* g10/keydb.h (GETPASSWORD_FLAG_SYMDECRYPT): New.
(passphrase_to_dek_ext): Remove this obsolete prototype.
* g10/passphrase.c (passphrase_get): Add arg flags. Use new flag
value.
(passphrase_to_dek): Add arg flags and pass it on.
* g10/mainproc.c (proc_symkey_enc): Use new flag.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/status.h (STATUS_CANCELED_BY_USER): New.
* g10/passphrase.c (passphrase_to_dek): Send STATUS_CANCELED_BY_USER
instead of STATUS_MISSING_PASSPHRASE when canceled is set.
--
This is to prevent further pinentry tries when the pinentry is canceled
by the user during symmetric decryption.
Signed-off-by: Ben Kibbey <bjk@luxsci.net>
(cherry picked from commit 31e47dfad0f40e31e8b3113b933696e8e4105136)
* g10/encrypt.c (setup_symkey): Use default_cipher_algo function
instead of the fallback s2k_cipher_algo. Fix error code.
(encrypt_simple): Use setup_symkey.
--
Aside of removing code duplication this patch fixes the flaw that the
S2K cipher algorithm was used when mixing public key and symmetric
encryption or signatures with symmetric encrypion. The
default_algorithm function should be used here so that the command
line option --cipher-algo and --personal-cipher-preferences have an
effect.
Signed-off-by: Werner Koch <wk@gnupg.org>
Backported-from-master: 6864bba78e76a1ff72aec140ae9f4e752454c463
* g10/getkey.c (get_user_id_string): Add arg R_NOUID. Change call
callers.
(get_user_id): Add arg R_NOUID. Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode. Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--
Scripts used to rely on the "User ID not found" string even in the
--with-colons listing. However, that is not a good idea because that
string is subject to translations etc. Now we have an explicit way of
telling that a key is missing. For example:
gpg --list-sigs --with-colons | \
awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'
Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.
Signed-off-by: Werner Koch <wk@gnupg.org>
--
For proper operations as a server we need to avoid global variables.
Thus we need to pass the session state CTRL to most functions. Quite
a lot of changes but fortunately straightforward to do.
Signed-off-by: Werner Koch <wk@gnupg.org>
* common/sysutils.c (gnupg_fd_valid): New function.
* common/sysutils.h (gnupg_fd_valid): New declaration.
* common/logging.c (log_set_file): Use the new function.
* g10/cpr.c (set_status_fd): Likewise.
* g10/gpg.c (main): Likewise.
* g10/keylist.c (read_sessionkey_from_fd): Likewise.
* g10/passphrase.c (set_attrib_fd): Likewise.
* tests/openpgp/Makefile.am (XTESTS): Add the new test.
* tests/openpgp/issue2941.scm: New file.
--
Consider a situation where the user passes "--status-fd 3" but file
descriptor 3 is not open.
During the course of executing the rest of the commands, it's possible
that gpg itself will open some files, and file descriptor 3 will get
allocated.
In this situation, the status information will be appended directly to
whatever file happens to have landed on fd 3 (the trustdb? the
keyring?).
This is a potential data destruction issue for all writable file
descriptor options:
--status-fd
--attribute-fd
--logger-fd
It's also a potential issue for readable file descriptor options, but
the risk is merely weird behavior, and not data corruption:
--override-session-key-fd
--passphrase-fd
--command-fd
Fixes this by checking whether the fd is valid early on before using
it.
GnuPG-bug-id: 2941
Signed-off-by: Justus Winter <justus@g10code.com>
* dirmngr/loadswdb.c: Set ERR on malloc failure.
* g10/passphrase.c (passphrase_to_dek): Initialize all fields of
HELP_S2K.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/passphrase.c (passphrase_get): Remove arg KEYID. Change arg
MODE to NOCACHE.
(passphrase_to_dek): Remove args KEYID and PUBKEY_ALGO. Split arg
MODE into CREATE and NOCACHE. Change all callers and adjust stubs.
(passphrase_clear_cache): Remove args KEYID and ALGO. They are not
used. Change caller.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/passphrase.c (passphrase_to_dek_ext): Remove args CUSTDESC and
CUSTPROMPT. Merge into the passphrase_to_dek wrapper.
(passphrase_get): Remove args CUSTOM_DESCRIPTION and CUSTOM_PROMPT.
