1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-23 10:29:58 +01:00

279 Commits

Author SHA1 Message Date
NIIBE Yutaka
3fb69641e8
gpg: Use gnupg_fd_t for decryption and sign.
* g10/decrypt.c (decrypt_message_fd): Use gnupg_fd_t.
* g10/plaintext.c (hash_datafile_by_fd): Use  gnupg_fd_t.
* g10/main.h: Fix the declarations.
* g10/mainproc.c (struct mainproc_context): Use gnupg_fd_t for
DATA_FD.
(proc_compressed_cb, proc_signature_packets): Follow the change.
(proc_signature_packets_by_fd): Use gnupg_fd_t.
* g10/packet.h: Fix the declaration.

--

GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-05 10:29:23 +09:00
NIIBE Yutaka
2c2516f03a
gpg: Use gnupg_fd_t for encrypt_crypt and gpg_verify.
* common/iobuf.h (iobuf_fdopen_nc): Use gnupg_t.
* common/iobuf.c (iobuf_fdopen_nc): Use gnupg_t.
* g10/main.h (encrypt_crypt, gpg_verify): Use gnupg_fd_t.
* g10/encrypt.c (encrypt_crypt): Use gnupg_fd_t.
(encrypt_crypt_files): Follow the change.
* g10/gpg.c (main): Follow the change.
* g10/verify.c (gpg_verify): Use gnupg_fd_t.

--

GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-05 10:05:31 +09:00
NIIBE Yutaka
68d3a73ea7
gpg: Use gnupg_fd_t for open_outfile.
* g10/main.h (open_outfile): Use gnupg_fd_t instead of int.
* g10/openfile.c (open_outfile): Likewise.  Use GNUPG_INVALID_FD.
* g10/dearmor.c (dearmor_file, enarmor_file): Follow the change.
* g10/encrypt.c (encrypt_simple): Likewise.
* g10/export.c (do_export): Likewise.
* g10/revoke.c (gen_desig_revoke, create_revocation): Likewise.
* g10/sign.c (sign_file, clearsign_file, sign_symencrypt_file):
Likewise.

--

GnuPG-bug-id: 6580
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2023-07-05 09:36:00 +09:00
Werner Koch
c9e95b8dee
gpg: New option --assert-signer.
* g10/gpg.c (enum cmd_and_opt_values): Add oAssertSigner.
(opts): Add "assert-signer".
(main): Set option.
(assert_signer_true): New var.
(g10_exit): Evaluate new var.
* g10/main.h (assert_signer_true): Declare new var.
* common/status.h (STATUS_ASSERT_SIGNER): New.
* g10/options.h (opt): Add field assert_signer_list.
* g10/verify.c (is_fingerprint): New.
(check_assert_signer_list): New.
* g10/mainproc.c (check_sig_and_print): Call that function.  Clear
assert_signer_true on a warning.

* g10/gpgv.c: Add dummy function and vars.
* g10/t-keydb-get-keyblock.c: Ditto.
* g10/t-keydb.c: Ditto.
* g10/t-stutter.c: Ditto.
--
2023-04-05 21:32:23 +02:00
Werner Koch
7bf57a794b
gpg: Set the default digest algo for S2K to SHA256.
* g10/main.h (DEFAULT_S2K_DIGEST_ALGO): Alias to DEFAULT_DIGEST_ALGO.
--

GnuPG-bug-id: 6367
2023-04-04 09:20:26 +02:00
Werner Koch
5118beeec1
gpg: Delete secret key after "keytocard".
* g10/card-util.c (card_store_subkey): Add arg processed_keys.
* g10/keyedit.c (keyedit_menu): Delete secret key.
--

This used to work using the gpg-agent: learn we called at "save" time.
However, the recent change inhibited the creation of a shadow key by
learn if a regular key still exists.  Now we do an explicit delete key
at save time.  This syncs the behaviour with the description of the
man page.

