mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
gpg: Fix --version output and explicitly disable ECC.
* g10/misc.c (openpgp_pk_algo_name): New. Replace all calls in g10/ to gcry_pk_algo_name by a call to this function. (map_pk_openpgp_to_gcry): Map algo PUBKEY_ALGO_ELGAMAL_E to GCRY_PK_ELG. (openpgp_pk_test_algo): Use PUBKEY_ALGO_ELGAMAL_E instead of GCRY_PK_ELG_E. Return an error for ECC algos. (openpgp_pk_test_algo2): Return an error for ECC algos. * g10/gpg.c (build_list): Avoid printing ECC two times. * include/cipher.h: Do not use GCRY_PK_* macros for PUBKEY_ALGO_*. -- Due to recent changes to adjust for use with Libgcrypt 1.6, "gpg --version" printed two question marks. This patches fixes that and also make sure that gpg does advertise any ECC features. The patch in build_list is not really needed. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
parent
3544beff86
commit
6286d01ba3
20
g10/encode.c
20
g10/encode.c
@ -83,7 +83,7 @@ encode_seskey( DEK *dek, DEK **seskey, byte *enckey )
|
|||||||
/* The encrypted session key is prefixed with a one-octet algorithm id. */
|
/* The encrypted session key is prefixed with a one-octet algorithm id. */
|
||||||
buf[0] = (*seskey)->algo;
|
buf[0] = (*seskey)->algo;
|
||||||
memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
|
memcpy( buf + 1, (*seskey)->key, (*seskey)->keylen );
|
||||||
|
|
||||||
/* We only pass already checked values to the following fucntion,
|
/* We only pass already checked values to the following fucntion,
|
||||||
thus we consider any failure as fatal. */
|
thus we consider any failure as fatal. */
|
||||||
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
|
if (openpgp_cipher_open (&hd, dek->algo, GCRY_CIPHER_MODE_CFB, 1))
|
||||||
@ -117,7 +117,7 @@ use_mdc(PK_LIST pk_list,int algo)
|
|||||||
|
|
||||||
if(select_mdc_from_pklist(pk_list))
|
if(select_mdc_from_pklist(pk_list))
|
||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
/* The keys don't support MDC, so now we do a bit of a hack - if any
|
/* The keys don't support MDC, so now we do a bit of a hack - if any
|
||||||
of the AESes or TWOFISH are in the prefs, we assume that the user
|
of the AESes or TWOFISH are in the prefs, we assume that the user
|
||||||
can handle a MDC. This is valid for PGP 7, which can handle MDCs
|
can handle a MDC. This is valid for PGP 7, which can handle MDCs
|
||||||
@ -178,7 +178,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
|
|||||||
memset( &zfx, 0, sizeof zfx);
|
memset( &zfx, 0, sizeof zfx);
|
||||||
memset( &tfx, 0, sizeof tfx);
|
memset( &tfx, 0, sizeof tfx);
|
||||||
init_packet(&pkt);
|
init_packet(&pkt);
|
||||||
|
|
||||||
/* prepare iobufs */
|
/* prepare iobufs */
|
||||||
inp = iobuf_open(filename);
|
inp = iobuf_open(filename);
|
||||||
if (inp)
|
if (inp)
|
||||||
@ -207,7 +207,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
|
|||||||
it has no S2K salt. RFC1991 always uses simple S2K. */
|
it has no S2K salt. RFC1991 always uses simple S2K. */
|
||||||
if ( RFC1991 && use_seskey )
|
if ( RFC1991 && use_seskey )
|
||||||
use_seskey = 0;
|
use_seskey = 0;
|
||||||
|
|
||||||
cfx.dek = NULL;
|
cfx.dek = NULL;
|
||||||
if( mode ) {
|
if( mode ) {
|
||||||
int canceled;
|
int canceled;
|
||||||
@ -254,7 +254,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
|
|||||||
{
|
{
|
||||||
if (opt.verbose)
|
if (opt.verbose)
|
||||||
log_info(_("`%s' already compressed\n"), filename);
|
log_info(_("`%s' already compressed\n"), filename);
|
||||||
do_compress = 0;
|
do_compress = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( rc || (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) {
|
if( rc || (rc = open_outfile( filename, opt.armor? 1:0, &out )) ) {
|
||||||
@ -563,7 +563,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
|
|||||||
|
|
||||||
cfx.dek->algo = opt.def_cipher_algo;
|
cfx.dek->algo = opt.def_cipher_algo;
|
||||||
}
|
}
|
||||||
|
|
||||||
cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
|
cfx.dek->use_mdc=use_mdc(pk_list,cfx.dek->algo);
|
||||||
|
|
||||||
/* Only do the is-file-already-compressed check if we are using a
