1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

2046 Commits

Author SHA1 Message Date
Werner Koch
26c900a8f0
Add a new OpenPGP card vendor.
--
2018-02-01 12:02:13 +01:00
Werner Koch
303310d05e
gpg: Rename a misnomed arg in open_outfile.
* g10/openfile.c (open_outfile): Rename inp_fd to out_fd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-28 18:59:18 +01:00
Werner Koch
149369a92b
Merge branch 'STABLE-BRANCH-2-2' into master
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-25 16:58:29 +01:00
Werner Koch
db7661b5a2
gpg: New maintainer option --debug-set-iobuf-size.
* g10/gpg.c (opts): Add new option.
(opt_set_iobuf_size): New var.
(set_debug): Set the option.
* tests/openpgp/armor.scm: Use this option to revert the buffer size
to the one which used to exhibit the tested bugs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 18:38:20 +01:00
Werner Koch
ff1bdc23d9
gpg: Fix AEAD encryption for chunk sizes other than 64 KiB.
* g10/cipher-aead.c (do_flush): Init ERR.  Fix remaining chunklen
computation.
(do_free): Add dummy encryption.  Close the cipher handle.
* g10/decrypt-data.c (aead_underflow): Rewrite.
--

Until we have integrated test into the test suite extensive tests can
also be done with a script like this:

--8<---------------cut here---------------start------------->8---
#!/bin/sh

set -e
GPG="../g10/gpg --rfc4880bis --pinentry-mode=loopback"
GPG="$GPG --passphrase abc --batch"
MKTDATA="$HOME/b/gnupg-2.0/tools/mk-tdata"

for chunksize in 6 7 12 13 14 30; do
for count in $(seq 1 200) $(seq 8100 8200) \
             $(seq 16350 16400) $(seq 20000 20100); do
  if [ ! -f "testfile-$count" ]; then
    $MKTDATA $count >"testfile-$count"
  fi
  echo "testing chunk size 2^$chunksize with $count bytes"
  $GPG --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES -v -z 0 \
      -c --chunk-size $chunksize \
       <"testfile-$count" >"testfile-$count.gpg" 2>/dev/null
  $GPG -vd <"testfile-$count.gpg" >"testfile-$count.out" 2>/dev/null
  if ! cmp "testfile-$count" "testfile-$count.out"; then
    echo "FAILED comparing count $count" >&2
    exit 1
  fi
done
done
echo All good
--8<---------------cut here---------------end--------------->8---

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 13:45:05 +01:00
Werner Koch
83a15fa88e
gpg: Rename a variable in decrypt-data for clarity.
* g10/decrypt-data.c (decode_filter_context_s): Rename field 'defer'
to 'holdback' and replace 'defer_filled' flag into 'holdbacklen'.
Change all users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 08:59:06 +01:00
Werner Koch
f3ef8b0dca
gpg: New option --chunk-size.
* g10/gpg.c (opts): New option --chunk-size.
(oChunkSize): New const.
(build_list_aead_test_algo, build_list_aead_algo_name): New.
(my_strusage): List AEAD algos.
(main): Implement --chunk-size..
* g10/options.h (struct opt): Add field 'chunk_size'.
(DBG_IPC): Remove duplicated macro.
* g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version.
* g10/misc.c (openpgp_aead_test_algo): Ditto.

* g10/cipher-aead.c: Silence if not in debug mode.
* g10/decrypt-data.c: Ditto.
--

And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
Werner Koch
112e02ee89
gpg: Copy the AEAD prefs to the user ID struct.
* g10/getkey.c (fixup_uidnode): Copy the AEAD prefs.
--

With this patch AEAD preferences are now properly created and
displayed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-23 12:51:38 +01:00
Werner Koch
278d874656
gpg: Clear the symmetric passphrase cache for encrypted session keys.
* g10/mainproc.c (proc_symkey_enc): Clear the symmetric key cache on
error.
(proc_encrypted): Need to take are of the checksum error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-23 12:08:02 +01:00
Werner Koch
9aab9167bc
gpg: Implement AEAD for SKESK packets.
* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
* g10/parse-packet.c (parse_symkeyenc): Ditto.
* g10/encrypt.c (encrypt_symmetric): Force using a random session
key in AEAD mode.
(encrypt_seskey): Add and support arg aead_algo.
(write_symkey_enc): Ditto.
(encrypt_simple): Adjust accordingly.
(encrypt_filter): Ditto.
* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
support.
* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD.  Nver call BUG
but return an error.
(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.

