* g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
* g10/encrypt.c (use_aead): Return the AEAD algo.
(encrypt_simple): Adjust for this change.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_algo_info): New.
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(write_header): Use new fucntion.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(decrypt_data): Use new function. Also allow for chunkbytes other
than 10.
--
Note that other chunk bytes than 10 and in particular 0 (64 byte
chunks) have not yet been tested.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric
into single bit vars. Make sure they are always set to 1 or 0.
(DEK): New field use_aead.
* g10/options.h (struct opt): New field force_aead.
* g10/pkclist.c (select_aead_from_pklist): New.
* g10/gpg.c (oForceAEAD): New const.
(opts): New options "--force-aead".
(main): Set new option.
* g10/encrypt.c (use_aead): New.
(encrypt_simple): Implement new flags DEK.use_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
--
This patch should be enough to detect whether AEAD can be used.
Not tested.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pkclist.c (default_recipient): Use hexfingerprint.
--
Note that on malloc failure this function now returns NULL instead of
terminating the process. However, under memory pressure any function
called latter will very likely fail as well.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.
--
When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring. Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.
Thanks to Guido Günther for the use case and the log.
Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions. Quite
a lot of changes but fortunately straightforward to do.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/trustdb.c (init_trustdb): Add and implement arg NO_CREATE.
Change to return an error code. Change all callers to to pass False
for NO_CREATE.
(tdb_get_ownertrust): New arg NO_CREATE. Call init_trustdb to test
for a non-existing trustdb. Change all callers to to pass False for
NO_CREATE.
(tdb_get_min_ownertrust): Ditto.
* g10/trust.c (get_ownertrust_with_min): Add arg NO_CREATE. Call
init_trustdb for a quick check.
(get_ownertrust_info): Add arg NO_CREATE.
(get_ownertrust_string): Ditto.
* g10/gpgv.c (get_ownertrust_info): Adjust stub.
* g10/test-stubs.c (get_ownertrust_info): Ditto.
* g10/mainproc.c (list_node): Call get_ownertrust_info with NO_CREATE
set.
* g10/pubkey-enc.c (get_it): Ditto.
--
Fixes-commit: effa80e0b5
For details see mails on Feb 27 and 28 by dkg, gniibe, and Justus to
gnupg-devel 'test failure on git master with
decrypt-session-key.scm (and: continuous integration?)'
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (struct pubkey_cmp_cookie): New type.
(key_is_ok, uid_is_ok, subkey_is_ok): New functions.
(pubkey_cmp): Likewise.
(get_best_pubkey_byname): Likewise.
* g10/keydb.h (get_best_pubkey_byname): New prototype.
* g10/keylist.c (locate_one): Use the new function.
* g10/pkclist.c (find_and_check_key): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add new test.
(TEST_FILES): Add new files.
* tests/openpgp/key-selection.scm: New file.
* tests/openpgp/key-selection/0.asc: Likewise.
* tests/openpgp/key-selection/1.asc: Likewise.
* tests/openpgp/key-selection/2.asc: Likewise.
* tests/openpgp/key-selection/3.asc: Likewise.
* tests/openpgp/key-selection/4.asc: Likewise.
--
When a name resembling a mail address is given to either --locate-keys
or --recipient, rank the search results and use only the most relevant
key.
This also lets us query which key will be used for encryption using
--locate-keys. However, note that --locate-keys may also return keys
incapable of encryption, though it will prefer keys that have an
encryption subkey.
GnuPG-bug-id: 2359
Signed-off-by: Justus Winter <justus@g10code.com>
* g10/tofu.c: Include "sqrtu32.h".
(struct tofu_dbs_s.s): Rename get_trust_gather_other_keys to
get_trust_gather_signature_stats. Add new field
get_trust_gather_encryption_stats.
(initdb): Create the encryptions table.
(ask_about_binding): Show the encryption statistics too.
(tofu_register): Rename from this...
(tofu_register_signature): ... to this and update callers.
(tofu_register_encryption): New function.
(write_stats_status): Add parameters encryption_count,
encryption_first_done and encryption_most_recent. Update callers.
Compute the trust using the euclidean distance of the signature and
signature count. Compare with twice the threshold. Include
encryption count information in the TFS and TOFU_STATS lines.
(show_statistics): Also get information about the encrypted messages.
* g10/trustdb.c (tdb_get_validity_core): Use it.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/pkclist.c (do_we_trust): Handle TRUST_NEVER, which can be
returned by the TOFU trust model.
(do_we_trust_pre): Print a different message if TRUSTLEVEL is
TRUST_NEVER.
(check_signatures_trust): Improve comment.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/gpg.c (oRecipientFile, oHiddenRecipientFile): New.
(opts): Add options --recipient-file and --hidden-recipient-file.
(main): Implement them. Also remove duplicate code from similar
options.
