1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-09 12:54:23 +01:00

intermediate release

This commit is contained in:
Werner Koch 1998-07-06 10:23:57 +00:00
parent 97090f1293
commit a9ec668cbe
45 changed files with 526 additions and 260 deletions

15
NEWS

@ -1,3 +1,18 @@
Noteworthy changes in version 0.3.1
-----------------------------------
* Partial headers are now written in the OpenPGP format if
a key in a v4 packet is used.
* Removed some unused options, removed the gnupg.sig stuff.
* Key lookup by name now returns a key which can be used for
the desired action.
* New options --list-ownertrust (gpgm) to make a backup copy
of the ownertrust values you assigned.
* clear signature headers are now in compliance with OpenPGP.
Noteworthy changes in version 0.3.0 Noteworthy changes in version 0.3.0
----------------------------------- -----------------------------------

12
TODO

@ -1,9 +1,13 @@
* add writing of partial headers conforming to OpenPGP * add option --restore-ownertrust
util/iobuf.c:block_filter
* add options: --default-signature-user, --default-encryption-user * add options: --default-signature-user, --default-encryption-user
* Change the formatting of log_xxxx to GNU standards
("name:filename:line: text")
* add a way to delete subkeys (in edit-keys?)
* make preferences work * make preferences work
* rewrite --list-packets or put it into another tool. * rewrite --list-packets or put it into another tool.
@ -15,7 +19,9 @@
* add readline support. Must enhance libreadline - Anyone? * add readline support. Must enhance libreadline - Anyone?
* Burn the buffers used by fopen(), or use read(2). * Burn the buffers used by fopen(), or use read(2). Does this
really make sense?
* enable a SIGSEGV handler while using zlib functions * enable a SIGSEGV handler while using zlib functions

@ -12,7 +12,7 @@ TESTS = version.test mds.test \
conventional.test conventional.test
TEST_FILES = pubring.asc secring.asc gnupg.asc plain-1 plain-2 plain-3o.asc \ TEST_FILES = pubring.asc secring.asc plain-1 plain-2 plain-3o.asc \
plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \ plain-1.asc plain-2.asc plain-3.asc plain-1-pgp.asc \
pubring.pkr.asc secring.skr.asc pubring.pkr.asc secring.skr.asc
@ -23,17 +23,14 @@ CLEANFILES = prepared.stamp x y z out err $(DATA_FILES)
check: prepared.stamp check: prepared.stamp
prepared.stamp: pubring.gpg secring.gpg gnupg.sig plain-3 \ prepared.stamp: pubring.gpg secring.gpg plain-3 \
pubring.pkr secring.skr $(DATA_FILES) pubring.pkr secring.skr $(DATA_FILES)
@echo "def" | ../g10/gpg --homedir . -v --no-operation; \
echo timestamp >./prepared.stamp echo timestamp >./prepared.stamp
pubring.gpg: pubring.asc pubring.gpg: pubring.asc
../g10/gpgm --yes --dearmor -o pubring.gpg pubring.asc ../g10/gpgm --yes --dearmor -o pubring.gpg pubring.asc
secring.gpg: secring.asc secring.gpg: secring.asc
../g10/gpgm --yes --dearmor -o secring.gpg secring.asc ../g10/gpgm --yes --dearmor -o secring.gpg secring.asc
gnupg.sig: gnupg.asc
../g10/gpgm --yes --dearmor -o gnupg.sig gnupg.asc
plain-3: plain-3o.asc plain-3: plain-3o.asc
../g10/gpgm --yes --dearmor -o plain-3 plain-3o.asc ../g10/gpgm --yes --dearmor -o plain-3 plain-3o.asc
pubring.pkr: pubring.pkr.asc pubring.pkr: pubring.pkr.asc

@ -1,12 +0,0 @@
-----BEGIN PGP ARMORED FILE-----
Version: GNUPG v0.2.7b (Linux)
Comment: This is an alpha version!
Comment: Use "g10maint --dearmor" for unpacking
0CEjY3JlYXRlZCBieSBHTlVQRyB2MC4yLjdiIChMaW51eCmQDQMAAxDlaCrLPviEowGI1wMFADTy
2TnlaCrLPviEoxADgEwC/jmq4S8mH3ulVqOyszVXwLaOGwtNdQMc+q5yOTiGTme6tLrYshsXDrG0
qEeLEny8gqPpuUSH0Qht5V45sD8EfYBqptoxYiwpHlQcghrEUqGgo+QgXffPcrlbGINs576mugMA
mj/y4wOgoeJmc8WWNEnx+LehCZE1OaLpV5IWHigefsVLLv7jcQ2j80yxdCllqzvQTPQN+tlVoGei
yoC4BF2wzoG8sWJ0B9xFkQ/WV0jh1vpWiSfnZU1yhVkRNMk7SodM
=Ehf8
-----END PGP ARMORED FILE-----

@ -405,7 +405,7 @@ dsa_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig,
*nsig = 2; *nsig = 2;
switch( algo ) { switch( algo ) {
case PUBKEY_ALGO_DSA: *usage = 1; return "DSA"; case PUBKEY_ALGO_DSA: *usage = PUBKEY_USAGE_SIG; return "DSA";
default: *usage = 0; return NULL; default: *usage = 0; return NULL;
} }
} }

@ -510,8 +510,8 @@ elg_get_nbits( int algo, MPI *pkey )
* the ALGO is invalid. * the ALGO is invalid.
* Usage: Bit 0 set : allows signing * Usage: Bit 0 set : allows signing
* 1 set : allows encryption * 1 set : allows encryption
* NOTE: This function allows signing also for ELG-E, chich is not * NOTE: This function allows signing also for ELG-E, which is not
* okay but a bad hack to allow to work with olf gpg keys. The real check * okay but a bad hack to allow to work with old gpg keys. The real check
* is done in the gnupg ocde depending on the packet version. * is done in the gnupg ocde depending on the packet version.
*/ */
const char * const char *
@ -524,8 +524,12 @@ elg_get_info( int algo, int *npkey, int *nskey, int *nenc, int *nsig,
*nsig = 2; *nsig = 2;
switch( algo ) { switch( algo ) {
case PUBKEY_ALGO_ELGAMAL: *usage = 2|1; return "ELG"; case PUBKEY_ALGO_ELGAMAL:
case PUBKEY_ALGO_ELGAMAL_E: *usage = 2|1; return "ELG-E"; *usage = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC;
return "ELG";
case PUBKEY_ALGO_ELGAMAL_E:
*usage = PUBKEY_USAGE_SIG|PUBKEY_USAGE_ENC;
return "ELG-E";
default: *usage = 0; return NULL; default: *usage = 0; return NULL;
} }
} }

@ -282,9 +282,11 @@ check_pubkey_algo2( int algo, unsigned usage )
do { do {
for(i=0; pubkey_table[i].name; i++ ) for(i=0; pubkey_table[i].name; i++ )
if( pubkey_table[i].algo == algo ) { if( pubkey_table[i].algo == algo ) {
if( (usage & 1) && !(pubkey_table[i].usage & 1) ) if( (usage & PUBKEY_USAGE_SIG)
&& !(pubkey_table[i].usage & PUBKEY_USAGE_SIG) )
return G10ERR_WR_PUBKEY_ALGO; return G10ERR_WR_PUBKEY_ALGO;
if( (usage & 2) && !(pubkey_table[i].usage & 2) ) if( (usage & PUBKEY_USAGE_ENC)
&& !(pubkey_table[i].usage & PUBKEY_USAGE_ENC) )
return G10ERR_WR_PUBKEY_ALGO; return G10ERR_WR_PUBKEY_ALGO;
return 0; /* okay */ return 0; /* okay */
} }

@ -71,7 +71,7 @@ Record type 1:
1 byte completes needed 1 byte completes needed
1 byte max. cert depth 1 byte max. cert depth
If any of this 3 values are changed, all cache records If any of this 3 values are changed, all cache records
muts be invalidated. must be invalidated.
9 bytes reserved 9 bytes reserved
@ -88,7 +88,9 @@ Record type 2: (directory record)
1 u32 cache record 1 u32 cache record
1 u32 sigrecord 1 u32 sigrecord
1 byte No signatures flag (used to avoid duplicate building). 1 byte No signatures flag (used to avoid duplicate building).
13 byte reserved 3 byte reserved
1 u32 preference record
6 byte reserved
Record type 3: Record type 3:
@ -124,7 +126,7 @@ Record type 4: (cache record)
20 bytes rmd160 hash value over the complete keyblock 20 bytes rmd160 hash value over the complete keyblock
This is used to detect any changes of the keyblock with all This is used to detect any changes of the keyblock with all
CTBs and lengths headers. Calculation is easy if the keyblock CTBs and lengths headers. Calculation is easy if the keyblock
is optained from a keyserved: simply create the hash from all is optained from a keyserver: simply create the hash from all
received data bytes. received data bytes.
1 byte number of untrusted signatures. 1 byte number of untrusted signatures.
@ -162,7 +164,7 @@ Record Type 6 (hash table)
used directly as hash values. (They can be considered as strong used directly as hash values. (They can be considered as strong
random numbers.) random numbers.)
What we use is a dynamic multilevel architecture, which combines What we use is a dynamic multilevel architecture, which combines
Hashtables, record lists, and linked lists. hashtables, record lists, and linked lists.
This record is a hashtable of 256 entries; a special property This record is a hashtable of 256 entries; a special property
is that all these records are stored consecutively to make one is that all these records are stored consecutively to make one
@ -207,7 +209,6 @@ Record type 7 (hash list)
Packet Headers Packet Headers
=============== ===============

@ -5,10 +5,14 @@ gpg - GNU Privacy Guard
=head1 SYNOPSIS =head1 SYNOPSIS
B<gpg> [--homedir name] [--options file] [options] command [args] B<gpg> [--homedir name] [--options file] [options] command [args]
B<gpgm> [--homedir name] [--options file] [options] command [args]
=head1 DESCRIPTION =head1 DESCRIPTION
This is the main program for the GNUPG system. B<gpg> is the main program for the GNUPG system. B<gpgm> is a maintenance
tool which has some commands B<gpgm> does not have; it is there because
it does not handle sensitive data ans therefore has no need to allocate
secure memory.
=head1 COMMANDS =head1 COMMANDS
@ -91,6 +95,11 @@ B<--gen-key>
Generate a new key pair. This command can only be Generate a new key pair. This command can only be
used interactive. used interactive.
B<--add-key> I<name>
Add a subkey to an already existing key. This
command is similiar to B<--gen-key> but a primary
key must already exit.
B<--sign-key> I<name> B<--sign-key> I<name>
Make a signature on key of user I<name>. Make a signature on key of user I<name>.
This looks for the key, displays the key and checks This looks for the key, displays the key and checks
@ -130,6 +139,9 @@ B<--export> [I<names>]
B<--import> B<--import>
import/merge keys import/merge keys
B<--list-ownertrust>
List the assigned ownertrust values in ascii format for
backup purposes [B<gpgm> only].
=head1 OPTIONS =head1 OPTIONS
@ -246,11 +258,6 @@ B<--cipher-algo> I<name>
with the option B<--verbose> yields a list of supported with the option B<--verbose> yields a list of supported
algorithms. algorithms.
B<--pubkey-algo> I<name>
Use I<name> as puplic key algorithm. Running the program
with the option B<--verbose> yields a list of supported
algorithms.
B<--digest-algo> I<name> B<--digest-algo> I<name>
Use I<name> as message digest algorithm. Running the Use I<name> as message digest algorithm. Running the
program with the option B<--verbose> yields a list of program with the option B<--verbose> yields a list of

