* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
subkey cleaning into ...
(clean_all_subkeys): new. Call that always after the former clean_key
invocations.
--
Note that the clean_all_subkeys function will later be extended.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--
GnuPG-bug-id: 4046
The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (read_block): Add special treatment for bad user ids
and comment packets.
--
See
GnuPG-bug-id: 4022
for an example of a bogus user id.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/sig-check.c (check_signature_end_simple): Check sign usage.
--
Without this patch the signature verification fails only due to the
missing back signature. This check better explains what went wrong.
GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (get_revocation_reason): New.
(list_standalone_revocation): Extend function.
--
Note that this function extends the "rvs" field signature-class (field
11) with the revocation reason. GPGME does not yet parse this but it
can be expected that the comma delimiter does not break other parsers.
A new field is added to the "rvs" (and in future also the "rev")
record to carry a record specific comment. Hopefully all parsers
meanwhile learned the lesson from other new fields and don't bail out
on more fields than they know about.
This is partial solution to
GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (impex_filter_getval): Add new "usage" property for
drop-subkey filter.
--
For example, this permits extraction of only encryption-capable
subkeys like so:
gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR
GnuPG-Bug-id: 4019
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/gpg.c (main): Set some list options.
--
The new command --show-keys is commonly used to check the content of a
file with keys. In this case it can be expected that all included
subkeys and uids are of interested, even when they are already expired
or have been revoked.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--
This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic. The mention CVE is about using this to inject
status-fd lines into the stderr output. Other harm good as well be
done. Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.
CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012
* g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
(remove_duplicate_sigs): new.
(key_check_all_keysigs): Call remove_duplicate_sigs again after
reordering.
--
This is a follupup for commit 26bce2f01d
to cleanup the code and to add a second de-duplicate step when needed.
GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (PKG_siganture): Add field 'help_counter'.
* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
(key_check_all_keysigs): De-duplicate on a per-block base.
--
The key_check_all_keysigs first does a detection of duplicate
signature. This is done over all signatures at once. The problem
here is for example:
key
uid_1
sig_uid_1.1
sig_uid_1.2
subkey_1
sig_sub_1.1
subkey_2
sig_sub_2.1
sig_sub_2.2 (duplicate of sig_sub_1.1)
Now the de-duplication deletes the first signature and keeps the
second. That works in most cases for foreign signature on userids but
in the above constellation the code simply removes sig_sub_1.1 so that
subkey_1 has no binding signature anymore. In a later step during
import the missing binding is detected and subkey_1 is removed because
it is not anymore valid. The sig_sub_2.2 will also be removed later
because it does not check out for subkey_2 (that is as expected).
The fix is to let the de-duplication work only on blocks (ie. within
the signatures of a user id or a subkey). This will not detect all
duplicates but that does not harm because later steps will detect and
remove them.
In the above case (with this patch applied) the second phase of
key_check_all_keysigs will reorder key signatures and move the
duplicate sig_sub_2.2 directly after sig_sub_1.1. This duplicates the
signature and for cleanness we should kick the de-duplication process
again. This will be done with a followup patch.
GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--
Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line. We fail only later to get more information. Callers
need to check and act upon the decryption error code anyway.
Thanks to Marcus for pointing out this case.
GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--
Using
--import --import-options show-only
to look at a key is too cumbersome. Provide this shortcut and also
remove some diagnostic cruft in this case.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_pubkey_enc): Remove a comment.
--
GnuPG always uses the OpenPGP algo number in its status report.
We can find a function in GPGME, it's _gpgme_map_pk_algo.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
MDC. Also print a dedicated status error code
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oAllowMultisigVerification)
(oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
(opts): Turn --allow-multisig-verification, --allow-multiple-messages
and --no-allow-multiple-messages into NOPs
* g10/options.h (struct opt): Remove flags.allow_multiple_messages.
* g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
false.
