1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),

pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.

* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys
display.

* g10.c (add_notation_data): Fix initialization.
This commit is contained in:
David Shaw 2002-12-03 23:31:48 +00:00
parent 768ded7c03
commit e357092285
10 changed files with 74 additions and 37 deletions

View File

@ -1,3 +1,19 @@
2002-12-03 David Shaw <dshaw@jabberwocky.com>
* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8
mode. This is basically identical to --pgp7 in all ways except
that signing subkeys, v4 data sigs (including expiration), and SK
comments are allowed.
* getkey.c (finish_lookup): Comment.
* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu):
Reorder user ID display in the --edit-key menu to match that of
the --list-keys display.
* g10.c (add_notation_data): Fix initialization.
2002-12-01 David Shaw <dshaw@jabberwocky.com> 2002-12-01 David Shaw <dshaw@jabberwocky.com>
* keyedit.c (menu_expire): Don't lose key flags when changing the * keyedit.c (menu_expire): Don't lose key flags when changing the

View File

@ -708,16 +708,16 @@ write_pubkey_enc_from_list( PK_LIST pk_list, DEK *dek, IOBUF out )
keyid_from_pk( pk, enc->keyid ); keyid_from_pk( pk, enc->keyid );
enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1)); enc->throw_keyid = (opt.throw_keyid || (pk_list->flags&1));
if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7)) if(opt.throw_keyid && (opt.pgp2 || opt.pgp6 || opt.pgp7 || opt.pgp8))
{ {
log_info(_("you may not use %s while in %s mode\n"), log_info(_("you may not use %s while in %s mode\n"),
"--throw-keyid", "--throw-keyid",
opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":"--pgp7"); opt.pgp2?"--pgp2":opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
log_info(_("this message may not be usable by %s\n"), log_info(_("this message may not be usable by %s\n"),
opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":"PGP 7.x"); opt.pgp2?"PGP 2.x":opt.pgp6?"PGP 6.x":opt.pgp7?"PGP 7.x":"PGP 8.x");
opt.pgp2=opt.pgp6=opt.pgp7=0; opt.pgp2=opt.pgp6=opt.pgp7=opt.pgp8=0;
} }
/* Okay, what's going on: We have the session key somewhere in /* Okay, what's going on: We have the session key somewhere in

View File

@ -175,6 +175,8 @@ enum cmd_and_opt_values { aNull = 0,
oNoPGP6, oNoPGP6,
oPGP7, oPGP7,
oNoPGP7, oNoPGP7,
oPGP8,
oNoPGP8,
oCipherAlgo, oCipherAlgo,
oDigestAlgo, oDigestAlgo,
oCertDigestAlgo, oCertDigestAlgo,
@ -458,6 +460,8 @@ static ARGPARSE_OPTS opts[] = {
{ oNoPGP6, "no-pgp6", 0, "@"}, { oNoPGP6, "no-pgp6", 0, "@"},
{ oPGP7, "pgp7", 0, "@"}, { oPGP7, "pgp7", 0, "@"},
{ oNoPGP7, "no-pgp7", 0, "@"}, { oNoPGP7, "no-pgp7", 0, "@"},
{ oPGP8, "pgp8", 0, "@"},
{ oNoPGP8, "no-pgp8", 0, "@"},
{ oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")}, { oS2KMode, "s2k-mode", 1, N_("|N|use passphrase mode N")},
{ oS2KDigest, "s2k-digest-algo",2, { oS2KDigest, "s2k-digest-algo",2,
N_("|NAME|use message digest algorithm NAME for passphrases")}, N_("|NAME|use message digest algorithm NAME for passphrases")},
@ -1526,6 +1530,8 @@ main( int argc, char **argv )
case oNoPGP6: opt.pgp6 = 0; break; case oNoPGP6: opt.pgp6 = 0; break;
case oPGP7: opt.pgp7 = 1; break; case oPGP7: opt.pgp7 = 1; break;
case oNoPGP7: opt.pgp7 = 0; break; case oNoPGP7: opt.pgp7 = 0; break;
case oPGP8: opt.pgp8 = 1; break;
case oNoPGP8: opt.pgp8 = 0; break;
case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break; case oEmuMDEncodeBug: opt.emulate_bugs |= EMUBUG_MDENCODE; break;
case oCompressSigs: opt.compress_sigs = 1; break; case oCompressSigs: opt.compress_sigs = 1; break;
case oRunAsShmCP: case oRunAsShmCP:
@ -1846,9 +1852,9 @@ main( int argc, char **argv )
set_debug(); set_debug();
/* Do these after the switch(), so they can override settings. */ /* Do these after the switch(), so they can override settings. */
if(opt.pgp2 && (opt.pgp6 || opt.pgp7)) if(opt.pgp2 && (opt.pgp6 || opt.pgp7 || opt.pgp8))
log_error(_("%s not allowed with %s!\n"), log_error(_("%s not allowed with %s!\n"),
"--pgp2",opt.pgp6?"--pgp6":"--pgp7"); "--pgp2",opt.pgp6?"--pgp6":opt.pgp7?"--pgp7":"--pgp8");
else else
{ {
if(opt.pgp2) if(opt.pgp2)
@ -1929,20 +1935,28 @@ main( int argc, char **argv )
opt.def_compress_algo = 1; opt.def_compress_algo = 1;
} }
} }
else if(opt.pgp6)
if(opt.pgp6 || opt.pgp7)
{ {
opt.sk_comments=0; opt.sk_comments=0;
opt.escape_from=1; opt.escape_from=1;
opt.force_v3_sigs=1; opt.force_v3_sigs=1;
opt.ask_sig_expire=0; opt.ask_sig_expire=0;
opt.def_compress_algo=1; opt.def_compress_algo=1;
if(opt.pgp6) /* pgp7 has MDC */
{
opt.force_mdc=0; opt.force_mdc=0;
opt.disable_mdc=1; opt.disable_mdc=1;
} }
else if(opt.pgp7)
{
opt.sk_comments=0;
opt.escape_from=1;
opt.force_v3_sigs=1;
opt.ask_sig_expire=0;
opt.def_compress_algo=1;
}
else if(opt.pgp8)
{
opt.escape_from=1;
opt.def_compress_algo=1;
} }
} }
@ -2830,7 +2844,7 @@ add_notation_data( const char *string, int which )
for( s=string ; *s != '='; s++ ) for( s=string ; *s != '='; s++ )
{ {
if( *s=='@') if( *s=='@')
saw_at=0; saw_at=1;
if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) ) if( !*s || (*s & 0x80) || (!isgraph(*s) && !isspace(*s)) )
{ {

