security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-25 15:27:03 +01:00
Code Activity

* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),

Browse Source 
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.
This commit is contained in:
David Shaw 2002-12-03 23:09:20 +00:00
parent 33783a41a4
commit dc70beb88f
7 changed files with 63 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
g10/ChangeLog
View File

@ -1,5 +1,13 @@
2002-12-03 David Shaw <dshaw@jabberwocky.com> 2002-12-03 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8
mode. This is basically identical to --pgp7 in all ways except
that signing subkeys, v4 data sigs (including expiration), and SK
comments are allowed.
* getkey.c (finish_lookup): Comment.
* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu):
Reorder user ID display in the --edit-key menu to match that of Reorder user ID display in the --edit-key menu to match that of
the --list-keys display. the --list-keys display.

8
g10/encode.c
View File

@ -709,16 +709,16 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
keyid_from_pk( pk, enc->keyid ); keyid_from_pk( pk, enc->keyid );
enc->throw_keyid = opt.throw_keyid; enc->throw_keyid = opt.throw_keyid;
if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7)) if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7 || opt.pgp8))
{ {
log_info(_("you may not use %s while in %s mode\n"), log_info(_("you may not use %s while in %s mode\n"),
"--throw-keyid", "--throw-keyid",
opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":"--pgp7"); opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
log_info(_("this message may not be usable by %s\n"), log_info(_("this message may not be usable by %s\n"),
opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":"PGP 7.x"); opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":opt.pgp7?"PGP 7.x":"PGP 8.x");
opt.pgp2=opt.pgp6=opt.pgp7=0; opt.pgp2=opt.pgp6=opt.pgp7=opt.pgp8=0;
} }
/* Okay, what's going on: We have the session key somewhere in /* Okay, what's going on: We have the session key somewhere in

34
g10/g10.c
View File

@ -172,6 +172,8 @@ enum cmd_and_opt_values { aNull = 0,
oNoPGP6, oNoPGP6,
oPGP7, oPGP7,
oNoPGP7, oNoPGP7,
oPGP8,
oNoPGP8,
oCipherAlgo, oCipherAlgo,
oDigestAlgo, oDigestAlgo,
oCertDigestAlgo, oCertDigestAlgo,
@ -449,6 +451,8 @@ static ARGPARSE_OPTS opts[] = {
{ oNoPGP6, "no-pgp6", 0, "@"}, { oNoPGP6, "no-pgp6", 0, "@"},
{ oPGP7, "pgp7", 0, "@"}, { oPGP7, "pgp7", 0, "@"},
{ oNoPGP7, "no-pgp7", 0, "@"}, { oNoPGP7, "no-pgp7", 0, "@"},
{ oPGP8, "pgp8", 0, "@"},
{ oNoPGP8, "no-pgp8", 0, "@"},
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")}, { oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
{ oS2KDigest, "s2k-digest-algo",2, { oS2KDigest, "s2k-digest-algo",2,
N_("|NAME|use message digest algorithm NAME for passphrases")}, N_("|NAME|use message digest algorithm NAME for passphrases")},
@ -1457,6 +1461,8 @@ main( int argc, char **argv )
case oNoPGP6: opt.pgp6 = 0; break; case oNoPGP6: opt.pgp6 = 0; break;
case oPGP7: opt.pgp7 = 1; break; case oPGP7: opt.pgp7 = 1; break;
case oNoPGP7: opt.pgp7 = 0; break; case oNoPGP7: opt.pgp7 = 0; break;
case oPGP8: opt.pgp8 = 1; break;
case oNoPGP8: opt.pgp8 = 0; break;
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break; case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
case oCompressSigs: opt.compress_sigs = 1; break; case oCompressSigs: opt.compress_sigs = 1; break;
case oRunAsShmCP: case oRunAsShmCP:
@ -1743,9 +1749,9 @@ main( int argc, char **argv )
set_debug(); set_debug();
/* Do these after the switch(), so they can override settings. */ /* Do these after the switch(), so they can override settings. */
if(opt.pgp2 && (opt.pgp6 || opt.pgp7)) if(opt.pgp2 && (opt.pgp6 || opt.pgp7 || opt.pgp8))
log_error(_("%s not allowed with %s!\n"), log_error(_("%s not allowed with %s!\n"),
"--pgp2",opt.pgp6?"--pgp6":"--pgp7"); "--pgp2",opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
else else
{ {
if(opt.pgp2) if(opt.pgp2)
@ -1826,20 +1832,28 @@ main( int argc, char **argv )
opt.def_compress_algo = 1; opt.def_compress_algo = 1;
} }
} }
else if(opt.pgp6)
if(opt.pgp6 || opt.pgp7)
{ {
opt.sk_comments=0; opt.sk_comments=0;
opt.escape_from=1; opt.escape_from=1;
opt.force_v3_sigs=1; opt.force_v3_sigs=1;
opt.ask_sig_expire=0; opt.ask_sig_expire=0;
opt.def_compress_algo=1; opt.def_compress_algo=1;
opt.force_mdc=0;
if(opt.pgp6) /* pgp7 has MDC */ opt.disable_mdc=1;
{ }
opt.force_mdc=0; else if(opt.pgp7)
opt.disable_mdc=1; {
} opt.sk_comments=0;
opt.escape_from=1;
opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
opt.def_compress_algo=1;
}
else if(opt.pgp8)
{
opt.escape_from=1;
opt.def_compress_algo=1;
} }
} }