GnuPG-bug-id: 6378
2023-03-15 09:42:12 +01:00
Werner Koch
3a18378a92
gpg: Allow adding of Additional Decryption Subkeys.
* g10/free-packet.c (copy_public_key): Factor some code out to ...
(copy_public_key_basics): new.
* g10/build-packet.c (build_sig_subpkt_from_sig): New arg signhints.
* g10/packet.h (PUBKEY_USAGE_RENC): Fix value.
(SIGNHINT_KEYSIG, SIGNHINT_SELFSIG): Moved from sign.c.
(SIGNHINT_ADSK): New.
(PKT_public_key): Change pubkey_usage from byte to u16.
(PKT_user_id): Cosmetic fix: change help_key_usage from int to u16.
* g10/getkey.c (parse_key_usage): Make public.
* g10/misc.c (openpgp_pk_algo_usage): Take PUBKEY_USAGE_RENC in
account.
* g10/sign.c (update_keysig_packet): Set SIGNHINT_ADSK.
(make_keysig_packet): Ditto.
(do_sign): No time warp check in ADSK mode.
* g10/sig-check.c (check_signature_metadata_validity): Ditto.
* g10/keygen.c (struct opaque_data_usage_and_pk): Remove.
(write_keybinding): Do not use the removed struct.
(do_add_key_flags): Support PUBKEY_USAGE_RENC and others.
(keygen_add_key_flags_and_expire): Rewrite and make public.
* g10/keyedit.c (enum cmdids): Add cmdADDADSK.
(keyedit_menu): Add command "addadsk".
(menu_addadsk): New.
--

This makes use of a new encryption flag:

  The "restricted encryption key" (2nd,0x04) does not take part in any
  automatic selection of encryption keys.  It is only found on a
  subkey signature (type 0x18), one that refers to the key the flag
  applies to.

Followup patches will add encryption support and a --quick command.

GnuPG-bug-id: 6395
2023-03-01 17:22:20 +01:00
Werner Koch
1a85ee9a43
gpg: New export option "mode1003".
* agent/command.c (cmd_export_key): Add option --mode1003.
(command_has_option): Ditto.
* g10/build-packet.c (do_key): Implement mode 1003.
* g10/parse-packet.c (parse_key): Ditto.
* g10/options.h (EXPORT_MODE1003): New.o
* g10/call-agent.c (agent_export_key): Add arg mode1003.
* g10/export.c (parse_export_options): Add "mode1003"
(secret_key_to_mode1003): New.
(receive_seckey_from_agent): Add arg mode1003.
(do_export_one_keyblock): Pass option down.
--

This option allows to export a secret key in GnuPG's native format.
Thus no re-encryption is required and further the public key parameters
are also authenticated if a protection passphrase has been used.

Note that --import is not yet able to handle this new mode.  Although
old version of GnuPG will bail out with "invalid packet" if a mode1003
exported secret key is seen.
2022-12-02 10:09:58 +01:00
Werner Koch
1d88e14de7
gpg: Remove a mostly duplicated function.
* g10/export.c (receive_seckey_from_agent): Add arg r_key.
(do_export_one_keyblock): Pass NULL for new arg.
(receive_raw_seckey_from_agent): Remove.
(export_secret_ssh_key): Use receive_seckey_from_agent.
* g10/keygen.c (card_store_key_with_backup): Pass NULL for new arg.
2022-12-02 10:09:58 +01:00
Werner Koch
1324dc3490
gpg: New option --list-filter
* g10/gpg.c (oListFilter): New.
(opts): Add --list-filter.
(main): Parse oListFilter.
* g10/keylist.c: Include init.h and recsel.h.
(struct list_filter_s, list_filter): New.
(release_list_filter): New.
(cleanup_keylist_globals): New.
(parse_and_set_list_filter): New.
(list_keyblock): Implement --list-filter type "select".

