security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00
Code Activity

gpg: Change --show-session-key to print the session key earlier.

Browse Source 
* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
--

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 101a54add351ff62793cbfbf3877787c4791f833)

Resolved Conflicts:
	doc/DETAILS    - removed
	g10/cpr.c      - replace estream fucntion by stdio.
	g10/mainproc.c - Adjust for changed calling convention.
This commit is contained in:
Werner Koch 2013-12-11 10:20:15 +01:00
parent d04399a6a8
commit 3ae90ff28c
4 changed files with 82 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
g10/cpr.c
View File

@ -1,4 +1,4 @@
/* status.c - Status message and command-fd interface
/* status.c - Status message and command-fd interface
* Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003,
* 2004, 2005, 2006 Free Software Foundation, Inc.
*
@ -75,13 +75,13 @@ status_currently_allowed (int no)
prompt the user. */
switch (no)
{
case STATUS_GET_BOOL:
case STATUS_GET_LINE:
case STATUS_GET_HIDDEN:
case STATUS_GOT_IT:
case STATUS_GET_BOOL:
case STATUS_GET_LINE:
case STATUS_GET_HIDDEN:
case STATUS_GOT_IT:
case STATUS_IMPORTED:
case STATUS_IMPORT_OK:
case STATUS_IMPORT_CHECK:
case STATUS_IMPORT_OK:
case STATUS_IMPORT_CHECK:
case STATUS_IMPORT_RES:
return 1; /* Yes. */
default:
@ -102,7 +102,7 @@ set_status_fd ( int fd )
if ( statusfp && statusfp != stdout && statusfp != stderr )
fclose (statusfp);
statusfp = NULL;
if ( fd == -1 )
if ( fd == -1 )
return;
if( fd == 1 )
@ -132,28 +132,50 @@ write_status ( int no )
write_status_text( no, NULL );
}
void
write_status_text ( int no, const char *text)
{
if( !statusfp || !status_currently_allowed (no) )
return; /* Not enabled or allowed. */
fputs ( "[GNUPG:] ", statusfp );
fputs ( get_status_string (no), statusfp );
if( text ) {
putc ( ' ', statusfp );
for (; *text; text++) {
if (*text == '\n')
fputs ( "\\n", statusfp );
else if (*text == '\r')
fputs ( "\\r", statusfp );
else
putc ( *(const byte *)text, statusfp );
/* Write a status line with code NO followed by the string TEXT and
directly followed by the remaining strings up to a NULL. */
void
write_status_strings (int no, const char *text, ...)
{
va_list arg_ptr;
const char *s;
if (!statusfp || !status_currently_allowed (no) )
return; /* Not enabled or allowed. */
fputs ("[GNUPG:] ", statusfp);
fputs (get_status_string (no), statusfp);
if ( text )
{
putc ( ' ', statusfp);
va_start (arg_ptr, text);
s = text;
do
{
for (; *s; s++)
{
if (*s == '\n')
fputs ("\\n", statusfp);
else if (*s == '\r')
fputs ("\\r", statusfp);
else
fputc (*(const byte *)s, statusfp);
}
}
while ((s = va_arg (arg_ptr, const char*)));
va_end (arg_ptr);
}
putc ('\n',statusfp);
if ( fflush (statusfp) && opt.exit_on_status_write_error )
g10_exit (0);
putc ('\n', statusfp);
if (fflush (statusfp) && opt.exit_on_status_write_error)
g10_exit (0);
}
void
write_status_text (int no, const char *text)
{
write_status_strings (no, text, NULL);
}
@ -163,7 +185,7 @@ write_status_error (const char *where, int errcode)
if (!statusfp || !status_currently_allowed (STATUS_ERROR))
return; /* Not enabled or allowed. */
fprintf (statusfp, "[GNUPG:] %s %s %u\n",
fprintf (statusfp, "[GNUPG:] %s %s %u\n",
get_status_string (STATUS_ERROR), where, gpg_err_code (errcode));
if (fflush (statusfp) && opt.exit_on_status_write_error)
g10_exit (0);
@ -187,7 +209,7 @@ write_status_text_and_buffer ( int no, const char *string,
if( !statusfp || !status_currently_allowed (no) )
return; /* Not enabled or allowed. */
if (wrap == -1) {
lower_limit--;
wrap = 0;
@ -212,8 +234,8 @@ write_status_text_and_buffer ( int no, const char *string,
first = 0;
}
for (esc=0, s=buffer, n=len; n && !esc; s++, n-- ) {
if ( *s == '%' || *(const byte*)s <= lower_limit
|| *(const byte*)s == 127 )
if ( *s == '%' || *(const byte*)s <= lower_limit
|| *(const byte*)s == 127 )
esc = 1;
if ( wrap && ++count > wrap ) {
dowrap=1;
@ -223,7 +245,7 @@ write_status_text_and_buffer ( int no, const char *string,
if (esc) {
s--; n++;
}
if (s != buffer)
if (s != buffer)
fwrite (buffer, s-buffer, 1, statusfp );
if ( esc ) {
fprintf (statusfp, "%%%02X", *(const byte*)s );
@ -257,7 +279,7 @@ write_status_begin_signing (gcry_md_hd_t md)
char buf[100];
size_t buflen;
int i;
/* We use a hard coded list of possible algorithms. Using other
algorithms than specified by OpenPGP does not make sense
anyway. We do this out of performance reasons: Walking all
@ -270,7 +292,7 @@ write_status_begin_signing (gcry_md_hd_t md)
if (i < 4 || i > 7)
if ( gcry_md_is_enabled (md, i) && buflen < DIM(buf) )
{
snprintf (buf+buflen, DIM(buf) - buflen - 1,
snprintf (buf+buflen, DIM(buf) - buflen - 1,
"%sH%d", buflen? " ":"",i);
buflen += strlen (buf+buflen);
}
@ -302,7 +324,7 @@ myread(int fd, void *buf, size_t count)
raise (SIGHUP); /* no more input data */
#endif
}
}
}
return rc;
}
@ -316,16 +338,16 @@ do_get_from_fd ( const char *keyword, int hidden, int getbool )
{
int i, len;
char *string;
if (statusfp != stdout)
fflush (stdout);
write_status_text (getbool? STATUS_GET_BOOL :
hidden? STATUS_GET_HIDDEN : STATUS_GET_LINE, keyword);
for (string = NULL, i = len = 200; ; i++ )
for (string = NULL, i = len = 200; ; i++ )
{
if (i >= len-1 )
if (i >= len-1 )
{
char *save = string;
len += 100;
@ -338,7 +360,7 @@ do_get_from_fd ( const char *keyword, int hidden, int getbool )
/* Fixme: why not use our read_line function here? */
if ( myread( opt.command_fd, string+i, 1) != 1 || string[i] == '\n' )
break;
else if ( string[i] == CONTROL_D )
else if ( string[i] == CONTROL_D )
{
/* Found ETX - Cancel the line and return a sole ETX. */
string[0] = CONTROL_D;

