Support DSA2.

Support Camellia for testing.
More audit stuff.

g10/ChangeLog

@@ -1,6 +1,30 @@
+2007-12-12  Werner Koch  <wk@g10code.com>
+
+	* misc.c (map_cipher_openpgp_to_gcry): New.  Used to map Camellia
+	algorithms to Gcrypt.
+	(openpgp_cipher_test_algo): Call new map function.  Replace
+	all remaining calls to gcry_cipher_test_algo by a call to this.
+	(openpgp_cipher_algo_name): New.  Replace all remaining calls to
+	gcry_cipher_algo_name by a call to this.
+	(map_cipher_gcry_to_openpgp): New.
+	(string_to_cipher_algo): Use it.
+	* gpg.c	(main): Print a warning if Camellia support is build in.
+	
+	* gpg.c (print_algo_names): New.  From the 1.4 branch by David.
+	(list_config): Use it here for the "ciphername" and "digestname"
+	config items so we can get a script-parseable list of the names.
+
+	* parse-packet.c (parse_onepass_sig): Sigclass is hex, so include
+	the 0x.
+
+	* sign.c (match_dsa_hash): Remove conditional builds dending on
+	USE_SHAxxx.  We don't need this becuase it can be expected that
+	libgcrypt provides it.  However we need to runtime test for SHA244
+	becuase that is only available with libgcrypt 2.4.
+
 2007-12-11  Werner Koch  <wk@g10code.com>
 
-	* mainproc.c (proc_pubkey_enc): Allo type 20 Elgamal key for
+	* mainproc.c (proc_pubkey_enc): Allow type 20 Elgamal key for
 	decryption.
 
 2007-12-10  Werner Koch  <wk@g10code.com>

g10/encode.c

@@ -244,7 +244,7 @@ encode_simple( const char *filename, int mode, int use_seskey )
 
 	if(opt.verbose)
 	  log_info(_("using cipher %s\n"),
-		   gcry_cipher_algo_name (cfx.dek->algo));
+		   openpgp_cipher_algo_name (cfx.dek->algo));
 
 	cfx.dek->use_mdc=use_mdc(NULL,cfx.dek->algo);
     }
@@ -558,7 +558,7 @@ encode_crypt( const char *filename, strlist_t remusr, int use_symkey )
 				opt.def_cipher_algo,NULL)!=opt.def_cipher_algo)
 	log_info(_("WARNING: forcing symmetric cipher %s (%d)"
 		   " violates recipient preferences\n"),
-		 gcry_cipher_algo_name (opt.def_cipher_algo),
+		 openpgp_cipher_algo_name (opt.def_cipher_algo),
 		 opt.def_cipher_algo);
 
       cfx.dek->algo = opt.def_cipher_algo;
@@ -750,7 +750,7 @@ encrypt_filter( void *opaque, int control,
 					NULL)!=opt.def_cipher_algo)
 		log_info(_("forcing symmetric cipher %s (%d) "
 			   "violates recipient preferences\n"),
-			 gcry_cipher_algo_name (opt.def_cipher_algo),
+			 openpgp_cipher_algo_name (opt.def_cipher_algo),
 			 opt.def_cipher_algo);
 
 	      efx->cfx.dek->algo = opt.def_cipher_algo;
@@ -847,7 +847,7 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
 		char *ustr = get_user_id_string_native (enc->keyid);
 		log_info(_("%s/%s encrypted for: \"%s\"\n"),
                          gcry_pk_algo_name (enc->pubkey_algo),
-                         gcry_cipher_algo_name (dek->algo),
+                         openpgp_cipher_algo_name (dek->algo),
                          ustr );
 		xfree(ustr);
 	    }

g10/encr-data.c

@@ -88,8 +88,9 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
 
   if ( opt.verbose && !dek->algo_info_printed )
     {
-      if (!gcry_cipher_test_algo (dek->algo))
-        log_info (_("%s encrypted data\n"), gcry_cipher_algo_name (dek->algo));
+      if (!openpgp_cipher_test_algo (dek->algo))
+        log_info (_("%s encrypted data\n"), 
+                  openpgp_cipher_algo_name (dek->algo));
       else
         log_info (_("encrypted with unknown algorithm %d\n"), dek->algo );
       dek->algo_info_printed = 1;

g10/gpg.c

@@ -791,7 +791,7 @@ my_strusage( int level )
       case 35:
 	if( !ciphers )
 	    ciphers = build_list(_("Cipher: "), 'S', 
-                                 gcry_cipher_algo_name,
+                                 openpgp_cipher_algo_name,
                                  openpgp_cipher_test_algo );
 	p = ciphers;
 	break;
@@ -1384,6 +1384,24 @@ print_algo_numbers(int (*checker)(int))
 }
 