* g10/import.c (impex_filter_getval): Add scope support and new
property names "key-size", "algostr", "origin", "lastupd", and "url".
--

This option is pretty useful to select keys based on their properties.
The scope thing can be sued to limit a selection to just the primary
key or to subkeys.  For example:

  gpg -k --list-filter 'select=revoked-f && sub/algostr=ed25519'

Lists all non-revoked keys with an ed25519 (signing)-subkey.
2022-11-25 16:04:54 +01:00
Werner Koch
811cfa34cb
gpg: New list-options show-pref and show-pref-verbose.
* g10/options.h (LIST_SHOW_PREF): New.
(LIST_SHOW_PREF_VERBOSE): New.
* g10/gpg.c (parse_list_options): Add new options.
* g10/keyedit.c (show_prefs): Factor code out to ...
* g10/keylist.c (show_preferences): new.
(list_keyblock_print): Call show_preferences.
2022-11-04 12:44:09 +01:00
Werner Koch
5a2cef801d
gpg: Allow only OCB for AEAD encryption.
* g10/gpg.c (opts): New option--force-ocb as alias for force-aead.
Turn --aead-algo and --personal-aead-preferences into dummy options.
(build_list_md_test_algo, build_list_aead_algo_name): Remove.
(my_strusage): Remove output of AEAD algos.
(main): Remove code from the --aead options.
* g10/encrypt.c (encrypt_seskey): Make file local.
(use_aead): Remove requirement for rfc4880bis.  Always return
AEAD_ALGO_OCB.
* g10/main.h (DEFAULT_AEAD_ALGO): Removed unused macro.
* g10/misc.c (default_aead_algo): Remove.
* g10/pkclist.c (select_aead_from_pklist): Return AEAD_ALGO_OCB or 0.
(select_algo_from_prefs): Remove personal AEAD algo setting.
* g10/keygen.c (keygen_set_std_prefs): Remove AEAD preference option
parsing.
* g10/options.h (opt): Remove def_aead_algo and personal_aead_prefs.
--

Due to the meanwhile expired patent on OCB there is no more reason for
using EAX.  Thus we forcefully use OCB if the AEAD feature flag is set
on a key.
2022-10-31 15:51:21 +01:00
NIIBE Yutaka
d5e29991c0
dirmngr:dns,doc,gpg: Fix for noreturn for C11.
* dirmngr/dns.c: Use __noreturn__.
* doc/yat2m.c: Likewise.
* g10/main.h: Likewise.

--

GnuPG-bug-id: 4002
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2022-09-16 14:33:50 +09:00
Werner Koch
06b70daa50
gpg: Print info about the used AEAD algorithm in the compliance msg.
* g10/misc.c (openpgp_cipher_algo_mode_name): New.
* g10/decrypt-data.c (decrypt_data): Use function here.
--

Note that openpgp_cipher_algo_mode_name is different from the version
2.2 becuase we append ".CFB" here.

Without this change we would see

  gpg: cipher algorithm 'AES256' may not be used in
  --compliance=de-vs mode

This is confusing because AES256 is compliant.  Now we see

  gpg: cipher algorithm 'AES256.OCB' may not be used in
  --compliance=de-vs mode

which gives a hint on the problem.
2022-03-18 14:19:24 +01:00
Werner Koch
afe5fcda52
gpg: Add unfinished code for --export-secret-ssh-key.
* g10/gpg.c (exportSecretSshKey): New.
(opts): Add --export-secret-ssh-key.
(main): Implement option.
* g10/export.c (do_export_stream): Factor keywrap key code out to ...
(get_keywrap_key): new.
(mb_write_uint32, mb_write_uint8)
(mb_write_data, mb_write_cstring)
(mb_write_string, mb_write_mpi): New.
(receive_raw_seckey_from_agent): New.
(export_secret_ssh_key): New.
--

Due to time constraints the code is not yet ready.
2021-12-20 19:34:34 +01:00
Werner Koch
15746d60d4
gpg: Do not use weak digest algos if selected by recipient prefs.
* g10/misc.c (is_weak_digest): New.
(print_digest_algo_note): Use it here.
* g10/sig-check.c (check_signature_end_simple): Use it.
* g10/sign.c (hash_for): Do not use recipient_digest_algo if it is in
the least of weak digest algorithm.
--

If a message is signed and encrypted to several recipients, the to be
used digest algorithm is deduced from the preferences of the
recipient.  This is so that all recipients are able to check the the
signature.  However, if the sender has a declared an algorithm as
week, that algorithm shall not be used - in this case we fallback to
the standard way of selecting an algorithm.

Note that a smarter way of selecting the algo is to check this while
figuring out the algorithm - this needs more testing and thus we do it
the simple way.

