security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-02-08 17:43:04 +01:00
Code Activity

Fix printing of ECC algo names in hkp keyserver listings.

Browse Source 
* g10/misc.c (map_pk_openpgp_to_gcry): New.
* g10/keyserver.c (print_keyrec): Map OpenPGP algorithm ids.
--

Although we don't have support for ECC, we want to print a proper
algorithm name in keyserver listings.  This will only work while using
a ECC enabled Libgcrypt.  Problem reported by Kristian Fiskerstrand.
This commit is contained in:
Werner Koch 2012-11-27 17:35:16 +01:00
parent ab4ea45f54
commit 978878b1be
3 changed files with 72 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
g10/keyserver.c
View File

@ -483,9 +483,10 @@ print_keyrec(int number,struct keyrec *keyrec)
if(keyrec->type) if(keyrec->type)
{ {
const char *str = gcry_pk_algo_name (keyrec->type); const char *str;
if(str) str = gcry_pk_algo_name (map_pk_openpgp_to_gcry (keyrec->type));
if(str && strcmp (str, "?"))
printf("%s ",str); printf("%s ",str);
else else
printf("unknown "); printf("unknown ");
@ -662,7 +663,7 @@ parse_keyrec(char *keystring)
case 'R': case 'R':
work->flags|=1; work->flags|=1;
break; break;
case 'd': case 'd':
case 'D': case 'D':
work->flags|=2; work->flags|=2;
@ -867,7 +868,7 @@ keyserver_search_prompt(IOBUF buffer,const char *searchstr)
if (opt.with_colons && opt.batch) if (opt.with_colons && opt.batch)
break; break;
for(;;) for(;;)
{ {
if(show_prompt(desc,i,validcount?count:0,localstr)) if(show_prompt(desc,i,validcount?count:0,localstr))
@ -921,7 +922,7 @@ keyserver_search_prompt(IOBUF buffer,const char *searchstr)
/* Leave this commented out or now, and perhaps for a very long /* Leave this commented out or now, and perhaps for a very long
time. All HKPish servers return HTML error messages for time. All HKPish servers return HTML error messages for
no-key-found. */ no-key-found. */
/* /*
if(!started) if(!started)
log_info(_("keyserver does not support searching\n")); log_info(_("keyserver does not support searching\n"));
else else
@ -974,7 +975,7 @@ direct_uri_map(const char *scheme,unsigned int is_direct)
#define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\"" #define KEYSERVER_ARGS_KEEP " -o \"%O\" \"%I\""
#define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\"" #define KEYSERVER_ARGS_NOKEEP " -o \"%o\" \"%i\""
static int static int
keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc, keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
int count,int *prog,unsigned char **fpr,size_t *fpr_len, int count,int *prog,unsigned char **fpr,size_t *fpr_len,
struct keyserver_spec *keyserver) struct keyserver_spec *keyserver)
@ -1014,7 +1015,7 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
the program of this process lives. Fortunately Windows provides the program of this process lives. Fortunately Windows provides
a way to retrieve this and our gnupg_libexecdir function has been a way to retrieve this and our gnupg_libexecdir function has been
modified to return just this. Setting the exec-path is not modified to return just this. Setting the exec-path is not
anymore required. anymore required.