|
/* Only do the is-file-already-compressed check if we are using a
|
||||||
@ -575,7 +575,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
|
|||||||
{
|
{
|
||||||
if (opt.verbose)
|
if (opt.verbose)
|
||||||
log_info(_("`%s' already compressed\n"), filename);
|
log_info(_("`%s' already compressed\n"), filename);
|
||||||
do_compress = 0;
|
do_compress = 0;
|
||||||
}
|
}
|
||||||
if (rc2)
|
if (rc2)
|
||||||
{
|
{
|
||||||
@ -846,7 +846,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
|
|||||||
if( opt.verbose ) {
|
if( opt.verbose ) {
|
||||||
char *ustr = get_user_id_string_native (enc->keyid);
|
char *ustr = get_user_id_string_native (enc->keyid);
|
||||||
log_info(_("%s/%s encrypted for: \"%s\"\n"),
|
log_info(_("%s/%s encrypted for: \"%s\"\n"),
|
||||||
gcry_pk_algo_name (enc->pubkey_algo),
|
openpgp_pk_algo_name (enc->pubkey_algo),
|
||||||
openpgp_cipher_algo_name (dek->algo),
|
openpgp_cipher_algo_name (dek->algo),
|
||||||
ustr );
|
ustr );
|
||||||
xfree(ustr);
|
xfree(ustr);
|
||||||
@ -874,9 +874,9 @@ encode_crypt_files(int nfiles, char **files, strlist_t remusr)
|
|||||||
if (opt.outfile)
|
if (opt.outfile)
|
||||||
{
|
{
|
||||||
log_error(_("--output doesn't work for this command\n"));
|
log_error(_("--output doesn't work for this command\n"));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!nfiles)
|
if (!nfiles)
|
||||||
{
|
{
|
||||||
char line[2048];
|
char line[2048];
|
||||||
|
@ -854,8 +854,8 @@ my_strusage( int level )
|
|||||||
case 33: p = _("\nSupported algorithms:\n"); break;
|
case 33: p = _("\nSupported algorithms:\n"); break;
|
||||||
case 34:
|
case 34:
|
||||||
if (!pubkeys)
|
if (!pubkeys)
|
||||||
pubkeys = build_list (_("Pubkey: "), 0,
|
pubkeys = build_list (_("Pubkey: "), 'P',
|
||||||
gcry_pk_algo_name,
|
openpgp_pk_algo_name,
|
||||||
openpgp_pk_test_algo );
|
openpgp_pk_test_algo );
|
||||||
p = pubkeys;
|
p = pubkeys;
|
||||||
break;
|
break;
|
||||||
@ -906,6 +906,9 @@ build_list (const char *text, char letter,
|
|||||||
|
|
||||||
for (i=0; i <= 110; i++ )
|
for (i=0; i <= 110; i++ )
|
||||||
{
|
{
|
||||||
|
if (letter == 'P' && i == 19 )
|
||||||
|
continue; /* No need to print a second "ECC" string. */
|
||||||
|
|
||||||
if (!chkf (i) && (s = mapf (i)))
|
if (!chkf (i) && (s = mapf (i)))
|
||||||
{
|
{
|
||||||
if (mb.len - len > 60)
|
if (mb.len - len > 60)
|
||||||
@ -921,7 +924,7 @@ build_list (const char *text, char letter,
|
|||||||
put_membuf_str (&mb, text);
|
put_membuf_str (&mb, text);
|
||||||
|
|
||||||
put_membuf_str (&mb, s);
|
put_membuf_str (&mb, s);
|
||||||
if (opt.verbose && letter)
|
if (opt.verbose && letter && letter != 'P')
|
||||||
{
|
{
|
||||||
char num[20];
|
char num[20];
|
||||||
snprintf (num, sizeof num, " (%c%d)", letter, i);
|
snprintf (num, sizeof num, " (%c%d)", letter, i);
|
||||||
|
@ -2810,7 +2810,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
|
|||||||
if(pk->is_revoked)
|
if(pk->is_revoked)
|
||||||
{
|
{
|
||||||
char *user=get_user_id_string_native(pk->revoked.keyid);
|
char *user=get_user_id_string_native(pk->revoked.keyid);
|
||||||
const char *algo = gcry_pk_algo_name (pk->revoked.algo);
|
const char *algo = openpgp_pk_algo_name (pk->revoked.algo);
|
||||||
tty_printf (_("The following key was revoked on"
|
tty_printf (_("The following key was revoked on"
|
||||||
" %s by %s key %s\n"),
|
" %s by %s key %s\n"),
|
||||||
revokestr_from_pk(pk),algo?algo:"?",user);
|
revokestr_from_pk(pk),algo?algo:"?",user);
|
||||||
@ -2828,7 +2828,7 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
|
|||||||
char *user;
|
char *user;
|
||||||
const char *algo;
|
const char *algo;
|
||||||
|
|
||||||
algo = gcry_pk_algo_name (pk->revkey[i].algid);
|
algo = openpgp_pk_algo_name (pk->revkey[i].algid);
|
||||||
keyid_from_fingerprint(pk->revkey[i].fpr,
|
keyid_from_fingerprint(pk->revkey[i].fpr,
|
||||||
MAX_FINGERPRINT_LEN,r_keyid);
|
MAX_FINGERPRINT_LEN,r_keyid);
|
||||||
|
|
||||||
|
@ -1603,7 +1603,7 @@ ask_key_flags(int algo,int subkey)
|
|||||||
{
|
{
|
||||||
tty_printf("\n");
|
tty_printf("\n");
|
||||||