* g10/import.c (check_prefs): Check AEAD preferences.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
--

For easier debugging this patch also changes some diagnostics to also
print the encryption mode with the cipher algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-23 12:07:57 +01:00
Werner Koch
da3015e3c0
gpg: Unify AEAD parameter retrieval.
* g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
* g10/encrypt.c (use_aead): Return the AEAD algo.
(encrypt_simple): Adjust for this change.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.

* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_algo_info): New.
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(write_header): Use new fucntion.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(decrypt_data): Use new function.  Also allow for chunkbytes other
than 10.
--

Note that other chunk bytes than 10 and in particular 0 (64 byte
chunks) have not yet been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-22 16:50:21 +01:00
Werner Koch
0131d4369a
gpg: Refactor function encrypt_seskey.
* g10/encrypt.c (encrypt_seskey): Allocate the buffer for the
encrypted key and returns that buffer and its length.
(encrypt_simple): Adjust for above change.
(write_symkey_enc): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-22 15:50:24 +01:00
Werner Koch
7356d6ec50
gpg: Support EAX if for latest Libgcrypt.
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): New.
(write_header): Use it.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): New.
(decrypt_data): Use it.
* g10/misc.c (openpgp_aead_test_algo): Allow EAX.
--

This allows the use of EAX when the latest Libgcrypt master is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 17:00:27 +01:00
Werner Koch
3f4ca85cb0
gpg: First take on PKT_ENCRYPTED_AEAD.
* common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const.
* g10/dek.h (DEK): Increase size of use_aead to 4 bits.
* g10/filter.h (cipher_filter_context_t):  Add new fields for AEAD.
* g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and
chunkbyte.
* g10/build-packet.c (do_encrypted_aead): New.
(build_packet): Call it.
* g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD.
(parse_one_sig_subpkt, can_handle_critical): Ditto.
(parse_encrypted): Clear new PKT_ENCRYPTED fields.
(parse_encrypted_aead): New.
(parse): Call it.
* g10/gpg.c (main): Take care of --rfc4880bis option when checking
compliance.
* g10/cipher-aead.c: Replace the stub by real code.
* g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with
AEAD.
(aead_set_nonce): New.
(aead_set_ad): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/encrypt.c (use_aead): Make that new fucntion work.
(encrypt_simple): Use default_aead_algo() instead of EAX.
* g10/mainproc.c (proc_encrypted): Support AEAD.
(do_proc_packets): Support PKT_ENCRYPTED_AEAD.
--

This code has seen only a very few manual tests.  Encrypting always
uses a 64k chunks and decryption has not been tested with larger
chunks.  Those small chunks make debugging much faster.

Tests can be done using:

  gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \
      --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \
      -v -z 0 --status-fd 2 -c <INFILE >OUTFILE

and

  gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \
      --status-fd 2 -v -d <INFILE >OUTFILE

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:30:53 +01:00
Werner Koch
e1e35db510
gpg: Fix the use of future-default with --quick-add-key.
* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
(parse_key_parameter_string): Add arg suggested_use and implement
fallback.  Change callers to pass 0 for new arg.
(parse_algo_usage_expire): Pass the parsed USAGESTR to
parse_key_parameter_string so that it can use it in case a subkey is
to be created.
--

The problem here was that future-default gives the primary and subkey
algorithm.  However, when using future-default for adding a key, the
second part was always used which is for encryption.  If the caller
now wanted to create a signing subkey using the future-default
parameters this did not worked.

  gpg --batch --passphrase "" --quick-add-key FPR future-default encr

aready worked as did

  gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign

but

  gpg --batch --passphrase "" --quick-add-key FPR future-default sign

does only work with this fix.

GnuPG-bug-id: 3747
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-18 13:39:19 +01:00
Werner Koch
81d71818d0
gpg: Add stub function for encrypting AEAD.
* g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb.
* g10/cipher-aead.c: New.  Right now only with a stub function.
* g10/Makefile.am (gpg_sources): Add file.
* g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or
cipher_filter_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
Werner Koch
4e2ba546cd
gpg: New option --force-aead
* g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric
into single bit vars.  Make sure they are always set to 1 or 0.
(DEK): New field use_aead.
* g10/options.h (struct opt): New field force_aead.
* g10/pkclist.c (select_aead_from_pklist): New.
* g10/gpg.c (oForceAEAD): New const.
(opts): New options "--force-aead".
(main): Set new option.
* g10/encrypt.c (use_aead): New.
(encrypt_simple): Implement new flags DEK.use_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
--