17
g10/encr-data.c
View File

@ -104,6 +104,23 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
write_status_text (STATUS_DECRYPTION_INFO, buf);
}
if (opt.show_session_key)
{
char numbuf[25];
char *hexbuf;
snprintf (numbuf, sizeof numbuf, "%d:", dek->algo);
hexbuf = bin2hex (dek->key, dek->keylen, NULL);
if (!hexbuf)
{
rc = gpg_error_from_syserror ();
goto leave;
}
log_info ("session key: '%s%s'\n", numbuf, hexbuf);
write_status_strings (STATUS_SESSION_KEY, numbuf, hexbuf, NULL);
xfree (hexbuf);
}
rc = openpgp_cipher_test_algo (dek->algo);
if (rc)
goto leave;

2
g10/main.h
View File

@ -160,6 +160,8 @@ int is_status_enabled ( void );
void write_status ( int no );
void write_status_error (const char *where, int errcode);
void write_status_text ( int no, const char *text );
void write_status_strings (int no, const char *text,
...) GNUPG_GCC_A_SENTINEL(0);
void write_status_buffer ( int no,
const char *buffer, size_t len, int wrap );
void write_status_text_and_buffer ( int no, const char *text,

11
g10/mainproc.c
View File

@ -569,6 +569,7 @@ proc_encrypted( CTX c, PACKET *pkt )
}
else if( !c->dek )
result = G10ERR_NO_SECKEY;
if( !result )
result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
@ -583,16 +584,6 @@ proc_encrypted( CTX c, PACKET *pkt )
write_status( STATUS_GOODMDC );
else if(!opt.no_mdc_warn)
log_info (_("WARNING: message was not integrity protected\n"));
if(opt.show_session_key)
{
int i;
char *buf = xmalloc ( c->dek->keylen*2 + 20 );
sprintf ( buf, "%d:", c->dek->algo );
for(i=0; i < c->dek->keylen; i++ )
sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
log_info( "session key: `%s'\n", buf );
write_status_text ( STATUS_SESSION_KEY, buf );
}
}
else if( result == G10ERR_BAD_SIGN ) {
log_error(_("WARNING: encrypted message has been manipulated!\n"));