View File

@ -2056,7 +2056,8 @@ finish_lookup (GETKEY_CTX ctx)
unsigned int req_usage = ( ctx->req_usage & USAGE_MASK ); unsigned int req_usage = ( ctx->req_usage & USAGE_MASK );
/* Request the primary if we're certifying another key, and also /* Request the primary if we're certifying another key, and also
if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7 if signing data while --pgp6 or --pgp7 is on since pgp 6 and 7
do not understand signatures made by a signing subkey. */ do not understand signatures made by a signing subkey. PGP 8
does. */
int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) || int req_prim = (ctx->req_usage & PUBKEY_USAGE_CERT) ||
((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG)); ((opt.pgp6 || opt.pgp7) && (ctx->req_usage & PUBKEY_USAGE_SIG));
u32 latest_date; u32 latest_date;

View File

@ -1112,6 +1112,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
modified++; modified++;
if( collapse_uids( &keyblock ) ) if( collapse_uids( &keyblock ) )
modified++; modified++;
reorder_keyblock(keyblock);
if( !sign_mode ) {/* see whether we have a matching secret key */ if( !sign_mode ) {/* see whether we have a matching secret key */
PKT_public_key *pk = keyblock->pkt->pkt.public_key; PKT_public_key *pk = keyblock->pkt->pkt.public_key;

View File

@ -955,7 +955,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
* Reorder the keyblock so that the primary user ID (and not attribute * Reorder the keyblock so that the primary user ID (and not attribute
* packet) comes first. Fixme: Replace this by a generic sort * packet) comes first. Fixme: Replace this by a generic sort
* function. */ * function. */
static void void
reorder_keyblock (KBNODE keyblock) reorder_keyblock (KBNODE keyblock)
{ {
KBNODE primary = NULL, primary0 = NULL, primary2 = NULL; KBNODE primary = NULL, primary0 = NULL, primary2 = NULL;

View File

@ -204,6 +204,7 @@ void release_revocation_reason_info( struct revocation_reason_info *reason );
/*-- keylist.c --*/ /*-- keylist.c --*/
void public_key_list( STRLIST list ); void public_key_list( STRLIST list );
void secret_key_list( STRLIST list ); void secret_key_list( STRLIST list );
void reorder_keyblock (KBNODE keyblock);
void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque ); void list_keyblock( KBNODE keyblock, int secret, int fpr, void *opaque );
void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode); void print_fingerprint (PKT_public_key *pk, PKT_secret_key *sk, int mode);
void show_policy_url(PKT_signature *sig,int indent); void show_policy_url(PKT_signature *sig,int indent);