--
These options are very old compatibility hacks and should not be used
anymore. We keep them as dummy options in case someone has them in
the conf file.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c: Make --pgp6 an alias for --pgp7.
* common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
* g10/options.h (PGP6): Remove. Adjust all users.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify. MDC is now almost always used.
(use_aead): Ignore MDC options. Print warning for missing MDC feature
flags.
* g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
(warn_missing_aead_from_pklist): this and adjust.
--
The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--
Users should not be allowed to suppress the warning that they are
shooting into their foot.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/compress.c (push_compress_filter2): Return an error if no filter
was pushed.
(push_compress_filter): Ditto.
(handle_compressed): Free CFX if no filter was pushed.
* g10/import.c (read_block): Ditto.
--
GnuPG-bug-id: 3898, 3930
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/compress.c (handle_compressed): Fix memory leak.
--
All other calls of push_compress_filter checks ALGO,
so, do it here, too.
GnuPG-bug-id: 3898
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call
callers.
(get_user_id): Add arg R_NOUID. Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode. Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--
Scripts used to rely on the "User ID not found" string even in the
--with-colons listing. However, that is not a good idea because that
string is subject to translations etc. Now we have an explicit way of
telling that a key is missing. For example:
gpg --list-sigs --with-colons | \
awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'
Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR. Use ISSUER_FPR_RAW.
Use write_status_printf. Extend ERRSIG status.
--
Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature. This is also useful in error messages and thus we add it.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
return code and not on the presence of any call to log_error.
--
This fixes an actual regression in GPGME where FAILURE is considered
for example by a signature verify operation. The operation will simply
fail and not just record that that a signature could not be verified.
In particular for files with more than one signature a log_error if
often called to show that a pubkey is missing for one of the
signatures. Using that log_error is correct in that case.
Fixes-commit: 0336e5d1a7
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cpr.c (write_status_failure): Make it print only once.
* g10/gpg.c (wrong_args): Bump error counter.
(g10_exit): Print a FAILURE status if we ever did a log_error etc.
(main): Use log_error instead of log_fatal at one place. Print a
FAILURE status for a bad option. Ditto for certain exit points so
that we can see different error locations.
--
This makes it easier to detect errors by tools which have no way to
get the exit code (e.g. due to double forking).
GnuPG-bug-id: 3872
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.h (IS_BACK_SIG): New.
* g10/sig-check.c: Re-indent and use macros.
--
This makes the code easier to understand.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/card-util.c (ask_card_rsa_keysize): Don't show message here.
(ask_card_keyattr): Show message when change, also for ECC.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.
--
Gnuk has "admin-less" mode. To support "admin-less" mode with KDF
feature, salt should be same for user and admin. Thus, I introduce a
valid use of single salt.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
number 25519 for ed25519/cv25519. Rename from ask_card_keyattr.
(ask_card_keyattr): Support ECC, as well as RSA.
(do_change_keyattr): Support ECC dropping magical number 25519.
* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
of CURRENT.
(generate_keypair): Follow the change of ask_curve.
(generate_subkeypair): Likewise.
--
GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (generate_card_keys): Check PIN later.
(card_generate_subkey): Likewise.
--
Changing key attribute resets PIN authentication status. So, CHECKPIN
should be after that, before key generation. Note that CHECKPIN is
done for binding signature.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
(tdbio_new_recnum): Never return on error.
(lookup_hashtable): Print a more descriptive error in case of !TABLE.
--
Also: tdbio_new_recnum had a bug in that it returned an error code and
not a record number in the error case. The function is expected to
always return a valid new record number.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tdbio.c (is_locked): Turn into a counter.
(take_write_lock, release_write_lock): Implement recursive locks.
--
On trustdb creation we have this call sequence:
init_trustdb -> takes lock
tdbio_set_dbname
create_version_record
tdbio_write_record
put_record_into_cache -> takes lock
put_record_into_cache -> releases lock
init_trustdb -> releases lock
The second take lock does noting but the first release lock has
already released the lock and the second release lock is a thus a NOP.