Reported-by: Phil Pennock
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-11-02 13:45:19 +01:00
NIIBE Yutaka
21d8927f79 gpg: Change the API for checksum to use const qualifier.
* g10/main.h (checksum): Use const.
* g10/misc.c (checksum): Use const.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2020-11-02 11:26:09 +09:00
Werner Koch
243f9176e7
gpg: New command --quick-revoke-sig
* g10/gpg.c (enum cmd_and_opt_values): Add aQuickRevSig.
(opts): Add --quick-revoke-sig.
(main): Implement.
* g10/keyedit.c (quick_find_keyblock): Add arg 'want_secret' and
adjust all callers.
(keyedit_quick_revsig): new.
* g10/revoke.c (get_default_sig_revocation_reason): New.
* g10/keylist.c (cmp_signodes): Make global.
--

GnuPG-bug-id: 5093
2020-10-28 17:06:27 +01:00
Werner Koch
2cd8bae23d
Use only one copy of the warn_server_mismatch function.
* common/asshelp.c (warn_server_version_mismatch): New.  Actually a
slightly modified version of warn_version_mismatch found in other
modules.
* common/status.c (gnupg_status_strings): New.
* g10/cpr.c (write_status_strings2): New.
* g10/call-agent.c (warn_version_mismatch): Use the new unified
warn_server_version_mismatch function.
* g10/call-dirmngr.c (warn_version_mismatch): Ditto.
* g10/call-keyboxd.c (warn_version_mismatch): Ditto.
* sm/call-agent.c (warn_version_mismatch): Ditto.
* sm/call-dirmngr.c (warn_version_mismatch): Ditto.
* tools/card-call-scd.c (warn_version_mismatch): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-09-01 20:43:57 +02:00
Werner Koch
633c1fea5f
gpg: Collapse duplicate subkeys.
* g10/options.h (IMPORT_COLLAPSE_UIDS): New.
(IMPORT_COLLAPSE_SUBKEYS): New.
* g10/gpg.c (main): Make them the default.
* g10/import.c (parse_import_options): New import options
"no-collapse-uids" and "no-collapse_subkeys".
(collapse_subkeys): New.
(import_one_real): Collapse subkeys and allow disabling the collapsing
using the new options.
(read_key_from_file_or_buffer): Always collapse subkeys.
* g10/keyedit.c (fix_keyblock): Call collapse_subkeys.
--

GnuPG-bug-id: 4421
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-08-25 10:33:57 +02:00
Werner Koch
6864bba78e
gpg: Fix flaw in symmetric algorithm selection in mixed mode.
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo.  Fix error code.
(encrypt_simple): Use setup_symkey.
--

Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion.  The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-07-07 12:58:29 +02:00
Werner Koch
df0edaf91a
gpg: Fix broken setting of AEAD algo.
* g10/main.h (DEFAULT_AEAD_ALGO): Set to OCB.
--

With the old code and using libgcrypt 1.9 would have switched from the
high performance OCB to the ugly EAX mode.  We are free software, we
are OCB.
2020-04-15 22:21:46 +02:00
Werner Koch
6a4443c842
gpg: Make use of the included key block in a signature.
* g10/import.c (read_key_from_file): Rename to ...
(read_key_from_file_or_buffer): this and add new parameters.  Adjust
callers.
(import_included_key_block): New.
* g10/packet.h (PKT_signature): Add field flags.key_block.
* g10/parse-packet.c (parse_signature): Set that flags.
* g10/sig-check.c (check_signature2): Add parm forced_pk and change
all callers.
* g10/mainproc.c (do_check_sig): Ditto.
(check_sig_and_print): Try the included key block if no key is
available.
--

This is is the second part to support the new Key Block subpacket.
The idea is that after having received a signed mail, it is instantly
possible to reply encrypted - without the need for any centralized
infrastructure.

