diff --git a/g10/ChangeLog b/g10/ChangeLog
index 804a7b1e7..051e7f4b6 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,5 +1,11 @@
2002-05-07 David Shaw <dshaw@jabberwocky.com>
+ * options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c
+ (algo_available): --pgp7, identical to --pgp6 except that it
+ permits a few algorithms that PGP 7 added: AES128, AES192, AES256,
+ and TWOFISH. Any more of these --pgpX flags, and it'll be time to
+ start looking at a generic --emulate-pgp X option.
+
* export.c (do_export_stream): Warn the user when exporting a
secret key if it or any of its secret subkeys are protected with
SHA1 while simple_sk_checksum is set.
diff --git a/g10/g10.c b/g10/g10.c
index 72376cdb2..f70348986 100644
--- a/g10/g10.c
+++ b/g10/g10.c
@@ -164,6 +164,8 @@ enum cmd_and_opt_values { aNull = 0,
oNoPGP2,
oPGP6,
oNoPGP6,
+ oPGP7,
+ oNoPGP7,
oCipherAlgo,
oDigestAlgo,
oCompressAlgo,
@@ -420,6 +422,8 @@ static ARGPARSE_OPTS opts[] = {
{ oNoPGP2, "no-pgp2", 0, "@"},
{ oPGP6, "pgp6", 0, "@"},
{ oNoPGP6, "no-pgp6", 0, "@"},
+ { oPGP7, "pgp7", 0, "@"},
+ { oNoPGP7, "no-pgp7", 0, "@"},
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
{ oS2KDigest, "s2k-digest-algo",2,
N_("|NAME|use message digest algorithm NAME for passphrases")},
@@ -1117,6 +1121,8 @@ main( int argc, char **argv )
case oNoPGP2: opt.pgp2 = 0; break;
case oPGP6: opt.pgp6 = 1; break;
case oNoPGP6: opt.pgp6 = 0; break;
+ case oPGP7: opt.pgp7 = 1; break;
+ case oNoPGP7: opt.pgp7 = 0; break;
case oEmuChecksumBug: opt.emulate_bugs |= EMUBUG_GPGCHKSUM; break;
case oEmu3DESS2KBug: opt.emulate_bugs |= EMUBUG_3DESS2K; break;
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
@@ -1392,8 +1398,9 @@ main( int argc, char **argv )
g10_opt_homedir = opt.homedir;
/* Do these after the switch(), so they can override settings. */
- if(opt.pgp2 && opt.pgp6)
- log_error(_("%s not allowed with %s!\n"),"--pgp2","--pgp6");
+ if(opt.pgp2 && (opt.pgp6 || opt.pgp7))
+ log_error(_("%s not allowed with %s!\n"),
+ "--pgp2",opt.pgp6?"--pgp6":"--pgp7");
else
{
if(opt.pgp2)
@@ -1463,7 +1470,7 @@ main( int argc, char **argv )
}
}
- if(opt.pgp6)
+ if(opt.pgp6 || opt.pgp7)
{
opt.force_mdc=0;
opt.disable_mdc=1;
diff --git a/g10/getkey.c b/g10/getkey.c
index a578d51cb..fd8eb5b89 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -1834,10 +1834,10 @@ finish_lookup (GETKEY_CTX ctx)
#define USAGE_MASK (PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC)
unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
/* Request the primary if we're certifying another key, and also
- if signing data while --pgp6 is on (since pgp 6 (and 7) do not
- understand signatures made by a signing subkey. */
+ if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
+ do not understand signatures made by a signing subkey. */
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
- (opt.pgp6 && (ctx->req_usage & PUBKEY_USAGE_SIG));
+ ((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
u32 latest_date;
KBNODE latest_key;
u32 curtime = make_timestamp ();
diff --git a/g10/options.h b/g10/options.h
index 9093690c2..a5faffa1e 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -88,6 +88,8 @@ struct {
int always_trust;
int pgp2;
int pgp6;
+ int pgp7; /* if we get any more of these, it's time to look at a
+ special emulate_pgp variable... */
int rfc1991;
int rfc2440;
int pgp2_workarounds;
diff --git a/g10/pkclist.c b/g10/pkclist.c
index 393087a5c..26be90f74 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -955,18 +955,19 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned use )
/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
- and all compressions except none (0) and ZIP (1). For a true PGP6
- key all of this is unneeded as they are the only items present in
- the preferences subpacket, but checking here covers the weird case
- of encrypting to a key that had preferences from a different
- implementation which was then used with PGP6. I am not completely
- comfortable with this as the right thing to do, as it slightly
- alters the list of what the user is supposedly requesting. It is
- not against the RFC however, as the preference chosen will never be
- one that the user didn't specify somewhere ("The implementation may
- use any mechanism to pick an algorithm in the intersection"), and
- PGP6 has no mechanism to fix such a broken preference list, so I'm
- including it. -dms */
+ and all compressions except none (0) and ZIP (1). pgp7 mode
+ expands the cipher list to include AES128 (7), AES192 (8), AES256
+ (9), and TWOFISH (10). For a true PGP key all of this is unneeded
+ as they are the only items present in the preferences subpacket,
+ but checking here covers the weird case of encrypting to a key that
+ had preferences from a different implementation which was then used
+ with PGP. I am not completely comfortable with this as the right
+ thing to do, as it slightly alters the list of what the user is
+ supposedly requesting. It is not against the RFC however, as the
+ preference chosen will never be one that the user didn't specify
+ somewhere ("The implementation may use any mechanism to pick an
+ algorithm in the intersection"), and PGP has no mechanism to fix
+ such a broken preference list, so I'm including it. -dms */
static int
algo_available( int preftype, int algo )
@@ -975,16 +976,20 @@ algo_available( int preftype, int algo )
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
return 0;
+ if( opt.pgp7 && (algo != 1 && algo != 2 && algo != 3 &&
+ algo != 7 && algo != 8 && algo != 9 && algo != 10) )
+ return 0;
+
return algo && !check_cipher_algo( algo );
}
else if( preftype == PREFTYPE_HASH ) {
- if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
+ if( (opt.pgp6 || opt.pgp7 ) && ( algo != 1 && algo != 2 && algo != 3) )
return 0;
return algo && !check_digest_algo( algo );
}
else if( preftype == PREFTYPE_ZIP ) {
- if ( opt.pgp6 && ( algo !=0 && algo != 1) )
+ if ( ( opt.pgp6 || opt.pgp7 ) && ( algo !=0 && algo != 1) )
return 0;
return !algo || algo == 1 || algo == 2;