This is likely the cause for the corrupted trustdb as reported in
GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/tdbio.c (in_transaction): Comment this var.
(put_record_into_cache): Comment the transaction code.
(tdbio_sync): Ditto
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
the type octet. Print diagnostic.
--
If the final subpacket has only a length header evaluating to zero and
missing the type octet, a read could happen right behind the buffer.
Valgrind detected this. Fix is obvious. Note that the further
parsing of the subpacket is still okay because it always checks the
length. Note further that --list-packets uses a different code path
and already reported an error.
Reported-by: Philippe Antoine
He provided a test file copied below. Running "gpg -v --verify" on it
triggered the bug.
-----BEGIN PGP ARMORED FILE-----
Comment: Use "gpg --dearmor" for unpacking
kA0DAAoBov87N383R0QBrQJhYgZsb2wucHlaqTVWYnl0ZXMgPSBbMHg1LCAweDY0
LCAweDRjLCAweGM0LCAweDMsIDB4MCwgMHg0LCAweDAsIDB4YWMsIDB4YSwgMHhj
MSwgMHhjMSwgMHgyLCAweDEsIDB4MiwgMHg3LCAweDQwLCAweDIsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDJkLCAweGRkLCAweDIs
IDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4NzcsIDB4ODcsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHg3NywgMHg4NywgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4Miwg
MHgyLCAweDIsIDB4MiwgMHgyLCAweDc3LCAweDg3LCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MCwgMHhhZF0KCmZvciBpIGluIHJhbmdlKGxl
bihieXRlcykpOgogICAgaWYgaSUxNiA9PSAwOgogICAgICAgIHByaW50CiAgICAg
ICAgcHJpbnQgIiUwNngiICUgaSwKICAgIHByaW50ICIlMDJ4ICIgJSBieXRlc1tp
XSwKiQJNBAABCgAeFiEEU+Y3aLjDLA3x+9Epov87N383R0QFAlqpNVYAAAoJEKL/
Ozd/N0dElccP/jBAcFHyeMl7kop71Q7/5NPu3DNULmdUzOZPle8PVjNURT4PSELF
qpJ8bd9PAsO4ZkUGwssY4Kfb1iG5cR/a8ADknNd0Cj9/QA2KMVNmgYtReuttAjvn
hQRm2VY0tvDCVAPI/z8OnV/NpOcbk8kSwE+shLsP7EwqL5MJNMXKqzm1uRxGNYxr
8TNuECo3DO64O2NZLkMDXqq6lg+lSxvDtXKxzKXgVC+GMtOE56lDwxWLqr39f9Ae
Pn0q2fVBKhJfpUODeEbYSYUp2hhmMUIJL/ths9MvyRZ9Z/bHCseFPT58Pgx6g+MP
q+iHnVZEIVb38XG+rTYW9hvctkRZP/azhpa7eO8JAZuFNeBGr4IGapwzFPvQSF4B
wBXBu0+PPrV9VJVe98P4nw2xcuJmkn6mgZhRVYSqDIhY64bSTgQxb/pdtGwrTjtL
WoUKVI+joLRPnDmwexH9+QJCB+uA6RsN/LqsQfDseyr40Z6dHJRqWGgP3ll6iZgw
WF768uiIDJD8d4fegVnkpcH98Hm0I/dKsMR1MGV/sBxYC8mAOcOWwSPNGDqPlwwR
eWPdr1O6CoYEWwiZMicSe0b5TsjB5nkAWMy7c9RyhtMJzCQ/hFpycpj0A0Zs+OGa
eJQMZZV0s8AQZ04JzoX0zRpe0RcTyJn3Tr6QGbVi9tr+QdKHFuDMUqoX
=qYZP
-----END PGP ARMORED FILE-----
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
Connect the card again at the last step.
