* pubkey-enc.c (get_session_key): With hidden recipients or try a given

passphrase against all secret keys rather than trying all secret keys in turn. Don't if --try-all-secrets or --status-fd is enabled. * passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase query, but don't prompt with the key info. * seckey-cert.c (do_check, check_secret_key): A negative ask count means to enable passphrase mode 1. * keydb.h, getkey.c (enum_secret_keys): Add flag to include secret-parts-missing keys (or not) in the list.
2002-11-06 16:58:28 +00:00 · 2002-11-06 16:58:28 +00:00 · 3cb4118b6c
parent ec0d9a416e
commit 3cb4118b6c
6 changed files with 57 additions and 13 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,19 @@
+2002-11-06  David Shaw  <dshaw@jabberwocky.com>
+
+	* pubkey-enc.c (get_session_key): With hidden recipients or try a
+	given passphrase against all secret keys rather than trying all
+	secret keys in turn.  Don't if --try-all-secrets or --status-fd is
+	enabled.
+
+	* passphrase.c (passphrase_to_dek): Mode 1 means do a regular
+	passphrase query, but don't prompt with the key info.
+
+	* seckey-cert.c (do_check, check_secret_key): A negative ask count
+	means to enable passphrase mode 1.
+
+	* keydb.h, getkey.c (enum_secret_keys): Add flag to include
+	secret-parts-missing keys (or not) in the list.
+
 2002-11-05  David Shaw  <dshaw@jabberwocky.com>

 	* keyserver.c (keyserver_search_prompt): When --with-colons is
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -2286,6 +2286,9 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
 *                   b) to get the ultimately trusted keys.
 *        The a) usage might have some problems.
 *
+ * set with_subkeys true to include subkeys
+ * set with_spm true to include secret-parts-missing keys
+ *
 * Enumerate all primary secret keys.  Caller must use these procedure:
 *  1) create a void pointer and initialize it to NULL
 *  2) pass this void pointer by reference to this function
@ -2296,7 +2299,8 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
 *     so that can free it's context.
 */
 int
-enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys )
+enum_secret_keys( void **context, PKT_secret_key *sk,
+		  int with_subkeys, int with_spm )
 {
    int rc=0;
    struct {
@ -2331,9 +2335,11 @@ enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys )
    do {
        /* get the next secret key from the current keyblock */
        for (; c->node; c->node = c->node->next) {
-            if (c->node->pkt->pkttype == PKT_SECRET_KEY
+            if ((c->node->pkt->pkttype == PKT_SECRET_KEY
                || (with_subkeys
-                    && c->node->pkt->pkttype == PKT_SECRET_SUBKEY) ) {
+                    && c->node->pkt->pkttype == PKT_SECRET_SUBKEY) )
+		&& !(c->node->pkt->pkt.secret_key->protect.s2k.mode==1001
+		     && !with_spm)) {
                copy_secret_key (sk, c->node->pkt->pkt.secret_key );
                c->node = c->node->next;
                return 0; /* found */
--- a/g10/keydb.h
+++ b/g10/keydb.h
@ -212,7 +212,8 @@ int get_seckey_byfprint( PKT_secret_key *sk,
 			 const byte *fprint, size_t fprint_len);
 int get_seckey_next( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock );
 void get_seckey_end( GETKEY_CTX ctx );
-int enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys );
+int enum_secret_keys( void **context, PKT_secret_key *sk,
+		      int with_subkeys, int with_spm );
 void merge_keys_and_selfsig( KBNODE keyblock );
 char*get_user_id_string( u32 *keyid );
 char*get_user_id_string_printable( u32 *keyid );
--- a/g10/passphrase.c
+++ b/g10/passphrase.c
@ -935,7 +935,8 @@ passphrase_clear_cache ( u32 *keyid, int algo )
 /****************
 * Get a passphrase for the secret key with KEYID, display TEXT
 * if the user needs to enter the passphrase.
- * mode 0 = standard, 2 = create new passphrase
+ * mode 0 = standard, 1 = same but don't show key info,
+ *      2 = create new passphrase
 * Returns: a DEK with a session key; caller must free
 *	    or NULL if the passphrase was not correctly repeated.
 *	    (only for mode 2)
@ -996,7 +997,7 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
 	}
    }