tty_printf(_("Possible actions for a %s key: "),
|
tty_printf(_("Possible actions for a %s key: "),
|
||||||
gcry_pk_algo_name (algo));
|
openpgp_pk_algo_name (algo));
|
||||||
print_key_flags(possible);
|
print_key_flags(possible);
|
||||||
tty_printf("\n");
|
tty_printf("\n");
|
||||||
tty_printf(_("Current allowed actions: "));
|
tty_printf(_("Current allowed actions: "));
|
||||||
@ -1807,7 +1807,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
|
|||||||
}
|
}
|
||||||
|
|
||||||
tty_printf(_("%s keys may be between %u and %u bits long.\n"),
|
tty_printf(_("%s keys may be between %u and %u bits long.\n"),
|
||||||
gcry_pk_algo_name (algo), min, max);
|
openpgp_pk_algo_name (algo), min, max);
|
||||||
|
|
||||||
for(;;)
|
for(;;)
|
||||||
{
|
{
|
||||||
@ -1826,7 +1826,7 @@ ask_keysize (int algo, unsigned int primary_keysize)
|
|||||||
|
|
||||||
if(nbits<min || nbits>max)
|
if(nbits<min || nbits>max)
|
||||||
tty_printf(_("%s keysizes must be in the range %u-%u\n"),
|
tty_printf(_("%s keysizes must be in the range %u-%u\n"),
|
||||||
gcry_pk_algo_name (algo), min, max);
|
openpgp_pk_algo_name (algo), min, max);
|
||||||
else
|
else
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -485,7 +485,7 @@ print_keyrec(int number,struct keyrec *keyrec)
|
|||||||
{
|
{
|
||||||
const char *str;
|
const char *str;
|
||||||
|
|
||||||
str = gcry_pk_algo_name (map_pk_openpgp_to_gcry (keyrec->type));
|
str = openpgp_pk_algo_name (keyrec->type);
|
||||||
if(str && strcmp (str, "?"))
|
if(str && strcmp (str, "?"))
|
||||||
printf("%s ",str);
|
printf("%s ",str);
|
||||||
else
|
else
|
||||||
|
@ -93,6 +93,7 @@ int map_pk_openpgp_to_gcry (int algo);
|
|||||||
int openpgp_pk_test_algo( int algo );
|
int openpgp_pk_test_algo( int algo );
|
||||||
int openpgp_pk_test_algo2 ( int algo, unsigned int use );
|
int openpgp_pk_test_algo2 ( int algo, unsigned int use );
|
||||||
int openpgp_pk_algo_usage ( int algo );
|
int openpgp_pk_algo_usage ( int algo );
|
||||||
|
const char *openpgp_pk_algo_name (int algo);
|
||||||
int openpgp_md_test_algo( int algo );
|
int openpgp_md_test_algo( int algo );
|
||||||
|
|
||||||
#ifdef USE_IDEA
|
#ifdef USE_IDEA
|
||||||
|
@ -455,7 +455,7 @@ print_pkenc_list( struct kidlist_item *list, int failed )
|
|||||||
if ( !failed && list->reason )
|
if ( !failed && list->reason )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
algstr = gcry_pk_algo_name ( list->pubkey_algo );
|
algstr = openpgp_pk_algo_name ( list->pubkey_algo );
|
||||||
pk = xmalloc_clear( sizeof *pk );
|
pk = xmalloc_clear( sizeof *pk );
|
||||||
|
|
||||||
if( !algstr )
|
if( !algstr )
|
||||||
@ -1644,7 +1644,7 @@ check_sig_and_print( CTX c, KBNODE node )
|
|||||||
|
|
||||||
/* (Indendation below not yet changed to GNU style.) */
|
/* (Indendation below not yet changed to GNU style.) */
|
||||||
|
|
||||||
astr = gcry_pk_algo_name ( sig->pubkey_algo );
|
astr = openpgp_pk_algo_name ( sig->pubkey_algo );
|
||||||
if(keystrlen()>8)
|
if(keystrlen()>8)
|
||||||
{
|
{
|
||||||
log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
|
log_info(_("Signature made %s\n"),asctimestamp(sig->timestamp));
|
||||||
|
36
g10/misc.c
36
g10/misc.c
@ -297,7 +297,7 @@ print_pubkey_algo_note( int algo )
|
|||||||
{
|
{
|
||||||
warn=1;
|
warn=1;
|
||||||
log_info (_("WARNING: using experimental public key algorithm %s\n"),
|
log_info (_("WARNING: using experimental public key algorithm %s\n"),
|
||||||
gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo)));
|
openpgp_pk_algo_name (algo));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (algo == 20)
|
else if (algo == 20)
|
||||||
@ -423,8 +423,9 @@ map_pk_openpgp_to_gcry (int algo)
|
|||||||
{
|
{
|
||||||
switch (algo)
|
switch (algo)
|
||||||
{
|
{
|
||||||
case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
|
case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
|
||||||
case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/;
|
case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/;
|
||||||
|
case PUBKEY_ALGO_ELGAMAL_E: return GCRY_PK_ELG;
|
||||||
default: return algo;
|
