From 27949781ec7ff0fd7bcad563ea756dea7ef95583 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Fri, 7 Dec 2001 15:24:32 +0000 Subject: [PATCH] PGP2 patch. --pgp2 sets things up for pgp2 compatibility, and prints a warning if the user does something that would make the message not compatible (i.e. encrypt with a non-RSA key, etc.) --- g10/ChangeLog | 14 ++++++++++++++ g10/encode.c | 13 ++++++++++++- g10/g10.c | 38 ++++++++++++++++++++++++++++++++++++++ g10/options.h | 2 +- g10/sign.c | 24 ++++++++++++++++++++---- 5 files changed, 85 insertions(+), 6 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 1e044a535..7c5cd3c32 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,17 @@ +2001-12-07 David Shaw + + * g10.c, options.h: New option --pgp2. This is identical to + "--rfc1991 --cipher-algo idea --compress-algo 1 --digest-algo md5 + --force_v3_sigs" with the addition of an warning to advise the + user not to use a pipe (which would break pgp2 compatibility). + + * encode.c (encode_crypt): warn if the user tries to encrypt to + any key that is not RSA and <= 2048 bits when the --pgp2 option is + used. + + * sign.c (sign_file, clearsign_file): When using --pgp2, make a v3 + sig, and warn if the signature is made with a non-v3 key. + 2001-12-05 David Shaw * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt diff --git a/g10/encode.c b/g10/encode.c index 7d9f0952f..a90f35993 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -250,7 +250,7 @@ encode_crypt( const char *filename, STRLIST remusr ) armor_filter_context_t afx; compress_filter_context_t zfx; text_filter_context_t tfx; - PK_LIST pk_list; + PK_LIST pk_list,work_list; int do_compress = opt.compress && !opt.rfc1991; @@ -263,6 +263,17 @@ encode_crypt( const char *filename, STRLIST remusr ) if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) ) return rc; + if(opt.pgp2) + for(work_list=pk_list;work_list->next!=NULL;work_list=work_list->next) + if(!(is_RSA(work_list->pk->pubkey_algo) && + nbits_from_pk(work_list->pk)<=2048)) + { + log_info(_("You can only encrypt to RSA keys of 2048 bits or " + "less in --pgp2 mode\n")); + log_info(_("This message will not be usable by PGP 2.x\n")); + break; + } + /* prepare iobufs */ if( !(inp = iobuf_open(filename)) ) { log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]", diff --git a/g10/g10.c b/g10/g10.c index e4062909e..d9a524dcc 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -149,6 +149,8 @@ enum cmd_and_opt_values { aNull = 0, oLoadExtension, oRFC1991, oOpenPGP, + oPGP2, + oNoPGP2, oCipherAlgo, oDigestAlgo, oCompressAlgo, @@ -363,6 +365,8 @@ static ARGPARSE_OPTS opts[] = { { oLoadExtension, "load-extension" ,2, N_("|FILE|load extension module FILE")}, { oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")}, + { oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")}, + { oNoPGP2, "no-pgp2", 0, "@"}, { oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")}, { oS2KDigest, "s2k-digest-algo",2, N_("|NAME|use message digest algorithm NAME for passphrases")}, @@ -1013,6 +1017,8 @@ main( int argc, char **argv ) opt.s2k_digest_algo = DIGEST_ALGO_SHA1; opt.s2k_cipher_algo = CIPHER_ALGO_CAST5; break; + case oPGP2: opt.pgp2 = 1; break; + case oNoPGP2: opt.pgp2 = 0; break; case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break; case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break; case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break; @@ -1267,6 +1273,28 @@ main( int argc, char **argv ) if (preference_list && keygen_set_std_prefs (preference_list)) log_error(_("invalid preferences\n")); + /* Do this after the switch(), so it can override these + settings. */ + if(opt.pgp2) + { + opt.rfc1991 = 1; + opt.rfc2440 = 0; + opt.force_v4_certs = 0; + opt.no_comment = 1; + opt.escape_from = 1; + opt.force_v3_sigs = 1; + opt.pgp2_workarounds = 1; + opt.def_cipher_algo = CIPHER_ALGO_IDEA; + if( cmd==aEncr && check_cipher_algo(CIPHER_ALGO_IDEA) ) { + log_info(_("Encrypting a message to a PGP 2.x user requires " + "the IDEA cipher module.