 
+static void
+print_algo_names(int (*checker)(int),const char *(*mapper)(int))
+{
+  int i,first=1;
+
+  for(i=0;i<=110;i++)
+    {
+      if(!checker(i))
+	{
+	  if(first)
+	    first=0;
+	  else
+	    printf(";");
+	  printf("%s",mapper(i));
+	}
+    }
+}
+
 /* In the future, we can do all sorts of interesting configuration
    output here.  For now, just give "group" as the Enigmail folks need
    it, and pubkey, cipher, hash, and compress as they may be useful
@@ -1450,6 +1468,14 @@ list_config(char *items)
 	  any=1;
 	}
 
+      if (show_all || !ascii_strcasecmp (name,"ciphername"))
+	{
+	  printf ("cfg:ciphername:");
+	  print_algo_names (openpgp_cipher_test_algo,openpgp_cipher_algo_name);
+	  printf ("\n");
+	  any = 1;
+	}
+
       if(show_all
 	 || ascii_strcasecmp(name,"digest")==0
 	 || ascii_strcasecmp(name,"hash")==0)
@@ -1460,6 +1486,16 @@ list_config(char *items)
 	  any=1;
 	}
 
+      if (show_all
+          || !ascii_strcasecmp(name,"digestname")
+          || !ascii_strcasecmp(name,"hashname"))
+	{
+	  printf ("cfg:digestname:");
+	  print_algo_names (openpgp_md_test_algo, gcry_md_algo_name);
+	  printf("\n");
+	  any=1;
+	}
+      
       if(show_all || ascii_strcasecmp(name,"compress")==0)
 	{
 	  printf("cfg:compress:");
@@ -2864,6 +2900,15 @@ main (int argc, char **argv )
         log_set_prefix (NULL, 1|2|4);
       }
 
+#ifdef USE_CAMELLIA    
+    /* We better also print a runtime warning if people build it with
+       support for Camellia (which is not yet defined by OpenPGP). */
+    log_info ("WARNING: This version has been built with support for the "
+              "Camellia cipher.\n");
+    log_info ("         It is for testing only and is NOT for production "
+              "use!\n");
+#endif
+
     if (opt.verbose > 2)
         log_info ("using character set `%s'\n", get_native_charset ());
 
@@ -3129,7 +3174,7 @@ main (int argc, char **argv )
 	if(opt.def_cipher_algo
 	   && !algo_available(PREFTYPE_SYM,opt.def_cipher_algo,NULL))
 	  {
-	    badalg = gcry_cipher_algo_name (opt.def_cipher_algo);
+	    badalg = openpgp_cipher_algo_name (opt.def_cipher_algo);
 	    badtype = PREFTYPE_SYM;
 	  }
 	else if(opt.def_digest_algo

g10/import.c

@@ -602,9 +602,9 @@ check_prefs(KBNODE keyblock)
 		  if (openpgp_cipher_test_algo (prefs->value))
 		    {
 		      const char *algo = 
-                        (gcry_cipher_test_algo (prefs->value)
+                        (openpgp_cipher_test_algo (prefs->value)
                          ? num 
-                         : gcry_cipher_algo_name (prefs->value));
+                         : openpgp_cipher_algo_name (prefs->value));
 		      if(!problem)
 			check_prefs_warning(pk);
 		      log_info(_("         \"%s\": preference for cipher"

g10/keyedit.c

@@ -2325,9 +2325,10 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
                     tty_printf (", ");
                 any = 1;
                 /* We don't want to display strings for experimental algos */
-                if (!gcry_cipher_test_algo (prefs[i].value)
+                if (!openpgp_cipher_test_algo (prefs[i].value)
                     && prefs[i].value < 100 )
-                    tty_printf ("%s", gcry_cipher_algo_name (prefs[i].value));
+                    tty_printf ("%s",
+                                openpgp_cipher_algo_name (prefs[i].value));
                 else
                     tty_printf ("[%d]", prefs[i].value);
                 if (prefs[i].value == CIPHER_ALGO_3DES )
@@ -2337,7 +2338,7 @@ show_prefs (PKT_user_id *uid, PKT_signature *selfsig, int verbose)
         if (!des_seen) {
             if (any)
                 tty_printf (", ");
-            tty_printf ("%s", gcry_cipher_algo_name (CIPHER_ALGO_3DES));
+            tty_printf ("%s", openpgp_cipher_algo_name (CIPHER_ALGO_3DES));
         }
         tty_printf ("\n     ");
 	tty_printf (_("Digest: "));