set_exec_path(libexecdir); set_exec_path(libexecdir);
*/ */
#else #else
@ -1044,7 +1045,7 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
fetcher that can speak that protocol (this is a problem for fetcher that can speak that protocol (this is a problem for
LDAP). */ LDAP). */
strcat(command,GPGKEYS_PREFIX); strcat(command,GPGKEYS_PREFIX);
strcat(command,scheme); strcat(command,scheme);
/* This "_uri" thing is in case we need to call a direct handler /* This "_uri" thing is in case we need to call a direct handler
@ -1074,7 +1075,7 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
{ {
command=xrealloc(command,strlen(command)+ command=xrealloc(command,strlen(command)+
strlen(KEYSERVER_ARGS_NOKEEP)+1); strlen(KEYSERVER_ARGS_NOKEEP)+1);
strcat(command,KEYSERVER_ARGS_NOKEEP); strcat(command,KEYSERVER_ARGS_NOKEEP);
} }
ret=exec_write(&spawn,NULL,command,NULL,0,0); ret=exec_write(&spawn,NULL,command,NULL,0,0);
@ -1525,7 +1526,7 @@ keyserver_spawn(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
return ret; return ret;
} }
static int static int
keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc, keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
int count,unsigned char **fpr,size_t *fpr_len, int count,unsigned char **fpr,size_t *fpr_len,
struct keyserver_spec *keyserver) struct keyserver_spec *keyserver)
@ -1595,7 +1596,7 @@ keyserver_work(enum ks_action action,strlist_t list,KEYDB_SEARCH_DESC *desc,
#endif /* ! DISABLE_KEYSERVER_HELPERS*/ #endif /* ! DISABLE_KEYSERVER_HELPERS*/
} }
int int
keyserver_export(strlist_t users) keyserver_export(strlist_t users)
{ {
strlist_t sl=NULL; strlist_t sl=NULL;
@ -1627,7 +1628,7 @@ keyserver_export(strlist_t users)
return rc; return rc;
} }
int int
keyserver_import(strlist_t users) keyserver_import(strlist_t users)
{ {
KEYDB_SEARCH_DESC *desc; KEYDB_SEARCH_DESC *desc;
@ -1687,7 +1688,7 @@ keyserver_import_fprint(const byte *fprint,size_t fprint_len,
return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver); return keyserver_work(KS_GET,NULL,&desc,1,NULL,NULL,keyserver);
} }
int int
keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver) keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
{ {
KEYDB_SEARCH_DESC desc; KEYDB_SEARCH_DESC desc;
@ -1702,7 +1703,7 @@ keyserver_import_keyid(u32 *keyid,struct keyserver_spec *keyserver)
} }
/* code mostly stolen from do_export_stream */ /* code mostly stolen from do_export_stream */
static int static int
keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3) keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
{ {
int rc=0,ndesc,num=100; int rc=0,ndesc,num=100;
@ -1725,10 +1726,10 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
} }
else else
{ {
for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++) for (ndesc=0, sl=users; sl; sl = sl->next, ndesc++)
; ;
desc = xmalloc ( ndesc * sizeof *desc); desc = xmalloc ( ndesc * sizeof *desc);
for (ndesc=0, sl=users; sl; sl = sl->next) for (ndesc=0, sl=users; sl; sl = sl->next)
{ {
if(classify_user_id (sl->d, desc+ndesc)) if(classify_user_id (sl->d, desc+ndesc))
@ -1741,7 +1742,7 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
while (!(rc = keydb_search (kdbhd, desc, ndesc))) while (!(rc = keydb_search (kdbhd, desc, ndesc)))
{ {
if (!users) if (!users)
desc[0].mode = KEYDB_SEARCH_MODE_NEXT; desc[0].mode = KEYDB_SEARCH_MODE_NEXT;
/* read the keyblock */ /* read the keyblock */
@ -1844,7 +1845,7 @@ keyidlist(strlist_t users,KEYDB_SEARCH_DESC **klist,int *count,int fakev3)
if(rc==-1) if(rc==-1)
rc=0; rc=0;
leave: leave:
if(rc) if(rc)
xfree(*klist); xfree(*klist);
@ -2176,7 +2177,7 @@ keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
snprintf(port,7,":%u",srvlist[i].port); snprintf(port,7,":%u",srvlist[i].port);
strcat(keyserver->host,port); strcat(keyserver->host,port);
} }
strcat(keyserver->host," "); strcat(keyserver->host," ");
} }
@ -2192,7 +2193,7 @@ keyserver_import_ldap(const char *name,unsigned char **fpr,size_t *fpr_len)
