* options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c

(algo_available): --pgp7, identical to --pgp6 except that it permits a few algorithms that PGP 7 added: AES128, AES192, AES256, and TWOFISH. Any more of these --pgpX flags, and it'll be time to start looking at a generic --emulate-pgp X option.
2025-01-26 15:37:03 +01:00 · 2002-05-07 22:04:27 +00:00 · 2002-05-07 22:04:27 +00:00 · 7ee8e46500
commit 7ee8e46500
parent d5d974536e
5 changed files with 40 additions and 20 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,5 +1,11 @@
 2002-05-07  David Shaw  <dshaw@jabberwocky.com>

+	* options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c
+	(algo_available): --pgp7, identical to --pgp6 except that it
+	permits a few algorithms that PGP 7 added: AES128, AES192, AES256,
+	and TWOFISH.  Any more of these --pgpX flags, and it'll be time to
+	start looking at a generic --emulate-pgp X option.
+
 	* export.c (do_export_stream): Warn the user when exporting a
 	secret key if it or any of its secret subkeys are protected with
 	SHA1 while simple_sk_checksum is set.
--- a/g10/g10.c
+++ b/g10/g10.c
@ -164,6 +164,8 @@ enum cmd_and_opt_values { aNull = 0,
    oNoPGP2,
    oPGP6,
    oNoPGP6,
+    oPGP7,
+    oNoPGP7,
    oCipherAlgo,
    oDigestAlgo,
    oCompressAlgo,
@ -420,6 +422,8 @@ static ARGPARSE_OPTS opts[] = {
    { oNoPGP2, "no-pgp2", 0, "@"},
    { oPGP6, "pgp6", 0, "@"},
    { oNoPGP6, "no-pgp6", 0, "@"},
+    { oPGP7, "pgp7", 0, "@"},
+    { oNoPGP7, "no-pgp7", 0, "@"},
    { oS2KMode, "s2k-mode",  1, N_("|N|use passphrase mode N")},
    { oS2KDigest, "s2k-digest-algo",2,
 		N_("|NAME|use message digest algorithm NAME for passphrases")},
@ -1117,6 +1121,8 @@ main( int argc, char **argv )
 	  case oNoPGP2: opt.pgp2 = 0; break;
 	  case oPGP6: opt.pgp6 = 1; break;
 	  case oNoPGP6: opt.pgp6 = 0; break;
+	  case oPGP7: opt.pgp7 = 1; break;
+	  case oNoPGP7: opt.pgp7 = 0; break;
 	  case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
 	  case oEmu3DESS2KBug:	opt.emulate_bugs |= EMUBUG_3DESS2K; break;
 	  case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
@ -1392,8 +1398,9 @@ main( int argc, char **argv )
    g10_opt_homedir = opt.homedir;

    /* Do these after the switch(), so they can override settings. */
-    if(opt.pgp2 && opt.pgp6)
-      log_error(_("%s not allowed with %s!\n"),"--pgp2","--pgp6");
+    if(opt.pgp2 && (opt.pgp6 || opt.pgp7))
+      log_error(_("%s not allowed with %s!\n"),
+		"--pgp2",opt.pgp6?"--pgp6":"--pgp7");
    else
      {
 	if(opt.pgp2)
@ -1463,7 +1470,7 @@ main( int argc, char **argv )
 	      }
 	  }

-	if(opt.pgp6)
+	if(opt.pgp6 || opt.pgp7)
 	  {
 	    opt.force_mdc=0;
 	    opt.disable_mdc=1;
--- a/g10/getkey.c
+++ b/g10/getkey.c
@ -1834,10 +1834,10 @@ finish_lookup (GETKEY_CTX ctx)
  #define USAGE_MASK  (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
    unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
    /* Request the primary if we're certifying another key, and also
-       if signing data while --pgp6 is on (since pgp 6 (and 7) do not
-       understand signatures made by a signing subkey. */
+       if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
+       do not understand signatures made by a signing subkey. */
    int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
-      (opt.pgp6 && (ctx->req_usage & PUBKEY_USAGE_SIG));
+      ((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
    u32 latest_date;
    KBNODE latest_key;
    u32 curtime = make_timestamp ();
--- a/g10/options.h
+++ b/g10/options.h
@ -88,6 +88,8 @@ struct {
    int always_trust;
    int pgp2;
    int pgp6;
+    int pgp7; /* if we get any more of these, it's time to look at a
+		 special emulate_pgp variable... */
    int rfc1991;
    int rfc2440;
    int pgp2_workarounds;
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@ -955,18 +955,19 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )

 /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
   CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
-   and all compressions except none (0) and ZIP (1).  For a true PGP6
-   key all of this is unneeded as they are the only items present in
-   the preferences subpacket, but checking here covers the weird case
-   of encrypting to a key that had preferences from a different
-   implementation which was then used with PGP6.  I am not completely
-   comfortable with this as the right thing to do, as it slightly
-   alters the list of what the user is supposedly requesting.  It is
-   not against the RFC however, as the preference chosen will never be
-   one that the user didn't specify somewhere ("The implementation may
-   use any mechanism to pick an algorithm in the intersection"), and
-   PGP6 has no mechanism to fix such a broken preference list, so I'm
-   including it. -dms */
+   and all compressions except none (0) and ZIP (1).  pgp7 mode
+   expands the cipher list to include AES128 (7), AES192 (8), AES256
+   (9), and TWOFISH (10).  For a true PGP key all of this is unneeded
+   as they are the only items present in the preferences subpacket,
+   but checking here covers the weird case of encrypting to a key that
+   had preferences from a different implementation which was then used
+   with PGP.  I am not completely comfortable with this as the right
+   thing to do, as it slightly alters the list of what the user is
+   supposedly requesting.  It is not against the RFC however, as the
+   preference chosen will never be one that the user didn't specify
+   somewhere ("The implementation may use any mechanism to pick an
+   algorithm in the intersection"), and PGP has no mechanism to fix
+   such a broken preference list, so I'm including it. -dms */

 static int
 algo_available( int preftype, int algo )
@ -975,16 +976,20 @@ algo_available( int preftype, int algo )
        if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
 	  return 0;

+        if( opt.pgp7 && (algo != 1 && algo != 2 && algo != 3 &&
+			 algo != 7 && algo != 8 && algo != 9 && algo != 10) )
+	  return 0;
+
 	return algo && !check_cipher_algo( algo );
    }
    else if( preftype == PREFTYPE_HASH ) {
-        if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
+        if( (opt.pgp6 || opt.pgp7 ) && ( algo != 1 && algo != 2 && algo != 3) )
 	  return 0;

 	return algo && !check_digest_algo( algo );
    }
    else if( preftype == PREFTYPE_ZIP ) {
-        if ( opt.pgp6 && ( algo !=0 && algo != 1) )
+        if ( ( opt.pgp6 || opt.pgp7 ) && ( algo !=0 && algo != 1) )
 	  return 0;

 	return !algo || algo == 1 || algo == 2;