@ -1,3 +1,41 @@
Mon Jul 6 09:03:49 1998 Werner Koch (wk@isil.d.shuttle.de)
* getkey.c (add_keyring): Keyrings are now added to end of the
list of keyrings. The first added keyringwill be created.
(add_secret_keyring): Likewise.
* ringedit.c (add_keyblock_resource): Files are created here.
* g10.c (aNOP): Removed
* getkey.c (lookup): Add checking of usage for name lookups
* packet.h (pubkey_usage): Add a field which may be used to store
usage capabilities.
* pkclist.c (build_pk_list): getkey now called with usage arg.
* skclist.c (build_sk_list): Ditto.
* sign.c (clearsign_file): Fixed "Hash:" headers
Sat Jul 4 13:33:31 1998 Werner Koch (wk@isil.d.shuttle.de)
* trustdb.c (list_ownertrust): New.
* g10.c (aListOwnerTrust): New.
* g10.c (def_pubkey_algo): Removed.
* trustdb.c (verify_private_data): Removed and also the call to it.
(sign_private_data): Removed.
Fri Jul 3 13:26:10 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (aEditKey): was aEditSig. Changed usage msg.
* keyedit.c: Done some i18n stuff.
* g10.c (do_not_use_RSA): New.
* sign.c (do_sign): Add call to above function.
* encode.c (write_pubkey_enc_from_list): Ditto.
Thu Jul 2 21:01:25 1998 Werner Koch (wk@isil.d.shuttle.de) Thu Jul 2 21:01:25 1998 Werner Koch (wk@isil.d.shuttle.de)
* parse-packet.c: Now is able sto store data of unknown * parse-packet.c: Now is able sto store data of unknown

@ -32,6 +32,8 @@ common_source = \
keyid.c \ keyid.c \
trustdb.c \ trustdb.c \
trustdb.h \ trustdb.h \
pref.h \
pref.c \
packet.h \ packet.h \
parse-packet.c \ parse-packet.c \
passphrase.c \ passphrase.c \

@ -325,7 +325,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
if( n < buflen || c == '\n' ) { if( n < buflen || c == '\n' ) {
if( n && buf[0] != '\r') { /* maybe a header */ if( n && buf[0] != '\r') { /* maybe a header */
if( strchr( buf, ':') ) { /* yes */ if( strchr( buf, ':') ) { /* yes */
int hashes; int hashes=0;
if( buf[n-1] == '\r' ) if( buf[n-1] == '\r' )
buf[--n] = 0; buf[--n] = 0;
if( opt.verbose ) { if( opt.verbose ) {
@ -822,13 +822,19 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
else if( (c=iobuf_get(a)) == -1 ) else if( (c=iobuf_get(a)) == -1 )
break; break;
} while( ++idx < 4 ); } while( ++idx < 4 );
if( c == -1 ) if( c == -1 ) {
log_error("premature eof (in CRC)\n"); log_error("premature eof (in CRC)\n");
else if( idx != 4 ) rc = G10ERR_INVALID_ARMOR;
}
else if( idx != 4 ) {
log_error("malformed CRC\n"); log_error("malformed CRC\n");
else if( mycrc != afx->crc ) rc = G10ERR_INVALID_ARMOR;
}
else if( mycrc != afx->crc ) {
log_error("CRC error; %06lx - %06lx\n", log_error("CRC error; %06lx - %06lx\n",
(ulong)afx->crc, (ulong)mycrc); (ulong)afx->crc, (ulong)mycrc);
rc = G10ERR_INVALID_ARMOR;
}
else { else {
rc = 0; rc = 0;
#if 0 #if 0
@ -843,10 +849,14 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
} }
if( rc == -1 ) if( rc == -1 )
rc = 0; rc = 0;
else if( rc == 2 ) else if( rc == 2 ) {
log_error("premature eof (in Trailer)\n"); log_error("premature eof (in Trailer)\n");
else rc = G10ERR_INVALID_ARMOR;
}
else {
log_error("error in trailer line\n"); log_error("error in trailer line\n");
rc = G10ERR_INVALID_ARMOR;
}
#endif #endif
} }
} }
@ -988,7 +998,8 @@ armor_filter( void *opaque, int control,
iobuf_writestr(a, "-----\n"); iobuf_writestr(a, "-----\n");
iobuf_writestr(a, "Version: GNUPG v" VERSION " (" iobuf_writestr(a, "Version: GNUPG v" VERSION " ("
PRINTABLE_OS_NAME ")\n"); PRINTABLE_OS_NAME ")\n");
iobuf_writestr(a, "Comment: This is an alpha version!\n"); iobuf_writestr(a,
"Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/\n");
if( afx->hdrlines ) if( afx->hdrlines )
iobuf_writestr(a, afx->hdrlines); iobuf_writestr(a, afx->hdrlines);
iobuf_put(a, '\n'); iobuf_put(a, '\n');

@ -281,7 +281,7 @@ do_secret_key( IOBUF out, int ctb, PKT_secret_key *sk )
iobuf_put(a, sk->pubkey_algo ); iobuf_put(a, sk->pubkey_algo );
nskey = pubkey_get_nskey( sk->pubkey_algo ); nskey = pubkey_get_nskey( sk->pubkey_algo );
npkey = pubkey_get_npkey( sk->pubkey_algo ); npkey = pubkey_get_npkey( sk->pubkey_algo );
if( npkey ) { if( !npkey ) {
write_fake_data( a, sk->skey[0] ); write_fake_data( a, sk->skey[0] );
goto leave; goto leave;
} }

@ -46,6 +46,7 @@ write_header( cipher_filter_context_t *cfx, IOBUF a )
memset( &ed, 0, sizeof ed ); memset( &ed, 0, sizeof ed );
ed.len = cfx->datalen; ed.len = cfx->datalen;
ed.new_ctb = !ed.len && !opt.rfc1991;
init_packet( &pkt ); init_packet( &pkt );
pkt.pkttype = PKT_ENCRYPTED; pkt.pkttype = PKT_ENCRYPTED;
pkt.pkt.encrypted = &ed; pkt.pkt.encrypted = &ed;
@ -88,13 +89,7 @@ cipher_filter( void *opaque, int control,
rc = G10ERR_WRITE_FILE; rc = G10ERR_WRITE_FILE;
} }
else if( control == IOBUFCTRL_FREE ) { else if( control == IOBUFCTRL_FREE ) {
#if 0
if( cfx->new_partial && cfx->cfx->la_buffer ) {
}
#endif
cipher_close(cfx->cipher_hd); cipher_close(cfx->cipher_hd);
m_free(cfx->la_buffer); cfx->la_buffer = NULL;
} }
else if( control == IOBUFCTRL_DESC ) { else if( control == IOBUFCTRL_DESC ) {
*(char**)buf = "cipher_filter"; *(char**)buf = "cipher_filter";

@ -34,6 +34,7 @@
#include "util.h" #include "util.h"
#include "main.h" #include "main.h"
#include "filter.h" #include "filter.h"
#include "i18n.h"
static int encode_simple( const char *filename, int mode ); static int encode_simple( const char *filename, int mode );
@ -81,7 +82,7 @@ encode_simple( const char *filename, int mode )
/* prepare iobufs */ /* prepare iobufs */
if( !(inp = iobuf_open(filename)) ) { if( !(inp = iobuf_open(filename)) ) {
log_error("can't open %s: %s\n", filename? filename: "[stdin]", log_error(_("%s: can't open: %s\n"), filename? filename: "[stdin]",
strerror(errno) ); strerror(errno) );
return G10ERR_OPEN_FILE; return G10ERR_OPEN_FILE;
} }
@ -98,7 +99,7 @@ encode_simple( const char *filename, int mode )
m_free(cfx.dek); m_free(cfx.dek);
m_free(s2k); m_free(s2k);
iobuf_close(inp); iobuf_close(inp);
log_error("error creating passphrase: %s\n", g10_errstr(rc) ); log_error(_("error creating passphrase: %s\n"), g10_errstr(rc) );
return rc; return rc;
} }
} }
@ -134,7 +135,7 @@ encode_simple( const char *filename, int mode )
pt->namelen = strlen(filename); pt->namelen = strlen(filename);
memcpy(pt->name, filename, pt->namelen ); memcpy(pt->name, filename, pt->namelen );
if( !(filesize = iobuf_get_filelength(inp)) ) if( !(filesize = iobuf_get_filelength(inp)) )
log_info("warning: '%s' is an empty file\n", filename ); log_info(_("%s: warning: empty file\n"), filename );
} }
else { /* no filename */ else { /* no filename */
pt = m_alloc( sizeof *pt - 1 ); pt = m_alloc( sizeof *pt - 1 );
@ -191,18 +192,18 @@ encode_crypt( const char *filename, STRLIST remusr )
memset( &afx, 0, sizeof afx); memset( &afx, 0, sizeof afx);
memset( &zfx, 0, sizeof zfx); memset( &zfx, 0, sizeof zfx);
if( (rc=build_pk_list( remusr, &pk_list, 2)) ) if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC)) )
return rc; return rc;
/* prepare iobufs */ /* prepare iobufs */
if( !(inp = iobuf_open(filename)) ) { if( !(inp = iobuf_open(filename)) ) {
log_error("can't open %s: %s\n", filename? filename: "[stdin]", log_error(_("can't open %s: %s\n"), filename? filename: "[stdin]",
strerror(errno) ); strerror(errno) );
rc = G10ERR_OPEN_FILE; rc = G10ERR_OPEN_FILE;
goto leave; goto leave;
} }
else if( opt.verbose ) else if( opt.verbose )
log_info("reading from '%s'\n", filename? filename: "[stdin]"); log_info(_("reading from '%s'\n"), filename? filename: "[stdin]");
if( !(out = open_outfile( filename, opt.armor? 1:0 )) ) { if( !(out = open_outfile( filename, opt.armor? 1:0 )) ) {
rc = G10ERR_CREATE_FILE; /* or user said: do not overwrite */ rc = G10ERR_CREATE_FILE; /* or user said: do not overwrite */
@ -232,7 +233,7 @@ encode_crypt( const char *filename, STRLIST remusr )
pt->namelen = strlen(filename); pt->namelen = strlen(filename);
memcpy(pt->name, filename, pt->namelen ); memcpy(pt->name, filename, pt->namelen );
if( !(filesize = iobuf_get_filelength(inp)) ) if( !(filesize = iobuf_get_filelength(inp)) )
log_info("warning: '%s' is an empty file\n", filename ); log_info(_("%s: warning: empty file\n"), filename );
} }
else { /* no filename */ else { /* no filename */
pt = m_alloc( sizeof *pt - 1 ); pt = m_alloc( sizeof *pt - 1 );
@ -242,6 +243,7 @@ encode_crypt( const char *filename, STRLIST remusr )
pt->timestamp = make_timestamp(); pt->timestamp = make_timestamp();
pt->mode = 'b'; pt->mode = 'b';
pt->len = filesize; pt->len = filesize;
pt->new_ctb = !pt->len && !opt.rfc1991;
pt->buf = inp; pt->buf = inp;
init_packet(&pkt); init_packet(&pkt);
pkt.pkttype = PKT_PLAINTEXT; pkt.pkttype = PKT_PLAINTEXT;
@ -332,6 +334,8 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
MPI frame; MPI frame;
pk = pk_list->pk; pk = pk_list->pk;
if( is_RSA(pk->pubkey_algo) )
do_not_use_RSA();
enc = m_alloc_clear( sizeof *enc ); enc = m_alloc_clear( sizeof *enc );
enc->pubkey_algo = pk->pubkey_algo; enc->pubkey_algo = pk->pubkey_algo;
keyid_from_pk( pk, enc->keyid ); keyid_from_pk( pk, enc->keyid );
@ -344,7 +348,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
else { else {
if( opt.verbose ) { if( opt.verbose ) {
char *ustr = get_user_id_string( enc->keyid ); char *ustr = get_user_id_string( enc->keyid );
log_info("%s encrypted for: %s\n", log_info(_("%s encrypted for: %s\n"),
pubkey_algo_to_string(enc->pubkey_algo), ustr ); pubkey_algo_to_string(enc->pubkey_algo), ustr );
m_free(ustr); m_free(ustr);
} }