* g10/keydb.h (PK_LIST_FROM_FILE): New.
(PK_LIST_SHIFT): Bump up.
* g10/pkclist.c (expand_group): Take care of PK_LIST_FROM_FILE.
(find_and_check_key): Add and implement arg FROM_FILE.
(build_pk_list): Pass new value for new arg.
* g10/getkey.c (get_pubkey_fromfile): New.
* g10/gpgv.c (read_key_from_file): New stub.
* g10/test-stubs.c (read_key_from_file): New stub.
* g10/server.c (cmd_recipient): Add flag --file.
* g10/import.c (read_key_from_file): New.
* tests/openpgp/defs.scm (key-file1): New.
(key-file2): New.
* tests/openpgp/setup.scm: Add their private keys and import the
key-file1.
* tests/openpgp/encrypt.scm: Add new test.
--
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (main): Add option "none" to --keyid-format.
* g10/options.h (KF_NONE): New.
* g10/keyid.c (format_keyid): Implement that.
(keystr): Use format "long" is KF_NONE is in use.
(keystr_with_sub): Ditto.
* g10/keylist.c (list_keyblock_print): Adjust indentaion for KF_NONE.
Factor some code out to ...
(print_key_line): new.
(print_fingerprint): Add mode 20.
* g10/mainproc.c (list_node): Use print_key_line. Replace MAINKEY by
flags.primary in the PK. Fix putting a " revoked..." string into the
colons format.
* g10/pkclist.c (do_edit_ownertrust): Use print_key_line. This
slightly changes the putput format.
* g10/revoke.c (gen_standard_revoke): Use print_key_line. This may
also put "expires: " into the output.
--
Due to user experience problems with the keyid and we better allow to
show the fingerprint instead. Note that we do not support v3 keys
anymore and thus there is no technical need for a user to know the
keyid.
GnuPG-bug-id: 2379
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (struct result): Move from here...
* g10/keydb.h (struct pubkey): ... to here. Update users.
* g10/gpg.c (check_user_ids): Move from here...
* g10/getkey.c (get_pubkeys): ... to here. Update users. Use
get_pubkey_byname to look up the keys (this also prunes invalid keys).
(pubkey_free): New function.
(pubkeys_free): New function.
* g10/gpg.c (main): Don't check for ambiguous key specifications.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Regression-due-to: e8c53fc
This change not only moves the checks for ambiguous key specifications
from gpg.c to getkey.c, it also disables the checks. The old code was
too divorced from the actual key lookups and, as such, it reproduced
the logic. Unfortunately, the reproduction was a poor one: despite
fixing some inconsistencies (e.g., 10cca02), it still didn't deal with
group expansion or the auto key lookup functionality. Given the
amount of instability introduced by this change, we (Neal & Werner)
decided it is better to defer introducing this functionality until
2.3.
* g10/gpg.c (main): If --encrypt-to-default-key is specified, don't
add --default-key's value to REMUSR here...
* g10/pkclist.c (build_pk_list): ... do it here.
* tests/openpgp/Makefile.am (TESTS): Add default-key.test.
* tests/openpgp/default-key.test: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/pkclist.c (build_pk_list): Remove parameter use, which is always
called set to PUBKEY_USAGE_ENC. Update callers.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>
* g10/keydb.h (PK_LIST_ENCRYPT_TO, PK_LIST_HIDDEN, PK_LIST_CONFIG)
(PK_LIST_SHIFT): New.
* g10/pkclist.c (build_pk_list): Use them here.
* g10/gpg.c (check_user_ids, main): Ditto.
* g10/gpg.c (main): Set PK_LIST_CONFIG for REMUSR and LOCUSR.
(check_user_ids): Skip check for command line specified options.
--
If a key has been given on the command line and it has not been
given by one of the encrypt-to options, we now skip the checks. The
reason is that the actual key selection code does its own checks and
provides proper status message to the caller to detect the wrong keys.
Without this we would break most frontends because they expect for
example STATUS_INV_RECP.
Signed-off-by: Werner Koch <wk@gnupg.org>
* configure.ac: Check for sqlite3.
(SQLITE3_CFLAGS): AC_SUBST it.
(SQLITE3_LIBS): Likewise.
* g10/Makefile.am (AM_CFLAGS): Add $(SQLITE3_CFLAGS).
(gpg2_SOURCES): Add tofu.h and tofu.c.
(gpg2_LDADD): Add $(SQLITE3_LIBS).
* g10/tofu.c: New file.
* g10/tofu.h: New file.
* g10/options.h (trust_model): Define TM_TOFU and TM_TOFU_PGP.
(tofu_db_format): Define.
* g10/packet.h (PKT_signature): Add fields digest and digest_len.
* g10/gpg.c: Include "tofu.h".