3
g10/getkey.c
View File

@ -2055,7 +2055,8 @@ finish_lookup (GETKEY_CTX ctx)
unsigned int req_usage = ( ctx->req_usage & USAGE_MASK ); unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
/* Request the primary if we're certifying another key, and also /* Request the primary if we're certifying another key, and also
if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7 if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
do not understand signatures made by a signing subkey. */ do not understand signatures made by a signing subkey. PGP 8
does. */
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) || int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG)); ((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
u32 latest_date; u32 latest_date;

5
g10/options.h
View File

@ -89,10 +89,11 @@ struct {
int compress_keys; int compress_keys;
int compress_sigs; int compress_sigs;
int always_trust; int always_trust;
/* TODO: change these to an emulate_pgp variable */
int pgp2; int pgp2;
int pgp6; int pgp6;
int pgp7; /* if we get any more of these, it's time to look at a int pgp7;
special emulate_pgp variable... */ int pgp8;
int rfc1991; int rfc1991;
int rfc2440; int rfc2440;
int pgp2_workarounds; int pgp2_workarounds;

38
g10/pkclist.c
View File

@ -1059,19 +1059,20 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3), CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
and all compressions except none (0) and ZIP (1). pgp7 mode and all compressions except none (0) and ZIP (1). pgp7 and pgp8
expands the cipher list to include AES128 (7), AES192 (8), AES256 mode expands the cipher list to include AES128 (7), AES192 (8),
(9), and TWOFISH (10). For a true PGP key all of this is unneeded AES256 (9), and TWOFISH (10). For a true PGP key all of this is
as they are the only items present in the preferences subpacket, unneeded as they are the only items present in the preferences
but checking here covers the weird case of encrypting to a key that subpacket, but checking here covers the weird case of encrypting to
had preferences from a different implementation which was then used a key that had preferences from a different implementation which
with PGP. I am not completely comfortable with this as the right was then used with PGP. I am not completely comfortable with this
thing to do, as it slightly alters the list of what the user is as the right thing to do, as it slightly alters the list of what
supposedly requesting. It is not against the RFC however, as the the user is supposedly requesting. It is not against the RFC
preference chosen will never be one that the user didn't specify however, as the preference chosen will never be one that the user
somewhere ("The implementation may use any mechanism to pick an didn't specify somewhere ("The implementation may use any mechanism
algorithm in the intersection"), and PGP has no mechanism to fix to pick an algorithm in the intersection"), and PGP has no
such a broken preference list, so I'm including it. -dms */ mechanism to fix such a broken preference list, so I'm including
it. -dms */
static int static int
algo_available( int preftype, int algo, void *hint ) algo_available( int preftype, int algo, void *hint )
@ -1080,8 +1081,9 @@ algo_available( int preftype, int algo, void *hint )
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) ) if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
return 0; return 0;
if( opt.pgp7 && (algo != 1 && algo != 2 && algo != 3 && if( (opt.pgp7 || opt.pgp8)
algo != 7 && algo != 8 && algo != 9 && algo != 10) ) && (algo != 1 && algo != 2 && algo != 3
&& algo != 7 && algo != 8 && algo != 9 && algo != 10) )
return 0; return 0;
return algo && !check_cipher_algo( algo ); return algo && !check_cipher_algo( algo );
@ -1095,13 +1097,15 @@ algo_available( int preftype, int algo, void *hint )
if(bits && (bits != md_digest_length(algo))) if(bits && (bits != md_digest_length(algo)))
return 0; return 0;
if( (opt.pgp6 || opt.pgp7 ) && ( algo != 1 && algo != 2 && algo != 3) ) if( (opt.pgp6 || opt.pgp7 || opt.pgp8 )
&& ( algo != 1 && algo != 2 && algo != 3) )
return 0; return 0;
return algo && !check_digest_algo( algo ); return algo && !check_digest_algo( algo );
} }
else if( preftype == PREFTYPE_ZIP ) { else if( preftype == PREFTYPE_ZIP ) {
if ( ( opt.pgp6 || opt.pgp7 ) && ( algo !=0 && algo != 1) ) if ( ( opt.pgp6 || opt.pgp7 || opt.pgp8 )
&& ( algo !=0 && algo != 1) )
return 0; return 0;
return !check_compress_algo( algo ); return !check_compress_algo( algo );

2
g10/revoke.c
View File

@ -549,7 +549,7 @@ gen_revoke( const char *uname )
goto leave; goto leave;
} }
if(opt.pgp2 || opt.pgp6 || opt.pgp7) if(opt.pgp2 || opt.pgp6 || opt.pgp7 | opt.pgp8)
{ {
/* Use a minimal pk for PGPx mode, since PGP can't import bare /* Use a minimal pk for PGPx mode, since PGP can't import bare
revocation certificates. */ revocation certificates. */