There is one case where this does not work: A signed mail is received
using a specified signer ID (e.g. using gpg --sender option) and the
key block with only that user ID is thus imported.  The next time a
mail is received using the same key but with a different user ID; the
signatures checks out using the key imported the last time.  However,
the new user id is not imported.  Now when trying to reply to that
last mail, no key will be found.  We need to see whether we can update
a key in such a case.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 17:14:34 +01:00
Werner Koch
32493ce50a
gpg: Add property "fpr" for use by --export-filter.
* g10/export.c (push_export_filters): New.
(pop_export_filters): New.
(export_pubkey_buffer): Add args prefix and prefixlen.  Adjust
callers.
* g10/import.c (impex_filter_getval): Add property "fpr".
* g10/main.h (struct impex_filter_parm_s): Add field hexfpr.
--

The push and pop feature will help us to use the export filter
internally in gpg.  Same for the export_pubkey_buffer change.

GnuPG-bug-id: 4856
Signed-off-by: Werner Koch <wk@gnupg.org>
2020-03-13 13:19:31 +01:00
Werner Koch
6aff8a1328
build: Always use EXTERN_UNLESS_MAIN_MODULE pattern.
* common/util.h (EXTERN_UNLESS_MAIN_MODULE): Add the definion only
here but now without the Norcroft-C.  Change all other places where it
gets defined.
* common/iobuf.h (iobuf_debug_mode): Declare unconditionally as
extern.
* common/iobuf.c (iobuf_debug_mode): Define it here.
* agent/gpg-agent.c (INCLUDED_BY_MAIN_MODULE): Define here and also in
all main modules of all other programs.

* g10/main.h: Put util.h before the local header files.
--

This change is required for use with gcc/ld's LTO feature which does
not allow common blocks.  Further gcc 10 will make -fno-common the
default and thus this chnage is always needed.  What a pitty.

Co-authored-by: Tomáš Mráz
GnuPG-bug-id: 4831
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 21d9bd8b87a9f793a106095e3838eb71825189d7)

- Applied respective chnages also to gpg-card and keyboxd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-10 16:50:47 +01:00
Werner Koch
49c891a9bf
common: Add OpenPGP<->Gcrypt pubkey id mapping functions.
* g10/misc.c (map_pk_gcry_to_openpgp): Move to ...
* common/openpgp-oid.c (map_gcry_pk_to_openpgp): here and rename.
Change all 4 callers.
(map_openpgp_pk_to_gcry): New.

Signed-off-by: Werner Koch <wk@gnupg.org>
2020-02-09 14:04:18 +01:00
Werner Koch
e624c41dba
gpg: Add option --allow-weak-key-signatures.
* g10/gpg.c (oAllowWeakKeySignatures): New.
(opts): Add --allow-weak-key-signatures.
(main): Set it.
* g10/options.h (struct opt): Add flags.allow_weak_key_signatures.
* g10/misc.c (print_sha1_keysig_rejected_note): New.
* g10/sig-check.c (check_signature_over_key_or_uid): Print note and
act on new option.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-11-07 10:36:17 +01:00
Werner Koch
aba82684fe
gpg: New option --use-keyboxd.
* g10/gpg.c (oUseKeyboxd,oKeyboxdProgram): New consts.
(opts): New options --use-keyboxd and --keyboxd-program.
(main): Implement them.
* g10/keydb.c: Move some defs out to ...
* g10/keydb-private.h: new file.
* g10/keydb.c: prefix function names with "internal" and move original
functions to ...
* g10/call-keyboxd.c: new file.  Divert to the internal fucntion if
--use-keyboxd is used.  Add a CTRL arg to most fucntions and change
all callers.
* g10/Makefile.am (common_source): Add new files.
(noinst_PROGRAMS): Do bot build gpgcompose.
--

Note that this is just the framework with only a basic implementation
of searching via keyboxd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-09-09 15:01:47 +02:00
Werner Koch
d00c8024e5
gpg: New command --locate-external-key.
* g10/gpg.c (aLocateExtKeys): New.
(opts): Add --locate-external-keys.
(main): Implement that.
* g10/getkey.c (get_pubkey_byname): Implement GET_PUBKEY_NO_LOCAL.
(get_best_pubkey_byname): Add arg 'mode' and pass on to
get_pubkey_byname.  Change callers.
* g10/keylist.c (public_key_list): Add arg 'no_local'.
(locate_one): Ditto.  Pass on to get_best_pubkey_byname.
--

This new command is a shortcut for

  --auto-key-locate nodefault,clear,wkd,... --locate-key

and uses the default or configured AKL list but does so without local.