--
Before the change, a user has to quit the session to continue. Now,
it is possible to type RET in the session and see if it's really done.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
WIN32_LEAN_AND_MEAN is required to avoid definitions of grp1, grp2,
and grp3 in dlgs.h, which is included by windows.h.
Fixes-commit: fd595c9d36
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
--
Sorry, I accidentally pushed the last commit without having amended it
with this fix.
Fixes-commit: fd595c9d36
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
grp3.
* g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
(learn_status_cb): Parse KEYPARIINFO int the grpX fields.
* g10/card-util.c (print_keygrip): New.
(current_card_status): Print "grp:" records or with --with-keygrip a
human readable keygrip.
--
Suggested-by: Peter Lebbing <peter@digitalbrains.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
(write_final_chunk): Do not increase chunkindex.
(do_flush): Call set_nonce_and_ad immediately before the first
encryption of a chunk. Bump up the chunkindex after writing the tag.
(do_free): Do not insert a zero length last chunk.
* g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
--
This fixes a bug in writing a zero length last chunk right before the
final chunk (which has by design a zero length). We also need to
adjust the decryption part because that assumed this zero length last
chunk.
Note that we use the term "last chunk" for the chunk which directly
precedes the "final chunk" which ends the entire encryption.
GnuPG-bug-id: 3774
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ...
(set_nonce_and_ad): new function.
(write_auth_tag): Print error message here.
(do_flush): Rename var newchunk to finalize.
--
There is no need to have separate functions here. We should also
print a error message for writing the final tag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ...
(aead_set_nonce_and_ad): new single function. Change callers.
(decrypt_data): Do not set the nonce and ad here.
(aead_underflow): Get rid of the LAST_CHUNK_DONE hack.
--
The main change here is that we now re-init the context only right
before we decrypt and not after a checktag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/decrypt-data.c (aead_underflow): Factor reading and checking
code code out to ...
(fill_buffer, aead_checktag): new functions.
--
Here is a simple test script to check against a set of encrypted files
with naming convention like "symenc-aead-eax-c6-56.asc"
# ------------------------ >8 ------------------------
set -e
GPG=../g10/gpg
for file in "$@"; do
echo "${file##*/}" | ( IFS=- read dummy1 dummy2 mode cbyte len rest
len="${len%.*}"
cbyte="${cbyte#c}"
[ "$dummy1" != "symenc" -o "$dummy2" != "aead" ] && continue
echo "checking mode=$mode chunkbyte=$cbyte length=$len"
if ! $GPG --no-options --rfc4880bis --batch --passphrase "abc" \
-d < $file >tmp.plain 2>/dev/null; then
echo "Decryption failed for $file" >&2
exit 2
fi
plainlen=$(wc -c <tmp.plain)
if [ $plainlen -ne $len ]; then
echo "Plaintext length mismatch for $file (want=$len have=$plainlen)" >&2
exit 2
fi
)
done
echo "all files are okay" >&2
# ------------------------ 8< ------------------------
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
index if the previous chunk was empty.
* g10/decrypt-data.c (aead_underflow): Likewise. Also handle a other
corner cases. Add more debug output.
--
GnuPG-bug-id: 3774
This fixes the reported case when the encrypted data is a multiple of
the chunk size. Then the chunk index for the final chunk was wrongly
incremented by 2. The actual fix makes use of the fact that the
current dfx->CHUNKLEN is 0 in this case. There is also some other
reorganizing to help with debugging. The thing seems to work now but
the code is not very clean - should be reworked. Creating test files
can be done with this script:
--8<---------------cut here---------------start------------->8---
csize=6
for len in 0 55 56 57; do
awk </dev/null -v i=$len 'BEGIN{while(i){i--;printf"~"}}' \
| gpg --no-options -v --rfc4880bis --batch --passphrase "abc" \
--s2k-count 1025 --s2k-digest-algo sha256 -z0 \
--force-aead --aead-algo eax --cipher aes -a \
--chunk-size $csize -c >symenc-aead-eax-c$csize-$len.asc
done
--8<---------------cut here---------------end--------------->8---
A LEN of 56 triggered the bug which can be seen by looking at the
"authdata:" line in the --debug=crypt,filter output.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keydb.c (parse_keyblock_image): Use log_info instead of
log_error for skipped packets.