@ -61,9 +61,6 @@ typedef struct {
typedef struct { typedef struct {
DEK *dek; DEK *dek;
u32 datalen; u32 datalen;
int new_partial; /* use Openpgp partial packets header */
char *la_buffer; /* help buffer for OP partial stuff */
size_t la_buflen; /* and its used length */
CIPHER_HANDLE cipher_hd; CIPHER_HANDLE cipher_hd;
int header; int header;
} cipher_filter_context_t; } cipher_filter_context_t;

@ -79,6 +79,7 @@ static ARGPARSE_OPTS opts[] = {
{ 530, "import", 0 , N_("import/merge keys")}, { 530, "import", 0 , N_("import/merge keys")},
{ 521, "list-packets",0,N_("list only the sequence of packets")}, { 521, "list-packets",0,N_("list only the sequence of packets")},
#ifdef IS_G10MAINT #ifdef IS_G10MAINT
{ 564, "list-ownertrust", 0, "list the ownertrust values"},
{ 546, "dearmor", 0, N_("De-Armor a file or stdin") }, { 546, "dearmor", 0, N_("De-Armor a file or stdin") },
{ 547, "enarmor", 0, N_("En-Armor a file or stdin") }, { 547, "enarmor", 0, N_("En-Armor a file or stdin") },
{ 555, "print-md" , 0, N_("|algo [files]|print message digests")}, { 555, "print-md" , 0, N_("|algo [files]|print message digests")},
@ -116,12 +117,10 @@ static ARGPARSE_OPTS opts[] = {
{ 561, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, { 561, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
#ifdef IS_G10 #ifdef IS_G10
{ 527, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")}, { 527, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
{ 528, "pubkey-algo", 2 , N_("|NAME|use public key algorithm NAME")},
{ 529, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")}, { 529, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
{ 556, "compress-algo", 1 , N_("|N|use compress algorithm N")}, { 556, "compress-algo", 1 , N_("|N|use compress algorithm N")},
#else /* some dummies */ #else /* some dummies */
{ 527, "cipher-algo", 2 , "@"}, { 527, "cipher-algo", 2 , "@"},
{ 528, "pubkey-algo", 2 , "@"},
{ 529, "digest-algo", 2 , "@"}, { 529, "digest-algo", 2 , "@"},
{ 556, "compress-algo", 1 , "@"}, { 556, "compress-algo", 1 , "@"},
#endif #endif
@ -138,6 +137,7 @@ static ARGPARSE_OPTS opts[] = {
/* hidden options */ /* hidden options */
#ifdef IS_G10MAINT #ifdef IS_G10MAINT
{ 514, "test" , 0, "@" }, { 514, "test" , 0, "@" },
{ 564, "list-ownertrust",0 , "@"},
{ 531, "list-trustdb",0 , "@"}, { 531, "list-trustdb",0 , "@"},
{ 533, "list-trust-path",0, "@"}, { 533, "list-trust-path",0, "@"},
#endif #endif
@ -154,7 +154,6 @@ static ARGPARSE_OPTS opts[] = {
{ 519, "no-armor", 0, "@"}, { 519, "no-armor", 0, "@"},
{ 520, "no-default-keyring", 0, "@" }, { 520, "no-default-keyring", 0, "@" },
{ 522, "no-greeting", 0, "@" }, { 522, "no-greeting", 0, "@" },
{ 541, "no-operation", 0, "@" }, /* used by regression tests */
{ 543, "no-options", 0, "@" }, /* shortcut for --options /dev/null */ { 543, "no-options", 0, "@" }, /* shortcut for --options /dev/null */
{ 544, "homedir", 2, "@" }, /* defaults to "~/.gnupg" */ { 544, "homedir", 2, "@" }, /* defaults to "~/.gnupg" */
{ 545, "no-batch", 0, "@" }, { 545, "no-batch", 0, "@" },
@ -169,18 +168,19 @@ static ARGPARSE_OPTS opts[] = {
{0} }; {0} };
/* (Free numbers: 541) */
enum cmd_values { aNull = 0, enum cmd_values { aNull = 0,
aSym, aStore, aEncr, aKeygen, aSign, aSignEncr, aSym, aStore, aEncr, aKeygen, aSign, aSignEncr,
aSignKey, aClearsign, aListPackets, aEditSig, aDeleteKey, aDeleteSecretKey, aSignKey, aClearsign, aListPackets, aEditKey, aDeleteKey, aDeleteSecretKey,
aKMode, aKModeC, aChangePass, aImport, aVerify, aDecrypt, aListKeys, aKMode, aKModeC, aChangePass, aImport, aVerify, aDecrypt, aListKeys,
aListSigs, aKeyadd, aListSecretKeys, aListSigs, aKeyadd, aListSecretKeys,
aExport, aExportSecret, aExport, aExportSecret,
aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs, aCheckKeys, aGenRevoke, aPrimegen, aPrintMD, aPrintMDs,
aListTrustDB, aListTrustPath, aDeArmor, aEnArmor, aGenRandom, aTest, aListTrustDB, aListTrustPath, aListOwnerTrust,
aNOP }; aDeArmor, aEnArmor, aGenRandom,
aTest };
static char *build_list( const char *text, static char *build_list( const char *text,
@ -358,8 +358,6 @@ check_opts(void)
{ {
if( !opt.def_cipher_algo || check_cipher_algo(opt.def_cipher_algo) ) if( !opt.def_cipher_algo || check_cipher_algo(opt.def_cipher_algo) )
log_error(_("selected cipher algorithm is invalid\n")); log_error(_("selected cipher algorithm is invalid\n"));
if( !opt.def_pubkey_algo || check_pubkey_algo(opt.def_pubkey_algo) )
log_error(_("selected pubkey algorithm is invalid\n"));
if( opt.def_digest_algo && check_digest_algo(opt.def_digest_algo) ) if( opt.def_digest_algo && check_digest_algo(opt.def_digest_algo) )
log_error(_("selected digest algorithm is invalid\n")); log_error(_("selected digest algorithm is invalid\n"));
if( opt.def_compress_algo < 1 || opt.def_compress_algo > 2 ) if( opt.def_compress_algo < 1 || opt.def_compress_algo > 2 )
@ -414,7 +412,6 @@ main( int argc, char **argv )
opt.compress = -1; /* defaults to standard compress level */ opt.compress = -1; /* defaults to standard compress level */
/* fixme: set the next two to zero and decide where used */ /* fixme: set the next two to zero and decide where used */
opt.def_cipher_algo = DEFAULT_CIPHER_ALGO; opt.def_cipher_algo = DEFAULT_CIPHER_ALGO;
opt.def_pubkey_algo = DEFAULT_PUBKEY_ALGO;
opt.def_digest_algo = 0; opt.def_digest_algo = 0;
opt.def_compress_algo = 2; opt.def_compress_algo = 2;
opt.completes_needed = 1; opt.completes_needed = 1;
@ -510,14 +507,11 @@ main( int argc, char **argv )
case 506: set_cmd( &cmd, aSignKey); break; case 506: set_cmd( &cmd, aSignKey); break;
case 507: set_cmd( &cmd, aStore); break; case 507: set_cmd( &cmd, aStore); break;
case 523: set_passphrase_fd( pargs.r.ret_int ); break; case 523: set_passphrase_fd( pargs.r.ret_int ); break;
case 524: set_cmd( &cmd, aEditSig); break; case 524: set_cmd( &cmd, aEditKey); break;
case 525: set_cmd( &cmd, aChangePass); break; case 525: set_cmd( &cmd, aChangePass); break;
case 527: case 527:
opt.def_cipher_algo = string_to_cipher_algo(pargs.r.ret_str); opt.def_cipher_algo = string_to_cipher_algo(pargs.r.ret_str);
break; break;
case 528:
opt.def_pubkey_algo = string_to_pubkey_algo(pargs.r.ret_str);
break;
case 529: case 529:
opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str); opt.def_digest_algo = string_to_digest_algo(pargs.r.ret_str);
break; break;
@ -527,7 +521,6 @@ main( int argc, char **argv )
case 550: set_cmd( &cmd, aVerify); break; case 550: set_cmd( &cmd, aVerify); break;
#else #else
case 527: case 527:
case 528:
case 529: case 529:
break; break;
#endif /* !IS_G10 */ #endif /* !IS_G10 */
@ -543,6 +536,7 @@ main( int argc, char **argv )
case 547: set_cmd( &cmd, aEnArmor); break; case 547: set_cmd( &cmd, aEnArmor); break;
case 548: set_cmd( &cmd, aGenRandom); break; case 548: set_cmd( &cmd, aGenRandom); break;
case 555: set_cmd( &cmd, aPrintMD); break; case 555: set_cmd( &cmd, aPrintMD); break;
case 564: set_cmd( &cmd, aListOwnerTrust); break;
#endif /* IS_G10MAINT */ #endif /* IS_G10MAINT */
case 'o': opt.outfile = pargs.r.ret_str; break; case 'o': opt.outfile = pargs.r.ret_str; break;
@ -581,7 +575,6 @@ main( int argc, char **argv )
case 536: opt.marginals_needed = pargs.r.ret_int; break; case 536: opt.marginals_needed = pargs.r.ret_int; break;
case 537: set_cmd( &cmd, aExport); break; case 537: set_cmd( &cmd, aExport); break;
case 538: trustdb_name = pargs.r.ret_str; break; case 538: trustdb_name = pargs.r.ret_str; break;
case 541: set_cmd( &cmd, aNOP); break;
case 543: break; /* no-options */ case 543: break; /* no-options */
case 544: opt.homedir = pargs.r.ret_str; break; case 544: opt.homedir = pargs.r.ret_str; break;
case 545: opt.batch = 0; break; case 545: opt.batch = 0; break;
@ -692,6 +685,7 @@ main( int argc, char **argv )
if( opt.with_colons ) /* need this to list the trust */ if( opt.with_colons ) /* need this to list the trust */
rc = init_trustdb(1, trustdb_name ); rc = init_trustdb(1, trustdb_name );
break; break;
case aListOwnerTrust: rc = init_trustdb( 0, trustdb_name ); break;
case aListTrustDB: rc = init_trustdb( argc? 1:0, trustdb_name ); break; case aListTrustDB: rc = init_trustdb( argc? 1:0, trustdb_name ); break;
default: rc = init_trustdb(1, trustdb_name ); break; default: rc = init_trustdb(1, trustdb_name ); break;
} }
@ -784,9 +778,9 @@ main( int argc, char **argv )
log_error("%s: sign key failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) ); log_error("%s: sign key failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) );
break; break;
case aEditSig: /* Edit a key signature */ case aEditKey: /* Edit a key signature */
if( argc != 1 ) if( argc != 1 )
wrong_args(_("--edit-sig username")); wrong_args(_("--edit-key username"));
/* note: fname is the user id! */ /* note: fname is the user id! */
if( (rc = edit_keysigs(fname)) ) if( (rc = edit_keysigs(fname)) )
log_error("%s: edit signature failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) ); log_error("%s: edit signature failed: %s\n", print_fname_stdin(fname), g10_errstr(rc) );
@ -1003,12 +997,15 @@ main( int argc, char **argv )
list_trust_path( atoi(*argv), argv[1] ); list_trust_path( atoi(*argv), argv[1] );
break; break;
case aListOwnerTrust:
if( argc )
wrong_args("--list-ownertrust");
list_ownertrust();
break;
#endif /* IS_G10MAINT */ #endif /* IS_G10MAINT */
case aNOP:
break;
case aListPackets: case aListPackets:
opt.list_packets=1; opt.list_packets=1;
default: default:
@ -1053,6 +1050,20 @@ g10_exit( int rc )
exit(rc ); exit(rc );
} }
void
do_not_use_RSA()
{
static int did_rsa_note = 0;
if( !did_rsa_note ) {
did_rsa_note = 1;
log_info(_("RSA keys are depreciated; please consider "
"creating a new key and use this key in the future\n"));
}
}
#ifdef IS_G10MAINT #ifdef IS_G10MAINT
static void static void
print_hex( byte *p, size_t n ) print_hex( byte *p, size_t n )
@ -1159,41 +1170,6 @@ print_mds( const char *fname, int algo )
static void static void
do_test(int times) do_test(int times)
{ {
MPI base[4];
MPI exp[4];
MPI t1 = mpi_alloc(50);
MPI t2 = mpi_alloc(50);
MPI t3 = mpi_alloc(50);
MPI tmp= mpi_alloc(50);
MPI m = mpi_alloc(50);
MPI res = mpi_alloc(50);
mpi_fromstr( m, "0x10000000000000000000000000" );
base[0] = mpi_alloc_set_ui( 3 );
mpi_fromstr( base[0], "0x145984358945989898495ffdd13" );
base[1] = mpi_alloc_set_ui( 5 );
mpi_fromstr( base[1], "0x000effff9999000000001100001" );
base[2] = mpi_alloc_set_ui( 2 );
mpi_fromstr( base[2], "0x499eeeaaaaa0444444545466672" );
base[3] = NULL;
exp[0] = mpi_alloc_set_ui( 30 );
exp[1] = mpi_alloc_set_ui( 10 );
mpi_fromstr( exp[1], "0x3457878888888888aabbbccccc1" );
exp[2] = mpi_alloc_set_ui( 24 );
exp[3] = NULL;
mpi_powm( t1, base[0], exp[0], m );
mpi_powm( t2, base[1], exp[1], m );
mpi_powm( t3, base[2], exp[2], m );
mpi_mulm( tmp, t1, t2, m );
mpi_mulm( t1, tmp, t3, m );
log_mpidump("X=", t1 );
mpi_mulpowm( res, base, exp, m );
log_mpidump("X=", res );
m_check(NULL); m_check(NULL);
} }
#endif /* IS_G10MAINT */ #endif /* IS_G10MAINT */

