mirror of
git://git.gnupg.org/gnupg.git
synced 2025-03-12 23:01:14 +01:00
* g10.c (main): Add --no-groups to zero --group list.
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of symmetrically encrypted session key. Use --s2k-cipher-algo to choose cipher, rather than the default cipher. * parse-packet.c (parse_subkeyenc): Give a warning if an symmetrically encrypted session key is seen without salt. Show in --list-packets if a symetrically encrypted session key is present. * pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning unless --quiet is set. Use text name of cipher in warning.
This commit is contained in:
parent
e398ea2dc2
commit
b0fe35f60e
@ -1,3 +1,18 @@
|
||||
2003-10-01 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* g10.c (main): Add --no-groups to zero --group list.
|
||||
|
||||
* encode.c (encode_simple): Allow for 32 bytes (256 bits) of
|
||||
symmetrically encrypted session key. Use --s2k-cipher-algo to
|
||||
choose cipher, rather than the default cipher.
|
||||
|
||||
* parse-packet.c (parse_subkeyenc): Give a warning if an
|
||||
symmetrically encrypted session key is seen without salt. Show in
|
||||
--list-packets if a symetrically encrypted session key is present.
|
||||
|
||||
* pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning
|
||||
unless --quiet is set. Use text name of cipher in warning.
|
||||
|
||||
2003-09-30 David Shaw <dshaw@jabberwocky.com>
|
||||
|
||||
* options.h, g10.c (main), mainproc.c (check_sig_and_print): Add
|
||||
|
38
g10/encode.c
38
g10/encode.c
@ -39,7 +39,7 @@
|
||||
#include "i18n.h"
|
||||
#include "status.h"
|
||||
|
||||
static int encode_simple( const char *filename, int mode, int compat );
|
||||
static int encode_simple( const char *filename, int mode, int use_seskey );
|
||||
static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
|
||||
|
||||
|
||||
@ -51,17 +51,7 @@ static int write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out );
|
||||
int
|
||||
encode_symmetric( const char *filename )
|
||||
{
|
||||
int compat = 1;
|
||||
|
||||
#if 0
|
||||
/* We don't want to use it because older gnupg version can't
|
||||
handle it and we can presume that a lot of scripts are running
|
||||
with the expert mode set. Some time in the future we might
|
||||
want to allow for it. */
|
||||
if ( opt.expert )
|
||||
compat = 0; /* PGP knows how to handle this mode. */
|
||||
#endif
|
||||
return encode_simple( filename, 1, compat );
|
||||
return encode_simple( filename, 1, 0 );
|
||||
}
|
||||
|
||||
/****************
|
||||
@ -71,7 +61,7 @@ encode_symmetric( const char *filename )
|
||||
int
|
||||
encode_store( const char *filename )
|
||||
{
|
||||
return encode_simple( filename, 0, 1 );
|
||||
return encode_simple( filename, 0, 0 );
|
||||
}
|
||||
|
||||
static void
|
||||
@ -81,7 +71,7 @@ encode_sesskey( DEK *dek, DEK **ret_dek, byte *enckey )
|
||||
DEK *c;
|
||||
byte buf[33];
|
||||
|
||||
assert ( dek->keylen < 32 );
|
||||
assert ( dek->keylen <= 32 );
|
||||
|
||||
c = m_alloc_clear( sizeof *c );
|
||||
c->keylen = dek->keylen;
|
||||
@ -153,8 +143,12 @@ use_mdc(PK_LIST pk_list,int algo)
|
||||
return 0; /* No MDC */
|
||||
}
|
||||
|
||||
/* We don't want to use use_seskey yet because older gnupg versions
|
||||
can't handle it, and there isn't really any point unless we're
|
||||
making a message that can be decrypted by a public key or