* g10/keyring.c (keyring_get_keyblock): Ditto.
--
log_info should be sufficient and makes this more robust. Some
tools (e.g. Enigmail) are too picky on return codes from gpg.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_symkeyenc): Move error printing to the
end. Add additional check to cope for the 0je extra bytes needed for
AEAD.
--
Fixes-commit: 9aab9167bc
GnuPG-bug-id: 3780
* g10/gpg.c (opts): Add new option.
(opt_set_iobuf_size): New var.
(set_debug): Set the option.
* tests/openpgp/armor.scm: Use this option to revert the buffer size
to the one which used to exhibit the tested bugs.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cipher-aead.c (do_flush): Init ERR. Fix remaining chunklen
computation.
(do_free): Add dummy encryption. Close the cipher handle.
* g10/decrypt-data.c (aead_underflow): Rewrite.
--
Until we have integrated test into the test suite extensive tests can
also be done with a script like this:
--8<---------------cut here---------------start------------->8---
#!/bin/sh
set -e
GPG="../g10/gpg --rfc4880bis --pinentry-mode=loopback"
GPG="$GPG --passphrase abc --batch"
MKTDATA="$HOME/b/gnupg-2.0/tools/mk-tdata"
for chunksize in 6 7 12 13 14 30; do
for count in $(seq 1 200) $(seq 8100 8200) \
$(seq 16350 16400) $(seq 20000 20100); do
if [ ! -f "testfile-$count" ]; then
$MKTDATA $count >"testfile-$count"
fi
echo "testing chunk size 2^$chunksize with $count bytes"
$GPG --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES -v -z 0 \
-c --chunk-size $chunksize \
<"testfile-$count" >"testfile-$count.gpg" 2>/dev/null
$GPG -vd <"testfile-$count.gpg" >"testfile-$count.out" 2>/dev/null
if ! cmp "testfile-$count" "testfile-$count.out"; then
echo "FAILED comparing count $count" >&2
exit 1
fi
done
done
echo All good
--8<---------------cut here---------------end--------------->8---
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/decrypt-data.c (decode_filter_context_s): Rename field 'defer'
to 'holdback' and replace 'defer_filled' flag into 'holdbacklen'.
Change all users.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (fixup_uidnode): Copy the AEAD prefs.
--
With this patch AEAD preferences are now properly created and
displayed.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_symkey_enc): Clear the symmetric key cache on
error.
(proc_encrypted): Need to take are of the checksum error.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
* g10/parse-packet.c (parse_symkeyenc): Ditto.
* g10/encrypt.c (encrypt_symmetric): Force using a random session
key in AEAD mode.
(encrypt_seskey): Add and support arg aead_algo.
(write_symkey_enc): Ditto.
(encrypt_simple): Adjust accordingly.
(encrypt_filter): Ditto.
* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
support.
* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD. Nver call BUG
but return an error.
(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.
* g10/import.c (check_prefs): Check AEAD preferences.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
--
For easier debugging this patch also changes some diagnostics to also
print the encryption mode with the cipher algorithm.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
* g10/encrypt.c (use_aead): Return the AEAD algo.
(encrypt_simple): Adjust for this change.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_algo_info): New.
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(write_header): Use new fucntion.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(decrypt_data): Use new function. Also allow for chunkbytes other
than 10.
--
Note that other chunk bytes than 10 and in particular 0 (64 byte
chunks) have not yet been tested.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/encrypt.c (encrypt_seskey): Allocate the buffer for the
encrypted key and returns that buffer and its length.