This patch should be enough to detect whether AEAD can be used.
Not tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:07:11 +01:00
Werner Koch
8217cd4936
gpg: Add option and preference framework for AEAD.
* common/openpgpdefs.h (aead_algo_t): New.
(SIGSUBPKT_PREF_AEAD): New.
* g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New.
(opts): New options --aead-algo and --personal-aead-preferences.
(set_compliance_option): Clar aead algo.
(main): Parse and check the new options
* g10/options.h (struct opt): Add fields def_aead_algo and
personal_aead_prefs.
* g10/packet.h (PREFTYPE_AEAD): New enum value.
(PKT_user_id): Add field flags.aead.
(PKT_public_key): Add field flags.aead.
* g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD.
* g10/getkey.c (fixup_uidnode): Set AEAD flag.
(merge_selfsigs): Ditto.
* g10/kbnode.c (dump_kbnode): Show aead flag.
* g10/keyedit.c (show_prefs): Ditto.
(show_key_with_all_names_colon): Ditto.
* g10/keygen.c (aead_presf, n_aead_prefs): New vars.
(set_one_pref): Suppport PREFTYPE_AEAD.
(keygen_set_std_prefs): Parse AEAD preferences.
(keygen_get_std_prefs): Ditto.
(add_feature_aead): New.
(keygen_upd_std_prefs): Call that and build AEAD pref  packet.
* g10/main.h (DEFAULT_AEAD_ALGO): New const.
* g10/misc.c (openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(string_to_aead_algo): New.
(default_aead_algo): New.
--

This is only used in --rfc4880bis mode and not really tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:51:03 +01:00
Werner Koch
339b3301ee
gpg: Print all keys with --decrypt --list-only.
* g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
list-only and put the key into PKENC_LIST.
(print_pkenc_list): Take care of the new error code.
--

If the secret keys exist in --list-only mode it was not printed in
--list-only mode.

GnuPG-bug-id: 3718
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-08 09:30:31 +01:00
Werner Koch
4d3c500f47
gpg: Allow "futuredefault" as alias for "future-default".
* g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
use case-insensitive matching
(quick_generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

The man page is sometimes rendered in a way that the hyphen may be
not be considered as part of the string.  And while at it we also
allow case-insensitivity.

GnuPG-bug-id: 3655
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-01 14:59:30 +01:00
Werner Koch
412bb7a801
gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.
* g10/keygen.c (gen_ecc): Map curve names.
--

See
https://lists.gnupg.org/pipermail/gnupg-users/2017-December/059619.html

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-29 20:18:20 +01:00
Werner Koch
c817e75028
Merge branch 'STABLE-BRANCH-2-2' into master
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 16:42:59 +01:00
Werner Koch
416cf9e9be
gpg: Print a warning for too much data encrypted with 3DES et al.
* g10/filter.h (cipher_filter_context_t): Remove unused filed
'create_mdc'.  Turn field 'header' into a bit field.  Add new fields
'short_blklen_warn' and 'short_blklen_count'.
* g10/cipher.c (write_header): Print a warning if MDC is not used.
(cipher_filter): Print a warning for long messages encrypted with a
short block length algorithm.
--

Note that to test this warning in a reliable way compression needs to
be disabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 13:02:34 +01:00
Werner Koch
b5333e13cb
gpg: Simplify cipher:write_header.
* g10/cipher.c (write_header): Use write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 12:15:40 +01:00
Werner Koch
067e62fe55
indent: Re-indent g10/cipher.c
--
2017-12-13 12:14:52 +01:00
Werner Koch
9f641430dc
gpg: Simplify default_recipient().
* g10/pkclist.c (default_recipient): Use hexfingerprint.
--

Note that on malloc failure this function now returns NULL instead of
terminating the process.  However, under memory pressure any function
called latter will very likely fail as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 11:03:06 +01:00
Werner Koch
cd26c5482b
gpg: Return an error from hexfingerprint on malloc error.
* g10/keyid.c (hexfingerprint): Return NULL on malloc failure.  Chnage
all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 10:52:34 +01:00
Werner Koch
29119a6492
gpg: Remove some xmallocs.
* g10/getkey.c (get_pubkeys): Do not use xmalloc.
--

We eventually need to get rid of all xmallocs so that gpg won't fail
easily when we make more use of the s server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 10:07:30 +01:00
Werner Koch
8602b980df
indent: Re-indent get_pubkeys.
--
2017-12-13 10:07:28 +01:00
Daniel Kahn Gillmor
8ede3ae29a
gpg: default-preference-list: prefer SHA512.
* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order.  When publishing
external preferences, state preference for SHA512 first.