(cmd_and_opt_values): Declare aTOFUPolicy, oTOFUDefaultPolicy,
oTOFUDBFormat.
(opts): Add them.
(parse_trust_model): Recognize the tofu and tofu+pgp trust models.
(parse_tofu_policy): New function.
(parse_tofu_db_format): New function.
(main): Initialize opt.tofu_default_policy and opt.tofu_db_format.
Handle aTOFUPolicy, oTOFUDefaultPolicy and oTOFUDBFormat.
* g10/mainproc.c (do_check_sig): If the signature is good, copy the
hash to SIG->DIGEST and set SIG->DIGEST_LEN appropriately.
* g10/trustdb.h (get_validity): Add arguments sig and may_ask. Update
callers.
(tdb_get_validity_core): Add arguments sig and may_ask. Update
callers.
* g10/trust.c (get_validity) Add arguments sig and may_ask. Pass them
to tdb_get_validity_core.
* g10/trustdb.c: Include "tofu.h".
(trust_model_string): Handle TM_TOFU and TM_TOFU_PGP.
(tdb_get_validity_core): Add arguments sig and may_ask. If
OPT.TRUST_MODEL is TM_TOFU or TM_TOFU_PGP, compute the TOFU trust
level. Combine it with the computed PGP trust level, if appropriate.
* g10/keyedit.c: Include "tofu.h".
(show_key_with_all_names_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/keylist.c: Include "tofu.h".
(public_key_list): Also show the PGP stats if the trust model is
TM_TOFU_PGP.
(list_keyblock_colon): If the trust mode is tofu or
tofu+pgp, then show the trust policy.
* g10/pkclist.c: Include "tofu.h".
* g10/gpgv.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* g10/test-stubs.c (get_validity): Add arguments sig and may_ask.
(enum tofu_policy): Define.
(tofu_get_policy): New stub.
(tofu_policy_str): Likewise.
* doc/DETAILS: Describe the TOFU Policy field.
* doc/gpg.texi: Document --tofu-set-policy, --trust-model=tofu,
--trust-model=tofu+pgp, --tofu-default-policy and --tofu-db-format.
* tests/openpgp/Makefile.am (TESTS): Add tofu.test.
(TEST_FILES): Add tofu-keys.asc, tofu-keys-secret.asc,
tofu-2183839A-1.txt, tofu-BC15C85A-1.txt and tofu-EE37CF96-1.txt.
(CLEANFILES): Add tofu.db.
(clean-local): Add tofu.d.
* tests/openpgp/tofu.test: New file.
* tests/openpgp/tofu-2183839A-1.txt: New file.
* tests/openpgp/tofu-BC15C85A-1.txt: New file.
* tests/openpgp/tofu-EE37CF96-1.txt: New file.
* tests/openpgp/tofu-keys.asc: New file.
* tests/openpgp/tofu-keys-secret.asc: New file.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/keydb.h (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this. Drop the parameter name. Update
users.
* g10/getkey.c (get_seckey_byname): Rename from this...
(get_seckey_default): ... to this. Drop the parameter name. Drop the
code which assumed that NAME is not NULL.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/keydb.h (get_keyblock_byfprint): Remove prototype. Replace use
of this function with get_pubkey_byfprint.
* g10/getkey.c (get_pubkey_byname): Remove function.
--
Signed-off-by: Neal H. Walfield <neal@g10code.com>.
* g10/gpg.h (g10_errstr): Remove macro and change all occurrences by
gpg_strerror.
(G10ERR_): Remove all macros and change all occurrences by their
GPG_ERR_ counterparts.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oRFC1991, oPGP2): Remove
(opts): Remove --pgp2 and --rfc1991.
* g10/options.h (CO_PGP2, CO_RFC1991): Remove. Remove all users.
(RFC2440, PGP2): Remove. Remove all code only enabled by these
conditions.
* tests/openpgp/clearsig.test: Remove --rfc1991 test.
--
The use of PGP 2.c is considered insecure for quite some time
now (e.g. due to the use of MD5). Thus we remove all support for
_creating_ PGP 2 compatible messages.
* configure.ac: Add option --disable-trust-models
(NO_TRUST_MODELS): New ac_define and am_conditional.
* g10/Makefile.am (trust_source): New.
(gpg2_SOURCES): Factor some files out to above. Add trust.c.
* g10/gpg.c [NO_TRUST_MODELS]: Disable options --export-ownertrust,
--import-ownertrust, --update-trustdb, --check-trustdb, --fix-trustdb,
--list-trustdb, --trustdb-name, --auto-check-trustdb,
--no-auto-check-trustdb, and --force-ownertrust.
(parse_trust_model) [NO_TRUST_MODELS]: Do not build.
(main) [NO_TRUST_MODELS]: Set trust_model to always and exclude all
trustdb related option code.