-    if( keyid && !opt.batch && !next_pw ) {
+    if( keyid && !opt.batch && !next_pw && mode!=1 ) {
 	PKT_public_key *pk = m_alloc_clear( sizeof *pk );
 	size_t n;
 	char *p;
--- a/g10/pubkey-enc.c
+++ b/g10/pubkey-enc.c
@ -85,12 +85,13 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
    else { /* anonymous receiver: Try all available secret keys */
 	void *enum_context = NULL;
 	u32 keyid[2];
+	char *p;

 	for(;;) {
 	    if( sk )
 		free_secret_key( sk );
 	    sk = m_alloc_clear( sizeof *sk );
-	    rc=enum_secret_keys( &enum_context, sk, 1);
+	    rc=enum_secret_keys( &enum_context, sk, 1, 0);
 	    if( rc ) {
 		rc = G10ERR_NO_SECKEY;
 		break;
@ -100,7 +101,17 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
 	    keyid_from_sk( sk, keyid );
 	    log_info(_("anonymous recipient; trying secret key %08lX ...\n"),
                     (ulong)keyid[1] );
-	    rc = check_secret_key( sk, 1 ); /* ask only once */
+
+	    if(!opt.try_all_secrets && !is_status_enabled())
+	      {
+		p=get_last_passphrase();
+		set_next_passphrase(p);
+		m_free(p);
+	      }
+
+	    rc = check_secret_key( sk, opt.try_all_secrets?1:-1 ); /* ask
+								      only
+								      once */
 	    if( !rc )
 		rc = get_it( k, dek, sk, keyid );
 	    if( !rc ) {
@ -108,7 +119,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
 		break;
 	    }
 	}
-	enum_secret_keys( &enum_context, NULL, 0 ); /* free context */
+	enum_secret_keys( &enum_context, NULL, 0, 0 ); /* free context */
    }

  leave:
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@ -36,7 +36,7 @@


 static int
-do_check( PKT_secret_key *sk, const char *tryagain_text )
+do_check( PKT_secret_key *sk, const char *tryagain_text, int mode )
 {
    byte *buffer;
    u16 csum=0;
@ -69,7 +69,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text )
            keyid[3] = sk->main_keyid[1];
 	}
 	dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo,
-				 &sk->protect.s2k, 0, tryagain_text );
+				 &sk->protect.s2k, mode, tryagain_text );
 	cipher_hd = cipher_open( sk->protect.algo,
 				 CIPHER_MODE_AUTO_CFB, 1);
 	cipher_setkey( cipher_hd, dek->key, dek->keylen );
@ -209,12 +209,21 @@ do_check( PKT_secret_key *sk, const char *tryagain_text )
 /****************
 * Check the secret key
 * Ask up to 3 (or n) times for a correct passphrase
+ * If n is negative, disable the key info prompt and make n=abs(n)
 */
 int
 check_secret_key( PKT_secret_key *sk, int n )
 {
    int rc = G10ERR_BAD_PASS;
-    int i;
+    int i,mode;
+
+    if(n<0)
+      {
+	n=abs(n);
+	mode=1;
+      }
+    else
+      mode=0;

    if( n < 1 )
 	n = (opt.batch && !opt.use_agent)? 1 : 3; /* use the default value */
@ -225,7 +234,7 @@ check_secret_key( PKT_secret_key *sk, int n )
            tryagain = _("Invalid passphrase; please try again");
            log_info (_("%s ...\n"), tryagain);
        }
-	rc = do_check( sk, tryagain );
+	rc = do_check( sk, tryagain, mode );
 	if( rc == G10ERR_BAD_PASS && is_status_enabled() ) {
 	    u32 kid[2];
 	    char buf[50];