security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-08 17:43:04 +01:00
Code Activity

* pubkey-enc.c (get_session_key): With hidden recipients or try a given

Browse Source 
passphrase against all secret keys rather than trying all secret keys in
turn.  Don't if --try-all-secrets or --status-fd is enabled.

* passphrase.c (passphrase_to_dek): Mode 1 means do a regular passphrase
query, but don't prompt with the key info.

* seckey-cert.c (do_check, check_secret_key): A negative ask count means
to enable passphrase mode 1.

* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.
This commit is contained in:
David Shaw 2002-11-06 16:58:28 +00:00
parent ec0d9a416e
commit 3cb4118b6c
6 changed files with 57 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
g10/ChangeLog
View File

@ -1,3 +1,19 @@
2002-11-06 David Shaw <dshaw@jabberwocky.com>
* pubkey-enc.c (get_session_key): With hidden recipients or try a
given passphrase against all secret keys rather than trying all
secret keys in turn. Don't if --try-all-secrets or --status-fd is
enabled.
* passphrase.c (passphrase_to_dek): Mode 1 means do a regular
passphrase query, but don't prompt with the key info.
* seckey-cert.c (do_check, check_secret_key): A negative ask count
means to enable passphrase mode 1.
* keydb.h, getkey.c (enum_secret_keys): Add flag to include
secret-parts-missing keys (or not) in the list.
2002-11-05 David Shaw <dshaw@jabberwocky.com> 2002-11-05 David Shaw <dshaw@jabberwocky.com>
* keyserver.c (keyserver_search_prompt): When --with-colons is * keyserver.c (keyserver_search_prompt): When --with-colons is

12
g10/getkey.c
View File

@ -2286,6 +2286,9 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
* b) to get the ultimately trusted keys. * b) to get the ultimately trusted keys.
* The a) usage might have some problems. * The a) usage might have some problems.
* *
* set with_subkeys true to include subkeys
* set with_spm true to include secret-parts-missing keys
*
* Enumerate all primary secret keys. Caller must use these procedure: * Enumerate all primary secret keys. Caller must use these procedure:
* 1) create a void pointer and initialize it to NULL * 1) create a void pointer and initialize it to NULL
* 2) pass this void pointer by reference to this function * 2) pass this void pointer by reference to this function
@ -2296,7 +2299,8 @@ lookup( GETKEY_CTX ctx, KBNODE *ret_keyblock, int secmode )
* so that can free it's context. * so that can free it's context.
*/ */
int int
enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys ) enum_secret_keys( void **context, PKT_secret_key *sk,
int with_subkeys, int with_spm )
{ {
int rc=0; int rc=0;
struct { struct {
@ -2331,9 +2335,11 @@ enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys )
do { do {
/* get the next secret key from the current keyblock */ /* get the next secret key from the current keyblock */
for (; c->node; c->node = c->node->next) { for (; c->node; c->node = c->node->next) {
if (c->node->pkt->pkttype == PKT_SECRET_KEY if ((c->node->pkt->pkttype == PKT_SECRET_KEY
|| (with_subkeys || (with_subkeys
&& c->node->pkt->pkttype == PKT_SECRET_SUBKEY) ) { && c->node->pkt->pkttype == PKT_SECRET_SUBKEY) )
&& !(c->node->pkt->pkt.secret_key->protect.s2k.mode==1001
&& !with_spm)) {
copy_secret_key (sk, c->node->pkt->pkt.secret_key ); copy_secret_key (sk, c->node->pkt->pkt.secret_key );
c->node = c->node->next; c->node = c->node->next;
return 0; /* found */ return 0; /* found */

3
g10/keydb.h
View File

@ -212,7 +212,8 @@ int get_seckey_byfprint( PKT_secret_key *sk,
const byte *fprint, size_t fprint_len); const byte *fprint, size_t fprint_len);
int get_seckey_next( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock ); int get_seckey_next( GETKEY_CTX ctx, PKT_secret_key *sk, KBNODE *ret_keyblock );
void get_seckey_end( GETKEY_CTX ctx ); void get_seckey_end( GETKEY_CTX ctx );
int enum_secret_keys( void **context, PKT_secret_key *sk, int with_subkeys ); int enum_secret_keys( void **context, PKT_secret_key *sk,
int with_subkeys, int with_spm );
void merge_keys_and_selfsig( KBNODE keyblock ); void merge_keys_and_selfsig( KBNODE keyblock );
char*get_user_id_string( u32 *keyid ); char*get_user_id_string( u32 *keyid );
char*get_user_id_string_printable( u32 *keyid ); char*get_user_id_string_printable( u32 *keyid );