@ -76,12 +76,15 @@ static int lookup_sk( PKT_secret_key *sk,
int mode, u32 *keyid, const char *name ); int mode, u32 *keyid, const char *name );
/* note this function may be called before secure memory is /* note this function may be called before secure memory is
* available */ * available
* The first keyring which is added by this function is
* created if it does not exist.
*/
void void
add_keyring( const char *name ) add_keyring( const char *name )
{ {
STRLIST sl; STRLIST sl;
int rc; int rc, force = !keyrings;
if( *name != '/' ) { /* do tilde expansion etc */ if( *name != '/' ) { /* do tilde expansion etc */
char *p ; char *p ;
@ -90,22 +93,17 @@ add_keyring( const char *name )
p = make_filename(name, NULL); p = make_filename(name, NULL);
else else
p = make_filename(opt.homedir, name, NULL); p = make_filename(opt.homedir, name, NULL);
sl = m_alloc( sizeof *sl + strlen(p) ); sl = append_to_strlist( &keyrings, p );
strcpy(sl->d, p );
m_free(p); m_free(p);
} }
else { else
sl = m_alloc( sizeof *sl + strlen(name) ); sl = append_to_strlist( &keyrings, name );
strcpy(sl->d, name );
}
sl->next = keyrings;
keyrings = sl;
/* fixme: We should remove much out of this module and /* fixme: We should remove much out of this module and
* combine it with the keyblock stuff from ringedit.c * combine it with the keyblock stuff from ringedit.c
* For now we will simple add the filename as keyblock resource * For now we will simple add the filename as keyblock resource
*/ */
rc = add_keyblock_resource( sl->d, 0, 0 ); rc = add_keyblock_resource( sl->d, force, 0 );
if( rc ) if( rc )
log_error("keyblock resource '%s': %s\n", sl->d, g10_errstr(rc) ); log_error("keyblock resource '%s': %s\n", sl->d, g10_errstr(rc) );
} }
@ -139,7 +137,7 @@ void
add_secret_keyring( const char *name ) add_secret_keyring( const char *name )
{ {
STRLIST sl; STRLIST sl;
int rc; int rc, force = !secret_keyrings;
if( *name != '/' ) { /* do tilde expansion etc */ if( *name != '/' ) { /* do tilde expansion etc */
char *p ; char *p ;
@ -148,22 +146,17 @@ add_secret_keyring( const char *name )
p = make_filename(name, NULL); p = make_filename(name, NULL);
else else
p = make_filename(opt.homedir, name, NULL); p = make_filename(opt.homedir, name, NULL);
sl = m_alloc( sizeof *sl + strlen(p) ); sl = append_to_strlist( &secret_keyrings, p );
strcpy(sl->d, p );
m_free(p); m_free(p);
} }
else { else
sl = m_alloc( sizeof *sl + strlen(name) ); sl = append_to_strlist( &secret_keyrings, name );
strcpy(sl->d, name );
}
sl->next = secret_keyrings;
secret_keyrings = sl;
/* fixme: We should remove much out of this module and /* fixme: We should remove much out of this module and
* combine it with the keyblock stuff from ringedit.c * combine it with the keyblock stuff from ringedit.c
* For now we will simple add the filename as keyblock resource * For now we will simple add the filename as keyblock resource
*/ */
rc = add_keyblock_resource( sl->d, 0, 1 ); rc = add_keyblock_resource( sl->d, force, 1 );
if( rc ) if( rc )
log_error("secret keyblock resource '%s': %s\n", sl->d, g10_errstr(rc)); log_error("secret keyblock resource '%s': %s\n", sl->d, g10_errstr(rc));
} }
@ -648,6 +641,7 @@ add_stuff_from_selfsig( KBNODE keyblock, KBNODE knode )
} }
} }
/**************** /****************
* Lookup a key by scanning all keyrings * Lookup a key by scanning all keyrings
* mode 1 = lookup by NAME (exact) * mode 1 = lookup by NAME (exact)
@ -696,7 +690,12 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
|| kk->pkt->pkttype == PKT_PUBLIC_SUBKEY ) || kk->pkt->pkttype == PKT_PUBLIC_SUBKEY )
&& ( !pk->pubkey_algo && ( !pk->pubkey_algo
|| pk->pubkey_algo || pk->pubkey_algo
== kk->pkt->pkt.public_key->pubkey_algo)) == kk->pkt->pkt.public_key->pubkey_algo)
&& ( !pk->pubkey_usage
|| !check_pubkey_algo2(
kk->pkt->pkt.public_key->pubkey_algo,
pk->pubkey_usage ))
)
break; break;
if( kk ) { if( kk ) {
u32 aki[2]; u32 aki[2];
@ -711,6 +710,9 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
} }
} }
else { /* keyid or fingerprint lookup */ else { /* keyid or fingerprint lookup */
/* No need to compare the usage here, as we already have the
* keyid to use
*/
if( DBG_CACHE && (mode== 10 || mode==11) ) { if( DBG_CACHE && (mode== 10 || mode==11) ) {
log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n", log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n",
(ulong)keyid[0], (ulong)keyid[1], (ulong)keyid[0], (ulong)keyid[1],

@ -249,6 +249,18 @@ g10_exit( int rc )
exit(rc ); exit(rc );
} }
void
do_not_use_RSA()
{
static int did_rsa_note = 0;
if( !did_rsa_note ) {
did_rsa_note = 1;
log_info("RSA keys are depreciated; please consider "
"creating a new key and use this key in the future\n");
}
}
static void static void
become_daemon() become_daemon()