See also
GnuPG-bug-id: 4599

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:13:26 +02:00
Werner Koch
cc6069ac6e
gpg: Allow deletion of subkeys with --delete-[secret-]key.
* common/userids.c (classify_user_id): Do not set the EXACT flag in
the default case.
* g10/export.c (exact_subkey_match_p): Make static,
* g10/delkey.c (do_delete_key): Implement subkey only deleting.
--

GnuPG-bug-id: 4457
2019-05-27 10:40:38 +02:00
Werner Koch
126caa34bb
gpg: Unify the the use of the print_pubkey_info functions.
* g10/keylist.c (format_seckey_info): Remove.
(print_pubkey_info, print_seckey_info): Remove.
(format_key_info): New.
(print_key_info): New.
(print_key_info_log): New.
* g10/card-util.c (current_card_status): Use print_key_info and remove
the useless condition on KEYBLOCK.
* g10/delkey.c (do_delete_key): Replace print_pubkey_info and
print_seckey_info by print_key_info.
* g10/keyedit.c (menu_addrevoker): Replace print_pubkey_info by
print_key_info.
* g10/pkclist.c (do_we_trust_pre): Ditto.
* g10/revoke.c (gen_desig_revoke): Ditto.
(gen_revoke): Ditto.  Also use print_key_info_log instead of separate
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-05-21 13:02:32 +02:00
Werner Koch
5205512fc0
gpg: Allow import of PGP desktop exported secret keys.
* g10/import.c (NODE_TRANSFER_SECKEY): New.
(import): Add attic kludge.
(transfer_secret_keys): Add arg only_marked.
(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
r_removedsecs.
(import_secret_one): New arg r_secattic.  Change to take ownership of
arg keyblock.  Implement extra secret key import logic.  Factor some
code out to ...
(do_transfer): New.
(import_matching_seckeys): New.
--

The PGP desktops exported secret keys are really stupid.  And they
even a have kind of exception in rfc4880 which does not rule that
out (section 11.2):

  [...]  Implementations SHOULD include self-signatures on any user
  IDs and subkeys, as this allows for a complete public key to be
  automatically extracted from the transferable secret key.
  Implementations MAY choose to omit the self-signatures, especially
  if a transferable public key accompanies the transferable secret
  key.

Now if they would only put the public key before the secret
key. Anyway we now have a workaround for that ugliness.

GnuPG-bug-id: 4392
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-18 13:07:14 +01:00
Werner Koch
ec13b1c562
gpg: Move S2K encoding function to a shared file.
* g10/passphrase.c (encode_s2k_iterations): Move function to ...
* common/openpgp-s2k.c: new file.  Remove default intialization code.
* common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
* g10/call-agent.c (agent_get_s2k_count): Change to return the count
and print an error.
* agent/protect.c: Include openpgpdefs.h
* g10/card-util.c (gen_kdf_data): Adjust for changes
* g10/gpgcompose.c: Include call-agent.h.
(sk_esk): Adjust for changes.
* g10/passphrase (passphrase_to_dek): Adjust for changes.
* g10/main.h (S2K_DECODE_COUNT): Remove macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-26 23:10:38 +01:00
Werner Koch
1e700961dd
gpg: Start using OCB mode by default with Libgcrypt 1.9.
* g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition.
--

GnuPG-bug-id: 4259
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 09:19:10 +01:00
Werner Koch
592deeddb9
gpg: Print revocation reason for "rev" records.
* g10/main.h: Add prototype.
* g10/keylist.c (list_keyblock_print): Print revocation info.
(list_keyblock_colon): Ditto.