--
The function is nowadays only used for symmetric encryption. Thus we
do not need all the former advanced stuff.
Signed-off-by: Werner Koch <wk@gnupg.org>
* g10/passphrase.c (passphrase_get): Replace sprintf by xasprintf.
--
Without that at least the French translation does not always work
because it requires positional parameters. Windows for example does
not support them as they are not defined by C99 but by POSIX.
* g10/passphrase.c (gpg_format_keydesc): Add mode 2. Change strings.
* g10/keydb.h (FORMAT_KEYDESC_NORMAL, FORMAT_KEYDESC_IMPORT)
(FORMAT_KEYDESC_EXPORT): New. Use them for clarity.
--
The use of the term "certificate" was more confusing than helpful.
* g10/keygen.c (append_to_parameter): New.
(proc_parameter_file): Use new func to extend the parameter list.
* g10/passphrase.c (passphrase_to_dek_ext): Print a diagnostic of
gcry_kdf_derive failed.
* g10/keygen.c (proc_parameter_file): Print a diagnostic if
passphrase_to_dek failed.
--
Due to an improper way of using the linked list head, all memory for
items allocated in proc_parameter_file was never released. If batched
key generation with a passphrase and more than ~200 keys was used this
exhausted the secure memory.
* g10/gpg.c: Include shareddefs.h.
(main): Add option --pinentry-mode.
* g10/options.h (struct opt): Add field pinentry_mode.
* g10/passphrase.c: Include shareddefs.h.
(have_static_passphrase): Take care of loopback pinentry_mode.
(read_passphrase_from_fd): Ditto.
(get_static_passphrase): New.
(passphrase_to_dek_ext): Factor some code out to ...
(emit_status_need_passphrase): new.
* g10/call-agent.c (start_agent): Send the pinentry mode.
(default_inq_cb): Take care of the PASSPHRASE inquiry. Return a
proper error code.
(agent_pksign): Add args keyid, mainkeyid and pubkey_algo.
(agent_pkdecrypt): Ditto.
* g10/pubkey-enc.c (get_it): Pass new args.
* g10/sign.c (do_sign): Pass new args.
* g10/call-agent.c (struct default_inq_parm_s): New. Change all
similar structs to reference this one. Change all users and inquire
callback to use this struct, instead of NULL or some undefined but not
used structs. This change will help to eventually get rid of global
variables.
--
This new features allows to use gpg without a Pinentry. As a
prerequisite the agent must be configured to allow the loopback
pinentry mode (option --allow-loopback-pinentry). For example
gpg2 --pinentry-mode=loopback FILE.gpg
may be used to decrypt FILE.gpg while entering the passphrase on the
tty. If batch is used, --passphrase et al. may be used, if
--command-fd is used, the passphrase may be provided by another
process. Note that there are no try-again prompts in case of a bad
passphrase.
Import and export of secret keys does now work. Encryption has been
fixed to be compatible with the sample messages.
This version tests for new Libgcrypt function and thus needs to be
build with a new Libgcrypt installed.
The following works:
gpg2 --gen-key (ECC)
gpg2 --list-keys
gpg2 --list-packets ~/.gnupg/pubring.gpg
gpg2 --list-packets <private key from http://sites.google.com/site/brainhub/pgpecckeys>
ECDH doesn't work yet as the code must be re-written to adjust for gpg-agent refactoring.
* mainproc.c (proc_encrypted): Clear passphrase cached with S2K
cache ID if decryption failed.
* passphrase.c (passphrase_to_dek_ext): Set dek->s2k_cacheid.
* gpgv.c (passphrase_clear_cache): New stub.
* configure.ac: Remove Camellia restriction.
* gpg.c (main), misc.c (openpgp_cipher_test_algo): Remove Camellia
restriction.
* misc.c (map_cipher_openpgp_to_gcry), main.h: Add macros for
openpgp_cipher_open, openpgp_cipher_get_algo_keylen, and
openpgp_cipher_get_algo_blklen to wrap around the corresponding gcry_*
functions, but pass the algorithm number through
map_cipher_openpgp_to_gcry. This is needed in case the gcry algorithm
number doesn't match the OpenPGP number (c.f. Camellia).
* encr-data.c, pubkey-enc.c, mainproc.c, cipher.c, encode.c, seskey.c,
passphrase.c, seckey-cert.c: Use new openpgp_cipher_* macros here.