5
g10/passphrase.c
View File

@ -935,7 +935,8 @@ passphrase_clear_cache ( u32 *keyid, int algo )
/**************** /****************
* Get a passphrase for the secret key with KEYID, display TEXT * Get a passphrase for the secret key with KEYID, display TEXT
* if the user needs to enter the passphrase. * if the user needs to enter the passphrase.
* mode 0 = standard, 2 = create new passphrase * mode 0 = standard, 1 = same but don't show key info,
* 2 = create new passphrase
* Returns: a DEK with a session key; caller must free * Returns: a DEK with a session key; caller must free
* or NULL if the passphrase was not correctly repeated. * or NULL if the passphrase was not correctly repeated.
* (only for mode 2) * (only for mode 2)
@ -996,7 +997,7 @@ passphrase_to_dek( u32 *keyid, int pubkey_algo,
} }
} }
if( keyid && !opt.batch && !next_pw ) { if( keyid && !opt.batch && !next_pw && mode!=1 ) {
PKT_public_key *pk = m_alloc_clear( sizeof *pk ); PKT_public_key *pk = m_alloc_clear( sizeof *pk );
size_t n; size_t n;
char *p; char *p;

17
g10/pubkey-enc.c
View File

@ -85,12 +85,13 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
else { /* anonymous receiver: Try all available secret keys */ else { /* anonymous receiver: Try all available secret keys */
void *enum_context = NULL; void *enum_context = NULL;
u32 keyid[2]; u32 keyid[2];
char *p;
for(;;) { for(;;) {
if( sk ) if( sk )
free_secret_key( sk ); free_secret_key( sk );
sk = m_alloc_clear( sizeof *sk ); sk = m_alloc_clear( sizeof *sk );
rc=enum_secret_keys( &enum_context, sk, 1); rc=enum_secret_keys( &enum_context, sk, 1, 0);
if( rc ) { if( rc ) {
rc = G10ERR_NO_SECKEY; rc = G10ERR_NO_SECKEY;
break; break;
@ -100,7 +101,17 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
keyid_from_sk( sk, keyid ); keyid_from_sk( sk, keyid );
log_info(_("anonymous recipient; trying secret key %08lX ...\n"), log_info(_("anonymous recipient; trying secret key %08lX ...\n"),
(ulong)keyid[1] ); (ulong)keyid[1] );
rc = check_secret_key( sk, 1 ); /* ask only once */
if(!opt.try_all_secrets && !is_status_enabled())
{
p=get_last_passphrase();
set_next_passphrase(p);
m_free(p);
}
rc = check_secret_key( sk, opt.try_all_secrets?1:-1 ); /* ask
only
once */
if( !rc ) if( !rc )
rc = get_it( k, dek, sk, keyid ); rc = get_it( k, dek, sk, keyid );
if( !rc ) { if( !rc ) {
@ -108,7 +119,7 @@ get_session_key( PKT_pubkey_enc *k, DEK *dek )
break; break;
} }
} }
enum_secret_keys( &enum_context, NULL, 0 ); /* free context */ enum_secret_keys( &enum_context, NULL, 0, 0 ); /* free context */
} }
leave: leave:

17
g10/seckey-cert.c
View File

@ -36,7 +36,7 @@
static int static int
do_check( PKT_secret_key *sk, const char *tryagain_text ) do_check( PKT_secret_key *sk, const char *tryagain_text, int mode )
{ {
byte *buffer; byte *buffer;
u16 csum=0; u16 csum=0;
@ -69,7 +69,7 @@ do_check( PKT_secret_key *sk, const char *tryagain_text )
keyid[3] = sk->main_keyid[1]; keyid[3] = sk->main_keyid[1];
} }
dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo, dek = passphrase_to_dek( keyid, sk->pubkey_algo, sk->protect.algo,
&sk->protect.s2k, 0, tryagain_text ); &sk->protect.s2k, mode, tryagain_text );
cipher_hd = cipher_open( sk->protect.algo, cipher_hd = cipher_open( sk->protect.algo,
CIPHER_MODE_AUTO_CFB, 1); CIPHER_MODE_AUTO_CFB, 1);
cipher_setkey( cipher_hd, dek->key, dek->keylen ); cipher_setkey( cipher_hd, dek->key, dek->keylen );
@ -209,12 +209,21 @@ do_check( PKT_secret_key *sk, const char *tryagain_text )
/**************** /****************
* Check the secret key * Check the secret key
* Ask up to 3 (or n) times for a correct passphrase * Ask up to 3 (or n) times for a correct passphrase
* If n is negative, disable the key info prompt and make n=abs(n)
*/ */
int int
check_secret_key( PKT_secret_key *sk, int n ) check_secret_key( PKT_secret_key *sk, int n )
{ {
int rc = G10ERR_BAD_PASS; int rc = G10ERR_BAD_PASS;
int i; int i,mode;
if(n<0)
{
n=abs(n);
mode=1;
}
else
mode=0;
if( n < 1 ) if( n < 1 )
n = (opt.batch && !opt.use_agent)? 1 : 3; /* use the default value */ n = (opt.batch && !opt.use_agent)? 1 : 3; /* use the default value */
@ -225,7 +234,7 @@ check_secret_key( PKT_secret_key *sk, int n )
tryagain = _("Invalid passphrase; please try again"); tryagain = _("Invalid passphrase; please try again");
log_info (_("%s ...\n"), tryagain); log_info (_("%s ...\n"), tryagain);
} }
rc = do_check( sk, tryagain ); rc = do_check( sk, tryagain, mode );
if( rc == G10ERR_BAD_PASS && is_status_enabled() ) { if( rc == G10ERR_BAD_PASS && is_status_enabled() ) {
u32 kid[2]; u32 kid[2];
char buf[50]; char buf[50];