mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
* g10.c (main): Add --no-groups to zero --group list.
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically encrypted session key. Use --s2k-cipher-algo to choose cipher, rather than --cipher-algo. This code is never actually called in stable, but better to fix it here in case we branch in the future. * parse-packet.c (parse_subkeyenc): Call it a "symmetrically encrypted session key" since "session key decryption key" is just baffling. Neaten --list-packets output. * pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless --quiet is set.
This commit is contained in:
David Shaw
parent
ffc2ff3261
commit
23832b60d8
@ -1,3 +1,20 @@
|
||||
2003-10-01 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* g10.c (main): Add --no-groups to zero --group list.
|
||||
|
||||
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of
|
||||
symmetrically encrypted session key. Use --s2k-cipher-algo to
|
||||
choose cipher, rather than --cipher-algo. This code is never
|
||||
actually called in stable, but better to fix it here in case we
|
||||
branch in the future.
|
||||
|
||||
* parse-packet.c (parse_subkeyenc): Call it a "symmetrically
|
||||
encrypted session key" since "session key decryption key" is just
|
||||
baffling. Neaten --list-packets output.
|
||||
|
||||
* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning
|
||||
unless --quiet is set.
|
||||
|
||||
2003-09-30 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* parse-packet.c (parse_symkeyenc): Give a warning if a session
|
||||
|
||||
42
g10/encode.c
42
g10/encode.c
@ -38,7 +38,7 @@
|
||||
#include "i18n.h"
|
||||
#include "status.h"
|
||||
|
||||
static int encode_simple( const char *filename, int mode, int compat );
|
||||
static int encode_simple( const char *filename, int mode, int use_seskey );
|
||||
static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
|
||||
|
||||
|
||||
@ -50,17 +50,7 @@ static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
|
||||
int
|
||||
encode_symmetric( const char *filename )
|
||||
{
|
||||
int compat = 1;
|
||||
|
||||
#if 0
|
||||
/* We don't want to use it because older gnupg version can't
|
||||
handle it and we can presume that a lot of scripts are running
|
||||
with the expert mode set. Some time in the future we might
|
||||
want to allow for it. */
|
||||
if ( opt.expert )
|
||||
compat = 0; /* PGP knows how to handle this mode. */
|
||||
#endif
|
||||
return encode_simple( filename, 1, compat );
|
||||
return encode_simple( filename, 1, 0 );
|
||||
}
|
||||
|
||||
/****************
|
||||
@ -70,7 +60,7 @@ encode_symmetric( const char *filename )
|
||||
int
|
||||
encode_store( const char *filename )
|
||||
{
|
||||
return encode_simple( filename, 0, 1 );
|
||||
return encode_simple( filename, 0, 0 );
|
||||
}
|
||||
|
||||
static void
|
||||
@ -80,7 +70,7 @@ encode_sesskey( DEK *dek, DEK **ret_dek, byte *enckey )
|
||||
DEK *c;
|
||||
byte buf[33];
|
||||
|
||||
assert ( dek->keylen < 32 );
|
||||
assert ( dek->keylen <= 32 );
|
||||
|
||||
c = m_alloc_clear( sizeof *c );
|
||||
c->keylen = dek->keylen;
|
||||
@ -152,8 +142,12 @@ use_mdc(PK_LIST pk_list,int algo)
|
||||
return 0; /* No MDC */
|
||||
}
|
||||
|
||||
/* We don't want to use use_seskey yet because older gnupg versions
|
||||
can't handle it, and there isn't really any point unless we're
|
||||
making a message that can be decrypted by a public key or
|
||||
passphrase. */
|
||||
static int
|
||||
encode_simple( const char *filename, int mode, int compat )
|
||||
encode_simple( const char *filename, int mode, int use_seskey )
|
||||
{
|
||||
IOBUF inp, out;
|
||||
PACKET pkt;
|
||||
@ -192,8 +186,8 @@ encode_simple( const char *filename, int mode, int compat )
|
||||
/* Due the the fact that we use don't use an IV to encrypt the
|
||||
session key we can't use the new mode with RFC1991 because
|
||||
it has no S2K salt. RFC1991 always uses simple S2K. */
|
||||
if ( RFC1991 && !compat )
|
||||
compat = 1;
|
||||
if ( RFC1991 && use_seskey )
|
||||
use_seskey = 0;
|
||||
|
||||
cfx.dek = NULL;
|
||||
if( mode ) {
|
||||
@ -213,16 +207,16 @@ encode_simple( const char *filename, int mode, int compat )
|
||||
log_error(_("error creating passphrase: %s\n"), g10_errstr(rc) );
|
||||
return rc;
|
||||
}
|
||||
if (!compat && s2k->mode != 1 && s2k->mode != 3) {
|
||||
compat = 1;
|
||||
if (use_seskey && s2k->mode != 1 && s2k->mode != 3) {
|
||||
use_seskey = 0;
|
||||
log_info (_("can't use a symmetric ESK packet "
|
||||
"due to the S2K mode\n"));
|
||||
}
|
||||
|
||||
if ( !compat ) {
|
||||
seskeylen = cipher_get_keylen( opt.def_cipher_algo ?
|
||||
opt.def_cipher_algo:
|
||||
opt.s2k_cipher_algo ) / 8;
|
||||
if ( use_seskey ) {
|
||||
seskeylen = cipher_get_keylen( opt.s2k_cipher_algo ?