* g10/test-stubs.c (get_revocation_reason): New stub.
* g10/gpgv.c (get_revocation_reason): New stub.
--

GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-21 20:28:51 +02:00
Werner Koch
36373798c0
Merge branch 'STABLE-BRANCH-2-2' into master
--
Fixed conflicts:
  NEWS            - keep master
  configure.ac    - merge
  g10/card-util.c - mostly 2.2
  g10/sig-check.c - 2.2
2018-04-10 10:14:30 +02:00
NIIBE Yutaka
a1515b3bbc g10: Support key attribute change at --card-edit/generate.
* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
number 25519 for ed25519/cv25519.  Rename from ask_card_keyattr.
(ask_card_keyattr): Support ECC, as well as RSA.
(do_change_keyattr): Support ECC dropping magical number 25519.
* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
of CURRENT.
(generate_keypair): Follow the change of ask_curve.
(generate_subkeypair): Likewise.

--

GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-29 11:56:02 +09:00
Werner Koch
303310d05e
gpg: Rename a misnomed arg in open_outfile.
* g10/openfile.c (open_outfile): Rename inp_fd to out_fd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-28 18:59:18 +01:00
Werner Koch
f3ef8b0dca
gpg: New option --chunk-size.
* g10/gpg.c (opts): New option --chunk-size.
(oChunkSize): New const.
(build_list_aead_test_algo, build_list_aead_algo_name): New.
(my_strusage): List AEAD algos.
(main): Implement --chunk-size..
* g10/options.h (struct opt): Add field 'chunk_size'.
(DBG_IPC): Remove duplicated macro.
* g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version.
* g10/misc.c (openpgp_aead_test_algo): Ditto.

* g10/cipher-aead.c: Silence if not in debug mode.
* g10/decrypt-data.c: Ditto.
--

And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
Werner Koch
9aab9167bc
gpg: Implement AEAD for SKESK packets.
* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
* g10/parse-packet.c (parse_symkeyenc): Ditto.
* g10/encrypt.c (encrypt_symmetric): Force using a random session
key in AEAD mode.
(encrypt_seskey): Add and support arg aead_algo.
(write_symkey_enc): Ditto.
(encrypt_simple): Adjust accordingly.
(encrypt_filter): Ditto.
* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
support.
* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD.  Nver call BUG
but return an error.
(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.

* g10/import.c (check_prefs): Check AEAD preferences.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
--

For easier debugging this patch also changes some diagnostics to also
print the encryption mode with the cipher algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-23 12:07:57 +01:00
Werner Koch
da3015e3c0
gpg: Unify AEAD parameter retrieval.
* g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
* g10/encrypt.c (use_aead): Return the AEAD algo.
(encrypt_simple): Adjust for this change.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.

* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_algo_info): New.
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(write_header): Use new fucntion.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(decrypt_data): Use new function.  Also allow for chunkbytes other
than 10.
--

Note that other chunk bytes than 10 and in particular 0 (64 byte
chunks) have not yet been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-22 16:50:21 +01:00
Werner Koch
0131d4369a
gpg: Refactor function encrypt_seskey.
* g10/encrypt.c (encrypt_seskey): Allocate the buffer for the
encrypted key and returns that buffer and its length.
(encrypt_simple): Adjust for above change.
(write_symkey_enc): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-22 15:50:24 +01:00
Werner Koch
4e2ba546cd
gpg: New option --force-aead
* g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric
into single bit vars.  Make sure they are always set to 1 or 0.
(DEK): New field use_aead.
* g10/options.h (struct opt): New field force_aead.
* g10/pkclist.c (select_aead_from_pklist): New.
* g10/gpg.c (oForceAEAD): New const.
(opts): New options "--force-aead".
(main): Set new option.
* g10/encrypt.c (use_aead): New.
(encrypt_simple): Implement new flags DEK.use_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
--