default: return algo;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -433,11 +434,15 @@ map_pk_openpgp_to_gcry (int algo)
|
|||||||
int
|
int
|
||||||
openpgp_pk_test_algo( int algo )
|
openpgp_pk_test_algo( int algo )
|
||||||
{
|
{
|
||||||
|
/* ECC is not yet supported even if supported by Libgcrypt. */
|
||||||
|
if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
|
||||||
|
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||||
|
|
||||||
/* Dont't allow type 20 keys unless in rfc2440 mode. */
|
/* Dont't allow type 20 keys unless in rfc2440 mode. */
|
||||||
if (!RFC2440 && algo == 20)
|
if (!RFC2440 && algo == 20)
|
||||||
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||||
|
|
||||||
if (algo == GCRY_PK_ELG_E)
|
if (algo == PUBKEY_ALGO_ELGAMAL_E)
|
||||||
algo = GCRY_PK_ELG;
|
algo = GCRY_PK_ELG;
|
||||||
|
|
||||||
if (algo < 0 || algo > 110)
|
if (algo < 0 || algo > 110)
|
||||||
@ -450,11 +455,15 @@ openpgp_pk_test_algo2( int algo, unsigned int use )
|
|||||||
{
|
{
|
||||||
size_t use_buf = use;
|
size_t use_buf = use;
|
||||||
|
|
||||||
|
/* ECC is not yet supported even if supported by Libgcrypt. */
|
||||||
|
if (algo == PUBKEY_ALGO_ECDH || algo == PUBKEY_ALGO_ECDSA)
|
||||||
|
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||||
|
|
||||||
/* Dont't allow type 20 keys unless in rfc2440 mode. */
|
/* Dont't allow type 20 keys unless in rfc2440 mode. */
|
||||||
if (!RFC2440 && algo == 20)
|
if (!RFC2440 && algo == 20)
|
||||||
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
return gpg_error (GPG_ERR_PUBKEY_ALGO);
|
||||||
|
|
||||||
if (algo == GCRY_PK_ELG_E)
|
if (algo == PUBKEY_ALGO_ELGAMAL_E)
|
||||||
algo = GCRY_PK_ELG;
|
algo = GCRY_PK_ELG;
|
||||||
|
|
||||||
if (algo < 0 || algo > 110)
|
if (algo < 0 || algo > 110)
|
||||||
@ -491,12 +500,29 @@ openpgp_pk_algo_usage ( int algo )
|
|||||||
case PUBKEY_ALGO_DSA:
|
case PUBKEY_ALGO_DSA:
|
||||||
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
|
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
|
||||||
break;
|
break;
|
||||||
|
case PUBKEY_ALGO_ECDH:
|
||||||
|
use = PUBKEY_USAGE_ENC;
|
||||||
|
break;
|
||||||
|
case PUBKEY_ALGO_ECDSA:
|
||||||
|
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return use;
|
return use;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
|
||||||
|
string representation of the algorithm name. For unknown algorithm
|
||||||
|
IDs this function returns "?". */
|
||||||
|
const char *
|
||||||
|
openpgp_pk_algo_name (int algo)
|
||||||
|
{
|
||||||
|
return gcry_pk_algo_name (map_pk_openpgp_to_gcry (algo));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
int
|
int
|
||||||
openpgp_md_test_algo( int algo )
|
openpgp_md_test_algo( int algo )
|
||||||
{
|
{
|
||||||
|
@ -74,7 +74,7 @@ encode_s2k_iterations (int iterations)
|
|||||||
if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
|
if (err && gpg_err_code (err) != GPG_ERR_ASS_PARAMETER)
|
||||||
log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
|
log_error (_("problem with the agent: %s\n"), gpg_strerror (err));
|
||||||
/* Default to 65536 which we used up to 2.0.13. */
|
/* Default to 65536 which we used up to 2.0.13. */
|
||||||
return 96;
|
return 96;
|
||||||
}
|
}
|
||||||
else if (mycnt >= 65011712)
|
else if (mycnt >= 65011712)
|
||||||
return 255; /* Largest possible value. */
|
return 255; /* Largest possible value. */
|
||||||
@ -87,7 +87,7 @@ encode_s2k_iterations (int iterations)
|
|||||||
|
|
||||||
if (iterations >= 65011712)
|
if (iterations >= 65011712)
|
||||||
return 255;
|
return 255;
|
||||||
|
|
||||||
/* Need count to be in the range 16-31 */
|
/* Need count to be in the range 16-31 */
|
||||||
for (count=iterations>>6; count>=32; count>>=1)
|
for (count=iterations>>6; count>=32; count>>=1)
|
||||||
c++;
|
c++;
|
||||||
@ -96,13 +96,13 @@ encode_s2k_iterations (int iterations)
|
|||||||
|
|
||||||
if (S2K_DECODE_COUNT(result) < iterations)
|
if (S2K_DECODE_COUNT(result) < iterations)
|
||||||
result++;
|
result++;
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Hash a passphrase using the supplied s2k.
|
/* Hash a passphrase using the supplied s2k.
