From a84fe549da551cfb8037b30dca10da8ea4e632e0 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Tue, 24 Feb 2004 23:37:18 +0000 Subject: [PATCH] * plaintext.c: Copyright. * encode.c (encode_simple): Show cipher with --verbose. * options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level option to enable cert level prompts during sigs. Defaults to on. Simplify --default-cert-check-level to --default-cert-level. If ask-cert-level is off, or batch is on, use the default-cert-level as the cert level. * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify --min-cert-check-level to --min-cert-level. --- g10/ChangeLog | 15 +++ g10/encode.c | 8 +- g10/g10.c | 33 +++--- g10/keyedit.c | 14 +-- g10/options.h | 298 ++++++++++++++++++++++++------------------------ g10/plaintext.c | 3 +- g10/trustdb.c | 2 +- 7 files changed, 201 insertions(+), 172 deletions(-) diff --git a/g10/ChangeLog b/g10/ChangeLog index 3bf57da08..03aa220ed 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,18 @@ +2004-02-24 David Shaw + + * plaintext.c: Copyright. + + * encode.c (encode_simple): Show cipher with --verbose. + + * options.h, g10.c (main), keyedit.c (sign_keys): Add + --ask-cert-level option to enable cert level prompts during + sigs. Defaults to on. Simplify --default-cert-check-level to + --default-cert-level. If ask-cert-level is off, or batch is on, + use the default-cert-level as the cert level. + + * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): + Simplify --min-cert-check-level to --min-cert-level. + 2004-02-22 David Shaw * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add diff --git a/g10/encode.c b/g10/encode.c index 95df2f682..f841dc97b 100644 --- a/g10/encode.c +++ b/g10/encode.c @@ -1,6 +1,6 @@ /* encode.c - encode data - * Copyright (C) 1998, 1999, 2000, 2001, 2002, - * 2003 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, + * 2004 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -217,6 +217,10 @@ encode_simple( const char *filename, int mode, int use_seskey ) m_free( cfx.dek ); cfx.dek = dek; } + if(opt.verbose) + log_info(_("using cipher %s\n"), + cipher_algo_to_string(cfx.dek->algo)); + cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo); } diff --git a/g10/g10.c b/g10/g10.c index 455b39558..e4a72f6bd 100644 --- a/g10/g10.c +++ b/g10/g10.c @@ -148,12 +148,14 @@ enum cmd_and_opt_values oNoAskSigExpire, oAskCertExpire, oNoAskCertExpire, + oAskCertLevel, + oNoAskCertLevel, oFingerprint, oWithFingerprint, oAnswerYes, oAnswerNo, - oDefCertCheckLevel, - oMinCertCheckLevel, + oDefCertLevel, + oMinCertLevel, oKeyring, oPrimaryKeyring, oSecretKeyring, @@ -437,6 +439,8 @@ static ARGPARSE_OPTS opts[] = { { oNoAskSigExpire, "no-ask-sig-expire", 0, "@"}, { oAskCertExpire, "ask-cert-expire", 0, "@"}, { oNoAskCertExpire, "no-ask-cert-expire", 0, "@"}, + { oAskCertLevel, "ask-cert-level", 0, "@"}, + { oNoAskCertLevel, "no-ask-cert-level", 0, "@"}, { oOutput, "output", 2, N_("use as output file")}, { oMaxOutput, "max-output", 16|4, "@" }, { oVerbose, "verbose", 0, N_("verbose") }, @@ -567,8 +571,9 @@ static ARGPARSE_OPTS opts[] = { { oSkipVerify, "skip-verify",0, "@" }, { oCompressKeys, "compress-keys",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"}, - { oDefCertCheckLevel, "default-cert-check-level", 1, "@"}, - { oMinCertCheckLevel, "min-cert-check-level", 1, "@"}, + { oDefCertLevel, "default-cert-check-level", 1, "@"}, /* Old option */ + { oDefCertLevel, "default-cert-level", 1, "@"}, + { oMinCertLevel, "min-cert-level", 1, "@"}, { oAlwaysTrust, "always-trust", 0, "@"}, { oTrustModel, "trust-model", 2, "@"}, { oForceOwnertrust, "force-ownertrust", 2, "@"}, @@ -1440,7 +1445,7 @@ main( int argc, char **argv ) VERIFY_SHOW_POLICY_URLS|VERIFY_SHOW_NOTATIONS|VERIFY_SHOW_KEYSERVER_URLS; opt.trust_model=TM_AUTO; opt.mangle_dos_filenames=0; - opt.min_cert_check_level=2; + opt.min_cert_level=2; set_screen_dimensions(); #if defined (_WIN32) set_homedir ( read_w32_registry_string( NULL, @@ -1781,8 +1786,8 @@ main( int argc, char **argv ) break; case oNoArmor: opt.no_armor=1; opt.armor=0; break; case oNoDefKeyring: default_keyring = 0; break; - case oDefCertCheckLevel: opt.def_cert_check_level=pargs.r.ret_int; break; - case oMinCertCheckLevel: opt.min_cert_check_level=pargs.r.ret_int; break; + case oDefCertLevel: opt.def_cert_level=pargs.r.ret_int; break; + case oMinCertLevel: opt.min_cert_level=pargs.r.ret_int; break; case oNoGreeting: nogreeting = 1; break; case oNoVerbose: g10_opt_verbose = 0; opt.verbose = 0; opt.list_sigs=0; break; @@ -1997,6 +2002,8 @@ main( int argc, char **argv ) case oNoAskSigExpire: opt.ask_sig_expire = 0; break; case oAskCertExpire: opt.ask_cert_expire = 1; break; case oNoAskCertExpire: opt.ask_cert_expire = 0; break; + case oAskCertLevel: opt.ask_cert_level = 1; break; + case oNoAskCertLevel: opt.ask_cert_level = 0; break; case oUser: /* store the local users */ add_to_strlist2( &locusr, pargs.r.ret_str, utf8_strings ); break; @@ -2480,8 +2487,10 @@ main( int argc, char **argv ) log_error(_("marginals-needed must be greater than 1\n")); if( opt.max_cert_depth < 1 || opt.max_cert_depth > 255 ) log_error(_("max-cert-depth must be in the range from 1 to 255\n")); - if( opt.min_cert_check_level < 1 || opt.min_cert_check_level > 3 ) - log_error(_("min-cert-check-level must be in the range from 1 to 3\n")); + if(opt.def_cert_level<0 || opt.def_cert_level>3) + log_error(_("invalid default-cert-level; must be 0, 1, 2, or 3\n")); + if( opt.min_cert_level < 1 || opt.min_cert_level > 3 ) + log_error(_("invalid min-cert-level; must be 1, 2, or 3\n")); switch( opt.s2k_mode ) { case 0: log_info(_("NOTE: simple S2K mode (0) is strongly discouraged\n")); @@ -2491,16 +2500,14 @@ main( int argc, char **argv ) log_error(_("invalid S2K mode; must be 0, 1 or 3\n")); } - if(opt.def_cert_check_level<0 || opt.def_cert_check_level>3) - log_error(_("invalid default-check-level; must be 0, 1, 2, or 3\n")); - /* This isn't actually needed, but does serve to error out if the string is invalid. */ if(opt.def_preference_list && keygen_set_std_prefs(opt.def_preference_list,0)) log_error(_("invalid default preferences\n")); - /* We provide defaults for the personal digest list */ + /* We provide defaults for the personal digest list. This is + SHA-1. */ if(!pers_digest_list) pers_digest_list="h2"; diff --git a/g10/keyedit.c b/g10/keyedit.c index 3a8fc96f3..a22005fb2 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -761,8 +761,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, ; else { - if(opt.batch) - class=0x10+opt.def_cert_check_level; + if(opt.batch || !opt.ask_cert_level) + class=0x10+opt.def_cert_level; else { char *answer; @@ -773,13 +773,13 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, "answer, enter \"0\".\n")); tty_printf("\n"); tty_printf(_(" (0) I will not answer.%s\n"), - opt.def_cert_check_level==0?" (default)":""); + opt.def_cert_level==0?" (default)":""); tty_printf(_(" (1) I have not checked at all.%s\n"), - opt.def_cert_check_level==1?" (default)":""); + opt.def_cert_level==1?" (default)":""); tty_printf(_(" (2) I have done casual checking.%s\n"), - opt.def_cert_check_level==2?" (default)":""); + opt.def_cert_level==2?" (default)":""); tty_printf(_(" (3) I have done very careful checking.%s\n"), - opt.def_cert_check_level==3?" (default)":""); + opt.def_cert_level==3?" (default)":""); tty_printf("\n"); while(class==0) @@ -787,7 +787,7 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, answer = cpr_get("sign_uid.class",_("Your selection? " "(enter '?' for more information): ")); if(answer[0]=='\0') - class=0x10+opt.def_cert_check_level; /* Default */ + class=0x10+opt.def_cert_level; /* Default */ else if(ascii_strcasecmp(answer,"0")==0) class=0x10; /* Generic */ else if(ascii_strcasecmp(answer,"1")==0) diff --git a/g10/options.h b/g10/options.h index 53821aa0d..ef7a4b36f 100644 --- a/g10/options.h +++ b/g10/options.h @@ -38,161 +38,163 @@ #endif EXTERN_UNLESS_MAIN_MODULE -struct { - int verbose; - int quiet; - unsigned debug; - int armor; - char *outfile; - off_t max_output; - int dry_run; - int list_only; - int textmode; - int expert; - int ask_sig_expire; - int ask_cert_expire; - int batch; /* run in batch mode */ - int answer_yes; /* answer yes on most questions */ - int answer_no; /* answer no on