|
||||
opt.s2k_cipher_algo:
|
||||
opt.def_cipher_algo ) / 8;
|
||||
encode_sesskey( cfx.dek, &dek, enckey );
|
||||
m_free( cfx.dek ); cfx.dek = dek;
|
||||
}
|
||||
@ -260,7 +254,7 @@ encode_simple( const char *filename, int mode, int compat )
|
||||
enc->version = 4;
|
||||
enc->cipher_algo = cfx.dek->algo;
|
||||
enc->s2k = *s2k;
|
||||
if ( !compat && seskeylen ) {
|
||||
if ( use_seskey && seskeylen ) {
|
||||
enc->seskeylen = seskeylen + 1; /* algo id */
|
||||
memcpy( enc->seskey, enckey, seskeylen + 1 );
|
||||
}
|
||||
|
||||
24
g10/g10.c
24
g10/g10.c
@ -51,7 +51,9 @@
|
||||
#include "keyserver-internal.h"
|
||||
#include "exec.h"
|
||||
|
||||
enum cmd_and_opt_values { aNull = 0,
|
||||
enum cmd_and_opt_values
|
||||
{
|
||||
aNull = 0,
|
||||
oArmor = 'a',
|
||||
aDetachedSign = 'b',
|
||||
aSym = 'c',
|
||||
@ -294,13 +296,15 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
oLCctype,
|
||||
oLCmessages,
|
||||
oGroup,
|
||||
oNoGroups,
|
||||
oStrict,
|
||||
oNoStrict,
|
||||
oMangleDosFilenames,
|
||||
oNoMangleDosFilenames,
|
||||
oEnableProgressFilter,
|
||||
oMultifile,
|
||||
aTest };
|
||||
aTest
|
||||
};
|
||||
|
||||
|
||||
static ARGPARSE_OPTS opts[] = {
|
||||
@ -599,6 +603,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oLCctype, "lc-ctype", 2, "@" },
|
||||
{ oLCmessages, "lc-messages", 2, "@" },
|
||||
{ oGroup, "group", 2, "@" },
|
||||
{ oNoGroups, "no-groups", 0, "@" },
|
||||
{ oStrict, "strict", 0, "@" },
|
||||
{ oNoStrict, "no-strict", 0, "@" },
|
||||
{ oMangleDosFilenames, "mangle-dos-filenames", 0, "@" },
|
||||
@ -1252,8 +1257,10 @@ main( int argc, char **argv )
|
||||
}
|
||||
|
||||
while( optfile_parse( configfp, configname, &configlineno,
|
||||
&pargs, opts) ) {
|
||||
switch( pargs.r_opt ) {
|
||||
&pargs, opts) )
|
||||
{
|
||||
switch( pargs.r_opt )
|
||||
{
|
||||
case aCheckKeys: set_cmd( &cmd, aCheckKeys); break;
|
||||
case aListPackets: set_cmd( &cmd, aListPackets); break;
|
||||
case aImport: set_cmd( &cmd, aImport); break;
|
||||
@ -1705,6 +1712,15 @@ main( int argc, char **argv )
|
||||
case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
|
||||
case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
|
||||
case oGroup: add_group(pargs.r.ret_str); break;
|
||||
case oNoGroups:
|
||||
while(opt.grouplist)
|
||||
{
|
||||
struct groupitem *iter=opt.grouplist;
|
||||
free_strlist(iter->values);
|
||||
opt.grouplist=opt.grouplist->next;
|
||||
m_free(iter);
|
||||
}
|
||||
break;
|
||||
case oStrict: /* noop */ break;
|
||||
case oNoStrict: /* noop */ break;
|
||||
case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
|
||||
|
||||
@ -687,13 +687,17 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
|
||||
with no salt. The RFC says that using salt for this is a
|
||||
MUST. */
|
||||
if(s2kmode!=1 && s2kmode!=3)
|
||||
log_info(_("WARNING: potentially insecure session key decryption key\n"));
|
||||
log_info(_("WARNING: potentially insecure symmetrically"
|
||||
" encrypted session key\n"));
|
||||
}
|
||||
assert( !pktlen );
|
||||
|
||||
if( list_mode ) {
|
||||
printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d\n",
|
||||
printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
|
||||
version, cipher_algo, s2kmode, hash_algo);
|
||||
if(seskeylen)
|
||||
printf(", seskey %d bits",(seskeylen-1)*8);
|
||||
printf("\n");
|
||||
if( s2kmode == 1 || s2kmode == 3 ) {
|
||||
printf("\tsalt ");
|
||||
for(i=0; i < 8; i++ )
|
||||
@ -702,9 +706,6 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
|
||||
printf(", count %lu", (ulong)k->s2k.count );
|
||||
printf("\n");
|
||||
}
|
||||
if(seskeylen)
|
||||
printf("\tsession key decryption key present (%d bytes)\n",
|
||||
seskeylen-1);
|
||||
}
|
||||
|
||||
leave:
|
||||
|
||||
@ -211,16 +211,10 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
|
||||
}
|
||||
else if( pkb->pkt->pkt.public_key->selfsigversion > 3
|
||||
&& dek->algo != CIPHER_ALGO_3DES
|
||||
&& !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo ) ) {
|
||||
/* Don't print a note while we are not on verbose mode,
|
||||
* the cipher is blowfish and the preferences have twofish
|
||||
* listed */
|
||||
if( opt.verbose || dek->algo != CIPHER_ALGO_BLOWFISH
|
||||
|| !is_algo_in_prefs( pkb, PREFTYPE_SYM, CIPHER_ALGO_TWOFISH))
|
||||
log_info(_(
|
||||
"NOTE: cipher algorithm %d not found in preferences\n"),
|
||||
&& !opt.quiet
|
||||
&& !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo ))
|
||||
log_info(_("NOTE: cipher algorithm %d not found in preferences\n"),
|
||||
dek->algo );
|
||||
}
|
||||
|
||||
if (!rc) {
|
||||
KBNODE k;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user