--

SHA-512 has a wider security margin than SHA-256.  It is also slightly
faster on most of the architectures on which GnuPG runs today.  New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.

Specifically, this changes --default-preference-list from:

   SHA256 SHA384 SHA512 SHA224

to:

   SHA512 SHA384 SHA256 SHA224

This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-12-12 15:07:43 +01:00
Werner Koch
b38ca59bdb
Merge branch 'STABLE-BRANCH-2-2' into master 2017-12-11 10:42:38 +01:00
Werner Koch
34defc9bce
Adjust for changed macro names in libgpg-error master.
* common/logging.h (GPGRT_LOGLVL_): New replacement macros for older
libgpg-error versions.

--

Updates-commit: b56dfdfc1865ceb7c3c025d79996e049faee7fdf
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-11 10:42:23 +01:00
NIIBE Yutaka
0d0b9eb0d4 g10: Fix regexp sanitization.
* g10/trustdb.c (sanitize_regexp): Only escape operators.

--

Backport from master commit:
	ccf3ba92087e79abdeaa0208795829b431c6f201

To sanitize a regular expression, quoting by backslash should be only
done for defined characters.  POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library.  Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-04 19:26:49 +09:00
Werner Koch
b56dfdfc18
Use the gpgrt log functions if possible.
* common/logging.c: Do not build any code if we can use the gpgrt_log
functions.
(log_logv_with_prefix): Rename to log_logv_prefix and change order of
args so that this function matches its printf like counterpart
gpgrt_logv_prefix.  Change all callers.
(log_debug_with_string): Rename to log_debug_string. Change all
callers.
(log_printhex): Move first arg to end so that this function matches
its printf like counterpart gpgrt_log_printhex.  Change all callers.
* common/logging.h: Divert to gpgrt/libgpg-error if we can use the
gpgrt_log functions.
(bug_at): Add inline versions if we can use the gpgrt_log functions.
* configure.ac (GPGRT_ENABLE_LOG_MACROS): Add to AH_BOTTOM.
(mycflags): Add -Wno-format-zero-length.
--

This patch enables the use of the log function from libgpgrt (aka
libgpg-error).  Instead of checking a version number, we enable them
depending on macros set by recent gpg-error versions.  Eventually the
whole divert stuff can be removed.

The -Wno-format-zero-length is required because log_printhex can be
called with an empty format string.  Note that this is fully specified
standard C behaviour.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-27 15:00:25 +01:00
Werner Koch
4cf3cc6e3d
gpg: Do not read from uninitialized memory with --list-packets.
* g10/parse-packet.c (parse_plaintext): Fill up the allocated NAME.
--

This actually does not harm because we merely display a buffer
allocated by ourselves.  However, we better tell Valgrind about it so
that we don't need to track this thing down ever again.

Test using a corrupted literal data packet:

  echo cb 0a 75 ff 59 ae 90 d5  74 65 73 74 | \
    undump |\
    valgrind gpg --list-packets >/dev/null

Reported-by: Sebastian Schinzel
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-26 18:33:49 +01:00
Werner Koch
fe96ca8d86
Merge branch 'STABLE-BRANCH-2-2'
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-23 15:12:45 +01:00
Werner Koch
531182b7f8
build: Update distsigkey.gpg
--
2017-11-22 20:54:47 +01:00
Werner Koch
ea28ea18f3
gpg: Fix memory leaking for long inputs via --command-fd.
* g10/cpr.c (do_get_from_fd): Free the old buffer.
--

If the received input is longer than 200 characters we used to leak
the previous allocated buffer.

GnuPG-bug-id: 3528
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-22 20:54:47 +01:00
Werner Koch
166f3f9ec4
gpg: Repurpose the ISO defined DO "sex" to "salutation".
* g10/card-util.c (current_card_status): String changes.
(change_sex): Description change.
(cmds): Add "salutation"; keep "sex" as an alias.
--

Note that we can't change the used values or tags but at least the UI
should show reflect the real purpose of the field.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-15 11:34:30 +01:00
Werner Koch
091c4af645
Merge branch 'STABLE-BRANCH-2-2'
--
Kept our AUTHORS and README
2017-11-15 11:01:10 +01:00
Werner Koch
b062ea5bc2
gpg: Print AKL info only in verbose mode.
* g10/getkey.c (get_pubkey_byname): Print info only in verbose mode.
--

GnuPG-bug-id: 3504
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-15 08:47:41 +01:00
NIIBE Yutaka
ccf3ba9208 g10: Fix regexp sanitization.
* g10/trustdb.c (sanitize_regexp): Only escape operators.