@ -125,7 +125,7 @@ import_keys( const char *fname )
} }
if( rc == -1 ) if( rc == -1 )
rc = 0; rc = 0;
else if( rc ) else if( rc && rc != G10ERR_INV_KEYRING )
log_error("%s: read error: %s\n", fname, g10_errstr(rc)); log_error("%s: read error: %s\n", fname, g10_errstr(rc));
iobuf_close(inp); iobuf_close(inp);

@ -75,8 +75,9 @@ sign_it_p( PKT_public_key *pk, PKT_user_id *uid )
char *answer; char *answer;
int yes; int yes;
tty_printf("\nAre you really sure that you want to sign this key:\n\n" tty_printf("\n");
"%4u%c/%08lX %s ", tty_printf(_("Are you really sure that you want to sign this key:\n\n"));
tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pk( pk ), nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ), pubkey_letter( pk->pubkey_algo ),
(ulong)keyid_from_pk( pk, NULL ), (ulong)keyid_from_pk( pk, NULL ),
@ -85,7 +86,7 @@ sign_it_p( PKT_public_key *pk, PKT_user_id *uid )
tty_printf("\n"); tty_printf("\n");
show_fingerprint(pk); show_fingerprint(pk);
tty_printf("\n"); tty_printf("\n");
answer = tty_get("Sign this key? "); answer = tty_get(_("Sign this key? "));
tty_kill_prompt(); tty_kill_prompt();
yes = answer_is_yes(answer); yes = answer_is_yes(answer);
m_free(answer); m_free(answer);
@ -141,11 +142,11 @@ check_all_keysigs( KBNODE keyblock )
} }
} }
if( inv_sigs ) if( inv_sigs )
tty_printf("%d bad signatures\n", inv_sigs ); tty_printf(_("%d bad signatures\n"), inv_sigs );
if( no_key ) if( no_key )
tty_printf("No public key for %d signatures\n", no_key ); tty_printf(_("No public key for %d signatures\n"), no_key );
if( oth_err ) if( oth_err )
tty_printf("%d signatures not checked due to errors\n", oth_err ); tty_printf(_("%d signatures not checked due to errors\n"), oth_err );
return inv_sigs || no_key || oth_err; return inv_sigs || no_key || oth_err;
} }
@ -172,7 +173,7 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all )
tty_printf("\n \"%08lX %s ", tty_printf("\n \"%08lX %s ",
sig->keyid[1], datestr_from_sig(sig)); sig->keyid[1], datestr_from_sig(sig));
if( node->flag & 6 ) if( node->flag & 6 )
tty_printf("[User name not available] "); tty_printf(_("[User name not available] "));
else { else {
size_t n; size_t n;
char *p = get_user_id( sig->keyid, &n ); char *p = get_user_id( sig->keyid, &n );
@ -181,18 +182,19 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all )
} }
tty_printf("\"\n"); tty_printf("\"\n");
if( node->flag & 1 ) if( node->flag & 1 )
tty_printf("This is a BAD signature!\n"); tty_printf(_("This is a BAD signature!\n"));
else if( node->flag & 2 ) else if( node->flag & 2 )
tty_printf("Public key not available.\n"); tty_printf(_("Public key not available.\n"));
else if( node->flag & 4 ) else if( node->flag & 4 )
tty_printf("The signature could not be checked!\n"); tty_printf(_("The signature could not be checked!\n"));
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) { if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] ) {
tty_printf("Skipped self-signature\n"); tty_printf(_("Skipped self-signature\n"));
continue; /* do not remove self-signatures */ continue; /* do not remove self-signatures */
} }
answer = tty_get("\nRemove this signature? "); tty_printf("\n");
answer = tty_get(_("Remove this signature? "));
tty_kill_prompt(); tty_kill_prompt();
if( answer_is_yes(answer) ) { if( answer_is_yes(answer) ) {
node->flag |= 128; /* use bit 7 to mark this node */ node->flag |= 128; /* use bit 7 to mark this node */
@ -204,7 +206,7 @@ remove_keysigs( KBNODE keyblock, u32 *keyid, int all )
if( !count ) if( !count )
return 0; /* nothing to remove */ return 0; /* nothing to remove */
answer = tty_get("Do you really want to remove the selected signatures? "); answer = tty_get(_("Do you really want to remove the selected signatures? "));
tty_kill_prompt(); tty_kill_prompt();
yes = answer_is_yes(answer); yes = answer_is_yes(answer);
m_free(answer); m_free(answer);
@ -245,7 +247,7 @@ sign_key( const char *username, STRLIST locusr )
/* search the userid */ /* search the userid */
rc = find_keyblock_byname( &kbpos, username ); rc = find_keyblock_byname( &kbpos, username );
if( rc ) { if( rc ) {
log_error("user '%s' not found\n", username ); log_error(_("%s: user not found\n"), username );
goto leave; goto leave;
} }
@ -272,7 +274,7 @@ sign_key( const char *username, STRLIST locusr )
pk = node->pkt->pkt.public_key; pk = node->pkt->pkt.public_key;
keyid_from_pk( pk, pk_keyid ); keyid_from_pk( pk, pk_keyid );
log_info("Checking signatures of this public key certificate:\n"); tty_printf(_("Checking signatures of this public key certificate:\n"));
tty_printf("pub %4u%c/%08lX %s ", tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pk( pk ), nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ), pubkey_letter( pk->pubkey_algo ),
@ -289,7 +291,8 @@ sign_key( const char *username, STRLIST locusr )
if( check_all_keysigs( keyblock ) ) { if( check_all_keysigs( keyblock ) ) {
if( !opt.batch ) { if( !opt.batch ) {
/* ask whether we really should do anything */ /* ask whether we really should do anything */
answer = tty_get("To you want to remove some of the invalid sigs? "); answer = tty_get(
_("To you want to remove some of the invalid sigs? "));
tty_kill_prompt(); tty_kill_prompt();
if( answer_is_yes(answer) ) if( answer_is_yes(answer) )
remove_keysigs( keyblock, pk_keyid, 0 ); remove_keysigs( keyblock, pk_keyid, 0 );
@ -309,7 +312,7 @@ sign_key( const char *username, STRLIST locusr )
&& (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) { && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) {
if( akeyid[0] == node->pkt->pkt.signature->keyid[0] if( akeyid[0] == node->pkt->pkt.signature->keyid[0]
&& akeyid[1] == node->pkt->pkt.signature->keyid[1] ) { && akeyid[1] == node->pkt->pkt.signature->keyid[1] ) {
log_info("Already signed by keyid %08lX\n", log_info(_("Already signed by keyid %08lX\n"),
(ulong)akeyid[1] ); (ulong)akeyid[1] );
sk_rover->mark = 0; sk_rover->mark = 0;
} }
@ -321,7 +324,7 @@ sign_key( const char *username, STRLIST locusr )
break; break;
} }
if( !sk_rover ) { if( !sk_rover ) {
log_info("Nothing to sign\n"); log_info(_("Nothing to sign\n"));
goto leave; goto leave;
} }
@ -390,7 +393,7 @@ edit_keysigs( const char *username )
/* search the userid */ /* search the userid */
rc = find_keyblock_byname( &kbpos, username ); rc = find_keyblock_byname( &kbpos, username );
if( rc ) { if( rc ) {
log_error("%s: user not found\n", username ); log_error(_("%s: user not found\n"), username );
goto leave; goto leave;
} }
@ -411,7 +414,7 @@ edit_keysigs( const char *username )
pk = node->pkt->pkt.public_key; pk = node->pkt->pkt.public_key;
keyid_from_pk( pk, pk_keyid ); keyid_from_pk( pk, pk_keyid );
log_info("Checking signatures of this public key certificate:\n"); tty_printf(_("Checking signatures of this public key certificate:\n"));
tty_printf("pub %4u%c/%08lX %s ", tty_printf("pub %4u%c/%08lX %s ",
nbits_from_pk( pk ), nbits_from_pk( pk ),
pubkey_letter( pk->pubkey_algo ), pubkey_letter( pk->pubkey_algo ),
@ -459,7 +462,7 @@ delete_key( const char *username, int secret )
rc = secret? find_secret_keyblock_byname( &kbpos, username ) rc = secret? find_secret_keyblock_byname( &kbpos, username )
: find_keyblock_byname( &kbpos, username ); : find_keyblock_byname( &kbpos, username );
if( rc ) { if( rc ) {
log_error("%s: user not found\n", username ); log_error(_("%s: user not found\n"), username );
goto leave; goto leave;
} }
@ -622,10 +625,10 @@ change_passphrase( const char *username )
rc = G10ERR_PUBKEY_ALGO; rc = G10ERR_PUBKEY_ALGO;
break; break;
case 0: case 0:
tty_printf("This key is not protected.\n"); tty_printf(_("This key is not protected.\n"));
break; break;
default: default:
tty_printf("Key is protected.\n"); tty_printf(_("Key is protected.\n"));
rc = check_secret_key( sk ); rc = check_secret_key( sk );
if( !rc ) if( !rc )
passphrase = get_last_passphrase(); passphrase = get_last_passphrase();
@ -644,7 +647,7 @@ change_passphrase( const char *username )
} }
if( rc ) if( rc )
tty_printf("Can't edit this key: %s\n", g10_errstr(rc)); tty_printf(_("Can't edit this key: %s\n"), g10_errstr(rc));
else { else {
DEK *dek = NULL; DEK *dek = NULL;
STRING2KEY *s2k = m_alloc_secure( sizeof *s2k ); STRING2KEY *s2k = m_alloc_secure( sizeof *s2k );

@ -43,6 +43,7 @@ typedef struct {
#else #else
void g10_exit(int rc); void g10_exit(int rc);
#endif #endif
void do_not_use_RSA(void);
/*-- misc.c --*/ /*-- misc.c --*/
void trap_unaligned(void); void trap_unaligned(void);

@ -37,7 +37,7 @@ struct {
int no_armor; int no_armor;
int list_packets; /* list-packets mode */ int list_packets; /* list-packets mode */
int def_cipher_algo; int def_cipher_algo;
int def_pubkey_algo; int reserved;
int def_digest_algo; int def_digest_algo;
int def_compress_algo; int def_compress_algo;
int no_comment; int no_comment;

@ -109,6 +109,7 @@ typedef struct {
byte hdrbytes; /* number of header bytes */ byte hdrbytes; /* number of header bytes */
byte version; byte version;
byte pubkey_algo; /* algorithm used for public key scheme */ byte pubkey_algo; /* algorithm used for public key scheme */
byte pubkey_usage; /* for now only used to pass it to getkey() */
ulong local_id; /* internal use, valid if > 0 */ ulong local_id; /* internal use, valid if > 0 */
MPI pkey[PUBKEY_MAX_NPKEY]; MPI pkey[PUBKEY_MAX_NPKEY];
} PKT_public_key; } PKT_public_key;
@ -119,6 +120,7 @@ typedef struct {
byte hdrbytes; /* number of header bytes */ byte hdrbytes; /* number of header bytes */
byte version; byte version;
byte pubkey_algo; /* algorithm used for public key scheme */ byte pubkey_algo; /* algorithm used for public key scheme */
byte pubkey_usage;
byte is_protected; /* The secret info is protected and must */ byte is_protected; /* The secret info is protected and must */
/* be decrypted before use, the protected */ /* be decrypted before use, the protected */
/* MPIs are simply (void*) pointers to memory */ /* MPIs are simply (void*) pointers to memory */