View File

@ -92,8 +92,8 @@ struct {
unsigned int force_ownertrust; unsigned int force_ownertrust;
int pgp2; int pgp2;
int pgp6; int pgp6;
int pgp7; /* if we get any more of these, it's time to look at a int pgp7;
special emulate_pgp variable... */ int pgp8;
int rfc1991; int rfc1991;
int rfc2440; int rfc2440;
int pgp2_workarounds; int pgp2_workarounds;

View File

@ -1103,19 +1103,20 @@ build_pk_list( STRLIST rcpts, PK_LIST *ret_pk_list, unsigned use )
/* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and /* In pgp6 mode, disallow all ciphers except IDEA (1), 3DES (2), and
CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3), CAST5 (3), all hashes except MD5 (1), SHA1 (2), and RIPEMD160 (3),
and all compressions except none (0) and ZIP (1). pgp7 mode and all compressions except none (0) and ZIP (1). pgp7 and pgp8
expands the cipher list to include AES128 (7), AES192 (8), AES256 mode expands the cipher list to include AES128 (7), AES192 (8),
(9), and TWOFISH (10). For a true PGP key all of this is unneeded AES256 (9), and TWOFISH (10). For a true PGP key all of this is
as they are the only items present in the preferences subpacket, unneeded as they are the only items present in the preferences
but checking here covers the weird case of encrypting to a key that subpacket, but checking here covers the weird case of encrypting to
had preferences from a different implementation which was then used a key that had preferences from a different implementation which
with PGP. I am not completely comfortable with this as the right was then used with PGP. I am not completely comfortable with this
thing to do, as it slightly alters the list of what the user is as the right thing to do, as it slightly alters the list of what
supposedly requesting. It is not against the RFC however, as the the user is supposedly requesting. It is not against the RFC
preference chosen will never be one that the user didn't specify however, as the preference chosen will never be one that the user
somewhere ("The implementation may use any mechanism to pick an didn't specify somewhere ("The implementation may use any mechanism
algorithm in the intersection"), and PGP has no mechanism to fix to pick an algorithm in the intersection"), and PGP has no
such a broken preference list, so I'm including it. -dms */ mechanism to fix such a broken preference list, so I'm including
it. -dms */
static int static int
algo_available( int preftype, int algo, void *hint ) algo_available( int preftype, int algo, void *hint )
@ -1124,8 +1125,9 @@ algo_available( int preftype, int algo, void *hint )
if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) ) if( opt.pgp6 && ( algo != 1 && algo != 2 && algo != 3) )
return 0; return 0;
if( opt.pgp7 && (algo != 1 && algo != 2 && algo != 3 && if( (opt.pgp7 || opt.pgp8)
algo != 7 && algo != 8 && algo != 9 && algo != 10) ) && (algo != 1 && algo != 2 && algo != 3
&& algo != 7 && algo != 8 && algo != 9 && algo != 10) )
return 0; return 0;
return algo && !check_cipher_algo( algo ); return algo && !check_cipher_algo( algo );
@ -1139,13 +1141,15 @@ algo_available( int preftype, int algo, void *hint )
if(bits && (bits != md_digest_length(algo))) if(bits && (bits != md_digest_length(algo)))
return 0; return 0;
if( (opt.pgp6 || opt.pgp7 ) && ( algo != 1 && algo != 2 && algo != 3) ) if( (opt.pgp6 || opt.pgp7 || opt.pgp8 )
&& ( algo != 1 && algo != 2 && algo != 3) )
return 0; return 0;
return algo && !check_digest_algo( algo ); return algo && !check_digest_algo( algo );
} }
else if( preftype == PREFTYPE_ZIP ) { else if( preftype == PREFTYPE_ZIP ) {
if ( ( opt.pgp6 || opt.pgp7 ) && ( algo !=0 && algo != 1) ) if ( ( opt.pgp6 || opt.pgp7 || opt.pgp8 )
&& ( algo !=0 && algo != 1) )
return 0; return 0;
return !check_compress_algo( algo ); return !check_compress_algo( algo );

View File

@ -521,7 +521,7 @@ gen_revoke( const char *uname )
goto leave; goto leave;
} }
if(opt.pgp2 || opt.pgp6 || opt.pgp7) if(opt.pgp2 || opt.pgp6 || opt.pgp7 | opt.pgp8)
{ {
/* Use a minimal pk for PGPx mode, since PGP can't import bare /* Use a minimal pk for PGPx mode, since PGP can't import bare
revocation certificates. */ revocation certificates. */