|
||||||
Always needs: dek->algo, s2k->mode, s2k->hash_algo. */
|
Always needs: dek->algo, s2k->mode, s2k->hash_algo. */
|
||||||
static void
|
static void
|
||||||
hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
|
hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
|
||||||
@ -119,20 +119,20 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
|
|||||||
|
|
||||||
if (gcry_md_open (&md, s2k->hash_algo, 1))
|
if (gcry_md_open (&md, s2k->hash_algo, 1))
|
||||||
BUG ();
|
BUG ();
|
||||||
for (pass=0; used < dek->keylen ; pass++ )
|
for (pass=0; used < dek->keylen ; pass++ )
|
||||||
{
|
{
|
||||||
if ( pass )
|
if ( pass )
|
||||||
{
|
{
|
||||||
gcry_md_reset (md);
|
gcry_md_reset (md);
|
||||||
for (i=0; i < pass; i++ ) /* Preset the hash context. */
|
for (i=0; i < pass; i++ ) /* Preset the hash context. */
|
||||||
gcry_md_putc (md, 0 );
|
gcry_md_putc (md, 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( s2k->mode == 1 || s2k->mode == 3 )
|
if ( s2k->mode == 1 || s2k->mode == 3 )
|
||||||
{
|
{
|
||||||
int len2 = pwlen + 8;
|
int len2 = pwlen + 8;
|
||||||
ulong count = len2;
|
ulong count = len2;
|
||||||
|
|
||||||
if ( s2k->mode == 3 )
|
if ( s2k->mode == 3 )
|
||||||
{
|
{
|
||||||
count = S2K_DECODE_COUNT(s2k->count);
|
count = S2K_DECODE_COUNT(s2k->count);
|
||||||
@ -146,7 +146,7 @@ hash_passphrase ( DEK *dek, char *pw, STRING2KEY *s2k)
|
|||||||
|
|
||||||
/* A little bit complicated because we need a ulong for count. */
|
/* A little bit complicated because we need a ulong for count. */
|
||||||
while ( count > len2 ) /* maybe iterated+salted */
|
while ( count > len2 ) /* maybe iterated+salted */
|
||||||
{
|
{
|
||||||
gcry_md_write ( md, s2k->salt, 8 );
|
gcry_md_write ( md, s2k->salt, 8 );
|
||||||
gcry_md_write ( md, pw, pwlen );
|
gcry_md_write ( md, pw, pwlen );
|
||||||
count -= len2;
|
count -= len2;
|
||||||
@ -242,7 +242,7 @@ read_passphrase_from_fd( int fd )
|
|||||||
int i, len;
|
int i, len;
|
||||||
char *pw;
|
char *pw;
|
||||||
|
|
||||||
if ( !opt.batch )
|
if ( !opt.batch )
|
||||||
{ /* Not used but we have to do a dummy read, so that it won't end
|
{ /* Not used but we have to do a dummy read, so that it won't end
|
||||||
up at the begin of the message if the quite usual trick to
|
up at the begin of the message if the quite usual trick to
|
||||||
prepend the passphtrase to the message is used. */
|
prepend the passphtrase to the message is used. */
|
||||||
@ -251,12 +251,12 @@ read_passphrase_from_fd( int fd )
|
|||||||
while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
|
while (!(read (fd, buf, 1) != 1 || *buf == '\n' ))
|
||||||
;
|
;
|
||||||
*buf = 0;
|
*buf = 0;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (pw = NULL, i = len = 100; ; i++ )
|
for (pw = NULL, i = len = 100; ; i++ )
|
||||||
{
|
{
|
||||||
if (i >= len-1 )
|
if (i >= len-1 )
|
||||||
{
|
{
|
||||||
char *pw2 = pw;
|
char *pw2 = pw;
|
||||||
len += 100;
|
len += 100;
|
||||||
@ -322,35 +322,35 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
|
|||||||
if( keyid && get_pubkey( pk, keyid ) )
|
if( keyid && get_pubkey( pk, keyid ) )
|
||||||
{
|
{
|
||||||
if (pk)
|
if (pk)
|
||||||
free_public_key( pk );
|
free_public_key( pk );
|
||||||
pk = NULL; /* oops: no key for some reason */
|
pk = NULL; /* oops: no key for some reason */
|
||||||
}
|
}
|
||||||
|
|
||||||
orig_codeset = i18n_switchto_utf8 ();
|
orig_codeset = i18n_switchto_utf8 ();
|
||||||
|
|
||||||
if (custom_description)
|
if (custom_description)
|
||||||
atext = native_to_utf8 (custom_description);
|
atext = native_to_utf8 (custom_description);
|
||||||
else if ( !mode && pk && keyid )
|
else if ( !mode && pk && keyid )
|
||||||
{
|
{
|
||||||
char *uid;
|
char *uid;
|
||||||
size_t uidlen;
|
size_t uidlen;
|
||||||
const char *algo_name = gcry_pk_algo_name ( pk->pubkey_algo );
|
const char *algo_name = openpgp_pk_algo_name (pk->pubkey_algo);
|
||||||
const char *timestr;
|
const char *timestr;
|
||||||
char *maink;
|
char *maink;
|
||||||
|
|
||||||
if ( !algo_name )
|
if ( !algo_name )
|
||||||
algo_name = "?";
|
algo_name = "?";
|
||||||
|
|
||||||
#define KEYIDSTRING _(" (main key ID %s)")
|
#define KEYIDSTRING _(" (main key ID %s)")
|
||||||
|
|
