security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-07-03 22:56:33 +02:00
Code Activity

gpg: Change --show-session-key to print the session key earlier.

Browse source 
* g10/cpr.c (write_status_strings): New.
(write_status_text): Replace code by a call to write_status_strings.
* g10/mainproc.c (proc_encrypted): Remove show_session_key code.
* g10/decrypt-data.c (decrypt_data): Add new show_session_key code.
--

This feature can be used to return the session key for just a part of
a file.  For example to downloading just the first 32k of a huge file,
decrypting that incomplete part and while ignoring all the errors
break out the session key.  The session key may then be used on the
server to decrypt the entire file without the need to have the private
key on the server.

GnuPG-bug-id: 1389
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 101a54add3)

Resolved Conflicts:
	doc/DETAILS    - removed
	g10/cpr.c      - replace estream fucntion by stdio.
	g10/mainproc.c - Adjust for changed calling convention.
This commit is contained in:
Werner Koch 2013-12-11 10:20:15 +01:00
parent d04399a6a8
commit 3ae90ff28c
4 changed files with 82 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

50
g10/cpr.c
View file

@ -132,31 +132,53 @@ write_status ( int no )
write_status_text( no, NULL ); write_status_text( no, NULL );
} }
/* Write a status line with code NO followed by the string TEXT and
directly followed by the remaining strings up to a NULL. */
void void
write_status_text ( int no, const char *text) write_status_strings (int no, const char *text, ...)
{ {
if( !statusfp || !status_currently_allowed (no) ) va_list arg_ptr;
const char *s;
if (!statusfp || !status_currently_allowed (no) )
return; /* Not enabled or allowed. */ return; /* Not enabled or allowed. */
fputs ( "[GNUPG:] ", statusfp ); fputs ("[GNUPG:] ", statusfp);
fputs ( get_status_string (no), statusfp ); fputs (get_status_string (no), statusfp);
if( text ) { if ( text )
putc ( ' ', statusfp ); {
for (; *text; text++) { putc ( ' ', statusfp);
if (*text == '\n') va_start (arg_ptr, text);
fputs ( "\\n", statusfp ); s = text;
else if (*text == '\r') do
fputs ( "\\r", statusfp ); {
for (; *s; s++)
{
if (*s == '\n')
fputs ("\\n", statusfp);
else if (*s == '\r')
fputs ("\\r", statusfp);
else else
putc ( *(const byte *)text, statusfp ); fputc (*(const byte *)s, statusfp);
} }
} }
putc ('\n',statusfp); while ((s = va_arg (arg_ptr, const char*)));
if ( fflush (statusfp) && opt.exit_on_status_write_error ) va_end (arg_ptr);
}
putc ('\n', statusfp);
if (fflush (statusfp) && opt.exit_on_status_write_error)
g10_exit (0); g10_exit (0);
} }
void
write_status_text (int no, const char *text)
{
write_status_strings (no, text, NULL);
}
void void
write_status_error (const char *where, int errcode) write_status_error (const char *where, int errcode)
{ {

17
g10/encr-data.c
View file

@ -104,6 +104,23 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
write_status_text (STATUS_DECRYPTION_INFO, buf); write_status_text (STATUS_DECRYPTION_INFO, buf);
} }
if (opt.show_session_key)
{
char numbuf[25];
char *hexbuf;
snprintf (numbuf, sizeof numbuf, "%d:", dek->algo);
hexbuf = bin2hex (dek->key, dek->keylen, NULL);
if (!hexbuf)
{
rc = gpg_error_from_syserror ();
goto leave;
}
log_info ("session key: '%s%s'\n", numbuf, hexbuf);
write_status_strings (STATUS_SESSION_KEY, numbuf, hexbuf, NULL);
xfree (hexbuf);
}
rc = openpgp_cipher_test_algo (dek->algo); rc = openpgp_cipher_test_algo (dek->algo);
if (rc) if (rc)
goto leave; goto leave;

2
g10/main.h
View file

@ -160,6 +160,8 @@ int is_status_enabled ( void );
void write_status ( int no ); void write_status ( int no );
void write_status_error (const char *where, int errcode); void write_status_error (const char *where, int errcode);
void write_status_text ( int no, const char *text ); void write_status_text ( int no, const char *text );
void write_status_strings (int no, const char *text,
...) GNUPG_GCC_A_SENTINEL(0);
void write_status_buffer ( int no, void write_status_buffer ( int no,
const char *buffer, size_t len, int wrap ); const char *buffer, size_t len, int wrap );
void write_status_text_and_buffer ( int no, const char *text, void write_status_text_and_buffer ( int no, const char *text,

11
g10/mainproc.c
View file

@ -569,6 +569,7 @@ proc_encrypted( CTX c, PACKET *pkt )
} }
else if( !c->dek ) else if( !c->dek )
result = G10ERR_NO_SECKEY; result = G10ERR_NO_SECKEY;
if( !result ) if( !result )
result = decrypt_data( c, pkt->pkt.encrypted, c->dek ); result = decrypt_data( c, pkt->pkt.encrypted, c->dek );
@ -583,16 +584,6 @@ proc_encrypted( CTX c, PACKET *pkt )
write_status( STATUS_GOODMDC ); write_status( STATUS_GOODMDC );
else if(!opt.no_mdc_warn) else if(!opt.no_mdc_warn)
log_info (_("WARNING: message was not integrity protected\n")); log_info (_("WARNING: message was not integrity protected\n"));
if(opt.show_session_key)
{
int i;
char *buf = xmalloc ( c->dek->keylen*2 + 20 );
sprintf ( buf, "%d:", c->dek->algo );
for(i=0; i < c->dek->keylen; i++ )
sprintf(buf+strlen(buf), "%02X", c->dek->key[i] );
log_info( "session key: `%s'\n", buf );
write_status_text ( STATUS_SESSION_KEY, buf );
}
} }
else if( result == G10ERR_BAD_SIGN ) { else if( result == G10ERR_BAD_SIGN ) {
log_error(_("WARNING: encrypted message has been manipulated!\n")); log_error(_("WARNING: encrypted message has been manipulated!\n"));