strcat(keyserver->host,domain); strcat(keyserver->host,domain);
append_to_strlist(&list,name); append_to_strlist(&list,name);
rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver); rc=keyserver_work(KS_GETNAME,list,NULL,0,fpr,fpr_len,keyserver);
free_strlist(list); free_strlist(list);

5
g10/main.h
View File

@ -89,6 +89,7 @@ int map_cipher_openpgp_to_gcry (int algo);
int openpgp_cipher_blocklen (int algo); int openpgp_cipher_blocklen (int algo);
int openpgp_cipher_test_algo( int algo ); int openpgp_cipher_test_algo( int algo );
const char *openpgp_cipher_algo_name (int algo); const char *openpgp_cipher_algo_name (int algo);
int map_pk_openpgp_to_gcry (int algo);
int openpgp_pk_test_algo( int algo ); int openpgp_pk_test_algo( int algo );
int openpgp_pk_test_algo2 ( int algo, unsigned int use ); int openpgp_pk_test_algo2 ( int algo, unsigned int use );
int openpgp_pk_algo_usage ( int algo ); int openpgp_pk_algo_usage ( int algo );
@ -113,7 +114,7 @@ char *pct_expando(const char *string,struct expando_args *args);
void deprecated_warning(const char *configname,unsigned int configlineno, void deprecated_warning(const char *configname,unsigned int configlineno,
const char *option,const char *repl1,const char *repl2); const char *option,const char *repl1,const char *repl2);
void deprecated_command (const char *name); void deprecated_command (const char *name);
void obsolete_option (const char *configname, unsigned int configlineno, void obsolete_option (const char *configname, unsigned int configlineno,
const char *name); const char *name);
int string_to_cipher_algo (const char *string); int string_to_cipher_algo (const char *string);
@ -266,7 +267,7 @@ void import_print_stats (void *hd);
int collapse_uids( KBNODE *keyblock ); int collapse_uids( KBNODE *keyblock );
int auto_create_card_key_stub ( const char *serialnostr, int auto_create_card_key_stub ( const char *serialnostr,
const unsigned char *fpr1, const unsigned char *fpr1,
const unsigned char *fpr2, const unsigned char *fpr2,
const unsigned char *fpr3); const unsigned char *fpr3);

81
g10/misc.c
View File

@ -40,7 +40,7 @@
#ifdef HAVE_W32_SYSTEM #ifdef HAVE_W32_SYSTEM
#include <time.h> #include <time.h>
#include <process.h> #include <process.h>
#include <windows.h> #include <windows.h>
#include <shlobj.h> #include <shlobj.h>
#ifndef CSIDL_APPDATA #ifndef CSIDL_APPDATA
#define CSIDL_APPDATA 0x001a #define CSIDL_APPDATA 0x001a
@ -81,7 +81,7 @@ string_count_chr (const char *string, int c)
#ifdef ENABLE_SELINUX_HACKS #ifdef ENABLE_SELINUX_HACKS
/* A object and a global variable to keep track of files marked as /* A object and a global variable to keep track of files marked as
secured. */ secured. */
struct secured_file_item struct secured_file_item
{ {
struct secured_file_item *next; struct secured_file_item *next;
ino_t ino; ino_t ino;
@ -106,7 +106,7 @@ register_secured_file (const char *fname)
/* Note that we stop immediatley if something goes wrong here. */ /* Note that we stop immediatley if something goes wrong here. */
if (stat (fname, &buf)) if (stat (fname, &buf))
log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname, log_fatal (_("fstat of `%s' failed in %s: %s\n"), fname,
"register_secured_file", strerror (errno)); "register_secured_file", strerror (errno));
/* log_debug ("registering `%s' i=%lu.%lu\n", fname, */ /* log_debug ("registering `%s' i=%lu.%lu\n", fname, */
/* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */ /* (unsigned long)buf.st_dev, (unsigned long)buf.st_ino); */
@ -160,8 +160,8 @@ unregister_secured_file (const char *fname)
} }
/* Return true if FD is corresponds to a secured file. Using -1 for /* Return true if FD is corresponds to a secured file. Using -1 for
FS is allowed and will return false. */ FS is allowed and will return false. */
int int
is_secured_file (int fd) is_secured_file (int fd)
{ {