(encrypt_simple): Adjust for above change.
(write_symkey_enc): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): New.
(write_header): Use it.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): New.
(decrypt_data): Use it.
* g10/misc.c (openpgp_aead_test_algo): Allow EAX.
--
This allows the use of EAX when the latest Libgcrypt master is used.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const.
* g10/dek.h (DEK): Increase size of use_aead to 4 bits.
* g10/filter.h (cipher_filter_context_t): Add new fields for AEAD.
* g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and
chunkbyte.
* g10/build-packet.c (do_encrypted_aead): New.
(build_packet): Call it.
* g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD.
(parse_one_sig_subpkt, can_handle_critical): Ditto.
(parse_encrypted): Clear new PKT_ENCRYPTED fields.
(parse_encrypted_aead): New.
(parse): Call it.
* g10/gpg.c (main): Take care of --rfc4880bis option when checking
compliance.
* g10/cipher-aead.c: Replace the stub by real code.
* g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with
AEAD.
(aead_set_nonce): New.
(aead_set_ad): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/encrypt.c (use_aead): Make that new fucntion work.
(encrypt_simple): Use default_aead_algo() instead of EAX.
* g10/mainproc.c (proc_encrypted): Support AEAD.
(do_proc_packets): Support PKT_ENCRYPTED_AEAD.
--
This code has seen only a very few manual tests. Encrypting always
uses a 64k chunks and decryption has not been tested with larger
chunks. Those small chunks make debugging much faster.
Tests can be done using:
gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \
--force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \
-v -z 0 --status-fd 2 -c <INFILE >OUTFILE
and
gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \
--status-fd 2 -v -d <INFILE >OUTFILE
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
(parse_key_parameter_string): Add arg suggested_use and implement
fallback. Change callers to pass 0 for new arg.
(parse_algo_usage_expire): Pass the parsed USAGESTR to
parse_key_parameter_string so that it can use it in case a subkey is
to be created.
--
The problem here was that future-default gives the primary and subkey
algorithm. However, when using future-default for adding a key, the
second part was always used which is for encryption. If the caller
now wanted to create a signing subkey using the future-default
parameters this did not worked.
gpg --batch --passphrase "" --quick-add-key FPR future-default encr
aready worked as did
gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign
but
gpg --batch --passphrase "" --quick-add-key FPR future-default sign
does only work with this fix.
GnuPG-bug-id: 3747
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb.
* g10/cipher-aead.c: New. Right now only with a stub function.
* g10/Makefile.am (gpg_sources): Add file.
* g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or
cipher_filter_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric
into single bit vars. Make sure they are always set to 1 or 0.
(DEK): New field use_aead.
* g10/options.h (struct opt): New field force_aead.
* g10/pkclist.c (select_aead_from_pklist): New.
* g10/gpg.c (oForceAEAD): New const.
(opts): New options "--force-aead".
(main): Set new option.
* g10/encrypt.c (use_aead): New.
(encrypt_simple): Implement new flags DEK.use_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
--
This patch should be enough to detect whether AEAD can be used.
Not tested.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
list-only and put the key into PKENC_LIST.
(print_pkenc_list): Take care of the new error code.
--
If the secret keys exist in --list-only mode it was not printed in
--list-only mode.
GnuPG-bug-id: 3718
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
use case-insensitive matching
(quick_generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--
The man page is sometimes rendered in a way that the hyphen may be
not be considered as part of the string. And while at it we also
allow case-insensitivity.
GnuPG-bug-id: 3655
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/filter.h (cipher_filter_context_t): Remove unused filed
'create_mdc'. Turn field 'header' into a bit field. Add new fields
'short_blklen_warn' and 'short_blklen_count'.
* g10/cipher.c (write_header): Print a warning if MDC is not used.
(cipher_filter): Print a warning for long messages encrypted with a
short block length algorithm.