@ -203,7 +203,7 @@ static int
parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos, parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
int *skip, IOBUF out, int do_skip ) int *skip, IOBUF out, int do_skip )
{ {
int rc, c, ctb, pkttype, lenbytes; int rc=0, c, ctb, pkttype, lenbytes;
unsigned long pktlen; unsigned long pktlen;
byte hdr[8]; byte hdr[8];
int hdrlen; int hdrlen;
@ -213,13 +213,16 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
assert( !pkt->pkt.generic ); assert( !pkt->pkt.generic );
if( retpos ) if( retpos )
*retpos = iobuf_tell(inp); *retpos = iobuf_tell(inp);
if( (ctb = iobuf_get(inp)) == -1 ) if( (ctb = iobuf_get(inp)) == -1 ) {
return -1; rc = -1;
goto leave;
}
hdrlen=0; hdrlen=0;
hdr[hdrlen++] = ctb; hdr[hdrlen++] = ctb;
if( !(ctb & 0x80) ) { if( !(ctb & 0x80) ) {
log_error("%s: invalid packet (ctb=%02x)\n", iobuf_where(inp), ctb ); log_error("%s: invalid packet (ctb=%02x)\n", iobuf_where(inp), ctb );
return G10ERR_INVALID_PACKET; rc = G10ERR_INVALID_PACKET;
goto leave;
} }
pktlen = 0; pktlen = 0;
new_ctb = !!(ctb & 0x40); new_ctb = !!(ctb & 0x40);
@ -227,7 +230,8 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
pkttype = ctb & 0x3f; pkttype = ctb & 0x3f;
if( (c = iobuf_get(inp)) == -1 ) { if( (c = iobuf_get(inp)) == -1 ) {
log_error("%s: 1st length byte missing\n", iobuf_where(inp) ); log_error("%s: 1st length byte missing\n", iobuf_where(inp) );
return G10ERR_INVALID_PACKET; rc = G10ERR_INVALID_PACKET;
goto leave;
} }
hdr[hdrlen++] = c; hdr[hdrlen++] = c;
if( c < 192 ) if( c < 192 )
@ -236,7 +240,8 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
pktlen = (c - 192) * 256; pktlen = (c - 192) * 256;
if( (c = iobuf_get(inp)) == -1 ) { if( (c = iobuf_get(inp)) == -1 ) {
log_error("%s: 2nd length byte missing\n", iobuf_where(inp) ); log_error("%s: 2nd length byte missing\n", iobuf_where(inp) );
return G10ERR_INVALID_PACKET; rc = G10ERR_INVALID_PACKET;
goto leave;
} }
hdr[hdrlen++] = c; hdr[hdrlen++] = c;
pktlen += c + 192; pktlen += c + 192;
@ -247,7 +252,8 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8; pktlen |= (hdr[hdrlen++] = iobuf_get_noeof(inp)) << 8;
if( (c = iobuf_get(inp)) == -1 ) { if( (c = iobuf_get(inp)) == -1 ) {
log_error("%s: 4 byte length invalid\n", iobuf_where(inp) ); log_error("%s: 4 byte length invalid\n", iobuf_where(inp) );
return G10ERR_INVALID_PACKET; rc = G10ERR_INVALID_PACKET;
goto leave;
} }
pktlen |= (hdr[hdrlen++] = c ); pktlen |= (hdr[hdrlen++] = c );
} }
@ -277,13 +283,14 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
rc = G10ERR_WRITE_FILE; rc = G10ERR_WRITE_FILE;
else else
rc = copy_packet(inp, out, pkttype, pktlen ); rc = copy_packet(inp, out, pkttype, pktlen );
return rc; goto leave;
} }
if( do_skip || !pkttype || (reqtype && pkttype != reqtype) ) { if( do_skip || !pkttype || (reqtype && pkttype != reqtype) ) {
skip_packet(inp, pkttype, pktlen); skip_packet(inp, pkttype, pktlen);
*skip = 1; *skip = 1;
return 0; rc = 0;
goto leave;
} }
if( DBG_PACKET ) if( DBG_PACKET )
@ -341,6 +348,9 @@ parse( IOBUF inp, PACKET *pkt, int reqtype, ulong *retpos,
break; break;
} }
leave:
if( rc == -1 && iobuf_error(inp) )
rc = G10ERR_INV_KEYRING;
return rc; return rc;
} }
@ -925,6 +935,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
sk->hdrbytes = hdrlen; sk->hdrbytes = hdrlen;
sk->version = version; sk->version = version;
sk->pubkey_algo = algorithm; sk->pubkey_algo = algorithm;
sk->pubkey_usage = 0; /* not yet used */
} }
else { else {
PKT_public_key *pk = pkt->pkt.public_key; PKT_public_key *pk = pkt->pkt.public_key;
@ -934,6 +945,7 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
pk->hdrbytes = hdrlen; pk->hdrbytes = hdrlen;
pk->version = version; pk->version = version;
pk->pubkey_algo = algorithm; pk->pubkey_algo = algorithm;
pk->pubkey_usage = 0; /* not yet used */
} }
nskey = pubkey_get_nskey( algorithm ); nskey = pubkey_get_nskey( algorithm );
npkey = pubkey_get_npkey( algorithm ); npkey = pubkey_get_npkey( algorithm );

@ -317,9 +317,10 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
if( pk ) if( pk )
free_public_key( pk ); free_public_key( pk );
pk = m_alloc_clear( sizeof *pk ); pk = m_alloc_clear( sizeof *pk );
pk->pubkey_usage = usage;
rc = get_pubkey_byname( pk, answer ); rc = get_pubkey_byname( pk, answer );
if( rc ) if( rc )
tty_printf("No such user ID.\n"); tty_printf(_("No such user ID.\n"));
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage)) ) { else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage)) ) {
int trustlevel; int trustlevel;
@ -350,9 +351,10 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
for(; remusr; remusr = remusr->next ) { for(; remusr; remusr = remusr->next ) {
pk = m_alloc_clear( sizeof *pk ); pk = m_alloc_clear( sizeof *pk );
pk->pubkey_usage = usage;
if( (rc = get_pubkey_byname( pk, remusr->d )) ) { if( (rc = get_pubkey_byname( pk, remusr->d )) ) {
free_public_key( pk ); pk = NULL; free_public_key( pk ); pk = NULL;
log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) ); log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
} }
else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage )) ) { else if( !(rc=check_pubkey_algo2(pk->pubkey_algo, usage )) ) {
int trustlevel; int trustlevel;
@ -360,7 +362,7 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
rc = check_trust( pk, &trustlevel ); rc = check_trust( pk, &trustlevel );
if( rc ) { if( rc ) {
free_public_key( pk ); pk = NULL; free_public_key( pk ); pk = NULL;
log_error("error checking pk of '%s': %s\n", log_error(_("%s: error checking key: %s\n"),
remusr->d, g10_errstr(rc) ); remusr->d, g10_errstr(rc) );
} }
else if( do_we_trust_pre( pk, trustlevel ) ) { else if( do_we_trust_pre( pk, trustlevel ) ) {
@ -379,14 +381,14 @@ build_pk_list( STRLIST remusr, PK_LIST *ret_pk_list, unsigned usage )
} }
else { else {
free_public_key( pk ); pk = NULL; free_public_key( pk ); pk = NULL;
log_error("skipped '%s': %s\n", remusr->d, g10_errstr(rc) ); log_error(_("%s: skipped: %s\n"), remusr->d, g10_errstr(rc) );
} }
} }
} }
if( !rc && !pk_list ) { if( !rc && !pk_list ) {
log_error("no valid addressees\n"); log_error(_("no valid addressees\n"));
rc = G10ERR_NO_USER_ID; rc = G10ERR_NO_USER_ID;
} }

81
g10/pref.c Normal file

@ -0,0 +1,81 @@
/* pref.c
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#define DEFINES_PREF_LIST 1
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include "errors.h"
#include "memory.h"
#include "util.h"
#include "ttyio.h"
#include "i18n.h"
#include "pref.h"
#define N_CIPHERS 3
#define N_DIGESTS 4
#define N_COMPRS 3
struct pref_list_s {
PREF_LIST *extend; /* if we need more, we link them together */
byte cipher[N_CIPHERS]; /* cipher algos */
byte digest[N_DIGESTS]; /* digest algos */
byte compr [N_COMPRS ]; /* compress algos (a 255 denotes no compression)*/
};
#if 0
PREF_LIST
new_pref_list()
{
return m_alloc_clear( sizeof(*PREF_LIST) );
}
void
release_pref_list( PREF_LIST pref )
{
while( pref ) {
PREF_LIST tmp = pref->extend;
m_free( pref );
pref = tmp;
}
}
PREF_LIST
copy_pref_list( PREF_LIST s )
{
PREF_LIST ss, ss, d = new_pref_list();
*d = *s;
for( ss = s->extend; ss; ss = ss->extend ) {
WORK WORK WORK
d->extend = new_pref_list();
*d->extend = *ss;
}
return d;
}
#endif

42
g10/pref.h Normal file

@ -0,0 +1,42 @@
/* pref.h
* Copyright (C) 1998 Free Software Foundation, Inc.
*
* This file is part of GNUPG.
*
* GNUPG is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#ifndef G10_PREF_H
#define G10_PREF_H 1
/* a structure to hold information abopu preferred algorithms */
typedef struct pref_list_s *PREF_LIST;
#ifndef DEFINES_PREF_LIST
struct pref_list_s { char preference_stuff[1]; };
#endif
PREF_LIST new_pref_list(void);
void release_pref_list( PREF_LIST pref );
#endif /*G10_PREF_H*/

@ -117,6 +117,17 @@ add_keyblock_resource( const char *filename, int force, int secret )
if( !iobuf && !force ) if( !iobuf && !force )
return G10ERR_OPEN_FILE; return G10ERR_OPEN_FILE;
#endif #endif
if( !iobuf ) {
iobuf = iobuf_create( filename );
if( !iobuf ) {
log_error("%s: can't create: %s\n", filename, strerror(errno));
return G10ERR_OPEN_FILE;
}
else
log_info("%s: keyring created\n", filename );
}
resource_table[i].used = 1; resource_table[i].used = 1;
resource_table[i].secret = !!secret; resource_table[i].secret = !!secret;
resource_table[i].fname = m_strdup(filename); resource_table[i].fname = m_strdup(filename);
@ -726,6 +737,8 @@ keyring_copy( KBPOS *kbpos, int mode, KBNODE root )
log_error("%s: can't create: %s\n", rentry->fname, strerror(errno)); log_error("%s: can't create: %s\n", rentry->fname, strerror(errno));
return G10ERR_OPEN_FILE; return G10ERR_OPEN_FILE;
} }
else
log_info("%s: keyring created\n", rentry->fname );
kbctx=NULL; kbctx=NULL;
while( (node = walk_kbnode( root, &kbctx, 0 )) ) { while( (node = walk_kbnode( root, &kbctx, 0 )) ) {