#ifdef ENABLE_SELINUX_HACKS #ifdef ENABLE_SELINUX_HACKS
@ -175,7 +175,7 @@ is_secured_file (int fd)
secure if something went wrong. */ secure if something went wrong. */
if (fstat (fd, &buf)) if (fstat (fd, &buf))
{ {
log_error (_("fstat(%d) failed in %s: %s\n"), fd, log_error (_("fstat(%d) failed in %s: %s\n"), fd,
"is_secured_file", strerror (errno)); "is_secured_file", strerror (errno));
return 1; return 1;
} }
@ -195,8 +195,8 @@ is_secured_file (int fd)
/* Return true if FNAME is corresponds to a secured file. Using NULL, /* Return true if FNAME is corresponds to a secured file. Using NULL,
"" or "-" for FS is allowed and will return false. This function is "" or "-" for FS is allowed and will return false. This function is
used before creating a file, thus it won't fail if the file does used before creating a file, thus it won't fail if the file does
not exist. */ not exist. */
int int
is_secured_filename (const char *fname) is_secured_filename (const char *fname)
{ {
#ifdef ENABLE_SELINUX_HACKS #ifdef ENABLE_SELINUX_HACKS
@ -204,7 +204,7 @@ is_secured_filename (const char *fname)
struct secured_file_item *sf; struct secured_file_item *sf;
if (iobuf_is_pipe_filename (fname) || !*fname) if (iobuf_is_pipe_filename (fname) || !*fname)
return 0; return 0;
/* Note that we print out a error here and claim that a file is /* Note that we print out a error here and claim that a file is
secure if something went wrong. */ secure if something went wrong. */
@ -345,9 +345,9 @@ map_cipher_openpgp_to_gcry (int algo)
{ {
switch (algo) switch (algo)
{ {
case CIPHER_ALGO_CAMELLIA128: return 310; case CIPHER_ALGO_CAMELLIA128: return 310;
case CIPHER_ALGO_CAMELLIA192: return 311; case CIPHER_ALGO_CAMELLIA192: return 311;
case CIPHER_ALGO_CAMELLIA256: return 312; case CIPHER_ALGO_CAMELLIA256: return 312;
default: return algo; default: return algo;
} }
} }
@ -367,7 +367,7 @@ map_cipher_gcry_to_openpgp (int algo)
/* Return the block length of an OpenPGP cipher algorithm. */ /* Return the block length of an OpenPGP cipher algorithm. */
int int
openpgp_cipher_blocklen (int algo) openpgp_cipher_blocklen (int algo)
{ {
/* We use the numbers from OpenPGP to be sure that we get the right /* We use the numbers from OpenPGP to be sure that we get the right
@ -407,18 +407,33 @@ openpgp_cipher_test_algo( int algo )
string representation of the algorithm name. For unknown algorithm string representation of the algorithm name. For unknown algorithm
IDs this function returns "?". */ IDs this function returns "?". */
const char * const char *
openpgp_cipher_algo_name (int algo) openpgp_cipher_algo_name (int algo)
{ {
return gcry_cipher_algo_name (map_cipher_openpgp_to_gcry (algo)); return gcry_cipher_algo_name (map_cipher_openpgp_to_gcry (algo));
} }
/* Map OpenPGP public key algorithm numbers to those used by
Libgcrypt. */
int
map_pk_openpgp_to_gcry (int algo)
{
switch (algo)
{
case PUBKEY_ALGO_ECDSA: return 301 /*GCRY_PK_ECDSA*/;
case PUBKEY_ALGO_ECDH: return 302 /*GCRY_PK_ECDH*/;
default: return algo;
}
}
int int
openpgp_pk_test_algo( int algo ) openpgp_pk_test_algo( int algo )
{ {
/* Dont't allow type 20 keys unless in rfc2440 mode. */ /* Dont't allow type 20 keys unless in rfc2440 mode. */
if (!RFC2440 && algo == 20) if (!RFC2440 && algo == 20)
return gpg_error (GPG_ERR_PUBKEY_ALGO); return gpg_error (GPG_ERR_PUBKEY_ALGO);
if (algo == GCRY_PK_ELG_E) if (algo == GCRY_PK_ELG_E)
algo = GCRY_PK_ELG; algo = GCRY_PK_ELG;
@ -445,13 +460,13 @@ openpgp_pk_test_algo2( int algo, unsigned int use )
return gcry_pk_algo_info (algo, GCRYCTL_TEST_ALGO, NULL, &use_buf); return gcry_pk_algo_info (algo, GCRYCTL_TEST_ALGO, NULL, &use_buf);
} }
int int
openpgp_pk_algo_usage ( int algo ) openpgp_pk_algo_usage ( int algo )
{ {
int use = 0; int use = 0;
/* They are hardwired in gpg 1.0. */ /* They are hardwired in gpg 1.0. */
switch ( algo ) { switch ( algo ) {
case PUBKEY_ALGO_RSA: case PUBKEY_ALGO_RSA:
use = (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG use = (PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG
| PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH); | PUBKEY_USAGE_ENC | PUBKEY_USAGE_AUTH);
@ -469,7 +484,7 @@ openpgp_pk_algo_usage ( int algo )
case PUBKEY_ALGO_ELGAMAL_E: case PUBKEY_ALGO_ELGAMAL_E:
use = PUBKEY_USAGE_ENC; use = PUBKEY_USAGE_ENC;
break; break;
case PUBKEY_ALGO_DSA: case PUBKEY_ALGO_DSA:
use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH; use = PUBKEY_USAGE_CERT | PUBKEY_USAGE_SIG | PUBKEY_USAGE_AUTH;
break; break;
default: default:
@ -509,7 +524,7 @@ idea_cipher_warn(int show)
#endif #endif
static unsigned long static unsigned long
get_signature_count (PKT_secret_key *sk) get_signature_count (PKT_secret_key *sk)
{ {
#ifdef ENABLE_CARD_SUPPORT #ifdef ENABLE_CARD_SUPPORT
@ -518,7 +533,7 @@ get_signature_count (PKT_secret_key *sk)
struct agent_card_info_s info; struct agent_card_info_s info;
if(agent_scd_getattr("SIG-COUNTER",&info)==0) if(agent_scd_getattr("SIG-COUNTER",&info)==0)
return info.sig_counter; return info.sig_counter;
} }
#endif #endif
/* How to do this without a card? */ /* How to do this without a card? */
@ -609,7 +624,7 @@ pct_expando(const char *string,struct expando_args *args)
sprintf(&ret[idx],"%lu",get_signature_count(args->sk)); sprintf(&ret[idx],"%lu",get_signature_count(args->sk));
idx+=strlen(&ret[idx]); idx+=strlen(&ret[idx]);
done=1; done=1;
} }
break; break;
case 'p': /* primary pk fingerprint of a sk */ case 'p': /* primary pk fingerprint of a sk */
@ -678,7 +693,7 @@ pct_expando(const char *string,struct expando_args *args)
case 't': /* e.g. "jpg" */ case 't': /* e.g. "jpg" */
str=image_type_to_string(args->imagetype,0); str=image_type_to_string(args->imagetype,0);
break; break;
case 'T': /* e.g. "image/jpeg" */ case 'T': /* e.g. "image/jpeg" */
str=image_type_to_string(args->imagetype,2); str=image_type_to_string(args->imagetype,2);
break; break;
@ -777,7 +792,7 @@ deprecated_command (const char *name)
void void
obsolete_option (const char *configname, unsigned int configlineno, obsolete_option (const char *configname, unsigned int configlineno,
const char *name) const char *name)
{ {
if(configname) if(configname)
@ -793,9 +808,9 @@ obsolete_option (const char *configname, unsigned int configlineno,
* Wrapper around gcry_cipher_map_name to provide a fallback using the * Wrapper around gcry_cipher_map_name to provide a fallback using the
* "Sn" syntax as used by the preference strings. * "Sn" syntax as used by the preference strings.
*/ */
int int
string_to_cipher_algo (const char *string) string_to_cipher_algo (const char *string)
{ {
int val; int val;
val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string)); val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string));
@ -816,9 +831,9 @@ string_to_cipher_algo (const char *string)
* Wrapper around gcry_md_map_name to provide a fallback using the * Wrapper around gcry_md_map_name to provide a fallback using the
* "Hn" syntax as used by the preference strings. * "Hn" syntax as used by the preference strings.
*/ */
int int
string_to_digest_algo (const char *string) string_to_digest_algo (const char *string)
{ {
int val; int val;
val = gcry_md_map_name (string); val = gcry_md_map_name (string);
@ -1223,7 +1238,7 @@ has_invalid_email_chars (const char *s)
const char *valid_chars= const char *valid_chars=
"01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for ( ; *s; s++ ) for ( ; *s; s++ )
{ {
if ( (*s & 0x80) ) if ( (*s & 0x80) )
continue; /* We only care about ASCII. */ continue; /* We only care about ASCII. */
@ -1344,7 +1359,7 @@ int
pubkey_get_nenc( int algo ) pubkey_get_nenc( int algo )
{ {
size_t n; size_t n;
if (algo == GCRY_PK_ELG_E) if (algo == GCRY_PK_ELG_E)
algo = GCRY_PK_ELG; algo = GCRY_PK_ELG;
if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NENCR, NULL, &n )) if (gcry_pk_algo_info( algo, GCRYCTL_GET_ALGO_NENCR, NULL, &n ))