g10/main.h

@@ -83,6 +83,7 @@ u16 checksum_mpi( gcry_mpi_t a );
 u32 buffer_to_u32( const byte *buffer );
 const byte *get_session_marker( size_t *rlen );
 int openpgp_cipher_test_algo( int algo );
+const char *openpgp_cipher_algo_name (int algo);
 int openpgp_pk_test_algo( int algo );
 int openpgp_pk_test_algo2 ( int algo, unsigned int use );
 int openpgp_pk_algo_usage ( int algo );

g10/mainproc.c

@@ -274,9 +274,9 @@ proc_symkey_enc( CTX c, PACKET *pkt )
     else if(!c->dek)
       {
         int algo = enc->cipher_algo;
-	const char *s = gcry_cipher_algo_name (algo);
+	const char *s = openpgp_cipher_algo_name (algo);
 
-	if (!gcry_cipher_test_algo (algo))
+	if (!openpgp_cipher_test_algo (algo))
 	  {
 	    if(!opt.quiet)
 	      {
@@ -524,8 +524,8 @@ proc_encrypted( CTX c, PACKET *pkt )
 	    algo = opt.def_cipher_algo;
 	    if ( algo )
 	      log_info (_("assuming %s encrypted data\n"),
-                        gcry_cipher_algo_name (algo));
-	    else if ( gcry_cipher_test_algo (CIPHER_ALGO_IDEA) )
+                        openpgp_cipher_algo_name (algo));
+	    else if ( openpgp_cipher_test_algo (CIPHER_ALGO_IDEA) )
 	      {
 		algo = opt.def_cipher_algo;
 		if (!algo)
@@ -533,7 +533,7 @@ proc_encrypted( CTX c, PACKET *pkt )
 		idea_cipher_warn(1);
 		log_info (_("IDEA cipher unavailable, "
 			    "optimistically attempting to use %s instead\n"),
-			  gcry_cipher_algo_name (algo));
+			  openpgp_cipher_algo_name (algo));
 	      }
 	    else
 	      {

g10/misc.c

@@ -301,7 +301,7 @@ print_cipher_algo_note( int algo )
 	{
 	  warn=1;
 	  log_info (_("WARNING: using experimental cipher algorithm %s\n"),
-                    gcry_cipher_algo_name (algo));
+                    openpgp_cipher_algo_name (algo));
 	}
     }
 }
@@ -324,6 +324,33 @@ print_digest_algo_note( int algo )
               gcry_md_algo_name (algo));
 }
 
+
+/* Map OpenPGP algo numbers to those used by Libgcrypt.  We need to do
+   this for algorithms we implemented in Libgcrypt after they become
+   part of OpenPGP.  */
+static int
+map_cipher_openpgp_to_gcry (int algo)
+{
+  switch (algo)
+    {
+    case CIPHER_ALGO_CAMELLIA128: return 310; 
+    case CIPHER_ALGO_CAMELLIA256: return 312; 
+    default: return algo;
+    }
+}
+
+/* The inverse fucntion of above.  */
+static int
+map_cipher_gcry_to_openpgp (int algo)
+{
+  switch (algo)
+    {
+    case 310: return CIPHER_ALGO_CAMELLIA128;
+    case 312: return CIPHER_ALGO_CAMELLIA256;
+    default: return algo;
+    }
+}
+
 /****************
  * Wrapper around the libgcrypt function with additonal checks on
  * the OpenPGP contraints for the algo ID.
@@ -331,12 +358,32 @@ print_digest_algo_note( int algo )
 int
 openpgp_cipher_test_algo( int algo )
 {
-  /* 5 and 6 are marked reserved by rfc2440bis.  */
+  /* (5 and 6 are marked reserved by rfc4880.)  */
   if ( algo < 0 || algo > 110 || algo == 5 || algo == 6 )
     return gpg_error (GPG_ERR_CIPHER_ALGO);
-  return gcry_cipher_test_algo (algo);
+
+  /* Camellia is not yet defined for OpenPGP thus only allow it if
+     requested.  */
+#ifndef USE_CAMELLIA
+  if (algo == CIPHER_ALGO_CAMELLIA128 
+       || algo == CIPHER_ALGO_CAMELLIA256)
+    return gpg_error (GPG_ERR_CIPHER_ALGO);
+#endif
+
+  return gcry_cipher_test_algo (map_cipher_openpgp_to_gcry (algo));
 }
 