|
||||
passphrase. */
|
||||
static int
|
||||
encode_simple( const char *filename, int mode, int compat )
|
||||
encode_simple( const char *filename, int mode, int use_seskey )
|
||||
{
|
||||
IOBUF inp, out;
|
||||
PACKET pkt;
|
||||
@ -193,8 +187,8 @@ encode_simple( const char *filename, int mode, int compat )
|
||||
/* Due the the fact that we use don't use an IV to encrypt the
|
||||
session key we can't use the new mode with RFC1991 because
|
||||
it has no S2K salt. RFC1991 always uses simple S2K. */
|
||||
if ( RFC1991 && !compat )
|
||||
compat = 1;
|
||||
if ( RFC1991 && use_seskey )
|
||||
use_seskey = 0;
|
||||
|
||||
cfx.dek = NULL;
|
||||
if( mode ) {
|
||||
@ -212,14 +206,14 @@ encode_simple( const char *filename, int mode, int compat )
|
||||
log_error(_("error creating passphrase: %s\n"), g10_errstr(rc) );
|
||||
return rc;
|
||||
}
|
||||
if (!compat && s2k->mode != 1 && s2k->mode != 3) {
|
||||
compat = 1;
|
||||
if (use_seskey && s2k->mode != 1 && s2k->mode != 3) {
|
||||
use_seskey = 0;
|
||||
log_info (_("can't use a symmetric ESK packet "
|
||||
"due to the S2K mode\n"));
|
||||
}
|
||||
|
||||
if ( !compat ) {
|
||||
seskeylen = cipher_get_keylen( default_cipher_algo() ) / 8;
|
||||
if ( use_seskey ) {
|
||||
seskeylen = cipher_get_keylen( opt.s2k_cipher_algo ) / 8;
|
||||
encode_sesskey( cfx.dek, &dek, enckey );
|
||||
m_free( cfx.dek ); cfx.dek = dek;
|
||||
}
|
||||
@ -257,7 +251,7 @@ encode_simple( const char *filename, int mode, int compat )
|
||||
enc->version = 4;
|
||||
enc->cipher_algo = cfx.dek->algo;
|
||||
enc->s2k = *s2k;
|
||||
if ( !compat && seskeylen ) {
|
||||
if ( use_seskey && seskeylen ) {
|
||||
enc->seskeylen = seskeylen + 1; /* algo id */
|
||||
memcpy( enc->seskey, enckey, seskeylen + 1 );
|
||||
}
|
||||
|
28
g10/g10.c
28
g10/g10.c
@ -52,7 +52,9 @@
|
||||
#include "keyserver-internal.h"
|
||||
#include "exec.h"
|
||||
|
||||
enum cmd_and_opt_values { aNull = 0,
|
||||
enum cmd_and_opt_values
|
||||
{
|
||||
aNull = 0,
|
||||
oArmor = 'a',
|
||||
aDetachedSign = 'b',
|
||||
aSym = 'c',
|
||||
@ -315,6 +317,7 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
oLCctype,
|
||||
oLCmessages,
|
||||
oGroup,
|
||||
oNoGroups,
|
||||
oStrict,
|
||||
oNoStrict,
|
||||
oMangleDosFilenames,
|
||||
@ -327,7 +330,8 @@ enum cmd_and_opt_values { aNull = 0,
|
||||
opcscDriver,
|
||||
oDisableCCID,
|
||||
|
||||
aTest };
|
||||
aTest
|
||||
};
|
||||
|
||||
|
||||
static ARGPARSE_OPTS opts[] = {
|
||||
@ -630,6 +634,7 @@ static ARGPARSE_OPTS opts[] = {
|
||||
{ oLCctype, "lc-ctype", 2, "@" },
|
||||
{ oLCmessages, "lc-messages", 2, "@" },
|
||||
{ oGroup, "group", 2, "@" },
|
||||
{ oNoGroups, "no-groups", 0, "@" },
|
||||
{ oStrict, "strict", 0, "@" },
|
||||
{ oNoStrict, "no-strict", 0, "@" },
|
||||
{ oMangleDosFilenames, "mangle-dos-filenames", 0, "@" },
|
||||
@ -1347,8 +1352,10 @@ main( int argc, char **argv )
|
||||
}
|
||||
|
||||
while( optfile_parse( configfp, configname, &configlineno,
|
||||
&pargs, opts) ) {
|
||||
switch( pargs.r_opt ) {
|
||||
&pargs, opts) )
|
||||
{
|
||||
switch( pargs.r_opt )
|
||||
{
|
||||
case aCheckKeys: set_cmd( &cmd, aCheckKeys); break;
|
||||
case aListPackets: set_cmd( &cmd, aListPackets); break;
|
||||
case aImport: set_cmd( &cmd, aImport); break;
|
||||
@ -1938,6 +1945,15 @@ main( int argc, char **argv )
|
||||
case oLCctype: opt.lc_ctype = pargs.r.ret_str; break;