--

To sanitize a regular expression, quoting by backslash should be only
done for defined characters.  POSIX defines 12 characters including
dot and backslash.

Quoting other characters is wrong, in two ways; It may build an
operator like: \b, \s, \w when using GNU library.  Case ignored match
doesn't work, because quoting lower letter means literally and no
much to upper letter.

GnuPG-bug-id: 2923
Co-authored-by: Damien Goutte-Gattat <dgouttegattat@incenp.org>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-11-09 14:03:22 +09:00
NIIBE Yutaka
680161647a
g10: Unattended key generation "Key-Grip" and "Subkey-Grip".
* g10/keygen.c (pSUBKEYGRIP): New.
(read_parameter_file): Add "Key-Grip" and "Subkey-Grip".
(do_generate_keypair): Support pSUBKEYGRIP.

--

In the manual, it says "Key-Grip".  gpgsm also supports "Key-Grip".
Adding "Subkey-Grip" now, adding "Key-Grip" makes sense.

GnuPG-bug-id: 3478
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 6c63a04569c07c9c2817c7c530a92ccfa58155cc)
2017-11-06 12:10:09 +01:00
NIIBE Yutaka
f183b9768b
g10: Simplify "factory-reset" procedure.
* g10/card-util.c (factory_reset): Simplify.

--

In this summer, I got report about old code before this change didn't
work with newer Yubikey.  I got another report test version of OpenPGP
card V3.3 implementation didn't work, either.  Then, I confirmed that
according to the OpenPGP card specification, the procedure of old code
is not expected by its author.

This change simplify "factory-reset" as simple.

Only versions of Gnuk 1.2.2, 1.2.3, 1.2.4, won't work with this
change.  That's because the factory-reset feature of Gnuk was
introduced by reading the implementation of GnuPG, instead of reading
the specification.  Gnuk 1.2.5 and later works well.  All OpenPGPcard
implementations I have work well (2.0, 2.1, 2.2, test version of 3).

GnuPG-bug-id: 3286
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit d63b7966cdd72548c60466c620de5cd6104a779e)
2017-11-06 12:09:37 +01:00
Werner Koch
acb3005434
gpg: Introduce magic value 25519 to switch a card to ECC.
* g10/card-util.c (ask_card_keyattr): Handle special value 25519.
(do_change_keyattr): Allow changing to cv25519/ed25519.
(generate_card_keys): Ditto.
(card_generate_subkey): Ditto.
--

This is kludge to make it easier for gnuk to be switched into ECC
mode.  This is basically the same change as
commit ea09b6cded9d31a8ebd91878553c3eaa2b76e817
but without the string change in show_keysize_warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-02 17:31:57 +01:00
Werner Koch
de3a740c2e
gpg: Rename two card related functions in card-util.
* g10/card-util.c (ask_card_rsa_keysize): Rename to ask_card_keyattr.
(do_change_rsa_keysize): Rename to do_change_keyattr.
--

We want to support other algos than RSA and thus we need a better name
for the functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit f795f4529d8ab5a05db1cc1960abd34390bfae1b)
2017-11-02 17:22:59 +01:00
Werner Koch
922bae8082
gpg: Unifiy the message for re-configuring cards.
* g10/card-util.c (ask_card_keyattr): Print "rsaNNNN".
--

This is a separate patch from the previous to avoid string changes
when backporting the other patch to 2.2.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-02 17:20:13 +01:00
Werner Koch
ea09b6cded
gpg: Introduce magic value 25519 to switch a card to ECC.
* g10/card-util.c (show_keysize_warning): Slightly change the text.
(ask_card_keyattr): Handle special value 25519.
(do_change_keyattr): Allow changing to cv25519/ed25519.
(generate_card_keys): Ditto.
(card_generate_subkey): Ditto.
--

This is kludge to make it easier for gnuk to be switched into ECC
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-02 17:16:14 +01:00
Werner Koch
fd3f5ca151
Register another OpenPGP card vendor.
--
2017-11-01 18:17:44 +01:00
Werner Koch
87b94e08d7
gpg: Remove trailing comma in an enum.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-11-01 18:14:26 +01:00