+/* Map the OpenPGP cipher algorithm whose ID is contained in ALGORITHM to a
+   string representation of the algorithm name.  For unknown algorithm
+   IDs this function returns "?".  */
+const char *
+openpgp_cipher_algo_name (int algo) 
+{
+  return gcry_cipher_algo_name (map_cipher_openpgp_to_gcry (algo));
+}
+
+
+
 int
 openpgp_pk_test_algo( int algo )
 {
@@ -690,7 +737,7 @@ string_to_cipher_algo (const char *string)
 { 
   int val;
 
-  val = gcry_cipher_map_name (string);
+  val = map_cipher_gcry_to_openpgp (gcry_cipher_map_name (string));
   if (!val && string && (string[0]=='S' || string[0]=='s'))
     {
       char *endptr;

g10/parse-packet.c

@@ -1588,8 +1588,10 @@ parse_onepass_sig( IOBUF inp, int pkttype, unsigned long pktlen,
     ops->keyid[1] = read_32(inp); pktlen -= 4;
     ops->last = iobuf_get_noeof(inp); pktlen--;
     if( list_mode )
-	fprintf (listfp, ":onepass_sig packet: keyid %08lX%08lX\n"
-	       "\tversion %d, sigclass %02x, digest %d, pubkey %d, last=%d\n",
+	fprintf (listfp,
+                 ":onepass_sig packet: keyid %08lX%08lX\n"
+                 "\tversion %d, sigclass 0x%02x, digest %d, pubkey %d, "
+                 "last=%d\n",
 		(ulong)ops->keyid[0], (ulong)ops->keyid[1],
 		version, ops->sig_class,
 		ops->digest_algo, ops->pubkey_algo, ops->last );

g10/pubkey-enc.c

@@ -282,7 +282,7 @@ get_it( PKT_pubkey_enc *enc, DEK *dek, PKT_secret_key *sk, u32 *keyid )
 		&& !opt.quiet
 		&& !is_algo_in_prefs( pkb, PREFTYPE_SYM, dek->algo ))
 	  log_info (_("WARNING: cipher algorithm %s not found in recipient"
-                      " preferences\n"), gcry_cipher_algo_name (dek->algo));
+                      " preferences\n"), openpgp_cipher_algo_name (dek->algo));
         if (!rc) {
             KBNODE k;
             

g10/sign.c

@@ -345,22 +345,24 @@ match_dsa_hash (unsigned int qbytes)
 {
   if (qbytes <= 20)
     return DIGEST_ALGO_SHA1;
-#ifdef USE_SHA256
-  if (qbytes <= 28)
+
+  /* SHA244 is only available with libgcrypt 1.4 - thus do a runtime
+     test.  */
+  if (qbytes <= 28 && !gcry_md_test_algo (DIGEST_ALGO_SHA224))
     return DIGEST_ALGO_SHA224;
+
   if (qbytes <= 32)
     return DIGEST_ALGO_SHA256;
-#endif
 
-#ifdef USE_SHA512
   if (qbytes <= 48)
     return DIGEST_ALGO_SHA384;
+
   if (qbytes <= 64)
     return DIGEST_ALGO_SHA512;
-#endif
+
   return DEFAULT_DIGEST_ALGO;
   /* DEFAULT_DIGEST_ALGO will certainly fail, but it's the best wrong
-     answer we have if the larger SHAs aren't there. */
+     answer we have if a digest larger than 512 bits is requested.  */
 }
 
 
@@ -1258,7 +1260,7 @@ sign_symencrypt_file (const char *fname, strlist_t locusr)
     algo = default_cipher_algo();
     if (!opt.quiet || !opt.batch)
         log_info (_("%s encryption will be used\n"),
-                  gcry_cipher_algo_name (algo) );
+                  openpgp_cipher_algo_name (algo) );
     cfx.dek = passphrase_to_dek( NULL, 0, algo, s2k, 2, NULL, &canceled);
 
     if (!cfx.dek || !cfx.dek->keylen) {