||||||
maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 );
|
maink = xmalloc ( strlen (KEYIDSTRING) + keystrlen() + 20 );
|
||||||
if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
|
if( keyid[2] && keyid[3] && keyid[0] != keyid[2]
|
||||||
&& keyid[1] != keyid[3] )
|
&& keyid[1] != keyid[3] )
|
||||||
sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) );
|
sprintf( maink, KEYIDSTRING, keystr(&keyid[2]) );
|
||||||
else
|
else
|
||||||
*maink = 0;
|
*maink = 0;
|
||||||
|
|
||||||
uid = get_user_id ( keyid, &uidlen );
|
uid = get_user_id ( keyid, &uidlen );
|
||||||
timestr = strtimestamp (pk->timestamp);
|
timestr = strtimestamp (pk->timestamp);
|
||||||
|
|
||||||
#undef KEYIDSTRING
|
#undef KEYIDSTRING
|
||||||
@ -361,7 +361,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
|
|||||||
"%u-bit %s key, ID %s,\n" \
|
"%u-bit %s key, ID %s,\n" \
|
||||||
"created %s%s.\n" )
|
"created %s%s.\n" )
|
||||||
|
|
||||||
atext = xmalloc ( 100 + strlen (PROMPTSTRING)
|
atext = xmalloc ( 100 + strlen (PROMPTSTRING)
|
||||||
+ uidlen + 15 + strlen(algo_name) + keystrlen()
|
+ uidlen + 15 + strlen(algo_name) + keystrlen()
|
||||||
+ strlen (timestr) + strlen (maink) );
|
+ strlen (timestr) + strlen (maink) );
|
||||||
sprintf (atext, PROMPTSTRING,
|
sprintf (atext, PROMPTSTRING,
|
||||||
@ -373,16 +373,16 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
|
|||||||
|
|
||||||
#undef PROMPTSTRING
|
#undef PROMPTSTRING
|
||||||
|
|
||||||
{
|
{
|
||||||
size_t dummy;
|
size_t dummy;
|
||||||
fingerprint_from_pk( pk, fpr, &dummy );
|
fingerprint_from_pk( pk, fpr, &dummy );
|
||||||
have_fpr = 1;
|
have_fpr = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
atext = xstrdup ( _("Enter passphrase\n") );
|
atext = xstrdup ( _("Enter passphrase\n") );
|
||||||
|
|
||||||
|
|
||||||
if (!mode && cacheid)
|
if (!mode && cacheid)
|
||||||
my_cacheid = cacheid;
|
my_cacheid = cacheid;
|
||||||
@ -398,7 +398,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
|
|||||||
|
|
||||||
rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext,
|
rc = agent_get_passphrase (my_cacheid, tryagain_text, my_prompt, atext,
|
||||||
repeat, check, &pw);
|
repeat, check, &pw);
|
||||||
|
|
||||||
xfree (my_prompt);
|
xfree (my_prompt);
|
||||||
xfree (atext); atext = NULL;
|
xfree (atext); atext = NULL;
|
||||||
|
|
||||||
@ -413,7 +413,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
|
|||||||
if (canceled)
|
if (canceled)
|
||||||
*canceled = 1;
|
*canceled = 1;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
|
log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
|
||||||
/* Due to limitations in the API of the upper layers they
|
/* Due to limitations in the API of the upper layers they
|
||||||
@ -422,7 +422,7 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid, int repeat,
|
|||||||
definitely not happen and let it continue without requiring a
|
definitely not happen and let it continue without requiring a
|
||||||
passphrase. Given that now all the upper layers handle a
|
passphrase. Given that now all the upper layers handle a
|
||||||
cancel correctly, we simply set the cancel flag now for all
|
cancel correctly, we simply set the cancel flag now for all
|
||||||
errors from the agent. */
|
errors from the agent. */
|
||||||
if (canceled)
|
if (canceled)
|
||||||
*canceled = 1;
|
*canceled = 1;
|
||||||
|
|
||||||
@ -450,7 +450,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
|
|||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
(void)algo;
|
(void)algo;
|
||||||
|
|
||||||
if (!cacheid)
|
if (!cacheid)
|
||||||
{
|
{
|
||||||
PKT_public_key *pk;
|
PKT_public_key *pk;
|
||||||
@ -460,7 +460,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
|
|||||||
byte fpr[MAX_FINGERPRINT_LEN];
|
byte fpr[MAX_FINGERPRINT_LEN];
|
||||||
char hexfprbuf[2*20+1];
|
char hexfprbuf[2*20+1];
|
||||||
size_t dummy;
|
size_t dummy;
|
||||||
|
|
||||||
pk = xcalloc (1, sizeof *pk);
|
pk = xcalloc (1, sizeof *pk);
|
||||||
if ( !keyid || get_pubkey( pk, keyid ) )
|
if ( !keyid || get_pubkey( pk, keyid ) )
|
||||||
{
|
{
|
||||||
@ -488,7 +488,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
|
|||||||
NULL, sets it to true.
|
NULL, sets it to true.