--
Note that to test this warning in a reliable way compression needs to
be disabled.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pkclist.c (default_recipient): Use hexfingerprint.
--
Note that on malloc failure this function now returns NULL instead of
terminating the process. However, under memory pressure any function
called latter will very likely fail as well.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/getkey.c (get_pubkeys): Do not use xmalloc.
--
We eventually need to get rid of all xmallocs so that gpg won't fail
easily when we make more use of the s server mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order. When publishing
external preferences, state preference for SHA512 first.
--
SHA-512 has a wider security margin than SHA-256. It is also slightly
faster on most of the architectures on which GnuPG runs today. New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.
Specifically, this changes --default-preference-list from:
SHA256 SHA384 SHA512 SHA224
to:
SHA512 SHA384 SHA256 SHA224
This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* g10/trustdb.c (sanitize_regexp): Only escape operators.
--
Backport from master commit:
ccf3ba9208
To sanitize a regular expression, quoting by backslash should be only
done for defined characters. POSIX defines 12 characters including
dot and backslash.
Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library. Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.
GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix. Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex. Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--
This patch enables the use of the log function from libgpgrt (aka
libgpg-error). Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions. Eventually the
whole divert stuff can be removed.
The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string. Note that this is fully specified
standard C behaviour.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME.
--
This actually does not harm because we merely display a buffer
allocated by ourselves. However, we better tell Valgrind about it so
that we don't need to track this thing down ever again.
Test using a corrupted literal data packet:
echo cb 0a 75 ff 59 ae 90 d5 74 65 73 74 | \
undump |\
valgrind gpg --list-packets >/dev/null
Reported-by: Sebastian Schinzel
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/cpr.c (do_get_from_fd): Free the old buffer.
--
If the received input is longer than 200 characters we used to leak
the previous allocated buffer.
GnuPG-bug-id: 3528
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--
Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/trustdb.c (sanitize_regexp): Only escape operators.
--
To sanitize a regular expression, quoting by backslash should be only
done for defined characters. POSIX defines 12 characters including
dot and backslash.
Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library. Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.
GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/card-util.c (factory_reset): Simplify.
--
In this summer, I got report about old code before this change didn't
work with newer Yubikey. I got another report test version of OpenPGP
card V3.3 implementation didn't work, either. Then, I confirmed that
according to the OpenPGP card specification, the procedure of old code
is not expected by its author.
This change simplify "factory-reset" as simple.
Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this
change. That's because the factory-reset feature of Gnuk was
introduced by reading the implementation of GnuPG, instead of reading
the specification. Gnuk 1.2.5 and later works well. All OpenPGPcard
implementations I have work well (2.0, 2.1, 2.2, test version of 3).
GnuPG-bug-id: 3286
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d63b7966cd)
* g10/card-util.c (ask_card_keyattr): Handle special value 25519.
(do_change_keyattr): Allow changing to cv25519/ed25519.
(generate_card_keys): Ditto.
(card_generate_subkey): Ditto.
--
This is kludge to make it easier for gnuk to be switched into ECC
mode. This is basically the same change as
commit ea09b6cded
but without the string change in show_keysize_warning.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
(do_change_rsa_keysize): Rename to do_change_keyattr.
--
We want to support other algos than RSA and thus we need a better name
for the functions.
Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f795f4529d)
* g10/card-util.c (ask_card_keyattr): Print "rsaNNNN".
--
This is a separate patch from the previous to avoid string changes
when backporting the other patch to 2.2.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/card-util.c (show_keysize_warning): Slightly change the text.
(ask_card_keyattr): Handle special value 25519.
(do_change_keyattr): Allow changing to cv25519/ed25519.
(generate_card_keys): Ditto.
(card_generate_subkey): Ditto.
--
This is kludge to make it easier for gnuk to be switched into ECC
mode.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
(do_change_rsa_keysize): Rename to do_change_keyattr.
--
We want to support other algos than RSA and thus we need a better name
for the functions.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/card-util.c (factory_reset): Simplify.