@ -46,6 +46,9 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
byte *dp; byte *dp;
int rc; int rc;
if( is_RSA(sk->pubkey_algo) )
do_not_use_RSA();
if( !digest_algo ) if( !digest_algo )
digest_algo = md_get_algo(md); digest_algo = md_get_algo(md);
@ -166,12 +169,12 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
if( fname && filenames->next && (!detached || encrypt) ) if( fname && filenames->next && (!detached || encrypt) )
log_bug("multiple files can only be detached signed"); log_bug("multiple files can only be detached signed");
if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) ) if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave; goto leave;
if( !old_style ) if( !old_style )
old_style = only_old_style( sk_list ); old_style = only_old_style( sk_list );
if( encrypt ) { if( encrypt ) {
if( (rc=build_pk_list( remusr, &pk_list, 2 )) ) if( (rc=build_pk_list( remusr, &pk_list, PUBKEY_USAGE_ENC )) )
goto leave; goto leave;
} }
@ -314,6 +317,7 @@ sign_file( STRLIST filenames, int detached, STRLIST locusr,
pt->timestamp = make_timestamp(); pt->timestamp = make_timestamp();
pt->mode = opt.textmode && !outfile ? 't':'b'; pt->mode = opt.textmode && !outfile ? 't':'b';
pt->len = filesize; pt->len = filesize;
pt->new_ctb = !pt->len && !opt.rfc1991;
pt->buf = inp; pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT; pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt; pkt.pkt.plaintext = pt;
@ -461,12 +465,13 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
SK_LIST sk_list = NULL; SK_LIST sk_list = NULL;
SK_LIST sk_rover = NULL; SK_LIST sk_rover = NULL;
int old_style = opt.rfc1991; int old_style = opt.rfc1991;
int only_md5 = 0;
memset( &afx, 0, sizeof afx); memset( &afx, 0, sizeof afx);
memset( &tfx, 0, sizeof tfx); memset( &tfx, 0, sizeof tfx);
init_packet( &pkt ); init_packet( &pkt );
if( (rc=build_sk_list( locusr, &sk_list, 1, 1 )) ) if( (rc=build_sk_list( locusr, &sk_list, 1, PUBKEY_USAGE_SIG )) )
goto leave; goto leave;
if( !old_style ) if( !old_style )
old_style = only_old_style( sk_list ); old_style = only_old_style( sk_list );
@ -493,18 +498,36 @@ clearsign_file( const char *fname, STRLIST locusr, const char *outfile )
goto leave; goto leave;
} }
/* FIXME: This stuff is not correct if multiple hash algos are used*/
iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----\n" ); iobuf_writestr(out, "-----BEGIN PGP SIGNED MESSAGE-----\n" );
if( old_style
|| (opt.def_digest_algo?opt.def_digest_algo:DEFAULT_DIGEST_ALGO) for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
== DIGEST_ALGO_MD5 ) PKT_secret_key *sk = sk_rover->sk;
if( hash_for(sk->pubkey_algo) == DIGEST_ALGO_MD5 )
only_md5 = 1;
else {
only_md5 = 0;
break;
}
}
if( old_style || only_md5 )
iobuf_writestr(out, "\n" ); iobuf_writestr(out, "\n" );
else { else {
const char *s = digest_algo_to_string(opt.def_digest_algo? const char *s;
opt.def_digest_algo:DEFAULT_DIGEST_ALGO); int any = 0;
assert(s);
iobuf_writestr(out, "Hash: " ); iobuf_writestr(out, "Hash: " );
iobuf_writestr(out, s ); for( sk_rover = sk_list; sk_rover; sk_rover = sk_rover->next ) {
PKT_secret_key *sk = sk_rover->sk;
s = digest_algo_to_string( hash_for(sk->pubkey_algo) );
if( s ) {
if( any )
iobuf_put(out, ',' );
iobuf_writestr(out, s );
any = 1;
}
}
assert(any);
iobuf_writestr(out, "\n\n" ); iobuf_writestr(out, "\n\n" );
} }

@ -56,13 +56,14 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
PKT_secret_key *sk; PKT_secret_key *sk;
sk = m_alloc_clear( sizeof *sk ); sk = m_alloc_clear( sizeof *sk );
sk->pubkey_usage = usage;
if( (rc = get_seckey_byname( sk, NULL, unlock )) ) { if( (rc = get_seckey_byname( sk, NULL, unlock )) ) {
free_secret_key( sk ); sk = NULL; free_secret_key( sk ); sk = NULL;
log_error("no default secret key: %s\n", g10_errstr(rc) ); log_error("no default secret key: %s\n", g10_errstr(rc) );
} }
else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) { else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
SK_LIST r; SK_LIST r;
if( sk->version == 4 && (usage & 1) if( sk->version == 4 && (usage & PUBKEY_USAGE_SIG)
&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_error("this is a PGP generated " log_error("this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n"); "ElGamal key which is NOT secure for signatures!\n");
@ -86,13 +87,14 @@ build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list, int unlock,
PKT_secret_key *sk; PKT_secret_key *sk;
sk = m_alloc_clear( sizeof *sk ); sk = m_alloc_clear( sizeof *sk );
sk->pubkey_usage = usage;
if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) { if( (rc = get_seckey_byname( sk, locusr->d, unlock )) ) {
free_secret_key( sk ); sk = NULL; free_secret_key( sk ); sk = NULL;
log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) ); log_error("skipped '%s': %s\n", locusr->d, g10_errstr(rc) );
} }
else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) { else if( !(rc=check_pubkey_algo2(sk->pubkey_algo, usage)) ) {
SK_LIST r; SK_LIST r;
if( sk->version == 4 && (usage & 1) if( sk->version == 4 && (usage & PUBKEY_USAGE_SIG)
&& sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) { && sk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info("skipped '%s': this is a PGP generated " log_info("skipped '%s': this is a PGP generated "
"ElGamal key which is not secure for signatures!\n", "ElGamal key which is not secure for signatures!\n",

@ -1540,18 +1540,13 @@ init_trustdb( int level, const char *dbname )
if( !level ) if( !level )
return 0; return 0;
/* we can verify a signature about our local data (secring and trustdb) /* verify that our own keys are in the trustDB
* in ~/.gnupg/ here */ * or move them to the trustdb. */
rc = verify_private_data(); rc = verify_own_keys();
if( !rc ) {
/* verify that our own keys are in the trustDB
* or move them to the trustdb. */
rc = verify_own_keys();
/* should we check whether there is no other ultimately trusted /* should we check whether there is no other ultimately trusted
* key in the database? */ * key in the database? */
}
} }
else else
BUG(); BUG();
@ -1593,6 +1588,27 @@ list_trustdb( const char *username )
} }
} }
/****************
* make a list of all owner trust value.
*/
void
list_ownertrust()
{
TRUSTREC rec;
ulong recnum;
int i;
byte *p;
for(recnum=0; !read_record( recnum, &rec, 0); recnum++ ) {
if( rec.rectype == RECTYPE_KEY ) {
p = rec.r.key.fingerprint;
for(i=0; i < rec.r.key.fingerprint_len; i++, p++ )
printf("%02X", *p );
printf(":%u:\n", (unsigned)rec.r.key.ownertrust );
}
}
}
void void
list_trust_path( int max_depth, const char *username ) list_trust_path( int max_depth, const char *username )
{ {
@ -2012,50 +2028,3 @@ update_no_sigs( ulong lid, int no_sigs )
} }
int
verify_private_data()
{
int rc = 0;
char *sigfile = make_filename(opt.homedir, "gnupg.sig", NULL );
if( access( sigfile, R_OK ) ) {
if( errno != ENOENT ) {
log_error("can't access %s: %s\n", sigfile, strerror(errno) );
rc = G10ERR_TRUSTDB;
goto leave;
}
log_info("private data signature missing; creating ...\n");
rc = sign_private_data();
if( rc ) {
log_error("error creating %s: %s\n", sigfile, g10_errstr(rc) );
goto leave;
}
}
/* FIXME: verify this signature */
leave:
m_free(sigfile);
return rc;
}
int
sign_private_data()
{
int rc;
char *sigfile = make_filename(opt.homedir, "gnupg.sig", NULL );
char *secring = make_filename(opt.homedir, "secring.gpg", NULL );
STRLIST list = NULL;
add_to_strlist( &list, db_name );
add_to_strlist( &list, secring );
rc = sign_file( list, 1, NULL, 0, NULL, sigfile);
m_free(sigfile);
m_free(secring);
free_strlist(list);
return rc;
}

@ -38,6 +38,7 @@
/*-- trustdb.c --*/ /*-- trustdb.c --*/
void list_trustdb(const char *username); void list_trustdb(const char *username);
void list_trust_path( int max_depth, const char *username ); void list_trust_path( int max_depth, const char *username );
void list_ownertrust(void);
int init_trustdb( int level, const char *dbname ); int init_trustdb( int level, const char *dbname );
int check_trust( PKT_public_key *pk, unsigned *r_trustlevel ); int check_trust( PKT_public_key *pk, unsigned *r_trustlevel );
int query_trust_info( PKT_public_key *pk ); int query_trust_info( PKT_public_key *pk );
@ -47,7 +48,5 @@ int keyid_from_trustdb( ulong lid, u32 *keyid );
int query_trust_record( PKT_public_key *pk ); int query_trust_record( PKT_public_key *pk );
int insert_trust_record( PKT_public_key *pk ); int insert_trust_record( PKT_public_key *pk );
int update_ownertrust( ulong lid, unsigned new_trust ); int update_ownertrust( ulong lid, unsigned new_trust );
int verify_private_data(void);
int sign_private_data(void);
#endif /*G10_TRUSTDB_H*/ #endif /*G10_TRUSTDB_H*/

@ -1,3 +1,12 @@
Mon Jul 6 10:41:55 1998 Werner Koch (wk@isil.d.shuttle.de)
* cipher.h (PUBKEY_USAGE_): New.
Mon Jul 6 09:49:51 1998 Werner Koch (wk@isil.d.shuttle.de)
* iobuf.h (iobuf_set_error): New.
(iobuf_error): New.
Sat Jun 13 17:31:32 1998 Werner Koch (wk@isil.d.shuttle.de) Sat Jun 13 17:31:32 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10lib.h: New as interface for the g10lib. * g10lib.h: New as interface for the g10lib.