|
||||||
|
|
||||||
MODE 0: Allow cached passphrase
|
MODE 0: Allow cached passphrase
|
||||||
1: Ignore cached passphrase
|
1: Ignore cached passphrase
|
||||||
2: Ditto, but create a new key
|
2: Ditto, but create a new key
|
||||||
3: Allow cached passphrase; use the S2K salt as the cache ID
|
3: Allow cached passphrase; use the S2K salt as the cache ID
|
||||||
4: Ditto, but create a new key
|
4: Ditto, but create a new key
|
||||||
@ -496,7 +496,7 @@ passphrase_clear_cache ( u32 *keyid, const char *cacheid, int algo )
|
|||||||
DEK *
|
DEK *
|
||||||
passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
||||||
int cipher_algo, STRING2KEY *s2k, int mode,
|
int cipher_algo, STRING2KEY *s2k, int mode,
|
||||||
const char *tryagain_text,
|
const char *tryagain_text,
|
||||||
const char *custdesc, const char *custprompt,
|
const char *custdesc, const char *custprompt,
|
||||||
int *canceled)
|
int *canceled)
|
||||||
{
|
{
|
||||||
@ -509,11 +509,11 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
|||||||
if (!canceled)
|
if (!canceled)
|
||||||
canceled = &dummy_canceled;
|
canceled = &dummy_canceled;
|
||||||
*canceled = 0;
|
*canceled = 0;
|
||||||
|
|
||||||
if ( !s2k )
|
if ( !s2k )
|
||||||
{
|
{
|
||||||
assert (mode != 3 && mode != 4);
|
assert (mode != 3 && mode != 4);
|
||||||
/* This is used for the old rfc1991 mode
|
/* This is used for the old rfc1991 mode
|
||||||
* Note: This must match the code in encode.c with opt.rfc1991 set */
|
* Note: This must match the code in encode.c with opt.rfc1991 set */
|
||||||
s2k = &help_s2k;
|
s2k = &help_s2k;
|
||||||
s2k->mode = 0;
|
s2k->mode = 0;
|
||||||
@ -539,16 +539,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
|||||||
|
|
||||||
/* If we do not have a passphrase available in NEXT_PW and status
|
/* If we do not have a passphrase available in NEXT_PW and status
|
||||||
information are request, we print them now. */
|
information are request, we print them now. */
|
||||||
if ( !next_pw && is_status_enabled() )
|
if ( !next_pw && is_status_enabled() )
|
||||||
{
|
{
|
||||||
char buf[50];
|
char buf[50];
|
||||||
|
|
||||||
if ( keyid )
|
if ( keyid )
|
||||||
{
|
{
|
||||||
u32 used_kid[2];
|
u32 used_kid[2];
|
||||||
char *us;
|
char *us;
|
||||||
|
|
||||||
if ( keyid[2] && keyid[3] )
|
if ( keyid[2] && keyid[3] )
|
||||||
{
|
{
|
||||||
used_kid[0] = keyid[2];
|
used_kid[0] = keyid[2];
|
||||||
used_kid[1] = keyid[3];
|
used_kid[1] = keyid[3];
|
||||||
@ -558,16 +558,16 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
|||||||
used_kid[0] = keyid[0];
|
used_kid[0] = keyid[0];
|
||||||
used_kid[1] = keyid[1];
|
used_kid[1] = keyid[1];
|
||||||
}
|
}
|
||||||
|
|
||||||
us = get_long_user_id_string ( keyid );
|
us = get_long_user_id_string ( keyid );
|
||||||
write_status_text ( STATUS_USERID_HINT, us );
|
write_status_text ( STATUS_USERID_HINT, us );
|
||||||
xfree(us);
|
xfree(us);
|
||||||
|
|
||||||
snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
|
snprintf (buf, sizeof buf -1, "%08lX%08lX %08lX%08lX %d 0",
|
||||||
(ulong)keyid[0], (ulong)keyid[1],
|
(ulong)keyid[0], (ulong)keyid[1],
|
||||||
(ulong)used_kid[0], (ulong)used_kid[1],
|
(ulong)used_kid[0], (ulong)used_kid[1],
|
||||||
pubkey_algo );
|
pubkey_algo );
|
||||||
|
|
||||||
write_status_text ( STATUS_NEED_PASSPHRASE, buf );
|
write_status_text ( STATUS_NEED_PASSPHRASE, buf );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -586,7 +586,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
|||||||
{
|
{
|
||||||
PKT_public_key *pk = xmalloc_clear( sizeof *pk );
|
PKT_public_key *pk = xmalloc_clear( sizeof *pk );
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
p = get_user_id_native(keyid);
|
p = get_user_id_native(keyid);
|
||||||
tty_printf ("\n");
|
tty_printf ("\n");
|
||||||
tty_printf (_("You need a passphrase to unlock the secret key for\n"
|
tty_printf (_("You need a passphrase to unlock the secret key for\n"