This patch should be enough to detect whether AEAD can be used.
Not tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:07:11 +01:00
Werner Koch
8217cd4936
gpg: Add option and preference framework for AEAD.
* common/openpgpdefs.h (aead_algo_t): New.
(SIGSUBPKT_PREF_AEAD): New.
* g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New.
(opts): New options --aead-algo and --personal-aead-preferences.
(set_compliance_option): Clar aead algo.
(main): Parse and check the new options
* g10/options.h (struct opt): Add fields def_aead_algo and
personal_aead_prefs.
* g10/packet.h (PREFTYPE_AEAD): New enum value.
(PKT_user_id): Add field flags.aead.
(PKT_public_key): Add field flags.aead.
* g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD.
* g10/getkey.c (fixup_uidnode): Set AEAD flag.
(merge_selfsigs): Ditto.
* g10/kbnode.c (dump_kbnode): Show aead flag.
* g10/keyedit.c (show_prefs): Ditto.
(show_key_with_all_names_colon): Ditto.
* g10/keygen.c (aead_presf, n_aead_prefs): New vars.
(set_one_pref): Suppport PREFTYPE_AEAD.
(keygen_set_std_prefs): Parse AEAD preferences.
(keygen_get_std_prefs): Ditto.
(add_feature_aead): New.
(keygen_upd_std_prefs): Call that and build AEAD pref  packet.
* g10/main.h (DEFAULT_AEAD_ALGO): New const.
* g10/misc.c (openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(string_to_aead_algo): New.
(default_aead_algo): New.
--

This is only used in --rfc4880bis mode and not really tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:51:03 +01:00
Werner Koch
752cae6dd2
gpg: Simplify keydb handling of the main import function.
* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int.  Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto.  Use a single keydb_new and simplify the use of
of keydb_release.
--

Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use.  Note that we also
disable the keydb caching for the insert case.

The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-19 15:00:05 +02:00
Werner Koch
d353287f72
gpg: Simplify keydb handling of the main import function.
* g10/import.c (import_keys_internal): Return gpg_error_t instead of
int.  Change var names.
(import_keys_es_stream): Ditto.
(import_one): Ditto.  Use a single keydb_new and simplify the use of
of keydb_release.
--

Note that this opens a keydb handle before we call
get_pubkey_byfprint_fast which internally uses another key db handle.
A further patch will cleanup this double use.  Note that we also
disable the keydb caching for the insert case.

The s/int/gpg_error_t/ has been done while checking the call chains of
the import functions and making sure that gpg_err_code is always used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-10-18 13:56:14 +02:00
Daniel Kahn Gillmor
73ff075204 gpg: default to AES-256.
* g10/main.h (DEFAULT_CIPHER_ALGO): Prefer AES256 by default.

--

It's 2017, and pretty much everyone has AES-256 available.  Symmetric
crypto is also rarely the bottleneck (asymmetric crypto is much more
expensive).  AES-256 provides some level of protection against
large-scale decryption efforts, and longer key lengths provide a hedge
against unforseen cryptanalysis.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-09-08 14:32:49 -04:00
Marcus Brinkmann
624cd2d0bf Revert "g10: Always save standard revocation certificate in file."
This reverts commit ebc65ff459e6c228fb7406e375819a9fe5637abe.
2017-08-01 19:08:16 +02:00
Marcus Brinkmann
ebc65ff459 g10: Always save standard revocation certificate in file.
* g10/main.h (open_outfile): New parameter NO_OUTFILE.
* g10/openfile.c (open_outfile): New parameter NO_OUTFILE.  If given,
never use opt.outfile.
* g10/revoke.c (create_revocation): If FILENAME is true, also set
NO_OUTFILE to true (for standard revocation certificates).
* g10/dearmor.c, g10/encrypt.c, g10/export.c, g10/revoke.c,
g10/sign.c: Adjust all other callers.

Signed-off-by: Marcus Brinkmann <mb@g10code.com>
GnuPG-bug-id: 3015
2017-08-01 17:41:03 +02:00
Werner Koch
e7068bf92e
gpg: Store key origin info for new DANE and WKD retrieved keys.
* g10/import.c (apply_meta_data): Remove arg 'merge'.  Add arg 'url'.
Implement WKD and DANE key origin.
(import_keys_internal): Add arg 'url' and change all callers.
(import_keys_es_stream): Ditto.
(import): Ditto.
(import_one): Ditto.
* g10/keylist.c (list_keyblock_print): Fix update URL printing.
* g10/call-dirmngr.c (gpg_dirmngr_wkd_get): Add arg 'r_url' to return
the SOURCE.  Pass ks_status_cb to assuan_transact.
* g10/keyserver.c (keyserver_import_wkd): Get that URL and pass it to
the import function.
--

Note that this only for new keys.  Merging this info will be added
soon.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-07-24 20:09:52 +02:00