From 3cb4118b6c9c55d874d7dd463600d792f1fdd266 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Wed, 6 Nov 2002 16:58:28 +0000 Subject: [PATCH] * pubkey-enc.c (get_session_key): With hidden recipients or try a given passphrase against all secret keys rather than trying all secret keys in turn. Don't if --try-all-secrets or --status-fd is enabled. * passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase query, but don't prompt with the key info. * seckey-cert.c (do_check, check_secret_key): A negative ask count means to enable passphrase mode 1. * keydb.h, getkey.c (enum_secret_keys): Add flag to include secret-parts-missing keys (or not) in the list. --- g10/ChangeLog | 16 ++++++++++++++++ g10/getkey.c | 12 +++++++++--- g10/keydb.h | 3 ++- g10/passphrase.c | 5 +++-- g10/pubkey-enc.c | 17 ++++++++++++++--- g10/seckey-cert.c | 17 +++++++++++++---- 6 files changed, 57 insertions(+), 13 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 6d65b98f4..aec63a538 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,19 @@ +2002-11-06 David Shaw + + * pubkey-enc.c (get_session_key): With hidden recipients or try a + given passphrase against all secret keys rather than trying all + secret keys in turn. Don't if --try-all-secrets or --status-fd is + enabled. + + * passphrase.c (passphrase_to_dek): Mode 1 means do a regular + passphrase query, but don't prompt with the key info. + + * seckey-cert.c (do_check, check_secret_key): A negative ask count + means to enable passphrase mode 1. + + * keydb.h, getkey.c (enum_secret_keys): Add flag to include + secret-parts-missing keys (or not) in the list. + 2002-11-05 David Shaw * keyserver.c (keyserver_search_prompt): When --with-colons is diff --git a/g10/getkey.c b/g10/getkey.c index 991b98d2f..6214d8b54 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -2286,6 +2286,9 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode ) * b) to get the ultimately trusted keys. * The a) usage might have some problems. * + * set with_subkeys true to include subkeys + * set with_spm true to include secret-parts-missing keys + * * Enumerate all primary secret keys. Caller must use these procedure: * 1) create a void pointer and initialize it to NULL * 2) pass this void pointer by reference to this function @@ -2296,7 +2299,8 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode ) * so that can free it's context. */ int -enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys ) +enum_secret_keys( void **context, PKT_secret_key *sk, + int with_subkeys, int with_spm ) { int rc=0; struct { @@ -2331,9 +2335,11 @@ enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys ) do { /* get the next secret key from the current keyblock */ for (; c->node; c->node = c->node->next) { - if (c->node->pkt->pkttype == PKT_SECRET_KEY + if ((c->node->pkt->pkttype == PKT_SECRET_KEY || (with_subkeys - && c->node->pkt->pkttype == PKT_SECRET_SUBKEY) ) { + && c->node->pkt->pkttype == PKT_SECRET_SUBKEY) ) + && !(c->node->pkt->pkt.secret_key->protect.s2k.mode==1001 + && !with_spm)) { copy_secret_key (sk, c->node->pkt->pkt.secret_key ); c->node = c->node->next; return 0; /* found */ diff --git a/g10/keydb.h b/g10/keydb.h index 0204bd35c..ebb63a4ba 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -212,7 +212,8 @@ int get_seckey_byfprint( PKT_secret_key *sk, const byte *fprint, size_t fprint_len); int get_seckey_next( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock ); void get_seckey_end( GETKEY_CTX ctx ); -int enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys ); +int enum_secret_keys( void **context, PKT_secret_key *sk, + int with_subkeys, int with_spm ); void merge_keys_and_selfsig( KBNODE