* g10/keyedit.c (cmds) [NO_TRUST_MODELS]: Remove menu items "trust",
"enable", and "disable".
* g10/keylist.c (public_key_list) [NO_TRUST_MODELS]: Do not print
"tru" record.
* g10/trust.c: New.
* g10/trustdb.c (struct key_item): Move to trustdb.h.
(register_trusted_keyid): Rename to tdb_register_trusted_keyid.
(register_trusted_key): Rename to tdb_register_trusted_key.
(trust_letter, uid_trust_string_fixed, trust_value_to_string)
(string_to_trust_value, get_ownertrust_with_min, get_ownertrust_info)
(get_ownertrust_string, get_validity_info, get_validity_string)
(clean_sigs_from_uid, clean_uid_from_key, clean_key): Move to trust.c.
(mark_usable_uid_certs): Move to trust.c and make global.
(is_in_klist): Move as inline to trustdb.h.
(trustdb_check_or_update): Rename to tdb_check_or_update
(revalidation_mark): Rename to tdb_revalidation_mark.
(get_ownertrust): Rename to tdb_get_ownertrust.
(get_min_ownertrust): Rename to tdb_get_min_ownertrust.
(update_ownertrust): Rename to tdb_update_ownertrust.
(clear_ownertrusts): Rename to tdb_clear_ownertrusts.
(cache_disabled_value): Rename to tdb_cache_disabled_value.
(check_trustdb_stale): Rename to tdb_check_trustdb_stale.
(get_validity): Rename to tdb_get_validity_core, add arg MAIN_PK and
factor some code out to ...
* trust.c (get_validity): ...new.
(check_or_update_trustdb): New wrapper.
(revalidation_mark): New wrapper.
(get_ownertrust): New wrapper.
(get_ownertrust_with_min): New wrapper.
(update_ownertrust): New wrapper.
(clear_ownertrusts): New wrapper.
(cache_disabled_value): New wrapper.
(check_trustdb_stale): New wrapper.
* tests/openpgp/defs.inc (opt_always): New. Use in all tests instead
of --always-trust.
* g10/gpg.c (oLegacyListMode, opts, main): Add --legacy-list-mode.
* g10/options.h (struct opt): Add field legacy_list_mode.
* g10/keydb.h (PUBKEY_STRING_SIZE): New.
* g10/keyid.c (pubkey_string): New.
* g10/import.c (import_one, import_secret_one): Use pubkey_string.
* g10/keylist.c (print_seckey_info): Ditto.
(print_pubkey_info, print_card_key_info): Ditto.
(list_keyblock_print): Ditto.
* g10/mainproc.c (list_node): Ditto.
* g10/pkclist.c (do_edit_ownertrust, build_pk_list): Ditto.
* g10/keyedit.c (show_key_with_all_names): Ditto. Also change the
format.
(show_basic_key_info): Ditto.
* common/openpgp-oid.c (openpgp_curve_to_oid): Also allow "ed25519".
(openpgp_oid_to_curve): Downcase "ed25519"
--
For ECC it seems to be better to show the name of the curve and not
just the size of the prime field. The curve name does not anymore fit
into the "<size><letter>" descriptor (e.g. "2048R") and a fixed length
format does not work either. Thus the new format uses
"rsa2048" - RSA with 2048 bit
"elg1024" - Elgamal with 1024 bit
"ed25519" - ECC using the curve Ed25519.
"E_1.2.3.4" - ECC using the unsupported curve with OID "1.2.3.4".
unless --legacy-list-mode is given. In does not anymore line up
nicely in columns thus I expect further changes to this new format.
Signed-off-by: Werner Koch <wk@gnupg.org>
The asymmetric quotes used by GNU in the past (`...') don't render
nicely on modern systems. We now use two \x27 characters ('...').
The proper solution would be to use the correct Unicode symmetric
quotes here. However this has the disadvantage that the system
requires Unicode support. We don't want that today. If Unicode is
available a generated po file can be used to output proper quotes. A
simple sed script like the one used for en@quote is sufficient to
change them.
The changes have been done by applying
sed -i "s/\`\([^'\`]*\)'/'\1'/g"
to most files and fixing obvious problems by hand. The msgid strings in
the po files were fixed with a similar command.
We better do this once and for all instead of cluttering all future
commits with diffs of trailing white spaces. In the majority of cases
blank or single lines are affected and thus this change won't disturb
a git blame too much. For future commits the pre-commit scripts
checks that this won't happen again.
overflow when picking an algorithm (not a security issue since we
can't pick something not present in all preference lists, but we might
pick something that isn't scored first choice).
* pkclist.c (select_algo_from_prefs): Slightly improve the handling of
MD5 in preference lists. Instead of replacing MD5 with SHA-1, just
remove MD5 from the list altogether, and let the next-highest ranked
algorithm be chosen.