--
In this summer, I got report about old code before this change didn't
work with newer Yubikey. I got another report test version of OpenPGP
card V3.3 implementation didn't work, either. Then, I confirmed that
according to the OpenPGP card specification, the procedure of old code
is not expected by its author.
This change simplify "factory-reset" as simple.
Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this
change. That's because the factory-reset feature of Gnuk was
introduced by reading the implementation of GnuPG, instead of reading
the specification. Gnuk 1.2.5 and later works well. All OpenPGPcard
implementations I have work well (2.0, 2.1, 2.2, test version of 3).
GnuPG-bug-id: 3286
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/key-check.c (print_info): New.
(key_check_all_keysigs): Print sig checking results only in debug
mode. Prettify the stats info and suppress them in quiet mode.
--
This also makes usable stats by prefixing them with the key and the
program name.
GnuPG-bug-id: 3397
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (KEYEDIT_NEED_SUBSK): New.
(cmds): Add this flag to keytocard, bkuptocard, expire, and passwd.
(keyedit_menu): Check whether only subkeys are available and take care
of that in the command check and in the HELP listing. Also print a
different notice if only subkeys are available.
--
Print "Secret key is available" and the bailing out in all commands
which require the _primary_ secret key was surprising. Now we print
another notice and adjust the checks.
GnuPG-bug-id: 3463
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keyedit.c (KEYEDIT_NOT_SK, KEYEDIT_ONLY_SK): Remove.
(cmds): Remove them.
--
These flags were cruft from the time we had to switch between secret
and public key view.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/keygen.c (generate_subkeypair): Ignore error code issued for
trying to verify a card based key.
--
We try to verify the primary key and thus seed the passphrase cache
before generating the subkey. However, the verification does not yet
work for on-card keys and thus the PASSWD --verify send to the agent
returns an error. This patch detects this error and continues without
a seeded passphrase cache. After all that pre-seeding is just a
convenience.
GnuPG-bug-id: 3280
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (import_one): Pass FROM_SK to list_keyblock_direct.
--
Note that this will likely add the suffix '#' top "sec" because the
secret key has not yet (or will not be) imported. If the secret key
already exists locally another suffix might be printed. The upshot is
that the suffix has no usefulness.
GnuPG-bug-id: 3431
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/import.c (import_secret_one): Check for dry-run before
transferring keys.
--
The use of --dry-run or --import-option show-only had no effect when
importing a secret key and the public key already existed. If the
public key did not exist an error message inhibited the import of the
secret key.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/pkclist.c (find_and_check_key): Call get_validity on a specific
keyblock.
--
When we have multiple keyrings, get_validity after
get_best_pubkey_byname should access same keyring. Or else, the
situation of an expired key in keyring A but valid key in keyring B
causes SEGV.
Thanks to Guido Günther for the use case and the log.
Debian-bug-id: 878812
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
* g10/keydb.c (keydb_handle): New field 'keep_lock'.
(keydb_release): Clear that flag.
(keydb_lock): New function.
(unlock_all): Skip if KEEP_LOCK is set.
* g10/getkey.c (get_keyblock_byfprint_fast): Call keep_lock if
requested.
--
That change is straightforward. It helps to avoid the race condition
that another gpg process inserts a key while the first process is
between the search and the insert.
A similar change is due for gpgsm.
Note that the key edit operations may still suffer from a race.
GnuPG-bug-id: 3446
* g10/getkey.c (get_pubkey_byfprint_fast): Factor most code out to ...
(get_keyblock_byfprint_fast): .. new function.
* g10/import.c (revocation_present): s/int rc/gpg_error_t err/.
(import_one): Use get_keyblock_byfprint_fast to get the keyblock and a
handle. Remove the now surplus keyblock fetch in the merge branch.
Signed-off-by: Werner Koch <wk@gnupg.org>
Werner Koch