keyblock ); char*get_user_id_string( u32 *keyid ); char*get_user_id_string_printable( u32 *keyid ); diff --git a/g10/passphrase.c b/g10/passphrase.c index d84d6e88b..3744c5b37 100644 --- a/g10/passphrase.c +++ b/g10/passphrase.c @@ -935,7 +935,8 @@ passphrase_clear_cache ( u32 *keyid, int algo ) /**************** * Get a passphrase for the secret key with KEYID, display TEXT * if the user needs to enter the passphrase. - * mode 0 = standard, 2 = create new passphrase + * mode 0 = standard, 1 = same but don't show key info, + * 2 = create new passphrase * Returns: a DEK with a session key; caller must free * or NULL if the passphrase was not correctly repeated. * (only for mode 2) @@ -996,7 +997,7 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo, } } - if( keyid && !opt.batch && !next_pw ) { + if( keyid && !opt.batch && !next_pw && mode!=1 ) { PKT_public_key *pk = m_alloc_clear( sizeof *pk ); size_t n; char *p; diff --git a/g10/pubkey-enc.c b/g10/pubkey-enc.c index 1cf2c3813..1c52ce4de 100644 --- a/g10/pubkey-enc.c +++ b/g10/pubkey-enc.c @@ -85,12 +85,13 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) else { /* anonymous receiver: Try all available secret keys */ void *enum_context = NULL; u32 keyid[2]; + char *p; for(;;) { if( sk ) free_secret_key( sk ); sk = m_alloc_clear( sizeof *sk ); - rc=enum_secret_keys( &enum_context, sk, 1); + rc=enum_secret_keys( &enum_context, sk, 1, 0); if( rc ) { rc = G10ERR_NO_SECKEY; break; @@ -100,7 +101,17 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) keyid_from_sk( sk, keyid ); log_info(_("anonymous recipient; trying secret key %08lX ...\n"), (ulong)keyid[1] ); - rc = check_secret_key( sk, 1 ); /* ask only once */ + + if(!opt.try_all_secrets && !is_status_enabled()) + { + p=get_last_passphrase(); + set_next_passphrase(p); + m_free(p); + } + + rc = check_secret_key( sk, opt.try_all_secrets?1:-1 ); /* ask + only + once */ if( !rc ) rc = get_it( k, dek, sk, keyid ); if( !rc ) { @@ -108,7 +119,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek ) break; } } - enum_secret_keys( &enum_context, NULL, 0 ); /* free context */ + enum_secret_keys( &enum_context, NULL, 0, 0 ); /* free context */ } leave: diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index d19ac683a..4984c888b 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -36,7 +36,7 @@ static int -do_check( PKT_secret_key *sk, const char *tryagain_text ) +do_check( PKT_secret_key *sk, const char *tryagain_text, int mode ) { byte *buffer; u16 csum=0; @@ -69,7 +69,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text ) keyid[3] = sk->main_keyid[1]; } dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo, - &sk->protect.s2k, 0, tryagain_text ); + &sk->protect.s2k, mode, tryagain_text ); cipher_hd = cipher_open( sk->protect.algo, CIPHER_MODE_AUTO_CFB, 1); cipher_setkey( cipher_hd, dek->key, dek->keylen ); @@ -209,12 +209,21 @@ do_check( PKT_secret_key *sk, const char *tryagain_text ) /**************** * Check the secret key * Ask up to 3 (or n) times for a correct passphrase + * If n is negative, disable the key info prompt and make n=abs(n) */ int check_secret_key( PKT_secret_key *sk, int n ) { int rc = G10ERR_BAD_PASS; - int i; + int i,mode; + + if(n<0) + { + n=abs(n); + mode=1; + } + else + mode=0; if( n < 1 ) n = (opt.batch && !opt.use_agent)? 1 : 3; /* use the default value */ @@ -225,7 +234,7 @@ check_secret_key( PKT_secret_key *sk, int n ) tryagain = _("Invalid passphrase; please try again"); log_info (_("%s ...\n"), tryagain); } - rc = do_check( sk, tryagain ); + rc = do_check( sk, tryagain, mode ); if( rc == G10ERR_BAD_PASS && is_status_enabled() ) { u32 kid[2]; char buf[50];