most questions */ - int check_sigs; /* check key signatures */ - int with_colons; - int with_key_data; - int with_fingerprint; /* opt --with-fingerprint active */ - int fingerprint; /* list fingerprints */ - int list_sigs; /* list signatures */ - int no_armor; - int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ - int def_cipher_algo; - int force_v3_sigs; - int force_v4_certs; - int force_mdc; - int disable_mdc; - int def_digest_algo; - int cert_digest_algo; - int compress_algo; - int compress_level; - int bz2_compress_level; - int bz2_compress_lowmem; - const char *def_secret_key; - char *def_recipient; - int def_recipient_self; - int def_cert_check_level; - int min_cert_check_level; - int sk_comments; - int no_version; - int marginals_needed; - int completes_needed; - int max_cert_depth; - const char *homedir; +struct +{ + int verbose; + int quiet; + unsigned debug; + int armor; + char *outfile; + off_t max_output; + int dry_run; + int list_only; + int textmode; + int expert; + int ask_sig_expire; + int ask_cert_expire; + int batch; /* run in batch mode */ + int answer_yes; /* answer yes on most questions */ + int answer_no; /* answer no on most questions */ + int check_sigs; /* check key signatures */ + int with_colons; + int with_key_data; + int with_fingerprint; /* opt --with-fingerprint active */ + int fingerprint; /* list fingerprints */ + int list_sigs; /* list signatures */ + int no_armor; + int list_packets; /* list-packets mode: 1=normal, 2=invoked by command*/ + int def_cipher_algo; + int force_v3_sigs; + int force_v4_certs; + int force_mdc; + int disable_mdc; + int def_digest_algo; + int cert_digest_algo; + int compress_algo; + int compress_level; + int bz2_compress_level; + int bz2_compress_lowmem; + const char *def_secret_key; + char *def_recipient; + int def_recipient_self; + int def_cert_level; + int min_cert_level; + int ask_cert_level; + int sk_comments; + int no_version; + int marginals_needed; + int completes_needed; + int max_cert_depth; + const char *homedir; - char *display; /* 5 options to be passed to the gpg-agent */ - char *ttyname; - char *ttytype; - char *lc_ctype; - char *lc_messages; + char *display; /* 5 options to be passed to the gpg-agent */ + char *ttyname; + char *ttytype; + char *lc_ctype; + char *lc_messages; - int skip_verify; - int compress_keys; - int compress_sigs; - /* TM_CLASSIC must be zero to accomodate trustdbs generated before - we started storing the trust model inside the trustdb. */ - enum - { - TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_AUTO - } trust_model; - int force_ownertrust; - enum - { - CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8 - } compliance; - int pgp2_workarounds; - int shm_coprocess; - const char *set_filename; - STRLIST comments; - int throw_keyid; - const char *photo_viewer; - int s2k_mode; - int s2k_digest_algo; - int s2k_cipher_algo; - int simple_sk_checksum; /* create the deprecated rfc2440 secret - key protection*/ - int not_dash_escaped; - int escape_from; - int lock_once; - char *keyserver_uri; - char *keyserver_scheme; - char *keyserver_host; - char *keyserver_port; - char *keyserver_opaque; - struct + int skip_verify; + int compress_keys; + int compress_sigs; + /* TM_CLASSIC must be zero to accomodate trustdbs generated before + we started storing the trust model inside the trustdb. */ + enum { - int verbose; - int include_revoked; - int include_disabled; - int include_subkeys; - int use_temp_files; - int keep_temp_files; - int fake_v3_keyids; - int auto_key_retrieve; - int try_dns_srv; - unsigned int import_options; - unsigned int export_options; - STRLIST other; - } keyserver_options; - int exec_disable; - int exec_path_set; + TM_CLASSIC=0, TM_PGP=1, TM_EXTERNAL=2, TM_ALWAYS, TM_AUTO + } trust_model; + int force_ownertrust; + enum + { + CO_GNUPG=0, CO_RFC2440, CO_RFC1991, CO_PGP2, CO_PGP6, CO_PGP7, CO_PGP8 + } compliance; + int pgp2_workarounds; + int shm_coprocess; + const char *set_filename; + STRLIST comments; + int throw_keyid; + const char *photo_viewer; + int s2k_mode; + int s2k_digest_algo; + int s2k_cipher_algo; + int simple_sk_checksum; /* create the deprecated