@ -34,7 +34,7 @@
#define G10ERR_CIPHER_ALGO 12 /* Unknown cipher algorithm */ #define G10ERR_CIPHER_ALGO 12 /* Unknown cipher algorithm */
#define G10ERR_KEYRING_OPEN 13 #define G10ERR_KEYRING_OPEN 13
#define G10ERR_INVALID_PACKET 14 #define G10ERR_INVALID_PACKET 14
#define G10ERR_BAD_RING 15 #define G10ERR_INVALID_ARMOR 15
#define G10ERR_NO_USER_ID 16 #define G10ERR_NO_USER_ID 16
#define G10ERR_NO_SECKEY 17 /* secret key not available */ #define G10ERR_NO_SECKEY 17 /* secret key not available */
#define G10ERR_WRONG_SECKEY 18 /* wrong seckey used */ #define G10ERR_WRONG_SECKEY 18 /* wrong seckey used */

@ -48,6 +48,7 @@ struct iobuf_struct {
byte *buf; byte *buf;
} d; } d;
int filter_eof; int filter_eof;
int error;
int (*filter)( void *opaque, int control, int (*filter)( void *opaque, int control,
IOBUF chain, byte *buf, size_t *len); IOBUF chain, byte *buf, size_t *len);
void *filter_ov; /* value for opaque */ void *filter_ov; /* value for opaque */
@ -81,6 +82,8 @@ int iobuf_pop_filter( IOBUF a, int (*f)(void *opaque, int control,
IOBUF chain, byte *buf, size_t *len), void *ov ); IOBUF chain, byte *buf, size_t *len), void *ov );
int iobuf_flush(IOBUF a); int iobuf_flush(IOBUF a);
void iobuf_clear_eof(IOBUF a); void iobuf_clear_eof(IOBUF a);
#define iobuf_set_error(a) do { (a)->error = 1; } while(0)
#define iobuf_error(a) ((a)->error)
void iobuf_set_limit( IOBUF a, unsigned long nlimit ); void iobuf_set_limit( IOBUF a, unsigned long nlimit );

@ -126,7 +126,8 @@ int answer_is_yes( const char *s );
/*-- strgutil.c --*/ /*-- strgutil.c --*/
void free_strlist( STRLIST sl ); void free_strlist( STRLIST sl );
#define FREE_STRLIST(a) do { free_strlist((a)); (a) = NULL ; } while(0) #define FREE_STRLIST(a) do { free_strlist((a)); (a) = NULL ; } while(0)
void add_to_strlist( STRLIST *list, const char *string ); STRLIST add_to_strlist( STRLIST *list, const char *string );
STRLIST append_to_strlist( STRLIST *list, const char *string );
STRLIST strlist_prev( STRLIST head, STRLIST node ); STRLIST strlist_prev( STRLIST head, STRLIST node );
STRLIST strlist_last( STRLIST node ); STRLIST strlist_last( STRLIST node );
int memicmp( const char *a, const char *b, size_t n ); int memicmp( const char *a, const char *b, size_t n );

@ -1,3 +1,9 @@
Sat Jul 4 10:11:11 1998 Werner Koch (wk@isil.d.shuttle.de)
* mpiutil.c (mpi_clear): Reset flags.
(mpi_set): Ditto.
(mpi_alloc_secure): Set flag to 1 and not ored the 1 in, tsss..
Fri Jun 26 11:19:06 1998 Werner Koch (wk@isil.d.shuttle.de) Fri Jun 26 11:19:06 1998 Werner Koch (wk@isil.d.shuttle.de)
* mpiutil.c (mpi_alloc): set nbits to 0. * mpiutil.c (mpi_alloc): set nbits to 0.

@ -167,6 +167,7 @@ mpi_invm( MPI x, MPI a, MPI n )
u = mpi_copy(a); u = mpi_copy(a);
v = mpi_copy(n); v = mpi_copy(n);
for(k=0; !mpi_test_bit(u,0) && !mpi_test_bit(v,0); k++ ) { for(k=0; !mpi_test_bit(u,0) && !mpi_test_bit(v,0); k++ ) {
mpi_rshift(u, u, 1); mpi_rshift(u, u, 1);
mpi_rshift(v, v, 1); mpi_rshift(v, v, 1);

@ -94,7 +94,7 @@ mpi_alloc_secure( unsigned nlimbs )
a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 1 ) : NULL; a->d = nlimbs? mpi_alloc_limb_space( nlimbs, 1 ) : NULL;
#endif #endif
a->alloced = nlimbs; a->alloced = nlimbs;
a->flags |= 1; a->flags = 1;
a->nlimbs = 0; a->nlimbs = 0;
a->sign = 0; a->sign = 0;
a->nbits = 0; a->nbits = 0;
@ -178,6 +178,7 @@ mpi_clear( MPI a )
{ {
a->nlimbs = 0; a->nlimbs = 0;
a->nbits = 0; a->nbits = 0;
a->flags = 0;
} }
@ -197,7 +198,8 @@ mpi_free( MPI a )
#else #else
mpi_free_limb_space(a->d); mpi_free_limb_space(a->d);
#endif #endif
if( a->flags & ~3 )
log_bug("invalid flag value in mpi\n");
m_free(a); m_free(a);
} }
@ -231,7 +233,7 @@ mpi_set_secure( MPI a )
/**************** /****************
* Note: This copy function shpould not interpret the MPI * Note: This copy function should not interpret the MPI
* but copy it transparently. * but copy it transparently.
*/ */
MPI MPI
@ -278,6 +280,7 @@ mpi_set( MPI w, MPI u)
MPN_COPY( wp, up, usize ); MPN_COPY( wp, up, usize );
w->nlimbs = usize; w->nlimbs = usize;
w->nbits = u->nbits; w->nbits = u->nbits;
w->flags = u->flags;
w->sign = usign; w->sign = usign;
} }
@ -290,6 +293,7 @@ mpi_set_ui( MPI w, unsigned long u)
w->nlimbs = u? 1:0; w->nlimbs = u? 1:0;
w->sign = 0; w->sign = 0;
w->nbits = 0; w->nbits = 0;
w->flags = 0;
} }

Binary file not shown.

@ -1,3 +1,7 @@
Mon Jul 6 09:03:49 1998 Werner Koch (wk@isil.d.shuttle.de)
* strgutil.c (append_to_strlist): New.
Thu Jul 2 15:55:44 1998 Werner Koch (wk@isil.d.shuttle.de) Thu Jul 2 15:55:44 1998 Werner Koch (wk@isil.d.shuttle.de)
* iobuf.c (block_filter): Add writing of OP partial length headers. * iobuf.c (block_filter): Add writing of OP partial length headers.

@ -64,7 +64,7 @@ g10_errstr( int err )
X(CIPHER_ALGO ,"Unknown cipher algorithm") X(CIPHER_ALGO ,"Unknown cipher algorithm")
X(KEYRING_OPEN ,"Can't open the keyring") X(KEYRING_OPEN ,"Can't open the keyring")
X(INVALID_PACKET ,"Invalid packet") X(INVALID_PACKET ,"Invalid packet")
X(BAD_RING ,"Broken keyring") X(INVALID_ARMOR ,"Invalid armor")
X(NO_USER_ID ,"No such user id") X(NO_USER_ID ,"No such user id")
X(NO_SECKEY ,"Secret key not available") X(NO_SECKEY ,"Secret key not available")
X(WRONG_SECKEY ,"Wrong secret key used") X(WRONG_SECKEY ,"Wrong secret key used")
@ -80,6 +80,9 @@ g10_errstr( int err )
X(NI_CIPHER ,"Unimplemented cipher algorithm") X(NI_CIPHER ,"Unimplemented cipher algorithm")
X(SIG_CLASS ,"Unknown signature class") X(SIG_CLASS ,"Unknown signature class")
X(TRUSTDB ,"Trust database error") X(TRUSTDB ,"Trust database error")
X(BAD_MPI ,"Bad MPI")
X(RESOURCE_LIMIT ,"Resource limit")
X(INV_KEYRING ,"Invalid keyring")
X(BAD_CERT ,"Bad certificate") X(BAD_CERT ,"Bad certificate")
X(INV_USER_ID ,"Malformed user id") X(INV_USER_ID ,"Malformed user id")
X(CLOSE_FILE ,"File close error") X(CLOSE_FILE ,"File close error")

@ -739,6 +739,11 @@ underflow(IOBUF a)
log_debug("iobuf-%d.%d: filter eof\n", a->no, a->subno ); log_debug("iobuf-%d.%d: filter eof\n", a->no, a->subno );
return -1; return -1;
} }
if( a->error ) {
if( DBG_IOBUF )
log_debug("iobuf-%d.%d: error\n", a->no, a->subno );
return -1;
}
if( a->filter ) { if( a->filter ) {
len = a->d.size; len = a->d.size;
@ -758,6 +763,8 @@ underflow(IOBUF a)
} }
a->filter_eof = 1; a->filter_eof = 1;
} }
else if( rc )
a->error = 1;
if( !len ) if( !len )
return -1; return -1;
@ -802,6 +809,8 @@ iobuf_flush(IOBUF a)
log_info("iobuf_flush did not write all!\n"); log_info("iobuf_flush did not write all!\n");
rc = G10ERR_WRITE_FILE; rc = G10ERR_WRITE_FILE;
} }
else if( rc )
a->error = 1;
a->d.len = 0; a->d.len = 0;
return rc; return rc;
@ -1058,6 +1067,7 @@ iobuf_seek( IOBUF a, ulong newpos )
a->nbytes = 0; a->nbytes = 0;
a->nlimit = 0; a->nlimit = 0;
a->ntotal = newpos; a->ntotal = newpos;
a->error = 0;
/* remove filters, but the last */ /* remove filters, but the last */
while( a->chain ) while( a->chain )
iobuf_pop_filter( a, a->filter, NULL ); iobuf_pop_filter( a, a->filter, NULL );

@ -39,7 +39,7 @@ free_strlist( STRLIST sl )
} }
void STRLIST
add_to_strlist( STRLIST *list, const char *string ) add_to_strlist( STRLIST *list, const char *string )
{ {
STRLIST sl; STRLIST sl;
@ -48,6 +48,25 @@ add_to_strlist( STRLIST *list, const char *string )
strcpy(sl->d, string); strcpy(sl->d, string);
sl->next = *list; sl->next = *list;
*list = sl; *list = sl;
return sl;
}
STRLIST
append_to_strlist( STRLIST *list, const char *string )
{
STRLIST r, sl;
sl = m_alloc( sizeof *sl + strlen(string));
strcpy(sl->d, string);
sl->next = NULL;
if( !*list )
*list = sl;
else {
for( r = *list; r->next; r = r->next )
;
r->next = sl;
}
return sl;
} }