\n")); + log_error(_("Please see http://www.gnupg.org/why-not-idea.html" + " for more information.\n")); + } + opt.def_digest_algo = DIGEST_ALGO_MD5; + opt.def_compress_algo = 1; + } + if( log_get_errorcount(0) ) g10_exit(2); @@ -1385,6 +1413,12 @@ main( int argc, char **argv ) break; case aEncr: /* encrypt the given file */ + if( argc == 0 && opt.pgp2 ) { + log_info(_("You must use files (and not a pipe) when " + "encrypting with --pgp2 enabled.\n")); + log_info(_("This message will not be usable by PGP 2.x\n")); + } + if( argc > 1 ) wrong_args(_("--encrypt [filename]")); if( (rc = encode_crypt(fname,remusr)) ) @@ -1413,6 +1447,10 @@ main( int argc, char **argv ) case aSignEncr: /* sign and encrypt the given file */ if( argc > 1 ) wrong_args(_("--sign --encrypt [filename]")); + if(opt.pgp2) { + log_info(_("You can't sign and encrypt at the same time while in --pgp2 mode\n")); + log_info(_("This message will not be usable by PGP 2.x\n")); + } if( argc ) { sl = m_alloc_clear( sizeof *sl + strlen(fname)); strcpy(sl->d, fname); diff --git a/g10/options.h b/g10/options.h index cbcb33fed..4f4eca4bf 100644 --- a/g10/options.h +++ b/g10/options.h @@ -1,4 +1,3 @@ - /* options.h * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. * @@ -77,6 +76,7 @@ struct { int compress_keys; int compress_sigs; int always_trust; + int pgp2; int rfc1991; int rfc2440; int pgp2_workarounds; diff --git a/g10/sign.c b/g10/sign.c index 61380d016..d1860b438 100644 --- a/g10/sign.c +++ b/g10/sign.c @@ -550,14 +550,22 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr, if( fname && filenames->next && (!detached || encryptflag) ) log_bug("multiple files can only be detached signed"); - if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style) + if(opt.expert && !opt.pgp2 && !opt.batch && + !opt.force_v3_sigs && !old_style) duration=ask_expire_interval(1); if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) goto leave; - if( !old_style && !duration ) + if( (!old_style && !duration) || opt.pgp2 ) old_style = only_old_style( sk_list ); + if(!old_style && opt.pgp2) + { + log_info(_("You can only sign with PGP 2.x style keys " + "while in --pgp2 mode\n")); + log_info(_("This message will not be usable by PGP 2.x\n")); + } + if( encryptflag ) { if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) ) goto leave; @@ -719,14 +727,22 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile ) memset( &afx, 0, sizeof afx); init_packet( &pkt ); - if(opt.expert && !opt.batch && !opt.force_v3_sigs && !old_style) + if(opt.expert && !opt.pgp2 && !opt.batch && + !opt.force_v3_sigs && !old_style) duration=ask_expire_interval(1); if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) ) goto leave; - if( !old_style && !duration ) + if( (!old_style && !duration) || opt.pgp2 ) old_style = only_old_style( sk_list ); + if(!old_style && opt.pgp2) + { + log_info(_("You can only clearsign with PGP 2.x style keys " + "while in --pgp2 mode\n")); + log_info(_("This message will not be usable by PGP 2.x\n")); + } + /* prepare iobufs */ if( !(inp = iobuf_open(fname)) ) { log_error("can't open %s: %s\n", fname? fname: "[stdin]",