|
||||
case oLCmessages: opt.lc_messages = pargs.r.ret_str; break;
|
||||
case oGroup: add_group(pargs.r.ret_str); break;
|
||||
case oNoGroups:
|
||||
while(opt.grouplist)
|
||||
{
|
||||
struct groupitem *iter=opt.grouplist;
|
||||
free_strlist(iter->values);
|
||||
opt.grouplist=opt.grouplist->next;
|
||||
m_free(iter);
|
||||
}
|
||||
break;
|
||||
case oStrict: opt.strict=1; log_set_strict(1); break;
|
||||
case oNoStrict: opt.strict=0; log_set_strict(0); break;
|
||||
case oMangleDosFilenames: opt.mangle_dos_filenames = 1; break;
|
||||
@ -1946,8 +1962,8 @@ main( int argc, char **argv )
|
||||
case oMultifile: multifile=1; break;
|
||||
|
||||
default : pargs.err = configfp? 1:2; break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( configfp ) {
|
||||
fclose( configfp );
|
||||
|
@ -678,19 +678,32 @@ parse_symkeyenc( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet )
|
||||
k->s2k.count = iobuf_get(inp); pktlen--;
|
||||
}
|
||||
k->seskeylen = seskeylen;
|
||||
for(i=0; i < seskeylen && pktlen; i++, pktlen-- )
|
||||
k->seskey[i] = iobuf_get_noeof(inp);
|
||||
if(k->seskeylen)
|
||||
{
|
||||
for(i=0; i < seskeylen && pktlen; i++, pktlen-- )
|
||||
k->seskey[i] = iobuf_get_noeof(inp);
|
||||
|
||||
/* What we're watching out for here is a session key decryptor
|
||||
with no salt. The RFC says that using salt for this is a
|
||||
MUST. */
|
||||
if(s2kmode!=1 && s2kmode!=3)
|
||||
log_info(_("WARNING: potentially insecure symmetrically"
|
||||
" encrypted session key\n"));
|
||||
}
|
||||
assert( !pktlen );
|
||||
|
||||
if( list_mode ) {
|
||||
printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d\n",
|
||||
version, cipher_algo, s2kmode, hash_algo);
|
||||
printf(":symkey enc packet: version %d, cipher %d, s2k %d, hash %d",
|
||||
version, cipher_algo, s2kmode, hash_algo);
|
||||
if(seskeylen)
|
||||
printf(", seskey %d bits",(seskeylen-1)*8);
|
||||
printf("\n");
|
||||
if( s2kmode == 1 || s2kmode == 3 ) {
|
||||
printf("\tsalt ");
|
||||
for(i=0; i < 8; i++ )
|
||||
printf("%02x", k->s2k.salt[i]);
|
||||
if( s2kmode == 3 )
|
||||
printf(", count %lu\n", (ulong)k->s2k.count );
|
||||
printf(", count %lu", (ulong)k->s2k.count );
|
||||
printf("\n");
|
||||
}
|
||||
}
|
||||
|
@ -220,19 +220,12 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
|
||||
rc = -1;
|
||||
log_error("oops: public key not found for preference check\n");
|
||||
}
|
||||
else if( pkb->pkt->pkt.public_key->selfsigversion > 3
|
||||
&& dek->algo != CIPHER_ALGO_3DES
|
||||
&& !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo ) ) {
|
||||
/* Don't print a note while we are not on verbose mode,
|
||||
* the cipher is blowfish and the preferences have twofish
|
||||
* listed */
|
||||
if( opt.verbose || dek->algo != CIPHER_ALGO_BLOWFISH
|
||||
|| !is_algo_in_prefs( pkb, PREFTYPE_SYM, CIPHER_ALGO_TWOFISH))
|
||||
log_info(_(
|
||||
"NOTE: cipher algorithm %d not found in preferences\n"),
|
||||
dek->algo );
|
||||
}
|
||||
|
||||
else if(pkb->pkt->pkt.public_key->selfsigversion > 3
|
||||
&& dek->algo != CIPHER_ALGO_3DES
|
||||
&& !opt.quiet
|
||||
&& !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo ))
|
||||
log_info(_("WARNING: cipher algorithm %s not found in recipient"
|
||||
" preferences\n"),cipher_algo_to_string(dek->algo));
|
||||
if (!rc) {
|
||||
KBNODE k;
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user