|
||||||
@ -595,8 +595,8 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
|||||||
|
|
||||||
if ( !get_pubkey( pk, keyid ) )
|
if ( !get_pubkey( pk, keyid ) )
|
||||||
{
|
{
|
||||||
const char *s = gcry_pk_algo_name ( pk->pubkey_algo );
|
const char *s = openpgp_pk_algo_name (pk->pubkey_algo);
|
||||||
|
|
||||||
tty_printf (_("%u-bit %s key, ID %s, created %s"),
|
tty_printf (_("%u-bit %s key, ID %s, created %s"),
|
||||||
nbits_from_pk( pk ), s?s:"?", keystr(keyid),
|
nbits_from_pk( pk ), s?s:"?", keystr(keyid),
|
||||||
strtimestamp(pk->timestamp) );
|
strtimestamp(pk->timestamp) );
|
||||||
@ -620,19 +620,19 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
|||||||
free_public_key( pk );
|
free_public_key( pk );
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( next_pw )
|
if ( next_pw )
|
||||||
{
|
{
|
||||||
/* Simply return the passphrase we already have in NEXT_PW. */
|
/* Simply return the passphrase we already have in NEXT_PW. */
|
||||||
pw = next_pw;
|
pw = next_pw;
|
||||||
next_pw = NULL;
|
next_pw = NULL;
|
||||||
}
|
}
|
||||||
else if ( have_static_passphrase () )
|
else if ( have_static_passphrase () )
|
||||||
{
|
{
|
||||||
/* Return the passphrase we have stored in FD_PASSWD. */
|
/* Return the passphrase we have stored in FD_PASSWD. */
|
||||||
pw = xmalloc_secure ( strlen(fd_passwd)+1 );
|
pw = xmalloc_secure ( strlen(fd_passwd)+1 );
|
||||||
strcpy ( pw, fd_passwd );
|
strcpy ( pw, fd_passwd );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
|
if ((mode == 3 || mode == 4) && (s2k->mode == 1 || s2k->mode == 3))
|
||||||
{
|
{
|
||||||
@ -653,7 +653,7 @@ passphrase_to_dek_ext (u32 *keyid, int pubkey_algo,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( !pw || !*pw )
|
if ( !pw || !*pw )
|
||||||
write_status( STATUS_MISSING_PASSPHRASE );
|
write_status( STATUS_MISSING_PASSPHRASE );
|
||||||
|
|
||||||
|
@ -318,7 +318,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
|
|||||||
if( opt.verbose ) {
|
if( opt.verbose ) {
|
||||||
char *ustr = get_user_id_string_native (sig->keyid);
|
char *ustr = get_user_id_string_native (sig->keyid);
|
||||||
log_info(_("%s/%s signature from: \"%s\"\n"),
|
log_info(_("%s/%s signature from: \"%s\"\n"),
|
||||||
gcry_pk_algo_name (sk->pubkey_algo),
|
openpgp_pk_algo_name (sk->pubkey_algo),
|
||||||
gcry_md_algo_name (sig->digest_algo),
|
gcry_md_algo_name (sig->digest_algo),
|
||||||
ustr );
|
ustr );
|
||||||
xfree(ustr);
|
xfree(ustr);
|
||||||
|
@ -51,14 +51,14 @@
|
|||||||
#define CIPHER_ALGO_CAMELLIA256 13
|
#define CIPHER_ALGO_CAMELLIA256 13
|
||||||
#define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */
|
#define CIPHER_ALGO_DUMMY 110 /* No encryption at all. */
|
||||||
|
|
||||||
#define PUBKEY_ALGO_RSA /* 1 */ GCRY_PK_RSA
|
#define PUBKEY_ALGO_RSA 1
|
||||||
#define PUBKEY_ALGO_RSA_E /* 2 */ GCRY_PK_RSA_E /* RSA encrypt only. */
|
#define PUBKEY_ALGO_RSA_E 2 /* RSA encrypt only. */
|
||||||
#define PUBKEY_ALGO_RSA_S /* 3 */ GCRY_PK_RSA_S /* RSA sign only. */
|
#define PUBKEY_ALGO_RSA_S 3 /* RSA sign only. */
|
||||||
#define PUBKEY_ALGO_ELGAMAL_E /* 16 */ GCRY_PK_ELG_E /* Elgamal encr only */
|
#define PUBKEY_ALGO_ELGAMAL_E 16 /* Elgamal encr only */
|
||||||
#define PUBKEY_ALGO_DSA /* 17 */ GCRY_PK_DSA
|
#define PUBKEY_ALGO_DSA 17
|
||||||
#define PUBKEY_ALGO_ECDH 18
|
#define PUBKEY_ALGO_ECDH 18
|
||||||
#define PUBKEY_ALGO_ECDSA 19
|
#define PUBKEY_ALGO_ECDSA 19
|
||||||
#define PUBKEY_ALGO_ELGAMAL /* 20 */ GCRY_PK_ELG /* Elgamal encr+sign */
|
#define PUBKEY_ALGO_ELGAMAL 20 /* Elgamal encr+sign */
|
||||||
|
|
||||||
#define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
|
#define PUBKEY_USAGE_SIG GCRY_PK_USAGE_SIGN /* Good for signatures. */
|
||||||
#define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */
|
#define PUBKEY_USAGE_ENC GCRY_PK_USAGE_ENCR /* Good for encryption. */
|
||||||
|
Loading…
x
Reference in New Issue
Block a user