rfc2440 secret + key protection*/ + int not_dash_escaped; + int escape_from; + int lock_once; + char *keyserver_uri; + char *keyserver_scheme; + char *keyserver_host; + char *keyserver_port; + char *keyserver_opaque; + struct + { + int verbose; + int include_revoked; + int include_disabled; + int include_subkeys; + int use_temp_files; + int keep_temp_files; + int fake_v3_keyids; + int auto_key_retrieve; + int try_dns_srv; unsigned int import_options; unsigned int export_options; - unsigned int list_options; - unsigned int verify_options; - char *def_preference_list; - prefitem_t *personal_cipher_prefs; - prefitem_t *personal_digest_prefs; - prefitem_t *personal_compress_prefs; - int no_perm_warn; - int no_mdc_warn; - char *temp_dir; - int no_encrypt_to; - int interactive; - STRLIST sig_notation_data; - STRLIST cert_notation_data; - STRLIST sig_policy_url; - STRLIST cert_policy_url; - STRLIST sig_keyserver_url; - int use_embedded_filename; - int allow_non_selfsigned_uid; - int allow_freeform_uid; - int no_literal; - ulong set_filesize; - int fast_list_mode; - int fixed_list_mode; - int ignore_time_conflict; - int ignore_valid_from; - int ignore_crc_error; - int ignore_mdc_error; - int command_fd; - const char *override_session_key; - int show_session_key; - int use_agent; - const char *gpg_agent_info; - int try_all_secrets; - int no_expensive_trust_checks; - int no_sig_cache; - int no_sig_create_check; - int no_auto_check_trustdb; - int preserve_permissions; - int no_homedir_creation; - struct groupitem *grouplist; - int strict; - int mangle_dos_filenames; - int enable_progress_filter; - int screen_columns; - int screen_lines; + STRLIST other; + } keyserver_options; + int exec_disable; + int exec_path_set; + unsigned int import_options; + unsigned int export_options; + unsigned int list_options; + unsigned int verify_options; + char *def_preference_list; + prefitem_t *personal_cipher_prefs; + prefitem_t *personal_digest_prefs; + prefitem_t *personal_compress_prefs; + int no_perm_warn; + int no_mdc_warn; + char *temp_dir; + int no_encrypt_to; + int interactive; + STRLIST sig_notation_data; + STRLIST cert_notation_data; + STRLIST sig_policy_url; + STRLIST cert_policy_url; + STRLIST sig_keyserver_url; + int use_embedded_filename; + int allow_non_selfsigned_uid; + int allow_freeform_uid; + int no_literal; + ulong set_filesize; + int fast_list_mode; + int fixed_list_mode; + int ignore_time_conflict; + int ignore_valid_from; + int ignore_crc_error; + int ignore_mdc_error; + int command_fd; + const char *override_session_key; + int show_session_key; + int use_agent; + const char *gpg_agent_info; + int try_all_secrets; + int no_expensive_trust_checks; + int no_sig_cache; + int no_sig_create_check; + int no_auto_check_trustdb; + int preserve_permissions; + int no_homedir_creation; + struct groupitem *grouplist; + int strict; + int mangle_dos_filenames; + int enable_progress_filter; + int screen_columns; + int screen_lines; #ifdef ENABLE_CARD_SUPPORT - const char *ctapi_driver; /* Library to access the ctAPI. */ - const char *pcsc_driver; /* Library to access the PC/SC system. */ - int disable_ccid; /* Disable the use of the internal CCID driver. */ + const char *ctapi_driver; /* Library to access the ctAPI. */ + const char *pcsc_driver; /* Library to access the PC/SC system. */ + int disable_ccid; /* Disable the use of the internal CCID driver. */ #endif /*ENABLE_CARD_SUPPORT*/ } opt; diff --git a/g10/plaintext.c b/g10/plaintext.c index a998acbb2..e9b9918cb 100644 --- a/g10/plaintext.c +++ b/g10/plaintext.c @@ -1,5 +1,6 @@ /* plaintext.c - process plaintext packets - * Copyright (C) 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, + * 2004 Free Software Foundation, Inc. * * This file is part of GnuPG. * diff --git a/g10/trustdb.c b/g10/trustdb.c index ab3b12527..3156116f3 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1382,7 +1382,7 @@ mark_usable_uid_certs (KBNODE keyblock, KBNODE uidnode, if (!IS_UID_SIG(sig) && !IS_UID_REV(sig)) continue; /* we only look at these signature classes */ if(sig->sig_class>=0x11 && sig->sig_class<=0x13 && - sig->sig_class-0x10sig_class-0x10