* Everything else should work without IDEA (except using - a secret key encrypted with IDEA and setting an IDEA - preference, but those have their own error - messages). */ - - if(check_cipher_algo(CIPHER_ALGO_IDEA)) + if(cmd==aSign && !detached_sig) { - log_info(_("encrypting a message in --pgp2 mode requires " - "the IDEA cipher\n")); - idea_cipher_warn(1); + log_info(_("you can only make detached or clear signatures " + "while in --pgp2 mode\n")); unusable=1; } - else if(cmd==aSym) + else if(cmd==aSignEncr || cmd==aSignSym) { - m_free(def_cipher_string); - def_cipher_string = m_strdup("idea"); + log_info(_("you can't sign and encrypt at the " + "same time while in --pgp2 mode\n")); + unusable=1; + } + else if(argc==0 && (cmd==aSign || cmd==aEncr || cmd==aSym)) + { + log_info(_("you must use files (and not a pipe) when " + "working with --pgp2 enabled.\n")); + unusable=1; + } + else if(cmd==aEncr || cmd==aSym) + { + /* Everything else should work without IDEA (except using + a secret key encrypted with IDEA and setting an IDEA + preference, but those have their own error + messages). */ + + if(check_cipher_algo(CIPHER_ALGO_IDEA)) + { + log_info(_("encrypting a message in --pgp2 mode requires " + "the IDEA cipher\n")); + idea_cipher_warn(1); + unusable=1; + } + else if(cmd==aSym) + { + m_free(def_cipher_string); + def_cipher_string = m_strdup("idea"); + } + } + + if(unusable) + { + log_info(_("this message may not be usable by PGP 2.x\n")); + opt.pgp2=0; + } + else + { + opt.rfc1991 = 1; + opt.rfc2440 = 0; + opt.force_mdc = 0; + opt.force_v4_certs = 0; + opt.no_comment = 1; + opt.escape_from = 1; + opt.force_v3_sigs = 1; + opt.pgp2_workarounds = 1; + m_free(def_digest_string); + def_digest_string = m_strdup("md5"); + opt.def_compress_algo = 1; } } - if(unusable) + if(opt.pgp6) { - log_info(_("this message may not be usable by PGP 2.x\n")); - opt.pgp2=0; - } - else - { - opt.rfc1991 = 1; - opt.rfc2440 = 0; - opt.force_v4_certs = 0; - opt.no_comment = 1; - opt.escape_from = 1; - opt.force_v3_sigs = 1; - opt.pgp2_workarounds = 1; - m_free(def_digest_string); - def_digest_string = m_strdup("md5"); - opt.def_compress_algo = 1; + opt.force_mdc=0; + opt.no_comment=1; + opt.escape_from=1; + opt.force_v3_sigs=1; + opt.def_compress_algo=1; } } diff --git a/g10/options.h b/g10/options.h index 59d3928bc..0680d4207 100644 --- a/g10/options.h +++ b/g10/options.h @@ -79,6 +79,7 @@ struct { int compress_sigs; int always_trust; int pgp2; + int pgp6; int rfc1991; int rfc2440; int pgp2_workarounds; diff --git a/g10/pkclist.c b/g10/pkclist.c index 9847e0f8f..5678c99f1 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -926,17 +926,40 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use ) } +/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and + CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3), + and all compressions except none (0) and ZIP (1). For a true PGP6 + key all of this is unneeded as they are the only items present in + the preferences subpacket, but checking here covers the weird case + of encrypting to a key that had preferences from a different + implementation which was then used with PGP6. I am not completely + comfortable with this as the right thing to do, as it slightly + alters the list of what the user is supposedly requesting. It is + not against the RFC however, as the preference chosen will never be + one that the user didn't specify somewhere ("The implementation may + use any mechanism to pick an algorithm in the intersection"), and + PGP6 has no mechanism to fix such a broken preference list, so I'm + including it. -dms */ static int algo_available( int preftype, int algo ) { if( preftype == PREFTYPE_SYM ) { + if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) ) + return 0; + return algo && !check_cipher_algo( algo ); } else if( preftype == PREFTYPE_HASH ) { + if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) ) + return 0; + return algo && !check_digest_algo( algo ); } else if( preftype == PREFTYPE_ZIP ) { + if ( opt.pgp6 && ( algo !=0 && algo != 1) ) + return 0; + return !algo || algo == 1 || algo == 2; } else @@ -1080,5 +1103,3 @@ select_mdc_from_pklist (PK_LIST pk_list) } return 1; /* can be used */ } - -